Tuesday, February 28, 2006

Nifty File Manager

I just found this nifty curse base file manager that is available in OpenBSD port/package - Ytree. Ytree is very lightweight file manager, however it has all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 features that supposed available in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 file manager, I don't think it suits everyone's need because most people prefer a gui file manager, but you should check out this one. Ytree allows you to browsing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory tree, copy, remove or rename files whenever you want, it also shows cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 file size and disk space info on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 right pane, one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reason I like it is that I can just run it when I ssh remotely to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 terminal or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 servers without X, many will say cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y can just use ls but once you get yourself handy with ytree especially when you comfortable with it's key command, you can navigate all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 files easily with Ytree. The ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r thing is that you can even execute cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 command directly while you are still browsing your file manager and get back to your file manager once you have finished cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 execution, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 argument of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 command can be changed on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fly as well.

The only con I found would be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem where I can't navigate to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 previous parent directory, what I mean is that if I start running Ytree at /usr, I only can browse through all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 file unders /usr and can't go to / or /home and etc, so I have to start running Ytree at / which is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 root of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system that allows me to navigate all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 files.

Browsing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 files in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory...

Running scapy directly in ytree

Have fun :]

Anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r useful FreeBSD resources

If you are learning FreeBSD system, or you feel like learning it, here's anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r good learning resource for people out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re - The Complete FreeBSD that written by Greg Lehey. The book is about 700 pages and containing lots of tips, even it's a little outdated and that's where Greg encourages people to contrib by publishing it on internet freely, however it's still worth to spend sometimes reading it.

The book is under Creative Common License now, feel free to download and reading it.

Cheers :)

Sunday, February 26, 2006

Tcpdump - Samurai Slicing

It happens when you have logged full network content data with tcpdump, where you have very big size pcap file such as 2GB or maybe 10GB, and you try to load it to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real so that you can analyze but ends up your ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real hangs, I think most people won't have enough RAM for that kind of situation, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re we need to slice cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pcap file to pieces so that we can work with ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real or ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r analyzing tools, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re's third party tool like tcpslice. However here I just want to use tcpdump and here's how I do it.

I log cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 traffic at first, after that I just terminate it after a while and it's size is around 2GB.

shell>tcpdump -qeXX -tttt -s 1550 -n -w /tmp/trace_exploit

shell>cd /tmp

shell>ls -la trace_exploit
-rwxrwxrwx 1 root root 1888546816 Feb 26 03:18 trace_exploit*

shell>file trace_exploit
trace_exploit: tcpdump capture file (little-endian) - version 2.4 (Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet, capture length 1550)

I create cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 short shell script name trace_seq.sh below and put it to /usr/local/bin to ease cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 creation of blank trace files for tcpdump to write with full permission. You will get an permission denied error if you don't create cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 blank trace files manually. Here's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 shell script(works with bash and ksh),

#!/bin/ksh

# Create cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory to store cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 trace file.

echo "Which directory you want to store cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 trace file?"
read directory

mkdir $directory

# Create file with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sequence of number behind it.

for (( i = 1; i <= 10; i++ ))
do
touch $directory/trace_$i
chmod 777 $directory/trace_$i
done

Now run cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 shell script to create a directory that we want to store cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 blank trace files with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sequence number. Don't forget to chmod +x cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 shell script :)

shell>trace_seq.sh
Which directory you want to store cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 trace file?
/tmp/pcap_trace

Run tcpdump with -C 200 which will cut pcap file size down to 200MB and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n write to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 blank trace file, it starts counting at 2, that's why we specify cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first file tcpdump writes to is trace_1, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n once it reaches 200MB, it will write to trace_2 and follow in sequence. Once finished, you will see all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 files in 200MB size except cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last part which is less than 200MB, we will have trace_1 till trace_10.

shell>tcpdump -C 200 -r /tmp/trace_exploit -w /tmp/pcap_trace/trace_1

shell>ls -la /tmp/pcap_trace/
drwxr-xr-x 2 root root 4096 Feb 26 10:24 ./
drwx--x--x 10 root root 4096 Feb 26 09:20 ../
-rwxrwxrwx 1 root root 200001144 Feb 26 09:37 trace_1*
-rwxrwxrwx 1 root root 88539409 Feb 26 09:39 trace_10*
-rwxrwxrwx 1 root root 200001464 Feb 26 09:37 trace_2*
-rwxrwxrwx 1 root root 200000902 Feb 26 09:37 trace_3*
-rwxrwxrwx 1 root root 200001074 Feb 26 09:38 trace_4*
-rwxrwxrwx 1 root root 200000305 Feb 26 09:38 trace_5*
-rwxrwxrwx 1 root root 200000258 Feb 26 09:38 trace_6*
-rwxrwxrwx 1 root root 200000939 Feb 26 09:38 trace_7*
-rwxrwxrwx 1 root root 200000153 Feb 26 09:38 trace_8*
-rwxrwxrwx 1 root root 200001220 Feb 26 09:38 trace_9*
-rwxrwxrwx 1 root root 1888546816 Feb 26 03:18 trace_exploit*

By now you should be able to load cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 smaller size of pcap file to your ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real, remember to tweak cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 shell script to fit your need especially how many trace files expected to be created based on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 total pcap file size.

