Upgrade Microsoft Domain Controller 2008 R2 to DC 2012 R2 with Exchange 2010 in the current environment.


Upgrade Microsoft Domain Controller 2008 R2 to DC 2012 R2 with Exchange 2010 in the current environment.

Prerequisites:
1- Windows 2012 R2 fully patches
2- New Windows 2012 R2 server should be joined to the Domain controller 2008r2

After you get all the prerequisites ready, start the Server manager and click on Add roles then add the ADDS role and follow the following instructions
Install the role and the n configure it as following
clip_image001
Add it to the existing DC
clip_image002

clip_image003
clip_image004
clip_image005
clip_image006
clip_image007
clip_image008
clip_image009
clip_image010
to migrate the AD Operations Master roles.  The simplest way to move these roles is via PowerShell.  On Server 2012 AD PowerShell modules, this can be done from anywhere.  Simply run the following command to view you current configuration, and change them:
PS C:> netdom query FSMO
clip_image011
Move-ADDirectoryServerOperationMasterRole -identity “dc1” -OperationMasterRole 0,1,2,3,4
clip_image012
clip_image013
Making sure that all the roles have been migrated :
netdom query FSMO
clip_image014
clip_image015
Adding second DC
clip_image016
Reference:
https://technet.microsoft.com/en-us/library/ee617229.aspx?f=255&MSPPError=-2147217396
Source: Default-First-Site-NameDC2
******* 1 CONSECUTIVE FAILURES since 2015-03-23 19:37:45
Last error: 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
Naming Context: CN=Configuration,DC=kibtek,DC=local
Source: Default-First-Site-NameDC2
******* WARNING: KCC could not add this REPLICA LINK due to error.
Naming Context: CN=Schema,CN=Configuration,DC=kibtek,DC=local
Source: Default-First-Site-NameDC2
******* WARNING: KCC could not add this REPLICA LINK due to error.
Naming Context: DC=kibtek,DC=local
Source: Default-First-Site-NameDC2
******* WARNING: KCC could not add this REPLICA LINK due to error.
clip_image017
Resolution:
After joining new DC you will see this error until the replication with the PDC and schema master is finished.
Use the repadmin /syncall to hasten the sync process.
clip_image018
After we changed the PDC and Schema master role server to the new DC and shut down the old DC for test. On Exchange 2010 server you might get the following error
Exchange Console
clip_image019
Current deployment

  1. Exchange 2010
  2. New DC 2012 R2 with another Additional DC installed newly.
  3. Two DC 2008R2 but have been shut down for testing.

Problem:
After you shutdown or demote the old PDC or Schema master Demote Domain Controller role, Microsoft Exchange Management Console fails to retrieve any Exchange information with error message “An error caused a change in the current set of Active Directory Server settings. Restart Exchange Management console.”
Cause
Microsoft Exchange management console caches the data in the user’s profile for quick access, So whenever you try to open EMC from an existing Exchange admin profile you will get the same error.
Resolution:
Navigate to the following folder and delete the Exchange Management Console file.
{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}userprofile{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}appdataroamingMicrosoftMMCExchange Management Console
clip_image020

Hope this was useful Winking smile

What to have in your Linux Desktop?

The tools that a Must have on Linux Desktop are

1- Variety

(Automatic desktop wallpaper downloader and customizer), Variety also displays quotes on your desktop along with wallpapers.

clip_image001

2- Cairo dock (shortcut bar to Applications)

clip_image002

3- Shutter (Graphic tool)

Shutter is a graphic tool that can take snapshots, desktop screenshots and edit them or send them to your e-mail.

it’s very powerful and every button on it can be customized with a shortcut by the keyboard. for example if you want to create a shortcut for screen selection (Like the OneNote on Windows) you can simply open the keyboard shortcuts app (mate-keybinding-properties)

clip_image003

Once you have launched the keyboard shortcuts utility, you can customize a new shortcut to take a screenshot for you with Shutter by selection.

clip_image004

You will have to click on Add and create a new shortcut as following

clip_image005

Once you click apply, you can assign the shortcut for this command.

