Welcome back! Today, I’ll be discussing one of my favorite homelab projects: Graylog.

Graylog is a free for personal use syslog aggregator. What does that mean? Well, we’ll start with syslogs. Syslogs are system log messages that various operating systems use to document what is happening with the system. This includes Linux syslog (/var/log/syslog) and Windows Event Logs for both server and home editions of Windows. These come in handy when troubleshooting issues or when you need to check specific time frames to see what a system was doing. But, this requires going into each system individually to read these; If there’s an issue affecting multiple systems, you’ll need to check out each system and correlate time frames to troubleshoot. Enter Graylog.

Graylog allows us a way to receive all syslogs from across a single or multiple networks. In the case of my homelab I run about 25 virtual machines of Windows and Linux varieties. Trying to nail down an issue across multiple servers can be a bit of a pain, but with Graylog I can see everything in one spot. But that’s just scratching the surface.

One of the most powerful functions of Graylog is the ability to set rules depending on messages it receives from your systems. Want to look out for DCHP releases to see if anything is talking on the network that shouldn’t be? Set up a rule for DHCP renewals to email you when something requests one. Want to know if someone escalates to Admin in Windows? Build a system event log to do just that. It’s incredible, really, that this software is free.

I’m currently running Graylog Enterprise as my daily intake of messages is well below the 2GB/Day maximum even with ~25 systems sending logs and doing routine maintenance across the systems (which can sometimes cause quite a lot of messages if it’s been a while before doing updates). The dashboard I run is a saved search for the past 12 hours and you can have it automatically refresh to keep an eye on it (I’m a huge sucker for dashboards):

Keeping this up also allows me to see if there’s anything sending a larger than normal amount of messages. I had a situation one time where my DNS server (PiHole) was being bombarded by a smart home device and I was able to see this from the dashboard and reboot the device to fix the issue.

So yeah, I dig it. Graylog is super neat, the searches are extremely fast even for large amounts of data and deploying it on Ubuntu only takes an afternoon’s worth of work for someone with limited Linux knowledge. It’s also neat that they allow some Enterprise features for the free version if you’re under a set limit of messages per day, allowing me to test this further on my Homelab before potentially using this for a real production environment. Overall: 9/10, would install and use again.

Thanks for reading! I hope you enjoyed my post and keep checking back for more information and projects. Cheers!

Been a while since I posted! I recently began an upgrade project for my Linux virtual machines which ranged from 14.04 to 17.04. The goal was to get everything on 22.04LTS. One of the issues I ran into (3 times so far) is with Apache not working:

apache2: Syntax error on line 146 of /etc/apache2/apache2.conf: Syntax error on line 3 of /etc/apache2/mods-enabled/php7.4.load: Cannot load /usr/lib/apache2/modules/libphp7.4.so

After some google searching, I came across the below fix which hopefully helps others too:

#Disable old php 7.4
sudo a2dismod php7.4

#Enable php 8.1 
sudo a2enmod php8.1

#Bounce Apache
systemctl restart apache2

This has worked on three systems so far all moving from 20.04 LTS to 22.04 LTS. Hopefully someone else finds this helpful!

There’s two types of people: Those who have backups, and those who will lose data. Several years ago I had a raid card failure on a RAID 5 array (three disks) that lost about 5~ TB of data. Of this, about 1.5 was completely irreplaceable data, things as far back as high school projects. After this, I went into backup mode and always had redundant copies both locally and online (cloud based). At this point I’ve made a pretty solid system for handling this across multiple systems. Lemme walk you through it.

The idea was this: How can I make this easy and simple enough (once configured) that I won’t ever forget to make sure my items are backed up. So here’s how I went about this: Backblaze and a Windows 10 as a share drive.

