Thursday, September 13, 2018

Setting up web based sguil


One of the problems with using Sguil to do network forensics investigations is the client. You need to make sure that your system can support how it runs and it in the end is a think client. The nice thing about OSX is that is has wish installed so getting is running is as simple as running it but the other issue is client hangups etc.  

Recently the author Bamm Visscher updated the code to include a web client on the server. In this post I am going to get it installed on a fresh install of Security Onion. One of the hurdles that you will have is that SO is already running a web server on 443 so we will have to make some modifications. Lets get started. 


First you will need to clone the repo. 

cd /opt/ && git clone https://github.com/bammv/sguil.git 

This will place a fresh install in your opt directory where we will begin. 

Lets stop sguil and do a quick little back up of you current files 

sudo so-sguild-stop && mkdir /opt/sguil_bak && tar zcvf /opt/sguil_bak/lib.bak.tgz /usr/lib/sguild/ && tar zcvf /opt/sguil_bak/sguild.tgz /usr/bin/sguild

Now that we have our back up lets copy our lib files over

sudo rsync -avh /opt/sguil/server/lib/* /usr/lib/sguild/

Ok now lets edit the config. Note change 4433 to whatever port you want to use for the web page.


echo "set HTTPS 1" >> /etc/sguild/sguild.conf 
echo "set HTTPS_PORT 4433" >> /etc/sguild/sguild.conf
echo "set HTML_PATH {/opt/sguil/server/html}" >> /etc/sguild/sguild.conf

Once we have the config in place we need to edit sguild really quick.

sed s/cert.pem/wcert.pem /usr/bin/sguildsed s/privkey.pem/wprivkey.pem /usr/bin/sguild


Last thing before we log into the console we need to generate the keys for the web service 

sudo openssl req -newkey rsa:2048 -new -nodes -x650 -keyout /etc/sguild/certs/wprivkey.pem -out /etc/sguild/certs/wcert.pem

Now that everything is in place go ahead and fire up sguild

sudo so-sguild-start 

You should see everything start ok. When this is done you can open up your browser and head to localhost:4433 or whatever you chose in the previous configs.  You should be presented with your login. This is all the same information that you created while setting up SO.  See below.





After playing with the web client I like the fact that I now no longer have to have a think client and can log in with any device and browser. 

I also wrapped up the above commands into a very simple shell script so that its very easy to get operational.

https://github.com/bl4ck0ut/scripts/blob/master/web_sguil.sh 

Also you can watch the script in action getting sguil web setup.





Saturday, September 8, 2018

17 years of linux desktop captures




I know that this isn't a security post but I thought I would take a moment and post some screenshots of the Operating System that I had a passion for many years. I just wish I had my screen shots of the ACID, BASE and Sguil deployments through the years as well

Ever since I switched 100 percent to a linux desktop I would take screen shots just to track the progress of how it evolved. I had been using it since 1998 but it wasn't until 2001 that I was able go all in. In the beginning I had many hurdles, I was building out a large network for the company but they were stuck with Twinaxe cabling and 5250 emulation cards in old 486's. Once I switched the iseries as400 to tcp, then it became how to emulation 5250 which wasn't that bad.

2001 

Getting 5250 emulation working since I was an RPG400 and ILE programmer at the time




December 2001 

Just Playing with more setups pretty sure previous and this was Enlightenment desktop.


Feb 2004

Ximian hits the scene and playing with KDE as my desktop - resolution getting much better



July 2004

Yeah Playing with SUSE again since my first purchase of 6.2 box set in 1999. I bought the box set because I was trying my play my part in growing Linux. 




April 2005

Gentoo - enough said "emerge next-os". Funny you can see my in and outside ids terminals and snort. Only glimps at my deployments.




October 2007 

Pretty sure I was playing with Fedora at the time.



February 2009 

My first Ubuntu build with Gnome. 



May 2011


Multiple screens are just a normal life by this time, Running Ubuntu.





Just a little documented history fun hope you enjoyed the trip. 




Installing Older Versions of VeraCrypt on Linux: A Step-by-Step Guide

Introduction: During some house cleaning I had an old external drive that was encrypted with an old version of truecrypt. I wanted to mount...