Skip to main content

Posts

Showing posts from 2012

Splunk Cheat Sheet (Linux)

1. set root's password:  sudo su passwd root Enter new UNIX password: < new_root_password > Retype new UNIX password: < new_root_password > passwd: password updated successfully # su - 2. Remove any existing Splunk directories & create user etc: # rm -rf /opt/splunkforwarder # userdel -r splunk # this will remove as above if user splunk's home directory # groupadd siem # useradd -g siem -s /bin/bash -d /home/siem -m siem # vi ~/.profile # chage -I -1 -m -0 -M -99999 -E -1 siem If above fails because of multiple passwd fails: # pam_tally --reset check with #chage -l siem # uname -a # check OS version # dpkg -i splunk-4.3.1...........intel.deb # chown -R siem:siem /opt/splunk # su - siem : $SPLUNK_HOME/bin/splunk start --accept-license : $SPLUNK_HOME/bin/splunk edit user admin -password newpassword -role admin -auth admin:changeme 3. vi ~/.profile (as follows) (OR .bash_profile) # ~/.profile: executed by the command interpreter for log...

Arcsight Syslog Connector Test - Scapy

This Python script uses Scapy to generate a UDP syslog frame, in Common Event Format (CEF), simulating a McAfee IPS output following detection of a Java heap buffer overflow attack. #! /usr/bin/env python # Note  need to be superuser or root access to run as Scapy sends # packets to the network card driver, an operation that users with ordinary # access are not permitted to do. from scapy.all import * a = IP(dst="192.168.1.2") u = UDP(dport=514) pay = "Aug 1 10:00:00 McAfee CEF:0|McAfee|Network Security Manager|Simulated|44800015|HTTP: Java heap buffer overflow detected|8|dvc=192.186.1.170" packet = a/u/pay packet.display() send(packet) The UDP packet is sent to the Arcsight CEF syslog connector at 192.168.1.2 for onward transmission to the Arcsight ESM. The Wireshark capture is as follows:

Splunk Universal Forwarder – Windows

To collect log information from a stand alone Windows (Vista in this case) workstation, download and install the Splunk Universal Forwarder splunk-4.3-115073-x86-release.msi Follow the install configuration and select the WindowsEventLog : Security and whatever performance monitoring is required. Enter the IP address of the Splunk indexer/search head and the host IP address as directed. If the default port (9997) was selected ensure that the indexer firewall is set to allow connections from the forwarder on this port. In addition to the standard windows event logs: Application log (tracks events that occur in a registered application) Security log (tracks security changes and possible breaches in security) System log (tracks system events) a couple of useful logs to forward are the windows update log and the windows firewall log. Start Notepad and run as administrator. Open C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf and edit as follows: ...

QUISK SDR 40 metre RX

To test the previous GNU radio apps and evaluate the linux SDR QUISK software, the following 7MHz SDR was quickly assembled from available parts.  The heart of the hardware is the modulator section of a Marconi QPSK modem using Watkins Johnson M6E mixers with a 90 deg phase shift circuit modified for the xtal frequency of 7035kHz. Using the Softrock .quisk_conf.py file for QUISK with: fixed_vfo_freq = 7035000        sample_rate = 96000 The following daytime spectrograph was obtained on 40 metres. The SDR hardware (90% not used, including the 741 or TL081 op amps as they were noisy + insufficient gain-BW). The PC was a Toshiba Satellite L650 laptop with Ubuntu 11.10 OS.

GNU Radio Waterfall and CW Filter

The following GNU radio application adds a waterfall spectrogram to the previous CW filter program. The plot show 4 CW signals in the audio band (lower sideband) at 7023 kHz. The 700Hz signal is filtered and output to the laptop headphones by the CW bandpass filter. The frequency display is shown after the script which is as follows: #!/usr/bin/env python from gnuradio import gr from gnuradio import audio from lpf_bpf_class import Bandpass from gnuradio.qtgui import qtgui from PyQt4 import QtGui import sys, sip     class cw_filter(gr.top_block):     def __init__(self):         gr.top_block.__init__(self)           sample_rate = 44100         out_rate = 8000         kaiser = Bandpass()         cw_flr = gr.fir_filter_fff(1, kaiser.bpftaps)         decimate = int...

GNU Radio CW filter

An alternative to the Collins 300 Hz CW filter for the FT817 (well not really - that combination is excellent for CW and much better performance than many more expensive radios - but this is an excellent sw alternative) is this simple GNU Radio Python application which uses the Kaiser CW bandpass FIR filter below. The audio output is connected to the microphone input of a Ubuntu 11.10, 64bit OS on a Toshiba Satellite L650 laptop. Output is from the laptop headphone socket. Python code is as follows: #!/usr/bin/env python #------------------------------------------------------------------------------------ # Program uses the (previous) Python Bandpass filter # module to provide the Kaiser bandpass filter taps. # Mic input, cw filter, gain adjust and headphone    # blocks are cascaded.                               ...

CW FIR Filter

This Python module defines a Waveform class with methods sinewave and noise. Sinewave generates a specified frequency and noise generates samples with specified standard deviation. The constructor requires the duration for both methods to be specified. Class variables are the sampling rate and the number of channels. The packed strings and the signal and noise lists are available. main() adds these and uses Bandpass (from bpf_class - Kaiser window response above) to filter the unpacked samples, using lfilter from audioop. Audio before and after filtering is played and recorded to file. #!/usr/bin/python import wave, struct, math, audioop from alsaaudio import * import signal, sys, getopt from numpy.random import normal from scipy.signal import lfilter from bpf_class import Bandpass class Waveform:     " Waveform Class Generates different waveforms with duration (Sec) length "     def __init__(self, duration):      ...

Digital Bandpass Filter FIR design - Python

The python code generates the Finite Impulse Response (FIR) filter coefficients for a lowpass filter (LPF) at 10 (Hz) cut off using firwin from scipy.  A highpass filter is then created by subtracting the lowpass filter output(s) from the output of an allpass filter. To do this the coefficients of the LPF are multiplied by -1 and 1 added to the centre tap (to create the allpass filter with subtraction). A second LPF is then created with a cutoff at 15 (Hz) and the bandpass filter formed by addition of the LPF and HPF coefficients. The program also generates a test sine wave of a given amplitude and power and to this noise from a Normal distribution is added.  The graph below shows the signal and nois, and the signal (green) after filtering. The input snr is approximately 3dB. The frequency response below shows the passband centered on 12.5 (Hz), the Nyquist frequency is 50 (Hz). from numpy import cos, sin, pi, absolute, arange from numpy.random import normal fr...