battlewise
Suricata
battlewise | Suricata | |
---|---|---|
3 | 23 | |
1 | 4,121 | |
- | 4.1% | |
1.8 | 9.9 | |
about 2 years ago | 2 days ago | |
C | C | |
GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
battlewise
-
Below averge programmers
Develop a coding style - curly braces, parenthesis, function length/name, variable names/types, structures, macros. This is work at module level (.c). See for inspiration: https://github.com/dellfer/battlewise/blob/main/src/common/berrors.h
-
Why is my output a garbage while displaying the contents of an array?
// Read-able code is always easier to debug code. #include "berrors.h" // see https://github.com/dellfer/battlewise/blob/main/src/common/berrors.h #include #define MAX_ELEMENTS (10) static STATUS readInt(int *pRetInt) { STATUS status = OK; // scanf is not considered a safe function // good news - you only need to fix this one function to remedy if (1 != scanf("%d", pRetInt)) status = ERR_GEN_NOT_FOUND; return status; } static STATUS readPostiveInt(int *pRetInt) { STATUS status; if (OK > (status = readInt(pRetInt))) goto exit; if (0 > (*pRetInt)) status = ERR_GEN_NOT_FOUND; // we would want to add a more specific // error for this condition // maybe out of expected range exit: return status; } int main() { int elements[MAX_ELEMENTS]; int maxElements; int numElements; int index; int lowIndex; \\ a range (lowIndex, highIndex) int highIndex; STATUS status; printf("Enter the array size:"); if (OK > (status = readPostiveInt(&maxElements))) goto exit; if (maxElements > MAX_ELEMENTS) { status = ERR_GEN_BAD_LENGTH; goto exit; } /* read the entire an array of elements */ for (index = 0; index < maxElements; index++) if (OK > (status = readInt(&(elements[index])))) goto exit; // we read positive integers to ensure range is good // otherwise, we have a buffer underflow bug printf("Input Two Points:"); if (OK > (status = readPostiveInt(&lowIndex))) goto exit; if (OK > (status = readPostiveInt(&highIndex))) goto exit; // recall indices are zero-based in C (we need '>=') // we don't check if lowIndex is lower than highIndex if ((lowIndex >= maxElements) || (highIndex >= maxElements)) { printf("0"); goto exit; } for (numElements = 0; lowIndex <= highIndex; lowIndex++) { printf("%d, ", elements[lowIndex]); numElements++; } printf("Number Of Elements Are: %d\n", numElements); exit: if (OK > status) printf("main: error occurred. status = %d\n", status); return 0; }
-
C-Programming Tips (advance beginners and higher): Error code strategy plus source code
Declare error codes: https://github.com/dellfer/battlewise/blob/main/src/common/berrors.h
Suricata
- Aho-Corasick Algorithm
-
Suricata VS zeek - a user suggested alternative
2 projects | 2 Jan 2024
-
Who does check linux distros of malware - open source
Linux has (free) tools to improve security and detect/remove malware: Lynis,Chkrootkit,Rkhunter,ClamAV,Vuls,LMD,radare2,Yara,ntopng,maltrail,Snort,Suricata...
-
Risks of hosting a website out of my house
Monitoring & Active Measures - Exporting firewall events to an external time-series database like I describe above is good to see who is touching your firewall or accessing your web site. Using an Intrusion Detection System / Intrusion Prevention System (IDS/IPS) such as open-source Suricata, which is a free package on pfSense, and deploying file system integrity monitoring, such as the open-source Wazuh on the exposed server are also good approaches to protecting yourself.
-
SIEM or IDPS for Homelab on rPi 3b
You could try running Suricata
-
Detecting Hackers in the network
Check out https://suricata.io/
-
Where can I get hands on practice for cybersecurity as a beginner over internet for free?
Suricata: https://suricata.io/ IDS/IPS
-
Server Hardening
Active Measures - Includes (IDS/IPS) such as open-source Suricata or Snort on pfSense, and File Integrity Monitoring (FIM), such as the commercial Tripwire and dated, open-source Tripwire, or the open-source Wazuh installed on servers. These can be combined into a Security Information and Event Management (SIEM) system like the open-source solution, Security Onion. Wazuh itself has evolved into a SIEM.
-
Help with server build
Active measures may include an intrusion detection system / intrusion prevention systems (IDS/IPS) such as open-source Suricata on the firewall, and installing file system integrity monitoring, such as the open-source Wazuh on the exposed server. These are combined in one open-source solution, Security Onion
- Need Help - Network Monitor & Security
What are some alternatives?
CTFs - CTF Cheat Sheet + Writeups / Files for some of the Cyber CTFs that I've done
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Fail2Ban - Daemon to ban hosts that cause multiple authentication errors
crowdsec - CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
OSSEC - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
pfSense - Main repository for pfSense
maltrail - Malicious traffic detection system
Snort - Snort++
OSQuery - SQL powered operating system instrumentation, monitoring, and analytics.
arkime - Arkime is an open source, large scale, full packet capturing, indexing, and database system.
docker-zeek - Run zeek with zeekctl in docker
lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.