├── Alien Vault Open Source SIEM Installation.pdf ├── Configure IPSec policy on Windows Server.pdf ├── Configuring SSH on Cisco Router and Switch.pdf ├── Configuring Telnet on Cisco Router and Switch.pdf ├── Configuring simple access-list on Cisco Router.pdf ├── ELK Installation.pdf ├── Firewall.pptx ├── GeoIP Blocking.pdf ├── IDPS Limitations.pptx ├── IDPS.pptx ├── IPSec VPN.pptx ├── Information Security.ppt ├── Malicious Code.pptx ├── Nagios Core Configuration with Email Alerts.docx ├── Nagios Core Server installation and configuration.pdf ├── Nagios Installation Centos.txt ├── Nagios-Core-Server-Inst.sh ├── OSSEC Server and Agent Installation.pdf ├── OpenVPN Server Configuration-Username-password.txt ├── OpenVPN Server configuration-new.pdf ├── Pfsense Installation and configuration.pdf ├── Port-Forwarding and attack prevention.pdf ├── Security Fundamentals.pptx ├── Snort 3 Rule Writing Guide.pdf ├── Snort_3_GA_on_CentOS_8_Stream.pdf ├── client1.ovpn ├── elasticsearch.yml ├── fail2ban.txt ├── http_with_jpegs.cap.gz ├── iptables commands ├── iptables-cheat-sheet.pdf ├── iptables-tutorial.pdf ├── iptables.pdf ├── nginx Load Balancing Methods.txt ├── nginx_sample_config.txt ├── openvpn-firewalld ├── server.conf ├── spoof prevention.pptx └── vars /Alien Vault Open Source SIEM Installation.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/Alien Vault Open Source SIEM Installation.pdf -------------------------------------------------------------------------------- /Configure IPSec policy on Windows Server.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/Configure IPSec policy on Windows Server.pdf -------------------------------------------------------------------------------- /Configuring SSH on Cisco Router and Switch.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/Configuring SSH on Cisco Router and Switch.pdf -------------------------------------------------------------------------------- /Configuring Telnet on Cisco Router and Switch.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/Configuring Telnet on Cisco Router and Switch.pdf -------------------------------------------------------------------------------- /Configuring simple access-list on Cisco Router.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/Configuring simple access-list on Cisco Router.pdf -------------------------------------------------------------------------------- /ELK Installation.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/ELK Installation.pdf -------------------------------------------------------------------------------- /Firewall.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/Firewall.pptx -------------------------------------------------------------------------------- /GeoIP Blocking.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/GeoIP Blocking.pdf -------------------------------------------------------------------------------- /IDPS Limitations.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/IDPS Limitations.pptx -------------------------------------------------------------------------------- /IDPS.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/IDPS.pptx -------------------------------------------------------------------------------- /IPSec VPN.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/IPSec VPN.pptx -------------------------------------------------------------------------------- /Information Security.ppt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/Information Security.ppt -------------------------------------------------------------------------------- /Malicious Code.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/Malicious Code.pptx -------------------------------------------------------------------------------- /Nagios Core Configuration with Email Alerts.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/Nagios Core Configuration with Email Alerts.docx -------------------------------------------------------------------------------- /Nagios Core Server installation and configuration.