Search This Site
Pages
Categories
- Biology
- Cooking
- Culture
- Environmentally Sound
- home
- Home Networking
- Linux
- MS Thesis
- PLONS
- politics
- Quotes Facts
- QVLC (QEMU Virtual Lab Creator)
- Remodel
- Security
- Thesis
- Uncategorized
- Wireless Notes
Out Campaign
About The Writers
Recent Posts
- Parsing Suricata Stats.Log With Python
- Building An Inline Linux Router W/ (Suricata NIDS / Simple Front End) Part 1
- x86_64 Suricata NIDS RPM available here
- Suricata Testing Update – Thanks To Victor
- Still Working On OISF Engine Integration Into My Standard NIDS Setup
- OISF NIDS Suricata Slashdoted
- Installing The OISF NIDS Suricata on A Fedora 12 System
- OISF NIDS Engine Suricata Released Today
- DIY Bulletin Board On the Cheap And Quick
- Verizon USB760 Cell Modem On Fedora 11
- More on PDF Credentials Vulnerability
- Parsing PDF Files For User Credentials
- Fedora 12 Released Tomorrow
- Fedora 11 – tx200z HP Tablet – Part 4 – Video / Touch Screen
- Fedora 11 on a tx2000z HP Tablet PC – Continued Part 3 – Audio Installation
Meta
Parsing Suricata Stats.Log With PythonPosted January 10th
I thought I would take a moment and share a python script that I put together to quickly pass through the suricata stats.log file and give back the individual stats so that you can more easily graph them. Latter this week I'll be finishing up an automatic graphing program which I'll share as well. Here's the code, have fun. Each item from the stats file including the time stamps are stored as tuple's. So just add a print command as/where needed to see what it parsed from the log. #!/usr/bin/env python # -*- coding: utf-8 -*- # SuricataStatsGrapher-0.1.0.py # # Copyright (c) 2010 Joshua White # # GPL v.2 # # Author: Joshua White # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public License # as published by the Free Software Foundation; either version 2 of # the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 # USA # Contributor: import CairoPlot import cairo import math from pyparsing import * # -------- Open Log File and Recursivly Step Through ------ stats = open("/var/log/suricata/stats.log","r") igotStats = stats.readlines() # -------- Initialize tuple's --------------- date_time_stamp = () tcp_sessions = () decoder_pkts = () decoder_pkts_per_sec = () decoder_bytes = () decoder_bytes_per_sec = () decoder_mbit_per_sec = () decoder_ipv4 = () decoder_ipv6 = () decoder_tcp = () decoder_udp = () decoder_icmpv4 = () decoder_icmpv6 = () decoder_ppp = () decoder_pppoe = () decoder_gre = () decoder_avg_pkt_size = () decoder_max_pkt_size = () # -------- Parse For Specific Datasets and Store as Tuple's ------- for line in igotStats: ... Tagged as Linux, Security | No Comments » | Continue
Building An Inline Linux Router W/ (Suricata NIDS / Simple Front End) Part 1Posted January 2nd
Part 1: Ok so for this my goal is simple, I'm just looking to build a simple Inline Linux Router with NIDS capability using Suricata and a really simple front end to view logs through a web based interface. We'll call this 0.1.0 of the project/process. I'm in no way looking to replace anything that's already out there, I'm just screwing around. For this I'll be using an old server that's mounted in the rack in my office:- P4 - 1.67GHz
- 768 MB of PC-133 Memory
- 80 GB WD IDE HD
- 2x 10/100 3COM NICS
- echo 0 >/selinux/enforce
- newrole -r sysadm_r
- echo 1 >/selinux/enforce "to switch back to enforcing when you want to or reboot"
- yum -y install nano
x86_64 Suricata NIDS RPM available herePosted January 2nd
I through together an rpm for quicker setup time (download here), This is x86_64 for Fedora 12/11... this still requires htp and a few other items which you can install quickly with:sudo yum -y install libpcap libpcap-devel libnet libnet-devel pcre \ pcre-devel gcc gcc-c++ automake autoconf libtool make libyaml \ libyaml-devel zlib zlib-devel wget http://www.openinfosecfoundation.org/download/htp-current.tar.gz tar -xzvf htp-current.tar.gz cd htp-* ./configure make make install ldconfigThen just:
