Open Source SIEM

OSSIM is the most widely used SIEM offering, thanks in no small part to the open source community that has promoted its use. OSSIM provides all of the capabilities that a security professional needs from a SIEM offering, event collection, normalization, correlation and incident response – but it also does far more. Not simply satisfied with integrating data from existing security tools, OSSIM is built on the Unified Security Management platform which provides a common framework for the deployment, configuration, and management of your security tools.

Today more than 30 open-source security tools are built into this framework, making OSSIM the fastest way to start and the easiest way to manage a comprehensive security program. AlienVault provides ongoing development and support for the project because we believe that everyone should have access to the sophisticated security technologies that are required to keep us secure. This included the companies that are too small to afford, the researchers who need a platform to experiment on, and the unsung heroes who can’t convince their companies that security is a problem.

For users who think they might require the commercial offering whose proceeds are used to continue supporting this project please visit AlienVault to find out more.


sys-unconfig: Reconfigure the System Upon Next Boot

I can use unconfigure command on a previously configured Solaris Unix box and leave it in an unconfigured state. How do I unconfigure CentOS Linux OR RHEL 6.x on HP server. How do I reconfigure the system upon next boot?

You can use sys-unconfig command whoch provides a simple method of reconfiguring a system in a new environment. Upon executing sys-unconfig will halt your system, and run the following configuration programs at boot:

  1. Change the root password.
  2. Reconfigure networking / routing.
  3. Reconfigure time / date / time zone etc.
  4. Reconfigure Keyboard and mapping.
  5. Reconfigure system authentication resources.
  6. Reconfigure system runlevel.
  7. Reconfigure system services.

Type the following command as root user. Warning: do not type the following command on a production server for just testing purpose. The system will go down immediately:

# sys-unconfig

This command will create a file called /.unconfigured. The presence of this file will cause /etc/rc.d/rc.sysinit to run the programs mentioned above. Also, all persistent rules will be deleted from /etc/udev/rules.d/.


Trikovi u Windowsima 8

Windows Key
This is equivalent to tapping the Windows button on a Windows 8 touch-screen tablet—It simply opens the Metro Start screen. While the Windows key has been quite useful since Vista, in Windows 8 it has the potential to be a real productivity booster, and a habit worth forming.

Just Start Typing
From the Metro Start screen, this will bring up app-related results by default. But you can switch the results to search within Settings or Documents, or even to the Windows Store or specific apps.

Yup, the good old app-switcher from Windows days of yore still works, and it brings up a panel showing all running apps you can switch among, whether Metro or desktop style.

Another blast from the past, hitting the famous three-finger salute lets you Lock, Switch user, sign out, or open the Task Manager. In Windows 8, the screen shown by this combo also lets you turn on Accessibility options and power-down options, Sleep, Shut Down, and Restart, but it doesn’t offer to let you change passwords.

If you want to go directly to the task manager, this key combo is your ticket. Another classic from earlier Windows days.

Drag to bottom of screen
Windows 8 lets you click, hold, and drag a Metro app to the bottom of the screen to close it, just like you can with your finger on a touch screen.

Right Click
Right-clicking anywhere in a Metro-style app opens its menu, which will usually appear as an icon bar along the bottom of the screen (Microsoft calls this the “App Bar”). In traditional desktop-style apps, right-clicking does whatever it would have done in Windows 7. Right-clicking on the “Start Button” from the desktop brings up a bunch of geeky choices like Event Viewer, Device Manager, Disk Management, and command prompts.

Windows Key-E
This one is really handy: It opens the Windows Explorer in desktop mode, whether you’re in Metro or desktop.

Windows Key-M
Since Windows 8 does away with the Show Desktop button in Windows 7’s lower-right corner, this keyboard shortcut takes its place. To temporarily peek at the desktop, hit the Windows Key and the comma key.

Windows Key-C.
Opens the Charm bar. Keyboarders may find this a lot more convenient than mousing to a right corner to access these main system functions. In fact, some of the Charms even have their own keyboard combo with the Windows key: I—Settings, Q-Search, H-Share, K-Devices.

11. Windows Key-Enter.
This could actually be one to avoid: It turns on the Narrator, which reads aloud everything Windows is doing. At one point during my testing of Windows 8 Consumer preview, my tablet started reading to me and I had no idea why. Windows Key-Enter was the culprit.


Problem sa pokretanjem virtualnih mašina nakon nadogradnje VMware Workstation 9 na Linux-u

Problem sa pokretanjem virtualnih mašina nakon nadogradnje VMware Workstation 9

Nakon nadogradnje VMware Workstation sa verzije 8 na verziju 9 na openSuSE 12.2 64bit dolazi do greške

Version mismatch with vmci driver: expecting 11.0, got 10.0.
Module DevicePowerOn power on failed.
Failed to start the virtual machine.

Privremeno rješenje dok ne do?e fix je u svim vmx datotekama staviti “vmci0.present” na FALSE.