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/Nagios Core Server installation and configuration.pdf -------------------------------------------------------------------------------- /Nagios Installation Centos.txt: -------------------------------------------------------------------------------- 1 | 1.sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config 2 | 2.setenforce 0 3 | 3.yum install -y gcc glibc glibc-common wget unzip httpd php php-cli gd gd-devel openssl-devel net-snmp perl -y 4 | 4. yum install -y make gettext autoconf net-snmp-utils epel-release automake 5 | 5.cd /tmp 6 | 6.wget -O nagioscore.tar.gz https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.5.0.tar.gz 7 | 7.tar xzf nagioscore.tar.gz 8 | 8.cd nagios-4.5.0/ 9 | 9../configure 10 | 10.make all 11 | 11.make install-groups-users 12 | 12.usermod -a -G nagios apache 13 | 13.make install 14 | 14.make install-commandmode 15 | 15.make install-config 16 | 16.make install-webconf 17 | 17.make install-daemoninit 18 | 18.systemctl enable httpd.service 19 | 19.firewall-cmd --zone=public --add-port=80/tcp 20 | 20.firewall-cmd --zone=public --add-port=80/tcp --permanent 21 | 21. htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin 22 | 22. systemctl start httpd 23 | ------------------------------------------------------------------ 24 | 25 | Installing Nagios Plug-in 26 | 27 | 1. yum install -y make gettext automake autoconf wget openssl-devel net-snmp net-snmp-utils epel-release 28 | 2. yum install -y perl-Net-SNMP 29 | 3. cd /tmp 30 | 4. wget --no-check-certificate -O nagios-plugins.tar.gz https://github.com/nagios-plugins/nagios-plugins/archive/release-2.2.1.tar.gz 31 | 5. tar zxf nagios-plugins.tar.gz 32 | 6. cd /tmp/nagios-plugins-release-2.2.1/ 33 | 7. ./tools/setup 34 | 8. ./configure 35 | 9. make 36 | 10. make install 37 | 11. yum install nagios-plugins-nrpe -y 38 | 12. cp /usr/lib64/nagios/plugins/check_nrpe /usr/local/nagios/libexec/ 39 | -------------------------------------------------------------------------- 40 | 41 | ------------------------------------- 42 | Running bash script as nrpe command on linux host 43 | Client side configuration 44 | create script /usr/lib64/nagios/plugins/disk_check.sh 45 | #!/bin/bash 46 | used_space=`df -h / | grep -v Filesystem | awk '{print $5}' | sed 's/%//g'` 47 | case $used_space in 48 | [1-84]*) 49 | echo "OK - $used_space% of disk space used." 50 | exit 0 51 | ;; 52 | [85]*) 53 | echo "WARNING - $used_space% of disk space used." 54 | exit 1 55 | ;; 56 | [86-100]*) 57 | echo "CRITICAL - $used_space% of disk space used." 58 | exit 2 59 | ;; 60 | *) 61 | echo "UNKNOWN - $used_space% of disk space used." 62 | exit 3 63 | ;; 64 | esac 65 | 66 | chmod +x /usr/lib64/nagios/plugins/disk_check.sh 67 | 68 | vi /etc/nagios/nrpe.cfg 69 | and add 70 | command[diskcheck_script]=/usr/lib64/nagios/plugins/disk_check.sh 71 | 72 | restart the nrpe service on client 73 | 74 | server side configuration 75 | vi /etc/nagios/objects/commands.cfg 76 | define command{ 77 | command_name diskcheck_script 78 | command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c diskcheck_script 79 | } 80 | save the file 81 | vi /etc/nagios/servers/client.cfg (the cfg file for client where script is created) and add following. 82 | define service { 83 | use generic-service 84 | host_name centos7.client1 85 | service_description Custom Disk Checker Bash Script 86 | check_command diskcheck_script 87 | } 88 | 89 | save the file. 90 | Restart the nagios service. 91 | 92 | ----------------------------------------------------------------- 93 | Add Windows Server to Nagios Core for monitoring 94 | 95 | 1. Download NCP agent for windows from www.nagios.org/ncpa 96 | 2. Install vcredist86.exe 97 | 3. Double click and install the client. 98 | 99 | Configure Nagios Server 100 | 4.mkdir /nagcore 101 | 5.cd /nagcore 102 | 5. wget https://assets.nagios.com/downloads/ncpa/check_ncpa.tar.gz 103 | 6. tar xvf check_ncpa.tar.gz 104 | 7. mv check_ncpa.py /usr/local/nagios/libexec 105 | 8. chown nagios:nagios /usr/local/nagios/libexec/check_ncpa.py 106 | 9. chmod 775 /usr/local/nagios/libexec/check_ncpa.py 107 | 10. confirm with /usr/local/nagios/libexec/check_ncpa.py -V 108 | 11. vi /usr/local/nagios/etc/objects/commands.cfg 109 | 110 | define command { 111 | command_name check_ncpa 112 | command_line $USER1$/check_ncpa.py -H $HOSTADDRESS$ $ARG1$ 113 | } 114 | 115 | 12. vi /usr/local/nagios/etc/servers/win2008srv1.client.cfg 116 | define host { 117 | host_name Win2008srv1 118 | address Win_srv_IP 119 | check_command check_ncpa!-t 'mytoken' -P 5693 -M system/agent_version 120 | max_check_attempts 5 121 | check_interval 5 122 | retry_interval 1 123 | check_period 24x7 124 | contacts nagiosadmin 125 | notification_interval 60 126 | notification_period 24x7 127 | notifications_enabled 1 128 | icon_image ncpa.png 129 | statusmap_image ncpa.png 130 | register 1 131 | } 132 | 133 | define service { 134 | host_name Win2008srv1 135 | address Win_srv_IP 136 | check_command check_ncpa!