Posts Tagged open source
Logging/monitoring/handling Multiple Interactive Shells
Posted by Mourad Ben Lakhoua in Open-Source on June 22, 2010
GNU Screen is one of the favored tools for system administrators and Unix-based users. It is very popular and many articles have been published about it in the most reputable magazines and journals.
Now what makes this tool powerful? Why do so many users prefer it while so few people even know about it?
Nowadays, at different data centers, there is a large number of servers and applications that carry out different business requirements.
Imagine that you have a dozen of remote machines, and that you need to connect to them on a daily bases over SSH client to perform different tasks (checking logs, processes or evaluating the performance).
GNU Screen works perfectly for these situations because it is a terminal multiplexer. You can use it to run any number of console based applications, curser-based applications, text editors etc…
All you need to do is to connect to the remote machine and run command screen, click < Ctrl+AC>, to create a new window, run it, click top… etc. At any time you can click < Ctrl+AP> to return to a previously opened window. All within a Secure Shell connection SSH.
The real power for GNU Screen is in the supporting the sessions. At any time you can click < Ctrl+AD>, to disconnect from Screen and restart it with ‘r’ to resume an interrupted session with all the windows open, and not an altered state of applications.
All sessions will remain on the server, so it does not matter from which machine it will be restarted. You start the session at work, then go home to continue what you have started at the office this helps to make your work flexible.
OpenBSD starting from version 4.6 integrates Screen in the operating system which is named tmux. tmux major features include:
* A powerful, consistent, well-documented and easily scriptable command interface.
* A window may be split horizontally and vertically into panes.
* Panes can be freely moved and resized, or arranged into one of four preset layouts.
* Support for UTF-8 and 256-colour terminals.
* Copy and paste with multiple buffers.
* Interactive menus to select windows, sessions or clients.
* Change the current window by searching for text in the target.
* Terminal locking, manually or after a timeout.
* A clean, easily extended, BSD-licensed codebase, under active development.
Despite belonging to OpenBSD, tmux is able to work on a set of UNIX-based systems, including FreeBSD, NetBSD, Linux, Mac OS X, Solaris and AIX. Binary packages already available in the repositories of Debian Sid and Ubuntu Karmic, and the source can be obtained from the official website: tmux.sourceforge.net.
After running tmux, you will immediately notice the difference from Screen. First, the status bar is enabled by default, and includes almost all the information that should be added manually on screen. Secondly, there is a difference in the keyboard shortcut < Ca> will be < Cb>. But the other keyboard shortcuts are the same on Screen.
Using GNU Screen and tmux will greatly simplify all administration tasks. Not only allows running different terminal but creates a whole environment for managing the infrastructure.
make sure you subscribe to my RSS feed!
Open-Source Risk Monitoring Platform
Posted by Mourad Ben Lakhoua in Network security, Vulnerabilities & attacks on April 26, 2010
Ensuring security in modern computer networks with a large number of hosts and devices requires a great effort, and keeping track of all events and logs becoming more and more difficult. It is important to have a vulnerability management system to allow you maintain control over your network and solve any related problems.
Generally, network security is based on standard kit we have a Firewall, AV solution, Intrusion detection system, vulnerability scanner such as Nessus or OpenVAS, and we can also add network scanner like Nmap.
Each program serves perfectly to protect the network, as they analyze and compare different data collected or provide information about different intrusions. The result that you will find a mountain of reports created by many utilities, which takes a long time to read and find what you are looking for.
Another important point that you have to monitor operating system and applications vulnerabilities to have the protection measures against different network attacks, and to record what update has been installed and which updates are on your schedule.
This can be accomplished by subscribing to different mailing lists and RSS feeds like Security Focus, the OSVDB database (Open Source Vulnerability DataBase) and Security-Database.
These are not the only sources you can also install HackerStorm OSVDB utility which includes a bunch of news and alerts feeds conveniently located in one place to help with vulnerability research and to help stay up to date.