For example, I am using the shortcut CTRL + SHIFT + S

clip_image006

4- Remote Desktop tools

A- NoMachine

NoMachine is a free and very powerful remote desktop utility that works on all Operating systems and supports all kinds of features that are available in other remote desktop utlities like (Radmin, Teamviewer, RDP).

clip_image007

5- OneDrive for Linux.

http://xmodulo.com/sync-microsoft-onedrive-linux.html

Install onedrive-d on Linux

While onedrive-d was originally developed for Ubuntu/Debian, it now supports CentOS/Fedora/RHEL as well.

Installation is as easy as typing the following.

$ git clone https://github.com/xybu92/onedrive-d.git
$ cd onedrive-d
$ ./inst install

First-Time Configuration

After installation, you need to go through one-time configuration which involves granting onedrive-d read/write access to your OneDrive account.

First, create a local folder which will be used to sync against a remote OneDrive account.

$ mkdir ~/onedrive

Then run the following command to start the first-time configuration.

$ onedrive-d

It will pop up a onedrive-d’s Settings window as shown below. In "Location" option, choose the local folder you created earlier. In "Authentication" option, you will see "You have not authenticated OneDrive-d yet" message. Now click on "Connect to OneDrive.com" box.

clip_image008

It will pop up a new window asking you to sign in to OneDrive.com.

clip_image009

After logging in to OneDrive.com, you will be asked to grant access to onedrive-d. Choose "Yes".

clip_image010

Coming back to the Settings window, you will see that the previous status has changed to "You have connected to OneDrive.com". Click on "OK" to finish.

clip_image011

Sync a Local Folder with OneDrive

There are two ways to sync a local folder with your OneDrive storage by using onedrive-d.

One way is to sync with OneDrive manually from the command line. That is, whenever you want to sync a local folder against your OneDrive account, simply run:

$ onedrive-d

onedrive-d will then scan the content of both a local folder and a OneDrive account, and make the two in sync. This means either uploading newly added files in a local folder, or downloading newly found files from a remote OneDrive account. If you remove any file from a local folder, the corresponding file will automatically be deleted from a OneDrive account after sync. The same thing will happen in the reverse direction as well.

Once sync is completed, you can kill the foreground-running onedrive-d process by pressing Ctrl+C.

clip_image012

Another way is to run onedrive-d as an always-on daemon which launches automatically upon start. In that case, the background daemon will monitor both the local folder and OneDrive account, to keep them in sync. For that, simply add onedrive-d to the auto-start program list of your desktop.

When onedrive-d daemon is running in the background, you will see OneDrive icon in the desktop status bar as shown below. Whenever sync update is triggered, you will see a desktop notification.

clip_image013

6- Evolution Email Client for Exchange accounts.

If you ever thought of using an e-mail client that supports your account on Microsoft Exchange Email server’s protocol which is known as (RPC over HTTP) then you have probably used Mozilla thunderbird or kmail, geary..etc but all those clients don’t support Exchange’s most flexible connectivity which is RPC over HTTP that will sync all your emails, contacts, tasks, calendars ..etc

To Install evolution, all you have to do is open Linux Terminal and type the following

Sudo apt-get install evolution

clip_image014

Since I already have Evolution installed it won’t proceed and will tell me that it’s already installed. but that’s not all!

In order to setup an Exchange account on Evolution you will have to install an Evolution plugin that will support the web services for the RPC over http connectivity which is known as (EWS = Exchange Web Services).

In order to install this plugin you will have to type the following command

Sudo apt-get install Evolution-ews

clip_image015

Once you install the plugin, you can launch the program and setup your account as following.

Click on Add as in the picture

clip_image016

When you click add you should be welcomed by a message saying "Welcome to Evolution wizard ..etd"

Click Continue and then type in your name and email address in the next window

You can skip the automatic configuration as Evolution still doesn’t support Exchange Autodiscover mechanism for auto configuration of the account. so you must manually provide all the configuration of your exchange as following

clip_image017

In the host URL you will have to provide your Exchange server’s EWS URL which usually looks like this

https://mail.domain.com/ews/exchange.asmx

In my case I am using an Office 365 account so instead I’ll use Microsoft’s EWS url.

https://outlook.office365.com/ews/exchange.asmx

For the OAB (Offline Address Book) you also need to provide the configured URL of the OAB on your Exchange Server. which in my case again it’s Microsoft Office 365.

https://outlook.office365.com/OAB

you will need to make sure that the correct authentication method is set (NTLM) in my case, this can vary though on Exchange server’s Outlook Anywhere configuration. it can be Basic as well. so it’s up to your configuration to choose but for Office 365 it’s NTLM.

clip_image018

Once you finish the configuration you can continue and you’ll get prompted to enter your Credentials. as soon as you finish typing your Password hit enter and your e-mails will start syncing. as in the following snapshot

clip_image019

That’s it, you’re setup here either if it’s an exchange on-premises or Office 365 for Linux desktop client.

