設定 BIND9 伺服器

關於 BIND 的設定之前(2014)有寫過一篇，不過年代久遠。兩相對照語法，其實架構沒太大改變。現在都用免費託管方案 Cloudflare DNS 顯少自己維運，畢竟還是有機會被打爆。

/etc/bind# vim named.conf.local

zone "example.com" in {
  type master;
  file "/etc/bind/db.example.com";
};

/etc/bind# vim db.example.com

$TTL    86400
$ORIGIN example.com.    ; base domain-name

@  IN  SOA  dns.example.com. admin.example.com. (
   20230909    ; Serial
   43200       ; Refresh
   3600        ; Retry
   1209600     ; Expire
   180 )       ; Minimum TTL

; Nameservers
@                  IN  NS  dns.example.com.;

; Records
dns.example.com.   IN  A   [IP];
test.example.com.  IN  A   [IP];

/etc/bind# vim named.conf.options

options {
  directory "/var/cache/bind";
  dnssec-validation auto;
  
  auth-nxdomain yes;    # conform to RFC1035
  listen-on-v6 { none; };
  listen-on port 53 { any; };
  allow-query { any; };
  allow-query-cache { none; };
  recursion no; 
  also-notify { };
};

開源XDR平台 - Wazuh

開源的 XDR 平台！感覺安裝不會太難，但要On Premise維運不知能不能做到？

Wazuh is a free and open source security platform that unifies XDR and SIEM protection for endpoints and cloud workloads.

端點(agent)支援的作業系統有 Linux, Windows, macOS

The Wazuh agent is multi-platform and runs on the endpoints that the user wants to monitor. It communicates with the Wazuh server, sending data in near real-time through an encrypted and authenticated channel.

然後概念驗證(POC)章節有提到怎麼觸發告警

• Detecting suspicious binaries
• File integrity monitoring
• Detecting an SQL injection attack
• Vulnerability detection