Friday, March 31, 2006

March 2006 (IN)SECURE Magazine Posted

Issue 1.6 (March 2006) (.pdf) of (IN)SECURE Magazine is now available for download. This is a great online magazine that covers a wide variety of security topics. Consider submitting an article.

Controlling Bots with Steganography

My friend John Ward posted a discussion of controlling bots with steganography:

So basically, all this does is open a Bitmap file, decode cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 stenography message, and pass cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 resulting message to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 protocol class for handling. More sophisticated techniques can be employed, and steganography has grown as a field, so different graphics formats, MP3 files, or even specially encoded HTML headers can contain cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 message.

This deviates from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 traditional botnet where cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 client connects to an IRC channel or some ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r central media to receive commands in real time. In this method, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attacker loses real-time response and gains stealth. With a reasonable interval of time set for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 clients, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attacker can have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir nefarious commands executed in a short amount of time.

By combining this code with some disguised distribution method, lets say an image thumb-nail browser for an online graphics catalog, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 program can be distributed widely, and its online image grabbing behavior would never be suspect until cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mass traffic adding to a DDOS attack came from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 client machine. And even if it were, your normal Net-Sec analyst would only see an image file and have no clue that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 image file contained a steganography-encoded message.


Neat idea John -- is anyone seeing this in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wild?

Wednesday, March 29, 2006

Tom Gallagher Responds to Blog Post

Tom Gallagher, author of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 forthcoming Hunting Security Bugs, sent cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following in reply to my Microsoft Is Getting It post:


Hello Richard. Last weekend I read your blog about Microsoft BlueHat and our security books and thought you might be interested in some more information about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se topics.

I joined cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 company almost 7 years ago. In that time, I've seen some major changes happen around how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 company views security. As you are aware, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 company didn't focus much on security back cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n. I was one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 few people at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 company who did fulltime penetration testing. I worked on a small product team within Microsoft Office and was responsible for testing only it. Today things are very different. In Office's vision document for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 release, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first tenet is about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 importance of security. Unlike when I started, security is now cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 responsibility of everyone creating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 software - not just cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 person writing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 code, but also cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 people who design, test, and document it. Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r products across cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 company do similar things. We're certainly not perfect, but are working harder and harder to get better.

As you noticed, we proactively try to learn about security issues from external researchers and bring cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to Redmond to present to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 product teams. The cool thing about this is it allows many people to get direct exposure to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 information. For example, I can't justify sending everyone on my team to a security conference twice a year, but I can send cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to BlueHat that often. We continue to send people to external conferences too. Since security is everyone's responsibility, people who don't work on security fulltime also attend BlueHat. It is unlikely that those people would attend external security conferences often.

I'm one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 authors of an upcoming MSPress title (Hunting Security Bugs). This book allows feature testers to understand how to find security bugs in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir product. Writing Secure Code is for developers to understand how to create secure software; cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 testing book teaches testers how to ensure that carefully probing for vulnerabilities. Both books cover a wide variety of topics. And of course testers aren't limited to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 people who work on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 team creating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 software.


If you have any questions for Tom, please post cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m here.

Sunday, March 26, 2006

Review of Protect Your Windows Network Posted

Amazon.com just posted my five star review of Protect Your Windows Network by Jesper Johansson and Steve Riley. I loved this book. It's anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r must-read, but check out my comments. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 extensive review:

I received a copy of Protect Your Windows Network (PYWN) almost one year ago, and I immediately put it aside. I figured it was anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r "security configuration guide," with lots of descriptions of settings and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r tweaks that makes for boring reading. Recently I decided to give PYWN anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r look, and I am exceedingly glad I did. PYWN is one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best security books I have ever read, and that includes nearly 200 titles over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last six years. Incredibly, even non-Windows users will find plenty of sound advice for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir enterprise. Although cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book is highly opinionated (and at times perhaps not on my side of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 issues) I strongly recommend reading PYWN.

Friday, March 24, 2006

FISMA Is a Joke

Thanks to SANS Newsbites I read cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 article FISMA Fizzles. I've written about FISMA before. The new article points me to a potential wise man who understands that FISMA is a joke: ex-Energy Department CIO Bruce Brody. This comment cut straight to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem with FISMA:

OMB's FISMA implementation basically boils security down to paperwork exercises, and score card pressure ensures it stays that way. But that's not how cybersecurity works; it requires real-time monitoring, updating and patching, Brody says, which isn't necessarily reducible to a paper trail. (emphasis added)

Did I read "real-time monitoring"? Wow. Mr. Brody "gets it." Consider cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 alternative point of view:

FISMA has its defenders. An agency fully compliant with FISMA is a secure agency, says Scott Charbo, Homeland Security Department CIO. The law and cybersecurity are "cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same thing in my mind," he says.

I see. Reading cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 DHS' grade history shows cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y have a perfect F record for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last three years. Just because DHS is in a sorry state and its scores are an F doesn't mean that an agency with straight A's is secure!

Let's get back to monitoring. Mr. Brody has correctly recognized that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 absolute first priority for a security program is to figure out what is happening. If you have no idea what is happening in your enterprise, how can you expect to "secure" it? It doesn't even make sense to figure out what systems you have before you start monitoring. When you start watching traffic, intruders will show you your systems. The most vulnerable and/or interesting targets will get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most attention from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 adversary, and you should address those first.

If you are a federal agency and you want to learn more about implementing monitoring, please contact me: richard at taosecurity dot com. I can teach you what to do, efficiently and cheaply. I may not be wearing my blue uniform any more, but I want to do my part. FISMA is not helping.

New Sguil VM Available for Testing

Using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 scripts I described yesterday, I built a new Sguil VM. It is available here:

freebsd54-sguil-24mar06-pub1.tar.bz2 (310 MB)

SHA256 (freebsd54-sguil-24mar06-pub1.tar.bz2) =
a18bcd8114c4f40e43f777dc3f34ca917a44093e16f72a720f1ff6183e66f434

The VM is in bzip2 format. Windows users can extract it with bsdtar for Windows.

The OS is FreeBSD 5.4 with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest security patches. Sguil 0.6.1 is set up with all components on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same system. This VM is similar to my two old VMs using FreeBSD 6.0 and Sguil 0.6.0p1.

I tried to address issues people discussed. I could not build cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 disks using SCSI because FreeBSD did not recognize cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. I know cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM works in VMware Workstation and VMware Server Beta. I did not yet test it in VMware Player. VMware ESX Server probably doesn't work because it doesn't like IDE disks. This VM uses a 6 GB virtual disk. I gave cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 /nsm partition 2 GB space so you can try collecting more traffic.

I built cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM with two interfaces. As configured cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are both bridging vmnet0 (cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 default interface). I personally change this before running cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM "in production," such that lnc0 bridges to a management interface (vmnet0 and eth0) and lnc1 bridges to a sniffing interface (vmnet2 and eth1). Yes, I am running this VM on Linux and VMware Server Beta.

Here are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 accounts on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM in (system) name: password; comment format.

  • (FreeBSD) sguil: sguil; not in wheel group

  • (FreeBSD) analyst: analyst; in wheel group

  • (FreeBSD) root: r00t

  • (MySQL) sguil: sguil

  • (MySQL) root: r00t

  • (Sguil) sguil: sguil


To get everything running:

  1. Boot cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM. Log in as user analyst. Run 'startx' to open an X session.

  2. Open an xterm. su - root. Run 'sancp_start.sh', 'snort_start.sh', '/usr/local/bin/log_packets.sh restart'.

  3. Open a second xterm. su - sguil. Run 'sguild_start.sh', 'sensor_agent_start.sh', 'barnyard_start.sh'.

  4. Open a third xterm. Run 'sguil_client_start.sh'.

  5. The Sguil client window will appear. Use server 'localhost', port '7734', user 'sguil', password 'sguil'.

  6. Select sensor 'taosecurity' when given cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 option.

  7. Congratulations. You are running Sguil!


When all components are running, 'sockstat -4' output will look something like this:

sguil barnyard 4502 11 tcp4 127.0.0.1:53438 127.0.0.1:7735
sguil tclsh8.4 4464 3 tcp4 127.0.0.1:50811 127.0.0.1:7736
sguil tclsh8.4 4464 4 tcp4 127.0.0.1:7735 *:*
sguil tclsh8.4 4464 5 tcp4 127.0.0.1:7735 127.0.0.1:53438
sguil tclsh8.4 4429 11 tcp4 *:7734 *:*
sguil tclsh8.4 4429 12 tcp4 127.0.0.1:7736 *:*
sguil tclsh8.4 4429 13 tcp4 127.0.0.1:7736 127.0.0.1:50811
mysql mysqld 1845 10 tcp4 127.0.0.1:3306 *:*


The Sguil client connects to port 7734 TCP, where cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 server is listening. Barnyard connects to port 7735 TCP. The sguild server listens on port 7736 TCP for connections from sensor_agent.tcl. MySQL listens on port 3306 TCP. Note in this deployment everything is listening on localhost except for MySQL. I usually don't have port 7734 TCP listening on public IPs. I instead use SSH port forwarding to tunnel cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 client communications:

ssh -L 7734:localhost:7734 analyst@sensor_mgt_ip

When I start my client I cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n connect to localhost, port 7734.

The easiest way to test cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 whole setup is to netcat to port 22 TCP on a system watched by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sensor. Enter cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 text 'GOBBLES' when connected to port 22 TCP. There is a Snort rule that fires when Snort sees this text on port 22 TCP.

You should see an alert appear in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Sguil console.

If you have any questions, please post cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m here as comments. You may also get help posting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m via email to sguil-users at lists dot sourceforge dot net.

Bejtlich Quoted Regarding Check Point and Sourcefire

Joe Brockmeier from Newsforge interviewed me via phone today for his article Check Point withdraws from Sourcefire acquisition. I think Joe did a good job relaying my thoughts on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 matter. He read my earlier post and decided to call.

