I am deploying an instance of Security Onion to a test environment. In order to test OSSEC, I stood up an Ubuntu Linux host with assigned IP of 192.168.200.4 and installed the OSSEC agent. Following configuration, I confirmed that the OSSEC agent instance was successfully added to the OSSEC server on the Security Onion instance by running
$ sudo /var/ossec/bin/agent_control -l Wazuh agent_control. List of available agents: ID:000, Name: user-virtual-machine (server), IP: 127.0.0.1, Active/Local ID:002, Name: 001, IP: 192.168.200.4, Active
Using Wireshark, I confirmed that communication was occurring as expected and that the Ubuntu host was regularly sending logs to the server.
I altered a file in /etc on the Ubuntu host which should produce an alert, and it would appear that this change was successfully flagged and an alert was successfully displayed in Squert on the Security Onion Instance.
Squert dashboard filtered on 192.168.200.4 showing integrity alert
However, when I try to visualize alerts using Kibana on the Security Onion instance, my host running OSSEC does not appear as a monitored OSSEC instance at all. Only one device is listed as a monitored host, and that is my Security Onion instance.
Kibana dashboard, please note the sensor count and device count of 1
I’ve attempted to restart the Security Onion service and the host but have not been able to resolve this problem. I am new to Security Onion, so if I am fundamentally misunderstanding how this data should be displayed I apologize. Any help would be greatly appreciated.
One reason I like .NET is because the ‘solutions’ and ‘projects’ lends themselves to good architecture.
Good architecture makes it easy to follow the happy path of Domain-Driven Design.
I’ve fallen into a habit of this kind of architecture for my projects. It’s just a common sense approach for the onion architecture, ports and adapters, etc. (Some would even argue those are all saying the same thing — it’s “a bona fide pattern“.)
I don’t want to get too specific about frameworks, but for example, I’m looking at an Ionic project — where the entire thing is just an Angular app hosted on a phone.
How does the onion or DDD fit into this?
Es posible en Android Studio leer un fichero que se encuentre alojado en un dominio onion ?
Onion Architecture talks about separating the UI, Service, and Data Layers. All the samples usually given for this involve a single deployment model of the application. For example in .net most of the samples are
Web – MVC app
Core/Domain – Simple class library
Data – Entity Framework
What happens if my application has multiple deployment flavors? For example Azure resources versus On premise SQL Server. Does the solution break down into shareable projects? What happens when pieces of the infrastructure are shared?
Host – On-Premise – has the Program.cs and Startup class only, wires up all the dependencies. Also has logic to do migration/setup for infrastructure
Host – Azure – same as above
Web – Controllers, View, Models – but it class library not an app
Core/Domain – Doesn’t change
Infrastructure – SQL
Infrastructure – Azure
Infrastructure – X
Is this correct thinking? should the “App Hosts” be as minimal as possible and wire everything up? Should infrastructures be separated by the infrastructure they are utilizing or the deployment style (On premise vs Azure)? Is it strange to have an infrastructure layer not implement all the repositories defined in domain layer?
Been following this guide just to tinker around with bitcoind over tor. According to the guide, when bitcoind controls the tor daemon using controlport=9051 whenever you restart bitcoind tor should generate a new .onion address. This is not happening. If I restart bitcoind, tor or both, it always uses the same old .onion address. A fully system restart doesn’t work either.
how do I generate a new .onion address?
Note: I am NOT using /blah/var/hidden_service and cannot just delete the private key in that folder. When using controlport there doesn’t seem to be a private key anywhere. Or is there?