updates

Author: ddpbsd

_sources/elk/agent/index.rst.txt

@@ -10,4 +10,5 @@ Contents:
 
    agent
    discover
+   integrations/index
 

_sources/elk/agent/integrations/alienvault-otx.rst.txt

@@ -0,0 +1,9 @@
+==============
+alienvault otx
+==============
+
+Indicators go into `logs-ti_otx.pulses_subscribed-*` via a CEL input.
+There is some processing done with ingest pipelines.
+A transform gets the `active` IoCs and puts them in `logs-ti_otx.pulses_subscribed-*`.
+
+

_sources/elk/agent/integrations/index.rst.txt

@@ -0,0 +1,12 @@
+
+============
+integrations
+============
+
+Contents:
+
+.. toctree::
+   :maxdepth: 1
+
+   alienvault-otx
+

_sources/operating_systems/linux/auth/sssd.rst.txt

@@ -0,0 +1,10 @@
+====
+sssd
+====
+
+The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Offline]
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+When the system was added to AD or whatever it used a server that is no longer present.
+Either add or update the `ad_server` line in `/etc/sssd/sssd.conf` with a comma separated list of AD servers.
+

_sources/operating_systems/linux/index.rst.txt

@@ -10,6 +10,7 @@ Contents:
 
    apt
    auth/failure
+   auth/sssd
    boot
    commands
    deprecated

_sources/operating_systems/linux/systemd/journalctl.rst.txt

@@ -19,3 +19,12 @@ View the last 100 lines
 
    journalctl --no-pager -n 100 --unit=my.service
 
+since 5 minutes ago
+^^^^^^^^^^^^^^^^^^^
+
+The `ago` is very important for some reason. :|
+
+.. code-block:: console
+
+   journalctl -u --since "5 minutes ago"
+

_sources/ssl/cert_files.rst.txt

@@ -0,0 +1,51 @@
+=================
+certificate files
+=================
+
+rhel: add a certificate to trust store
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This may apply to rhel based distributions as well as rhel itself.
+
+.. code-block:: console
+
+   # cp cert-chain.crt /etc/pki/ca-trust/source/anchors/
+   # update-ca-trust
+
+debian: add a certificate to the trust store
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This applies to ubuntu and maybe other debian based distributions.
+
+Make sure the file has a `.crt` extension.
+It won't work with `.pem` for some reason.
+
+.. code-block:: console
+
+   # apt-get install -y ca-certificates
+   # cp CERT-FILE.pem /usr/local/share/ca-certificates
+   # update-ca-certificates
+
+
+pkcs #12: extract key and cert from keystore
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   openssl pkcs12 -info -in KEYSTORE.p12 -nodes
+
+pkcs #12: create a file
+^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   openssl pkcs12 -export -out KEYSTORE.p12 -inkey KEY.key -in CERT.pem -name ALIAS
+
+
+see a cert's fingerprint
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: console
+
+   openssl x509 -in FILE.pem -noout -fingerprint
+

_sources/ssl/checks.rst.txt

@@ -1,45 +1,51 @@
 ==============
-Look at certs!
+look at certs!
 ==============
 
-Check a private key
-^^^^^^^^^^^^^^^^^^^
+openssl: check a private key
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 .. code-block:: console
 
    openssl rsa -in privateKey.key -check
 
-Check a certificate 
-^^^^^^^^^^^^^^^^^^^
+openssl: check a certificate 
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This will print out the details.
 
 .. code-block:: console
 
    openssl x509 -in certificate.crt -text -noout
 
-Check the subject in a certificate
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+openssl: check the subject in a certificate
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Show just the `subject` of the certificate.
 
 .. code-block:: console
 
    openssl x509 -noout -subject -in certificate.crt
 
-Check expiration with keytool
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+keytool: check expiration
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+java yay
 
 .. code-block:: console
 
    keytool -list -v -keystore keystore.jks
 
-Check key file
-^^^^^^^^^^^^^^
+openssl: check key file
+^^^^^^^^^^^^^^^^^^^^^^^
 
 .. code-block:: console
 
    openssl rsa -in file.key -check
 
    
-Check modulus of both key and certificate
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+openssl: check modulus of both key and certificate
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 If these don't match, the key and cert don't belong together.
 
@@ -48,4 +54,3 @@ If these don't match, the key and cert don't belong together.
    openssl rsa -modulus -noout -in file.key | openssl md5
    openssl x509 -modulus -noout -in file.crt | openssl md5
 
-   

_sources/ssl/create_certificate.rst.txt

@@ -0,0 +1,92 @@
+======================
+creating a certificate
+======================
+
+create a key
+^^^^^^^^^^^^
+
+`2048` bit keys are probably good enough, but if you're paranoid `4096` is bigger.
+
+.. code-block:: console
+
+   openssl genrsa -aes256 -out key.key 2048
+
+create a certificate signing request (csr)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This uses the key from the previous step.
+
+.. code-block:: console
+
+   openssl req -new -sha256 -key key.key -out csr.csr
+
+
+create a csr with a custom configuration
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Prepopulate the `CONFIG.cnf` with whatever settings you want.
+Use the key from the `create a key` step above.
+
+.. code-block:: console
+
+   openssl req -new -sha256 -config CONFIG.cnf -key key.key -out csr.csr
+
+creating a key and csr in 1 step
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+I like doing this in 2 steps, but to each their own.
+
+.. code-block::console
+
+   openssl req -newkey rsa:2048 -nodes -keyout NEWKEY.key -config CONFIG.cnf -out NEWCSR.csr -new -sha256
+
+create a self-signed certificate
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Expirations are getting shorter and shorter, hopefully 1 year will be good enough for a while.
+
+.. code-block:: console
+
+   openssl req -x509 -sha256 -days 365 -key key.key -in csr.csr -out certificate.crt
+
+
+ca: sign the csr
+^^^^^^^^^^^^^^^^
+
+If you're silly and have your own certificate authority (ca), you can sign your own csr files.
+
+.. code-block:: console
+
+   openssl ca -batch -config intermediateCA-openssl.cnf -extensions server_cert -notext -in gitlab.csr -out gitlab.crt
+
+ca: update the db
+^^^^^^^^^^^^^^^^^
+
+This will expire certs in the db.
+
+.. code-block:: console
+
+   openssl ca -updatedb -config ./intermediateCA-openssl.cnf
+
+ca: format of the index.txt file
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+tab delimited
+
+1. Certificate status (V = valid, R = revoked, E = expired)
+2. Expiration date in YYMMDDHHMMSSZ format
+3. Cert revocation date
+4. serial number in hex
+5. filename or unknown
+6. Certificate distinguished name
+
+
+remove the passphrase form a key
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+You probably shouldn't do this, but you can.
+
+.. code-block:: console
+
+   openssl rsa -in [file1.key] -out [file2.key]
+

_sources/ssl/index.rst.txt

@@ -8,11 +8,9 @@ Contents:
 .. toctree::
    :maxdepth: 2
 
-   download_cert
-   certstore
-   create_self_signed_cert
-   test_for_ssl3
+   useful_commands
+   cert_files
+   create_certificate
    create_ca
    checks
-   ca_certs