random936/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: random936:01e58f22c227a8b2bd576e2be95a16812e7d9fb1
Branches Tags
random936:main
...
compare: random936:b895fd28d54ac075f06ccd371f77fd1c9da33924
Branches Tags
random936:main

2 Commits
01e58f22c2 ... b895fd28d5

Author SHA1 Message Date
Random936
b895fd28d5 Added logging config 2025-02-05 10:03:46 -08:00
Random936
7ebbd4044e Added suricata config 2025-02-05 10:03:46 -08:00
4 changed files with 179 additions and 8 deletions
Show Stats Expand all files Collapse all files

7
config/headless.nix
View File

@ -9,5 +9,12 @@
# Qemu guest
services.qemuGuest.enable = true;
# Install Prometheus for Grafana
services.prometheus.exporters.node = {
enable = true;
port = 9002;
enabledCollectors = [ "systemd" ];
};
system.stateVersion = "24.05";
}

166
config/logging.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, inputs, ... }: {
{ lib, config, pkgs, inputs, ... }: {
imports = [
../hardware/logging.nix
@ -6,7 +6,7 @@
(import ./networking.nix {
hostname = "r330-logging";
ip_address = "192.168.100.41";
open_ports = [];
open_ports = [ 3000 9001 ];
inherit lib;
})
];
@ -17,14 +17,172 @@
suricata
];
systemd.services.suricata = {
services.grafana = {
enable = true;
settings.server = {
http_addr = "0.0.0.0";
http_port = 3000;
domain = "logging.randomctf.local";
};
};
services.prometheus = {
enable = true;
port = 9001;
scrapeConfigs = [
{
job_name = "r330-logging";
static_configs = [{
targets = let
port = toString config.services.prometheus.exporters.node.port;
in [
"127.0.0.1:${port}"
"192.168.100.40:${port}"
"192.168.100.42:${port}"
"192.168.100.43:${port}"
];
}];
}
];
};
systemd.services.suricata = {
description = "Suricata IDS/IPS";
wantedBy = ["multi-user.target"];
serviceConfig = {
type = "simple";
ExecStart = "${pkgs.suricata}/bin/suricata -c '/home/logging/suricata.yaml' -i ens18";
User = "logging";
ExecStart = "${pkgs.suricata}/bin/suricata -c /etc/suricata.yaml -i enp6s18";
Restart = "on-failure";
CapabilityBoundingSet = "CAP_NET_RAW CAP_NET_ADMIN";
AmbientCapabilities = "CAP_NET_RAW CAP_NET_ADMIN";
};
};
environment.etc."suricata.yaml".source = pkgs.writeTextFile {
name = "suricata.yaml";
text = ''
%YAML 1.1
---
vars:
address-groups:
HOME_NET: "[192.168.100.0/24]"
EXTERNAL_NET: "!$HOME_NET"
HTTP_SERVERS: "$HOME_NET"
SMTP_SERVERS: "$HOME_NET"
SQL_SERVERS: "$HOME_NET"
DNS_SERVERS: "$HOME_NET"
TELNET_SERVERS: "$HOME_NET"
AIM_SERVERS: "$EXTERNAL_NET"
DC_SERVERS: "$HOME_NET"
DNP3_SERVER: "$HOME_NET"
DNP3_CLIENT: "$HOME_NET"
MODBUS_CLIENT: "$HOME_NET"
MODBUS_SERVER: "$HOME_NET"
ENIP_CLIENT: "$HOME_NET"
ENIP_SERVER: "$HOME_NET"
port-groups:
HTTP_PORTS: "80"
SHELLCODE_PORTS: "!80"
ORACLE_PORTS: 1521
SSH_PORTS: 22
DNP3_PORTS: 20000
MODBUS_PORTS: 502
FILE_DATA_PORTS: "[$HTTP_PORTS,110,143]"
FTP_PORTS: 21
GENEVE_PORTS: 6081
VXLAN_PORTS: 4789
TEREDO_PORTS: 3544
SIP_PORTS: "[5060, 5061]"
default-log-dir: /home/logging/logs
classification-file: /etc/suricata/classification.config
reference-config-file: /etc/suricata/reference.config
default-rule-path: /etc/suricata/rules
rule-files:
- suricata.rules
stats:
enabled: yes
af-packet:
- interface: enp6s18
use-mmap: yes
tpacket-v3: yes
cluster-id: 99
cluster-type: cluster_flow
defrag: yes
outputs:
- fast:
enabled: yes
filename: fast.log
append: yes
- eve-log:
enabled: yes
filetype: regular
filename: eve.json
types:
- alert:
tagged-packets: yes
- http:
extended: yes
- http2
- dns:
enabled: yes
- tls:
extended: yes
- flow
- mqtt
- ssh
- dhcp:
enabled: yes
- arp:
enabled: yes
- ldap
- quic
- sip
- rfb
- snmp
- bittorrent-dht
- krb5
- dcerpc
- ike
- tftp
- smb
- nfs
- rdp
- ftp
- websocket
- smtp
- pcap-log:
enabled: yes
filename: log.pcap
limit: 1gb
max-files: 20
- stats:
enabled: yes
filename: stats.log
append: yes
totals: yes
threads: no
'';
};
environment.etc."suricata/classification.config".text = ''
'';
environment.etc."suricata/reference.config".text = ''
'';
environment.etc."suricata/threshold.config".text = ''
'';
environment.etc."suricata/rules/suricata.rules".text = ''
'';
}

2
config/networking.nix
View File

@ -17,7 +17,7 @@ in {
};
networking.nameservers = [ gateway_ip ];
networking.firewall.allowedTCPPorts = open_ports;
networking.firewall.allowedTCPPorts = open_ports ++ [9002];
networking.interfaces.enp6s18.ipv4.addresses = [
{
address = ip_address;

12
hardware/logging.nix
View File

@ -8,16 +8,22 @@
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/4b91f41b-e619-41e1-a602-c60862cd6fb9";
{ device = "/dev/disk/by-uuid/d8ec7c7e-ce95-432c-932d-663dc261c623";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/1842-1672";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@ -25,7 +31,7 @@
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
# networking.interfaces.enp6s18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}