rpm -ivh suricata-0.8.0-x86_64-1.rpmand your ready to go... the suricata.yaml config file is placed in your /etc/suricata/ directory, edit it and download the Emerging Threats Rule set. Edit: 10/4/2010, for those looking for it, here's the spec file:
Summary: Suricata The OISF "Open Information Security Foundation" NIDS IPS. Name: suricata Version: current Release: 1 License: GPL Group: Applications/Internet Source: Suricata-0.8.0.tar.gz BuildRoot: /var/tmp/%{name}-buildroot %define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) %if %is_fedora %define dist fedora %define disttag rhfc %endif %description Suricata is the next generation of multithreaded specialized NIDS IPS. %prep %setup %build ./configure -enable-unittests -enable-debug mkdir /var/log/suricata/ make RPM_OPT_FLAGS="$RPM_OPT_FLAGS" make install mkdir /etc/suricata cp suricata.yaml /etc/suricata %clean rm -rf $RPM_BUILD_ROOTTagged as Linux, Security | 2 Comments » | Continue
Suricata Testing Update – Thanks To VictorPosted January 1st
Victor Julian, Lead Developer for the OISF posted a note about Suricata testing, leave your feedback on the OISF's redmine system and if your having issues use the –enable-unittests and –enable-debug during configure and then run "suricata -u" to get the results. More info is available on the inliniac blog. Tagged as Linux, Security | No Comments » | Continue
Still Working On OISF Engine Integration Into My Standard NIDS SetupPosted January 1st
I'm still working on integrating the OISF Engine into my standard NIDS setup. It's going to take a while since there's not much by way of reporting in this early version but it's getting there. If anyone is wondering I have gotten it up and running in both a standard p4 system as well as a qemu guest system, and 2 x Quad Core Servers. Specifically I'm interested in packet loss measurements in high speed environments, such as OC-48. I'll be posting a modified howto soon that includes signatures. Tagged as Linux, Wireless Notes | No Comments » | Continue
OISF NIDS Suricata SlashdotedPosted December 31st
The New OISF NIDS Engine was Slashdoted and is killing the openinfosecfoundation.org site. Tagged as Linux, Security | No Comments » | Continue
Installing The OISF NIDS Suricata on A Fedora 12 SystemPosted December 31st
Ok so I thought it prudent to briefly discuss the installation of Suricata on a Fedora 12 system so as to play my part in easing the process of getting this NIDS widely accepted. The OISF posted and Install Sheet here which gets right to the point but I'll post my steps as well just in case my experience differs any. Suricata can be downloaded in at the OISF Website along with any other supporting plug-ins. Test System Specifications:- AMD Turion 64 Dual 2.2 GHz
- 4 GB RAM
- 250 GB HD
- Base Fedora 12 Install With No Additional Packages
wget http://www.openinfosecfoundation.org/download/htp-current.tar.gz tar -xzvf htp-current.tar.gz wget http://www.openinfosecfoundation.org/download/suricata-current.tar.gz tar -xvzf suricata-current.tar.gzDependencies: A number of dependencies are needed by both engines including the following:
gcc gpp libpcre libnet 1.1.x libyaml libpcap libnetfilter-queue and libfnetlink (optional for use with ./configure --enable-nfq) libpthread (should be part of most glibc's) libpfring (optional for use with ./configure --enable-pfring) libz htp
