Breezy! Site

I added a new Drupal module. (see Note*) The module, called private_msg, is typical of many things Linux. It works great when you have it working but the documentation is either non-existent or a work in progress. Shame on me for complaining about something free. In this case, the mySQL table which holds the private messages in the website's database has to be created for the module to work in Drupal. This can be inferred from the error messages that resulted from activating the module.

I fiddled, Googled and fussed about until I finally found a reference to the issue. Thankfully, the author of the fix created a mySQL script which (budda boom budda bing!) worked right away and created the "privatemsg" table in my mySQL website's database called "websiteDB". Click Here for the mySQL script fix.

Wow! I noticed in the SNORT IDS log that there have been a number of web crawlers (Google and Yahoo! to name a few) that have visited this site in the last 24 hours. Big times can't be far behind! ;-)

These showed up in the IDS logs as "WEB-MISC robots.txt access [cgi.nessus.org] [sid]"

Click here for an explanation from Nessus' Site.

/Eric

BASE is a PHP-based analysis engine to search and process a database of security events generated by SNORT (and apparently other) Intrusion Detection Tools. Its features include a query-builder and search interface for finding alerts matching different patterns, a packet viewer/decoder, and charts and statistics based on time, sensor, signature, protocol, IP address, etc.

I've included a menu link to a real-time BASE analysis of SNORT-logged events on the Breezy! site. SnortSnarf is there too. I'll leave it up for a bit as it might prove useful for some of the network security courses I teach.

The Ubuntu community espouses a "humanity to others" philosophy. In fact, that is what the word "Ubuntu" means. I like this idea of community and I am leveraging on it by installing Ubuntu 6.10 "Edgy Eft" on all the workstations in a youth association in my small community. I am a network engineer with almost 20 years of industry experience but that means I know computers, right? I have become the "IT Guy" and resident geek for this group. I sit on the board and have setup their network.

While I'm rambling I will simply say that it's my hope that this Ubuntu philosophy remains for the forseeable future. So here comes the heresy: I would hate for Linux in general to be commercialized and it worries me a bit that this community spirit of Ubuntu might be engineered, at least in part, by the commercial entity from which it came, Canonical. I'm not a long-haired Open Source hippie and the cynic in me is fighting a war with the part of me that wants to see the spirit embodied in Ubuntu to take off. I will be watching the Ubuntu distribution closely. There is a huge and active online community, complete with online help forums, etc., that have become wrapped up in the Ubuntu spirit. Canonical will ship, free of charge, the Ubuntu distribution anywhere in the world. Personally, I've subscribed to a selection of Ubuntu mailing lists and have posted, albeit sparsely, on ubuntuforums.org Maybe, despite my cynical backsliding about Ubuntu, it will remain a strong community, despite, perhaps, the initial inventors' motivations.

I finally managed to get my email marked as spam by SpamAssassin to automatically forward to my "Trash" email folder. I'm using Courier IMAP (that fact probably doesn't matter) but what *does* matter is that MAILDROP has to be configured to forward the email that SpamAssassin has marked as spam to the appropriate folder.

I'm using Courier 0.53.2 (so far!) and the courier scripts are mostly in the /etc/courier directory. The /etc/courier/maildroprc file has been modified thusly: (BTW, if the file doesn't exist, it will now)

# ------- begin script --------------------------------------------

I have been using Edgy Eft for the last 3 weeks and have been impressed with its stability despite the many services that are running in the environment. One of the things that impresses me the most is that despite reconfiguring the device several times for new/changed services I haven't needed to reboot it.

I solved the issue of my IMAP daemon not starting automatically as the server boots by reinstalling the Courier IMAP-SSL package. All is well with that.

I still haven't solved the installation issues with Nessus 3.0(4) on my box so have left it at 2.2(8) for now. I think (somewhat cynically) that as Nessus is going closed source that the Debian installation package isn't being properly maintained by Tenable. I've seen some workarounds for the issues but my own philosophy is not to do so. I don't like workarounds/patches/cludges. If an upgrade doesn't work properly out of the box then I don't "upgrade".

Finally got my BIND9 DNS server running and configured properly on my Linux box. I have it configured so it will resolve my domain names (www.breezy.ca, ftp.breezy.ca, mail.breezy.ca) to internal addresses when queried from internal PCs. It is not exposed to the Internet so I don't have to worry about locking it down against zone transfers, DNS cache poisoning, etc.

My Linksys RV042 (which BTW, establishes the DMZ where the Linux box is) was reconfigured to dole out the IP address of the internal DNS server as a primary server, with one of my ISP's DNS servers as a backup.

My kids say this sounds really geeky but, heh...if its transparent to them then no biggy! It must be working.

I installed Nessus 2.2.8(1) on my Ubuntu box. Nessus is an amazing (and free!) vulnerability assessment / penetration testing tool. A commercial version called "NewT" is available from Tenable's website. One of the cool features of Nessus is that you can attach to the daemonized Nessus server from a remote client (Linux or Windows) to perform a scan.

Nessus' scan rules are defined in NASL, Nessus' own scanning language. It is a scripting language that, if mastered, allows an administrator to create his or her own plug-in for Nessus. There are some cludgy aspects of Nessus. For example, to add a user (which you must do before you use it the first time) you must run a command in a terminal "nessus-adduser". Similarly, to update plug-ins you must run another command line script, the script not displaying a progress indicator nor telling you explicitly whether the download was successful or not.

Not much work today. I'm trying to find a SSH client that will do certificate-based authentication. There's only one catch....it's gotta be free!

I'll Google for some open source client.

I've also got to find out why my Courier 0.53.2 IMAP/SSL daemon didn't start automatically when I rebooted my server for testing.

Time to play with Apache2. I checked out the www.apache.org website and see that there are some exciting new developments and that the version that I have on my server (and is part of the Ubuntu repositores) is somewhat out of date.

/Eric

Still tuning my server. I found that FreeRadius, for example, wouldn't start automatically as the system booted. It turns out that the startup script has a command in it that works in a /bin/bash shell but not a /bin/sh shell. I edited the script to fix this foible and it works fine. Makes me wonder how closely this was QA'd. I'm sure that it will be addressed in a patch for FreeRadius.

I installed Apache2 to replace 1.3.4. I guess it's better...it must be since it's a higher number! ;-)

Courier 0.53.2 has some features that I'm going to try out. I'm using the Unix user database for my mail users. I would like to experiment with using MySQL instead since it's more sophisticated, more manageable, and potentially more secure. Ditto FreeRadius. I'm using this AAA server for inbound VPN connections to my PIX firewall as well as inbound HTTP & HTTPS. I would like to have the AAA server hook into MySQL instead of using the Unix database. That way I can use the GUI front-end for FreeRadius, "Dialupadmin" which requires a MySQL user database.