Here’s another guide for the new mapi connectivity for Evolution, probably the same steps

https://www.linux.com/learn/tutorials/370590:connect-evolution-to-an-exchange-server

7- For Office (Word, Powerpoint ..etc) I prefer to use Kingsoft’s community version along with LibreOffice

Since Libre office provide more tools or the full package I still use it on Linux but Kingsoft’s WPS tools have a user friendly and rich of tools GUI.

clip_image020

In order to download WPS software you will have to navigate to the link below and download the suitable version with your Linux OS. or use the terminal to download latest available version with the following command

sudo apt-get install wps-office

http://wps-community.org/download.html

8- For media there are various available software and tools that you can use on Linux to either listen to music or edit mp3s or convert media types.

A- Audacity (Convert and Edit audio files).

B- Spotify (listen to music online)

C- Clementine (Listen to Music on your computer)

D- VLC (Watch Videos on your PC) or use it as a streaming server.

There are other useful tools and things to do on Linux OS as it’s a very flexible and customizable OS but I’ll end this article here and write a new one about how to decorate your welcome screen and your desktop with beautiful pictures and tools.

Hope you find this useful Smile 

 

Exporting and Importing PST from Exchange 2003 to Exchange 2013

In order to export mails from Exchange 2003 (should not exceed 2 GB) you will have to copy Administrator user into another user “admin” and give that user the rights to access all other mailboxes.
You will have to navigate to the Mailbox store
clip_image001[5]
Right click the mailbox store and click on Properties
Go to Security tab and add the new user (Admin) and give it full control as below
clip_image002[4]
Apply, then sign out of the windows session to the Exchange machine and use the newly added domain admin to login and then open the Exmerge application
clip_image003[4]
Select the second step (Extract or Import)
clip_image004[4]
Select step1
clip_image005[4]
Select the Exchange name and the DC (They should be set automatically)
clip_image006[4]
Select the users that you want to be exported (shouldn’t exceed 2 GB).
clip_image007[4]
Select the local language
clip_image008[4]
Select the destination folder (In my case I mapped a network drive)
clip_image009[4]
Save settings for later use if you want or just click Next.
clip_image010[4]
Once done, the mailbox will be exported.
clip_image011[4]
————
Importing into Exchange 2013
In exchange 2013 Open the EMS as administrator
Before you start, you should move all the PST files into a shared folder in the network and add the “Exchange Trusted Subsystem” user to its permission.
clip_image012[4]
clip_image013[4]
The same user should be added to the security tab
clip_image014[4]
clip_image015[4]
Providing import and export permission on Exchange 2013
In order to import the PST files to Exchange 2013 users you will have first to assign the Exchange Admin account the capability of importing these PST files then sign out from the EAC portal and back in
To do so you will have to go to EAC then go to Permissions and double click on the Recipient Management
Click Add and select the Mailbox Import Export and click Add then OK
clip_image016[4]
clip_image017[4]
I will add members to this role group
clip_image018[4]
clip_image019[4]
After signing in back to the EAC with the administrator I got the Import PST options.
clip_image020[4]
clip_image021[4]
clip_image022[4]
clip_image023[4]
For Management shell usage
http://technet.microsoft.com/en-us/library/ff607310(v=exchg.150).aspx
Importing PST using EAC and following up with EMS
clip_image024[4]
Importing Single folder from source PST file into a target folder in email
Importing the folder Sent Items from the file basakc_backup.pst into target folder Sent Items in Mhamada user.
Note:
The parameter -TargetRootFolder will create a folder inside the existing Sent Items folder
clip_image025[4]
clip_image026[4]
clip_image027[4]
clip_image028[9]
image
clip_image030[8]
Importing large items into mailbox in Exchange
clip_image031[8]

