AG mzpqnxow

Logging EdgeRouter DNS queries from dnsmasq to syslog

This blog is the source of this info, there are a few others way to do it but this seems superior

Why?

Wouldn't you like to know what DNS requests are being made from your network? You ought to. Ideally, pipe it to logstash, do what you want with it (geolocation, etc.) and then send it to a datastore that Kibana can work with (ElasticSearch fits here, the good old "ELK Stack") ... you could also send it to greylog.

One thing that's nice to do is generate a report (daily) of "first time" DNS queries. This is especially useful in a "threat hunting" type scenario, though this guide isn't really aimed at enterprises ..

Installing the Oracle Java 9 JDK on Debian Stretch 9.6

There are many ways to do this. This way is mine. It is stolen in parts from various blogs and other guides on the Internet. It is accurate as of its post date (2018-12-08)

NOTE You should NOT use this to create an Ansible playbook- Ansible has native modules for things like update-alternatives and such, you'll want to use those instead of manually shelling out to update-alternatives

WARNING: The instructions below are a bit overengineered for the purpose of being somewhat flexible in the face of version changes or changes in naming conventions

NOTE These instructions should work fine for JDK 8, JDK 10, etc, so long as you set the path to the tarball correctly in the first step

Installing debian "stretch" mipsel on qemu

Download debian iso

http://cdimage.debian.org/cdimage/release/current/mipsel/iso-cd/debian-9.1.0-mipsel-netinst.iso

Download initrd & vmlinux

http://ftp.debian.org/debian/dists/stretch/main/installer-mipsel/current/images/malta/netboot/initrd.gz

	# functions for parsing and generating json
	# This is part of libubox and requires jshn, part of libubox
	# sudo apt-get install -y build-essential liblua5.1-0-dev
	# git clone https://github.com/yubo/libubox && cd libubox
	# mkdir build && cd build
	# cmake ../
	# make -j
	# sudo cp bin/jshn /usr/bin/jshn
	# source <this>
	# See https://openwrt.org/docs/guide-developer/jshn for examples / how to use

	# This software is released under the terms of GPLv2 by [email protected]
	# Please see LICENSE or LICENSE.md for more information on GPLv2

	# This is not for you if you are not using a musl-cross-make toolchain
	# This is a productivity script that should be sourced from a Bash shell
	#
	# It is meant to be used after making and installing a musl toolchain using
	# the excellent musl-cross-make tool by Rich Felker:
	#
	# https://github.com/richfelker/musl-cross-make

	def default_route(verbose=False):
	"""Get default route on Linux


	ATTENTION: There is a much simpler way to do this, using a dummy UDP "connection"
	and getpeername. Use that instead, it's much more portable.

	Hacky way to get the route from an interface, i.e. 'eth0' => '192.168.1.1'
	On machines that have a default route on another interface, this function
	should be used

	#!/bin/bash
	# This script assumes a regular user with sudo access
	SUDO=sudo
	# If this runs as root, use 'SUDO=' and comment the entry above
	# SUDO=
	for package in avahi-daemon avahi-autoipd libavahi-core7 libavahi-gobject0; do
	sudo apt-get purge $package # Get rid of it
	sudo apt-mark $package # Mark it so it never comes back again
	done

	APT {
	Acquire {
	AllowRedirect "false";
	};
	Never-MarkAuto-Sections
	{
	"avahi";
	};
	};

	from __future__ import absolute_import
	from __future__ import division
	from __future__ import print_function

	#!/bin/bash
	#
	# This assumes you are using "Chrome" from the official Google site via the .deb or .rpm
	# This may or may not work with your distributions "Chromium" or "Chrome" package!
	#
	# Run this script then restart Chrome, you will see it is no longer bound to UDP:5353
	#
	mkdir -p /etc/opt/chrome/policies/{managed,recommended} \|\| echo FAIL, ARE YOU ROOT
	chmod go-w /etc/opt/chrome/policies/managed \|\| echo FAIL, ARE YOU ROOT
	cat > /etc/opt/chrome/policies/managed/managed_policy.json << 'EOF'