Backblaze home is a cheap 6 bucks a month for UNLIMITED backups. You can’t beat this cost. I went and built a Windows 10 Pro virtual machine on my ESXI host with the below specs:

• 6 vCPU cores
• 8GB RAM
• 2TB disk space

Now, this may seem a bit overkill but with a large amount of backups, the VM may use a significant amount of RAM and CPU resources to compress and transmit the data. I then took a folder (in this case just on my desktop for ease of use when RDP’d into the system) and set it as a network share for only my user account.

Here’s the trick: Now that this is a shared folder, I can mount it as a network drive on ANY computer on my network. This allows multiple PCs to backup to one account. Neat, eh? Going from this approach, I also set up a couple BAT (Windows Batch script) files to backup my cloud accounts (Dropbox, Nextcloud, Google Drive) to this NAS as well on a daily Task Schedule set to run every night on my desktop. This allows me to have all my files I send to this server updated to the cloud and have redundant copies of any of the important files off my local PCs.

I went a step further from this and also added a BAT script onto the backups system to send to my local unRAID server for a redundant copy of data, and also perform weekly syncs to a normally disconnect external hard drive. The reason for this being disconnected is for a worst case scenario: Cryptoware or entire deletion of my files which is then synced online and to unraid. Having the disconnected external will allow most of my files to be recovered.

Hopefully this encourages others to tinker with this. Backups are important and you may not realize what you’ll lose until suddenly they’re gone; Backups of your video games from early 2000’s that are no longer hosted for instance and all data is now gone. Cheers and happy home labbing.

 

Launch new application. It should sync in a couple seconds.

 

Click “File” > “Receiving Addresses”.

 

In the new windows, click “New” and enter a label of your choosing (this doesn’t matter, I just use localhost).

 

Hit OK and send this to me so I can sync these between everyone.

 

 

 

Click on “File” > “Sending Addresses” to pull this up

 

 

Stay home, be safe, use this time to learn how to network and video conference and be sure to check in with loved ones frequently. It’s going to be a wild couple of months. Do your part to help.

Welcome to 2020. This year, we have BSIDESROC coming up in late March and, with a few of us hoping to compete and learn, I’ve adjusted my hacking kit and tools a little for this.

First things first, the rig: a Dell Precision M4800. This monster is perfect for VMs, compiling code (Arduino much?), and just a general work horse for travel. The machine is a Quad-core i7 (4C/8T) with 16GB of RAM and a 1TB SSD. I have two VMs specifically for this: One with Kali (latest rolling release) and ParrotOS which has grown on me quite a lot with its attractive GUI and driver support, especially with the Alfa chipsets.

For the kit: I’m using a SwissGear low key airport backpack that allows scanning without removing the laptop. It’s flat black, no obvious markers or anything that stands out; Grey man approach is key in any place as a hacker/pentester. I’m using an Alfa AWUS036NH 2W Wifi adapter for the packet injection and long range Wifi testing and monitoring. This has proven again and again to offer exceptional range with 2.4GHz bands and has been a go-to now for a while. I also bring an Alfa AC1900 WiFi Adapter as a backup if needed, but with the quad antenna layout, it tends to be far from discreet when using in public. Also in the pack are multiple flash drives, small screwdriver set and my Raspberry Pi loadout.

The Raspberry Pi’s are going to be a new thing this year. One, a PiratePi, is specifically set up for people to tinker, upload files onto and just general sh*tpost on and mess with. This unit is running another Alfa AWUS036NH for a massive upgrade in range; In testing, I could walk several houses away and still connect without issues. I also have something I stumbled on fairly recently: A “pwnagotchi” Pi Zero W unit that collects data on local networks with an AI driven system. This AI self learns and adjusts to local networks and is just a wonder to monitor and watch as it works. Both of these with a battery bank will be running on a Grid-It organizer, here:

Once I swap the case for the Pi Zero for one with a proper heatsink, this will easily fit in my pack and can run for over 30 hours at a time.

I absolutely cannot wait for this year and will hopefully be able to compete with the CTF tournament as well. Hopefully more information and photos coming in the future. Thanks for reading!