[root@vms3 htp-0.2.1]# yum install gcc make gpp Loaded plugins: refresh-packagekit Setting up Install Process Package 1:make-3.81-18.fc12.x86_64 already installed and latest version Resolving Dependencies --> Running transaction check ---> Package gcc.x86_64 0:4.4.2-20.fc12 set to be updated --> Processing Dependency: cpp = 4.4.2-20.fc12 for package: gcc-4.4.2-20.fc12.x86_64 --> Processing Dependency: cloog-ppl >= 0.15 for package: gcc-4.4.2-20.fc12.x86_64 --> Processing Dependency: glibc-devel >= 2.2.90-12 for package: gcc-4.4.2-20.fc12.x86_64 ---> Package gpp.x86_64 0:0.7.0-4.fc12 set to be updated --> Processing Dependency: libgnomeprint-2-2.so.0()(64bit) for package: gpp-0.7.0-4.fc12.x86_64 --> Processing Dependency: libgnomeprintui-2-2.so.0()(64bit) for package: gpp-0.7.0-4.fc12.x86_64 --> Running transaction check ---> Package cloog-ppl.x86_64 0:0.15.7-1.fc12 set to be updated --> Processing Dependency: libppl.so.7()(64bit) for package: cloog-ppl-0.15.7-1.fc12.x86_64 --> Processing Dependency: libppl_c.so.2()(64bit) for package: cloog-ppl-0.15.7-1.fc12.x86_64 ---> Package cpp.x86_64 0:4.4.2-20.fc12 set to be updated --> Processing Dependency: libmpfr.so.1()(64bit) for package: cpp-4.4.2-20.fc12.x86_64 ---> Package glibc-devel.x86_64 0:2.11-2 set to be updated --> Processing Dependency: glibc-headers = 2.11-2 for package: glibc-devel-2.11-2.x86_64 --> Processing Dependency: glibc-headers for package: glibc-devel-2.11-2.x86_64 ---> Package libgnomeprint22.x86_64 0:2.18.6-3.fc12 set to be updated --> Processing Dependency: libgnomecups-1.0.so.1()(64bit) for package: libgnomeprint22-2.18.6-3.fc12.x86_64 ---> Package libgnomeprintui22.x86_64 0:2.18.4-2.fc12 set to be updated --> Running transaction check ---> Package glibc-headers.x86_64 0:2.11-2 set to be ...Tagged as Linux, Security | No Comments » | Continue
OISF NIDS Engine Suricata Released TodayPosted December 31st
Today marks the first release of the OISF Suricata NIDS Engine. It's a brave new world! Visit the OISF Website and Stay tuned for my next post latter today where I'll be discussing the install of the engine on a fedora 12 system. Tagged as Linux, Security | No Comments » | Continue
DIY Bulletin Board On the Cheap And QuickPosted December 12th
So I needed yet another Bulletin Board for my home office today, "to many projects"... ug... anyways I really didn't want to pay anything, or go to the store for that matter. So I started hunting around and looking at different DIY projects, what struck me was that they required sewing and other items. To many parts and to much time to make in my opinion. So I got to thinking, I wonder what they make bulletin boards at schools out off, I know that they aren't cork board, they are some type of synthetic material. So I did some research and found a product called Homasote which is what is typically used for large bulletin boards, as well as under floor sound proofing. It's a recycled material made out of paper. As it turns out this is also the material used to acoustic drop down ceiling tiles. As it happens when building my home office and the basement playroom I used 3/4 inch Homasote based tiles. So these tiles are 2 feet by 4 feet which fits perfectly for the location I wanted it. I started by preparing 6 screws with washers:
And as a last step I gave the trim a quick coat of paint to match the rest of the office woodwork.
Verizon USB760 Cell Modem On Fedora 11Posted December 11th
This one was actually one of the easier ones to get running: Edit:: /usr/share/hal/fdi/information/10freedesktop/10-modem.fdi and add:<!-- Verizon USB760--> <match key="@info.parent:usb.vendor_id" int="0x1410"> <match key="@info.parent:usb.product_id" int="0x6000"> <match key="@info.parent:usb.interface.number" int="0"> <append key="info.capabilities" type="strlist">modem</append> <append key="modem.command_sets" type="strlist">IS-707-A</append> </match> </match> </match>To the USB Devices Section. Now insert the USB Stick and the device will now show up in the task tray "KDE4" when you left click on the networkmanager as a CDMA Device, click on it and follow the instructions to connect to Verizon. After which point you should be connected at a rate of approxamatly 1.4Mbps down and 128kbps up. Tagged as Uncategorized | No Comments » | Continue