[37] We replaced our HIDS solution with WAZUH and have not looked back.

January 16, 2021 by Hend Grow

Steps for installing WAZUH all in one instance. These are the steps we used including the steps for installing the agents on Linux, windows and macOS / OSX.

The back story for the guide is we used OSSEC for many years and our setup worked fine with sending the OSSEC events to a syslog server for additional reporting. We decided to move to WAZUH as it has a nice interface and reporting. Also the installation and management of the solution is straight forward and simple to use. We have subsequently convinced and started to migrate some of our clients to WAZUH with great results and positive feedback. We therefore decided to put this quick guide together to provide our clients and the community a quick reference to deploy their own standalone instance should they want to. The all in one install we deployed can support up to +/- 100 agents.

- - - - - START HERE - - - - - 
PDF version 

Min recommendations & specs we used (we have 20 agents in our environment) 
Ubuntu Server 20.06 
2x CPU
6 GB RAM
250 GB HDD
NIC

- - - - - 
ssh to your Ubuntu Server instance. 

ssh yourusername@yourserverip

Set root password

sudo passwd

Enter the new root password
Confirm the new root password

su 

Enter the password you just set. 
 
Install WAZUH

apt-get install libcap-ng-utils unzip 
curl -so ~/all-in-one-installation.sh https://raw.githubusercontent.com/wazuh/wazuh-documentation/4.0/resources/open-distro/unattended-installation/all-in-one-installation.sh && bash ~/all-in-one-installation.sh

Open your web browser and navigate to your servers ip

https://yourseversipaddress or FQDN
 
Adding agents

Note you need to substitute your server FQDN or IP address where we have yourserver

Linux (Ubuntu 20.04 Desktop)
Open the terminal and run the following commands

sudo apt-get install curl
sudo curl -so wazuh-agent.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.0.4-1_amd64.deb && sudo WAZUH_MANAGER='yourserver' dpkg -i ./wazuh-agent.deb

Start the agent

sudo service wazuh-agent start

Windows 
Open the powershell ISE as administrator and run the following command 

Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.4-1.msi -OutFile wazuh-agent.msi; ./wazuh-agent.msi /q WAZUH_MANAGER='yourserver' WAZUH_REGISTRATION_SERVER='yourserver'

Mac
Open the terminal and run the following command 

curl -so wazuh-agent.pkg https://packages.wazuh.com/4.x/macos/wazuh-agent-4.0.4-1.pkg && sudo launchctl setenv WAZUH_MANAGER 'yourserver' && sudo installer -pkg ./wazuh-agent.pkg -target /

Start the agent 
sudo /Library/Ossec/bin/ossec-control start

 - - - - - EnD - - - - -

[36] IPFire + Samba Config – Apple Time Machine Backup Capability for Network and VPN users.

January 5, 2021 by Hend Grow

The guide or steps used in this tutorial can be found in the YouTube description section of the video guide.

As requested by one of our subscribers. We put together this guide on : – How to attach then format an external USB disk. – Install the samba server role and create a network file share that supports Apple Time Machine backups on IPFire. This enables users on the network / VPN to use Apple Time Machine with the share on IPFire as the destination disk. Removing the reliance on USB drives for backups. This will be the last guide regarding Samba and Time Machine as we have covered it per subscriber requests in other guides also.

[35] Ubuntu Samba Server Install Guide with Apple Time Machine Support

January 3, 2021 by Hend Grow

The guide or steps used in this tutorial can be found in the YouTube description section of the video guide.

This guide was done as a response to a request by one of our YouTube subscribers to create a tutorial on how to install the samba server role that supports Apple Time Machine on Ubuntu server 20.04 LTS. The request came after they watched a similar tutorial we did based on openSUSE 15.2 Leap.

[33] CCTV and NVR Solution Installation Guide for Ubuntu 20.04 Linux!

December 30, 2020 by Hend Grow

In this guide we show you how to install a CCTV and NVR Solution on Ubuntu Linux! The software used is Shinobi. We have installed this at multiple client stores to monitor stock and general security.

