User contributions for Admin

16 December 2025

• 17:0917:09, 16 December 2025 diff hist +3,208 N QUAGGA - Documentation Created page with "Category:Wiki === Starting the OSPF Daemon === The OSPF daemon (ospfd) is used to configure Open Shortest Path First (OSPF) routing. <nowiki> sudo systemctl start ospfd</nowiki> === Starting the BGP Daemon === The BGP daemon (bgpd) configures Border Gateway Protocol (BGP) routing. <nowiki> sudo systemctl start bgpd</nowiki> == Configuring OSPF == To configure OSPF, the `ospfd.conf` file needs to be modified. This file is usually located in `/etc/quagga/ospfd.c..."
• 17:0217:02, 16 December 2025 diff hist +4,908 N BASH - crtl-snort2c-fail2ban.sh Created page with "Category:Wiki == crtl-snort2c-fail2ban.sh == <nowiki> #!/bin/bash # Define the IP addresses at the top for easy customization IP_PFSENSE_SOURCE_01="1.2.3.4" IP_PFSENSE_SOURCE_02="1.2.3.5" IP_FAIL2BAN="1.2.3.6" IP_PFSENSE_DEST="1.2.3.7" SSH_KEY="/path/to/your/ssh/key" # Specify your SSH private key location SNORT_TABLE="snort2c" # Define the pfSense Snort table name # Function to fetch banned IPs from the remote pfSense Snort2c table via SSH fetch_pfs..."
• 16:4516:45, 16 December 2025 diff hist +7,477 N SPLUNK - Filters Documentation Created page with "Category:Wiki == Understanding Splunk Log Filtering == Splunk log filtering works primarily through the following features: * **Search Processing Language (SPL)**: This is the language used to filter, analyze, and transform data in Splunk. * **Event Types**: Classifying logs into different event types helps in simplifying complex log data into easy-to-analyze categories. * **Field Extraction**: Fields are used to create searchable and filterable data from the raw l..."
• 16:3116:31, 16 December 2025 diff hist +4,513 N VIRSH - Documentation Created page with "Category:Wiki == Basic Usage == === Connect to a Hypervisor === You can connect to a local or remote hypervisor with the following command: <nowiki> virsh connect qemu:///system</nowiki> This connects to the local system's hypervisor. For remote systems, replace `qemu:///system` with a URI of the remote host, such as `qemu+ssh://user@hostname/system`. === List Virtual Machines === To list all virtual machines on the system, including running, paused, and shut o..."
• 16:2816:28, 16 December 2025 diff hist +6,960 N QEMU - Documentation Created page with "Category:Wiki == QEMU Basics == === Architecture Emulation === QEMU can emulate different hardware architectures. For example, if you want to run a PowerPC-based system on an x86 host, you can use QEMU to emulate PowerPC hardware. <nowiki> qemu-system-ppc -cdrom install.iso -m 1024</nowiki> This command starts a virtual machine emulating a PowerPC architecture with 1024 MB of RAM and an installation ISO image mounted as a CD-ROM. === Virtualization vs. Emulatio..."
• 16:2316:23, 16 December 2025 diff hist +5,315 N PWGEN - Manpage Created page with "Category:Wiki == pwgen Manpage == <nowiki> PWGEN(1) General Commands Manual PWGEN(1) NAME pwgen - generate pronounceable passwords SYNOPSIS pwgen [ OPTION ] [ pw_length ] [ num_pw ] DESCRIPTION The pwgen program generates passwords which are designed to be easily memorized by hum..."