Cheers (:])

p/s: In my blog, command executaion in shell always in bold and config file or shell script content always in italic.

Thursday, February 23, 2006

dfd-keeper - Dynamic Firewall Daemon

Just noticed in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PF mailing list that mentioning about dfd-keeper - cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 dynamic firewall daemon for PF that ease cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 administrations of OpenBSD PF, wondefully it is written in python languagage. I won't talk about what you can or can't do with dfd-keeper since it's already mentionned here, I will racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r showing quick installation of dfd-keeper which is not clear in it's INSTALL doc. Assuming you are running OpenBSD Current just like me.

Instaling needed OpenBSD package

shell>pkg_add ${PKG_PATH}zope-2.8.4.tgz

shell>pkg_add ${PKG_PATH}py-xml-0.7.1.tgz

shell>pkg_add ${PKG_PATH bzip2-1.0.3.tgz


Installing ZopeInterface

shell>cd /usr/local/src

shell>ftp http://www.zope.org/Products/ZopeInterface/3.0.1final/ZopeInterface-3.0.1.tgz

shell>tar xvzf ZopeInterface-3.0.1.tgz

shell>python ./setup.py build

shell>python ./setup.py install


Installing TwistedCore

shell>cd /usr/local/src

shell>ftp http://tmrc.mit.edu/mirror/twisted/Twisted/2.2/TwistedSumo-2006-02-12.tar.bz2

shell>bzip2 -d TwistedSumo-2006-02-12.tar.bz2

shell>tar xvf TwistedSumo-2006-02-12.tar

shell>cd TwistedSumo-2006-02-12/Twisted-2.2.0

shell>python ./setup.py install


Installing dfd_keeper

shell>ftp http://lightconsulting.com/~travis/dfd/dfd_keeper/dfd_keeper.tar.gz

hell>tar xvzf dfd_keeper.tar.gz

shell>cd dfd_keeper

shell>python ./setup.py install


Now you can test it by running

shell>./keeper_example.py --test

shell>nc localhost 8007

dfd_keeper>

To know what commands are available, just type show

dfd_keeper>show

Currently dfd_keeper is not supporting remote login since it only binds to localhost, it will only allow remote login once Travis(dfd_keeper coder) get ACL done in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future. By now you should be able to play with dfd-keeper.

Enjoy (:])

OliveBSD reviewed

Finally I finished downloading OliveBSD, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 download link that provided is extremely slow, bet cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are many people out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re downloading it simultaneously.

I quickly burn cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 iso and load it to my machine, it loads properly without issue and automagically I can connect to internet without any configurations since it uses dhclient to get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 dynamic IP and I have dhcp server in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 LAN, however you can setup network configuration properly by clicking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Network Card Configuration in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 application menu, Gabriel has done this part nicely by writing his own net config script that ease user's experience. The window menu is well done with all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 applications that needed to run daily tasks such as firefox, thunderbird, xchat and etc. Previously I have reader saying that firefox slow to load but it seems not happening to me where firefox loads within seconds in my testing. Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r applications also loads properly without problem for me. Overall OliveBSD is totally perfect for new users who want to know what is offered by OpenBSD, and I find nothing much differences eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r using OliveBSD and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Linux distro that targets desktop users, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 only thing is that you won't find OpenOffice in OliveBSD since it's not in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OpenBSD port. The file manager that used by OliveBSD is Rox-Filer, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re you can easily change background and browsing files.

Overall I give a thumbs up to this liveCD, not because it's based on OpenBSD but it really does what it does. Thumbs up goes to Gabriel, you have done a good job.


Cheers :]

Tuesday, February 21, 2006

OpenBSD strace - Ktrace

I have just successfully installed prelude-IDS, I'm happy as I can get it installed on OpenBSD without much hassles, however it turns me down when I tried to register cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sensor to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 prelude central management server. It seems that it has a bug where when I try to register cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sensor, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 server end is listenning at ipv6 space, so registration failed all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time. I quickly login to irc.freenode.net #prelude channel to look for help. The lead developer of prelude-IDS, Yoann, is a very nice and helpful person, I quickly run gdb to locate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bugs to report and he fixed out and sending patch to me, he has also asked me to submit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bug report using strace if it;s not fixed after applying cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 patch. The patch fixes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bugs perfectl. However since I feel adventurious, I'm thinking of installing strace on my OpenBSD box, however when I try to install it, I get an error where OpenBSD is not a supported OS.