Forensic Pre-Review

My friends at Sybex, a division of Wiley, sent me a review copy of EnCase Computer Forensics -- The Official EnCE: EnCase Certified Examiner Study Guide by Steve Bunting and William Wei. This looks like a good introductory book for Guidance Software's products, especially those that are host-based. I plan to read this book in tandem with Brian Carrier's File System Forensic Analysis.

Speaking of Guidance Software, I am speaking at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir 2006 Computer and Enterprise Investigations Conference in LAs Vegas on Thursday, 4 May 2006 from 1400-1530 on Network Forensics.

Check Point Acquisition of Sourcefire Cancelled

According to Sourcefire's press release:

Sourcefire, Inc., cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world leader in intrusion prevention, today announced that, with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 consent of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 US government, Sourcefire and Check Point Software Technologies have opted to withdraw cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir merger filing with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Committee on Foreign Investment in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 United States (CFIUS). Sourcefire will continue to operate as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 industry's largest private Intrusion Prevention System (IPS) vendor.

According to Check Point's press release:

The companies have determined that it would be more effective to create a customer focused business partnership. "We've decided to pursue alternative ways for Check Point and Sourcefire to partner in order to bring to market cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most comprehensive security solutions," said Gil Shwed, Check Point's CEO.

Check Point and Sourcefire will continue to create and distribute cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best security solutions in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir respective spaces. They will work togecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r on formulating a partnership strategy moving forward and will keep customers and partners updated as new plans are developed.


Their FAQ says this:

Is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Sourcefire acquisition cancelled?

We can still pursue cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 acquisition but at this point we will explore ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r opportunities. We will also focus on running our business and delivering cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best solutions for customers.


Wow, it's cancelled -- despite what Check Point says. I thought this deal would go through, albeit with restrictions.

Thursday, March 23, 2006

New Sguil Scripts and VM

I have not been happy with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 performance of FreeBSD 6.0 under VMware Workstation or VMware Server Beta. I thought some workarounds helped, but that wasn't really cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 case.

Also, since releasing my original Sguil installation script, I've wanted to break it into scripts for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Sguil sensor, database, server, and client.

I decided today to kill two birds with one stone. First, I broke cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 master script into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following smaller scripts.


All of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m are available in this archive: sguil_install_scripts.tar.gz.

These are not pretty. There is no error checking. There is no interaction. You will have to make modifications to get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to work flawlessly in your environment.

Important: As written cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se scripts download packages for FreeBSD 5, not 6. You can modify this.

These will work best "out of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 box" if you want to install all Sguil components on a single host. This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 case because I did not make any adjustments to have MySQL listen on a public interface, for example.

So what good are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se? Well, you can now see exactly what software is required for each Sguil component. It's possible I may have erred on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 side of including one too many packages for a certain component, but I believe this configuration will work. I did some testing to iron out bugs, but I can't guarantee success.

Using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se scripts, I created a new Sguil 0.6.1 complete (sensor/database/server/client) VM on FreeBSD 5.4 RELEASE. The following shows how I invoked cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 scripts, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 adjustments I made to get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 patches to work on this VM.

First I downloaded cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 script collection.

taosecurity:/root# fetch http://www.bejtlich.net/sguil_install_scripts.tar.gz
sguil_install_scripts.tar.gz 100% of 2552 B 1716 kBps
taosecurity:/root# tar -xzvf sguil_install_scripts.tar.gz
x scripts
x scripts/sguil_client_install.sh
x scripts/sguil_sensor_install.sh
x scripts/sguil_server_install.sh
x scripts/sguil_sensor_install_patch.sh
x scripts/sguil_database_install_pt2.sh
x scripts/sguil_database_install_pt1.sh
taosecurity:/root#
taosecurity:/root# cd scripts/
taosecurity:/root/scripts# ls
sguil_client_install.sh sguil_sensor_install.sh
sguil_database_install_pt1.sh sguil_sensor_install_patch.sh
sguil_database_install_pt2.sh sguil_server_install.sh
taosecurity:/root/scripts# chmod +x *.sh

Next I started with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sensor installation.

taosecurity:/root/scripts# ./sguil_sensor_install.sh
Starting Sguil sensor installation.
...edited...
Sguil server installation finished.

You must modify cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following patches in /usr/local/etc/nsm
to match your environment.

sensor_agent.conf.patch
snort.conf.patch
barnyard.conf.patch
sancp.conf.patch
log_packets.sh.patch

When done, run sguil_sensor_install_patch.sh

Next, modify cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 start scripts to match your environment.

These are in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 /home/sguil directory:

barnyard_start.sh sensor_agent_start.sh

You'll notice cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 script suggests making changes to patches to match your environment. Here are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 common changes:

  • sensor_agent.conf.patch: change hostname from 'gruden' to 'your_hostname'

  • snort.conf.patch: change 'var RULE_PATH /nsm/rules/gruden' to 'nsm/rules/your_hostname'

  • barnyard.conf.patch: change hostname from 'gruden' to 'your_hostname'; change interface from 'lnc1' to whatever your system uses

  • sancp.conf.patch: probably no changes

  • log_packets.sh.patch: change hostname from 'gruden' to your_hostname; change interface from 'lnc1' to whatever your system uses


Once I made changes I needed, I ran sguil_sensor_install_patch.sh.

taosecurity:/root/scripts# ./sguil_sensor_install_patch.sh
Patching Sguil sensor configuration and logging scripts.

Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- sensor_agent.conf Wed Dec 28 14:57:30 2005
|+++ sensor_agent.conf.diff Wed Dec 28 14:58:33 2005
--------------------------
Patching file sensor_agent.conf using Plan A...
Hunk #1 succeeded at 13.
Hunk #2 succeeded at 22.
Hunk #3 succeeded at 55 (offset 6 lines).
done
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- snort.conf Wed Dec 28 14:30:42 2005
|+++ snort.conf.diff Wed Dec 28 15:07:23 2005
--------------------------
Patching file snort.conf using Plan A...
Hunk #1 succeeded at 107.
Hunk #2 succeeded at 621.
done
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- barnyard.conf Wed Dec 28 14:30:42 2005
|+++ barnyard.conf.diff Wed Dec 28 15:00:38 2005
--------------------------
Patching file barnyard.conf using Plan A...
Hunk #1 succeeded at 23.
Hunk #2 succeeded at 38.
Hunk #3 succeeded at 133.
done
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- sancp.conf Wed Dec 28 14:30:42 2005
|+++ sancp.conf.diff Wed Dec 28 15:01:49 2005
--------------------------
Patching file sancp.conf using Plan A...
Hunk #1 succeeded at 45.
done
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- log_packets.sh Wed Dec 28 20:11:54 2005
|+++ log_packets.sh.diff Wed Dec 28 20:12:39 2005
--------------------------
Patching file log_packets.sh using Plan A...
Hunk #1 succeeded at 28.
done

The sensor installation provides several start scripts that must also be adjusted for your environment:

  • /root/snort_start.sh: change 'gruden' to 'your_hostname' and 'lnc1' to your sniffing interface

  • /root/sancp_start.sh: change 'gruden' to 'your_hostname' and 'lnc1' to your sniffing interface

  • /home/sguil/barnyard_start.sh: change 'gruden' to 'your_hostname'


At this point I was ready to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Sguil database. I broke this into two scripts because I needed a delay to ensure MySQL was running before taking certain actions.

taosecurity:/root/scripts# ./sguil_database_install_pt1.sh
Starting Sguil database installation, part 1.
...edited...
The latest information about MySQL is available on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 web at
http://www.mysql.com
Support MySQL by buying support/licenses at https://order.mysql.com
Run sguil_database_install_pt2.sh after MySQL is running.
taosecurity:/root/scripts# Starting mysqld daemon with databases from /var/db/mysql
taosecurity:/root/scripts# sockstat -4 | grep 3306
mysql mysqld 1187 10 tcp4 *:3306 *:*

Now I start part 2 of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 database installation after checking to be sure MySQL is listening on port 3306. Note that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 script edits /etc/rc.conf to make MySQL listen on localhost on port 3306. You can also do cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following:

# mysqladmin -p shutdown
Enter password:

To restart cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 server:

mysqld_safe --bind-address=127.0.0.1 --user=mysql &



taosecurity:/root/scripts# ./sguil_database_install_pt2.sh
Starting Sguil client installation, part 2.

+-------------------+
| Tables_in_sguildb |
+-------------------+
| history |
| nessus |
| nessus_data |
| portscan |
| sensor |
| sessions |
| status |
| user_info |
| version |
+-------------------+
Sguil database installation complete.

The sensor and database are done. On cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Sguil server. You'll notice I install mysqltcl from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ports tree. I am no longer hosting a package for this. You'll also be prompted to enter a password for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Sguil client. This is proof that mysqltcl and sguild are working.

taosecurity:/root/scripts# ./sguil_server_install.sh
Starting Sguil server installation.
...edited...
=> Attempting to fetch from http://www.xdobry.de/mysqltcl/.
mysqltcl-3.01.tar.gz 100% of 164 kB 62 kBps
===> Extracting for mysqltcl-3.01
=> MD5 Checksum OK for mysqltcl-3.01.tar.gz.
===> Patching for mysqltcl-3.01
===> Applying FreeBSD patches for mysqltcl-3.01
===> mysqltcl-3.01 depends on shared library: tcl84 - found
===> mysqltcl-3.01 depends on shared library: mysqlclient.15 - found
===> Configuring for mysqltcl-3.01
===> Building for mysqltcl-3.01
...edited...
Create a Sguil client user password when prompted.
Please enter a passwd for sguil:
Retype passwd:
User 'sguil' added successfully
SGUILD: Exiting...
Sguil server installation finished.

You must modify /usr/local/etc/nsm/sguild.conf.patch
to match your environment.

When done, apply it:

patch -p0 < sguild.conf.patch

As cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 script notes, you should patch /usr/local/etc/nsm/sguild.conf. The /usr/local/etc/nsm/sguild.conf.patch by default should work as is for those with a local installation.

taosecurity:/root/scripts# cd /usr/local/etc/nsm/
taosecurity:/usr/local/etc/nsm# patch -p0 < sguild.conf.patch
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- sguild.conf Wed Dec 28 16:29:21 2005
|+++ sguild.conf.diff Wed Dec 28 16:30:34 2005
--------------------------
Patching file sguild.conf using Plan A...
Hunk #1 succeeded at 1.
Hunk #2 succeeded at 30.
Hunk #3 succeeded at 42.
Hunk #4 succeeded at 71.
done

At last we are ready to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 client. It's fairly simple.

taosecurity:/root/scripts# ./sguil_client_install.sh
Starting Sguil client installation.
...edited...
Sguil client installation finished.

