How to install QRadar CE 7.3.3. via the OVA file provided by IBM.

During this walk-through we will demonstrate how in download and install QRadar CE 7.3.3. via the OVA file provided by IBM. QRadar CE is a fully-featured free version of QRadar that includes a limited 50 events per second (EPS) & 5000 network flows a minute (FPS) perpetual license. It is the perfect solution to start learning QRadar or use it to monitor your home network.

*Q1 LABS, QRADAR and the ‘Q’ Logo are trademarks or registered trademarks of IBM Corp. Trademarks and related content are owned by their respective companies / owners.

—START—
QRadar 733 Steps

1. Download the OVA from – https://developer.ibm.com/qradar/ce/

2. Double click on the OVA file you just downloaded to kick of the import to VirtualBox.

3. Initial login. User = root. / Password = password

4. When prompted enter your chosen password and confirm for the password change.

5. Type in ./setup.sh to kick off the install.

6. Accept the terms by pressing Enter.

7. Enter password of your choice for the web interface.

8. Open a compatible web browser and input the IP of your QRadar CE Server, In our example – “https://192.168.68.141”

Urls used

https://developer.ibm.com/qradar/ce/

https://www.virtualbox.org/

—END—

How To Secure & Install MariaDB On Ubuntu Desktop 20.04

—START HERE—

Follow this guide to install and start securing MariaDB on Ubuntu desktop 20.04.

  1. Update Ubuntu 20.04 and install MariaDB Server.

sudo apt-get update

sudo apt-get install mariadb-server

  1. Secure the MariaDB installation by running the included security script.

sudo mysql_secure_installation

Press Enter

Sec_mysql_enter

You will be prompted to set a root password. Input Y and input the new password for root and validate it.

Set root password

The Next prompt will ask if you want to remove anonymous users. Input Y

anaon_remove_users

Prompt will request input to disallow remote root login. Input Y

Prompt will request input to remove the test database and access. Input Y

test db remove

Last prompt will request input to reload the privilege tables. Input Y

Last Prompt

Login to the MariaDB server and confirm its running.

sudo mariadb

Enter the password you decided on for root during the first prompt.

Login MariaDB

Create user to access DB other than root.

GRANT ALL PRIVILEGES ON *.* TO ‘sqladmin’@’localhost’ IDENTIFIED BY ‘password_here’;

quit;

quit;

End


You should always harden your servers.

Some useful links:

Secure your MariaDB installation – https://mariadb.com/kb/en/securing-mariadb/

Ubuntu Security and Server hardening – https://ubuntu.com/security

How to Install RT 5. Robust, High Volume Ticketing System! Ubuntu 20.04 with MariaDB and Apache2!

This walk-through aims to guide you through the process of Installing the world class, industry tested ticket system known as Request Tracker or RT. We start with a solid Ubuntu 20.04 base as the server combined with MariaDB for the Database and Apache2 as the web server.

You will need a base install of Ubuntu 20.04. Once complete ssh to your Ubuntu 20.04 server.

ubuntu 20.04 uname output

ssh to the Ubuntu server you have provisioned. Ubuntu 20.04 was used for this walk-through.

ssh username@your_servers_ip


Installing the some system base packages.

  1. Ensure the system is up to date.

sudo apt-get update

1.1 Install the some system base packages

sudo apt install build-essential apache2 libapache2-mod-fcgid libssl-dev libexpat1-dev libmysqlclient-dev libcrypt-ssleay-perl liblwp-protocol-https-perl mariadb-server mariadb-client

1.3 Installing some Perl modules

sudo /usr/bin/perl -MCPAN -e shell

1.3.1 When prompted with the below, input yes then q to quit.

Would you like to configure as much as possible automatically? [yes]

1.3.2 Installing the required Perl modules

sudo cpan install Parallel::Perforce

sudo cpan install HTML::FormatText

sudo cpan install HTML::TreeBuilder

sudo cpan install HTML::FormatText::WithLinks

sudo cpan install HTML::FormatText::WithLinks::AndTables

sudo cpan install DBD::mysql

sudo cpan install LWP::Protocol::https


General RT5 Installation

  1. Download and unpack the RT5 tar file to a temporary location.

wget https://download.bestpractical.com/pub/rt/release/rt-5.0.0.tar.gz

2.1 Extract / unpack the file to /tmp and run the ./configure script provided.

tar xzvf rt-5.0.0.tar.gz -C /tmp

cd /tmp/rt-5.0.0/

sudo ./configure

2.2 Ensure the required Perl and system libraries are installed with the command below.

sudo make testdeps

2.2.1 If the script reports any missing dependencies run the fixdeps command.

sudo make fixdeps

2.2.2 During our demo install we were promoted with the following three questions while running the fixdeps script. We opted to answer yes.

