Configuring Iptables/UFW and Auditd with Ansible

IppSec · Beginner ·🖊️ Copywriting & Content Strategy ·2y ago
00:00 - Introduction why you should setup logging 01:50 - Start of configuring UFW, enabling UFW and setting the policy to accept all 04:00 - Showing how to insert IPTABLES Rules into UFW's Config 05:10 - Using the LineInFile Ansible Module to add our IPTABLES Line to Log SYN Packets on the INPUT Chain 05:50 - The IPTABLES Rule that logs all SYN Packets on INPUT 08:20 - Finding out rsyslog is disabled, enabling it 10:20 - Showing that we are now logging when boxes initiates a connection to us 12:20 - Moving our UFW Logging into our main playbook as a role 13:40 - Start of talking about AuditD 14:30 - Start of configuring the Playbook to install/configure AuditD 15:40 - Downloading auditd.rules from Florian Roth's github 21:30 - Showing ausearch that allows us to search through Audit Logs 22:40 - Installing Laurel to make auditd logs a bit easier for us to read 23:50 - Creating the _laurel user and needed directories 27:00 - Downloading the Laurel Configuration Files 30:30 - Using get_file to download and install the laurel binary 37:00 - Laurel did not work, troubleshooting the error. Laurel may not have been able to read the config but our read-users config was also bad 40:50 - Showing Laurel working, we now have auditd logs in JSON Format 43:50 - Cleaning up our playbook a little bit with loops and copying it to our main playbook as a role 50:30 - Testing the playbook on a fresh install of parrot
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →
1 HHC2016 - Analytics
HHC2016 - Analytics
IppSec
 2 HackTheBox - October
HackTheBox - October
IppSec
 3 HackTheBox - Arctic
HackTheBox - Arctic
IppSec
 4 HackTheBox - Brainfuck
HackTheBox - Brainfuck
IppSec
 5 HackTheBox - Bank
HackTheBox - Bank
IppSec
 6 HackTheBox - Joker
HackTheBox - Joker
IppSec
 7 HackTheBox - Lazy
HackTheBox - Lazy
IppSec
 8 Camp CTF 2015 - Bitterman
Camp CTF 2015 - Bitterman
IppSec
 9 HackTheBox - Devel
HackTheBox - Devel
IppSec
 10 Reversing Malicious Office Document (Macro) Emotet(?)
Reversing Malicious Office Document (Macro) Emotet(?)
IppSec
 11 HackTheBox - Granny and Grandpa
HackTheBox - Granny and Grandpa
IppSec
 12 HackTheBox - Pivoting Update: Granny and Grandpa
HackTheBox - Pivoting Update: Granny and Grandpa
IppSec
 13 HackTheBox - Optimum
HackTheBox - Optimum
IppSec
 14 HackTheBox - Charon
HackTheBox - Charon
IppSec
 15 HackTheBox - Sneaky
HackTheBox - Sneaky
IppSec
 16 HackTheBox - Holiday
HackTheBox - Holiday
IppSec
 17 HackTheBox - Europa
HackTheBox - Europa
IppSec
 18 Introduction to tmux
Introduction to tmux
IppSec
 19 HackTheBox - Blocky
HackTheBox - Blocky
IppSec
 20 HackTheBox - Nineveh
HackTheBox - Nineveh
IppSec
 21 HackTheBox - Jail
HackTheBox - Jail
IppSec
 22 HackTheBox - Blue
HackTheBox - Blue
IppSec
 23 HackTheBox - Calamity
HackTheBox - Calamity
IppSec
 24 HackTheBox - Shrek
HackTheBox - Shrek
IppSec
 25 HackTheBox - Mirai
HackTheBox - Mirai
IppSec
 26 HackTheBox - Shocker
HackTheBox - Shocker
IppSec
 27 HackTheBox - Mantis
HackTheBox - Mantis
IppSec
 28 HackTheBox - Node
HackTheBox - Node
IppSec
 29 HackTheBox - Kotarak
HackTheBox - Kotarak
IppSec
 30 HackTheBox - Enterprise
HackTheBox - Enterprise
IppSec
 31 HackTheBox - Sense
HackTheBox - Sense
IppSec
 32 HackTheBox - Minion
HackTheBox - Minion
IppSec
 33 VulnHub - Sokar
VulnHub - Sokar
IppSec
 34 VulnHub - Pinkys Palace v2
VulnHub - Pinkys Palace v2
IppSec
 35 HackTheBox - Inception
HackTheBox - Inception
IppSec
 36 Vulnhub - Trollcave 1.2
Vulnhub - Trollcave 1.2
IppSec
 37 HackTheBox - Ariekei
HackTheBox - Ariekei
IppSec
 38 HackTheBox - Flux Capacitor
HackTheBox - Flux Capacitor
IppSec
 39 HackTheBox - Jeeves
HackTheBox - Jeeves
IppSec
 40 HackTheBox - Tally
HackTheBox - Tally
IppSec
 41 HackTheBox - CrimeStoppers
HackTheBox - CrimeStoppers
IppSec
 42 HackTheBox - Fulcrum
HackTheBox - Fulcrum
IppSec
 43 HackTheBox - Chatterbox
HackTheBox - Chatterbox
IppSec
 44 HackTheBox - Falafel
HackTheBox - Falafel
IppSec
 45 How To Create Empire Modules
How To Create Empire Modules
IppSec
 46 HackTheBox - Nightmare
HackTheBox - Nightmare
IppSec
 47 HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions
HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions
IppSec
 48 HackTheBox - Bart
HackTheBox - Bart
IppSec
 49 HackTheBox - Aragog
HackTheBox - Aragog
IppSec
 50 HackTheBox - Valentine
HackTheBox - Valentine
IppSec
 51 HackTheBox - Silo
HackTheBox - Silo
IppSec
 52 HackTheBox - Rabbit
HackTheBox - Rabbit
IppSec
 53 HackTheBox - Celestial
HackTheBox - Celestial
IppSec
 54 HackTheBox - Stratosphere
HackTheBox - Stratosphere
IppSec
 55 HackTheBox - Poison
HackTheBox - Poison
IppSec
 56 HackTheBox - Canape
HackTheBox - Canape
IppSec
 57 HackTheBox - Olympus
HackTheBox - Olympus
IppSec
 58 HackTheBox - Sunday
HackTheBox - Sunday
IppSec
 59 HackTheBox - Fighter
HackTheBox - Fighter
IppSec
 60 HackTheBox - Bounty
HackTheBox - Bounty
IppSec

