My lunch box 4
Today was delicious !!! Thank you Ivana.
Veal escalopes.
Quinoa with leeks.
Chickpea salad with eggs and spring onions.
Credits: Ivana
Scridb filterArchive > March 2011
Smooth-Sec 1.1 the first bug.
Few days ago a Smooth-Sec user have reported a problem running suricata with a pre-SSE3 Xeon processor. The error was an “illegal instruction” caused by some CPU architecture issue. With the help of Victor Julien we managed to fix the bug adding the “–disable-gccmarch-native” flag in the configure option. If you encounter this problem, please follow the the instructions reported below.
#cd /root/packages/suricata-1.1beta1/ #make clean #./configure --disable-gccmarch-native #make #checkinstall to install the new created suricata package run, #dpkg -i suricata_1.1beta1-1_i386.deb start suricata #/etc/init.d/suricata start
Thanks everyone to support Suricata and Smooth-Sec.
Scridb filtermy lunch box 3
Scada, What’s Next.
A few words about scada.
SCADA stands for supervisory control and data acquisition. It generally refers to industrial control systems: computer systems that monitor and control industrial, infrastructure, or facility-based processes, as described below:
http://en.wikipedia.org/wiki/SCADA
SCADA vulnerabilities made again headlines last week, the security researcher Luigi Auriemma posted the results of 35 exploits afecting SCADA systems made by Siemens, Iconics, 7-Technologies and DATAC. After the disclosure, Digital Bond and emergingthreatspro published a set of IDS signatures to be used with Snort and Suricata, along with thee signatures there’s also a set of PCAP files to test and trigger the Quickdraw Signatures. In the next few days I’m going to test this signatures using Smooth-Sec, I hope to give some good results and publish some interesting feedback. If anyone is interested in advanced SCADA security, I advise to take a look to the scada-honeynet.
Photo by: http://www.flickr.com/photos/kafreddy/
Scridb filter
my lunchbox 2
Strozzapreti (“priest choker“) with pesto.
Rocket lettuce with goat cheese.
Prickly lettuce with balsamico di modena.
Cherry tomatoes.
Tangerine.
Thanks to my lovely wife Ivana, to taking care of me.
Scridb filter
Top network security monitoring linux distributions.
Insta-snorby
The appliance is designed for users who want to test Snorby (a new Snort IDS front-end) or need a quick and dirty snort sensor installed.
It comes with the following:
* Snort 2.9.0.3 – The latest version of the popular Intrusion Detection System
* Barnyard 2.19 – An application that deciphers Snort unified2 logs and puts them into the snorby database
* Snorby 2.2.1 – The IDS front-end
* OpenFPC – Full packet capture monitoring
* Pulled Pork 0.5 – IDS rule update management
The installation process will walk you through setting up the MySQL server and ask you to put in your “Oinkcode” which will automatically download the latest VRT rules (the sigs that power the IDS) from SourceFire. Emerging Threat rules (another popular rules distro) are already downloaded and enabled.
Smooth-Sec
Smooth-Sec is a ready to-go IDS/IPS (Intrusion Detection/Prevention System) linux distribution based on the multi threaded Suricata IDS/IPS engine and Snorby, the top notch web application for network security monitoring. Smooth-Sec is built on Ubuntu 10.04 LTS using the TurnKey Core base as development platform. Functionality is the key point that allow to deploy a complete IDS/IPS System up and running out of the box within a few minutes, even for security beginners with minimal Linux experience.
http://bailey.st/blog/smooth-sec/
Siem-live
SIEM-live is a ready to go SIEM (Security Information and Event Management) system based on Open Source tools, and Debian-live. To collect events it is using Suricata IDS/IPS, syslog as a central collector, OpenVAS to scan for vulnerabilities, and many others. Alerts and events will be stored in the Open Source SIEM Prelude, analyzed and correlated. Results will be accessible using the web interface (Prewikka).
SIEM-live is a bootable live-CD, which provides a fully functional system without any configuration required. It can also use persistence, or may be installed on a hard disk / USB key.