Then Yoann told me to use ktrace which is similar to strace but it is native tool of OpenBSD, however to use ktrace properly, you have to use kdump to read ktrace's output. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 man page, ktrace enables kernel trace logging for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 specified processes, and it is used to trace system calls, IO, and etc for process. In order to perform ktrace, I just take libstatgrab monitoring tool - saidar as an example.

shell>ktrace -f /var/log/ktrace.out -tc saidar

Read it using kdump

shell>kdump -f /var/log/ktrace.out

Below is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 output of kdumping saidar, it looks similar to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 strace output.


You can also trace cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 process that already running by it's pid,

shell>ps auxww | grep saidar
root 12410 0.0 0.5 608 1288 p2 S+ 11:44PM 0:00.09 saidar

shell>ktrace -f /var/log/saidar_trace.out -p 12410

You can read saidar_trace.out using kdump later. You can also specify what you want to trace with -t option, which you can choose which trace point you want such as I/O, system calls, signal processing and etc. If you just want to watch cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system call, you can just run

shell>ktrace -f /var/log/saidar_syscall.out -t c

With ktrace and kdump, we can enjoy strace alike tool :]

Monday, February 20, 2006

OpenBSD LiveCD - Olive

I read about this OpenBSD live CD at undeadly.org - Olive, since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 download link seems not working for me, I haven't have chance to try it out yet, hopefully it will provides mirror sites so that more people can download and give it a try, it's always rare to have live CD that based on OpenBSD and Gabriel Paderni has really done a good job on it, enjoy !!!!! :)

Have fun .....

Sunday, February 19, 2006

Vi and Bash Shell Scripting

VI editor, while it's trivial to new users, it is always get me excited. I had just learned that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are two ways to get to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last part or end of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 file easily with vi, one is using vi mode, you just need to press G key, anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r one would be using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 command mode which is preceded with :, you can just type $ to go to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last line of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 file. It is always fun to discover new tricks of using vi even though I have been using it for so long, in order to be proficient enough in using vi, I force myself to use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 build in commands more often however cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are still many uncovered or unknown tricks that I should try to figure out and learn, that's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 interesting part of vi, you will never have enough.

Through my journey of bash shell scripting, I have never done this before to check my shell scripting syntax error until recently, if you want to check it if it's syntax is correct, for example your shell script's name is test, you can just run

shell>bash -n test

Then it will show cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 error if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re's any or else just success without error.

Cheers :]

OpenBSD Xuvmstat

I found a virtual memory monitoring tool in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 port, with it I have more clear view of how actually system memory works. The UVM virtual memory system manages access to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 computer's memory resources. User processes and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 kernel access cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se resources through UVM's external interface. By cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 way cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re's great documenetation out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re that really helps me a lot in order to understand it, you should check it out here even though it is more on NetBSD system.

You can also find cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 man page useful especially uvm and vmstat in this case.

Xuvmstat shows cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 memory statistics in kernel

Cheers :)

Saturday, February 18, 2006

Improving Scripting Skillz

I'm currently reading this book that written by Ellie Quigley to sharpen my shell scripting skills, I haven finished half of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book. These days I'm more to reading book than online materials especially on my off days since it's what I need to get in depth on something and more self-contained. This book is recommended by one of my pal and even though I haven't finished cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book, I found it really useful and I understand more about shell than ever after reading cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first few chapters. Ellie Quigley is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 woman who wrote cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first shell programming book, with her 20 years++ experiences of being a shell programming instructor, she knows cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 foundations and tricks to take a newcomer or even advance shell programmer to next level of shell programming.

By introducing and showing examples of how grep, sed and awk been used and using great illustrations that provided in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book, I'm now more enlightenned in writing shell script. To be one good shell programmer, one should be really get ready and handy with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tools that provided in Unix or Unix-alike system. Ellie Quigley is really doing well on this part, I can't wait to finish her book.

It seems I'm revisiting old stuffs this days, sometimes getting back to basic or foundation again will discover things that you think you already understood but you actually not, hopefully by finishing Linux Firewalls and Unix Shells By Example book, I can be get to improved to be better me.

