This Is How I Spend My Time

A Blog About Self-Imposed IT Projects and Tech Exploration

Month: September 2023

Configure a SPAN port for Security Onion in Proxmox

September 10, 2023 /

The remaining server left to create in my lab is a Security Onion server. Security Onion is an out of the box blend of multiple open source tools that feed a central alert dashboard. I actually created a whole separate Pluralsight course called Security Onion Concepts and Basic Functionality if you are interested. The course covers the fundamentals, installation, and basic operation of the tool. This post is focused on capturing network traffic using my lab’s Security Onion server. To enable that, I configure a SPAN port for Security Onion in Proxmox on my pfsense virtual machine.

Configure physical NIC passthrough on the host

Prerequisite: Installing a Network Firewall Using Pfsense in Proxmox

My Proxmox lab has multiple hosts which significantly complicate this operation. The Security Onion server and pfsense firewall are located on separate hosts which means I have to pass the network traffic between hosts. I enabled this capability previously with software defined networking. There was a problem though, this does not support SPAN ports effectively. The best way I found to enable a SPAN port in Proxmox is to configure a physical NIC passthrough on the host. This allows me to assign a physical port on the host directly to a virtual machine which successfully passes all traffic.

The first step I took is to enable IOMMU in the /etc/default/grub file by adding the line below as seen in the image.

GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on"
Image of /etc/default/grub file with line added
Enable IOMMU in Proxmox

Then I ran update-grub and reboot the machine. To check that the setting is correct after reboot, I ran the command below and looked for “IOMMU enabled”.

# dmesg | grep -e DMAR -e IOMMU
Example output of the dmesg command above
Example output of dmesg command

Next I added the required modules to enable physical NIC passthrough by editing the /etc/modules file and adding the modules in the image below.

Output of /etc/modules file with required modules added
Added required modules for physical NIC passthrough

Just to be safe, I rebooted the machine at this point and then checked that I could add a PCI device in the hardware setting in Proxmox.

Configure a SPAN port for Security Onion in Proxmox

Now that I can map a physical NIC to one of my virtual machines, I added one of the host ethernet adapters to the hardware on my pfsense virtual machine.

To make this work correctly on my old servers, I also had to enable unsafe interrupts with this command:

# echo "options vfio_iommu_type1 allow_unsafe_interrupts=1" > /etc/modprobe.d/iommu_unsafe_interrupts.conf
Example output of command to enable unsafe interrupts
Command run to enable unsafe interrupts

Now when I access the pfsense interface menu from the command line, the new interface is available as bce0.

Example output of pfsense screen showing new interface available.
New interface available in pfsense

I assigned the interface the name OPT2 and then in the web configurator I enabled it and gave it a description of SPANport.

pfsense web configurator interface configuration screen
Enabling the interface in web configurator

To configure a SPAN port in pfsense, you actually create a bridge within the interface menu. I went to Interfaces > Interface Assignments > Bridges and made a new one to create the SPAN port. I selected the LAN interface, added a description and then selected the SPANPORT interface under Span Port in the advanced configuration.

pfsense SPAN port bridge configuration
Adding a SPAN port in pfsense

To complete my lab setup I did the same thing for the DMZ network, leaving me with two bridges.

Bridges view in pfsense web configurator
SPAN ports in pfsense

The last step to verify operation is to test the SPAN port. To test, I used the packet capture tool in pfsense and set the interface to SPANPORT. I also enabled promiscuous mode to capture all data seen by the adapter.

Once I ran it, I could see multiple packets showing it was working as intended.

On the Security Onion server I will add another physical adapter, just like the pfsense machine. Then I will connect the interfaces directly with an ethernet cable.

Skipping ahead a bit to show it works

The output in Security Onion is not something I cover in the lab build, but it worked as configured in this post. Here is a tcpdump on my Security Onion Server and an overview of alerts.

I covered the how to install in a Pluralsight course, and you could also follow their documentation to build it. Security Onion is really one of the last steps to creating the basic structure of this lab other than adding the Kali machine and enabling remote access, but I also cover in the next post how to add VulnHub machines to the DMZ.

Next: Add a VulnHub Machine to Proxmox
Previous: Join an Ubuntu Machine to Active Directory

Building My Own App to Track Personal Goal Progress and Be Better

September 10, 2023 /

This post is a break from my typical posts around the build out of my home hacking lab or anything to do with Pluralsight. I decided to document the beginning of a process of building my own app by explaining the reasons behind it.

I was on vacation in August enjoying some down time to relax. While traveling to and from each destination, I had time to take note of changes in my life and where I wanted it to go. What I noticed is that while I felt like I had achieved most of what I set out to do, there were gaps between where I was today and where I still wanted to be. I felt like while each of the areas below were good, there is always room for improvement and I shouldn’t settle on where I was if I could make it better.

I decided that:

  • I want to be a better husband and father.
  • I want to achieve and maintain a better mental state.
  • I want to have hobbies again and share them with my kids.
  • I want to cook better food and healthier meals to share with my family.
  • I want to get in better physical shape again and feel more energized everyday.
  • I want to finally build something of my own and gain the independence and freedom that comes with it.

Those are big statements that I am sure everyone wants to achieve to some degree. How am I going to break these down into manageable chunks and actually achieve them?

Building habits to achieve a goal

A few months ago I read a great book on working to become better called Atomic Habits. If you have never read it, I highly recommend purchasing it or reading a copy from the library. It is a great book that will motivate you to be better. In it he discusses a concept of changing habits to get 1% better everyday results in a 37x improvement over 1 year. You’ve probably seen the concept in images that look something like the one below.

The power of tiny gains chart from JamesClear.com
Power of tiny gains image from James Clear’s website (author of Atomic Habits)

To achieve everything I want to achieve, I will need a system. To create a system, I need to do a combination of setting measurable goals for the next year, and creating habits that will lead their achievement.

Solving my own problem by building my own app

Based on my larger long term goals above, I decided to set measurables goals for achievement in the next year. These goals will help me improve multiple aspects of my life and be a better me. I am still working out every specific goal and building the habits around it. My plan is to document in their own posts tied to each category because each are worth their own post.

I realized in planning this out that I would need a good place to track all of my goals, habits, and progress toward them. Since one of my goals is to build something of my own and gain the independence and freedom that comes with it, building my own app is the perfect way to get started. There are other benefits outside of independence and freedom. Building this will help me brush up on my coding skills. I will learn a new programming language, and gain experience creating a modern web application.

I plan to stick with something simple to start and build from there. Using what I know seems like the best way for me to get the underlying application working.


© 2024 This Is How I Spend My Time

Theme by Anders NorenUp ↑