Related AI Lessons

Wie oft sollte man einen Text vor Abgabe prüfen?
Learn how to effectively review and edit your writing to ensure clarity and accuracy, and why multiple checks are crucial before submission
Dev.to AI
How to Keep Humanity in the Writing of a Technical World
Learn to maintain humanity in technical writing by focusing on storytelling, empathy, and clarity, making your content more relatable and engaging to readers.
Medium · Machine Learning
How copywriters attract leads right now: Proven 10x plays (not 2x tactics)
Copywriters use 10x plays to attract leads without free work or cold spam
Copyhackers
The authority book move that separates you from every copywriter with a ChatGPT account
Creating an authority book showcases copywriting expertise that AI can't replace
Copyhackers

Chapters (20)

Introduction why you should setup logging
1:50 Start of configuring UFW, enabling UFW and setting the policy to accept all
4:00 Showing how to insert IPTABLES Rules into UFW's Config
5:10 Using the LineInFile Ansible Module to add our IPTABLES Line to Log SYN Packet
5:50 The IPTABLES Rule that logs all SYN Packets on INPUT
8:20 Finding out rsyslog is disabled, enabling it
10:20 Showing that we are now logging when boxes initiates a connection to us
12:20 Moving our UFW Logging into our main playbook as a role
13:40 Start of talking about AuditD
14:30 Start of configuring the Playbook to install/configure AuditD
15:40 Downloading auditd.rules from Florian Roth's github
21:30 Showing ausearch that allows us to search through Audit Logs
22:40 Installing Laurel to make auditd logs a bit easier for us to read
23:50 Creating the _laurel user and needed directories
27:00 Downloading the Laurel Configuration Files
30:30 Using get_file to download and install the laurel binary
37:00 Laurel did not work, troubleshooting the error. Laurel may not have been able
40:50 Showing Laurel working, we now have auditd logs in JSON Format
43:50 Cleaning up our playbook a little bit with loops and copying it to our main pl
50:30 Testing the playbook on a fresh install of parrot
Up next
Jeff Kinney | Diary of a Wimpy Kid: Partypooper | Talks at Google
Talks at Google
Watch →