I'd like to share a few words on requirements for running cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se scripts.

  • Make sure you have users sguil and analyst on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system.

  • With FreeBSD 5.4, I applied cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 User installation. I manually extracted cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ports tree by downloading it from ftp://ftp.freebsd.org/pub/FreeBSD/ports/ports-current/ports.tar.gz and extracting it in /usr. I did that because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ports tree on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CD is 10 months old.

  • If you create a system with DHCP, make sure you have an entry in /etc/hosts for 127.0.0.1 and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 name of your sensor, like 'taosecurity taosecurity.taosecurity.com'.


Here are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 open ports on a system where all components are running. I omit sshd.

taosecurity:/home/analyst$ sockstat -4 | grep -v sshd
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
sguil barnyard 717 12 tcp4 127.0.0.1:51062 127.0.0.1:7735
sguil tclsh8.4 701 3 tcp4 127.0.0.1:53610 127.0.0.1:7736
sguil tclsh8.4 701 4 tcp4 127.0.0.1:7735 *:*
sguil tclsh8.4 701 6 tcp4 127.0.0.1:7735 127.0.0.1:51062
sguil tclsh8.4 672 12 tcp4 *:7734 *:*
sguil tclsh8.4 672 13 tcp4 127.0.0.1:7736 *:*
sguil tclsh8.4 672 14 tcp4 127.0.0.1:7736 127.0.0.1:53610
mysql mysqld 505 10 tcp4 127.0.0.1:3306 *:*
root sendmail 430 3 tcp4 127.0.0.1:25 *:*
root syslogd 315 6 udp4 *:514 *:*
root dhclient 247 4 udp4 *:68 *:*

I plan to post cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new VM when I get a chance.

Promiscuous Mode on Linux VMware Server Beta

I've been writing about deploying VMware Server Beta on Debian. Today I tried my Sguil VM and found I could not sniff all traffic on lnc1. I could only see broadcast traffic (ARP, DHCP, etc.). That indicated lnc1 was not seeing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 physical interface in promiscuous mode.

I have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 lnc1 interface corresponding to /dev/vmnet2, which is bridged to eth1 on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Linux host. After checking to be sure eth1 was up and could see all traffic as I expected, I couldn't think of a reason why lnc1 wouldn't see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same. I did not have this problem on Windows when I wrote about it.

Luckily I found this GSX document which said:

GSX Server does not allow cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 virtual Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet adapter to go into promiscuous mode unless cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 user running GSX Server has permission to make that setting. This follows cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 standard Linux practice that only root can put a network interface into promiscuous mode.

Well, I have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware Server components running as root.

If you want all users to be able to set cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 virtual Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet adapter (/dev/vmnet0 in our example) to promiscuous mode, you can simply run cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 host operating system as root.

chmod a+rw /dev/vmnet0

That sounded promising. I looked at my /dev/vmnet* first:

donato:/dev# ls -al vmnet*
crw------- 1 root root 119, 0 Mar 23 08:21 vmnet0
crw------- 1 root root 119, 1 Mar 23 08:21 vmnet1
crw------- 1 root root 119, 2 Mar 23 08:22 vmnet2
crw------- 1 root root 119, 3 Mar 23 08:21 vmnet3
crw------- 1 root root 119, 4 Mar 23 08:21 vmnet4
crw------- 1 root root 119, 5 Mar 23 08:21 vmnet5
crw------- 1 root root 119, 6 Mar 23 08:21 vmnet6
crw------- 1 root root 119, 7 Mar 23 08:21 vmnet7
crw------- 1 root root 119, 8 Mar 23 08:21 vmnet8
crw------- 1 root root 119, 9 Mar 23 08:21 vmnet9

Following cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 article's advice:

donato:/dev# chmod a+rw /dev/vmnet2
donato:/dev# ls -al vmnet*
crw------- 1 root root 119, 0 Mar 23 08:21 vmnet0
crw------- 1 root root 119, 1 Mar 23 08:21 vmnet1
crw-rw-rw- 1 root root 119, 2 Mar 23 08:22 vmnet2
crw------- 1 root root 119, 3 Mar 23 08:21 vmnet3
crw------- 1 root root 119, 4 Mar 23 08:21 vmnet4
crw------- 1 root root 119, 5 Mar 23 08:21 vmnet5
crw------- 1 root root 119, 6 Mar 23 08:21 vmnet6
crw------- 1 root root 119, 7 Mar 23 08:21 vmnet7
crw------- 1 root root 119, 8 Mar 23 08:21 vmnet8
crw------- 1 root root 119, 9 Mar 23 08:21 vmnet9

Success. Now I can sniff all traffic in promiscuous mode on lnc1.

Reprinting BSD History

William and Lynne Jolitz issued a press release announcing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reprinting of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir 1991-1992 series of articles Porting UNIX to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 386. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 press release: "The series covered all aspects of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 project, from its inception in mid-1989 as a personal project done under cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 auspices of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 University of California at Berkeley to its first complete operational open source release on March 17th, 1992 of 386BSD Release 0.0 -- 386BSD releases are officially 14 years old today [17 March]."

Anyone interested in Unix and BSD history will like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se articles. Thus far two are online, with more to come.

Wednesday, March 22, 2006

Short Note Regarding VMware Server Beta and VMware Server Console

Yesterday I posted experiences with VMware Server Beta. I repeated cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installation process on a normal Intel laptop running Debian and I had no problems, save one. When I tried to connect to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware Server using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware Server Console (running on Windows 2000), I could never see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM screen appear. The VM seemed to be running fine, but I had cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same problem as described in this forum thread. Luckily, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fix in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 thread worked for me too; I set cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 permissions on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 .vmx file to 755 and I was able to see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM screen in VMware Server Console.

The only unfortunate aspect of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 endeavor was cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 limitations of my hardware. Although everything runs, a 366 MHz PII laptop with 287 MB (?) RAM does not a good VMware Server make.

Also: /usr/lib/vmware-mui/apache/bin/apachectl controls VMware's httpd server.

Anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r note: I had to rerun vmware-config.pl to change networking options. When I did that, I lost httpd. To restore it, I had to run vmware-config-mui.pl.

Tuesday, March 21, 2006

VMware Server Beta on Debian Status Report

I previously reported running FreeBSD 6.0 on my Hacom Lex Twister VIA 1 GHz Nehemiah. Today I decided to install Debian on it. I will warn you now that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 majority of this post is documentation for my own reference, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hope it might help someone else. If you're looking for short, pithy security insights, today is not your day.

I used a USB-connected external CD burner as my installation source. The Hacom is very temperamental with it. I had to disable all booting sources except cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 USB-CD. Next I booted cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Hacom with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 USB-CD off. Once I got an error from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 BIOS about a lack of bootable devices, I cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n turn on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 USB-CD and press to try booting again.

Installing Debian on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Hacom was fairly painless. I did not add any packages with aptitude during cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installation. That meant cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following packages were installed.