Peace :]]]

Wednesday, February 15, 2006

OpenBSD libstatgrab

Googling without directions get me to this page, and I learn that this is cool tool to do cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same thing like top command but with different kind of monitoring functions, I quickly download cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 source to try out, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 developer of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tool even provide OpenBSD unofficial port which is version 0.11 but I decide to compiled cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest source which is 0.12, it get compiled without problem and I decide to run it instantly to see what it actually offers after quickly finish reading it's manual. There are 2 binaries and 2 perl scripts installed once you finish installing it which are

shell>ls -la /usr/local/stow/libstatgrab-0.12/bin
-rwxr-xr-x 1 root wheel 50600 Feb 15 22:07 saidar
-rwxr-xr-x 1 root wheel 52335 Feb 15 22:07 statgrab
-rwxr-xr-x 1 root wheel 7060 Feb 15 22:07 statgrab-make-mrtg-config
-rwxr-xr-x 1 root wheel 2387 Feb 15 22:07 statgrab-make-mrtg-index

Saidar is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tool to view and monitor system statistic, statgrab provides a sysctl-style interface to all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system statistics available through libstatgrab, statgrab-make-mrtg-config allows you to generate MRTG configuration file and statgrab-make-mrtg-index is used to generate an XHTML index page from MRTG configuration files.

To run saidar, just

shell>/usr/local/bin/saidar

It looks cool :)

Considering this is Server01, so I generate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mrtg configuration file Server01 using statgrab-make-mrtg-config.

shell>statgrab-make-mrtg-config \
--workdir /nsm/statgrab-mrtg/Server01 \
--statgrab /usr/local/bin/statgrab > /etc/statgrab-Server01.cfg

Checking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 statgrab mrtg config file if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re's any error, if it exits without error that means config file is generated correctly. Make sure you have mrtg installed, if not just install from package or port will do.

shell>mrtg --check /etc/statgrab-Server01.cfg

Create cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 config file in html format that base on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 libstatgrab,

shell>statgrab-make-mrtg-index --title Server01 \
/etc/statgrab-Server01.cfg > /nsm/statgrab-mrtg/Server01/Server01.html

Now I just query cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Server01 and also create cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first mrtg trafic graphs and webpages. When you run mrtg for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first time cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re will be a lot of complaints about missing log files. Don't worry, this is normal for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first 2 times you start mrtg. If it keeps complaining after this time you might want to look into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem.

shell>mrtg /etc/statgrab-Server01.cfg

All cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mrtg file will be generated under /nsm/statgrab-mrtg/Server01/

Finally I just add cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mrtg command to run it every 5 minutes to generate mrtg report.

shell>crontab -e

Put this line in crontab

*/5 * * * * /usr/local/mrtg /etc/statgrab-Server01.cfg --logging /var/log/mrtg-Server01.log

I'm done with it now and here's my MRTG output after sometimes.




Libstatgrab is one nifty monitoring tool, you can feed this data to your web server and browsing through http :]

fbpanel - Alternative for Gnome panel

If you can't live without gnome panel stuffs, considering yourself have anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r alternative which is recommended by my friend - fbpanel , it offers similar functions yet without relying much on ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r libraries, I quickly download all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fbpanel to my OpenBSD box and try to get it installed, after solving cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 compile errors, I finally get it worked on my OpenBSD box, here's how I have done it.

shell>wget http://jaist.dl.sourceforge.net/sourceforge/fbpanel/fbpanel-4.3.tgz

shell>pkg_add ${PKG_PATH}glib2-2.8.4

shell>pkg_add ${PKG_PATH}gtk+2-2.6.10p1

shell>./configure --prefix=/usr/local/stow/fbpanel --cpu=off

shell>gmake && gmake install

If you don't have gmake installed, you should install it first via package or port.

Here's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 screenshot of fbpanel with it's configuration box.


We all love Open Source, you always have choices and freedom!!!!!

Linux Firewalls - Robert Ziegler

I'm currently reading this book - Linux Firewalls by Robert Ziegler to repolish my rusted skill in IPtables since I have stop practicing it for quite sometimes, even though this book is old but it is providing very good explanation on how, where and when you should apply cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 firewall rules, as well as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 scenarios and conditions that applicable in real world environment.

Hopefully I can be better in IPtables right after finish reading cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book :)

Cheers .....

Tuesday, February 14, 2006

Enlightenment - Useful Link

I just come across with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 links below which might help you to figure out how to setup, customize and configure enlightenment window manager as well as enlightenment cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365me for E16 and E17, feel free to browse it :).

Monday, February 13, 2006

Elive Linux Distro

The reason I mention this Distro is because of it is only distro I found using Enlightenment Window Manager, and it provides two environments for you to choose between E16(Stable) and E17(Devel). This is intuitive enough for me to try out and I really love it. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 irc channel #Enlightenment that I have noticed, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are not much people out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re using Enlightenment, however I still give thumbs up for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 work that have been done by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 developers of Enlightenment. It provides fast switching, customizable key binding with e16keyedit and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r cool features that you can't find in ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Windows Manager. Here's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 screenshot of Elive Linux.


