Raspberry Pi as syslog server

I’ve been meaning for some time to add a Raspberry Pi to my lab environment as a syslog server and finally got around to it today.

I have a couple of Pis but when I went looking this morning I realized that I had a problem with the SD card on one which led to a small voyage of discovery.

To re-flash the SD card I chose the Raspbian Stretch Lite download, here.

And then re-flashed the card using balenaEtcher per instructions, here.

I operate the Pis in headless mode on a wired network and in order to get them to come up with SSH enabled I had to add an empty file ssh.txt to the boot partition on the SD card.

Once online I used a network scanner to find the dhcp served addressed and then set a static address by editing the configuration file.

sudo nano /etc/dhcpcd.conf

interface eth0

static ip_address=192.168.1.2/24
static routers=192.168.1.1
static domain_name_servers=192.168.1.1

More on the details of the syslog server itself in a future post.

Ping with timestamp

During a troubleshooting exercise a couple of weeks ago there was a need to log the pings from two different sources for later comparison. Of course this meant having a timestamp associated with each.

A quick search of Stackoverflow turned up the following thread:

Ping with timestamp

I think my favoured solution is the one that uses Powershell, as per below.

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

PS C:\

ping.exe -t twitter.com|Foreach{"{0} - {1}" -f (Get-Date),$_} > test.txt

In a second Powershell window you can also tail the output, thusly:

Get-Content filenamehere -Wait -Tail 30

The Untold Story of NotPetya, the Most Devastating Cyberattack in History

I finally got around to reading the excellent Wired article on NotPetya [Aug 2018], The Untold Story of NotPetya, the Most Devastating Cyberattack in History 

One of the items that stood out for me, relative to Maersk’s infrastructure was this one :

Early in the operation, the IT staffers rebuilding Maersk’s network came to a sickening realization. They had located backups of almost all of Maersk’s individual servers, dating from between three and seven days prior to NotPetya’s onset. But no one could find a backup for one crucial layer of the company’s network: its domain controllers, the servers that function as a detailed map of Maersk’s network and set the basic rules that determine which users are allowed access to which systems.

Maersk’s 150 or so domain controllers were programmed to sync their data with one another, so that, in theory, any of them could function as a backup for all the others. But that decentralized backup strategy hadn’t accounted for one scenario: where every domain controller is wiped simultaneously. “If we can’t recover our domain controllers,” a Maersk IT staffer remembers thinking, “we can’t recover anything.”

I can remember having this conversation with Microsoft in 2003 — how do we backup and recover Active Directory? They looked at me like I had two heads. “Why would you want to do that, it’s replicated to multiple DCs?”

Over time, that view has obviously changed. A couple of links for further reading:

AD DS Backup and Recovery Step-by-Step Guide
AD Reading: Active Directory Backup and Disaster Recovery

The article took me back to the days of Melissa, Code Red , Nimbda, and     SQL Slammer, although those still remain much more innocent times.