Text Guide used in this tutorial: https://hendgrow.com/ugs/HendGrow_CCTV_Text_Guide.txt

For more information visit – https://shinobi.video/

Trademarks and related content are owned by their respective owners /companies.

Disclaimer – https://www.hendgrow.com/disclaimer/

FrontAccounting – How to guide for Ubuntu 20.04

December 28, 2020 by Hend Grow

In this guide we show you how to install FrontAccounting. An accounting package we use and have installed for many clients. It is a Web based Accounting system that is simple and powerful accounting system for the entire ERP chain. FrontAccounting is free and released under the GNU General Public License.

----------Guide Start----------

FrontAccounting - Install Guide

Apache & SQL Database server

sudo apt-get install apache2 apache2-utils php-mysql php7.4 php7.4-gd php7.4-curl php7.4-zip php7.4-xml php7.4-mbstring mariadb-server mariadb-client

SQL user and DB Preparation

sudo mysql -u root -p
CREATE DATABASE fadb;
CREATE USER 'fadbuser'@'localhost' IDENTIFIED BY 'yourpasswordhere';
GRANT ALL PRIVILEGES ON fadb.* TO 'fadbuser'@'localhost';
FLUSH PRIVILEGES;
QUIT

Secure DB

sudo mysql_secure_installation

Download the frontaccounting software

Open Browser and navigate to and download the file.  https://sourceforge.net/projects/frontaccounting/

Open Terminal change dir to Downloads and extract the file:

cd Downloads
sudo tar -zxvf frontaccounting-2.4.9.tar.gz

Create sub folder and move extract 

sudo mkdir /var/www/html/fa
sudo mv frontaccounting /var/www/html/fa


Set Permissions
sudo chown -R www-data:www-data /var/www/html/fa
sudo chmod -R 755 /var/www/html/fa


sudo systemctl enable apache2
sudo systemctl restart apache2

Open Web browser and navigate to http://localhost/fa/frontaccounting and follow the onscreen install instructions.
----------Guide End----------

The HendGrow Minecraft Experiment

December 26, 2020 by Hend Grow

The HendGrow Minecraft Experiment This is a quick tutorial on how to connect and play on our open Minecraft server. Keep in mind this is open Anarchy / Survival server. This means that anything goes in regards to playing on this server.

The Minecraft server will be available for the foreseeable future dependant on demand.

Minecraft: https://www.minecraft.net/en-us/store/minecraft-java-edition

Raspberry Pi with (OMV) openmediavault – How To-

December 13, 2020 by Hend Grow

(Including Apple Time Machine Support, Enabling Network Backups)

Walk-through of how to install a NAS based on (OMV) openmediavault on a Raspberry Pi. Best features for us is the ability to create a SMB share that has Apple Time Machine support. This enables us to backup all our Mac machines 🖥 / 💻 using time machine to the network. No more usb drives.

Walk Through Guide – https://hendgrow.com/ugs/RaspberryPi_OMV_WT.pdf

—INSTALL START—

Software:

Raspbian: https://www.raspberrypi.org/software/

Openmediavault: https://github.com/OpenMediaVault-Plugin-Developers

Commands:

$ sudo raspi-config

$ sudo apt-get update

$ sudo apt-get upgrade

$ wget https://github.com/OpenMediaVault-Plugin-Developers/installScript/raw/master/install

$ chmod +x install

$ sudo ./install

—INSTALL END–

How To Install NAS Using (OMV) openmediavault. (Apple Time Machine Support, Enables Network Backups)

December 6, 2020 by Hend Grow

Walk-through of how to install NAS based on (OMV) openmediavault. We use this as it is simple to get up and running and use. Best feature for us is the ability to create a SMB share that has Apple Time Machine support. This enables us to backup all our Mac machines 🖥 / 💻 using time machine to the network. No more usb drives.

URL for openmediavault download – https://www.openmediavault.org/download.html

OSSEC Open Source HIDS with Web user interface. (updated for Ubuntu 20.04 & OSSEC 3.6.0)

October 1, 2020 by Hend Grow

—Start Here—

Update the system.

