Monday, September 26, 2022

Handling FirewallD logs with Rsyslog

Lately I'm working on a project for work that's involving standing up Syslog servers for various sources such as Cisco FTD's, WLC's and other Linux servers. We have standardized on FirewallD and Ubuntu (cue the lols) I know, I know.. an uncommon pairing. But it works fine and while I'll admit not quite as easy to manage as UFW it's pretty solid.

Anyway, one problem I've had with FirewallD is how to handle it's own logging functions. By default it's conf file only supports the enabling or disabling of logging denied packets. Everything else seems to be split between kern.log and syslog however it seems the facility on all of them is 'kernel'. I want all of it to be sent to a specific log file, in this case /var/log/firewalld.log. 

Today I finally figured out how:


if ($programname == 'kernel') and ($msg contains "FwD ") then { Action (type="omfile" file="/var/log/firewalld") stop }


Message contains "FwD" is included because everyone one of my rich rules in FirewallD has a 'log prefix' of "FwD" then usually I tag on a bit extra like "SSH In", or "SNMP In" so my logs are easier to read.



Friday, May 6, 2022

Setting system DNS servers using Ansible

 So I've got a project at work that's allowing me to use more Ansible.. and I love it!  Anyway we've been using Cisco's Umbrella appliances for safe DNS services but now they are going away. So.. what to do about all the servers currently using those servers in a static fashion?

So in this situation Windows was actually a bit easier. We have three main sites and a few smaller locations that do not contain their own DNS servers. So this play associates the smaller sites subnets with the nearest main site. So after much assistance from #ansible on Libera.Chat here is what I have:


---
- name: Replacing Umbrella DNS on Windows
hosts: "{{ targets }}"
become: yes
become_method: runas
tasks:

- name: Edit Site1 DNS Settings on all network interfaces
win_dns_client:
adapter_names: '*'
ipv4_addresses:
- 10.10.16.11
- 10.10.16.12
log_path: C:\dns_log.txt
when: "(ansible_ip_addresses | ipaddr('10.10.0.0/16') | list)
or (ansible_ip_addresses | ipaddr('10.25.0.0/16') | list)"

- name: Edit Site2 DNS Settings on all network interfaces
win_dns_client:
adapter_names: '*'
ipv4_addresses:
- 10.11.16.11
- 10.11.16.12
log_path: C:\dns_log.txt
when: "(ansible_ip_addresses | ipaddr('10.11.0.0/16') | list)
or (ansible_ip_addresses | ipaddr('10.30.0.0/16') | list)
or (ansible_ip_addresses | ipaddr('10.20.0.0/16') | list)
or (ansible_ip_addresses | ipaddr('10.18.0.0/16') | list)"

- name: Edit Site3 DNS Settings on all network interfaces
win_dns_client:
adapter_names: '*'
ipv4_addresses:
- 10.13.16.11
- 10.13.16.12
log_path: C:\dns_log.txt
when: "(ansible_ip_addresses | ipaddr('10.13.0.0/16') | list)
or (ansible_ip_addresses | ipaddr('10.22.0.0/16') | list)
or (ansible_ip_addresses | ipaddr('10.21.0.0/16') | list)
or (ansible_ip_addresses | ipaddr('10.44.0.0/16') | list)"

Next post I'll make is handling Linux.  thanks!

Thursday, February 11, 2021

MacOS Big Sur, Unable to expand disk (Signed Snapshot??)

 So it's been a while. Got a new job... enjoying the work from home life finally. 


Anyway this post isn't about that, it's about MacOS, Big Sur and alleged changes to the boot volume/container.  So at work now part of my teams job is to support the virtual platform used my all other employees. Yeah, the odd emplyee who needs a vmg uest for <insert reason> can login to an internal portal and spin one up; Windows, Linux, MacOS.  Anything is game.


Anyway so I have this ticket to assist a user with expanding the primary volume on this MacOS 11.0 guest. So I tried the Disk Utility.app first.. gave me an error about not having enough MAP space. To resolve that I ran a sudo diskutil repairdisk disk0 which completed successfully.  Followed up with a sudo diskutil resizeDisk0 0 which also completed successfully. I thought this was the end.

Turned out to be not.. I'd seen mention of a resizeContainer so next I tried that. One done I checked the gui Disk Utility and only Disk0 showed the full new size. All other objects underneath did not. 

I've spoken with folks on ##apple and was told that this is a new Big Sur-specific change in that now MacOS boots up into what he called a 'signed snapshot'.  Super interesting right?  I can't find ANY documentation on this.


I really, REALLY hope someone out there has something on this.. can confirm. Please comment if so.

Thanks

Friday, June 26, 2020

Netlify + Namecheap + ImprovMX = New Website

So with my recent splurge into development I realized that eventually I'd need a domain with a real looking website. The formatting options here on Blogspot suck horribly, I can't even use this place to host my resume without it looking like a 12 year old Dutch girl composed it.

So I will be making the move slowly to BenHart.Dev

I do have to say... the Reddit suggestions from r/webdev to use Netlify were spot on! I mean there was a tiny DNS record issue on the backend but one forum post is all it took to resolve it.  They even support deploying straight from github/bitbucket/etc which really excites me.

Plus setting up a free ImprovMX account allows me to forward mail sent to ben at benhart.dev to my personal Gmail account!

And going with Namecheap for the domain.. their Beast Mode name search really helped me narrow down the domain name I wanted.

I'm super excited!

Wednesday, June 24, 2020

Udemy: Django + Python: Complete Bundle

Up and onward into my development learnings is this course from Udemy. Now I readily admit.. this was a spur of the moment choice due to a 90% sale ending very soon.. I did not research it well enough.
The lecturer is obviously a super smart guy and very skilled in the ways of the Python (we haven't reached Django yet).  But being an English as a second language guy, sometimes his ideals aren't explained in familiar ways.

So you might wonder why I chose Django. I was wanting two things: more intermediate Python, and a framework to step into.

From what I can tells the primaries are Django and Flask.. the later's been described to me as a good enough framework but does not contain all the things you;d expect to find.  More of a DIY choice. Whereas Django has a ton of stuff built-in like auth, html, etc.

And honestly there's not a ton of choices I could come across that deal with those two packages primarily.  I started this this past weekend, I've been able to skip through some of the beginning level Python stuff but we're now approaching the meat of the course. I'll re-post back with my thoughts.