hacom:~# dpkg --list
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==============-==============-============================================
ii adduser 3.63 Add and remove users and groups
ii apt 0.5.28.6 Advanced front-end for dpkg
ii apt-utils 0.5.28.6 APT utility programs
ii aptitude 0.2.15.9-2 terminal-based apt frontend
ii at 3.1.8-11 Delayed job execution and batch processing
ii base-config 2.53.10 Debian base system configurator
ii base-files 3.1.2 Debian base system miscellaneous files
ii base-passwd 3.5.9 Debian base system master password and group
ii bash 2.05b-26 The GNU Bourne Again SHell
ii bsdmainutils 6.0.17 collection of more utilities from FreeBSD
ii bsdutils 2.12p-4sarge1 Basic utilities from 4.4BSD-Lite
ii console-common 0.7.49 Basic infrastructure for text console config
ii console-data 2002.12.04dbs- Keymaps, fonts, charset maps, fallback table
ii console-tools 0.2.3dbs-56 Linux console and font utilities
ii coreutils 5.2.1-2 The GNU core utilities
ii cpio 2.5-1.3 GNU cpio -- a program to manage archives of
ii cramfsprogs 1.1-6 Tools for CramFs (Compressed ROM File System
ii cron 3.0pl1-86 management of regular background processing
ii dash 0.5.2-5 The Debian Almquist Shell
ii debconf 1.4.30.13 Debian configuration management system
ii debconf-i18n 1.4.30.13 full internationalization support for debcon
ii debianutils 2.8.4 Miscellaneous utilities specific to Debian
ii dhcp-client 2.0pl5-19.1 DHCP Client
ii diff 2.8.1-11 File comparison utilities
ii discover1 1.7.7 hardware identification system
ii discover1-data 1.2005.01.08 hardware lists for libdiscover1
ii dpkg 1.10.28 Package maintenance system for Debian
ii dselect 1.10.28 a user tool to manage Debian packages
ii e2fslibs 1.37-2sarge1 ext2 filesystem libraries
ii e2fsprogs 1.37-2sarge1 ext2 file system utilities and libraries
ii ed 0.2-20 The classic unix line editor
ii eject 2.0.13deb-8sar ejects CDs and operates CD-Changers under Li
ii exim4 4.50-8 metapackage to ease exim MTA (v4) installati
ii exim4-base 4.50-8 support files for all exim MTA (v4) packages
ii exim4-config 4.50-8 configuration for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 exim MTA (v4)
ii exim4-daemon-l 4.50-8 lightweight exim MTA (v4) daemon
ii fdutils 5.4-20040228-1 Linux floppy utilities
ii findutils 4.1.20-6 utilities for finding files--find, xargs, an
ii gcc-3.3-base 3.3.5-13 The GNU Compiler Collection (base package)
ii gettext-base 0.14.4-2 GNU Internationalization utilities for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 b
ii grep 2.5.1.ds1-4 GNU grep, egrep and fgrep
ii groff-base 1.18.1.1-7 GNU troff text-formatting system (base syste
ii grub 0.95+cvs200406 GRand Unified Bootloader
ii gzip 1.3.5-10sarge1 The GNU compression utility
ii hostname 2.13 A utility to set/show cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 host name or domai
ii hotplug 0.0.20040329-2 Linux Hotplug Scripts
ii ifupdown 0.6.7 high level tools to configure network interf
ii info 4.7-2.2 Standalone GNU Info documentation browser
ii initrd-tools 0.1.81.1 tools to create initrd image for prepackaged
ii initscripts 2.86.ds1-1 Standard scripts needed for booting and shut
ii ipchains 1.3.10-15 Network firewalling for Linux 2.2.x
ii iptables 1.2.11-10 Linux kernel 2.4+ iptables administration to
ii iputils-ping 20020927-2 Tools to test cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reachability of network ho
ii kernel-image-2 2.4.27-10sarge Linux kernel image for version 2.4.27 on 386
ii kernel-pcmcia- 2.4.27-10sarge Mainstream PCMCIA modules 2.4.27 on 386
ii klogd 1.4.1-17 Kernel Logging Daemon
ii libacl1 2.2.23-1 Access control list shared library
ii libattr1 2.4.16-1 Extended attribute shared library
ii libblkid1 1.37-2sarge1 block device id library
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries and Timezone
ii libcap1 1.10-14 support for getting/setting POSIX.1e capabil
ii libcomerr2 1.37-2sarge1 common error description library
ii libconsole 0.2.3dbs-56 Shared libraries for Linux console and font
ii libdb1-compat 2.1.3-7 The Berkeley database routines [glibc 2.0/2.
ii libdb3 3.2.9-22 Berkeley v3 Database Libraries [runtime]
ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [runtime]
ii libdiscover1 1.7.7 hardware identification library
ii libgcc1 3.4.3-13 GCC support library
ii libgcrypt11 1.2.0-11.1 LGPL Crypto library - runtime library
ii libgdbm3 1.8.3-2 GNU dbm database routines (runtime version)
ii libgnutls11 1.0.16-13.1 GNU TLS library - runtime library
ii libgpg-error0 1.0-1 library for common error values and messages
ii liblocale-gett 1.01-17 Using libc functions for internationalizatio
ii liblockfile1 1.06 NFS-safe locking library, includes dotlockfi
ii liblzo1 1.08-1.2 A real-time data compression library
ii libncurses5 5.4-4 Shared libraries for terminal handling
ii libnewt0.51 0.51.6-20 Not Erik's Windowing Toolkit - text mode win
ii libopencdk8 0.5.5-10 Open Crypto Development Kit (OpenCDK) (runti
ii libpam-modules 0.76-22 Pluggable Aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication Modules for PAM
ii libpam-runtime 0.76-22 Runtime support for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PAM library
ii libpam0g 0.76-22 Pluggable Aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication Modules library
ii libpcap0.7 0.7.2-7 System interface for user-level packet captu
ii libpcre3 4.5-1.2sarge1 Perl 5 Compatible Regular Expression Library
ii libpopt0 1.7-5 lib for parsing cmdline parameters
ii libsigc++-1.2- 1.2.5-4 type-safe Signal Framework for C++ - runtime
ii libss2 1.37-2sarge1 command-line interface parsing library
ii libssl0.9.7 0.9.7e-3sarge1 SSL shared libraries
ii libstdc++5 3.3.5-13 The GNU Standard C++ Library v3
ii libtasn1-2 0.2.10-3 Manage ASN.1 structures (runtime)
ii libtext-charwi 0.04-1 get display widths of characters on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 term
ii libtext-iconv- 1.2-3 Convert between character sets in Perl
ii libtext-wrapi1 0.06-1 internationalized substitute of Text::Wrap
ii libtextwrap1 0.1-1 text-wrapping library with i18n - runtime
ii libusb-0.1-4 0.1.10a-9.sarg userspace USB programming library
ii libuuid1 1.37-2sarge1 universally unique id library
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers library
ii locales 2.3.2.ds1-22 GNU C Library: National Language (locale) da
ii login 4.0.3-31sarge5 system login tools
ii logrotate 3.7-5 Log rotation utility
ii mailx 8.1.2-0.200405 A simple mail user agent
ii makedev 2.3.1-77 creates device files in /dev
ii man-db 2.4.2-21 The on-line manual pager
ii manpages 1.70-1 Manual pages about using a GNU/Linux system
ii mawk 1.3.3-11 a pattern scanning and text processing langu
ii modutils 2.4.26-1.2 Linux module utilities
ii mount 2.12p-4sarge1 Tools for mounting and manipulating filesyst
ii nano 1.2.4-5 free Pico clone with some new features
ii ncurses-base 5.4-4 Descriptions of common terminal types
ii ncurses-bin 5.4-4 Terminal-related programs and man pages
ii net-tools 1.60-10 The NET-3 networking toolkit
ii netbase 4.21 Basic TCP/IP networking system
ii netkit-inetd 0.10-10 The Internet Superserver
ii nvi 1.79-22 4.4BSD re-implementation of vi
ii passwd 4.0.3-31sarge5 change and administer password and group dat
ii pciutils 2.1.11-15 Linux PCI Utilities
ii pcmcia-cs 3.2.5-10 PCMCIA Card Services for Linux
ii perl-base 5.8.4-8 The Pathologically Eclectic Rubbish Lister
ii ppp 2.4.3-20050321 Point-to-Point Protocol (PPP) daemon
ii pppconfig 2.3.11 A text menu based utility for configuring pp
ii pppoe 3.5-4 PPP over Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet driver
ii pppoeconf 1.7 configures PPPoE/ADSL connections
ii procps 3.2.1-2 The /proc file system utilities
ii psmisc 21.5-1 Utilities that use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 proc filesystem
ii sed 4.1.2-8 The GNU sed stream editor
ii slang1a-utf8 1.4.9dbs-8 The S-Lang programming library with utf8 sup
ii sysklogd 1.4.1-17 System Logging Daemon
ii sysv-rc 2.86.ds1-1 Standard boot mechanism using symlinks in /e
ii sysvinit 2.86.ds1-1 System-V like init
ii tar 1.14-2 GNU tar
ii tasksel 2.24 Tool for selecting tasks for installation on
ii tcpd 7.6.dbs-8 Wietse Venema's TCP wrapper utilities
ii telnet 0.17-29 The telnet client
ii usbutils 0.70-8 USB console utilities
ii util-linux 2.12p-4sarge1 Miscellaneous system utilities
ii wget 1.9.1-12 retrieves files from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 web
ii whiptail 0.51.6-20 Displays user-friendly dialog boxes from she
ii zlib1g 1.2.2-4.sarge. compression library - runtime

That's pretty sparse. No SSH, no FTP client!

Here's my partioning scheme:

hacom:~# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda1 250M 52M 186M 22% /
tmpfs 245M 0 245M 0% /dev/shm
/dev/hda3 4.6G 33M 4.4G 1% /home
/dev/hda8 361M 8.1M 334M 3% /tmp
/dev/hda5 4.6G 122M 4.3G 3% /usr
/dev/hda6 2.8G 77M 2.6G 3% /var
/dev/hda4 216G 33M 205G 1% /vmware

The first packaged I added was SSH:

hacom:~# apt-get install ssh

After answering some sensible curses-based questions, I had SSH listening on port 22.

At this point I'm going to post my dmesg output here for those of you who want to know how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 internals are recognized.

