Guilgo Blog

Notes from my daily work with technology.

OpenClaw: troubleshooting homelab installation with Docker, Telegram and Ollama

Real errors, causes and copy-paste fixes when OpenClaw doesn't respond

OpenClaw troubleshooting guide for homelab: Telegram webhook 409 conflict, Docker and Ollama, 16k context model, CPU timeouts and OpenAI API alternative.

Posted by David Guillermo on Tuesday, February 17, 2026

Prioritize critical patches in WSUS when Wazuh detects CVEs

From Vulnerability Detector alerts to controlled deployment on Windows

Practical workflow to approve and deploy only critical updates in WSUS when Wazuh alerts on vulnerabilities, with pilot groups and prioritization criteria.

Posted by David Guillermo on Friday, February 6, 2026

Parental control with Wazuh, AdGuard and Telegram

Implementation of a full open-source parental control system using Wazuh as SIEM, AdGuard Home for DNS filtering and Telegram for real-time alerts.

Posted by David Guillermo on Sunday, November 30, 2025

Monitoring WireGuard logs with Wazuh

Practical guide to integrate WireGuard log monitoring with Wazuh, using rsyslog to capture kernel events and custom decoders for security alerts.

Posted by David Guillermo on Monday, November 24, 2025

Wazuh releases 4.9.1 to mitigate Mirai botnet attacks (CVE-2025-24016)

Wazuh has released 4.9.1, which fixes the CVE-2025-24016 vulnerability (insecure deserialization in the Wazuh Server) that was later exploited by Mirai variants against exposed servers. Effective mitigation is to upgrade to 4.9.1 or later on manager, indexer and dashboard, then upgrade agents to maintain compatibility.

Executive summary

  • CVE-2025-24016 allows RCE on wazuh-manager (v ≥ 4.4.0 and < 4.9.1). Fixed in 4.9.1.
  • There was active exploitation by Mirai botnets in 2025 against servers with exposed API.
  • Wazuh stated that the bug requires API credentials; with panel or API exposed and weak keys, the risk is critical.

Sources: CVE/NVD, Release notes 4.9.1, Akamai/Censys advisories and official upgrade guide.

Posted by David Guillermo on Tuesday, September 30, 2025

Monitoring Active Directory and Office365 with Wazuh: custom rules and critical events

How to deploy Wazuh as SIEM/XDR to meet cybersecurity requirements, detecting account lockouts, authentication failures and key events on Windows and Office365.

How to deploy Wazuh to monitor Active Directory and Office365 with custom rules in local_rules.xml, critical EventIDs and centralized Kibana dashboards.

Posted by David Guillermo on Thursday, August 28, 2025

avatar

Sysadmin, self-taught by curiosity.

FEATURED TAGS
linux microsoft powershell security sysadmin telegram wazuh wsus