Breezy! Site

Firestarter is a non-starter! At least on a server. I pulled a Homer Simpson and was fooling around with Firestarter. It is a GUI front-end to an iptables (native Linux) firewall. While playing with it, I somewhow inadvertently "started" the firewall. I'm pretty sure I didn't (boy, do *I* sound like a user!) but guess what happened? You guessed it...my server wasn't a server anymore as it stopped accepting any inbound connections whatsoever. Ooops. No email, web server, X Server, Radius server....nuthin' !!

Since I access Breezy! by remoting in using SSH or an X client, I had to physically attach a keyboard and a monitor to the computer and uninstall the package which cleared all the firewall rules.

This is by no means an attempt to go into deep technical detail of QoS mechanisms, strategies, algorithms and terminology. If you are already a sophisticated QoS expert, some of the analogies and points will probably offend you with their simplicity. That said, the points that are made in this short primer are intended to give a good overview of some of the important terminology and technology involved in an end-to-end QoS solution to the beginner (but technical) reader. The perspective is deliberately skewed towards the SOHO user, though it dabbles in some service provider concepts as well. It finishes with a simple case study of a SOHO VoIP solution and deliberately leaves the reader hanging on the edge. The provider edge that is! The end of the story…which is really the middle of an end-to-end QoS solution….will wait for another day.

And there I was...feeling slightly sacrilegious for complaining (in a back-handed, disingenous way) about how difficult it was to:

a. install applications that weren't pre-packaged for installation in the distribution I'm using;
b. find information when item a. fails;

Google has been my friend for most of my trials but common sense (how common is that?) dictates that I should standardize on software that I can easily install using either apt-get in Ubuntu or, if I'm feeling in a GUI Windows-ish mood, Synaptic Package Manager. You can use the search function of this site to check out my past posts/blogs on this subject.

I'm currently trialing an Open Source program called WallFire. Specifically their Log Analysis and Reporting Tool, wflogs It is designed to sift through a system log file that has had events written to it by Cisco IOS and PIX devices, SNORT IDS, as well as IPtables firewalls and others.

IPtables is the standard stateful firewall applet built into the majority of Linux/Unix builds. There are a number of commercial solutions out there but they cost $$ and I'm cheap! ....sorry...frugal!

Anyway, I digress. I have to setup syslog on a server and setup a cron job so that wflogs can email me when there are alerts which I should be aware of. It also outputs correlated log information in an html file. Keep in mind that I already have a log anaylzer tool for the Breezy! site as well as the Snort IDS. I'm looking for something that will alert me by email when my perimeter Cisco PIX firewall thinks I should attend to an intrusion attempt or some other issue.

Change Breezy's Language to Suit Your Own Tongue!

I have just added a new feature for registered users only. You can now go into your account settings and change Breezy's language to your own. So far I have setup English, Arabic, Chinese (Traditional) and French, but if you want more, simply PM me (webmaster) or email me @ webmaster@breezy.ca <-- click here.

The language selection will affect all help, navigation, forum and standard menu items on Breezy!

Please let me know how you feel about this new feature. I can also add:

I've been experimenting with an interesting IPSec VPN solution from Linksys. I have a Linksys RV042 VPN router on the inside of my network. It's also establishing the DMZ (Demilitarized Zone) in which this web server is situated. Linksys's solution is elegant and simple to set up. In place of a standard IPSec Phase I handshake using IKE to authenticate and negotiate ciphers, etc., Quick VPN uses HTTP/S and wget in order to challenge and exchange credentials in a secure, SSL handshake. The Phase II is a standard one. The solution scales well since the RVxxx devices are NAT-T (RFC-compliant NAT Traversal)compliant. The exception is the WRV54G. Too bad, since that is otherwise a *very* capable device

From this link at DNS HOWTO Nicolai Langfeldt (dns-howto(at)langfeldt.net), Jamie Norrish and others v9.0, 2001-12-20 :
"...But also required is a reverse zone, one making DNS able to convert from an address to a name. This name is used by a lot of servers of different kinds (FTP, IRC, WWW and others) to decide if they want to talk to you or not, and if so, maybe even how much priority you should be given. For full access to all services on the Internet a reverse zone is required."

I followed the steps (and with just a few hiccups, mainly from mixing and matching ideas from other sites) and voila...it works! Minor mistakes in syntax for the /etc/bind/named.conf file like leading spaces will cause it not to work. Anyway, now when I do a nslookup from the C:\> prompt on my PC I don't get a "server name not found, Server failed" message as it tries to do a reverse name resolution of my DNS server to a FQDN (Fully Qualified Domain Name). I guess some programs such as nslookup will only talk to a box whose name can be properly resolved.

I installed Oinkmaster v2.0 on my system to automate the downloading and installation of new and/or modified rules for the Snort IDS. It's quite interesting how it works. Oinkmaster is a script that will fetch the rules updates from http://www.snort.org, using a URL which is coded to a Snort subscription. In this way only registered Snort users can use the script.

While it is not a crutch, nor a magic PnP script, it *does* automate the important task of ensuring that up-to-date rules are always being used when testing traffic both inbound & outbound as seen by the Snort sensor(s).

I have setup Oinkmaster as a cron job (per the "README" file that comes with the Oinkmaster tarball) so that it automatically executes at 1:30 am every morning.

SpamAssassin has been working on my system for over 1.5 months now. This is clear because my incoming email is sometimes marked as spam and automatically forwarded to my Spam folder. This is good. What I found interesting, was that in looking at my syslog I would from time to time see messages that indicated 3 successive retries followed by a failure in contacting "spamd" when incoming email was being piped to SpamAssassin from Courier-MTA's SMTP process. Apparently the advantage of daemonizing SpamAssassin's filter process is speed of execution. This is of particular importance to large volume, enterprise mail servers with numerous mail users and lots of mail. Maybe it isn't that important for my little site, but I hate seeing errors/warnings in my syslog.

I just added a new module called the "event" module to a website that I maintain (not this one). It allows the posting of events and the display of same in a calendar format (again another module). Problem was, after I installed the module using the usual instructions I couldn't access the administer/modules page in the CMS. Turns out (thanks again Google!) that I needed to increase the maximum memory that PHP scripts can use as they execute.