If you notice cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bar down cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re, it's not gdesklets but Engage which is actually a default application of Enlightenment, and it is far more better.

Enlightenment rocks :]

OpenBSD Enlightenment WM

I use google analytic to track my blog visitors, and found out that my OpenBSD Fluxbox setup post gets cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 highest visit rate especially traffics from bsdforum.org. I will put that post into OpenBSD fluxbox setup guide and upload to my dissectible.org again so that people can grab and read if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y need it. Now I come through anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Window Manager calls Enlightenment, my first try on it has great success and able to get it up and running in minutes by installing from package and apparently cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 previous fluxbox setup experience helps me on Enlightenment setup as well since it's about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same in initial setup. I will post how I get Enlightenment works on OpenBSD when I become more handy on it. Here's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 screenshot of my OpenBSD enlightenment, cheers :]

Enlightenment - Clean and Fast

Saturday, February 11, 2006

OpenBSD Software Raid

It is vey rare that you can find article regarding OpenBSD software raid in internet. I would like to try out and after googling for a while, I found two useful articles that enlightening me. Hopefully it helps to someone who want to build OpenBSD software raid too. Here are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 links -

http://www.monkey.org/openbsd/archive/misc/0203/msg00803.html


http://www.eclectica.ca/howto/openbsd-software-raid-howto.php


Both are very complete write up and you should take a look at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 man page - raid and raidctl as well as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 main project page - http://www.pdl.cmu.edu/RAIDframe.

Cheers :]

Systrace - Analyzing Tool

Systrace serving as host IDS/IPS for OpenBSD to monitor all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 executables, it monitors and controls an application's access to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system by enforcing access policies for system calls. Using it might help to quarantine cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bug of 3rd part applications that eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r install through packages/ports or source when we deploy it's access policies. Not only we can use it to protect cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system but at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same time we can use it to trace cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 behaviour and functions that performed by untrusted executables in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system.

So how can systrace actually can help us to understand suspicious and untrusted executable file. I used cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 script that been uploaded by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hacker a while ago as an example which is actually a synner.pl perl script that can be downloaded from securiteam.com. I have renamed back cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 script so that it is identical to me.

In order to know what this executable file doing without even looking at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 source code, I quickly generate systrace policy file for it.

shell>systrace -A /root/synner.pl
Use ./synner.pl


To know how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 executable file actually works, I run it with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sandbox of systrace by running

shell>systrace -d /root/.systrace /root/synner.pl 192.168.0.140 22 10000

Systrace -d /root/.systrace means using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 policy files in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory /root/.systrace, this is useful if you have multiple policy files in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory. If you just want to monitor single application per policy file, you can just go with -f switch. The synner script will connect to port 22 of host 192.168.0.140 in 10000 seconds. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 script description, we know that it is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 spoof-Dos tool, and with spoofing it means it might be randomize so that's where we have seen that it need to access to /dev/arandom from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 root_synner_pl policy file. Xsystrace is popped up if any access to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 certain function is not implicitly allowed in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 policy file, from here we can monitor each command line switches or options that need to access or perform what functions which giving us more clear view of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 executable files. So here we can see that it need to access to /etc/resolv.conf, that might be used to resolve cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hostname.


Then here we found out that it needs to perform function socket which create an end point for communication that uses AF_INET - address family IP v4 and raw socket. I click on permit to see how it goes next.


There we see it perform sendto function which means now it is in connected state and transmitting message to anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r socket.


After I keep repeating permit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same functions because it keeps doing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same thing, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365refore I just click on Permit Always button to get it finished automatically. Now I have already known what is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 executable file doing without even looking at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 source code.

Systrace is very flexible that not only it serves as application monitoring and controlling tool but as well as a decent analyze tool. It saves time of SysAdmin to analyze cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 third party applications to avoid backdoor or malicious function that running on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system by hand especially to someone not a decent coder like me. I would love to learn more about it since I get to learn OpenBSD function at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same time when I dig on it.

I have always like to learn more about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 native and built-in tool for OpenBSD.

