So I ran clamscan on my test server and found two infections. Both of which are rules for suricata, so they are false postives. Either way, this is perfect for my testing as I want to integrate notifications of infections found. The documentation is extremely sparse.

Here are my settings in /etc/clamav/clam/freshclam.conf

# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package

DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 30
ReceiveTimeout 30
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
SafeBrowsing false
Bytecode true
NotifyClamd /etc/clamav/clamd.conf
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net

You'll notice NotifyClamd is pointing towards /etc/clamav/clamd.conf That file does not exist.

There is also nothing of interest in /var/lib/clamav . It only contains the database files and the whitelist file which i created to exclude one infection. The whitelist is working as expected, but I still should be getting some type of notification for the other infection.

@DustinB3403 said in ClamAV not showing infected files in logs:

sudo clamscan -r /folder/to/scan/ | grep FOUND >> /path/to/save/report/file.txt

The command above also grabs NOT_FOUND

Exact command to find just FOUND should be:

sudo clamscan -r /folder/to/scan/ | grep " FOUND" >> /path/to/save/report/file.txt

I have this super annoying issue on my home system that just started. Whenever my fedora system locks the keyboard automatically switches to caps lock, but it does not show caps lock button highlighted. I then type in password and the light works in reverse in till I unplug and plug it back in. Then it works fine until the screen locks again.

Anyone ever seen anything like this? I haven't done extensive testing as of yet. This just started and all I have done is rebooted twice. I will do so more troubleshooting when I get home.

No I don't have a guest mouse!

I am assuming you are probably using CentOS 7 benchmarks as their doesnt seem to be anything related to newer releases of Fedora.

@NetworkNerd said in Running Filebeat on ARM:

@IRJ said in Running Filebeat on ARM:

@NetworkNerd said in Running Filebeat on ARM:

@JaredBusch said in Running Filebeat on ARM:

But building something gets complicated because you will have to deal with rebuilding it on kernel changes I do believe.

Can you not find any other way to get the data off this system?

Oh man, that's a point I had not considered.

I thought about trying the Splunk Universal Forwarder as an option but had not signed up for Splunk free so I can use it. The back-end system to which I am sending logs (which is not Splunk) can accept logs sent via Raw TCP (which I believe the Splunk Universal Forwarder should do for me) or logs sent using Filebeat.

Wazuh uses filebeat. You could just use a wazuh agent and accomplish the same thing.

That's a good point, but I don't see ARM support for Wazuh listed in their compatibility matrix unless I've just missed it.

It appears to be supported. This is from 3.8.0 release notes

Gonna bring this back to the dead because vagrant is awesome. I am using now with libvirt

This is how I configure it on Ubuntu 18.04 (note you must install qemu / kvm first)

#***********************************************************
# Vagrant QEMU / KVM Dependencies
#***********************************************************

sudo apt-get build-dep vagrant ruby-libvirt
sudo apt-get install qemu libvirt-bin ebtables dnsmasq-base
sudo apt-get install libxslt-dev libxml2-dev libvirt-dev zlib1g-dev ruby-dev


#***********************************************************
# Vagrant QEMU / KVM Plugin
#***********************************************************

sudo vagrant plugin install vagrant-libvirt

#***********************************************************
# Download, copy, and install vagrant
#***********************************************************
sudo apt install unzip
sudo wget https://releases.hashicorp.com/terraform/0.12.0/terraform_0.12.0_linux_amd64.zip
sudo unzip terraform_0.12.0_linux_amd64.zip
sudo mv terraform /usr/local/bin/

#***********************************************************
# Start Vagrant VM
# In prepared project directory, run following command:
#***********************************************************

# vagrant up --provider=libvirt

I am trying to insert the contents of a text file into a configuration file using sed

sed -i 's/string_in_file/r /home/user/textfile' -r /dir/conf.file

So I want to replace string_in_file with the contents of /home/user/textfile

Help

I know you use wazuh..