Perl Option 1
Perl Option 2

Once the fixdeps script is complete validate all dependencies are present by running the testdeps script to confirm. You should see the below.

All Perl Dependencies found (RT5)

2.3 Run the make install with appropriate permissions to install RT5

sudo make install

  1. Initialize the Database for RT5

sudo make initialize-database

3.1 If the initialization fails run make dropdb and then rerun make initialize-database. Once completed successfully you should see the following.

RT5 DB init

3.1.1 Change the default password for the RT database user. (We recommend for production systems to also change the user.)

sudo mysql -u root -p

ALTER USER ‘rt_user’@’localhost’ IDENTIFIED BY ‘your_new_rt_pass’;

commit;

quit;

RT5 DB User Password Change

Although not covered in this guide, we recommend securing your MariaDB by running the below script.

sudo mysql_secure_installation


3.1.2 Update the RT_Config.pm config to reflect our password change we did for the RT database user rt_user.

sudo vi /opt/rt5/etc/RT_Config.pm

Edit the section as shown below:

Original Config – RT5 database user

RT5 DB user org pass img

Updated Config – RT5 database user

RT5 DB user pass updated

3.2 Confirm we have a working RT instance running with the standalone rt-server.

sudo /opt/rt5/sbin/rt-server –port 8080

3.2.1 Open your web browser and navigate to your servers ip or FQDN and port 8080. For our demo server it is http://135.181.98.216:8080/. You should see the login page.

RT 5 Initial login page tst img

NOTE: If this a demo system you can stop here. For production use we recommended configuring RT to use a production ready web server like Apache2.


Configure RT5 to work with the Apache2 web server

  1. Create a RT5 sites-available configuration file.

sudo vi  /etc/apache2/sites-available/rt5.conf

4.1 Populate the file you just created with the information below. (link to conf file or image)

https://hendgrow.com/gitp/RT5/rt5.conf
RT5_Apache2_conf_img

4.2 Edit the apache2.conf file and add the information below. (link to conf file or image)

sudo vi /etc/apache2/apache2.conf

https://hendgrow.com/gitp/RT5/RT5_apache2.conf_add.txt

4.2.1 Add the following

RT5_Apache2_1.png

4.3 Enable the RT5 site

sudo a2ensite rt5

4.3.1 Disable the default site

sudo a2dissite 000-default

4.3.2 Check the config

sudo apachectl configtest

4.3.3 Restart Apache

sudo systemctl restart apache2

4.4 Open your web browser and navigate to your servers ip or FQDN. For our demo server it is http://135.181.98.216. You should see the login page.

4.4.1 You should see the login page.

RT_login_page.png

NOTE: The default credentials for RT5 are:

User: root | Password: password

Your first step once logged in is to change the root password! It is a SECURITY risk!


This guide does not cover server / application hardening and security as it is a broad topic and not the aim of this guide. You should always harden your servers.

Some useful links:

Secure your MariaDB installation – https://mariadb.com/kb/en/mysql_secure_installation/

Apache2 Security Tips – https://httpd.apache.org/docs/2.4/misc/security_tips.html

Ubuntu Security and Server hardening – https://ubuntu.com/security


This guide stops here.

There still is allot to do like configuring an RT email gateway, task scheduler, full text search and general system security etc. That’s potentially for a future guide should there be demand.

youtube.com/HendGrow Subscribe if you found this valuable!

Web hosted POS & e-commerce solution

During this walk-through we will guide you on how to install a web based POS and ecommerce solution that can be used to sell your goods via your physical and online stores from the same backend. If you don’t have a WordPress base to start with follow the links below. (This was done as a response to a request by on of our subscribers)

How to install the WordPress base server: https://youtu.be/vvOES877BAM How to secure your WordPress Server: https://youtu.be/XocAaMKuQ_k