medieval castle with large towers
 

projects page

we are going to highlight some of our most interesting projects and work here feel free run with it

these are what is coming.

  • fortinet SSLVPN auto-ban list, and subnet blocking

    • we manage a number of fortinet firewalls with SSL VPN - yes its going away, but currently to keep it more secure, the firewalls use a webhook to feed the source IP to a web API. This uses an ip look up tool to determine the source and if it gets an IP ban or we escalate it to a full subnet ban.

    • this will be elaborated on and source code posted etc. so it can be duplicated if you are interested

    • our list has about 4000 IPs on it that are currently blocked and about 4000 subnets - all from the US - but you could make this work from anywhere as well as adopt any triggers for the webhook so you can ban on IPS triggers etc.

  • AD detection scripts, for security related events

    • we use an go API with powershell scripting to collect specific logs from windows servers related to AD events that are important

      • new user creation

      • any change to the domain admins group

      • account lockouts

      • dcdiag output monitoring - anything not healthy at the moment.

    • no agent software and no installers to update on the client servers

      • this give us as small of a footprint as we can make and still see what we need to see

  • check-in API for backup jobs

    • we use veeam mostly for backups and rather than read all the reports every day from veeam, the jobs check in to a web api when successful. if 24hrs goes by without a successful check in we send an alert.

  • custom monitoring: we still use nagios for monitoring and alerting due to its simplicity and customization so that we can build anything we need.

    • by anything we mean anything, kafka cluster topics, sure, grab values like messages per second and compare with trends over last week, is one behind? - send alerts.

    • easy dell server health, monitor the idrac with snmp and 2 queries gives you the full picture of its health. storage, power etc.

    • same for windows, get the basics on alert, disk space, uptime and you can infer more data from this.

      • if uptime is too long, and its windows, its probably not updating or being patched. mmmmm

      • disk space should not ever catch you by surprise - monitor these with SNMP and alert when any volume is above the threshold.

    • ssl certs - easy to check with nagios checks, always be aware of when they are going to expire

      • or if they are not auto-renewing with ACME etc

    • need temperature monitoring of server closets etc? servers have inlet temp sensors usually, same with switches etc. Also collecting this data can be pushed/scraped to grafana and reviewed for trends over time. or alerts from within grafana and skip the nagios all together.