Peace :]

Bad Day - Crashing of my router

My OpenBSD router at home keep giving me problem, it freezes and runs intermittently, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pppoe-in-kernel seems not reliable. When I ping www.yahoo.com, I get very high latency between my router and yahoo, this seems not accurate as sometimes it goes higher than cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 host ping time that behind this router which making me crazy, I'm wondering whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r I should switch back to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 userland ppp instead of using this unreliable pppoe interface. Since this feature is imported from netBSD, I'm not too sured how well it get tested and experimented by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 user out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re, if you are using pppoe-in-kernel of OpenBSD, please leave a comment. I maybe sending bug report because getting pinging time of more than 5000 is so inaccurate. I will post cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 screenshot when I have a chance. Because of that, I can't get a chance to try out OpenSSH new feature. :(

Anyway Cheers :)

Thursday, February 09, 2006

Anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Ongoing Port - Argus

I do use Argus - cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 terrific tool to collect and analyze network flow data, I have come to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 place where I used to install argus from source all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time, and I think it's right for me to create OpenBSD port for argus and may it benefits ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs. Not like previous scapy port which is much more easier to create since it needs no source compilation, argus seems to be tougher for me. However after successfully installing argus from source by fixing it's dependencies stuff, as well as old lines that need to be commented out, now I can install argus using my own port, I do learn how to create patch for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 source using diff command, and understand more about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 internal of OpenBSD more than I was previously, it seems that creating port for OpenBSD is one good learning path for me at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 moment. If argus port works properly, I will continue to create it's client port - Argus client to have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 complete argus port done.

The next port that I plan to create would be eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r python PyX or mysqltcl which is used by Scapy and Sguil project, maybe when I'm leet enough to create port, I will try to create OpenBSD port for Sguil including all it's components to have it fully functional on OpenBSD without going through much hassle installation.

Anyway I don't plan to submit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 port to OpenBSD.org yet due to this announcement, it is better to test out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 current port tree for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 coming release of OpenBSD 3.9.

Cheers (:])

Wednesday, February 08, 2006

Unofficial OBSD port - Scapy

I finally decide to take cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 advice of dudes in #myoss and start my journey of building port, I prefer to take a simple one which is scapy since this is my first try out. After reading cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 man page and learning how ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs write cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ports, I figure out that's not too hard but requires more practices and understanding of variables used in order to be handy in creating port. One of useful link would be this, it contains all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 information needed to learn to write OpenBSD port properly.

After hours of tinkering with it, I finally have my first OpenBSD port created - Scapy, this is considered an unofficial OpenBSD port for Scapy, since this is my first try without intensive testing, it may break but I myself have tested it under OpenBSD 3.8 release and current. Feel free to download cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 port and untar it to /usr/ports/net, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n just go into py-scapy directory and make install. I plan to write more ports to sharpen my skill of writing OpenBSD port in future.

Thanks to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 encouragement of dudes, again I can fly even higher with Scapy (:])

Tuesday, February 07, 2006

VMware Server


Again anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r FREE product from VMware after VMware player - VMware Server, I myself haven't tried out yet so not much comments on it, however in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 main site it states that VMware Server allows user to partition a physical server into multiple virtual machines, and to start experiencing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 benefits of virtualization. Virtualization seems to be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future, Xen is one example.

VMware is always great :)

OpenSSH - New Feature


OpenSSH 4.3 released and you can find cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 story here. This is not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest new however cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re's one new feature in OpenSSH worth mentioning. With OpenSSH 4.3, you will be able to build simple VPN solution since it can tunnel arbitrary network packets over a ssh connection between OpenSSH client and server via tun virtual network interface. This is neat and I will try to spare sometimes to play around.

:)

Monday, February 06, 2006

OpenBSD PF - tip of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 day

This is by no meant to PF hardcorer but for people who new to PF. When writing PF filter rules, new comers tend to confuse cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 direction of IN and OUT. The IN and OUT keywords in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 syntax actually is not indicating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 direction of network flow coming into or getting out from your network. IN actually means cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network flow that coming into your PF enabled NIC and Out means cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network flow that eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r orignated from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PF enabled NIC or network flow that flowing out from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PF enabled NIC. The picture below illustrates cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IN and OUT, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 green arrows indicate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network flow.


To furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r understand what it means, here I try to show three rules and assuming 192.168.5.100 has NIC with variable pcn0. The first rule allows cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 incoming traffics from 192.168.5.0/24 to 192.168.5.100 on interface pcn0.

pass in on pcn0 proto tcp from 192.168.5.0/24 to 192.168.5.100

This second rule is blocking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network flow from 192.168.5.0/24 to reach 192.168.5.100

block in on pcn0 proto tcp from 192.168.5.0/24 to 192.168.5.100

However if you apply this rule, you can still reach 192.168.5.100 however cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re's no response from 192.168.5.100.

block out on pcn0 proto tcp from 192.168.5.0/24 to 192.168.0.100

Hereby I put anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r picutre so that you have clear view of what have been mentioned above.