Hope you found this useful Open-mouthed smile

Active Directory Migration from Windows Server 2008 R2 to Windows Server 2012 R2

Active Directory Migration from Windows Server 2008 R2 to Windows Server 2012 R2
Friday, March 20, 2015
4:28 PM
Requirements:
  1. New VM machine with Windows Server 2012 R2 installed and up to date on it.
  2. ISO DVD copy of Windows 2012 R2 loaded on your 2008/R2 machine
First we’ll need to prepare the existing forest using the ADPREP command on the Windows 2012 R2 server DVD
You will have to insert the DVD on your 2008/R2 server and navigate to the following path
X:supportadprep
Then use the following command line
Adprep /forestprep
See the snapshot below
clip_image001
When this screen comes up, it’ll ask you to press C and enter to confirm the forest update. Click C and enter to continue and then it’ll show you the previous and next schema version
clip_image002
The process will continue to update the schema as in the below snapshot and it shouldn’t take time too
clip_image003
Here it has completed successfully and now we can move on to the next step.
clip_image004
Now you will have to join the 2012r2 VM machine that you have prepared to the existing DC 2008r2. after you do so you will have to promote this new 2012 server to an additional DC in the domain.
Open Server manager and add new ADDS role to this new server and follow the steps to add it as an additional DC.
clip_image005
clip_image006
clip_image007
clip_image008
When this finishes, the computer will automatically restarts.
Now you will have to start the Transferring of the FSMO from the 2008 R2 DC to the new one.
1- from ADUC on DC 2012r2 right click on Operations Masters
clip_image009
  1. Click on Change to the new DC and confirm OK to continue
clip_image010
Click Yes
clip_image011
clip_image012
We will have to do the same for the PDC and Infrastructure tabs
clip_image013
Note: make sure you close the firewall on both server for the transferring to be completed without issues
clip_image014
When you’ve made sure you have transferred all operation masters roles then close ADUC.

Mohammed Hamada

Lync Distribution Group

 

To add a certain number of Lync users to certain client list, you can create a distribution group with the following options
 

 

  1. The group scope should be universal
  2. The group type will be Distribution.
  3. You must include the e-mail address

Now when this group is created, you can add any number of users to it. I will add couple of users from Lync users
 

 
After adding the users that I wanted to add. Now I have to go to Lync server and force the Address book synchronization between GAL and Lync.
 

 
Wait about 5 mins to Clients to download latest updates and then you will be able to see the changes on the client list. If not you can force the clients to download the new updates by using GPO to force special registry value
 
This registry will be applied on the Clients
 
reg add HKLMSoftwarePoliciesMicrosoftOffice15.0Lync /v GalDownloadInitialDelay /t REG_DWORD /d 0 /f
From here you can now see the changes on Lync’s contact lists.
 

del.icio.us Tags: ,

Set Pin Authentication for Lync on DHCP Server

 

NOTE: I have attached the DHCPUTIL and all of the other required files with it, so you directly download them to your DHCP Server.

This is the shortest way to setup up Pin Authentication for Lync on the DHCP Server… 

First Copy/Download all the DHCP Utilities content from Lync Front end server to DHCP server and run the following command line

 

Note: Make sure you run DHCP on Command line (CMD) as an administrator. 

 

DHCPUtil.exe -SipServer YourFrontendFQDN.com –WebServer YourFrontendFQDN.com –RunConfigScript

 

On Lync Server make sure you run the following CMDLET on Lync powershell 

 

set-CsRegistrarConfiguration -EnableDHCPServer $true

 

That’s it you should be all set after you ran this command line and you should be able to see the new DHCP options are showing in the DHCP server console. 

To test the configuration you can run the same tool with a different parameter which will do the test for you, On a nother computer that’s not the “DHCP” open command prompt and run the following command line.

 

DHCPutil.exe –EmulateClient

 

Note: I’m attaching all the required files to this page below for download.


