05.08.2018
Run QRadar CE on Mac OS X with Vagrant
The Vagrant file provided by IBM for running QRadar Community Edition on Mac OS X currently does not work properly. It fails with the following error:
Failure: repodata/repomd.xml from centos-gluster38: [Errno 256] No more mirrors to try.
http://mirror.centos.org/centos/7/storage/x86_64/gluster-3.8/repodata/repomd.xml: [Errno 14] HTTP Error 404
The problem is that gluster3.8 was moved out of this CentOS repository and now the download fails.
But the gluster3.8 RPMs are also provided with the QRadar CE installation ISO file.
Based on the workaround described here, I've extended the IBM provided Vagrantfile so that the RPMs are taken from the ISO file instead of the CentOS repository.
With the modified Vagrantfile the automatic provisioning script no longer fails.
The instructions for running QRadar CE with Vagrant now look like this:
- Download the zipfile with the original Vagrantfile and the accompanying helper files from the IBM website: https://developer.ibm.com/qradar/ce/
- Create a folder and extract the zipfile:
mkdir community_edition
unzip QRadarCE_Vagrantfile.20171003084145.zip -d community_edition/
- Download the modified Vagrantfile and overwrite the original one:
curl -o community_edition/Vagrantfile https://blog.x-way.org/stuff/Vagrantfile
- Make sure you have the requried Vagrant plugins installed:
vagrant plugin install vagrant-disksize
vagrant plugin install vagrant-reload
- Make sure you have the QRadar CE ISO file (downloaded from the IBM website) in the same folder as the Vagrantfile:
cp QRadarCE.iso community_edition/
- Create the auto_install file to automatically install QRadar:
touch community_edition/auto_install
- Accept the EULA by adding the corresponding setup parameter in the Vagrantfile:
Edit the Vagrantfile and add the --accept-eula argument to /media/cdrom/setup --no-screen to automatically accept the EULA
- Change into the folder and start the QRadar installation (takes about 1 hour):
cd community_edition
vagrant up
13:18 | Networking | Permalink
19.07.2018
Raid The Arcade
Ernest Cline - Armada
15:31 | Music | Permalink
14.04.2018
Benjojo
Added another interesting blog to the Links: benjojo.co.uk
Ben builds and writes about a lot of funny small projects:
07:16 | Misc | Permalink
04.04.2018
Exclude domain from unknown sender check
Postfix provides the reject_unknown_sender_domain check which allows to only accept incoming e-mails sent from domains which actually exist.
Unfortunately there exists this one external service which uses a non-existing subdomain to send their notification e-mails. Thus all their notifications get rejected.
The following configuration allows to keep the reject_unknown_sender_domain check in place, but to exclude a specific domain from this check.
# snippet in main.cf
smtpd_sender_restrictions = check_sender_access pcre:/etc/postfix/sender_domain_verification
# exclude regex in sender_domain_verification
!/@domain\.to\.exclude\.com$/ reject_unknown_sender_domain
Your distribution might ship Postfix support for pcre matches in a dedicated package which needs to be installed separately (in the case of Debian you need to install the postfix-pcre package).
23:03 | Linux | Permalink
01.04.2018
Blogroll update
Added the following blogs to the Links:
Seems like the blog/RSS thing is getting traction again: It's Time for an RSS Revival (via)
21:52 | Misc | Permalink
05.12.2015
nflog_sniff extended with C++ implementation
With nflog_sniffer.cpp I've just added a C++ implementation to the nflog_sniff repository.
It uses the lean (and apparently also very fast) libtins library.
11:58 | Networking | Permalink
04.12.2015
DNS packet sniffing with NFLOG and Perl/Python
The nflog-bindings from Pierre Chifflier make it trivially easy to write a passive packet sniffer which can be controlled via iptables and listens to traffic on multiple interfaces at the same time.
As a little exercise I have written a simple DNS packet sniffer, once in Perl and once in Python:
To use the sniffer, first create an iptables rule like this: iptables -I INPUT -p udp --sport 53 -j NFLOG --nflog-group 123
Then start one of the sniffer scripts and observe the extracted DNS queries :-)
For a more convenient download I've also put the scripts in a proper Github repository: nflog_sniff
20:10 | Networking | Permalink
03.11.2015
Mutt Homebrew Formula extended with indexcolor patch
I've just added the indexcolor patch to my Mutt 1.5.24 Homebrew Formula.
To use this Formula just type brew tap x-way/mutt followed by brew install x-way/mutt/mutt --with-trash-patch --with-indexcolor-patch to install Mutt 1.5.24 with trash_folder and indexcolor support.
20:18 | Linux | Permalink
23.09.2015
Homebrew Tap for Mutt 1.5.24 with trash_folder patch
At work I'm a quite avid user of Mutt. Unfortunately the upgrade to the recently released version 1.5.24 did not go over as smooth as expected.
I'm using Homebrew to install Mutt on Mac OS X, and even though there is an updated version in the official Homebrew repository, it no longer comes with the trash_folder patch (it fails to apply against the 1.5.24 source tree and was thus removed).
In order to build the new Mutt version with the trash_folder support, I updated the patch for version 1.5.24: mutt-1.5.24-trash_folder.diff.
The official Homebrew repository prefers unpatched packages and encourages the creation of independent "Taps" (package repositories) for patched packages. Thus I also created my own Homebrew Tap which contains the 1.5.24 version of Mutt with the updated trash_folder patch: x-way/homebrew-mutt.
To use this Tap just type brew tap x-way/mutt followed by brew install x-way/mutt/mutt --with-trash-patch to install Mutt 1.5.24 with trash_folder support. Cheers!
22:31 | Linux | Permalink
15.08.2015
Puppet Infrastructure 2015
Puppet Infrastructure 2015
06:47 | Linux | Permalink
→
