Eclectic Security

Few days ago the OISF development team has announced the Suricata 1.0.4 release, a large number of (potential) issues have been fixed along with the update of LibHTP to version 0.2.6.

Fixes

- LibHTP updated to 0.2.6
- Large number of (potential) issues fixed after a source code scan with Coverity generously contributed by RedHat.
- Large number of (potential) issues fixed after source code scans with the Clang static analyzer.

In this post, I’m gonna explain how to upgrade  Suricata to version 1.0.4 on Smooth-Sec, you can choose to compile Suricata by your own, or to pull the precompiled debian package from my Gitorius repository.

1) Download and install Suricata (Easy way)

#/etc/init.d/suricata stop
#cd /root/
Make a backup of the existing configuration.
#cp -a /etc/suricata /etc/suricata-1.1beta2
#git clone git://gitorious.org/smooth-sec/suricata_104.git
#cd suricata_104/
#cp suricata.yaml /etc/suricata
#dpkg -i suricata_1.0.4-1_i386.deb

Check the the CurrentVersion

#suricata -V
[8360] 26/6/2011 -- 15:04:20 - (suricata.c:429)  (main) -- This is Suricata version 1.0.4 (rev )

This is Suricata version 1.0.4 (rev )

start suricata

#/etc/init.d/suricata start &

or better reboot the machine.

#reboot

2) Compile Suricata (Complicated way).

#wget http://www.openinfosecfoundation.org/download/suricata-1.0.4.tar.gz
#tar xvfz suricata-1.0.4.tar.gz
#cd suricata-1.0.4/
#./configure --enable-nfqueue

Suricata Configuration:
  NFQueue support:          yes
  IPFW support:             no
  PF_RING support:          no
  Prelude support:          no
  Unit tests enabled:       no
  Debug output enabled:     no
  Debug validation enabled: no
  CUDA enabled:             no
  DAG enabled:              no
  Profiling enabled:        no
  GCC Protect enabled:      no
  GCC march native enabled: yes
  GCC Profile enabled:      no
  Unified native time:      no
  Non-bundled htp:          no

#make
#checkinstall
#cp -a /etc/suricata /etc/suricata-1.1beta2
#cp cp suricata.yaml /etc/suricata
Please edit the /etc/suricata/suricata.yaml according with your own environmet.
#dpkg -i suricata_1.0.4-1_i386.deb

Start suricata
#/etc/init.d/suricata start &
or better, reboot the machine.
#reboot

On Wednesday, me and my wife we climbed to Medvednica mountain to attend the longest lunar eclipse in more than a decade. After a short ride we reach what we thought was the perfect spot to see the eclipse, several other folks had the same idea and the place was crowded. Luckily the sky was clear and we could see the wonderful spectacle of the full covered “bloody red moon”. After a while I decided to take a few shots of Zagreb city with the mysterious moon on top of it, shooting outside in the  dark  isn’t that easy, after dealing with the correct exposure and focus a few pictures come out good. As soon as we got back home, I decided to send the photo of the “city with the moon” to space.com, they were so kind to publish it on the dedicate Total Lunar Eclipse of June 15, 2011 photo album.

Croatian newspapers covered the publication of my photo on space.com, I was really surprised about and didn’t expect it at all. Looking forward to the next cosmic event.

www.tportal.hr

www.index.hr

www.jutarnji.hr

Recently I’ve been contacted by Packt publishing about to review their new published OpenVPN 2 Cookbook. I was particularly pleased to be chosen by my previous contributions on OpenVPN, this made me feel confident to review  this book. OpenVPN is a Virtual Private Networking (VPN) software. Is one of the best Cross-platform examples in term of deployment variety, usually installed on Unix/Linux as server can inter-operate with many different operating system such Mac OS, Windows and Linux. OpenVPN come handy when you have to deploy VPN solutions in a heterogeneous environment, you will save a lot of headache.

OpenVPN 2 Cookbook is divided into twelve chapters that contains around 100 recipes to deploy and configure your optimal vpn solution, from Point-to-Point, Client-server IP-only and  Two-factor Authentication with hardware token. Covering most of the uses of OpenVPN this book is an invaluable resource for who want to evaluate and develop a VPN solution from a simple home network to a secure and redundant corporate  infrastructure.

I really enjoyed reading this book, because goes straight to the point of building stuff, skipping long and sometime useless introductions.

Table of contents

Chapter 1: Point-to-Point Networks
Chapter 2: Client-server IP-only Networks
Chapter 3: Client-server Ethernet-style Networks
Chapter 4: PKI, Certificates, and OpenSSL
Chapter 5: Two-factor Authentication with PKCS#11
Chapter 6: Scripting and Plugins
Chapter 7: Troubleshooting OpenVPN: Configurations
Chapter 8: Troubleshooting OpenVPN: Routing
Chapter 9: Performance Tuning
Chapter 10: OS Integration
Chapter 11: Advanced Configuration
Chapter 12: New Features of OpenVPN 2.1 and 2.2

Sample chapter “Troubleshooting OpenVPN: Configurations”

For me, it still remain unknown why spontaneous and unpredictable things work better than the ones long time planned, this is why a good pizza and a fresh beer along with great people can make the day. Hopefully this will be the first of many “Eat with awesome People” gatherings, if you want to join us for the next round, stay tuned!