• 16:2316:23, 16 December 2025 diff hist −5,307 BASH - Generate-Password.sh No edit summary
• 16:2116:21, 16 December 2025 diff hist +798 BASH - Generate-Password.sh No edit summary
• 15:3415:34, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - w00tw00t No edit summary
• 15:3415:34, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - Proxmox No edit summary
• 15:3315:33, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - PHPmyAdmin No edit summary
• 15:3315:33, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-xss No edit summary
• 15:3315:33, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-wordpress No edit summary
• 15:3315:33, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-suspicious No edit summary
• 15:3315:33, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-sql-like No edit summary
• 15:3215:32, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-sql-inj No edit summary
• 15:3215:32, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-shell-command No edit summary
• 15:3215:32, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-rfi No edit summary
• 15:3215:32, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-php-code-inj No edit summary
• 15:3215:32, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-path-t No edit summary
• 15:3115:31, 16 December 2025 diff hist −2 FAIL2BAN - Filter.d - http-non-exist No edit summary
• 15:3115:31, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-nextcloud No edit summary
• 15:3115:31, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-malicious No edit summary
• 15:3115:31, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-lfi No edit summary
• 15:3115:31, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-kevins No edit summary
• 15:3015:30, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-dolibarr No edit summary
• 15:3015:30, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-dir-trav No edit summary
• 15:3015:30, 16 December 2025 diff hist +51 FAIL2BAN - Filter.d - http-ddos No edit summary
• 15:3015:30, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-crlf No edit summary
• 15:3015:30, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-command-inj No edit summary
• 15:2915:29, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-502-503 No edit summary
• 15:2915:29, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-404 No edit summary
• 15:2915:29, 16 December 2025 diff hist +53 FAIL2BAN - Filter.d - http-403 No edit summary
• 15:2815:28, 16 December 2025 diff hist +8 FAIL2BAN - Filter.d - http-401 No edit summary
• 15:2815:28, 16 December 2025 diff hist +45 FAIL2BAN - Filter.d - http-401 No edit summary
• 15:2115:21, 16 December 2025 diff hist +1,631 CLONEZILLA - Set up Clonezilla in GRUB on a Debian-based VPS No edit summary
• 14:5514:55, 16 December 2025 diff hist +4,456 N FAIL2BAN - Filter.d - http-nextcloud Created page with "Category:Wiki = Definition = <nowiki> [Definition] # /etc/fail2ban/filter.d/http-nextcloud.conf # Nextcloud-specific abuse patterns failregex = ^<HOST>.*( # Login related attacks (brute-forcing, password guessing, and login attempts) /index.php.*action=login.*| # Login attempts /index.php.*user.*| # User login page /index.php.*password.*| # Password reset or login-related parameters /index.php.*a..."
• 14:5414:54, 16 December 2025 diff hist +4,057 N FAIL2BAN - Filter.d - http-dolibarr Created page with "Category:Wiki = Filter.d = <nowiki> [Definition] # Dolibarr specific attack patterns failregex = ^<HOST>.*( # Login-related attacks (Brute-forcing, password guessing) /index.php.*action=login.*| # Login page (login attempt) /index.php.*login.*| # Generic login attempt /index.php.*password.*| # Password reset or login with parameter /index.php.*user.*| # User login attempt..."
• 14:4314:43, 16 December 2025 diff hist +5,438 N FAIL2BAN - Filter.d - http-wordpress Created page with "Category:Wiki = Filter.d = <nowiki> [Definition] # /etc/fail2ban/filter.d/http-wordpress.conf # WordPress specific attack patterns failregex = ^<HOST>.*( # WordPress Core and Admin /wp-admin/install.php.*| # WordPress install script /wp-admin/.*/| # Wildcard to catch all wp-admin paths /wp-login.php.*| # Login page /wp-activate.php.*| # Account activation /wp-config.php..."
• 14:3414:34, 16 December 2025 diff hist +170 FAIL2BAN - fail2ban-client Manpage No edit summary
• 14:3014:30, 16 December 2025 diff hist +4,088 N FAIL2BAN - Filter.d - http-kevins Created page with "Category:Wiki = Filter.d = <nowiki> [Definition] # Script-kiddies and Kevins patterns failregex = ^<HOST>.*/wp-content/plugins/hellopress/wp_filemanager.php.* ^<HOST>.*/wp-includes/rest-api/alfa-rex.php7.* ^<HOST>.*/widgets.php.* ^<HOST>.*/b.php.* ^<HOST>.*/admin.php.* ^<HOST>.*/autoload_classmap.php.* ^<HOST>.*/wp-activate.php.* ^<HOST>.*/db.php.* ^<HOST>.*/bless.php.* ^<HOST>.*/blurbs.php.* ^<HOST>.*/cord.php.* ^<HOST>.*/axx.php..."
• 14:2814:28, 16 December 2025 diff hist +517 N FAIL2BAN - Filter.d - http-xss Created page with "Category:Wiki = Filter.d = <nowiki> [Definition] # http-xss.conf # Cross-Site Scripting (XSS) # Matches typical XSS attack vectors where input is reflected on the web page failregex = ^<HOST>.*(<script.*>.*</script>|<.*javascript:.*|<.*onerror=.*|<.*onload=.*|<.*alert\(.*\)).*$ ignoreregex =</nowiki> = Jail.conf = <nowiki> [http-xss] enabled = true banaction = %(banaction_allports)s logpath = /var/log/nginx/*.access.log maxretry = 1 bantime = -..."
