I finally got some free time and decided to use it for improving the security of my home network. The most effective measures for my environment would be any additional controls on the network level so that both the LAN and IOT networks could benefit from it. I recently setup a recursive nameserver using Unbound and have forced all DNS traffic to go through that. It’s nice because I get visibility on all DNS traffic which I monitor using Splunk. But now, it’s time to add some additional hardening to the DNS service using the publicly available blocklist from OISD. ...

Long story short, I need to be able to access my home machine(s) from the Internet. Unfortunately my ISP provides me with a dynamic IP address so I need to jump to another hoop to get where I want. Luckily there’s a lot of Dynamic DNS providers out there, for reason(s) I opted to use Duck DNS. So go over to Duck DNS and sign-in to create an account, claim your subdomain and grab the token. ...

Another quick note on my very simple (single-node) Kubernetes setup in my home lab. ...

OpenBSD does not provide many good options for shipping logs to a remote destination. Well known solutions like Fluentd, fluent-bit, Cribl, etc are just not (yet) available :( In this blog post I describe how I’m shipping Zeeks logs from my firewall using Rsyslog into my logging infrastructure which currently consists of Cribl and Splunk running on Linux VM’s. Enable JSON logging in Zeek The default TSV logging format of Zeek is fine when working with the logs locally with tools like cat, grep and zeek-cut. But when forwarding logs to a SIEM I prefer to use the JSON format. To make Zeek create logs in JSON you have to load the json-logs module in the site local configuration. ...

This post is just a quick note as I allways forget how to bump the hardcoded filesize limit in the awesome All-in-One-WP-Migration plugin for Wordpress. Since you’re reading this I guess the same applies to you ;). I’m using the Bitnami Wordpress image image in AWS Lightsail. So your paths will probably be different, use your brain.. ...

Sometimes you just need a quick solution for having a custom form in a Splunk dashboard. So this short blogpost will showcase how to create the HTML form and custom submit button using Javascript. ...

Sometimes you need to have multiple time widgets in a single Splunk dashboard, the scenario I encountered was for a global SOC operation. The solution provided here handles displaying local time using just a timezone parameter. As a bonus; it automatically handles daylight time savings too :-) ...

I needed to on-board the Linux system logs of all my homelab systems into Splunk. Apparantly I haven’t been paying attention… but only now I noticed that in EL8 (CentOS in my case) rsyslog is not even installed by default. So that prompted me to finally take a closer look into journald, this resulted in a very simple Splunk TA that can be deployed to any Splunk instance to ingest the journald logs. ...

If you’re a bit (nerdy and paranoid) like me, you probably are never really satisfied by using the ISP supplied modem/router device. My current ISP (Delta/Caiway) provides their fiber customers a Genexis device. This device is quite limited in (security) features, but most important of all it does not provide the option to be configured into L2 bridge! Having your ISP device in bridge would allow a customer to use a router device of choice without a nasty double NAT configuration. ...

Every now and then I want to re-install OpenBSD on my little APU2 system, this time I wanted to benefit from the recent FFS2 improvements which requires filesystems to be recreated. It seems I struggle with remembering some bits and pieces of this process as I get older ;). This blog post is here to document what stuff I need to get the OpenBSD installer going! Yes, that also means I’m not documenting the OpenBSD installer here. ...