On the market there is a long list with expensive solutions to grant an administrator a view of all the security-related aspects of their system, like Microsoft Security Response Center (MSRC), IBM Internet Security Systems, Lumension Vulnerability Management (PatchLink), QualysGuard, Symantec Control Compliance Suite (SCCS) but we will focus on the Open Source Security Information Management (OSSIM).
OSSIM stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools which, when working together, grant network/security administrators with a detailed view over each and every aspect of his or her networks, hosts, physical access devices, server, etc.
Currently you can integrate in OSSIM : Arpwatch, P0f, pads, Nessus / OpenVAS, Ntop, Snort, tcptrack, tcpdump, Nmap, Spade, Nagios, Osiris, OCSInventory-NG, OSSEC, RRDTool (additionally it is possible to analyze the data collected preludeIDS, NTsyslog, Snare, Cisco Secure IDS).
Data can be delivered over different ways: syslog, plain log, SNMP, OPSEC, socket… and administrator can have information about any event generated at the infrastructure.
Usually OSSIM consists of:
• Server – to make the correlation engine management, risk assessment and events priority.
• Daemon control framework, running on the server and connecting different network parts together;
• Database – provides information entry in a database and correlate data.
• Agents to integrate and provide into the database collected information from different sensors: Snort, Pads, Ntop, Tcptrack, p0f, Arpwatch, Nessus, etc.
• Web-based management console – management of the entire system, data analyzing and delivery, risk assessment (Apache, PHP, Phpgacl, Rrdtool, Mrtg, ACID, Nessus, Nmap, Ntop, FPDF, etc.)
All these components can be installed on a separate system, and the information are transferred only in encrypted form (using SSL).
At OSSIM Dashboard, there are three levels of access depending of the role of user: Network administrator, systems engineer and security specialist (CSO, Chief Security Officer).
After configuring and registering some users for the solution, you can find on the panel all that you need to manage all activities and threats: Dashboard, Incidents, Events (anomalies, events), Monitors (monitor networks and systems), Reports (reports on the sites, equipment, software, networks) Policy (policy setting and action, launching a program or send e-mail), Correlation, Configuration, Tools (backups, links for downloading clients, network scanner).
You can start by scanning the network by going to Tools – Netscan, and then all system info will be displayed under Policy -> Policy -> Host. To install agent remotely you can go to Tools -> Downloads, and it is important to note that there is a help option with screen shots to make the settings easier to understand.
After OSSIM we can add SIGVI , which is an Open Source application (license GNU GPL), designed to detect, prevent and manage threats. The way that SIGVI works is by downloading new vulnerability warning using standard CVE, CPE, and CVSS Protocol SCAP and according to The Common Vulnerability Scoring System (CVSS) it will add information on each vulnerability by Access Vector (AV), Access Complexity (AC), Authentication (Au), Confidentiality Impact, Integrity Impact and other conditions so Administrator will be able to know what to patch as a priority.
make sure you subscribe to my RSS feed!
Open-source All in one Security Solutions (Part 2)
Posted by Mourad Ben Lakhoua in Network security, Software Security on April 10, 2010
These days there are a great variety of security software designed to organize and manage global networks. Protecting internal resources from external threats, monitoring the network and blocking certain suspicious services is as a priority for any IT security professional.
One available solution is Smothwall.
Smothwall is a free, open source, customized distribution that includes a firewall, port forwarding features, VPN support, Web/DNS/POP3/SIP proxy, IM-proxy (MSN / AIM / ICQ / Yahoo) with pre-filters and traffic monitoring (based on IMSpector), and DHCP- server, NTP, QOS support. This is in addition to antivirus traffic scanning using Clamav.
After installing Smothwall you can configure it using the web page by accessing http://ip-address:81/ or https://ip-address:441/ where you will find the Control, About, Services, Networking, VPN, Logs, Tools, Maintenance, and you can adjust the settings as you wish.
