資安筆記

Bootstrap 跨站腳本漏洞

若你使用此漏洞的lib開發前台，如論壇或留言版，會讓人在貼文時可植入一段有害的程式碼，觀文者即有可能受該程式碼影響。

X-Frame-Options Header Not Set

CORS漏洞的學習與分析

主要用途是釣魚網站。

比如我架一個釣魚網站，背後資料全捉你的公開站，連post資料也去你站上捉，久而久之，當人們可以從我這站登入你網站時，我這站即可取得使用者帳密。

Fortigate 100D send syslog to linux

Reference:

How Fortigate 100D send log to Splunk 

 

Fortigate 100D網頁管理畫面沒有可以設定將 syslog 傳到外部的 log server。

必須用 putty 連上 console 下指令設定。

 

config log syslogd setting
    set status enable
    set server "192.168.1.171"
    set facility alert
    set source-ip 192.168.1.254
end

Mariadb (Mysql) enable audit log

Reference:

mariadb server audit plugin for mysql 

MariaDB Audit Plugin 

MySQL 基本操作語法

詳解MySQL四種Log機制 以日誌稽核解析追蹤事件 

MySQL Auditing With MariaDB Auditing Plugin 

mysql 几种日志

 

#login mysql
mysql -u root -p

#確認plugin目錄 (in mysql)
SHOW GLOBAL VARIABLES LIKE 'plugin_dir';
+---------------+--------------------------+
| Variable_name | Value                    |
+---------------+--------------------------+
| plugin_dir    | /usr/lib64/mysql/plugin/ |
+---------------+--------------------------+

Fortigate disable port 5060, 2000, 541

Reference:

Port 2000 and 5060 open by default (How to close)

Cannot Disable FMG-Access

 

port 5060, 2000:

 

To disable the SIP helper /  ALG i used the following code

config system settings
set default-voip-alg-mode kernel-helper-based
end

Important is that you need to configure it on all the VDOM`s

A reboot is not necessary, Clearing the sessions worked for us:

diagnose sys session filter
diagnose sys session filter dport 5060
diagnose sys session clear
diagnose sys session filter dport 2000
diagnose sys session clear

 

PS. port 2000關不掉，找時間重開機試試看。

 

port 541:

config system interface
edit <wan-interface>
unselect allowaccess fgfm
set ident-accept enable
end

Bacula 11.0.5 client setup

Reference:

Bacula Client安装配置

Windows Binaries

 

Linux client:

• yum install wget -y
• wget https://www.bacula.org/downloads/Bacula-4096-Distribution-Verification-key.asc --no-check-certificate
• rpm --import Bacula-4096-Distribution-Verification-key.asc
• vi /etc/yum.repos.d/Bacula.repo
• [Bacula-Community]
  name=CentOS - Bacula - Community
  baseurl=http://www.bacula.org/packages/[access key]/rpms/11.0.5/el7/
  enabled=1
  protect=0
  gpgcheck=1
• access key請參考 Bacula 11.0.5 install with rpm
  

Bacula web report: baculum installation

Reference:

安装bacula web 管理端Baculum 

Centos7.2安装bacula及bacula-web 

Index of /downloads/baculum/stable-11/centos

 

baculum是bacula的web頁面，只能查看備份任務的資訊，不能修改備份任務。

 

步驟：

• rpm --import http://bacula.org/downloads/baculum/baculum.pub
• vi /etc/yum.repos.d/baculum.repo
• [baculumrepo]
  name=Baculum CentOS repository
  baseurl=https://www.bacula.org/downloads/baculum/stable-11/centos/
  gpgcheck=1
  enabled=1
• yum install baculum-web baculum-web-httpd baculum-web-lighthttpd baculum-web-selinux -y
• yum install baculum-api baculum-api-httpd baculum-api-lighthttpd baculum-api-selinux -y
• systemctl start httpd
• systemctl enable httpd

Bacula 11.0.5 install with source tar file

Reference:

Installing Bacula

Source tar file download

 

步驟：

•  安裝 CentOS 7.x (最小安裝即可)
• yum install mariadb-server mariadb-devel mariadb gcc gcc-c++ -y
  systemctl start mariadb.service
  systemctl enable mariadb.service
• Source tar file download
• download bacula-11.0.5.tar.gz
• tar zxvf bacula-11.0.5.tar.gz

Bacula 11.0.5 install with rpm

Reference:

Centos7.2安装bacula及bacula-web

Deb and rpm Packages

Bacula Community Installation Guide

 

步驟：

• 到 Deb and rpm Packages 申請 rpm 下載，會收到 email 通知下載連結
• 把 access key (紅色部分) 複製下來
• 

Bacula backup tool installstion (open source)

Reference:

Bacula測試紀錄

How to Setup Backup Server Using Bacula And Webmin in CentOS

企业级的开源备份工具Bacula之配置 

 

(這方法裝起來的Bacula是5.2.13版，和bacula.org上的版本落差頗大)

 

步驟：

• 安裝 CentOS 7
• yum install -y bacula-director bacula-storage bacula-console bacula-client mariadb-server
• vi /etc/sysconfig/selinux
• SELINUX=disabled
•  setenforce 0 
• systemctl start mariadb
• systemctl enable mariadb 
• 調整為mysql
• alternatives --config libbaccats.so
• Enter to keep the current selection[+], or type selection number: 1

 

ELK index lifecycle, snapshot

Reference:

Snapshot and restore

【Kibana】索引生命周期策略不生效，报错: index.lifecycle.rollover_alias [somta-logs] does not point to index

喬叔教 Elastic - 14 - 管理 Index 的 Best Practice (6/7) - Snapshot Lifecycle Management (SLM) 

Register a snapshot repository

index lifecycle:

錯誤訊息：

illegal_argument_exception: index.lifecycle.rollover_alias [filebeat-7.12.1] does not point to index [filebeat-7.12.1-2021.09.02]

解法：

取消 lifecycle policy 的 Enable rollover