Topics

1

Zenarmor (Sensei) / Wave Browser - anyone have a list of sites to block

« on: November 06, 2024, 05:06:26 pm »

I have a user that decided the browsers that we include on our PCs is not good enough. I saw a long list of things being blocked and that always gives me concern. I tracked it back to a Wave Browser which is basically a malware conduit and of course, it installs in user space (because Microsoft thought that was a good idea). Starting remediations now and in the custom blocking that I added, I did tell my system to send the info. back to Zenarmor so they can include it in future blocking.

But doesn't anyone have a list of sites that should block this garbage?

Here's what I've blocked so far:

Code: [Select]

wavebrowser.com

 mywavehome.net

 wavebrowser.co

 gowavebrowser.com

 gowavebrowser.co



There are some prefixes that go with these, but I figure if I get the top level it should block them.

2

Zenarmor (Sensei) / Quic UDP connections

« on: October 18, 2024, 05:27:03 pm »

I'm seeing many Quic UDP connections in my logs, the few I've checked go straight to google... How soon before we see trackers and ads from this same type of connection?



I copied the entry but then when I pasted it I see a bunch of information that I just don't want to post (like lat/long) from the Live Sessions, I was going through and blocking a bunch of stuff that popped up with Firefox on Debian and Chrome through Kasmweb.

3

24.7 Production Series / 24.10 Business upgrade?

« on: October 17, 2024, 04:11:15 pm »

I see a post in announcements that 24.10 Business is out... Anyone do this yet?

I don't have a test machine set up for this, so I might wait a few days, or wait until I can perform this while I'm here.

4

Hardware and Performance / M.2 a+e Intel i226 pcie 3 question

« on: October 09, 2024, 02:27:23 am »

Hopefully I'm not wasting money here... HP T740 has pcie 3.0 single lane a+e key slot for wifi. I don't need the WiFi so I just ordered an Intel i226 2.5gbps card to go in that slot. Question is this, will that single lane actually go all the way up to 2.5 gbps?

Going to be weeks for the card to arrive, I hope it is really Intel and really an i226.

I also have a dual 10gbps card going in the 4x slot, again hoping it will go full bandwidth on one of the ports. This is not an OPNsense specific question, but could get used again if need be.

5

General Discussion / Schedule OS updates for off hours?

« on: October 04, 2024, 09:39:50 pm »

Is there a way to schedule when an OS update can be done and automatically reboot when finished?

I've had the Business update waiting for me for about 2 weeks now, and no good time I can interrupt my users (stupid Adobe may close the projects if it loses constant connection).

6

General Discussion / Zabbix monitoring OPNsense?

« on: September 17, 2024, 04:50:45 pm »

I'm finally starting to roll out Zabbix on my system to try and reduce the effort of finding issues when they first occur, I had an issue with a server that was a couple weeks old and finally found it, Zabbix would have given me a single place to look and found it in a day.

Anyway, I see very little about what the Zabbix Agent can do or see, even less on which template I should select. I also see talk about an SNMP template and how OPNsense uses an older SNMPd which may or may not be a problem.

Could someone give me a rundown of what I need to do to monitor things? Ultimately I'd really like to see Suricata warnings and blocks, and Zenarmor threats and blocks. As well as is it operating, out of ram, cpu stuck at 100%, etc.

Or am I wanting too much?

Currently running a Zabbix 7.0.3 server on Debian if any of this matters, no proxies yet. And so far only a single Windows server connected, I want to read a bit more before putting important servers on the system. OPNsense is on hardware and the servers are all on XCP-NG hypervisors.

7

Zenarmor (Sensei) / Site listed as parked domain, should I block it?

« on: September 17, 2024, 04:33:07 pm »

I had a site pop up on my threats page (actually many that I'm going through right now) and I'm not sure if I should bother blocking it or leave it alone. Site is ingesteer.services-prod.nsvcs.net and it gives a 404 error when I go there.

I'm not finding good data on nsvcs.net, seems there are a bunch of subdomains and none of them seem to have anything in common.

Anyone have more details on what this really is, and should we be blocking them? Right now the filters allow this to try and connect, but maybe this is the wrong action?

8

General Discussion / Small, low power, low heat mini pc for virtualization lab?

« on: August 28, 2024, 05:08:10 pm »

I'm looking for some help. It appears that I may be moving and there will be no room, power, heat, noise load available for my current lab (4 HP DL360 gen8 servers), so I'd like to find some inexpensive mini PC to replace them. I'd really like an 8c/16t processor (or more) and really up to 64gb of ram in each host. AMD is fine, Intel 12th generation or older would also be OK (worrying about 13th and 14th Intel right now). Price is a factor and this is where I'm having the hardest part in what I can buy.

The HP DL360 I bought with 20c/40t processors and 128gb of ram for $200 shipped, I'm not finding anything in that pricing realm on the new market, and not sure what to look for on the used market, let alone in the mini PC segment. Going to need to go back through the Serve the Home Tiny, Mini, Micro stuff and see if I can find a jewel in there that fits my price and power considerations.

9

Zenarmor (Sensei) / 1.17.6 update problem

« on: August 06, 2024, 08:39:35 pm »

This is mostly an FYI.

