How Can I See What Firewall I Have in Place?

August 15, 2019 Comments Off on How Can I See What Firewall I Have in Place?

Run:

sudo iptables -L -nxv | less -S

Direct Link to this FAQ Item: https://portal.activecountermeasures.com/support/faq/?Display_FAQ=872

Read More

How Can I Check the Status of My AC-Hunter and Zeek Systems?

August 15, 2019 Comments Off on How Can I Check the Status of My AC-Hunter and Zeek Systems?

This script will show the status of both the AC-Hunter and Zeek systems. Example call:

ach_status.sh | less

If you’d prefer to create a compressed version of this output ready to attach to a tech support email thread, run the following, all on one line:

TF=$(mktemp -q /tmp/achstat.$(date +%Y%m%d%H%M%S).XXXXXX) ; ach_status.sh >"$TF" 2>&1 ; gzip -9
"$TF"

The resulting file in /tmp/ whose name starts with achstat and ends with gz is ready to send back as part of a support request.

Direct Link to this FAQ Item: https://portal.activecountermeasures.com/support/faq/?Display_FAQ=871

Read More

Installing tcpdump

August 15, 2019 Comments Off on Installing tcpdump

This package is provided in all supported Linux distributions.

On Debian and Ubuntu linux, run:

sudo apt-get -y install tcpdump

On Centos, RHEL, or Fedora Linux, run:

sudo yum -y install tcpdump

Direct Link to this FAQ Item: https://portal.activecountermeasures.com/support/faq/?Display_FAQ=868

Read More

Troubleshooting Syslog Alerting

August 15, 2019 Comments Off on Troubleshooting Syslog Alerting

If you’re not receiving syslog events, please refer to the AC-Hunter Troubleshooting Alerting document below (PDF);

 

AC-Hunter Troubleshooting Alerting Document

 

Direct Link to this FAQ Item: https://portal.activecountermeasures.com/support/faq/?Display_FAQ=855

Read More

What Software Versions Am I Running?

August 15, 2019 Comments Off on What Software Versions Am I Running?

Run the following commands on the AC-Hunter system:

cat /opt/AC-Hunter/VERSION
./hunt run --rm api rita --version
./hunt run --rm db mongo --version

 

The “cat” command will return the version of AC-Hunter, while the 2 hunt commands will tell you the versions of Rita and Mongo on the system.

Direct Link to this FAQ Item: https://portal.activecountermeasures.com/support/faq/?Display_FAQ=854

Read More

Update Internal Address Space or DNS Servers

August 15, 2019 Comments Off on Update Internal Address Space or DNS Servers 
sudo vim /etc/AC-Hunter/rita.yaml

 

Edit the values after AlwaysInclude and/or InternalSubnets; be careful to use double quotes, no spaces between the left bracket and right bracket, and always put a /32 after individual IP addresses (or the appropriate subnet size after network blocks). Once saved, activate the changes by running:

sudo hunt up -d --force-recreate

 

Direct Link to this FAQ Item: https://portal.activecountermeasures.com/support/faq/?Display_FAQ=852

Read More