OSQuery
Fail2Ban
Our great sponsors
OSQuery | Fail2Ban | |
---|---|---|
44 | 49 | |
21,338 | 10,423 | |
0.7% | 4.6% | |
8.8 | 8.8 | |
3 days ago | 3 days ago | |
C++ | Python | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
OSQuery
-
Ask HN: SQLite in Production?
Perhaps the OP means OsQuery: https://github.com/osquery/osquery
OsQuery is an SQLite extension consisting of hundreds of virtual tables
-
Osquery: An sqlite3 virtual table exposing operating system data to SQL
There's at least one open data quality issue for `process_open_sockets` on macOS[1]. It's a few years old however and, if you aren't seeing that casting error, you probably aren't hitting it. But that's a good example of the kind of debt that's been built up over time.
(In terms of general purpose/flexible tooling, I'm not aware of a close replacement for osquery.)
[1]: https://github.com/osquery/osquery/issues/6319
- SQLite virtual table to query operating system data via SQL
-
Show HN: Natural Language to SQL "Text-to-SQL" API by Dataherald
The largest we have successfully deployed is on the OSQuery schema https://osquery.io/ which is 277 tables and lots of business context (malwares, vulnerabilities, Windows registry keys, etc).
-
Alternative to Endpoint Protector?
From a self hosted standpoint OSQuery or Wazuh are your best bets for monitoring USB devices. Windows makes blocking really challenging and I’m not aware of any “free” solutions that attempt it.
-
Firewall rules beyond "deny incoming, enable only the ports that you need"
Configure auditd to monitor host activity: https://izyknows.medium.com/linux-auditd-for-threat-detection-d06c8b941505 or osquery: https://osquery.io/ (or similar software: filebeat for example).
- Craziest thing I ever used SQLite for: partial file deduplication
-
Best Websites For Coders
OS Query : Easily ask questions about your Linux, Windows, and macOS infrastructure
-
Tool that let you know see EXE file on multiple PC?
Osquery + Fleet. https://osquery.io/ https://fleetdm.com/, using the two allows you to build a query to answer what ever questions you (or an auditor) might have about your environment.
- Osquery: SQL powered operating system instrumentation
Fail2Ban
-
Looking for a way to remote in to K's of raspberry pi's...
now some things you need to think about: - cloud init - this will need to be secure so lock it down hard anything not needed an alternative OS to look at if you have the ability's is https://www.alpinelinux.org/ also as these devices are not that powerfull every extra agent / abstaction layer you add impacts performance need to look at low over head security https://www.crowdsec.net/ and https://github.com/fail2ban/fail2ban (if you call fail2ban security) - using certificates to authenticate ssh login
- Fail2Ban
- Fail2Ban – Daemon to ban hosts that cause multiple authentication errors
-
I am (to be) a web designer, how to ensure security on a vps?
See https://github.com/fail2ban/fail2ban for beginner's guide, basically you set it up to monitor logfiles and it would act accordingly (plenty of built-in config to handle various daemons so you don't have to write yourself).
-
Home Lab Setup Recommendations
- Nginx & crowdsec/fail2ban if you are exposing your parts (services) to the public ( https://hub.docker.com/r/baudneo/nginx-proxy-manager, https://www.crowdsec.net, https://www.fail2ban.org )
-
fail2ban not notifying Cloudflare
— In /etc/fail2ban/action.d/cloudflare.conf I copied the file from https://github.com/fail2ban/fail2ban/blob/master/config/action.d/cloudflare.confand added my ‘cftoken’ and ‘cfuser’ on the bottom
-
Firewall rules beyond "deny incoming, enable only the ports that you need"
https://github.com/fail2ban/fail2ban is a mature, easy to set up way to have some dynamic firewall rules that respond to attacks. There are more sophisticated options, but they are probably not worth the return on time investment for you.
-
Comments/Suggestions on security-auditing different services
You can create your own regexes for custom services: https://github.com/fail2ban/fail2ban/wiki/Developing-Regex-in-Fail2ban
-
Fail2Ban Limitation
Others seem to be (or were) experiencing this too: https://github.com/fail2ban/fail2ban/issues/3100
What are some alternatives?
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
crowdsec - CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
OSSEC - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Suricata - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
falco - Cloud Native Runtime Security
Snort - Snort++
lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Denyhosts - Automated host blocking from SSH brute force attacks
SaltStack - Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:
pfSense - Main repository for pfSense