Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ewdlop/cybersecurity-crimenote

What get you arrested on the internet
https://github.com/ewdlop/cybersecurity-crimenote

anonymous openvas osint ossec owasp owner-access-only suricata wsl2 zeek zero-knowledge

Last synced: 9 days ago
JSON representation

What get you arrested on the internet

Awesome Lists containing this project

README 

        
# CybersecurityNote



Disclaimer: The cybersecurity information and recommendations provided in this response are for general informational purposes only and should not be considered as professional or expert advice. Cybersecurity is a complex and rapidly evolving field, and the threats and solutions can vary widely depending on the specific context and environment. The author of this response is not a certified cybersecurity professional and the advice given should not be taken as comprehensive or infallible. Users are encouraged to consult with qualified cybersecurity professionals for specific advice tailored to their individual or organizational needs. The author and provider of this response disclaim any liability for any harm, loss, or damage resulting from actions taken based on this information



https://complaint.ic3.gov/



https://www.cia.gov/report-information/



Screenshot 2024-01-29 152757



# OpenVAS (Open Vulnerability Assessment System), is an open-source framework for comprehensive network vulnerability scanning and management. It is part of the Greenbone Vulnerability Manager (GVM) framework. Below are the steps to install and use OpenVAS on an Ubuntu system:



### Installation



#### Prerequisites



Update your package lists and install necessary dependencies:



```bash

sudo apt-get update

sudo apt-get upgrade

sudo apt-get install -y software-properties-common

```



#### Add the GVM/OpenVAS PPA



Add the Greenbone PPA to your system:



```bash

sudo add-apt-repository ppa:mrazavi/gvm

sudo apt-get update

```



#### Install OpenVAS



Install the OpenVAS package:



```bash

sudo apt-get install gvm

```



#### Initialize OpenVAS



Initialize the setup, which will download and configure the necessary components:



```bash

sudo gvm-setup

```



This process can take some time as it downloads the latest vulnerability feeds and configures the services.



#### Start OpenVAS Services



Start the OpenVAS services:



```bash

sudo gvm-start

```



### Accessing OpenVAS



Once the installation and setup are complete, you can access the OpenVAS web interface. Open a web browser and navigate to:



```

https://:9392

```



Use the default credentials (which you can change later) to log in:



- **Username:** admin

- **Password:** admin



### Using OpenVAS



#### Scanning for Vulnerabilities



1. **Create a Target:**

   - Go to `Configuration` -> `Targets`.

   - Click on the `+` button to create a new target.

   - Enter the target details (e.g., IP address or hostname) and save.



2. **Create a Task:**

   - Go to `Scans` -> `Tasks`.

   - Click on the `+` button to create a new task.

   - Enter the task details and select the target you created earlier.

   - Save the task.



3. **Start the Scan:**

   - Select the task you created and click the `Start` button to initiate the scan.



#### Viewing Reports



After the scan is complete, you can view the results:



1. Go to `Scans` -> `Reports`.

2. Select the report for the scan you want to review.

3. The report will provide details on the vulnerabilities found, including severity and suggested remediation steps.



### Updating OpenVAS



To keep OpenVAS up-to-date with the latest vulnerability definitions and software updates, run the following commands regularly:



```bash

sudo gvm-feed-update

```



### Resources



- [GVM Documentation](https://greenbone.github.io/docs/)

- [Greenbone Community Edition](https://community.greenbone.net/)

- [Greenbone Source Edition](https://www.greenbone.net/en/testnow/)



By following these steps, you can effectively install, configure, and use OpenVAS to enhance your network security posture.



# Zeek



Zeek (formerly known as Bro) is a powerful network analysis framework that is much different from the typical IDS you probably know. Here are some key points about Zeek:



### Features:

- **Network Traffic Analysis:** Zeek monitors network traffic and provides a high-level overview of network activities.

- **Event-Driven:** It processes network events and can generate logs or trigger other actions based on these events.

- **Highly Flexible:** Zeek is highly customizable and users can write scripts to define how it analyzes network traffic.