Peace (:])

Friday, February 03, 2006

Hardware Compatibility Lists

If you are looking for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hardware to build your server or appliance that based on OS such as OpenBSD, FreeBSD or Linux, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 URLs below maybe what you are looking for, thanks to Prabu who point it out to me. I'm more focusing on OpenBSD and have seen cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 URLs below.

http://www.openbsd.org/i386.html

http://www.eracks.com/

http://www.armorlogic.com/openbsd_information_server_compatibility_list.html

I'm not on behalf of any companies or trying to promote for any companies, however those URLs have mentioned and listed out what hardware is working on certain platform and not. This is useful resouces where you can take consideration when making decision on buying hardware . If you do know any link, please do tell so that people can have more references.

Cheers :]

Thursday, February 02, 2006

PADS - Passive Rocks

Reading previous #snort-gui chat log that I have missed, I found that PADS will perhaps be integrated into sguil and I'm wondering what's PADS, after asking Richard about it, he shows me cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PADS url as well as his blog that related to it here. PADS is Passive Asset Detection System and it is designed to complement IDS technology by providing context to IDS alert, anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r good thing about it is that it never generate any traffics but intercept and intepret it(passive). With cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 claim it seems worth to implementing this to IDS sensor. Since OpenBSD is always my main platform, I quickly download pads source tarball from it's provided link. There's pads-archiver as well which playing main role as archiving pads data to permanent storage to lighten pads job to avoid packet loss when processing. Atm is asset to MySQL which is used to create cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 databases for pads, you only need it if you want cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 data to be inset into MySQL database.

shell>cd /usr/local/src

shell>wget http://jaist.dl.sourceforge.net \
/sourceforge/passive/pads-1.2.tar.gz

shell>wget http://jaist.dl.sourceforge.net\
/sourceforge/passive/pads-archiver-1.2.tar.gz

shell>wget http://jaist.dl.sourceforge.net \
/sourceforge/passive/atm-111104.tar.gz

After finished downloading cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 source, installation is very straightforward, as usual I use stow to manage my software.

shell>tar xvzf pads-1.2.tar.gz

shell>cd pads-1.2

shell>./configure --prefix=/usr/local/stow/pads-1.2 \
--enable-banner-grab

shell>make && make install

shell>tar xvzf pads-archiver-1.2.tar.gz

shell>cd pads-archiver-1.2

shell>./configure --prefix=/usr/local/stow/pads-archiver-1.2 \
--enable-mysql --with-mysql-includes=/usr/local/include/mysql \ --with-mysql-libraries=/usr/local/lib/mysql

shell>make && make install

Stowing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m

shell>cd /usr/local/stow

shell>stow pads-1.2 && stow pads-archiver-1.2

Now I have to create database for pads using atm ready script and create proper user to run pads.

shell>cd /usr/local/src

shell>tar xvzf atm-111104.tar.gz

shell>cd atm-111104

shell>mysql -u root -p -e "CREATE DATABASE pads"
Enter password:

shell>mysql -u root -p -D pads < ./pads.sql
Enter password:

shell>mysql -u root -p -D pads -e "show tables"
Enter password:
+----------------+
| Tables_in_pads |
+----------------+
| assets |
| protocol |
+----------------+

shell>mysql -u root -p
Enter password:

mysql> GRANT ALL PRIVILEGES ON pads.* TO pads@localhost IDENTIFIED BY "p4d5" WITH GRANT OPTION;
Query OK, 0 rows affected (0.02 sec)

mysql> update user set Password=OLD_PASSWORD("p4d5") where User="pads";
Query OK, 1 row affected (0.05 sec)
Rows matched: 1 Changed: 1 Warnings: 0

mysql>FLUSH PRIVILEGES;

Adding pads user so that we don't have to run pads as root

shell>groupadd -g 1234 pads

shell>useradd -u 1234 -g 1234 -md /home/pads -s /bin/ksh -c "PADS user" pads

shell>touch /var/run/pads.pid

shell>touch /var/run/pads-archiver.pid

shell>chown pads:pads /var/run/pads.pid

shell>chown pads:pads /var/run/pads-archiver.pid

I create and put all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pads configuration under /home/pads instead of /etc, I prefer it that way since those configuration owner is pads. There are two configuration files, each for pads and pads-archiver.

shell>su - pads

shell>cd ~

shell>touch pads.conf pads-archiver.conf

Here's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content of my pads.conf. I prefer to specify all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 options in configuration file instead of typing it in command line. The network interface I use to run pads is pcn1.

