Install/Update OSSIM/OSSEC agent (AlmaLinux 8.6 or CentOS)

This is an update to the previous CentOS installation of OSSEC 3.6 ( here https://cheesefather.com/2020/06/install-ossim-ossec-agent-centos-7/), updating it to 3.7. You need one more library installed before OSSEC can update: dnf -y install systemd-develwget https://github.com/ossec/ossec-hids/archive/3.7.0.tar.gztar xzf 3.7.0.tar.gzcd ossec-hids-3.7.0/./install.sh Or to install from scratch, just change the first command and add the… Continue reading

VPS Benchmarks: Amazon EC2 and Lightsail, Azure, DigitalOcean, Google, Hostworld, Linode, OVH, UpCloud, VPSServer, VPS.net, Vultr

I recently needed to have a look at moving some services to a different VPS provider for redundancy so I decided to benchmark my options to compare them. The plan selected was whichever had 16GB of RAM (though Google is 15GB). The selected datacenter was always London (Azure only says… Continue reading

Install OSSIM/OSSEC agent (CentOS 7)

I couldn’t find proper instructions on doing this anywhere so here are mine: In your OSSIM portal go to Environment -> Assets & Groups -> Add Assets and enter the name/IP of the asset you want to add. On the agent run: yum -y install libevent-devel pcre2-devel openssl-develwget https://github.com/ossec/ossec-hids/archive/3.6.0.tar.gztar xzf… Continue reading

Fix nss-softokn rpm/yum issue in CentOS 6

The recent update to nss-softokn breaks rpm/yum updates in CentOS 6. To restore functionality run these commands: For 64-bit: # wget http://mirror.centos.org/centos/6/updates/x86_64/Packages/nss-softokn-freebl-3.14.3-19.el6_6.x86_64.rpm # rpm2cpio nss-softokn-freebl-3.14.3-19.el6_6.x86_64.rpm | cpio -idmv # cd lib64 # cp libfreeblpriv3.* /lib64 # yum update For 32-bit: # wget http://mirror.centos.org/centos/6/updates/i386/Packages/nss-softokn-freebl-3.14.3-19.el6_6.i686.rpm # rpm2cpio nss-softokn-freebl-3.14.3-19.el6_6.i686.rpm | cpio -idmv #… Continue reading

Dovecot brute-force blocking with fail2ban

If you are getting any brute force attacks to your dovecot imap/pop3 server, install fail2ban to block the offenders. This works on CentOs 5.7. For other distributions, see the relevant websites. Firstly, install fail2ban. You should have the rpmforge repo from my previous post. Enable it first to install fail2ban:… Continue reading