Znaci pronademo liniju:

vmci0.present = “TRUE”

i postavimo je da izgleda:

vmci0.present = “FALSE”

Pregled dijeljenih mapa i prava korisnika putem PowerShell skripte

Prikupljanje dijeljenih mapa na Microsoft Windows poslužiteljima putem PS.

Function Get-NtfsRights($name,$path,$comp)
$path = [regex]::Escape($path)
$share = “\\$comp\$name”
$wmi = gwmi Win32_LogicalFileSecuritySetting -filter “path=’$path'” -ComputerName $comp
$wmi.GetSecurityDescriptor().Descriptor.DACL | where {$_.AccessMask -as [Security.AccessControl.FileSystemRights]} |select `
@{name=”Principal”;Expression={“{0}\{1}” -f $_.Trustee.Domain,$}},
@{name=”Rights”;Expression={[Security.AccessControl.FileSystemRights] $_.AccessMask }},
@{name=”AceFlags”;Expression={[Security.AccessControl.AceFlags] $_.AceFlags }},
@{name=”AceType”;Expression={[Security.AccessControl.AceType] $_.AceType }},

gc serverlist.txt | foreach {
if ($shares = Get-WmiObject Win32_Share -ComputerName $_ | Where {$_.Path})
$shares | Foreach { Write-Progress -Status “Get share information on $($_.__Server)” $_.Name
Get-NtfsRights $_.Name $_.Path $_.__Server}
else {“Failed to get share information from {0}.” -f $($_.ToUpper())}
} | ft Principal,Rights,AceFlags,AceType -GroupBy ShareName -Wrap | Out-File result.txt




PowerShell ne dozvoljava pokretanje *.ps1 skripti (‘iliti dobivate poruku “get-help about_signing” for more details.)

Ne možete pokrenuti skripte *.ps1 zato što je izvršavanje skripti zabranjeno na serveru i dobivate poruku “Please see “get-help about_signing” for more details.”?

Provjerite trenutni “execution-policy” sa komandom:

PS C:\Windows\System32> Get-ExecutionPolicy
PS C:\Windows\System32>

Za promjeniti aktualan “execution-policy” potrebno je pokrenuti komandu:
Napomena: ova komanda zahtjeva administrativne ovlasti mora biti pokrenuta “elevated” (Pokrenite Powershell koriste?i ‘Run as Administrator’)

PS C:\Windows\System32> Set-ExecutionPolicy Unrestricted
PS C:\Windows\System32> Get-ExecutionPolicy

sed oneliner
USEFUL ONE-LINE SCRIPTS FOR SED (Unix stream editor) Dec. 29, 2005
Compiled by Eric Pement – pemente[at]northpark[dot]edu version 5.5

Latest version of this file (in English) is usually at:

This file will also available in other languages:
Chinese –
Czech –
Dutch –
French –
German –
Italian – (pending)
Portuguese –
Spanish – (pending)

#sed script that will remove HTML tags from a file
sed -e ‘s/]*>//g’ myfile.html
checking sed to remove lines with symbols 0123456789
# Rem blank lines and # comments

# Use following sed magic to remove both comments and empty lines at the same expense:

sed ‘/ *#/d; /^ *$/d’

#SED processes whatever you give it, and displays it on “STDOUT”—by default, your terminal window. It does not change filenames—that is done with the “mv” command.

#why “ls -d” ?

#I think you need something like this:
for filename in *; do newname= $(sed ‘s/+//g’ $filename); mv $filename $newname; done

To drill down in the directory tree, use “$(ls -R) instead of “*”

sed -e ‘/[^.][^,][^!][^”][^#][^$][^%][^&][^/][^(][^)][^=][^?][^¡][^¿][^’][^´][^+][^*][^¨][^{][^}][^]][^[][^-][^_][^:][^]][:blank:][:alnum:]/d’ /home/glenn/filename1
sed s -e ‘/[^\.][^\,][^\!][^\”][^\#][^\$][^\%][^\&][^\/][^\(][^\)][^\=][^\?][^\¡][^\¿][^\’][^\´][^\+][^\*][^\¨][^\{][^\}][^\]][^\[][^\-][^\_][^\:][^\]][:blank:][:alnum:]/d’ /home/glenn/filename1
sed -e ‘/[[:blank:]][[:alnum:]]/d’ /home/glenn/filename1
cat /home/glenn/filename1 | sed -d ‘/#\.\*\[\]\\\/\$\^\-\_\?/d’
cat /home/glenn/filename1 | sed -e ‘/#\*\[\]\\/d’
cat /home/glenn/filename1 | sed -e ‘/#\.\*\[\]\\\/\$\^\-\_\?/d’


# double space a file
sed G

# double space a file which already has blank lines in it. Output file
# should contain no more than one blank line between lines of text.
sed ‘/^$/d;G’

# triple space a file
sed ‘G;G’

# undo double-spacing (assumes even-numbered lines are always blank)
sed ‘n;d’

# insert a blank line above every line which matches “regex”
sed ‘/regex/{x;p;x;}’

# insert a blank line below every line which matches “regex”
sed ‘/regex/G’

# insert a blank line above and below every line which matches “regex”
sed ‘/regex/{x;p;x;G;}’


# number each line of a file (simple left alignment). Using a tab (see
# note on ‘\t’ at end of file) instead of space will preserve margins.
sed = filename | sed ‘N;s/\n/\t/’