By default the IDS is not activated unless you choose the option under the services to enable it. By using the Ajax admin, you can see the changes in real-time, and you can upgrade the distribution by clicking on the Maintenance and Update option
IPCop is another open-source security solution that has been focusing on SOHO users (Small Office, Home Office),and the includes everything you need to do packet filtering, IDS / IPS, Web and DNS proxy, DHCP Server / Client, Openswan, OpenVPN, and NTP-server.
The current version is IPCop Firewall 1.4.20 and available for download here.
The last solution in this series is Vyatta. Vyatta is Linux-based open source software providing routing, firewalling, VPN, intrusion prevention, anti-virus, and WAN load balancing services. The developer has managed to integrate in the Debian operating system the freely distributed routing platform XORP (eXtensible Open Router Platform) which is developed by ICSI (International Computer Science Institute) Berkeley.
Vyatta gives users a getway with IDS / IPS (Snort) functions, a caching proxy and filter URL (Squid & SquidGuard), network policies (Network Access Policies), OpenVPN, DNS Forwarding. And what makes it exclusive from all previous solutions is that you can perform configuration using Cisco commands.
As you can see there is a lot of network traffic controller solutions, if you want to work with Cisco commands you can use Vyatta, but for the linux distribution you have to untangle and Endain. for quick and easy usage , you can try IPcop and Smothwall.
make sure you subscribe to my RSS feed!
‘Critical’ Linux kernel bugs discovered
Posted by Mourad Ben Lakhoua in News, Operating System, Vulnerabilities on August 14, 2009
A critical update has been released for the open source operating system Linux. Researchers have discovered a new vulnerability in the kernel that makes all recent versions in the last eight years affected (2.4 and 2.6 kernels).
Julien Tinnes writes on his blog that:
The issue lies in how Linux deals with unavailable operations for some protocols. sock_sendpage and others don’t check for NULL pointers before dereferencing operations in the ops structure. Instead the kernel relies on correct initialization of those proto_ops structures with stubs (such as sock_no_sendpage) instead of NULL pointers.
At first sight, the code in af_ipx.c looks correct and seems to initialize .sendpage properly. However, due to a bug in the SOCKOPS_WRAP macro, sock_sendpage will not be initialized. This code is very fragile and there are many other protocols where proto_ops are not correctly initialized at all (vulnerable even without the bug in SOCKOPS_WRAP), see bluetooth for instance.
In less than one month this is the second time that a serious vulnerability has been found in Linux kernel. Recently in mid of July Brad Spengler of the grsecurity company have posted an exploit related to a bug in the kernel version 2.6.30 and 2.6.30.1 which can leads to fully compromise the box.
So here you can find more details about this vulnerability, while patching information available over here.
make sure you subscribe to my RSS feed!
Q&A: Jordan's Internet minister on piracy, open source, outsourcing
Posted by Mourad Ben Lakhoua in Q&A on May 5, 2009
CNET News recently met with His Excellency Eng. Bassem Al Rousan, minister of information and communications technology of Jordan, in his offices in Amman, to talk about outsourcing, DVD piracy, Internet taxes, open source, and other topics.
Very interesting conversation you can find it here
OpenBSD 4.5 is out!
Posted by Mourad Ben Lakhoua in Operating System on May 5, 2009
The new version of OpenBSD 4.5 has been released just in time at the traditional day as we used to 1st May.
The OpenBSD 4.5 includes new version of OpenSSH – 5.2 and two new tools ypldap-YP-server for Ldap and xcompmgr for xenocara and among the software packages you can find (GNOME 2.24.3, GNUstep 1.18.0, KDE 3.5.10, Xfce 4.4.3, Firefox 3.0.6, Thunderbird 2.0.0.19, MySQL 5.0.77, PostgreSQL 8.3.6, OpenOffice. org 2.4.2 and 3.0.1).
OpenBSD’s minimal defaults fit in with the standard computer security practice of enabling as few services as possible on production machines. The project also uses open source and code auditing practices argued to be important elements of a security system.
So go ahead and download OpenBSD 4.5.
make sure you subscribe to my RSS feed!
SUBSCRIBE
Latest Comments