### Installation:

To install Zeek on a Linux system, you can follow these steps:



1. **Update Package Lists:**

   ```bash

   sudo apt-get update

   ```



2. **Install Dependencies:**

   ```bash

   sudo apt-get install cmake make gcc g++ flex bison libpcap-dev libssl-dev python3 python3-dev swig zlib1g-dev

   ```



3. **Download Zeek:**

   ```bash

   wget https://download.zeek.org/zeek-4.0.0.tar.gz

   tar -xvzf zeek-4.0.0.tar.gz

   cd zeek-4.0.0

   ```



4. **Compile and Install:**

   ```bash

   ./configure

   make

   sudo make install

   ```



5. **Verify Installation:**

   ```bash

   zeek --version

   ```



### Basic Usage:

To start analyzing network traffic, you can run Zeek with the following command:

```bash

sudo zeek -i 

```

Replace `` with the network interface you want to monitor (e.g., `eth0`).



### Writing Zeek Scripts:

Zeek uses its own scripting language for defining how to analyze traffic. Here's a simple example of a Zeek script that logs HTTP requests:



```zeek

event http_request(c: connection, method: string, original_URI: string, unescaped_URI: string, version: string) {

    print fmt("HTTP request: %s %s", method, unescaped_URI);

}

```



### Resources:

- [Zeek Documentation](https://docs.zeek.org/en/stable/)

- [Zeek Scripts](https://github.com/zeek/scripts)

- [Zeek User Mailing List](https://lists.zeek.org/mailman/listinfo/zeek)



Zeek is a powerful tool for network security monitoring and analysis, and learning to use it can significantly enhance your ability to understand and protect your network.



# OSSEC (Open Source Security Event Correlator) is an open-source, host-based intrusion detection system (HIDS) that performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting, and active response.



Here's a guide to installing and configuring OSSEC on a Linux system:



### Installation



#### Prerequisites



Update your package lists and install necessary dependencies:



```bash

sudo apt-get update

sudo apt-get install -y build-essential gcc make unzip wget

```



#### Download and Install OSSEC



1. **Download OSSEC:**



    ```bash

    wget https://github.com/ossec/ossec-hids/archive/refs/tags/3.7.0.tar.gz -O ossec-hids.tar.gz

    tar -zxvf ossec-hids.tar.gz

    cd ossec-hids-3.7.0

    ```



2. **Run the Installation Script:**



    ```bash

    sudo ./install.sh

    ```



    Follow the prompts to configure the installation. For a basic setup, you can accept the default options.



### Configuration



After installation, you can configure OSSEC by editing the `ossec.conf` file:



```bash

sudo nano /var/ossec/etc/ossec.conf

```



Here are some key sections you might need to configure:



- **Log Analysis:**



    ```xml

    

      no

      7200

      /etc,/usr/bin,/usr/sbin

      /etc/mtab

      /etc/hosts.deny

      /etc/mail/statistics

    

    ```



- **Active Response:**



    ```xml

    

      no

      host-deny

      local

      40101,40103

    

    ```



### Starting OSSEC



To start the OSSEC service, use the following command:



```bash

sudo /var/ossec/bin/ossec-control start

```



### Managing OSSEC



- **Start OSSEC:**

  

    ```bash

    sudo /var/ossec/bin/ossec-control start

    ```



- **Stop OSSEC:**



    ```bash

    sudo /var/ossec/bin/ossec-control stop

    ```



- **Restart OSSEC:**



    ```bash

    sudo /var/ossec/bin/ossec-control restart

    ```



- **Check Status:**



    ```bash

    sudo /var/ossec/bin/ossec-control status

    ```



### Viewing Alerts



OSSEC alerts can be found in the `/var/ossec/logs/alerts/alerts.log` file. You can use `tail` to monitor this file in real-time:



```bash

sudo tail -f /var/ossec/logs/alerts/alerts.log

```



### Resources



- [OSSEC Documentation](https://www.ossec.net/docs/)

- [OSSEC GitHub Repository](https://github.com/ossec/ossec-hids)

- [OSSEC Community](https://groups.google.com/forum/#!forum/ossec-list)



By following these steps, you can install, configure, and manage OSSEC to enhance the security of your system.