Troubleshooting:

 

If you run the command and you get the error below, then you might have a missing step 

 

DHCPUtil.exe -SipServer YourFrontendFQDN.com –WebServer YourFrontendFQDN.com –RunConfigScript

 

C:UsersadminDesktop> DHCPUtil.exe -EmulateClient

 

Starting Discovery …

Result: Failure =  -2147014848

Resolution:

On the Lync Server run the command 

set-CsRegistrarConfiguration -EnableDHCPServer $true 

Again on Lync server “Not DHCP” run the DHCPUtil.exe -EmulateClient to test the configuration.

 

http://www.moh10ly.com/blog/VoIP/set-pin-authentication-for-lync-on-dhcp-server/pin_auth.rar

 

del.icio.us Tags: ,

Web Conferencing Server connection failed to Establish on Edge server

 

Web Conferencing Server connection failed to Establish on Edge server 

 

In an environment of a domain with a backup DC you might face a problem with Lync Edge deployment.

After the step where you have to add the CA authority certificate to your Trusted CA store in Edge Server you might notice 

some errors with Edge server trusting the connection from Front end or vice versa.

The problem will happen if there’s two CA certificates in the Trusted CA store and you only have imported one of them.

 

 

Looking at the Front End server Certificate store which is joined to the Domain.

 

 

Errors might be generated by the same symptom are:

Web Conferencing Server connection failed to establish.

Over the past 1 minutes Lync Server has experienced incoming TLS connection failures 1 time(s). The error code of the last

failure is 0x80090325 (The certificate chain was issued by an authority that is not trusted.

) and the last connection was from the host “”.

 

Cause:

‘This can occur if this box is not properly configured for TLS communications with remote Web Conferencing Server.


Resolution:

Check your topology configuration to ensure that both this host and remote Web Conferencing Server can validate each 

other TLS certificates and are otherwise trusted for communications.

 

The XMPP Translating Gateway Proxy has no connections to any XMPP gateways.

Cause:

Connectivity issue.

 

Resolution:

Check that a configured gateway is running.

 

TLS outgoing connection failures.

Over the past 1 minutes, Lync Server has experienced TLS outgoing connection failures 1 time(s). The error code of the 

last failure is 0x80090325 (The certificate chain was issued by an authority that is not trusted.) while trying to connect to

the server “EGELYNCFE.domain.local” at address [192.168.16.45:5061], and the display name in the peer certificate is 

“Unavailable”.

Cause: Most often a problem with the peer certificate or perhaps the host name (DNS) record used to reach the peer 

server. Target principal name is incorrect means that the peer certificate does not contain the name that the local server 

used to connect. Certificate root not trusted error means that the peer certificate was issued by a remote CA that is not 

trusted by the local machine.

 

Resolution:

Check that the address and port matches the FQDN used to connect, and that the peer certificate contains this FQDN 

somewhere in its subject or SAN fields. If the FQDN refers to a DNS load balanced pool then check that all addresses 

returned by DNS refer to a server in the same pool. For untrusted root errors, ensure that the remote CA certificate chain

is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the local machine.

 

Resolution:

To Resolve this problem, make sure that you export both CA from Front End and import them in to Edge’s Trusted root 

CA Local store.

 

 

Enable-CsTopology : Multiple Active Directory entries were found for type “ms-RTC-SIP-EdgeProxy” with ID in a multiple Domain Environment

 

If you ever tried to publish Lync topology and receieved the following error, then go on read this article to the end to find the solution.

 

Enable-CsTopology : Multiple Active Directory entries were found for type “ms-RTC-SIP-EdgeProxy” with ID in a multiple Domain Environment

At line:1 char:1

+ Enable-CsTopology

+ ~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidData: (:SourceCollection) [Enable-CsTopology], InvalidDataException

+ FullyQualifiedErrorId : DuplicateADEntry,Microsoft.Rtc.Management.Deployment.ActivateTopologyCmdlet

to enlarge please click on the screenshot

to enlarge please click on the screenshot

Open ADSIEDIT and look in the following snapshot. Open Configuration for your DC

Collapse the menu and click on Services

Click on RTC Service

Click on Global Settings and on the right pane look if there’s any duplicated entries and remove them.