Linux version 2.4.27-2-386 (horms@tabatha.lab.ultramonkey.org)
(gcc version 3.3.5 (Debian 1:3.3.5-13)) #1 Wed Aug 17 09:33:35 UTC 2005
BIOS-provided physical RAM map:
BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved)
BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved)
BIOS-e820: 0000000000100000 - 000000001eff0000 (usable)
BIOS-e820: 000000001eff0000 - 000000001eff3000 (ACPI NVS)
BIOS-e820: 000000001eff3000 - 000000001f000000 (ACPI data)
BIOS-e820: 00000000ffff0000 - 0000000100000000 (reserved)
495MB LOWMEM available.
On node 0 totalpages: 126960
zone(0): 4096 pages.
zone(1): 122864 pages.
zone(2): 0 pages.
ACPI: RSDP (v000 CLE266 ) @ 0x000f69b0
ACPI: RSDT (v001 CLE266 AWRDACPI 0x42302e31 AWRD 0x00000000) @ 0x1eff3000
ACPI: FADT (v001 CLE266 AWRDACPI 0x42302e31 AWRD 0x00000000) @ 0x1eff3040
ACPI: DSDT (v001 CLE266 AWRDACPI 0x00001000 MSFT 0x0100000e) @ 0x00000000
Kernel command line: root=/dev/hda1 ro
No local APIC present or hardware disabled
Initializing CPU#0
Detected 1002.300 MHz processor.
Console: colour VGA+ 80x25
Calibrating delay loop... 1998.84 BogoMIPS
Memory: 496364k/507840k available (1069k kernel code, 11088k reserved, 459k data, 96k init, 0k highmem)
Dentry cache hash table entries: 65536 (order: 7, 524288 bytes)
Inode cache hash table entries: 32768 (order: 6, 262144 bytes)
Mount cache hash table entries: 512 (order: 0, 4096 bytes)
Buffer cache hash table entries: 32768 (order: 5, 131072 bytes)
Page-cache hash table entries: 131072 (order: 7, 524288 bytes)
CPU: L1 I Cache: 64K (32 bytes/line), D cache 64K (32 bytes/line)
CPU: L2 Cache: 64K (32 bytes/line)
CPU: After generic, caps: 0381b83f 00000000 00000000 00000000
CPU: Common caps: 0381b83f 00000000 00000000 00000000
CPU: Centaur VIA Nehemiah stepping 08
Enabling fast FPU save and restore... done.
Enabling unmasked SIMD FPU exception support... done.
Checking 'hlt' instruction... OK.
Checking for popad bug... OK.
POSIX conformance testing by UNIFIX
ACPI: Subsystem revision 20040326
ACPI: Interpreter disabled.
PCI: PCI BIOS revision 2.10 entry at 0xfb400, last bus=3
PCI: Using configuration type 1
PCI: Probing PCI hardware
PCI: ACPI tables contain no PCI IRQ routing entries
PCI: Probing PCI hardware (bus 00)
PCI: Using IRQ router VIA [1106/3177] at 00:11.0
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Initializing RT netlink socket
Starting kswapd
VFS: Disk quotas vdquot_6.5.1
devfs: v1.12c (20020818) Richard Gooch (rgooch@atnf.csiro.au)
devfs: boot_options: 0x0
pty: 256 Unix98 ptys configured
Serial driver version 5.05c (2001-07-08) with HUB-6 MANY_PORTS MULTIPORT SHARE_IRQ SERIAL_PCI enabled
ttyS00 at 0x03f8 (irq = 4) is a 16550A
COMX: driver version 0.85 (C) 1995-1999 ITConsult-Pro Co.
RAMDISK driver initialized: 16 RAM disks of 8192K size 1024 blocksize
Initializing Cryptographic API
NET4: Linux TCP/IP 1.0 for NET4.0
IP: routing cache hash table of 4096 buckets, 32Kbytes
TCP: Hash tables configured (established 32768 bind 65536)
Linux IP multicast router 0.06 plus PIM-SM
RAMDISK: cramfs filesystem found at block 0
RAMDISK: Loading 3692 blocks [1 disk] into ram disk... done.
Freeing initrd memory: 3692k freed
VFS: Mounted root (cramfs filesystem).
Freeing unused kernel memory: 96k freed
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
Uniform Multi-Platform E-IDE driver Revision: 7.00beta4-2.4
ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
ide: late registration of driver.
VP_IDE: IDE controller at PCI slot 00:11.1
VP_IDE: chipset revision 6
VP_IDE: not 100% native mode: will probe irqs later
ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
VP_IDE: VIA vt8235 (rev 00) IDE UDMA133 controller on pci00:11.1
ide0: BM-DMA at 0xee00-0xee07, BIOS settings: hda:DMA, hdb:pio
ide1: BM-DMA at 0xee08-0xee0f, BIOS settings: hdc:pio, hdd:pio
hda: WDC WD2500SB-01KBC0, ATA DISK drive
blk: queue df825b60, I/O limit 4095Mb (mask 0xffffffff)
ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
hda: attached ide-disk driver.
hda: 488397168 sectors (250059 MB) w/8192KiB Cache, CHS=30401/255/63, UDMA(33)
Partition check:
/dev/ide/host0/bus0/target0/lun0: p1 p2 < p5 p6 p7 p8 > p3 p4
Journalled Block Device driver loaded
kjournald starting. Commit interval 5 seconds
EXT3-fs: mounted filesystem with ordered data mode.
Adding Swap: 1502036k swap-space (priority -1)
EXT3 FS 2.4-0.9.19, 19 August 2002 on ide0(3,1), internal journal
SCSI subsystem driver Revision: 1.00
kjournald starting. Commit interval 5 seconds
EXT3 FS 2.4-0.9.19, 19 August 2002 on ide0(3,3), internal journal
EXT3-fs: mounted filesystem with ordered data mode.
kjournald starting. Commit interval 5 seconds
EXT3 FS 2.4-0.9.19, 19 August 2002 on ide0(3,8), internal journal
EXT3-fs: mounted filesystem with ordered data mode.
kjournald starting. Commit interval 5 seconds
EXT3 FS 2.4-0.9.19, 19 August 2002 on ide0(3,5), internal journal
EXT3-fs: mounted filesystem with ordered data mode.
kjournald starting. Commit interval 5 seconds
EXT3 FS 2.4-0.9.19, 19 August 2002 on ide0(3,6), internal journal
EXT3-fs: mounted filesystem with ordered data mode.
kjournald starting. Commit interval 5 seconds
EXT3 FS 2.4-0.9.19, 19 August 2002 on ide0(3,4), internal journal
EXT3-fs: mounted filesystem with ordered data mode.
Linux Kernel Card Services 3.1.22
options: [pci] [cardbus] [pm]
PCI: Found IRQ 11 for device 00:0c.0
PCI: Sharing IRQ 11 with 00:08.0
PCI: Sharing IRQ 11 with 00:10.0
PCI: Found IRQ 5 for device 00:0c.1
PCI: Sharing IRQ 5 with 00:09.0
PCI: Sharing IRQ 5 with 00:10.1
Yenta ISA IRQ mask 0x0008, PCI irq 11
Socket status: 30000006
Yenta ISA IRQ mask 0x0008, PCI irq 5
Socket status: 30000006
irda_init()
Intel(R) PRO/1000 Network Driver - version 5.2.52-k3
Copyright (c) 1999-2004 Intel Corporation.
PCI: Found IRQ 11 for device 00:08.0
PCI: Sharing IRQ 11 with 00:0c.0
PCI: Sharing IRQ 11 with 00:10.0
e1000: eth0: e1000_probe: Intel(R) PRO/1000 Network Connection
PCI: Found IRQ 5 for device 00:09.0
PCI: Sharing IRQ 5 with 00:0c.1
PCI: Sharing IRQ 5 with 00:10.1
e1000: eth1: e1000_probe: Intel(R) PRO/1000 Network Connection
PCI: Found IRQ 10 for device 00:0a.0
PCI: Sharing IRQ 10 with 00:10.2
PCI: Sharing IRQ 10 with 00:11.5
e1000: eth2: e1000_probe: Intel(R) PRO/1000 Network Connection
Via 686a/8233/8235 audio driver 1.9.1-ac3
PCI: Found IRQ 10 for device 00:11.5
PCI: Sharing IRQ 10 with 00:0a.0
PCI: Sharing IRQ 10 with 00:10.2
via82cxxx: Six channel audio available
PCI: Setting latency timer of device 00:11.5 to 64
ac97_codec: AC97 Audio codec, id: VIA97 (Unknown)
via82cxxx: board #1 at 0xEF00, IRQ 10
usb.c: registered new driver usbdevfs
usb.c: registered new driver hub
usb-uhci.c: $Revision: 1.275 $ time 09:50:48 Aug 17 2005
usb-uhci.c: High bandwidth mode enabled
PCI: Found IRQ 11 for device 00:10.0
PCI: Sharing IRQ 11 with 00:08.0
PCI: Sharing IRQ 11 with 00:0c.0
usb-uhci.c: USB UHCI at I/O 0xeb00, IRQ 11
usb-uhci.c: Detected 2 ports
usb.c: new USB bus registered, assigned bus number 1
hub.c: USB hub found
hub.c: 2 ports detected
PCI: Found IRQ 5 for device 00:10.1
PCI: Sharing IRQ 5 with 00:09.0
PCI: Sharing IRQ 5 with 00:0c.1
usb-uhci.c: USB UHCI at I/O 0xec00, IRQ 5
usb-uhci.c: Detected 2 ports
usb.c: new USB bus registered, assigned bus number 2
hub.c: USB hub found
hub.c: 2 ports detected
PCI: Found IRQ 10 for device 00:10.2
PCI: Sharing IRQ 10 with 00:0a.0
PCI: Sharing IRQ 10 with 00:11.5
usb-uhci.c: USB UHCI at I/O 0xed00, IRQ 10
usb-uhci.c: Detected 2 ports
usb.c: new USB bus registered, assigned bus number 3
hub.c: USB hub found
hub.c: 2 ports detected
usb-uhci.c: v1.275:USB Universal Host Controller Interface driver
PCI: Found IRQ 7 for device 00:10.3
ehci_hcd 00:10.3: VIA Technologies, Inc. USB 2.0
ehci_hcd 00:10.3: irq 7, pci mem df9f5000
usb.c: new USB bus registered, assigned bus number 4
ehci_hcd 00:10.3: USB 2.0 enabled, EHCI 1.00, driver 2003-Dec-29/2.4
hub.c: USB hub found
hub.c: 6 ports detected
irda_init()
uhci.c: USB Universal Host Controller Interface driver v1.1
pci_hotplug: PCI Hot Plug PCI Core version: 0.5
shpchp: acpi_shpchprm:get_device PCI ROOT HID fail=0x1001
pci_hotplug: PCI Hot Plug PCI Core version: 0.5
pciehp: acpi_pciehprm:get_device PCI ROOT HID fail=0x1001
e1000: eth0: e1000_watchdog: NIC Link is Up 100 Mbps Full Duplex
Real Time Clock Driver v1.10f
cs: IO port probe 0x0100-0x04ff: excluding 0x170-0x177 0x370-0x377 0x4d0-0x4d7
cs: IO port probe 0x0800-0x08ff: clean.
cs: IO port probe 0x0c00-0x0cff: clean.
cs: IO port probe 0x0a00-0x0aff: clean.

With that out of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 way, we can talk about why I'm installing Debian on this box. I'd like to run VMware Server Beta on it. Sure, Debian is not an officially supported platform, but I read this post from a few days ago and thought "this can work."

The original post that gave me hope to run VMware Server Beta on Debian mentioned cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 requirement to add several packages. I added cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following. Note that I use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 correct package names, while cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 post does not.

hacom:~# apt-get install kernel-source-2.4.27
hacom:~# apt-get install kernel-headers-2.4.27-2-386
hacom:~# apt-get install build-essential

With cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se packages installed, I set up cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 kernel files as outlined in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 post.

hacom:/usr/src# bzip2 -d kernel-source-2.4.27.tar.bz2
hacom:/usr/src# tar -xf kernel-source-2.4.27.tar
hacom:/usr/src# ln -s kernel-source-2.4.27 linux
hacom:/usr/src# mv /usr/src/kernel-source-2.4.27/include /usr/src/kernel-source-2.4.27/include.orig
hacom:/usr/src# ln -s /usr/src/kernel-headers-2.4.27-2-386/include /usr/src/kernel-source-2.4.27/include

Now I was ready to extract cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware archives and try installing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m.

hacom:/tmp# cd /usr/local/src
hacom:/usr/local/src# ls
VMware-mui-e.x.p-22088.tar.gz VMware-server-e.x.p-22088.tar.gz
hacom:/usr/local/src# tar -xzf VMware-server-e.x.p-22088.tar.gz
hacom:/usr/local/src# cd vmware-server-distrib/
hacom:/usr/local/src/vmware-server-distrib# ls
FILES bin doc etc installer lib man sbin vmware-install.pl
hacom:/usr/local/src/vmware-server-distrib# ./vmware-install.pl
Creating a new installer database using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tar3 format.