I noticed today that the dashboard in Zenarmor said there was an update, so I clicked on the button to start this process... It never went farther than 30%, after about an hour, I went to system --> firmware --> status and checked for updates. This found the 1.17.6 update and was able to get this installed.

I know the Zenarmor Dashboard way has worked for me in the past, but not today.

I'm running current Business version of OPN.

10

24.1 Legacy Series / Memory management different 24.4.1/24.1.9? Or Intel/AMD?

« on: July 03, 2024, 07:49:06 pm »

I set up my business version yesterday, and while it initially showed a huge amount of RAM in use (over 7gb or around 50%), it is now down to 34%. Old system was normally around 45-47%

Old system was AMD V1756B with 16gb and an Intel i350 card. OPNsense 24.1.9

New system Intel Xeon E3-1230v5 with 16GB of ECC ram and 10Gtek i350 card. OPNsense 24.4.1

Both were running IDS/IPS, Crowdsec, Zenarmor (free), and a DHCP server pointing to a fifth port. Rules and exceptions were copied from one device to the other so they should be at parity for features.

Is this a business optimization or and AMD to Intel optimization, or just an oddity? The only software difference was the Realtek NIC driver for the AMD device, since it had a single Realtek NIC that I was using for a "management" port with a laptop as needed.

I'm certainly not complaining, but sometimes you just have to ask why this might be happening. This Intel based version does seem to "run" faster, sites complete loading faster and the GUI performs better. But the CPU scores for both single and multithread are fairly close, so I would have expected similar performance. I did verify that the Intel branded cards I bought were real genuine Intel, not the counterfeit that are available.

11

Zenarmor (Sensei) / ecs.office.com - block or allow?

« on: July 02, 2024, 10:00:49 pm »

I just set up my OPN Business on the "permanent" hardware and with it there was an update to Zenarmor that I hadn't done on the "testing" computer I was using before this... I'm now seeing an ecs.office.com block which is some kind of Microsoft "automatic" Office configuration and update utility that was probably running through unseen on the old firewall.

Do I kill it or let it pass? Yes I do have Office (2021 LTSC) installed on pretty much every desktop here. I'm just not familiar with it and wondering two things:

#1 will it mess up my Office installs?

#2 does Office (local install but KMS activated) still work if I block it?

I should mention that the last time I did any real looking at the firewall and what might be getting blocked, I was running Windows 10 LTSC 21h2, now I'm on Windows 11 Education 23h2 so a lot of change on all my desktops.

12

24.1 Legacy Series / Enter license key in serial/vga?

« on: June 28, 2024, 09:37:38 pm »

Is there a way to enter your license key in the serial/vga console?

I'm setting up my business version and went to check for updates while still in the VGA console (#12), and it reached out to the site with license key as part of the URL, same as downloading the initial version.

If not possible now, can this be added to the menu so we can enter the key while still in the VGA/serial console?

13

24.1 Legacy Series / Unbound not starting after 24.1.9_3

« on: June 20, 2024, 10:37:25 pm »

I just updated to 24.1.9_3 and unbound won't seem to start, even after a reboot. But DNS is still getting forwarded through my local DNS servers so I guess I'm kind of OK.

I do have Zenarmor free version running, if that matters.

14

24.1 Legacy Series / Getting ready for 24.7?

« on: June 18, 2024, 03:28:37 pm »

When getting ready for the 24.7 major update, is there a version that we must be upgraded to in order for a smooth path to 24.7?

I'm on 24.1.8 and see that .9 is now out, should I go ahead and do the .9 upgrade or doesn't it really matter when considering going to 24.7?

My logic comes from Windows Server inplace upgrades... Server 2008r2 had to go to 2012(r2) before getting to 2016 or 2019, and I think had to be 2019 before 2022. And yes, I've done a lot of inplace upgrades and no problems, but I did do fresh installs when moving physical to virtual and just migrated the functions between the old and new machines. Call me an idiot if you like, but inplace worked fine for me.

That said, not sure if I'll go 24.7 or get my business system built, I should probably get the business system running instead of chasing new shiny things.

15

Hardware and Performance / DEC 2752 and 2770 RAM question

« on: June 06, 2024, 07:55:56 pm »

This is probably a couple years away for me so things may change drastically, but here goes...

Is it possible to get more ram in the DEC2752 and DEC2770 devices? I'm seeing nearly half of my current 16gb in use right now, so going back to 8gb seems like it might get in the way. Before I upgraded to the 16gb, I was seeing 6.5gb+ in use with my very basic configuration. Zenarmor used a lot of that, but planning to continue using this going forward and may expand it to the paid version and extra policies (uses more ram?).

Just thought I would ask and if not possible now, maybe possible in the future?

All that said, I'm guessing it is just a DDR4 SODIMM module (or maybe desktop sized) or two that need to be added/swapped and would be cheap to upgrade. But is the end user allowed to do this without voiding any warranty the device might have? Is it possible to option this on the purchase page? The photo on the 2700 series page makes me think this is DDR4 desktop sized and single module, but again, I thought I would ask.