As you can see on my right pane I have 2 duplicated (msRTCSIP-EdgeProxy) and I’m going to remove one of them and see 

if I can publish my topology or not. But before that I will have to make sure that I export the entry that I wanna delete.

to enlarge please click on the screenshot

I right clicked on the last value and deleted it and here how it became now.

to enlarge please click on the screenshot

Now I will try to publish my topology and see what happens, my topology publishing failed with 

a new error this time.

to enlarge please click on the screenshot

I will have to go and check where’s this coming from, since it mentions TrustedService. I will go look in the trusted service

This is not going to be easy, as you need to be careful where you look .. You will need to make sure that you’re looking

at the right FQDN

to enlarge please click on the screenshot

Here I could find the value MRAS for the FQDN Edge server

So I looked here and found 2 identical entries with a different (CN) if you scroll down you will see that the GruuId is the

same, FQDN is the same, port is the same.

to enlarge please click on the screenshot

to enlarge please click on the screenshot

Let’s delete one of them and see again if we can publish our topology, So I deleted the one that starts with {b344}

I will do this using the Lync Powershell, you can see below that the Topology was published successfully.

to enlarge please click on the screenshot

To resolve the warning you will have to issue the cmdlet Enable-CsAdForest after the Enable-CsTopology

to enlarge please click on the screenshot

 

del.icio.us Tags: ,,,

Did you know that you can get hosted mail for free for your domain?

Yandex Offers Mail Accounts with Users’ Own Domain Names

 

This is probably an old news for some people but for me it’s the first time that I have heard/read about it! Yandex offers a free hosted email @YourOwnDomain.com! I have heard this only today from a friend who have been using it already on his own domain and the service quality is perfect and it’s 100{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f} FREE.

 

While searching online, I came through this article that was published by Yandex in regard to this service. The article was published on the Internet on October 27, 2009.

Yandex offers domain owners an opportunity to create an electronic mail account with any name they choose, including their personal name, as in ivan@theterrible.ru or peter@thegreat.ru. Using Yandex’s email service for domain owners, anyone who owns a domain can now create an email account for themselves, as well as accounts for their family, friends or co-workers, and share a personalized domain name with them.

The owner of one domain can have up to a hundred accounts — enough to serve a small company or to be distributed among the staff of a secondary school. The users of the Yandex’s email service for domain owners can benefit from all the features available to the users of the Yandex.Mail service, such as a modern interface, spam protection and unlimited space. The email service for domain owners is accessible online or via email clients Outlook, The Bat and other.

To create an email account with a personalized name, domain owners can visithttp://pdd.yandex.ru (in Russian). The service is currently in beta testing. Feedback, questions (including requests for more than one hundred email accounts) and partnership ideas are welcome at domain@yandex-team.ru.

In addition to having a personalized email address, domain owners can also create websites with personal domain names on Yandex’s free web hosting service narod.ru. Now Yandex offers its users an opportunity to have both a free, up-to-date website and a free, convenient email account in their own domain.

 

I already have some domains that I didn’t use any email servers for them and it came to my mind to use this service for those both domains.

Here’s mine, I already set it up on two different domains and if you want you can send me a test email to info@moh10ly.website  

 

image

 

image

Hope this was useful for you.Winking smile

 