-t 'mytoken' -P 5693 -M cpu/percent -w 20 -c 40 -q 'aggregate=avg' 137 | max_check_attempts 5 138 | check_interval 5 139 | retry_interval 1 140 | check_period 24x7 141 | notification_interval 60 142 | notification_period 24x7 143 | contacts nagiosadmin 144 | register 1 145 | } 146 | 147 | define service { 148 | host_name Win2008srv1 149 | address Win_srv_IP 150 | check_command check_ncpa!-t 'mytoken' -P 5693 -M memory/virtual -w 50 -c 80 -u G 151 | max_check_attempts 5 152 | check_interval 5 153 | retry_interval 1 154 | check_period 24x7 155 | notification_interval 60 156 | notification_period 24x7 157 | contacts nagiosadmin 158 | register 1 159 | } 160 | 161 | define service { 162 | host_name Win2008srv1 163 | address Win_srv_IP 164 | check_command check_ncpa!-t 'mytoken' -P 5693 -M processes -w 150 -c 200 165 | max_check_attempts 5 166 | check_interval 5 167 | retry_interval 1 168 | check_period 24x7 169 | notification_interval 60 170 | notification_period 24x7 171 | contacts nagiosadmin 172 | register 1 173 | } 174 | 175 | 13. verify with 176 | /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg 177 | 178 | 14. systemctl restart nagios 179 | ++++++++++++++++++++++++++++++++++++++++++++++++++++++Windows Host Installation++++++++++++++++++++++++++ 180 | 181 | 1. Download and install ncpa agent for Window. 182 | 183 | Note down the token. 184 | 185 | _______________________________Perform following on Nagios Server _____________________________________ 186 | __________________________________________NCPA for windows installation ________________ 187 | 188 | cd /tmp 189 | wget https://assets.nagios.com/downloads/ncpa/check_ncpa.tar.gz 190 | tar xvf check_ncpa.tar.gz 191 | chown nagios:nagios check_ncpa.py 192 | chmod 775 check_ncpa.py 193 | mv check_ncpa.py /usr/local/nagios/libexec 194 | 195 | 196 | 197 | -----------------define command------------------ 198 | define command { 199 | command_name check_ncpa 200 | command_line $USER1$/check_ncpa.py -H $HOSTADDRESS$ $ARG1$ 201 | } 202 | 203 | ----------------------Define Windows Host and Service -------------------------- 204 | 205 | define host { 206 | host_name NCPA 2 Host 207 | address 192.168.1.10 208 | check_command check_ncpa!-t 'mytoken' -P 5693 -M system/agent_version 209 | max_check_attempts 5 210 | check_interval 5 211 | retry_interval 1 212 | check_period 24x7 213 | contacts nagiosadmin 214 | notification_interval 60 215 | notification_period 24x7 216 | notifications_enabled 1 217 | icon_image ncpa.png 218 | statusmap_image ncpa.png 219 | register 1 220 | } 221 | 222 | define service { 223 | host_name NCPA 2 Host 224 | service_description CPU Usage 225 | check_command check_ncpa!-t 'mytoken' -P 5693 -M cpu/percent -w 20 -c 40 -q 'aggregate=avg' 226 | max_check_attempts 5 227 | check_interval 5 228 | retry_interval 1 229 | check_period 24x7 230 | notification_interval 60 231 | notification_period 24x7 232 | contacts nagiosadmin 233 | register 1 234 | } 235 | 236 | define service { 237 | host_name NCPA 2 Host 238 | service_description Memory Usage 239 | check_command check_ncpa!-t 'mytoken' -P 5693 -M memory/virtual -w 50 -c 80 -u G 240 | max_check_attempts 5 241 | check_interval 5 242 | retry_interval 1 243 | check_period 24x7 244 | notification_interval 60 245 | notification_period 24x7 246 | contacts nagiosadmin 247 | register 1 248 | } 249 | 250 | define service { 251 | host_name NCPA 2 Host 252 | service_description Process Count 253 | check_command check_ncpa!-t 'mytoken' -P 5693 -M processes -w 150 -c 200 254 | max_check_attempts 5 255 | check_interval 5 256 | retry_interval 1 257 | check_period 24x7 258 | notification_interval 60 259 | notification_period 24x7 260 | contacts nagiosadmin 261 | register 1 262 | } 263 | 264 | Email notification configuration of Nagios server 265 | 266 | Follow steps at 267 | https://bobcares.com/blog/nagios-email-notification-configuration/ 268 | -------------------------------------------------------------------------------- /Nagios-Core-Server-Inst.sh: -------------------------------------------------------------------------------- 1 | sudo hostnamectl set-hostname nagios-srv 2 | sudo sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config 3 | sudo setenforce 0 4 | sudo yum install -y gcc glibc glibc-common wget unzip httpd php php-cli gd gd-devel openssl-devel net-snmp perl -y 5 | sudo yum install -y make gettext autoconf net-snmp-utils epel-release automake tar wget unzip 6 | cd /tmp 7 | wget -O nagioscore.tar.gz https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.5.8.tar.gz 8 | tar xzf nagioscore.tar.gz 9 | cd nagios-4.5.8/ 10 | sudo ./configure 11 | sudo make all 12 | sudo make install-groups-users 13 | sudo usermod -a -G nagios apache 14 | sudo make install 15 | sudo make install-commandmode 16 | sudo make install-config 17 | sudo make install-webconf 18 | sudo make install-daemoninit 19 | sudo systemctl enable httpd.service 20 | sudo firewall-cmd --zone=public --add-port=80/tcp 21 | sudo firewall-cmd --zone=public --add-port=80/tcp --permanent 22 | sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin 23 | sudo systemctl start httpd 24 | ###################################################################### 25 | NAGIOS CORE INSTALLATION COMPLETED SUCCESSFULLY !!! 