From the course: Complete Guide to Open Source Security
Unlock the full course today
Join today to access over 24,500 courses taught by industry experts.
Enhancing your logs
From the course: Complete Guide to Open Source Security
Enhancing your logs
- [Instructor] We're in our web01 proxy. As our main interface to the public network, the proxy is a key point to monitor remote access to our systems. A good way to do this is by using the Linux iptables tool. It isn't installed by defaulting Kali Purple, so will install it. sudo su. And we'll get to root session and we'll do our work from the root folder, and we'll apt install iptables. We can add a rule to generate a log for each new connection attempted, whether it was successful or not. However, changes to iptables are ephemeral and need to be reloaded on a reboot, so we'll create a service to do that. In addition, we have Suricata running on the proxy and it can generate a lot of logs. So to avoid bulking out our storage, we'll clean them each time we reboot. We can do that by truncating them. Firstly, we'll create a small Python script, nano check.py, and we'll import the operating system library, os.system, and we'll truncate -s 0 /var/log/* and any errors we'll send to…
Contents
-
-
-
-
-
-
-
-
-
-
(Locked)
Installing the ELK Stack SIEM8m 19s
-
(Locked)
Upgrading Kibana to HTTPS5m 39s
-
(Locked)
Configuring log integrations3m 48s
-
(Locked)
Installing the Fleet server2m 51s
-
(Locked)
Enrolling hosts into the Fleet server6m 58s
-
(Locked)
Enhancing your logs9m 19s
-
(Locked)
Detecting reconnaissance with the ELK Stack7m 20s
-
(Locked)
Detecting exploitation with the ELK Stack4m 56s
-
(Locked)
Monitoring alerts with the ELK Stack4m 39s
-
(Locked)
-
-
-
-
-
-