# number each line of a file (number on left, right-aligned)
sed = filename | sed ‘N; s/^/ /; s/ *\(.\{6,\}\)\n/\1 /’

# number each line of file, but only print numbers if line is not blank
sed ‘/./=’ filename | sed ‘/./N; s/\n/ /’

# count lines (emulates “wc -l”)
sed -n ‘$=’


# IN UNIX ENVIRONMENT: convert DOS newlines (CR/LF) to Unix format.
sed ‘s/.$//’ # assumes that all lines end with CR/LF
sed ‘s/^M$//’ # in bash/tcsh, press Ctrl-V then Ctrl-M
sed ‘s/\x0D$//’ # works on ssed, gsed 3.02.80 or higher

# IN UNIX ENVIRONMENT: convert Unix newlines (LF) to DOS format.
sed “s/$/`echo -e \\\r`/” # command line under ksh
sed ‘s/$'”/`echo \\\r`/” # command line under bash
sed “s/$/`echo \\\r`/” # command line under zsh
sed ‘s/$/\r/’ # gsed 3.02.80 or higher

# IN DOS ENVIRONMENT: convert Unix newlines (LF) to DOS format.
sed “s/$//” # method 1
sed -n p # method 2

# IN DOS ENVIRONMENT: convert DOS newlines (CR/LF) to Unix format.
# Can only be done with UnxUtils sed, version 4.0.7 or higher. The
# UnxUtils version can be identified by the custom “–text” switch
# which appears when you use the “–help” switch. Otherwise, changing
# DOS newlines to Unix newlines cannot be done with sed in a DOS
# environment. Use “tr” instead.
sed “s/\r//” infile >outfile # UnxUtils sed v4.0.7 or higher
tr -d \r <infile >outfile # GNU tr version 1.22 or higher

# delete leading whitespace (spaces, tabs) from front of each line
# aligns all text flush left
sed ‘s/^[ \t]*//’ # see note on ‘\t’ at end of file

# delete trailing whitespace (spaces, tabs) from end of each line
sed ‘s/[ \t]*$//’ # see note on ‘\t’ at end of file

# delete BOTH leading and trailing whitespace from each line
sed ‘s/^[ \t]*//;s/[ \t]*$//’

# insert 5 blank spaces at beginning of each line (make page offset)
sed ‘s/^/ /’

# align all text flush right on a 79-column width
sed -e :a -e ‘s/^.\{1,78\}$/ &/;ta’ # set at 78 plus 1 space

# center all text in the middle of 79-column width. In method 1,
# spaces at the beginning of the line are significant, and trailing
# spaces are appended at the end of the line. In method 2, spaces at
# the beginning of the line are discarded in centering the line, and
# no trailing spaces appear at the end of lines.
sed -e :a -e ‘s/^.\{1,77\}$/ & /;ta’ # method 1
sed -e :a -e ‘s/^.\{1,77\}$/ &/;ta’ -e ‘s/\( *\)\1/\1/’ # method 2

# substitute (find and replace) “foo” with “bar” on each line
sed ‘s/foo/bar/’ # replaces only 1st instance in a line
sed ‘s/foo/bar/4’ # replaces only 4th instance in a line
sed ‘s/foo/bar/g’ # replaces ALL instances in a line
sed ‘s/\(.*\)foo\(.*foo\)/\1bar\2/’ # replace the next-to-last case
sed ‘s/\(.*\)foo/\1bar/’ # replace only the last case

# substitute “foo” with “bar” ONLY for lines which contain “baz”
sed ‘/baz/s/foo/bar/g’

# substitute “foo” with “bar” EXCEPT for lines which contain “baz”
sed ‘/baz/!s/foo/bar/g’

# change “scarlet” or “ruby” or “puce” to “red”
sed ‘s/scarlet/red/g;s/ruby/red/g;s/puce/red/g’ # most seds
gsed ‘s/scarlet\|ruby\|puce/red/g’ # GNU sed only

# reverse order of lines (emulates “tac”)
# bug/feature in HHsed v1.5 causes blank lines to be deleted
sed ‘1!G;h;$!d’ # method 1
sed -n ‘1!G;h;$p’ # method 2

# reverse each character on the line (emulates “rev”)
sed ‘/\n/!G;s/\(.\)\(.*\n\)/&\2\1/;//D;s/.//’

# join pairs of lines side-by-side (like “paste”)
sed ‘$!N;s/\n/ /’

# if a line ends with a backslash, append the next line to it
sed -e :a -e ‘/\\$/N; s/\\\n//; ta’

Open Source Help Desk Software

Hello and welcome to the open source help desk software list. We hope you find a solution to your help desk needs here. In addition to the open source software listed, this site also features HelpSpot Help Desk Software. A moderately priced commercial help desk application which you may want to explore if you are interested in a professionally maintained and supported solution.