26 | ###################################################################### 27 | ###################################################################### 28 | NOW INSTALLING NRPE AGENNT !!!! .........WAIT 29 | ##################################################################### 30 | sleep 10 31 | cd /tmp 32 | wget wget --no-check-certificate -O nrpe.tar.gz https://github.com/NagiosEnterprises/nrpe/archive/nrpe-4.1.0.tar.gz 33 | tar xvzf nrpe.tar.gz 34 | cd nrpe-nrpe-4.1.0/ 35 | sudo ./configure --enable-command 36 | sudo make all 37 | sudo make install-groups-use 38 | sudo make install 39 | sudo make install-config 40 | sudo make install-init 41 | sudo systemctl enable nrpe.service 42 | sudo systemctl start nrpe.service 43 | sudo /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 44 | ################################################################### 45 | NRPE INSTALLATION FINISHED !!! 46 | ################################################################### 47 | INSTALLING NAGIOS PLUGINS!!! .........WAIT 48 | ################################################################## 49 | sleep 10 50 | sudo yum install -y gcc glibc glibc-common make gettext automake autoconf wget openssl-devel net-snmp net-snmp-utils epel-release 51 | sudo yum --enablerepo=crb,epel install perl-Net-SNMP -y 52 | cd /tmp 53 | wget --no-check-certificate -O nagios-plugins.tar.gz https://github.com/nagios-plugins/nagios-plugins/archive/release-2.2.1.tar.gz 54 | tar zxf nagios-plugins.tar.g 55 | cd nagios-plugins-release-2. 56 | sudo ./tools/setup 57 | sudo ./configure 58 | sudo make 59 | sudo make install 60 | ############################################################### 61 | INSTALLATION COMPLETE!!!! 62 | ############################################################### 63 | The Nagios web console username is ....... nagiosadmin 64 | The password is .............You Entered during this installation. !!!! Hope you remember :) 65 | ############################################################################################## 66 | Enjoy Monitoring !!!! 67 | ############################################################################################# 68 | sleep 10 69 | -------------------------------------------------------------------------------- /OSSEC Server and Agent Installation.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/OSSEC Server and Agent Installation.pdf -------------------------------------------------------------------------------- /OpenVPN Server Configuration-Username-password.txt: -------------------------------------------------------------------------------- 1 | Please follow all the steps given in the pdf by name OpenVPN Server Configuration-new. 2 | 3 | On the server install the following package 4 | 5 | sudo yum install openvpn-devel -y 6 | 7 | Now change the server configuration file. 8 | 9 | sudo vi /etc/openvpn/server/server.conf 10 | 11 | port 1194 12 | proto udp 13 | dev tun 14 | ca /etc/openvpn/server/ca.crt 15 | cert /etc/openvpn/server/openvpnserver.crt 16 | key /etc/openvpn/server/openvpnserver.key 17 | dh /etc/openvpn/server/dh.pem 18 | server 10.8.0.0 255.255.255.0 19 | #push "redirect-gateway def1" 20 | push "route 192.168.10.0 255.255.255.0" 21 | #push "dhcp-option DNS 208.67.222.222" 22 | #push "dhcp-option DNS 208.67.220.220" 23 | duplicate-cn 24 | cipher AES-256-CBC 25 | tls-version-min 1.2 26 | tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 27 | ###########Add following 3 lines to enable Username/Password authentication 28 | verify-client-cert none 29 | plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login 30 | username-as-common-name 31 | ################################################## 32 | auth SHA512 33 | auth-nocache 34 | 35 | save the file. 36 | 37 | Start the OpenVPN Server service. 38 | 39 | sudo systemctl start openvpn-server@server 40 | 41 | Create a user on the server 42 | 43 | useradd vpnuser 44 | passwd vpnuser 45 | 46 | Provide a password for the user. 47 | 48 | Client side configuration. 