De-Coder’s Ring

Enterprise Ubiquiti at Home – Amazing Speed!

July 6, 2017 / Chris Fauerbach / 0 Comments

It’s often surprising to folks to learn that I’m not always on the latest and greatest technology. As a technologist, it’s kind of ironic. Yet alas, here I am, running the same airport extreme that I’ve been running for what feels like a decade. It works great, the 802.11N signal is pretty strong through out the house, except for the far reaches.

It died.

That sucked. Being wifi-less, in the day of ipads and xboxes, it a tough life. I decided to step it up a notch, and do a proper installation of a much better wifi (with 802.11 AC!) solution to replace the old, busted. After researching a lot of different technologies, I ended up following the sage research of a friend of mine, Jorge. He doesn’t know it, but I did. Ha!

Ordering the Ubiquiti Unifi device was simple, thanks Amazon Prime for super fast delivery ,you can find it here (referral link):

Ubiquiti Networks Unifi 802.11ac Dual-Radio PRO Access Point (UAP-AC-PRO-US)

Ubiquiti Networks Unifi 802.11ac Dual-Radio PRO Access Point (UAP-AC-PRO-US)

Yeah, it kind of looks like a space ship. Pretty legit.

Installation was simple. For now, it’s plugged straight into my Verizon Fios box. Over time, I’ll tie it into a full ubiquiti setup for meshing, security, firewall logging, etc…. and I need a packet capture solution in there, duh!

Create a new cable

I didn’t have a long enough Cat5e cable sitting around, so I had to make one. Always rely on the Internet for figuring out the wire pattern;

Thank you: GroundControl.com for the image

After doing that, I used the supplied template from the Unifi , and put it on the wall outside of the coat closet that’s my ‘data center’ as well

Ubiquiti Unifi – Wall mount bracket

Ubiquiti Unifi – Holes in the wall

Once the holes were drilled, I passed the new CAT5 cable through it, routed it in the closet using some zip ties and whatnot around the walls, back to my FIOS router. Setup was super simple in the Unifi app that runs locally in a web browser. Here’s a picture of the Access Point (AP):

Ubiquiti Unifi – Access Point

Mounting the AP to the bracket was exactly like mounting a smoke detect. Plug in the cat5 cable, use the little dust cover that comes with it, place it on the bracket, push and twist! Then it glows like a spaceship… or at least how spaceships glow in my head:

Ubiquiti Unifi – Glowing Spaceship

The finished product:

Ubiquiti Unifi – On the wall and running

Next to buy, is the security gateway:

Unifi Security Gateway

Neo4J Tutorial – Published Video!

June 30, 2017 / Chris Fauerbach / 0 Comments

You may have noticed that my stream of thought posts on Neo4J. It’s pained my, cause you know, drawing the balls is fun.

Today, I get to announce a published video tutorial on Neo4J by Packt Publishing!

We developed an in depth course, covering a bunch of graph database and Neo4J problems, ranging from:

Installation
What is a graph database?
comparing to a relational database
Using Cypher Query Language (Cypher, CQL)
Looking at various functions in Neo4j
Query profiling

It was a ton of work, over a few months, but, the support from Packt was great. I’m really looking forward to getting feedback on the course!

http://bit.ly/fauie-neo4j1

Packt Publishing – Learning Neo4j Graphs and Cypher

Simple Tip: Provision an Elasticsearch Node Automatically!

June 21, 2017 / Chris Fauerbach / 0 Comments

I built out a new Elasticsearch 5.4 cluster today.

Typically, it’s a tedious task. I haven’t invested in any sort of infrastructure automation technology, because, well, there aren’t enough hours in the day. I remembered a trick a few of us came up with at a previous bank I used to work for. Using a shell script in AWS S3, that gets downloaded in a user init script in EC2, and bam, off to the races!

I won’t give away any tricks here, since my boss would kick me… again, but, since this processed was used heavily by me and team previously, I don’t mind sharing.

We didn’t use it specifically for Elasticsearch, but, you can get the gist of how to use it in other applications.

First step, upload the script to AWS S3. Here, I’ll use an example bucket of “notmybucket.com” – that’s my bucket, don’t try to own it. for reals.

Let’s call the script “provision.es.sh”

The provision file can look something like this:

#!/bin/bash
yum -y remove java-1.7.0-openjdk
yum -y install java-1.8.0-openjdk   jq  wget
 
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.4.2.rpm
rpm -i elasticsearch-5.4.2.rpm
chkconfig --add elasticsearch
aws s3 cp s3://notmybucket.com/elasticsearch.data.yml.template /etc/elasticsearch/elasticsearch.yml
cd /usr/share/elasticsearch
./bin/elasticsearch-plugin install -b discovery-ec2
./bin/elasticsearch-plugin install -b repository-s3
./bin/elasticsearch-plugin install -b x-pack
cd /etc/elasticsearch
echo "EDIT ES Settings"


