Thursday, 29 December 2016

Install Security Onion 14.04 into VirtualBox

Had some issues getting the guest additions working, but the following fixed it for me.

1. Make sure everything is up to date:

  • sudo apt update
  • sudo apt upgrade
  • sudo apt dist-upgrade
  • sudo apt-get autoremove
  • sudo apt-get autoclean
2. Make sure the correct Xorg is installed:
  • sudo apt install xserver-xorg-core
3. Install the guest utils and DKMS from the repo:
  • sudo apt install virtualbox-guest-utils virtualbox-guest-x11 virtualbox-guest-dkms dkms
4. Reboot and cleanup:
  • sudo reboot
  • sudo apt-get autoremove
  • sudo apt-get autoclean

Tuesday, 27 December 2016

Snort\Barnyard2\Snorby running on x86 Ubuntu 14.04

I followed this basic guide:

Step 5.2 I had to adjust the line:
./configure --with-mysql --with-mysql-libraries=/usr/lib/x86_64-linux-gnu

To the following line as I am running an x86 install on this old server:
:~$ ./configure --with-mysql --with-mysql-libraries=/usr/lib/i386-linux-gnu

Step 7, I pulled the Upstart scripts from the following:

This was due to Ubuntu 14.04 running Upstart rather than Systemd.

Section 8.12 - As I was running Nginx rather than Apache2, I followed this:

This page to configure Passenger:

The contents of /etc/nginx/passenger.conf that worked for me was:
passenger_root /usr/local/lib/ruby/gems/2.3.0/gems/passenger-5.1.1;
passenger_ruby /usr/local/bin/ruby;

I still have an issue with the web page comlaning that the snorby worker isn't running, yet it is running from an upstart script.

I'll look at that another day!

Sunday, 20 November 2016

Windows Containers on Windows 10 Anniversary Edition

Quickstart guide on how to run Docker and Containers on Windows 10 anniversary edition.

Works nicely with the Windows Server 2016 Container videos from Microsoft Ignite here:

Couple of corrections I had to make:

1. Replace the Docker download URL with instead of v1.13.

2. The Docker CLI didn't work for me until I restarted PowerShell.

Windows Container on Windows 10:
'via Blog this'

Sunday, 23 October 2016

How to turn off preview globally for Evolution 3.22.1

I finally found a way to do this.

First, I installed dconf-editor:
sudo apt install dconf-editor

I then started this up and navigated to the following place:

I then scrolled down to the global-view-setting.

I set the Use default value to OFF, and then set the Custom value to True,

Once I turned off the preview for the Inbox, it was gone for all other message folders too:
View > Preview > Uncheck Show Message preview.

You can also use Ctrl+M to toggle this on and off.

Setting up NHS Mail 2 in Evolution v3.22.1

I've had a number of issues setting up NHS Mail 2 in Evolution and after having installed Ubuntu Gnome 16.10 this weekend I decided I'd have another go.

First of all, I had to add the Evolution EWS service which wasn't installed by default:
sudo apt install evolution-ews

Once that was installed, I was able to go through the account setup:
Edit > Preferences > Mail Accounts > Add

The auto discovery failed, but by manually setting the type to Evolution EWS I was able to get it working.

The magic URL that worked for me was:

Once that was set, I was able to get the OAB URL too by clicking on the Fetch URL button.

The critical step was to set NTLM as the authentication type rather than  Kerberos. The option to discover auth type kept saying that Kerberos was valid, but when I tried it I kept getting an SPEGNO error message saying authentication had failed.

You have to be careful not to store your NHS Mail 2 password in the security otherwise it will eventually lock your account. Still working out how to remove it tf you have done this as I can't find the password in seahorse (Passwords and Keys). If you do accidently store the password in your keyring, you can find and delete it by running seahorse from the terminal or Passwords and Keys from the GUI and search for Evolution Data Source.

I'm not entirely sure that NTLM on EWS is a good authentication method to use with NHS Mail 2 so I will be following this up with Accenture when I'm back at work - Not sure what kind of reception I will get to that though.

Anyone have any thoughts of the merits of NTLM vs Kerberos authentication in an Internet facing application such as EWS?

Sunday, 9 October 2016

Screen tearing with Intel HD 5500 on HP ZBook 15 G2 and Ubuntu 16.10 Beta 2

I've been suffering some screen tearing with the discrete Intel HD5500 on my HP ZBook 15 G2 laptop and Ubuntu 16.10 Beta 2.

Found various posts stating to create the file /usr/share/X11/xorg.conf.d/20-intel.conf containing the following information:

Section "Device"
Identifier  "Intel Graphics"
Driver      "Intel"
Option      "TearFree"    "true"

Note: When I created this files with tabs, it hung the X startup so probably best not to include any extra spaces or tab characters.

This video now plays fine. :)

Thanks to this post and this post.