Configuring Iptables/UFW and Auditd with Ansible

Показать описание

00:00 - Introduction why you should setup logging
01:50 - Start of configuring UFW, enabling UFW and setting the policy to accept all
04:00 - Showing how to insert IPTABLES Rules into UFW's Config
05:10 - Using the LineInFile Ansible Module to add our IPTABLES Line to Log SYN Packets on the INPUT Chain
05:50 - The IPTABLES Rule that logs all SYN Packets on INPUT
08:20 - Finding out rsyslog is disabled, enabling it
10:20 - Showing that we are now logging when boxes initiates a connection to us
12:20 - Moving our UFW Logging into our main playbook as a role
13:40 - Start of talking about AuditD
14:30 - Start of configuring the Playbook to install/configure AuditD
21:30 - Showing ausearch that allows us to search through Audit Logs
22:40 - Installing Laurel to make auditd logs a bit easier for us to read
23:50 - Creating the _laurel user and needed directories
27:00 - Downloading the Laurel Configuration Files
30:30 - Using get_file to download and install the laurel binary
37:00 - Laurel did not work, troubleshooting the error. Laurel may not have been able to read the config but our read-users config was also bad
40:50 - Showing Laurel working, we now have auditd logs in JSON Format
43:50 - Cleaning up our playbook a little bit with loops and copying it to our main playbook as a role
50:30 - Testing the playbook on a fresh install of parrot

IppSec

Рекомендации по теме

Комментарии

Awesome guide Ippsec! Sysadmins and blue-teamers need to learn these tools. During my first years of internship i've seen multiple companys lack in logging and auditing or relying on propertairy software that they dont know how to manage. I hope to see more of this, cheers!

BatreshVic

Thanks for the awesome little series about ansible! Keep up the hard work :) FYI -C flag with jq will output the colours with less instead of the -C with less as shown in your video

geisterkind

As always is a pleasure to follow your gigs. One question pls, what are you using on vsCode for the suggestions?

ervinndrukaj

Hiiii Ippsec love to see your videos can you make a separate video on how to and what to learn to solve the box

patelmeet

Are you going to continue unlocking these episodes?

Nobodyday

Configuring Iptables/UFW and Auditd with Ansible

Configuring Iptables/UFW and Auditd with Ansible

Log Traffic Using IPTables in Linux

#shorts #ansible Open firewall HTTP and HTTPS ports in Debian-like systems using Ansible and ufw

Unix: UFW Couldn't determine iptables version

Ubuntu: Understanding UFW log

Install Rancher 2 w/ Terraform & Ansible - Part #7 - Manage Your iptables Firewall with Ansible

Linux Monitoring and Logging | HackerSploit Linux Security

Linux Security Tutorial || Linux Security Crash Course

DevOps & SysAdmins: Safe way to deploy iptables using ansible (3 Solutions!!)

Automated Security Hardening for Ubuntu Server

GeoBlocking with nftables

Linux Security Crash Course

linux security | linux security course |linux for beginners

5 Great Ways to Harden your Linux Server

Building Ippsec's Parrot VM - How to Run the Playbook.

Linux CPU Troubleshooting and Firewall Command Part - 5

Configuring Burpsuite and Firefox via Ansible - Intro to Jinja2 and Ansible

Dumping Data with NoSQL Injection via Regex and Python

Linux Hardening for Home - Part 3

Linux Hardening For Home - Part 2

Hardening básico de Linux

How to protect your web page authentication from Brute Force on Linux using Fail2Ban!

20181101 20 Tip mengamankan server Linux

How to prevent and detect heartbleed on Linux