INSTANCE_ID=$(/opt/aws/bin/ec2-metadata  --instance-id | cut -f2 -d " ")
AVAIL_ZONE=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .availabilityZone)
REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region)
NAME=$(aws ec2 describe-tags --filters "Name=resource-id,Values=$INSTANCE_ID" --region=$REGION --output=json | jq -r .Tags[0].Value)
echo $INSTANCE_ID
echo $AVAIL_ZONE
echo $REGION
echo $NAME


sed -i -- "s/INPUT_INSTANCE_NAME/$NAME/" elasticsearch.yml
sed -i -- "s/INPUT_RACK/$REGION/"        elasticsearch.yml
sed -i -- "s/REGION/$AVAIL_ZONE/"        elasticsearch.yml

cat elasticsearch.yml
echo "Now run service elasticsearch start"
service elasticsearch start

#!/bin/bash

yum -y remove java-1.7.0-openjdk

yum -y install java-1.8.0-openjdk jq wget

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.4.2.rpm

rpm -i elasticsearch-5.4.2.rpm

chkconfig --add elasticsearch

aws s3 cp s3://notmybucket.com/elasticsearch.data.yml.template /etc/elasticsearch/elasticsearch.yml

cd /usr/share/elasticsearch

./bin/elasticsearch-plugin install -b discovery-ec2

./bin/elasticsearch-plugin install -b repository-s3

./bin/elasticsearch-plugin install -b x-pack

cd /etc/elasticsearch

echo "EDIT ES Settings"

INSTANCE_ID=$(/opt/aws/bin/ec2-metadata --instance-id | cut -f2 -d " ")

AVAIL_ZONE=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .availabilityZone)

REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region)

NAME=$(aws ec2 describe-tags --filters "Name=resource-id,Values=$INSTANCE_ID" --region=$REGION --output=json | jq -r .Tags[0].Value)

echo $INSTANCE_ID

echo $AVAIL_ZONE

echo $REGION

echo $NAME

sed -i -- "s/INPUT_INSTANCE_NAME/$NAME/" elasticsearch.yml

sed -i -- "s/INPUT_RACK/$REGION/" elasticsearch.yml

sed -i -- "s/REGION/$AVAIL_ZONE/" elasticsearch.yml

cat elasticsearch.yml

echo "Now run service elasticsearch start"

service elasticsearch start

You’ll see reference to an elasticsearch.data.yml.template.. that’s super simple:

cluster.name: fauie.com.es5

node.name: INPUT_INSTANCE_NAME
node.master: false
node.data: true
node.ingest: true

node.attr.rack: AVAIL_ZONE
network.host: 0.0.0.0
http.port: 9200
cloud:
    aws:
        region:  REGION

discovery:
    zen.hosts_provider: ec2
    ec2:
        groups:  es5.in



script.inline: true
xpack.security.enabled: false
xpack.monitoring.enabled: true
xpack.watcher.enabled: false

cluster.name: fauie.com.es5

node.name: INPUT_INSTANCE_NAME

node.master: false

node.data: true

node.ingest: true

node.attr.rack: AVAIL_ZONE

network.host: 0.0.0.0

http.port: 9200

cloud:

aws:

region: REGION

discovery:

zen.hosts_provider: ec2

ec2:

groups: es5.in

script.inline: true

xpack.security.enabled: false

xpack.monitoring.enabled: true

xpack.watcher.enabled: false

Made up a security group, etc… configure the security group to whatever you’re using for your ES cluster.. change the bucket to your bucket.

Each ES host needs a unique name (beats me what will happen to elasticsearch if you have multiple nodes with the same name.. they’re geniuses.. it’s probably fine, but, you can test it, not me). Alternatively, try to use your instance ID as your node name!

Then your user init data looks super stupid and simple:

#!/bin/bash
sudo su -
aws s3 cp   s3://notmybucket.com/provision.es5.sh   .
bash ./provision.es5.sh

#!/bin/bash

sudo su -

aws s3 cp s3://notmybucket.com/provision.es5.sh .

bash ./provision.es5.sh

Add user data

Once you complete your EC2 creation, you can verify the output in:

/var/log/cloud-init-output.log

# grep "Now run" /var/log/cloud-init-output.log
Now run service elasticsearch start

1 2	# grep "Now run" /var/log/cloud-init-output.log Now run service elasticsearch start

Spilling the beans…

June 13, 2017 / Chris Fauerbach / 0 Comments

Today, I’m at ILTA’s LegalSec Summit 2017. Giving a talk later about Threat Automation:

Talk

I’m excited about sharing some information about Threat Intelligence, automation and application on a network sensor. That’s all good stuff.

What I’m really happy about, is that I can be totally open with the technology. My goal is to educate folks on how they can do what my company does on a daily basis. As an open source advocate, and a giant fan of a lot of the technology that I use every day (duh!), it’s good to show others how to do it. We don’t provide anything that qualifies as super cool intellectual property…. we have some, but anyone can build the basics to run in their shop. The challenge comes with the human capital needed to build and run this stuff. That’s a big part of the challenge.

De-Coder’s Ring

Software doesn’t have to be hard

Enterprise Ubiquiti at Home – Amazing Speed!

Neo4J Tutorial – Published Video!

Simple Tip: Provision an Elasticsearch Node Automatically!

Spilling the beans…

Subscribe to Blog via Email

Old Posts