Archive for November, 2023

Imperva Web Application Firewall | WAF | deployment modes

Posted: 11/30/2023 in WAF
Tags: ,
0

impcfg

Proxy
1. Transparent Reverse Proxy (L2, Advanced Bridge Mode / Sniffing / Bridge STP / Bridge IMPVHA)

2. Non-Transparent Reverse Proxy (L3 / SNI / HSTS possible to configure!)

QRADAR | SIEM | manual update GeoIP database

Posted: 11/29/2023 in Uncategorized
0

1. download: GeoLite2-City.mmdb

2. upload by SSH *.mmdb file to path: /storetmp

3. unpack: 

tar -xvzf GeoLite2-City*.tar.gz

4. backup existing files

mkdir -p /store/IBM_Support/Geodata 
cp -pv /opt/qradar/conf/GeoLite2-City.mmdb /store/IBM_Support/Geodata

5. copy files & set permissions

cp -pv /storetmp/GeoLite2-City*/GeoLite2-City.mmdb /store/configservices/staging/globalconfig/
ls -l /store/configservices/staging/globalconfig/GeoLite2-City.mmdb
-rw-rw-r-- 1 nobody nobody

6. By WEB – deploy

7. By SSH – check/verify (md5 must match):

md5sum /storetmp/GeoLite2-City*/GeoLite2-City.mmdb /opt/qradar/conf/GeoLite2-City.mmdb 
d3786d635823f3195ae689457fadc117  /storetmp/GeoLite2-City_20220412/GeoLite2-City.mmdb
d3786d635823f3195ae689457fadc117  /opt/qradar/conf/GeoLite2-City.mmdb

Splunk | SIEM | monitor Apache webserver logs

Posted: 11/25/2023 in Uncategorized
0

query:
source::/var/log/httpd/* website.com earliest=-7d@d | eval megabytes = bytes/1024/1024 | timechart sum(megabytes)

AIX | show/list/sort biggest file is system

Posted: 11/22/2023 in AIX
Tags: , ,
0

du -kx / | sort -n | awk '{printf "%.2fMB %s\n", $1/1024, $2}'

Linux | Docker | start service after filesystem mounted

Posted: 11/12/2023 in Uncategorized
0

vi /etc/systemd/system/docker.service.d/settings.conf

add:

[Unit]
After=multi-user.target
Wants=local-fs.target

systemctl daemon-reload

Dell EMC Unity Storage Array | get all disks state details

Posted: 11/12/2023 in Uncategorized
0

uemcli -d 10.10.10.10 -u user -p password /env/disk show -detail
uemcli -d 10.10.10.10 -u user -p password /env/disk show -output table

Nagios | spool full of perfdata with PID | reprocess performance data to RRD files

Posted: 11/03/2023 in Nagios
Tags: , , ,
0

if /opt/pnp4nagios/var/spool
is full of files:
service-perfdata.1697462305-PID-78230
host-perfdata.1697455746-PID-72297

and there is huge amount of files in dir, then probably in pnp4nagios perfdata is problem with permissions to dir/files so nagios can’t write performance data to RRD file.

if permissions are resolved – start processing historical performace to RRD files:
/opt/pnp4nagios/libexec/process_perfdata.pl --bulk=service-perfdata.1697462305-PID-78230

for multiple files:
for file in $(ls | head -1000000); do /opt/pnp4nagios/libexec/process_perfdata.pl --bulk="$file"; done

check logs:
tail -f /opt/pnp4nagios/var/perfdata.log

RRDTOOL | RRD File | pnp4nagios | merge combine RRD database files

Posted: 11/03/2023 in linux, Nagios
Tags: , ,
0

if you have multiple files od RRD (Round Robin Database) files, and want to merge them:

./simple-merge.py old_rrd_file.rrd newer_rrd_file.rrd | rrdtool restore /dev/stdin merged_file.rrd
https://gist.github.com/arantius/2166343#file-simple-rrd-merge-py

to do it faster, with huge amount of multiple files do loop:
for file in $(ls dir1/*.rrd | xargs -n 1 basename | head -1000); do
./simple-merge.py dir1/$file dir2/$file | rrdtool restore /dev/stdin merged/$file; done