Professional Documents
Culture Documents
MobaXterm 192.168.195.131 20240420 163051
MobaXterm 192.168.195.131 20240420 163051
┌──────────────────────────────────────────────────────────────────────┐
│ • MobaXterm Professional Edition v24.0 •
│
│ (SSH client, X server and network tools)
│
│
│
│ ⮞ SSH session to root@192.168.195.131
│
│ • Direct SSH : ✓
│
│ • SSH compression : ✓
│
│ • SSH-browser : ✓
│
│ • X11-forwarding : ✓ (remote display is forwarded through
SSH) │
│
│
│ ⮞ For more info, ctrl+click on help or visit our website.
│
└──────────────────────────────────────────────────────────────────────┘
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
source /etc/network/interfaces.d/*
# vmnet 3
auto ens37
iface ens37 inet static
address 192.168.20.10
netmask 255.255.255.0
# vmnet 2
auto ens38
iface ens38 inet static
address 192.168.10.10
netmask 255.255.255.0
root@nico:~# iptable
-bash: iptable : commande introuvable
root@nico:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
─────────────────────────────────────────────────────────────────────────────────────
─
Session stopped
- Press <Return> to exit tab
- Press R to restart session
- Press S to save terminal output to file
login as: root
┌──────────────────────────────────────────────────────────────────────┐
│ • MobaXterm Professional Edition v24.0 •
│
│ (SSH client, X server and network tools)
│
│
│
│ ⮞ SSH session to root@192.168.195.131
│
│ • Direct SSH : ✓
│
│ • SSH compression : ✓
│
│ • SSH-browser : ✓
│
│ • X11-forwarding : ✓ (remote display is forwarded through
SSH) │
│
│
│ ⮞ For more info, ctrl+click on help or visit our website.
│
└──────────────────────────────────────────────────────────────────────┘
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
root@nico:~#
root@nico:~# curl -v --cacert /etc/filebeat/http_ca.crt https://192.168.195.131:9200
-u elastic
Enter host password for user 'elastic':
* Trying 192.168.195.131:9200...
* Connected to 192.168.195.131 (192.168.195.131) port 9200 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/filebeat/http_ca.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: CN=nico
* start date: Apr 19 20:20:56 2024 GMT
* expire date: Apr 19 20:20:56 2026 GMT
* subjectAltName: host "192.168.195.131" matched cert's IP address!
* issuer: CN=Elasticsearch security auto-configuration HTTP CA
* SSL certificate verify ok.
* using HTTP/1.x
* Server auth using Basic with user 'elastic'
> GET / HTTP/1.1
> Host: 192.168.195.131:9200
> Authorization: Basic ZWxhc3RpYzphemVydHl1aW9w
> User-Agent: curl/7.88.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/1.1 200 OK
< X-elastic-product: Elasticsearch
< content-type: application/json
< content-length: 529
<
{
"name" : "nico",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "AAtS4Qn5QvutdBeVvLYoeA",
"version" : {
"number" : "8.13.2",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "16cc90cd2d08a3147ce02b07e50894bc060a4cbf",
"build_date" : "2024-04-05T14:45:26.420424304Z",
"build_snapshot" : false,
"lucene_version" : "9.10.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
* Connection #0 to host 192.168.195.131 left intact
root@nico:~# nano /etc/filebeat/modules.d/suricata.yml
root@nico:~# var.paths: ["/var/log/suricata/eve.json"]
-bash: var.paths: : commande introuvable
root@nico:~# filebeat setup
Index setup finished.
Loading dashboards (Kibana must be running and reachable)
Loaded dashboards
Loaded Ingest pipelines
root@nico:~# start filebeat
-bash: start : commande introuvable
root@nico:~# systemctl start filebeat
root@nico:~# systemctl status filebeat
● filebeat.service - Filebeat sends log files to Logstash or directly to
Elasticsearch.
Loaded: loaded (/lib/systemd/system/filebeat.service; disabled; preset:
enabled)
Active: active (running) since Sat 2024-04-20 15:32:54 CEST; 11min ago
Docs: https://www.elastic.co/beats/filebeat
Main PID: 4356 (filebeat)
Tasks: 8 (limit: 12500)
Memory: 40.4M
CPU: 170ms
CGroup: /system.slice/filebeat.service
└─4356 /usr/share/filebeat/bin/filebeat --environment
systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --
path.config /etc/filebeat --path.data /var/lib/filebeat --path.log>
For more advanced filters see the jq(1) manpage ("man jq")
and/or https://stedolan.github.io/jq
Example:
─────────────────────────────────────────────────────────────────────────────────────
─────────────────────────────────────────────────────────────────────────────────────
────────────────────────────────────
Session stopped
- Press <Return> to exit tab
- Press R to restart session
- Press S to save terminal output to file