Welcome to my website! I am Wali, a security engineer passionate about Open source security and DevOps— especially SIEM, XDR and cloud tools:D.
Updating Wazuh Manager Permissions After Failed Upgrade If your Wazuh manager upgrade fails due to permission issues, you may need to check the files permissions/ownership if they are still using the old ossec user/group. Permission Update Commands Run these commands to correct ownership: # Change ossec user/group to wazuh find /var/ossec -group ossec -user ossec -exec chown wazuh:wazuh {} \; # Change root-owned files to wazuh group find /var/ossec -group ossec -user root -exec chown root:wazuh {} \; Notes: These commands recursively update ownership in the Wazuh directory ...
Running PowerShell Commands on a Wodle in Wazuh By executing PowerShell commands through a Wazuh Wodle and formatting the results in JSON, you can streamline log processing without the need for custom decoders. This method simplifies integration—only the corresponding rules need to be defined to handle the structured output effectively. PowerShell Command Format The recommended format for PowerShell commands in a Wodle is: Powershell -c "@{ <header> = <command> } | ConvertTo-Json -compress" <command> is the PowerShell cmdlet or one-liner script that outputs an object ...
Docker commands I use regularly: 1. Complete Environment Cleanup docker-compose down --remove-orphans -v --rmi all --remove-orphans: Deletes containers for services not in compose file -v: Removes attached volumes --rmi all: Deletes all images used by services 2. Run Image with Interactive Shell docker run -it --entrypoint bash wazuh/wazuh-certs-generator:0.0.1 docker run -it --entrypoint bash ubuntu:focal -it: Interactive terminal --entrypoint bash: Overrides default to give shell access 3. Find Container IP Address docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps | grep -i dashboard | awk '{print $1}') docker ps | grep -i dashboard: Finds container with “dashboard” in name ...
I have been tinkering lately to build a home lab (K8s, Wazuh …) and wanted to turn my old laptop (Running Linux Mint 21) into a server. While going through that process I had issues with configuring RDP (The session immediately closed after connecting) also I needed to be able to close the laptop’s lid while keeping it running. For the first issue, I was able to solve it by running the following and then reboot: ...
For no specific reason I can tell my bluetooth keyboard SUBBLIM dropped the connection on my linux mint 21 machine. Bluetooth logs shows: bluetoothd[1109]: profiles/input/hog-lib.c:report_reference_cb() Read Report Reference descriptor failed: Request attribute has encountered an unlikely error bluetoothd[1109]: profiles/input/hog-lib.c:info_read_cb() HID Information read failed: Request attribute has encountered an unlikely error I procedded to solve it as follows: Install sudo apt-get install blueman load module modprobe btusb Removed the bluetooth device from the UI or you can use the command bluetoothctl remove 54:46:6E:2F:15:5B ...
I have had situations where I needed to check the connectivity using telnet but the server did not have it installed nor the possiblity to do so. I’ve found that it can be achieved using only curl: curl -vv telnet://serverIP:port This will use the telnet portocol instead of the known http(s). curl support about 28 protocols that you can find here: https://everything.curl.dev/protocols/curl.html