# PADS Configuration
daemon 0
pid_file /var/run/pads.pid
sig_file /usr/local/stow/pads-1.2/etc/pads-signature-list
mac_file /usr/local/stow/pads-1.2/etc/pads-ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r-codes
user pads
group pads
interface pcn1
# filter
network 192.168.0.0/24
output screen
# output csv: /home/pads/pads.csv
output fifo: /home/pads/pads_fifo

This is my pads-archiver.conf

# Pads-Archiver Configuration
daemon 0
pid_file /var/run/pads-archiver.pid
user pads
group pads
input fifo: /home/pads/pads_fifo
output mysql:127.0.0.1,pads,pads,p4d5,0

You can has different types of output result and by default it is csv format which is comma separated for different data field. However I used fifo since it's not writing to disks and directly archived to MySQL database using pads-archiver which is much more faster. Now I just need to run pads and pads-archiver as root.

shell>pads -c /home/pads/pads.conf
pads - Passive Asset Detection System
v1.2 - 06/17/05
Matt Shelton

[-] Filter: (null)
[-] Listening on interface pcn1

[*] Asset Found: IP Address - 192.168.0.23 / MAC Address - 0:0A:E4:35:EA:8E (Wistron Corp.)
[*] Asset Found: IP Address - 192.168.0.181 / MAC Address - 0:0C:29:76:61:85
[*] Asset Found: Port - 0 / Host - 192.168.0.181 / Service - ICMP / Application - ICMP
[*] Asset Found: IP Address - 192.168.0.180 / MAC Address - 0:0C:29:76:61:7B

shell>pads-archiver -c /home/pads/pads-archiver.conf
pads-archiver - Archive PADS data into permanent storage.
v1.2 - 06/17/05
Matt Shelton

[v] config - Processing '/home/pads/pads-archiver.conf'.
[v] config - PARAM: |daemon| / VALUE: |0|
[v] config - PARAM: |pid_file| / VALUE: |/var/run/pads-archiver.pid|
[v] config - PARAM: |user| / VALUE: |pads|
[v] config - PARAM: |group| / VALUE: |pads|
[v] Initializing FIFO input processor.
[v] config - PARAM: |input| / VALUE: |fifo: /home/pads/pads_fifo|
[v] Initializing MYSQL output processor.
[v] MySQL Arguments: Host - 127.0.0.1 / DB - pads / User - pads / Pass - p4d5 /
[v] config - PARAM: |output| / VALUE: |mysql:127.0.0.1,pads,pads,p4d5,0|
[v] Dropping Privileges
[-] Processing FIFO File: /home/pads/pads_fifo
[v] SQL: INSERT INTO arpasset VALUES (NULL, '192.168.0.180', '0:0C:29:76:61:7B'
query error
[v] SQL: INSERT INTO asset VALUES (NULL, '192.168.0.181', 0, 1, 'ICMP', 'ICMP', 1138874261)
[v] SQL: INSERT INTO arpasset VALUES (NULL, '192.168.0.23', '0:0A:E4:35:EA:8E', '', 1138874273)
query error

You may see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 query error, this is due to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re's no database table called arpasset for it to insert cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 data and it's not created through atm, I think atm is a bit outdated. In case you are storing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 asset data in csv format, you can import it to MySQL db using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 perl script - atm.pl. Just run it against cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pad.csv file.

shell>perl ./atm.pl --f /home/pads/pads.csv -u pads -p p4d5

PADS is really cool, I can just use it to profile and identify all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hosts in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network without tampering or connecting to any machine purposely. Pads has delivered cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tool to archive cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 data, I do wish it comes with it's own complete sql script so that I can import it's default DB instead of creating my own especially for arpasset. Anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r reason I like about pads would be it can run against pcap file so this would really help especially when you just need to profile your machines in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network without running pads on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fly.

Peace and Cheers (:])

Wednesday, February 01, 2006

Vim - Cool editor for PF and Snort Rules

If you are writing pf and snort rules, vim may suit your need. I use vi for my daily task and try to play with vim which is vi clone. I come across to know that you can configure vim to be your own editor with your own preferences and settings. I have just found out that if I install vim by using OpenBSD port/package, you already have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vim syntax configuration file for pf and snort rules but you need to enabled it. Below are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 screenshots of pf and snort rules file, those with syntax hightlightning and colorized.

Pf Configuraiton File

Snort Rules File

The vim syntax file is stored in /usr/local/share/vim/vim64/syntax and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 syntax configuration files for pf and snort is pf.vim and hog.vim, so I have to enable it via .vimrc under user directory. Here's my .vimrc content under /root. I need anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r files in /root/.vim which is filetypes.vim to load cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 syntax file for pf.conf and snort rules file.


Here's my filetypes.vim file.


Now it's much more easy to edit and write cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 rules with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 syntax highlightning and text colorized. However hog.vim is kinda outdated and need to be updated since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are lots of changes on snort rules syntax.

:]