Installing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 package.

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 binary files?
[/usr/bin]

What is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory that contains cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 init directories (rc0.d/ to rc6.d/)?
[/etc]

What is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory that contains cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 init scripts?
[/etc/init.d]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 daemon files?
[/usr/sbin]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 library files?
[/usr/lib/vmware]

The path "/usr/lib/vmware" does not exist currently. This program is going to
create it, including needed parent directories. Is this what you want? [yes]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 manual files?
[/usr/share/man]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 documentation files?
[/usr/share/doc/vmware]

The path "/usr/share/doc/vmware" does not exist currently. This program is going
to create it, including needed parent directories. Is this what you want?
[yes]

The installation of VMware Server e.x.p build-22088 for Linux completed
successfully. You can decide to remove this software from your system at any
time by invoking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command: "/usr/bin/vmware-uninstall.pl".

Before running VMware Server for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first time, you need to configure it by
invoking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command: "/usr/bin/vmware-config.pl". Do you want this
program to invoke cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 command for you now? [yes]

The correct version of one or more libraries needed to run VMware Server may be
missing. This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 output of ldd /usr/bin/vmware:
libm.so.6 => /lib/libm.so.6 (0x4001a000)
libdl.so.2 => /lib/libdl.so.2 (0x4003c000)
libpthread.so.0 => /lib/libpthread.so.0 (0x4003f000)
libX11.so.6 => not found
libXtst.so.6 => not found
libXext.so.6 => not found
libXt.so.6 => not found
libICE.so.6 => not found
libSM.so.6 => not found
libXrender.so.1 => not found
libz.so.1 => /usr/lib/libz.so.1 (0x40092000)
libc.so.6 => /lib/libc.so.6 (0x400a4000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

This program cannot tell for sure, but you may need to upgrade libc5 to glibc
before you can run VMware Server.

Hit enter to continue.

At this point I knew I had a problem. I didn't like seeing all of those "not found" messages, so I aborted and added cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 necessary packages.

hacom:~# apt-get install libx11-6
hacom:~# apt-get install libxtst6
hacom:~# apt-get install libxt6
hacom:~# apt-get install libxrender1

When I later ran into trouble starting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Web-based interface to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 server, I realized I needed to add cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se packages too:

hacom:~# apt-get install libdb2
hacom:~# apt-get install libxi6

Now I was ready to try installing VMware Server again.

hacom:/usr/local/src/vmware-server-distrib# ./vmware-install.pl

Installing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 package.

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 binary files?
[/usr/bin]

What is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory that contains cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 init directories (rc0.d/ to rc6.d/)?
[/etc]

What is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory that contains cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 init scripts?
[/etc/init.d]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 daemon files?
[/usr/sbin]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 library files?
[/usr/lib/vmware]

The path "/usr/lib/vmware" does not exist currently. This program is going to
create it, including needed parent directories. Is this what you want? [yes]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 manual files?
[/usr/share/man]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 documentation files?
[/usr/share/doc/vmware]

The path "/usr/share/doc/vmware" does not exist currently. This program is going
to create it, including needed parent directories. Is this what you want?
[yes]

The installation of VMware Server e.x.p build-22088 for Linux completed
successfully. You can decide to remove this software from your system at any
time by invoking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command: "/usr/bin/vmware-uninstall.pl".

Before running VMware Server for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first time, you need to configure it by
invoking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command: "/usr/bin/vmware-config.pl". Do you want this
program to invoke cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 command for you now? [yes]

Making sure services for VMware Server are stopped.

Stopping VMware services:
Virtual machine monitor done
Bridged networking on /dev/vmnet0 done
DHCP server on /dev/vmnet1 done
Host-only networking on /dev/vmnet1 done
Bridged networking on /dev/vmnet2 done
Bridged networking on /dev/vmnet3 done
DHCP server on /dev/vmnet8 done
NAT service on /dev/vmnet8 done
Host-only networking on /dev/vmnet8 done
Virtual ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet done

You must read and accept cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 End User License Agreement to continue.
Press enter to display it.
...omitted...
Do you accept? (yes/no) yes

Thank you.

Configuring fallback GTK+ 2.4 libraries.

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mime type icons?

Do you accept? (yes/no) yes

Thank you.

Configuring fallback GTK+ 2.4 libraries.

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mime type icons?
[/usr/share/icons]

The path "/usr/share/icons" does not exist currently. This program is going to
create it, including needed parent directories. Is this what you want? [yes]

What directory contains your desktop menu entry files? These files have a
.desktop file extension. [/usr/share/applications]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 application's icon?
[/usr/share/pixmaps]

Trying to find a suitable vmmon module for your running kernel.

None of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pre-built vmmon modules for VMware Server is suitable for your
running kernel. Do you want this program to try to build cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vmmon module for
your system (you need to have a C compiler installed on your system)? [yes]

Using compiler "/usr/bin/gcc". Use environment variable CC to override.

What is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 location of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory of C header files that match your running
kernel? [/lib/modules/2.4.27-2-386/build/include]

Extracting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sources of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vmmon module.

Building cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vmmon module.

Using standalone build system.
make: Entering directory `/tmp/vmware-config0/vmmon-only'
make[1]: Entering directory `/tmp/vmware-config0/vmmon-only'
make[2]: Entering directory `/tmp/vmware-config0/vmmon-only/driver-2.4.27-2-386'
make[2]: Leaving directory `/tmp/vmware-config0/vmmon-only/driver-2.4.27-2-386'
make[2]: Entering directory `/tmp/vmware-config0/vmmon-only/driver-2.4.27-2-386'
make[2]: Leaving directory `/tmp/vmware-config0/vmmon-only/driver-2.4.27-2-386'
make[1]: Leaving directory `/tmp/vmware-config0/vmmon-only'
make: Leaving directory `/tmp/vmware-config0/vmmon-only'
The module loads perfectly in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 running kernel.

You have already setup networking.

Would you like to skip networking setup and keep your old settings as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are?
(yes/no) [yes]

I'm cheating here because I don't have output from my first run, where I set up networking. All I originally did was set up eth0 as a bridge for vmnet0. I set up eth1 as a bridge for vmnet2, and I also bridged eth2.

Extracting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sources of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vmnet module.

Building cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vmnet module.

Using standalone build system.
make: Entering directory `/tmp/vmware-config0/vmnet-only'
make: Leaving directory `/tmp/vmware-config0/vmnet-only'
The module loads perfectly in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 running kernel.

/etc/init.d/httpd.vmware: line 120: status: command not found
Please specify a port for remote console connections to use [902]

Restarting internet superserver: inetd.
Configuring cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware VmPerl Scripting API.

Building cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware VmPerl Scripting API.

Using compiler "/usr/bin/gcc". Use environment variable CC to override.

Installing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware VmPerl Scripting API.

The installation of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware VmPerl Scripting API succeeded.

Do you want this program to set up permissions for your registered virtual
machines? This will be done by setting new permissions on all files found in
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "/etc/vmware/vm-list" file. [no]

Generating SSL Server Certificate

In which directory do you want to keep your virtual machine files?
[/vmware]

Do you want to enter a serial number now? (yes/no/help) [no]

Starting VMware services:
Virtual machine monitor done
Virtual ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet done
Bridged networking on /dev/vmnet0 done
Host-only networking on /dev/vmnet1 (background) done
Bridged networking on /dev/vmnet2 done
Bridged networking on /dev/vmnet3 done
Host-only networking on /dev/vmnet8 (background) done
NAT service on /dev/vmnet8 done
Starting VMware virtual machines... done

The configuration of VMware Server e.x.p build-22088 for Linux for this running
kernel completed successfully.

Now I was ready to set up cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware Management Interface.

hacom:/usr/local/src/vmware-server-distrib# cd ..
hacom:/usr/local/src# ls
VMware-mui-e.x.p-22088.tar.gz VMware-server-e.x.p-22088.tar.gz vmware-mui-distrib vmware-server-distrib
hacom:/usr/local/src# cd vmware-mui-distrib/
hacom:/usr/local/src/vmware-mui-distrib# ls
bin console-distrib doc etc mui vmware-install.pl
hacom:/usr/local/src/vmware-mui-distrib# ./vmware-install.pl
A previous installation of VMware software has been detected.

The previous installation was made by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tar installer (version 3).

Keeping cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tar3 installer database format.

Uninstalling cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tar installation of VMware Management Interface.

Shutting down http.vmware: done

This program previously created cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory /var/log/vmware-mui, and was about
to remove it. Since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are files in that directory that this program did not
create, it will not be removed.

The removal of VMware Management Interface e.x.p build-22088 for Linux completed
successfully. Thank you for having tried this software.

You must read and accept cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 End User License Agreement to continue.
Press enter to display it.
...omitted...
Do you accept? (yes/no) yes

Thank you.

Installing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 package.

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 binary files?
[/usr/bin]

What is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory that contains cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 init directories (rc0.d/ to rc6.d/)?
[/etc]

What is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory that contains cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 init scripts?
[/etc/init.d]

In which directory do you want to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware Management Interface files?
[/usr/lib/vmware-mui]

The path "/usr/lib/vmware-mui" does not exist currently. This program is going
to create it, including needed parent directories. Is this what you want?
[yes]

In which directory would you like to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 documentation files?
[/usr/lib/vmware-mui/doc]

The path "/usr/lib/vmware-mui/doc" does not exist currently. This program is
going to create it, including needed parent directories. Is this what you want?
[yes]

The installation of VMware Management Interface e.x.p build-22088 for Linux
completed successfully. You can decide to remove this software from your system
at any time by invoking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command:
"/usr/bin/vmware-uninstall-mui.pl".

