Offline Squid Proxy log analysis 0

Squid Access Log analysis with simple python command

What is SquidMagic Master?

squidmagic is a tool which is designed to analyze a web-based network traffic to detect central command and control (C&C) servers and Malicious site, using Squid proxy server and Spamhaus.

 

Who is  Spamhaus?

The Spamhaus Project is an international nonprofit organization that tracks spam and related cyber threats such as phishing, malware and botnets, provides realtime actionable and highly accurate threat intelligence to the Internet’s major networks, corporations and security vendors, and works with law enforcement agencies to identify and pursue spam and malware sources worldwid

 

 

 

You Could get many post regarding squid log analyse in a sort way which are not in depth, However, while you are doing in practice scenario, i’m sure you would get many error to run a tool.

Requirement:

Linux Machine (I’m Using Ubuntu 16.04)
Squidmagic Master tool
 
Dependent packages:
Python3

 

sh, termcolor, configparser, pyzmq.

So here is the step by step configuration.

Install Python 3.6 from PPA

You can also install Python 3.6 from J Fernyhough’s Personal Package Archive
Install the following requirements.
apt-get install software-properties-common python-software-properties
Run the Following command to add the ubuntu repository.
sudo add-apt-repository ppa:jonathonf/python-3.6
Update the repository
sudo apt-get update
Install Python version 3.6 on Ubuntu 16.04
and finally install Python version 3.6
sudo apt-get install python3.6
However, it can shows you the older python version which is 3.5
# python3 -V 
Python 3.5.2
On my Ubuntu machine, there are two versions of python available, python3.5 as default python version and python3.6. In this step, we will change the default python version to python 3.6
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.5 1
 
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.6 2
sudo update-alternatives --config python3
 
 
 
Selection    Path                Priority   Status
————————————————————
* 0            /usr/bin/python3.6   2         auto mode
  1            /usr/bin/python3.5   1         manual mode
  2            /usr/bin/python3.6   2         manual mode
 
After the installation of python and selected a best version, we need to install python module so here is the following command to get install.
 
Python Packages name : python-zmq
sudo apt-get install python-zmq
Install Python Packages: sh
 
sh is a full-fledged subprocess replacement for Python 2.6 – 3.6, PyPy and PyPy3 that allows you to call any program as if it were a function:
pip install sh
Install Python Package : python-pip
 
 
Pip is a package management system used to install and manage software packages written in Python which can be found in the Python Package Index (PyPI).
sudo apt-get install python-pip
install python package: termcolor
termcolor is Color formatting for output in terminal
pip install termcolor
Install python package: configparser
 
 

 

Note
The ConfigParser module has been renamed to configparser in Python 3. The 2to3 tool will automatically adapt imports when converting your sources to Python 3.
 
 
sudo pip install configparser
Go to your squidmagic dirctory which you had downloaded, if not you can download the tool https://github.com/ch3k1/squidmagic
 
Now we can run the script to following command.
python squidmagic.py /path of your access.log
                 _     _                       _      
                (_)   | |                     (_)     
 ___  __ _ _   _ _  __| |_ __ ___   __ _  __ _ _  ___ 
/ __|/ _` | | | | |/ _` | '_ ` _ \ / _` |/ _` | |/ __|
\__ \ (_| | |_| | | (_| | | | | | | (_| | (_| | | (__ 
|___/\__, |\__,_|_|\__,_|_| |_| |_|\__,_|\__, |_|\___|
        | |                               __/ |       
        |_|                              |___/        
     Analyzing...

Analyzing by SBL Advisory...
 Spam server detected, ip is 65.182.101.221
Analyzing by SBL_CSS Advisory...
 safe server detected, host or ip is 65.182.101.221
Analyzing by PBL Advisory...
 safe server detected, host or ip is 65.182.101.221

Clear DNS Cache – How to Guide 0

clear your DNS cache if you use MacOSDNS is a backbone of the internet world. DNS Flush (Clear DNS Cache) is a very common activity done by system engineers to resolve internet browsing issue. Here we are trying to explain various methods to clear dns cache for Windows and Mac Operating Systems.

What is DNS Cache and Why You Need To Clear It.

The DNS cache is a small database maintained by a computer. The database contains records of all recently accessed hostnames and IP addresses.

If the location of the web server changes before the entry in your DNS cache updates, you can no longer access the site.

If you encounter a large number of HTML 404 error codes, you may need to clear your DNS cache.

After you clear your DNS cache, your computer will query name servers for the new DNS information.

How to clear your DNS cache

The following methods allow you to remove old and inaccurate DNS information that may result in HTML 404 errors.

