Press "Enter" to skip to content

Category: Software

All of the millions of lines of code that make the hardware bow to our every whim.

How to use Nagios and NRPE to monitor remote OPNSense HA secondary routers

Published July 19, 2024 by firestorm_v1
Network diagram image showing Nagios Server monitoring OPNSense Secondary Router via the use of a NRPE Reflector

In this article, I’ll be discussing how to use the Nagios NRPE (Nagios Remote Program Executor) service to monitor the remote secondary OPNSense firewall in a high availability configuration to overcome a VPN routing limitation where the secondary instance is not reachable. The root cause is due to the way the VPN routing is performed in OPNSense where the incoming traffic flow won’t communicate due to a routing conflict. While this issue isn’t an OPNSense specific issue (it affects pfSense and other firewalls that use HA/CARP with VPN).

Continue readingHow to use Nagios and NRPE to monitor remote OPNSense HA secondary routers
Comments closed

Check on the ERCOT grid using cURL and jq

Published February 1, 2022 by firestorm_v1

So, if you’re a Texan, you already know who ERCOT is and you already know what’s going to happen in the next few days. If you’re not Texan, or you haven’t been eyeing the weather, it’s going to freeze. If you’re not sure what the connection to freezing weather and ERCOT, I’d recommend reading up on it here: Wikipedia This quick hack article isn’t about them per se, but something that might be helpful to keep an eye on the grid in the upcoming winter storm.

Continue readingCheck on the ERCOT grid using cURL and jq
Comments closed

Op-Ed: Passwords – The cause of and solution to online problems

Published January 24, 2020 by firestorm_v1

Anyone that’s been online as long as I have (and yes, there are many that have been online for far longer) knows that your passwords getting leaked and compromised isn’t a question of “if” but rather a question of “when”. As we continue onward in the online world, it’s critically important now more than ever to have a strong password policy and to actually enforce your strong password policy! I italicized the last bit as this will be the crux of this entire article as I experienced a password breach for the first time.

Continue readingOp-Ed: Passwords – The cause of and solution to online problems
Comments closed

Networking: Bringing IPv6 into your network using pfSense

Published December 1, 2011 by firestorm_v1

Hurricane Electric, PfSense and IPv6The Internet as we know it is undergoing a significant change.  With the last IPv4 addresses being allocated out, the Internet has officially run out of address space.  IPv6 is the next-generation IP addressing system that aims to resolve this issue however the changes proposed are drastically different than the current IP schema currently in place and for most is quite a daunting task to switch. In this post, we will cover some basic IPv6 information and some fundamental differences between v4 and v6 (aside from tons of IPs), and finally we will build out a pfSense firewall with IPv6 using pfSense and a free IPv6 tunnel provided by Hurricane Electric. Read more to get started on the cutting-edge of Internet infrastructure.

Continue readingNetworking: Bringing IPv6 into your network using pfSense
7 Comments

Networking: Installing and configuring pfSense Embedded

Published November 11, 2011 by firestorm_v1

pfSense Logo

After publishing the last post on networking and the security series, I felt it was necessary to go ahead and publish a piece on building a custom router.  I have been a fan of pfSense for the past four years and swear by it. It has the ease of use of a commercial GUI-driven router and unrivaled flexibility limited only by the hardware it is installed on.  In this howto article, we will cover installing pfSense on an embedded platform and initial configuration for getting your router up and running.

Continue readingNetworking: Installing and configuring pfSense Embedded
9 Comments

CVS Netbook Revisited

Published July 25, 2011 by firestorm_v1

A few months ago, I posted a hardware teardown of the CVS Sylvania Netbook pictured above. After working with it and performing a lot of research on it, I promised a follow up article, and here it is.  To sum it all up, with a bit of modification to the software, a spare SD card and a lot of patience, you can actually turn this thing into a somewhat useful Linux device.  There’s also some improvements and suggestions to be had for improving the Windows CE side of things should you decide to continue using it in its default state.

Continue readingCVS Netbook Revisited
63 Comments
Building Snort and Nessus – Ubuntu IDS Part 3

Building Snort and Nessus – Ubuntu IDS Part 3

Published May 20, 2011 by firestorm_v1

 

In this final article in the three part Ubuntu IDS series, we will go over installing, compiling and configuring Snort and Nessus on our new IDS device.  We will use Snort to analyze traffic as seen by the IDS and we will use Nessus to perform vulnerability testing on the network. The process for installing Snort will also cover installing SnortReport provided by Symmetrix Technologies so we can translate Snort’s cryptic messages into a more readable format that we can take action on.  Read on as we wrap up the installation and finish our IDS device.

Continue readingBuilding Snort and Nessus – Ubuntu IDS Part 3
4 Comments
Setting up bonding networking -Ubuntu IDS Part 2

Setting up bonding networking -Ubuntu IDS Part 2

Published May 4, 2011 by firestorm_v1

In an earlier article, I demonstrated how you can build a passive monitoring device for an Ethernet network as the first part to a three part project to build a home IDS device.  In this article, the second in the series, I will describe how to set up the networking for an IDS using the passive tap that I built earlier.This setup will involve using a technique called bonding to take two physical interfaces and bond them together, creating a logical interface that we can use for Snort.  This article will also explain where is the best location to place the tap and what you can expect to see once the networking is set up using common Linux utilities like tcpdump.

Continue readingSetting up bonding networking -Ubuntu IDS Part 2
2 Comments
Build a Passive Ethernet Tap – Ubuntu IDS Part 1

Build a Passive Ethernet Tap – Ubuntu IDS Part 1

Published April 6, 2011 by firestorm_v1

Image courtesy of forums.overclockers.co.uk

One of the things that the GCIA study has taught me is that being able to monitor the network your computer is on is a critical necessity to maintaining a secure network. Corporate environments can set up IDS devices to monitor traffic however monitoring doesn’t work unless you have proper connectivity to what you want to monitor. Unfortunately, most of us don’t have central wiring in our house and expensive managed switches that can set up span sessions with which to monitor traffic in transit.  In this HOWTO, I will cover how to build your own monitoring connection that you can use on your own network to monitor traffic without breaking the bank. This article is first in a three part series on how to build your own home IDS for monitoring your network traffic. Look for the other two sections soon!

Continue readingBuild a Passive Ethernet Tap – Ubuntu IDS Part 1
13 Comments

Installing Minecraft Server in Ubuntu Server

Published January 9, 2011 by firestorm_v1

Minecraft and Ubuntu logosOk, I’ll admit it.  I’ve been caught by the Minecraft bug.  It bit me hard and of course I learned rather quickly that there is a problem with using two laptops to play Minecraft on and that is that it’s a pain in the posterior to move your save games around.  In this article, I will be covering how to install Minecraft Server on a new installation of Ubuntu 9.04LTS.  These instructions will work for all current versions of Ubuntu, so if you’re using something newer or something older, these instructions should get you up and running in no time.

Continue readingInstalling Minecraft Server in Ubuntu Server
41 Comments