The awesome people, @una3  @mezzapazza @zecg @tmedak @entonyus @kristinalovric @ivanai @marcell

Remember, Nor is it a difficult achievement–even some fish can do it. (Richard Stallman)

Phpvirtualbox is web-based AJAX administration interface that allow more easily to manage and control VirtualBox virtual machines from any web browser. Some features present on Phpvirtualbox are: (Start / Stop VMs, Snapshots: Take Snapshot, Delete Snapshot Restore Snapshot. Import / Export Virtual Machines ). This guide explains how to successfully install Phpvirtualbox and run your VirtualBox instances.

Requirements

Ubuntu server 10.04 LTS 32bit
A physical server with at least 2gb ram installed, if you have more please
install the PAE kernel with:

#apt-get install linux-generic-pae linux-headers-generic-pae

1) Apache installation and configuration

#apt-get install  apache2 libapache2-mod-php5 build-essential htop unzip

#/etc/init.d/apache2 restart

2) Virtual box installation and setup

add the virtualbox repository to /etc/apt/sources.list

#echo 'deb http://download.virtualbox.org/virtualbox/debian lucid contrib non-free' >> /etc/apt/sources.list
#wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo ajapt-key add -
#apt-get update
#apt-get install --no-install-recommends virtualbox-4.0

Download the virtual box extension pack

#wget http://download.virtualbox.org/virtualbox/4.0.8/Oracle_VM_VirtualBox_Extension_Pack-4.0.8-71778.vbox-extpack

Install the box extension pack

#VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-4.0.8-71778.vbox-extpack

Create the user that will run Virtualbox.

#adduser vbox

Add the vbox user to the vboxusers group in the /etc/group file.

vboxusers:x:113:vbox

3) Php interface

#cd /tmp/
#wget http://phpvirtualbox.googlecode.com/files/phpvirtualbox-4.0-6.zip
#unzip phpvirtualbox-4.0-5.zip
#cp -a phpvirtualbox-4.0-6 /var/www/phpvirtualbox
#cd /var/www/phpvirtualbox/
#mv config.php-example config.php
#vim config.php

In the password field please use the vbox user passowrd.

/* Username / Password for system user that runs VirtualBox */
var $username = ‘vbox’;
var $password = ‘vboxpassword’;

4) Automatic start virtualbox at boot time

#cd /etc/init.d

create a file named /etc/init.d/vbox.start and copy the folowinf string

/usr/bin/vboxwebsrv -b

This mean that virtualbox webserver will start at boot time in background mode.

Enable virtualbox to start at boot time:

chmod +x /etc/init.d/vbox.start
update-rc.d vbox.start defaults

Reboot the server and poing the browser to http://serveripaddress/phpvirtualbox/

Log into the phpvirtualbox using admin/admin as credentials, after the first login
plese change the admin password using: File > Change password, on the top left.

Enjoy !!!

If you want to save time you can download the Turnkey preconfigured VirtualBox appliance from http://9while9.com

Roasted salmon.
Quinoa and amaranth with dried tomatoes.
Mixed lettuce with extra virgin olive oil and balsamic vinegar.

Smooth-sec is built on Ubuntu server 10.04 32bit (www.turnkeylinux.org), this mean the system won’t recognize more than 3GB of memory. An available workaround is to install the PAE (Physical Address Extension), this allow PAE capable processors to access physical memory up to 64 GB (36 bits of address bus). In this how-to, I’m going to show how to install a PAE kernel in order to enjoy Suricata and Snorby at full power. . If you have enough RAM please consider the Suricata High Performance Configuration reported here. It will be very appreciated to receive feedback and comments.

For instance we have Smooth-Sec installed with the default 2.6.32-30-generic kernel on a server with 8GB ram, running a  we can see only 3 of 8GB ram installed.

#free -m

total
Mem: 3072

Now we need to determine if our CPU has PAE support,If the command returns nothing, then the CPU does not have PAE support.

#grep pae /proc/cpuinfo
flags : fpu vme de pse tsc msr pae
flags : fpu vme de pse tsc msr pae

Installing the linux PAE kernel:

#apt-get update

#apt-get install linux-generic-pae linux-headers-generic-pae

and reboot

Check if the correct kernel is loaded.

#uname -a must return 2.6.32-32-generic-pae

Check if the correct amount of RAM is recognised by the system.

#free -m
total
Mem: 8192

Photo by http://www.flickr.com/photos/jepoirrier/