Clear DNS Cache in Windows 10

File:Windows 10 Logo.svg
To reset the DNS resolver cache, perform the following steps:

1. Hold down the Windows key and press “R” to bring up the Run dialog box.

2. Type ipconfig /flushdns then press “Enter“. (be sure there is a space before the slash)

clip_image001

That’s all there is to it. A command box will flash on the screen for a split second and the DNS Resolver cache is cleared.

image

Windows 8

To clear your DNS cache if you use Windows 8, perform the following steps:
1.    On your keyboard, press Win+X to open the WinX Menu.
2.    Right-click Command Prompt and select Run as Administrator.
3.    Run the following command:

Ipconfig /flushdns

If the command succeeds, the system returns the following message:

“Windows IP configuration successfully flushed the DNS Resolver Cache.”
image

Windows  7

To clear your DNS cache if you use Windows 7, perform the following steps:

1.    Click Start.
2.    Enter cmd in the Start menu search text box.
3.    Right-click Command Prompt and select Run as Administrator.
4.    Run the following command:

Ipconfig /flushdns

5.    If the command succeeds, the system returns the following message:
“Windows IP configuration successfully flushed the DNS Resolver Cache.”

image

Windows XP, 2000, or Vista

To clear your DNS cache if you use Windows XP, 2000, or Vista, perform the following steps:
1.    Click Start.
2.    On the Start menu, click Run….
•    If you do not see the Run command in Vista, enter run in the Search bar.
3.    Run the following command in the Run text box:
Ipconfig /flushdns
4.    If the command succeeds, the system returns the following message:
Successfully flushed the DNS Resolver Cache.

image

MacOS 10.10.4 and above

To clear your DNS cache if you use MacOS X version 10.10.4 or above, perform the following steps:

1.    Click Applications.
2.    Click Utilities.
3.    Click Terminal.
4.    Run the following command:

sudo killall -HUP mDNSResponder

5.    If the command succeeds, the system does not return any output.
6.    Warning:
7.    To run this command, you must know the computer’s administrator account password.

image

MacOS 10.5 and 10.6

To clear your DNS cache if you use MacOS X version 10.5 or 10.6, perform the following steps:

1.    Click Applications.
2.    Click Utilities.
3.    Double-click Terminal.
4.    Run the following command:

sudo dscacheutil –flushcache
5.    If the command succeeds, the system does not return any output.
6.    Warning:
7.    To run this command, you must know the computer’s administrator account password.

image

MacOS 10.7, 10.8, and 10.9

To clear your DNS cache if you use MacOS X version 10.7, 10.8, or 10.9, perform the following steps:

1.    Click Applications.
2.    Click Utilities.
3.    Double-click Terminal.
4.    Run the following command:


sudo killall -HUP mDNSResponder
5.    If the command succeeds, the system does not return any output.
6.    Warning:
7.    To run this command, you must know the computer’s administrator account password.

image

MacOS 10.10.1, 10.10.2, and 10.10.3

To clear your DNS cache if you use MacOS X version 10.10 through 10.10.3, perform the following steps:

1.    Click Applications.
2.    Click Utilities.
3.    Click Terminal.
4.    Run the following command:
sudo discoveryutil mdnsflushcache
5.    If the command succeeds, the system does not return any output.
6.    Warning:
7.    To run this command, you must know the computer’s administrator account password.

Do you have any question? write in comment box.

Honeywell Security – Pro-Watch Web Interface User Guide 0

The Pro-Watch Web Client User’s Guide provides the procedures and information necessary to install and use the Pro-Watch 4.3.5 Web Client.

This guide is written for the Pro-Watch system administrators, Pro-Watch Badging Operators, and Pro-Watch Reporting Users.

Pro-Watch

The Pro-Watch platform is a complete access control system of hardware and software for small, mid-size, and global-enterprise sites. The user can configure sites that range from five users and 64 doors to an unlimited number of users and doors. The Pro-Watch system supports Honeywell and third-party access control hardware and software, including panels, readers, intercom units, and CCTV equipment. There are two interfaces available for this product: • An application-based interface • A browser-based interface These interfaces support both a server component and a client component. This guide describes how to use the browser-based interface. For information on the application-based product, see the Pro-Watch® Software Suite Release 4.3.5 User Guide, 7-901071V13.

Download – Honeywell Security –  Pro-Watch Web Interface User Guide

How to install Active Directory Users and Computers for Windows 2008 0

 

 

Windows Server 2008 Standard Instructions:

Expand:

  • Remote Server Administration Tools
    • Role Administration Tools
      • Active Directory Domain Services Tools

Then check Active Directory Domain Controller Tools.

Windows Server 2008 R2 Instructions:

Expand:

  • Remote Server Administration Tools
    • Role Administration Tools
      • AD DS and AD LDS Tools
        • AD DS Tools

Then check AD DS Snap-Ins and Command-Line Tools.

Feature Includes:

  • Active Directory Users and Computers
  • Active Directory Domains and Trusts
  • Active Directory Sites and Services

 

Manual Garbage Collection Process In active directory : Step By Step 0

You can use LDP.EXE to do the garbage collection control. Here are the steps:

Step1:   

 In Ldp.exe, when you click Browse on the Modify menu, leave the Distinguished name box empty.

Step2:

In the Edit Entry Attribute box, type “DoGarbageCollection” (without the quotation marks),

Step3:

 In the Values box, type “1” (without the quotation marks).

Step4:

Set the Operation value set to Add and click the Enter button, and then click Run.

 

Important:

It is possible that the garbage collection you start using the above method could stop in favor of more important tasks like AD replication in the same way as the scheduled garbage collection does.

If that happens you can simply repeat the garbage collection steps above until all of the objects are removed.

What is server core in wondows server 2016 ?

Explain Nano Server in windows server 2016

What is Government Sponsored Malware

 

Download Free Log Server – ELK