49 | 50 | vi client1.ovpn 51 | 52 | client 53 | dev tun 54 | proto udp 55 | remote 192.168.234.143 1194 56 | ##########Add following Line ....Keep all other things as it is#### 57 | auth-user-pass 58 | #################################### 59 | ca /etc/openvpn/client/ca.crt 60 | cert /etc/openvpn/client/client1.crt 61 | key /etc/openvpn/client/client1.key 62 | 63 | save the file. 64 | 65 | Here entire file is not shown. Thus do not delete other lines below the last line above. 66 | 67 | now try to connect 68 | 69 | sudo OpenVPN --config client1.ovpn 70 | 71 | Now it should prompt for a username and password. 72 | Provide vpnuser as username and password of that user. 73 | 74 | -------------------------------------------------------------------------------- /OpenVPN Server configuration-new.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/OpenVPN Server configuration-new.pdf -------------------------------------------------------------------------------- /Pfsense Installation and configuration.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/Pfsense Installation and configuration.pdf -------------------------------------------------------------------------------- /Port-Forwarding and attack prevention.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/Port-Forwarding and attack prevention.pdf -------------------------------------------------------------------------------- /Security Fundamentals.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/Security Fundamentals.pptx -------------------------------------------------------------------------------- /Snort 3 Rule Writing Guide.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/Snort 3 Rule Writing Guide.pdf -------------------------------------------------------------------------------- /Snort_3_GA_on_CentOS_8_Stream.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/Snort_3_GA_on_CentOS_8_Stream.pdf -------------------------------------------------------------------------------- /client1.ovpn: -------------------------------------------------------------------------------- 1 | client 2 | dev tun 3 | proto udp 4 | remote vpn-server-ip 1194 5 | ca ca.crt 6 | cert client1.crt 7 | key client1.key 8 | cipher AES-256-CBC 9 | auth SHA512 10 | auth-nocache 11 | tls-version-min 1.2 12 | tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS- DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 13 | resolv-retry infinite 14 | compress lz4 15 | nobind 16 | persist-key 17 | persist-tun 18 | mute-replay-warnings 19 | verb 3 20 | -------------------------------------------------------------------------------- /elasticsearch.yml: -------------------------------------------------------------------------------- 1 | # ======================== Elasticsearch Configuration ========================= 2 | # 3 | # NOTE: Elasticsearch comes with reasonable defaults for most settings. 4 | # Before you set out to tweak and tune the configuration, make sure you 5 | # understand what are you trying to accomplish and the consequences. 6 | # 7 | # The primary way of configuring a node is via this file. This template lists 8 | # the most important settings you may want to configure for a production cluster. 9 | # 10 | # Please consult the documentation for further information on configuration options: 11 | # https://www.elastic.co/guide/en/elasticsearch/reference/index.html 12 | # 13 | # ---------------------------------- Cluster ----------------------------------- 14 | # 15 | # Use a descriptive name for your cluster: 16 | # 17 | cluster.name: ditiss-cluster 18 | # 19 | # ------------------------------------ Node ------------------------------------ 20 | # 21 | # Use a descriptive name for the node: 22 | # 23 | node.name: node1 24 | # 25 | # Add custom attributes to the node: 26 | # 27 | #node.attr.rack: r1 28 | # 29 | # ----------------------------------- Paths ------------------------------------ 30 | # 31 | # Path to directory where to store the data (separate multiple locations by comma): 32 | # 33 | path.data: /var/lib/elasticsearch 34 | # 35 | # Path to log files: 36 | # 37 | path.logs: /var/log/elasticsearch 38 | # 39 | # ----------------------------------- Memory ----------------------------------- 40 | # 41 | # Lock the memory on startup: 42 | # 43 | #bootstrap.memory_lock: true 44 | # 45 | # Make sure that the heap size is set to about half the memory available 46 | # on the system and that the owner of the process is allowed to use this 47 | # limit. 48 | # 49 | # Elasticsearch performs poorly when the system is swapping the memory. 