del.icio.us Tags: ,,,

Setting up Snort on Pfsense

If you would like to protect your system from any public attacks e.g. (Exploits, Transitive trust, Data driven, Infrastructure, DOS, Magic… Etc.) then you should consider deploying IDS or IPS system to detect and protect your network from any attacks.
In Pfsense the famous open source firewall, you have the capability to deploy Snort which is one of the most famous and old IDPS systems around.
In order to do so you will have to go to Packages from System/Packages and install it
clip_image001[5]
After clicking on the packages button, you will get a list of packages and among them snort will be listed there
clip_image002[4]
Click on the + on the far right to start the installation process.
clip_image003[4]
I’ll Click on Confirm to continue
clip_image004[4]
After it’s been installed now you’ll be able to see it on the Services menu tab.
clip_image005[4]
Click on Snort and let’s go configure it.
clip_image006[4]
Before you start configuring Snort, you must know that in order to successfully get it to work you must be registered in at least one of the snort communities which publishes important rules that tells snort what to check.. Similar to the firewall’s rules.
The websites are as following and you can find their settings under the Global settings tab in snort window
https://www.snort.org/users/sign_up
https://portal.emergingthreats.net/register
clip_image007[4]
I will sign up to Snort free account and configure all of the snort supported rules in order to get the most of it. After signing up I’ll need to activate my account.
clip_image008[4]
clip_image009[4]
I have receieved the confirmation now and I’ll confirm my account now, Once confirmed Snort will provide you with a code called VRT Oinkmaster confirmation code.
clip_image010[4]
When your account is activated, you will need to go to your profile by clicking on your activated e-mail top right and you will find it on the left side. Copy the code and paste it to your snort on pfsense.
clip_image011[4]
Just like this
clip_image012[4]
So after I added the code this is how my Global Settings tab looks like (I enabled all the other free rules as well)
clip_image013[4]
clip_image014[4]
Now I will go to Updates tab and start updating rules tab. After clicking update this is how it will look like:
clip_image015[4]
When finished this is how it’ll look like
clip_image016[4]
Once Finished this is how the updates tab will look like
clip_image017[4]
If you are connecting to Pfsense from any location where you are planning to enable Snort Interface for then before you enable snort you must consider going to Pass Lists and add your IP (Either private if you’re planning to enable the LAN Interface or Public IP if you’re planning to include WAN Interface).
clip_image018[4]
In order to create a Pass list, you will have to create an Alias and add the Ips you would like to include in the pass note that these IPS are never going to be checked or filtered by Snort.
In order to create an Alias List, click on Firewall Tab and scroll to Alias
clip_image019[4]
Once in IP list page click on the + button far right to add the Ips that you would like to pass.
clip_image020[4]
From type select the type of hosts that you’d like to include there, for me I’d like to include only a couple of Ips
clip_image021[4]
Click Save and Apply then Close then go back to Snort’s Pass Lists and click on + to add new Pass list.
Select all the Networks, WAN IP, GATEWAY, DNS and finally the Alias that you have created and save.
clip_image022[4]
Once saved, this is how the pass lists is going to look like
clip_image023[4]
Now we can go back to Snort Interfaces and enable the WAN Interface for snort. I’ll click on Snort Interfaces tab and click + to add the new interface
clip_image024[4]
Below I will select block offenders in order to protect myself from DDoS attacks and other attempts to crack internet exposed servers e.g. (FTP, Http..etc) .
clip_image025[4]
clip_image026[4]
Here from Pass List I will select the list which I’ve created in the Pass List tab
clip_image027[4]
As you can see below when the icon is red it means that the Snort is not running and you will have to press on the red icon to turn it on.
clip_image028[4]
After enabling the WAN interface you will have to go define some rules and enable them.
clip_image029[4]
Let’s define some rules for this interface e.g. FTP in order to do so I will click on the E next to the WAN description far right on the top snapshot.
We should go to WAN Categories and select different category in order to apply rules.
clip_image030[4]
Note:
Enabling all rules might affect your VM or PM’s processor performance.
Now I will select all the rules from the rules list below and that will enable all the rules also that are included in the Snort GPLv2 Community.
clip_image031[4]
Once added, you will have to apply changes and then click on Apply …. And for any reason the service did not start as in the below snapshot then you should navigate to Status tab and check the “System Logs”
clip_image032[4]
In System logs I noticed the following error:
clip_image033[4]
After doing a lot of digging on this error it seems that it’s caused by the rule “Sensitive Data” and after disabling all the rule set in this rule I was able to start Snort on WAN again.
clip_image034[4]
When this is done, I will test snort if it’s working by simply try to hack into pfsense’s portal by using wrong passwords for let’s say 10/20 times and see if my IP will get blocked (I’ll use a different Public IP which is not in the pass lists)..
After trying about 7 attempts with wrong username and password I tried refreshing the page
clip_image035[4]
Here is what I got
clip_image036[4]
I will go check Snort blocked list and see if the IP that I tried connecting from is there note that the Public IP which I was trying to connect from was
clip_image037[4]
As you can see below the IP has been blocked and the alert description says it as it is (http_inspection)
So that means that our snort works as it’s supposedly expected to.
clip_image038[4]

If this has helped you, please leave a comment Winking smile

del.icio.us Tags: ,

Just another IT Website