Develop Reference

Cassandra 4 and Cipher Suites

Trying out Cassandra 4 for encrypted internode communication.
Following settings are made in cassandra.yaml
server_encryption_options:
internode_encryption: all
optional: false
enable_legacy_ssl_storage_port: true
keystore: conf/.keystore
keystore_password: password
require_client_auth: true
truststore: conf/.truststore
truststore_password: password
require_endpoint_verification: false
# More advanced defaults below:
protocol: TLS
store_type: JKS
cipher_suites: [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
However these ciphers are not being listed with nmap --script +ssl-enum-ciphers -p 7000 <hostname>
Have not seen this issue with earlier Cassandra 3.11.x.
Are there any further settings apart from cassandra.yaml which are being missed here for Cassandra 4?

Ok, I think I see what's going on. Before Cassandra 4.0, inter-node SSL traffic used port 7001. However, Cassandra 4.0 allows both encrypted and unencrypted inter-node communication on port 7000...
...unless you explicitly enable the legacy SSL port...
enable_legacy_ssl_storage_port: true
Two possible solutions here:
Run npm against port 7001, and you should see the available ciphers returned.
Set enable_legacy_ssl_storage_port: false, restart, and the npm against port 7000 should work.

SQLMap: Can't establish SSL Connection: Need Solution

Am trying to use SQLMap with https but when i try
"C:\Python27\sqlmap>sqlmap.py -u https://localhost:8774/App/console/index.jsp --force-ssl" it returns
"Can't establish SSL Connection".
So it there any way that i can pass SSL certificate to SQLMap?
Environment Details:
OS: Windows 10
Python: 2.7
SQLMap: 1.4.2.42
Refer to attached image for more details.

remove https:// from 'u' paremeter, just put:
-u localhost:8774/App/console/index.jsp

A simple solution for that is to set up a proxy listener like Burp Suite, browse over to the site with the bad SSL certificate and Trust it.
After that, you can include the following option in your SQLMap command:
--proxy="http://PROXY-IP:PROXY-PORT"
where proxy ip is generally 127.0.0.1 and proxy port 8080.

What is the purpose of <Node "node"> in write_graphite plugin of collectd?

I am trying to understand what the purpose of the "Node" tag is. This is the plugin from my config file. What is the situation where one needs to use multiple Node tags?
<Plugin write_graphite>
<Node "default">
Host "graphitehost"
Port "2003"
Protocol "tcp"
LogSendErrors true
Prefix "collectd."
StoreRates true
AlwaysAppendDS false
EscapeCharacter "_"
</Node>
</Plugin>

Simply when you want to send the data to multiple graphite servers.

collectd not able to send data to graphite carbon daemon

We have a graphite full stack server which receives metrics from different machines. While other collectd client are sending data fine, one of the client is giving the below error:
Jan 29 23:24:44 collectd-client collectd[25489]: write_graphite plugin: send
to graphite-server:2003 ((null)) failed with status -1 (Connection
refused) Jan 29 23:24:44 collectd-client collectd[25489]: collectd: Stopping
5 write threads.
collectd.conf as below
LoadPlugin syslog
LoadPlugin cpu
LoadPlugin df
LoadPlugin disk
LoadPlugin interface
LoadPlugin load
LoadPlugin memory
LoadPlugin rrdtool
LoadPlugin write_graphite
<Plugin df>
MountPoint "/"
</Plugin>
<Plugin disk>
Disk "/^[hs]d[a-f][0-9]?$/"
</Plugin>
<Plugin interface>
Interface "eth0"
</Plugin>
<Plugin write_graphite>
<Node "carbon">
Host "sde-graphite"
Port "2003"
Prefix "collectd"
Postfix "collectd"
StoreRates true
AlwaysAppendDS false
EscapeCharacter "_"
</Node>
</Plugin>

Verify whether carbon is running in host sde-graphite at port 2003. you can do a netstat and see if there is a UDP listener at 2003. I guess, it is not running.

SOLVED:
I had the same issue, my metrics are always working but randomly some nodes stop sending metrics. And collectd shows the same error:
Jun 18 15:04:23 node-a collectd[20235]: write_graphite plugin: send to 10.8.0.100:2003 (udp) failed with status -1 (Invalid argument)
Jun 18 15:04:23 node-a collectd[20235]: Filter subsystem: Built-in target `write': Dispatching value to all write plugins failed with status -1.
The daemon is still alive but not sending metrics to graphite.
NOTE: My nodes send data to graphite trough an openvpn tunnel.
It seems to be a connection timeout error against the graphite server. I can reproduce the error by stopping/interrupting vpn service and immediately collectd shows the error above.
Hope it helps
Enjoy!

How to use nxLog

How to use nxLog? I installed it on my windows 7 and unix box, but not able to use it.
My Conf File(not sure its correct or not):
define ROOT C:\Program Files\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension syslog>
Module xm_syslog
</Extension>
<Input in>
Module im_file
File 'D:\dotnet\Analytics\nxLog\association.log'
SavePos TRUE
ReadFromLast TRUE
PollInterval 1
Exec $Message = $raw_event; $SyslogFacilityValue = 22;
</Input>
<Output out1>
Module om_udp
Host 10.1.1.1
Port 514
Exec to_syslog_bsd();
</Output>
<Output out2>
Module om_udp
Host 10.1.1.2
Port 514
Exec to_syslog_bsd();
</Output>
<Route 1>
Path in => out1, out2
</Route>
And not sure what to write in host and port.

nxlog.log should contain the error messages to help you diagnose the problems.
"And not sure what to write in host and port."
The destination where the udp syslog should be sent to.

So your host is the destination IP address or hostname (haven't verified hostname functionality) of your destination. AKA where you want to send your logs to. The port is the port. After you update make sure to go to nxlog/data/nxlog.log to check and see if everything started up OK. If it did you should see no error messages at the bottom. I've only done it with TCP and it says that it's trying to establish a connection and then nothing below it. Not sure what you would see with UDP. I also see a message that says "Info nxlog started"
Good luck