50 | # 51 | # ---------------------------------- Network ----------------------------------- 52 | # 53 | # By default Elasticsearch is only accessible on localhost. Set a different 54 | # address here to expose this node on the network: 55 | # 56 | network.host: localhost 57 | # 58 | # By default Elasticsearch listens for HTTP traffic on the first free port it 59 | # finds starting at 9200. Set a specific HTTP port here: 60 | # 61 | #http.port: 9200 62 | # 63 | # For more information, consult the network module documentation. 64 | # 65 | # --------------------------------- Discovery ---------------------------------- 66 | # 67 | # Pass an initial list of hosts to perform discovery when this node is started: 68 | # The default list of hosts is ["127.0.0.1", "[::1]"] 69 | # 70 | #discovery.seed_hosts: ["host1", "host2"] 71 | # 72 | # Bootstrap the cluster using an initial set of master-eligible nodes: 73 | # 74 | #cluster.initial_master_nodes: ["node-1", "node-2"] 75 | # 76 | # For more information, consult the discovery and cluster formation module documentation. 77 | # 78 | # ---------------------------------- Various ----------------------------------- 79 | # 80 | # Require explicit names when deleting indices: 81 | # 82 | #action.destructive_requires_name: true 83 | # 84 | # ---------------------------------- Security ---------------------------------- 85 | # 86 | # *** WARNING *** 87 | # 88 | # Elasticsearch security features are not enabled by default. 89 | # These features are free, but require configuration changes to enable them. 90 | # This means that users don't have to provide credentials and can get full access 91 | # to the cluster. Network connections are also not encrypted. 92 | # 93 | # To protect your data, we strongly encourage you to enable the Elasticsearch security features. 94 | # Refer to the following documentation for instructions. 95 | # 96 | # https://www.elastic.co/guide/en/elasticsearch/reference/7.16/configuring-stack-security.html 97 | -------------------------------------------------------------------------------- /fail2ban.txt: -------------------------------------------------------------------------------- 1 | Install fail2ban 2 | 3 | sudo dnf update -y 4 | 5 | sudo dnf install epel-release -y 6 | 7 | sudo dnf update -y 8 | 9 | sudo dnf install fail2ban -y 10 | 11 | sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local 12 | 13 | sudo vim /etc/fail2ban/jail.d/sshd.local 14 | 15 | add following 16 | [sshd] 17 | enabled = true 18 | findtime = 3600 19 | maxretry = 3 20 | bantime = 10m 21 | 22 | save the file. 23 | 24 | sudo systemctl start fail2ban 25 | 26 | sudo systemctl enable fail2ban 27 | 28 | Now from another client ssh to this system and give wrong password for 3 times. 29 | 30 | sudo fail2ban-client status 31 | 32 | sudo fail2ban-client status sshd 33 | 34 | -------------------------------------------------------------------------------- /http_with_jpegs.cap.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/http_with_jpegs.cap.gz -------------------------------------------------------------------------------- /iptables commands: -------------------------------------------------------------------------------- 1 | Suppose we want to prevent potential brute force attempts to guess valid username and password combinations for the Secure Shell (SSH) service. 2 | 3 | In this scenario, we can use packet rate limiting rules to limit the number of connections to the SSH port from the same IP address. Let’s use the following iptables commands to achieve this: 4 | 5 | 6 | iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --set 7 | iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 120 --hitcount 10 -j DROP 8 | 9 | 10 | The above commands use the iptables extension recent, which allows us to dynamically create a list of IP addresses and match against them in different ways. In this example, we instruct iptables to drop connections from any IP address if it attempts to open more than 10 connections to the SSH port (22/tcp) within 120 seconds (two minutes). 11 | By using the NEW state, only new connections are impacted by this rule, not established ones. 12 | 13 | Allowing Established and Related Incoming Connections 14 | 15 | sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT 16 | 17 | Dropping Invalid Packets 18 | sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP 19 | 20 | Blocking an IP Address 21 | sudo iptables -A INPUT -s 203.0.113.51 -j DROP 22 | 23 | limit 24 | This module must be explicitly specified with `-m limit’ or `–match limit’. It is used to restrict the rate of matches, such as for suppressing log messages. It will only match a given number of times per second (by default 3 matches per hour, with a burst of 5). It takes two optional arguments: 25 | –limit 26 | followed by a number; specifies the maximum average number of matches to allow per second. The number can specify units explicitly, using `/second’, `/minute’, `/hour’ or `/day’, or parts of them (so `5/second’ is the same as `5/s’). 