Before running VMware Management Interface for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first time, you need to
configure it by invoking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command: "/usr/bin/vmware-config-mui.pl".
Do you want this program to invoke cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 command for you now? [yes]

Configuring httpd.conf to run Apache as:
User: www-data and Group: nogroup

Set cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 number of minutes before a http session times out. (This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 length
of time before someone connecting to VMware Management Interface will be logged
out) [60]

Generating SSL Server Certificate

Starting httpd.vmware: done

Installation of VMware Management Interface was successful

The configuration of VMware Management Interface completed successfully.

Now I had cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware components running:

hacom:~# netstat -natup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:902 0.0.0.0:* LISTEN 3192/inetd
tcp 0 0 0.0.0.0:8333 0.0.0.0:* LISTEN 1528/httpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1443/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1409/exim4
tcp 0 0 0.0.0.0:8222 0.0.0.0:* LISTEN 1528/httpd
tcp 0 300 192.168.2.18:22 192.168.2.5:1957 ESTABLISHED2580/sshd: richard

hacom:~# ps -ef | grep vm
www-data 1528 1 0 13:52 ? 00:00:02 /usr/lib/vmware-mui/apache/bin/httpd
-DSSL -DSSL_ONLY -DGSX -d /usr/lib/vmware-mui/apache
root 3322 1 0 15:05 pts/0 00:00:00 /usr/bin/vmnet-bridge
-d /var/run/vmnet-bridge-0.pid /dev/vmnet0 eth0
root 3330 1 0 15:05 pts/0 00:00:00 /usr/bin/vmnet-bridge
-d /var/run/vmnet-bridge-2.pid /dev/vmnet2 eth1
root 3334 1 0 15:05 pts/0 00:00:00 /usr/bin/vmnet-bridge
-d /var/run/vmnet-bridge-3.pid /dev/vmnet3 eth2
root 3342 1 0 15:05 ? 00:00:00 /usr/bin/vmnet-natd
-d /var/run/vmnet-natd-8.pid -m /var/run/vmnet-natd-8.mac
-c /etc/vmware/vmnet8/nat/nat.conf
root 3348 1 1 15:05 ? 00:00:02 /usr/sbin/vmware-serverd -s -d
root 3413 1 0 15:05 pts/0 00:00:00 /usr/bin/vmnet-netifup
-d /var/run/vmnet-netifup-vmnet1.pid /dev/vmnet1 vmnet1
root 3421 1 0 15:05 pts/0 00:00:00 /usr/bin/vmnet-netifup
-d /var/run/vmnet-netifup-vmnet8.pid /dev/vmnet8 vmnet8
root 3437 1 0 15:05 ? 00:00:00 /usr/bin/vmnet-dhcpd
-cf /etc/vmware/vmnet1/dhcpd/dhcpd.conf -lf /etc/vmware/vmnet1/dhcpd/dhcpd.leases
-pf /var/run/vmnet-dhcpd-vmnet1.pid vmnet1
root 3439 1 0 15:05 ? 00:00:00 /usr/bin/vmnet-dhcpd
-cf /etc/vmware/vmnet8/dhcpd/dhcpd.conf -lf /etc/vmware/vmnet8/dhcpd/dhcpd.leases
-pf /var/run/vmnet-dhcpd-vmnet8.pid vmnet8

When I tried to start a VM, however, I saw cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following in /var/log/vmware/vmware-serverd.log:

Mar 21 12:14:37: app| Attempting to launch vmx : /vmware/sguil0-6-0p1_freebsd6-0_1024mb/FreeBSD.vmx
Mar 21 12:14:38: app| New connection on socket server-vmxvmdb from host
localhost (ip address: local) , user: root
Mar 21 12:14:38: app| Connection from : /vmware/sguil0-6-0p1_freebsd6-0_1024mb/FreeBSD.vmx
Mar 21 12:14:38: app| Setting up autoDetect info.
Mar 21 12:14:38: app| VMServerdConnect: connecting to /vmware/sguil0-6-0p1_freebsd6-0_1024mb/FreeBSD.vmx
Mar 21 12:14:38: app| VMControl: Unexpected response from vmware-authd
(Error connecting to /usr/lib/vmware/bin/vmware-vmx process.)
Mar 21 12:14:38: app| vmserverd: Could not connect to virtual machine
/vmware/sguil0-6-0p1_freebsd6-0_1024mb/FreeBSD.vmx:
Unexpected response from vmware-authd:
Error connecting to /usr/lib/vmware/bin/vmware-vmx process.
Mar 21 12:14:38: app| Failed to connect to vm:
/vmware/sguil0-6-0p1_freebsd6-0_1024mb/FreeBSD.vmx
Mar 21 12:14:38: app| VmsdCmd Command error: Operation failed to change
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 expected power state

Oh for Pete's sake. What could be wrong?

I looked closer at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 logs and saw this:

Mar 21 12:07:45: app| HOSTINFO: Unknown CPU vendor "CentaurHauls" seen.
Mar 21 12:07:45: app| Failed to get information about CPUs.

In dmesg output I saw something similar:

/dev/vmmon[3301]: VMMON CPUID: Unrecognized CPU

This gave me enough for a better search in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMware forums, where I found this post. Basically, VMware Server does not run on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Nehemiah CPU in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Hacom.

Here's my /proc/cpuinfo:

hacom:/var/log/vmware# cat /proc/cpuinfo
processor : 0
vendor_id : CentaurHauls
cpu family : 6
model : 9
model name : VIA Nehemiah
stepping : 8
cpu MHz : 1002.300
cache size : 64 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr sep mtrr pge cmov pat mmx fxsr sse xstore
bogomips : 1998.84

At this point my project is stalled. I don't see a workaround. Maybe cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 final version will run on this box.

Monday, March 20, 2006

Bejtlich/Bianco ShmooCon Video Online

If you didn't want to buy cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ShmooCon DVD of my Sguil talk from ShmooCon 2006, you can now download cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 video in .mp4 format. It's about 84 MB, and when I grabbed it cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 download was fairly quick.

Flyer for Only Public NSO Class in 2006 Posted

I've posted cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 flyer and registration form (.pdf) for my only public Network Security Operations class in 2006. It will takes place 13-16 June 2006 in Fairfax, Virginia.

If you refresh your browser or clear you're cache you'll notice cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new banner for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 top of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 blog. All you RSS and Atom readers are missing out!

For more details, please see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 flyer and this blog post. There's only 20 seats. 2 are filled by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 agency hosting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 rest are filling. Please contact me soon, especially if you want to save money on registration! Thank you.

Sunday, March 19, 2006

Review of Silence on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Wire Posted

Amazon.com just posted my four star review of Silence on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Wire by Michal Zalewski. I liked this book, although reading it was not as pleasant as I expected. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:

I received Silence on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Wire (SOTW) almost one year ago. When I first tried reading cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book, I couldn't get past Ch 1. In fact, I didn't try reading anything for three months, hoping I could re-engage SOTW. Eventually I put SOTW aside and read ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r books, only to return to SOTW this week. I'm glad I gave SOTW a second chance. There's plenty to like in this book if you look for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 details that interest you.

Friday, March 17, 2006

Review of Perfect Passwords Posted

Amazon.com just posted my four star review of Perfect Passwords. This brings my dozen-Syngress-book reading drive to an end. Note that I read cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first several books on flights over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Atlantic or waiting in airports. That gave me a jump on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reviews. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:

I never thought I would find a whole book about passwords to be interesting, but I really like Mark Burnett's Perfect Passwords. This short book (134 pages without cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 appendices, which can be ignored) is remarkably informative. I recommend anyone developing password policies or security awareness training reading Perfect Passwords.

Four Pre-Reviews

My friends at Pearson sent me four new books from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir various imprints. The first is Penetration Testing and Network Defense by Andrew Whitaker and Daniel Newman. This book has received high marks at Amazon.com and it seems more coherent than a similar book I just reviewed. This is my first Cisco Press security book. The last Cisco Press book I reviewed was Cisco Router Firewall Security.

Next is VPNs Illustrated: Tunnels, VPNs,, and IPsec by Jon C. Snader. This book is unique in that it looks and communicates like Richard Stevens' TCP/IP Illustrated, Volume 1: The Protocols. I wanted to read this book after seeing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 diagrams, code snippets, and Tcpdump traces. I've also never found a really satisfying analysis of IPsec, which is covered by this book. The Amazon.com reviews are mixed, but I am hopeful.

The next book is High-Assurance Design: Architecting Secure and Reliable Enterprise Applications by Clifford J. Berg. This is a book of design principles and patterns to build high-assurance applications. I like books on security engineering, and I plan to read this book in concert with Security Patterns: Integrating Security and Systems Engineering.

Last but definitely not least is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new edition of Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2nd Ed by Ed Skoudis with Tom Liston. I loved cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first edition of this book, which was on my list of favorite 10 books from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 past 10 years. This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 perfect book for anyone starting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 information security career, because it covers all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 significant technical issues which a security operator should know.

Thinking about Ed's book made me consider cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following point. To cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 degree that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CISSP has any value at all, it should be a management-oriented certification focusing on broad security cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365mes. As I wrote previously, I believe cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CISSP should be based on NIST SP 800-27, Rev. A (.pdf), Engineering Principles for Information Technology Security (A Baseline for Achieving Security).

If someone wanted to build a real technical information security certification, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y should base it on Counter Hack.

On a related note, someone asked me recently if my first book was "CISSP compliant". After calming myself, I replied that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CISSP should be compliant with best practices -- best practices should not "comply" with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CISSP. That sort of question raised problems with teaching and learning "for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 test," instead of teaching and learning cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best material. I am not opposed to teaching and learning for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 test if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 test is sound. Unfortunately, as I've written before, I think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CISSP test is utterly worthless.