• 14:2714:27, 16 December 2025 diff hist +479 N FAIL2BAN - Filter.d - http-suspicious Created page with "Category:Wiki = Filter.d = <nowiki> [Definition] # http-suspicious.conf # General Suspicious URL Patterns (including bad characters like `\`, `;`, `&`, etc.) failregex = ^<HOST>.*(\/\.\.\/|\.\.\/|\.\.\\|\\|%%3b|%%26|%%2f|%%2e%%2e).*$ ignoreregex =</nowiki> = Jail.conf = <nowiki> [http-suspicious] enabled = true banaction = %(banaction_allports)s logpath = /var/log/nginx/*.access.log maxretry = 1 bantime = -1 findtime = 3d backend = polling</now..."
• 14:2614:26, 16 December 2025 diff hist −1 FAIL2BAN - Filter.d - http-sql-like No edit summary
• 14:2614:26, 16 December 2025 diff hist +564 N FAIL2BAN - Filter.d - http-sql-like Created page with "Category:Wiki = Filter.d = <nowiki> [Definition] # http-sql-like.conf # SQL-like SELECT Statements that could indicate SQL Injection Attempts # This also tries to capture long SELECT/INSERT/UPDATE queries with SQL injection techniques failregex = ^<HOST>.*(select.*from.*|insert.*into.*|update.*set.*|delete.*from.*).*$ ignoreregex =</nowiki> = Jail.conf = <nowiki> [http-sql-like] enabled = true banaction = %(banaction_allports)s logpath = /var/lo..."
• 14:2514:25, 16 December 2025 diff hist +622 N FAIL2BAN - Filter.d - http-sql-inj Created page with "Category:Wiki = Filter.d = <nowiki> [Definition] # http-sql-inj.conf # SQL Injection Attempts # Matches common SQL injection patterns such as ' or 1=1 --, ; DROP TABLE, etc. failregex = ^<HOST>.*(select.*from.*where.*union.*select.*from.*information_schema.tables|insert.*into.*values.*select.*from.*information_schema.tables|union.*select.*null.*from.*information_schema.tables|or.*1=1).*$ ignoreregex =</nowiki> = Jail.conf = <nowiki> [http-sql-inj] enabled =..."
• 14:2314:23, 16 December 2025 diff hist +510 N FAIL2BAN - Filter.d - http-shell-command Created page with "Category:Wiki = Filter.d = <nowiki> [Definition] # http-shell-command.conf # Attempted Shell Command Execution in URLs (e.g., using ?cmd=) # This could indicate an attempt to execute system commands via web apps. failregex = ^<HOST>.*(\?cmd=|system\(|exec\().*$ ignoreregex =</nowiki> = Jail.conf = <nowiki> [http-shell-command] enabled = true banaction = %(banaction_allports)s logpath = /var/log/nginx/*.access.log maxretry = 1 bantime = -1 findt..."
• 14:2214:22, 16 December 2025 diff hist +546 N FAIL2BAN - Filter.d - http-rfi Created page with "Category:Wiki = Filter.d = <nowiki> [Definition] # http-rfi.conf # Remote File Inclusion (RFI) # Matches attempts to include remote files (e.g. http://example.com/malicious_file.php) failregex = ^<HOST>.*(?:https?|ftp):\/\/(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,6}\/.*\.(?:php|jsp|asp|cgi|pl|txt|xml|json|html?).*$` ignoreregex =</nowiki> = Jail.conf = <nowiki> [http-rfi] enabled = true banaction = %(banaction_allports)s logpath = /var/log/nginx/*.access...."
• 14:2114:21, 16 December 2025 diff hist +480 N FAIL2BAN - Filter.d - http-php-code-inj Created page with "Category:Wiki = Filter.d = <nowiki> [Definition] # http-php-code-inj.conf # PHP Code Injection # Matches PHP-based code injection attempts such as `<?php eval($_POST[cmd]); ?>` failregex = ^<HOST>.*(\<\?php.*eval.*\$_POST.*\;\?\>).* ignoreregex =</nowiki> = Jail.conf = <nowiki> [http-php-code-inj] enabled = true banaction = %(banaction_allports)s logpath = /var/log/nginx/*.access.log maxretry = 1 bantime = -1 findtime = 3d backend = polling</no..."
• 14:2014:20, 16 December 2025 diff hist +513 N FAIL2BAN - Filter.d - http-path-t Created page with "Category:Wiki = Filter.d = <nowiki> [Definition] # http-path-t.conf # Path Traversal Attacks # Matches attempts to traverse the directory structure (e.g., ../../etc/passwd or .\..\etc\passwd) failregex = ^<HOST>.*(\.\./|\.\.\\|%%2e%%2e%%2f|%%2e%%2e%%5c).*\/etc\/passwd.*$ ignoreregex =</nowiki> = Jail.conf = <nowiki> [http-path-t] enabled = true banaction = %(banaction_allports)s logpath = /var/log/nginx/*.access.log maxretry = 1 bantime = -1 fi..."