27 | –limit-burst 28 | followed by a number, indicating the maximum burst before the above limit kicks in. 29 | 30 | Syn-flood protection: 31 | 32 | # iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT 33 | Furtive port scanner: 34 | 35 | # iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST \ 36 | -m limit --limit 1/s -j ACCEPT 37 | Ping of death: 38 | 39 | # iptables -A FORWARD -p icmp --icmp-type echo-request -m limit \ 40 | --limit 1/s -j ACCEPT 41 | 42 | 43 | 44 | 45 | -------------------------------------------------------------------------------- /iptables-cheat-sheet.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/iptables-cheat-sheet.pdf -------------------------------------------------------------------------------- /iptables-tutorial.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/iptables-tutorial.pdf -------------------------------------------------------------------------------- /iptables.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/iptables.pdf -------------------------------------------------------------------------------- /nginx Load Balancing Methods.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/nginx Load Balancing Methods.txt -------------------------------------------------------------------------------- /nginx_sample_config.txt: -------------------------------------------------------------------------------- 1 | This lab requires 3 virtual machines. All the 3 virtual machines can be a minimal install. Keep the network card of all these 3 machines in the NAT mode. Here 3 Rocky Linux minimal install VM's are considered. Make sure SELINUX is disabled or Permissive on Rocky Linux. 2 | 3 | On 2 of these VM's install apache web server. 4 | 5 | sudo yum install httpd -y # for Ubuntu use command sudo apt install apache2 -y 6 | 7 | Once the web server is installed, create an index.html file in /var/www/html directory. Make sure to add the server IP address in the content. Thus you will know during lab results that which page is served by which webserver. 8 | 9 | Start the apache web server. Also open the port in the firewall. 10 | 11 | use sudo firewall-cmd --add-service=http and sudo firewall-cmd --add-service=http --permanent commands. 12 | 13 | # For ubuntu use sudo ufw allow http 14 | 15 | On the 3rd virtual machine install nginx server. 16 | 17 | sudo yum install nginx -y # for ubuntu use sudo spt install nginx -y 18 | 19 | Start the nginx service - sudo systemctl start nginx. 20 | 21 | Open the port in the firewall. 22 | 23 | sudo firewall-cmd --add-service=http and sudo firewall-cmd --add-service=http --permanent 24 | 25 | This virtual machine will work as a front end for the clients. All clients will connect to the IP address of this virtual machine. 26 | Open any browser on your main laptops OS(Windows). Type IP address of the nginx server. The nginx default webpage should be displayed. 27 | You can configure nginx as a Reverse Proxy or as a Load balancer. 28 | Here first we will configure the nginx as a Reverse Proxy. 29 | 30 | nginx as reverse proxy 31 | 32 | copy the original nginx.conf file. 33 | sudo cp /etc/nginx/nginx.conf ~ # this will copy the file to the user's home directory 34 | Edit the nginx configuration file. 35 | sudo vi /etc/nginx/nginx.conf 36 | 37 | Go to the server section. 38 | 39 | Put # for these 3 lines. 40 | #listen [::]:80; 41 | #server_name _; 42 | #root /usr/share/nginx/html; 43 | include /etc/nginx/default.d/*.conf; 44 | 45 | Type following below above lines. 46 | 47 | location / { 48 | proxy_pass http://first-apache-server-IP/; 49 | proxy_buffering off; 50 | proxy_set_header X-Real-IP $remote_addr; 51 | proxy_set_header X-Forwarded-Host $host; 52 | proxy_set_header X-Forwarded-Port $server_port; 53 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 54 | proxy_set_header X-Forwarded-Proto $scheme; 55 | } 56 | 57 | location /courses { 58 | proxy_pass http://second-apache-server-IP/; 59 | proxy_buffering off; 60 | proxy_set_header X-Real-IP $remote_addr; 61 | proxy_set_header X-Forwarded-Host $host; 62 | proxy_set_header X-Forwarded-Port $server_port; 63 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 64 | proxy_set_header X-Forwarded-Proto $scheme; 65 | } 66 | Save the file. Restart the nginx service. 