RHEL 8 and Chrony – Part 1

The Network Time Protocol or NTP is essential for synchronizing system clocks across your environment. Having a reliable and accurate time service is not only important for many different applications but for logging and auditing as well. In RHEL 8, Chrony is used for implementing NTP. In Part 1, we will review setting this service up as a client and look at the basic functionality of the chronyc command to interact with the chrony daemon, chronyd.

Continue reading RHEL 8 and Chrony – Part 1

Add a Swap File to RHEL/CentOS

Sometimes, due to some new specific server requirements, you will find it necessary to increase your swap space. Even if your swap partition is setup as a Logical Volume, your requirements may exceed what is available. This is where creating a new swap file is the best option. In this example, we are going to add a new 12GB swap file.

Check Current Swap Space

Verify the total amount of used and free physical and swap memory with the free command and the -h human-readable flag

# free -ht
              total        used        free      shared  buff/cache   available
Mem:           755G        321G        3.0G         62G        430G        670G
Swap:            4G          1G          3G
Total:         771G        322G          6G

Display the swap usage summary by device using swapon. Same as cat /proc/swaps

Continue reading Add a Swap File to RHEL/CentOS

Blacklist an IP in Firepower

Sometimes you may want to quickly block a scanning/probing IP address without having to deal directly with the Access Control Policy. This can be done in the FMC within the Events view. Go to Analysis -> Connections -> Events

Depending on volume of traffic, you may have to click ‘Edit Search‘ and look by Initiator or Responder IP. Once found, right-click on the IP address and select ‘Blacklist IP Now‘ and confirm,

Continue reading Blacklist an IP in Firepower

Log PowerShell Commands

As PowerShell becomes the go-to utility for administrators, it is important to maintain an audit record of previously executed commands. Preserving these logs is also key when it comes to security. As an ever increasing number of network compromises are employed to use native programs to support an exploit in what is referred to as “Living off the Land” (PowerShell falls into this group), it is necessary to cache historical logs which will be indispensable during an investigation. This post will discuss the important steps to enable PowerShell logging across all your systems using Group Policy.

Group Policy Configuration

Continue reading Log PowerShell Commands

Logging into a Linux shell from a Cisco ASR1000 Series Router

Cisco’s ASR1000 series of routers come in many form factors that all provide a number of different features, and options in terms of scalability. One thing common to all of the devices in this product line is that their IOS XE software that performs all of the standard routing operations for the platform is running on top of a Linux kernel. This post describes how to enter a linux shell on your router and run some basic linux commands to really get an idea of what your router has going on under the hood so to speak.

Do so at your own risk, as Cisco’s advises to only use this under their supervision of Cisco Support. This post is limited to viewing different things to get an idea of what is underlying on the system. It’s best to err on the side of caution and NOT do this on a production router, and be expecially careful to not edit/delete anything that’s vital as a mistake at this level of the router can cause major issues with any or all functions of the device.

With that being said, let’s dig in. For this demonstration I opened a shell into the RP, or the route processor of the router. The ASR1000 series routers consists of a chassis/slots/cards, which make up the physical Continue reading Logging into a Linux shell from a Cisco ASR1000 Series Router

CFEngine Part 1

What is CFEngine

CFEngine is an open source tool for system configuration management and is used in large scale environments with hundreds of servers. This has continued to be an important part of system administration. With the advent of virtualization, the number of servers now have the ability to scale well beyond the physical limitations of the data center and the concept of manually administering more than 100+ servers quickly becomes unfeasible for a single admin. The list of capabilities for CFEngine is nearly limitless but some of the main tasks include basic operating system configuration and maintenance, management of system users, customizable control of security and software/patching installation.

Due to the complexity of CFEngine, this will be a multi-posting topic. I have decided to go with CFEngine as opposed to Chef or Puppet due to its maturity and scalability. It was first written in 1993 and is very fast since it is written in C and does not rely on Ruby like the other two configuration management programs. There is also a large community user base from which to draw upon since the automation of tasks in the sysadmin work is generally not unique. Continue reading CFEngine Part 1

Setting up a Site-to-Site VPN between Cisco ASA’s Using the CLI

What is a site to site VPN used for?

Site to site VPN tunnels are static tunnels setup between two network devices over the internet to allow multiple locations behind different firewalls access the same internal resources over a secure tunnel across the internet.

How is it different from Remote Access VPN?

Remote access VPN is primarly used for remote workers to access internal resources from outside the network. This type of VPN involves a software client configured on a user’s PC to contact the security gateway (ASA) or other device and establish a secure tunnel dynamically between the security gateway and the user’s software client so that the user’s traffic exiting their PC is tunneled through the VPN setup by the software client on the PC.

Network setup:

In our example we have two Cisco ASA firewalls running 8.3(x) code or below. There are slight command differences in newer code versions so for the Continue reading Setting up a Site-to-Site VPN between Cisco ASA’s Using the CLI

A Brief Overview of NAT – Network Address Translation

What is NAT and how does it ‘translate’ an address?

NAT stands for network address translation; this is a process of modifying an IP packet as it transits a network.  This involves a router or firewall modifying the IP information in packets that are passed through the network boundary that is performing the address translation. The most common use of NAT is to translate a private address to a public addresses at a firewall/router, which separates an intranet network from the internet. As traffic originates from the internal side of the network boundary, the IP information in the packet is changed to a public IP address that is routable on the internet. Once traffic returns to the firewall, the NAT translations table that is stored on the device maps the public IP back to the private IP address, and forwards the information to the correct internal IP address that requested it.

While you can do different types of NATing, the most widely used configurations are dynamic NAT and static NAT. The most Continue reading A Brief Overview of NAT – Network Address Translation