Thursday, March 16, 2006

Microsoft is Getting It

I learned through Slashdot that Microsoft held its third Blue Hat Security Briefings. They also have a Blue Hat Blog. Reading this article, and considering that this is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 third Blue Hat, it sounds to me like Microsoft is taking security seriously. It's been over over four years since Bill Gates issued his famous security memo. What's happened since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n?


With Blue Hat, Microsoft is listening to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 top public security researchers who are breaking Windows. Halvar Flake at Black Hat Federal 2006 says it is getting tougher to find vulnerabilities in Windows. I reported that a talk I saw on Vista at RSA 2006 impressed me. The company is incorporating good security practices like least privilege and privilege separation, already found in Unix OS' and tools. Microsoft is publishing books like Writing Secure Code, 2nd Ed, Hunting Security Bugs, and The Security Development Lifecycle. The company has a group which has cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 power to stop shipment of software due to security concerns, and it has exercised that power already.

All of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se factors are going to make a difference when Vista is released. I plan to buy a new laptop running Vista (and dual-booting FreeBSD) when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new OS is available. I am optimistic, but we'll have to see what sorts of security advisories Microsoft releases once Vista ships.

I believe that threats are going to shift cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir attention to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 infrastructure surrounding Microsoft. We've already seen that with attacks on applications. The next target will be network infrastructure, especially so-called embedded devices and appliances. These products suffer cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sorts of vulnerabilities seen in Microsoft products of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 past. I saw Barnaby Jack's latest presentation and his compromise of an embedded consumer grade router scared cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 heck out of me.

Stay tuned.

Review of Penetration Tester's Open Source Toolkit Posted

Amazon.com just published my three star review of Penetration Tester's Open Source Toolkit. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:

I am not sure why Penetration Tester's Open Source Toolkit (PTOST) was published. If you have no ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r security assessment books, you may find PTOST helpful. Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise, I don't believe this book offers enough value to justify purchasing it. Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r books -- some published by Syngress -- cover some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same ideas, and 5 of PTOST's chapters are published in ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r books anyway.

Marty Roesch Speaking Tour

I just signed up to see Marty Roesch from Sourcefire speak on Wednesday 29 March 2006 in Washington, DC. The topic is Redefining Federal Network Security - Protecting Against Threats, from All Vectors, at All Times. That sounds ambitious. Marty might be coming to a city near you -- check cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 calendar and register. If you're going to attend cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 DC event, say hello -- I'll be wearing a TaoSecurity polo.

Argus 3.0 Will Be Released Soon

I found a sign of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Apocalypse will reading cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Argus mailing list. Long-time Blog readers should know that Argus is a stand-alone NSM session data program that I profiled in Tao. The relevant message by Argus developer Carter Bullard is here. In brief, Carter will be releasing a beta of Argus 3.0 "in 2-3 weeks".

This is an incredible development. The last publicly posted Argus version is available at ftp://ftp.qosient.com/dev/argus-2.0/. The server and client programs are argus-2.0.6.fixes.1 and argus-clients-2.0.6.fixes.1, respectively. These files are almost two years old, and Argus mailing list users recommend adding patches that are only available on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mailing list!

For cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sake of proper version management alone, I can't wait to see Argus 3.0 released. Carter reports that Argus 3.0 "adds IPv6 support, better encapsulation parsing, 64-bit support, Cygwin support and 64 bit counters, as well as a hundred thousand little nits and small changes that will probably drive everyone crazy." Unfortunately, Argus 3.0 "has cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same SASL problems as argus-2.0." (I'm not familiar with this issue.)

When I get to try Argus 3.0 BETA, I will report my findings.

Wednesday, March 15, 2006

Review of Nessus, Snort, and Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real Power Tools Posted

Amazon.com just posted my four star review of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fourth book in Jay Beale's Open Source Security Series, Nessus, Snort, and Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real Power Tools. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:

I've read and reviewed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 three previous books in Jay Beale's Open Source Security Series -- Snort 2.1, Nessus Network Auditing, and Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real Packet Sniffing. I liked all three of those books, and I'm glad to say that this fourth book -- Nessus, Snort, and Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real Power Tools (NSAEPT), is a worthy continuation of Jay's series. NSAEPT is a unique resource for anyone who wants to extend Nessus, Snort, and Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real. The book could save programmers hours of work, and it should be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first step for those looking to contribute to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 development of all three projects.

Update: Andrew Williams from Syngress provided this feedback concerning cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problems with FI and FL characters being mangled. Those who register can download a PDF of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book.

This PDF fixes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 code problems you referenced. Readers can register and download cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 completed, fixed PDF from our Web site at www.syngress.com/solutions.

I'm hoping as many readers as possible take advantage of this. It was incredibly frustrating for us to have this problem introduced during pre-press.

Review of Securing IM and P2P Applications for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Enterprise Posted

Amazon.com just posted my four star review of Securing IM and P2P Applications for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Enterprise. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:

I had high hopes for Securing IM and P2P Applications for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Enterprise (SIAPAFTE), and thankfully this book delivers. SIAPAFTE is a modern, well-written, thorough guide to instant messaging (IM), peer-to-peer (P2P), and Internet Relay Chat (IRC) networks and related security issues. I recommend all network and security administrators read this book.

Monday, March 13, 2006

Review of Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools Posted

Amazon.com just posted my four star review of Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:

I read Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools (SOICUCAOST) to learn more about compliance issues. I am a security engineer who thankfully has not had to suffer through a SOX audit. I am glad I read SOICUCAOST, however. The book is clear, well-written, and makes innovative use of a live CD. While cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book is not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 answer to SOX compliance (no book is), small-to-medium-sized businesses will find SOICUCAOST a valuable guide.

Bejtlich Teaching NSM at USENIX 2006 in Boston

If you'd like to see me teach material related to my first book, please register for USENIX 2006 (cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Annual Technical Conference). I'll be presenting Network Security Monitoring with Open Source Tools all day on Friday, 2 June 2006 in Boston, MA.

I'll probably fly in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 previous day, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n attend Gerald Carter's half-day presentation Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Art of Debugging Networks. I may stay for Dan Geer's class on Saturday -- Measuring Security.

Seats are filling for my only public Network Security Operations class in Fairfax, VA, 13-16 June 2006. Contact me via email (richard at taosecurity dot com) before 1 April to get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best rate!

Review of Security Log Management Posted

Amazon.com just posted my three star review of Security Log Management. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:

When I received a review copy of Security Log Management (SLM) last month, I was eager to read it. I saw two very powerful but seldom discussed tools -- Argus and Bro -- mentioned in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 table of contents. This indicated some original thinking, which I appreciate. Unfortunately, SLM did not live up to my expectations. When you strip out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pages of scripts and code and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 three reprinted chapters, you're left with a series of examples of output from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 author's deployment of several tools. Aside from a few examples mentioned in this review, I don't think readers will learn much from SLM.

Sunday, March 12, 2006

Two Pre-Reviews

Two new books arrived at TaoSecurity last week. The first is Software Security: Building Security In by Gary McGraw. This book is available alone or in a boxed set with Exploiting Software and Building Secure Software. I've read cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second book, so I may try to read Software Security right away. The new book is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 third in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Addison-Wesley Software Security Series.

At RSA in February Gary told me he wanted Building Secure Software to begin that series, but instead it ended up in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Addison-Wesley Professional Computing Series. The ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r book in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Software Security Series is Rootkits, a book I'm waiting to read. I'd like a little more programming knowledge before trying that one. The second book added to my reading queue is Anti-Hacker Toolkit, 3rd Ed. I reviewed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2nd Ed in June 2004 and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1st Ed in August 2002. I sat down with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2nd and 3rd editions and did a cursory examination of changes. The major difference is a new chapter, 26, on reverse engineering binaries. Aside from that, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 3rd Ed is structurally identical to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2nd Ed. A few tools have been added and some have been deleted. Co-authors Chris Davis, Aaron Philipp, and David Cowen have stepped in to help lead author Mike Shema, although material from original authors Keith Jones and Brad Johnson is still present. (Mike Shema is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 third original author, meaning he, Keith, and Brad wrote cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1st Ed.)

I have a feeling that my recommendation for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 3rd Ed will be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same as for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2nd Ed -- if you don't have a copy, get one. Security pros should know how to use most if not all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tools in Anti-Hacker Toolkit. Employers -- asking about tools in this book is a great way to start a dialogue with candidate employees. If you have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2nd or even cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1st Ed, however, you probably won't be able to financially justify cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 upgrade.

Review of Skype Me! Posted

Amazon.com just posted my five star review of Skype Me!. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:

Skype Me! is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 perfect introduction to Skype for users of all skill levels. It could serve as an example of how to write a product-centric book that delivers real value. The text is well written, clear, and focused. The material becomes progressively complex as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reader moves from learning about Skype, to installing it, to using it, to extending it into areas I hadn't previously considered. Anyone who wants to get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most out of Skype should read Skype Me!

Sound Familiar?

I found cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following quote in this story about problems at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CIA:

"[Y]ou're getting into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem of very junior, inexperienced people, which a lot of veteran CIA people feel now is part of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem. Porter Goss has to double cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 number of operational people in an environment where cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are no mentors. Who's going to train cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se people?"

This reminded me of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problems in information technology. There is far too much infrastructure being operated by far too many inexperienced people who have no mentors.

Review of InfoSec Career Hacking Posted

Amazon.com just posted my two star review of InfoSec Career Hacking. This write-up is for those of you who say I don't write enough negative reviews. I was particularly upset to see 3 of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book's 12 chapters are reprints. This is a disturbing trend. Syngress is using chapters from older books as filler for new titles that can't stand on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir own. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:

InfoSec Career Hacking (ICH) is a confused, directionless book. It's a collection of contributions by various authors, three of which were previously published. The main text never states cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 goal of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 text, so I turned to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 description on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 back cover: "A technical guide to landing (and keeping) a job in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 information security field... If you want to refine those skills to land a top InfoSec job and employer-funded trip to Vegas next year, you've come to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 right place." It sounds like ICH wants to be a sort of employment guide for "hackers," but it ends up as a muddle of some useful original material and recycled chapters from older Syngress titles.