67 | 68 | sudo systemctl restart nginx. 69 | 70 | Now go to the browser in the Windows. Type nginx server IP address. This time you should get the webpage from the first apache webserver in the backend. Now type nginx-server-IP/courses and Enter. This time you should get the second apache webserver webpage. 71 | This is how the nginx is configured as a reverse proxy successfully. 72 | ################################################################################################################################ 73 | nginx as Load Balancer 74 | 75 | Replace the above nginx.conf file with the original one. 76 | 77 | sudo cp -f ~/nginx.conf /etc/nginx/ 78 | 79 | Edit the file 80 | 81 | sudo vi /etc/nginx/nginx.conf 82 | 83 | Go to the server section. 84 | 85 | Put # for these 3 lines. 86 | #listen [::]:80; 87 | #server_name _; 88 | #root /usr/share/nginx/html; 89 | include /etc/nginx/default.d/*.conf; 90 | Type following below the above line. 91 | upstream backend { 92 | server first-apache-server-IP; 93 | server second-apache-server-IP; 94 | } 95 | 96 | server { 97 | listen 80; 98 | location / { 99 | proxy_pass http://backend/; 100 | } 101 | } 102 | save the file. 103 | Restart the nginx service. 104 | 105 | sudo systemctl restart nginx 106 | 107 | Now go to the Windows browser. Type the IP address of the nginx server machine. 108 | Web page from one of the server will be displayed. Refresh the page. Now webpage from the second server will be displayed. 109 | Each time you refresh the page your request is sent to a different backend server. This is because the default load balancer algorithm is round robin. 110 | Please refer to the file "nginx Load Balancing Methods.txt" file for the different algorithms used by the nginx. 111 | 112 | 113 | 114 | 115 | 116 | 117 | -------------------------------------------------------------------------------- /openvpn-firewalld: -------------------------------------------------------------------------------- 1 | sudo firewall-cmd --permanent --add-service=openvpn 2 | sudo firewall-cmd --permanent --zone=trusted --add-service=openvpn 3 | sudo firewall-cmd --permanent --zone=trusted --change-interface=tun0 4 | sudo firewall-cmd --add-masquerade 5 | sudo firewall-cmd --permanent --add-masquerade 6 | sudo firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.8.0.0/24 \ 7 | -o ens160 -j MASQUERADE 8 | sudo firewall-cmd --reload 9 | -------------------------------------------------------------------------------- /server.conf: -------------------------------------------------------------------------------- 1 | port 1194 2 | proto udp 3 | dev tun 4 | ca /etc/openvpn/server/ca.crt 5 | cert /etc/openvpn/server/openvpnserver.crt 6 | key /etc/openvpn/server/openvpnserver.key 7 | dh /etc/openvpn/server/dh.pem 8 | server 10.8.0.0 255.255.255.0 9 | #push "redirect-gateway def1" push "route 192.168.237.0 255.255.255.0" ### match this address to your LAN side network address. #push "dhcp-option DNS 208.67.222.222" #push "dhcp-option DNS 208.67.220.220" duplicate-cn 10 | cipher AES-256-CBC 11 | tls-version-min 1.2 12 | tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS- DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 13 | auth SHA512 14 | auth-nocache 15 | keepalive 20 60 16 | persist-key 17 | persist-tun 18 | compress lz4 19 | daemon 20 | user nobody 21 | group nobody 22 | log-append /var/log/openvpn.log 23 | verb 3 24 | -------------------------------------------------------------------------------- /spoof prevention.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandeepw1/NDC/d1b078e590b5c0e1b96acf12fe08a98bebd6fda3/spoof prevention.pptx -------------------------------------------------------------------------------- /vars: -------------------------------------------------------------------------------- 1 | set_var EASYRSA "$PWD" 2 | set_var EASYRSA_PKI "$EASYRSA/pki" 3 | set_var EASYRSA_DN "cn_only" 4 | set_var EASYRSA_REQ_COUNTRY "IN" 5 | set_var EASYRSA_REQ_PROVINCE "Maharastra" 6 | set_var EASYRSA_REQ_CITY "Pune" 7 | set_var EASYRSA_REQ_ORG "Demo Labs" 8 | set_var EASYRSA_REQ_EMAIL "" 9 | set_var EASYRSA_REQ_OU "Demo Labs CA" 10 | set_var EASYRSA_KEY_SIZE 2048 11 | set_var EASYRSA_ALGO rsa 12 | set_var EASYRSA_CA_EXPIRE 7500 13 | set_var EASYRSA_CERT_EXPIRE 365 14 | set_var EASYRSA_NS_SUPPORT "no" 15 | set_var EASYRSA_NS_COMMENT "Demo Labs" 16 | set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types" 17 | set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf" 18 | set_var EASYRSA_DIGEST "sha256" 19 | --------------------------------------------------------------------------------