Check this out

https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/index.html

@wrx7m said in WordPress - Plugins to Manage and Extend User Roles/Permissions:

@IRJ said in WordPress - Plugins to Manage and Extend User Roles/Permissions:

@wrx7m said in WordPress - Plugins to Manage and Extend User Roles/Permissions:

I am setting up a small WP site for our marketing team to manage. I want to give them certain permissions to edit theme and plugin info, which are part of the WP admin role, but not allow them to do most of the admin things, like create/modify users, install plugins or updates, etc. I see that there a few plugins that offer customized and extended/more granular roles to be created.

Is anyone using something like this?
https://wordpress.org/plugins/user-role-editor/

If so, what are you using and do you like it?

Are they doing CSS editing or something?

They may. I am not 100% sure yet.

You need to know exactly what they are doing first to give proper least permissions. Sounds like the may only need read access to the /wp-content/themes

Editor should give them to rights to use a plugin that is already installed. They shouldnt need to modify or code the plugin in any way.

@wrx7m said in Digital Signage Display Recommendations?:

I am looking at BrightSign for retrofitting some existing displays. Anyone deal with them?
https://www.brightsign.biz/digital-signage-products/XT-product-line

Maybe your marketing department should focus on. The signs since their so smart

@wrx7m said in Digital Signage Display Recommendations?:

@IRJ lol

It's more up their wheelhouse than web design

I looked at your LinkedIn profile and you shouldn't have a y issues finding something. DevOps is in very high demand in US right now. I'm sure it is in Canada as well.

Also LinkedIn premium is worth its weight in gold when job hunting. The analytics really help you pick the right positions and the premium status allows you to message hiring recruiters for jobs where you're a perfect fit.

I'd also add that in the west, it's important to be more confident than courteous when on the job search. Being too courteous can hurt your chances or get you less pay.

@Obsolesce said in WordPress - Plugins to Manage and Extend User Roles/Permissions:

Why don't you just purchase a WordPress.com (or some other fully managed WP host) account for them, and just hand it off completely to them? All responsibility besides billing and account is on them.

CloudatCost is offering one time fee webhosting. It seems completely ridiculous they are offering it starting at $10 with a free domain. Basically an impossible cost to maintain, but I guess in a pyramid scheme all you care about is getting new people.

https://cloudatcost.com/web-hosting

Any update on this?

@JaredBusch said in Fail2ban on load balancer:

@IRJ said in Fail2ban on load balancer:

Anybody using fail2ban on a nginx load balancer? I've been using it on nginx on my personal server, and it's been jailing bots quite well.

I'm thinking about trying it on load balancers in a test environment for aws.

no, only because I have never taken the time to learn how to set it up well.

This is how I have done it on my web server and it works well. I am constantly banning not only ssh , but also scripting, bots, etc.

https://hostpresto.com/community/tutorials/how-to-secure-nginx-using-fail2ban-on-centos-7/

It seems to work on a single, low traffic web server. I am not sure how well it would handle significant traffic and create a possible bottleneck on a load balancer that is handling many requests.

It looks like it is possible to host behind a load balancer as well.

https://github.com/fail2ban/fail2ban/issues/2258

Oh this is really cool. Block IPs based on community reputation using fail2ban. You can also contribute to community as well.

https://www.howtoforge.com/tutorial/protect-your-server-computer-with-badips-and-fail2ban/

@wirestyle22 said in Fail2ban on load balancer:

@IRJ said in Fail2ban on load balancer:

@wirestyle22 said in Fail2ban on load balancer:

@wrx7m False positives too. If I blocked all Canada traffic as an example, LogMeIn will intermittently not work because they have data centers in Canada. There is essentially no benefit to it and a few, mostly small downsides. It just aids sale because it sounds cool.

That's not what's being talked about here. We are talking about doing in on a load balancer for a specific service. In this case https traffic to a specific application.

I was talking specifically about potential problems with geo-location. I understand what is being discussed

If you do geo-blocking then it becomes part of the process of installing new software and services to add a whitelist of IPs for that service. Any cloud hosting provider has something similar to this.

https://help.logmein.com/articles/en_US/FAQ/Whitelisting-and-LogMeIn