It aims at providing an easy way to deploy and test a SIEM, and be able to quickly see what is happening on a network and concentrate on trying to detect high-level patterns with correlation. It will also contain visualization and reporting tools in a nearby future.
https://www.wzdftpd.net/redmine/projects/siem-live
Security Onion LiveDVD
The Security Onion LiveDVD is a bootable DVD that contains software used for installing, configuring, and testing Intrusion Detection Systems. It is based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, Xplico, nmap, metasploit, Armitage, scapy, hping, netcat, tcpreplay, and many other security tools
http://securityonion.blogspot.com/
Network Security Toolkit
The Network Security Toolkit (NST) is a Linux-based Live CD that provides a set of open source computer security and networking tools to perform routine security and networking diagnostic and monitoring tasks. The distribution can be used as a network security analysis, validation and monitoring tool on servers hosting virtual machines. Other features include visualization of ntop, wireshark, traceroute and kismet data by geolocating the host addresses, IPv4 Address conversation, traceroute data and wireless access points and displaying them via Google Earth or a Mercator World Map bit image, a browser-based packet capture and protocol analysis system capable of monitoring up to four network interfaces using Wireshark, as well as a Snort-based intrusion detection system with a “collector” backend that stores incidents in a MySQL database.
http://www.networksecuritytoolkit.org
EasyIds
EasyIDS is an open source IDS (Intrusion Detection System) distribution based upon Snort. Built on CentOS and administered from a web based management interface, EasyIDS takes the pain and frustration out of deploying an intrusion detection system.
Designed for the network security beginner with minimal Linux experience, EasyIDS can convert almost any industry standard x86 computer into fully-functioning intrusion detection system in as little as 15 minutes. EasyIDS lowers deployment and maintenance costs for network security without compromising functionality or performance.
Scridb filtermy lunchbox 1
Spring has arrived even in my lunch box. Want to join me ?
Quiche with spinach, goat cheese and quinoa.
Roasted radicchio di treviso with aceto balsamico di modena.
Chickpeas salad with squids and spring onion.
Dried fruit and almonds.
Everything was delicious, love you Ivana.
Scridb filter
Digital Forensic linux distributions list
Digital forensics is a very special field, were evidences must be collected in a non-destructive way without modifying the media. Data analysis require reliable tools in order to investigate crimes and computer intrusions. Linux provide a broad repository of digital forensics tools to perform data analysis of text documents, images, videos, and digital devices such mobile and smart phones. In this post I’m going to show a list of Digital Forensics and incident response Linux distribution, if I’ve missed something please let me know.
SANS SIFT Workstation 2.0
Faculty Fellow Rob Lee created the SANS Investigative Forensic Toolkit(SIFT) Workstation featured in the Computer Forensic Investigations and Incident Response course (FOR 508) in order to show that advanced investigations and investigating hackers can be accomplished using freely available open-source tools. The SANS SIFT Workstation is a VMware Appliance that is pre-configured with all the necessary tools to perform a detailed digital forensic examination. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The brand new version has been completely rebuilt on an Ubuntu base with many additional tools and capabilities that can match any modern forensic tool suite.
http://computer-forensics.sans.org/community/downloads
C.A.IN.E. Computer Aided Investigative Environment
CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics
Currently the project manager is Nanni Bassetti. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.
The main design objectives that CAINE aims to guarantee are the following:
* an interoperable environment that supports the digital investigator during the four phases of the digital investigation
* a user friendly graphical interface
* a semi-automated compilation of the final report
DEFT Linux
DEFT 6 is based on Lubuntu with Kernel 2.6.35 (Linux side) and DEFT Extra 3.0 (Windows side) with the best freeware Computer Forensic tools; it is a new concept of Computer Forensic live system, ewflib ready, that use WINE for run Windows Computer Forensics tools under Linux.
SMART Linux
SMART Linux is a live CD distribution of Linux, customized and designed for Data Forensics, Electronic Discovery and Incident Response. Every aspect of SMART Linux has been optimized and configured for producing a clean, non-invasive, forensically sound operating system environment.
Forensic Hard Copy.
FHC is a Linux distribution developed only for digital aquisition of evidences on storage devices. Is commonly used from the Italian Cyber Police in order to speed and maintaining the data integrity.
REMnux Linux Distribution for Reverse-Engineering Malware
REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser.
