Sunday 17 November 2013

Network Management System - Part 2

SSH already running.  Just need to setup X11VNC through the SSH tunnel.

sudo apt-get install x11vnc

Setup a password:

sudo x11vnc -storepasswd /etc/x11vnc.pass
sudo chmod 600 /etc/x11vnc.pass

sudo x11vnc -xkb -noxrecord -noxfixes -noxdamage -display :0 -auth /var/run/lightdm/root/:0 -rfbport 5901 -rfbauth /etc/x11vnc.pass -localhost

(put this in a script eg.

Then to change resolution (modified from - needs to be done from terminal in vnc session:

sudo gtf 1920 1200 60 -x
sudo xrandr --newmode "1920x1200_60.00"  193.16  1920 2048 2256 2592  1200 1201 1204 1242  -HSync +Vsync
sudo xrandr --addmode VGA-0 1920x1200_60.00
sudo xrandr --output VGA-0 --mode 1920x1200_60.00

again add to a script (eg.

note that if you're on the box not vnc - then use:

xrandr -s 1920x1200_60.00

Change desktop if required

Settings/Settings Manager/Desktop

Change SSH port

sudo nano /etc/ssh/sshd_config

#change the port

#check firewall settings
sudo ufw status verbose

#change firewall settings - open new port
sudo ufw allow <insert new port>/tcp

#restart openssh
service ssh restart

#after reconnecting with ssh client on new port change firewall to close port 22
sudo ufw delete allow 22/tcp

#recheck firewall settings
sudo ufw status verbose

then check

netstat -an | grep "LISTEN "

that will do for now - next part we will begin by installing bandwidthd

Friday 8 November 2013

Network Management System - Part 1

The aim of this system is to use open source software to build a low-cost system for managing and security monitoring of a small to medium sized remote network.

Services specifically required (list will be updated as we go along):

  • Secure remote access onto network (SSH)
  • Centralised logging (syslog)
  • Equipment monitoring and alerting (nagios or similar)
  • Bandwidth monitoring (bandwidthd, etc)
  • Alert for outbound malware c&c

I've played with security onion in the past and it does a lot of the above out-of-the-box.  I would have liked to run that as one of a number of guests on an esxi host but the hardware isn't up to it.  I'm currently running all this on an old xpc shuttle with 2 GB of RAM a 250 GB HDD and a second NIC card (you need 2 ports - one for management and one for the network capturing).

So first of all go download security onion (SO) and get it installed. Its straightforward: Here's the official guide.

It includes the following script to update which we'll need again:

sudo soup

Security Onion Setup is now complete!

 Setup log can be found here:

 You may view IDS alerts using Sguil, Squert, Snorby, or ELSA (if enabled).

 Bro logs can be found in ELSA (if enabled) and the following location:

Rules downloaded by Pulledpork are stored in:

 Local rules can be added to:

 You can have PulledPork modify the downloaded rules
 by modifying the files in:

 Rules will be updated every day at 7:01 AM UTC.
 You can manually update them by running:

 Sensors can be tuned by modifying the files in:

Once thats finished run the following to make sure everything is up to date:

sudo apt-get update && sudo apt-get dist-upgrade

Then make sure all the SO services are running ok:

sudo service nsm status

Thats all for part 1.  Next post will be setting up SSH, remote desktop and adding some of the other services.