Monthly Archives: March 2021

Labs, Systems

Linux Lab – Access Control Lists

Leave a comment

Overview

As you know, Linux has a standard set of file access settings based on the concept of read, write, and execute permissions that determine who may access the file or directory in question. The most common way to set and change these permissions is to use commands like chmod, chown or chgrp. While these are powerful commands and have their place, there are occasions where it may be advantageous to fine tune the access to a file or directory. This is where file access control lists or FACLS come in.

Continue reading Linux Lab – Access Control Lists
Quick Tips, Systems

RHEL 8 and Chrony – Part 1

Leave a comment

The Network Time Protocol or NTP is essential for synchronizing system clocks across your environment. Having a reliable and accurate time service is not only important for many different applications but for logging and auditing as well. In RHEL 8, Chrony is used for implementing NTP. In Part 1, we will review setting this service up as a client and look at the basic functionality of the chronyc command to interact with the chrony daemon, chronyd.

Continue reading RHEL 8 and Chrony – Part 1
Quick Tips, Systems

Add a Swap File to RHEL/CentOS

Leave a comment

Sometimes, due to some new specific server requirements, you will find it necessary to increase your swap space. Even if your swap partition is setup as a Logical Volume, your requirements may exceed what is available. This is where creating a new swap file is the best option. In this example, we are going to add a new 12GB swap file.

Check Current Swap Space

Verify the total amount of used and free physical and swap memory with the free command and the -h human-readable flag

# free -ht
              total        used        free      shared  buff/cache   available
Mem:           755G        321G        3.0G         62G        430G        670G
Swap:            4G          1G          3G
Total:         771G        322G          6G

Display the swap usage summary by device using swapon. Same as cat /proc/swaps

Continue reading Add a Swap File to RHEL/CentOS
Networks, Quick Tips

Blacklist an IP in Firepower

Leave a comment

Sometimes you may want to quickly block a scanning/probing IP address without having to deal directly with the Access Control Policy. This can be done in the FMC within the Events view. Go to Analysis -> Connections -> Events

Depending on volume of traffic, you may have to click ‘Edit Search‘ and look by Initiator or Responder IP. Once found, right-click on the IP address and select ‘Blacklist IP Now‘ and confirm,

Continue reading Blacklist an IP in Firepower
Systems

Log PowerShell Commands

Leave a comment

As PowerShell becomes the go-to utility for administrators, it is important to maintain an audit record of previously executed commands. Preserving these logs is also key when it comes to security. As an ever increasing number of network compromises are employed to use native programs to support an exploit in what is referred to as “Living off the Land” (PowerShell falls into this group), it is necessary to cache historical logs which will be indispensable during an investigation. This post will discuss the important steps to enable PowerShell logging across all your systems using Group Policy.

Group Policy Configuration

Continue reading Log PowerShell Commands