Assuming you have an existing Ubuntu server setup.

sudo apt update && sudo apt upgrade

Install some base applications

sudo apt install -y php php-cli php-common libapache2-mod-php apache2-utils sendmail inotify-tools apache2 build-essential gcc make wget tar zlib1g-dev libpcre2-dev libpcre3-dev unzip libz-dev libssl-dev libpcre2-dev libevent-dev build-essential

Enable rewrite, Apache & Start Apache.

sudo systemctl enable apache2

sudo systemctl start apache2

sudo a2enmod rewrite

sudo systemctl restart apache2

OSSEC Server Install

wget https://github.com/ossec/ossec-hids/archive/3.6.0.tar.gz

sudo tar -xvzf 3.6.0.tar.gz

sudo /home/hgadmin/ossec-hids-3.6.0/install.sh

Note: Provide your preferred input as prompted. For the demo we opted for the below:

Image of the inputs we selected for the demo

Input your servers IP address or hostname (FQDN)

Installing the Web User Interface.

cd /tmp/

sudo git clone https://github.com/ossec/ossec-wui.git

sudo mv /tmp/ossec-wui /var/www/html

cd /var/www/html/ossec-wui

When prompted enter your chosen username and password. For the web server name enter www-data.

Set the permissions

sudo chown -R www-data:www-data /var/www/html/ossec-wui/

sudo chmod -R 755 /var/www/html/ossec-wui/

Restart Apache and launch Web User Interface

sudo systemctl restart apache2

Open a web browser and navigate to http://your-servers-ip/ossec-wui

Windows Agent Install

Download the OSSEC agent from – https://updates.atomicorp.com/channels/atomic/windows/ossec-agent-win32-3.6.0-12032.exe

Open the command prompt and ssh to your ossec server.

ssh hgadmin@192.168.68.123

Launch the OSSEC Agent Manager once connected to your server.

sudo /var/ossec/bin/manage_agents

Input option (A) to add a new agent. Input your windows machines name when prompted.

Input the windows machines IP when prompted and confirm adding with responding (y)

On the target Windows desktop. Launch the executable agent file you have downloaded as administrator. Should be in your downloads folder.

Open the OSSEC agent as administrator that you installed and enter the IP address of your OSSEC server.

Open the command prompt window that you used to ssh to the OSSEC server. Extract the Key by inputting option (e) and then the corresponding Agent ID for the windows machine in the OSSEC Agent Manager that should still be open.

Highlight and copy the key, update the OSSEC Agent. Save the updated info and start the OSSEC Agent.

Open your web browser and navigate to your OSSEC Servers IP and specific port if you set one.

—– Guide Ends Here —–

How to install QRadar CE 7.3.3. via the OVA file provided by IBM.

September 30, 2020 by Hend Grow

During this walk-through we will demonstrate how in download and install QRadar CE 7.3.3. via the OVA file provided by IBM. QRadar CE is a fully-featured free version of QRadar that includes a limited 50 events per second (EPS) & 5000 network flows a minute (FPS) perpetual license. It is the perfect solution to start learning QRadar or use it to monitor your home network.

*Q1 LABS, QRADAR and the ‘Q’ Logo are trademarks or registered trademarks of IBM Corp. Trademarks and related content are owned by their respective companies / owners.

—START—
QRadar 733 Steps

1. Download the OVA from – https://developer.ibm.com/qradar/ce/

2. Double click on the OVA file you just downloaded to kick of the import to VirtualBox.

3. Initial login. User = root. / Password = password

4. When prompted enter your chosen password and confirm for the password change.

5. Type in ./setup.sh to kick off the install.

6. Accept the terms by pressing Enter.

7. Enter password of your choice for the web interface.

8. Open a compatible web browser and input the IP of your QRadar CE Server, In our example – “https://192.168.68.141”

Urls used

https://developer.ibm.com/qradar/ce/

https://www.virtualbox.org/

—END—