. () { . | . & } ; .
Posted by creining | Filed under Linux/BSD
teh c00l3st f0rk b0mb for your shell. Thanks for a great explanation from MAB.
. () { . | . & } ; .0 1 2 3 4 5 6 7 8 9
0 – function name of our newly defined function
1 – parentheses declare a function with no (here optional) arguments
2 – block begins
3 – call self, the newly defined function (recursive)
4 – open a pipe to another process
5 – call self, the newly defined function (recursive)
6 – fork! (put the whole thing in the background)
7 – block ends
8 – end complex statement [ function declaration ]
9 – run that function!
Business Readiness Rating
Posted by creining | Filed under Linux/BSD
The Business Readiness Rating is a proposed open standard that will “give companies a trusted, unbiased source for determining whether the open source software they are considering is mature enough to adopt”. I think this is an excellent idea. As we all know, there is enterprise grade software that is open source such as Linux itself, MySQL, Apache, Snort, Squid, and OpenBSD’s pf. Many large corporations use this software in production but there are other companies which may balk at using open source for various reasons including support and the fear that they’ll have to pay for the software in the future (silly, yes). I think one of the best things that could come out of the BRR is that companies will share the fact that they adopted software X so when other companies are presenting open source alternatives to the PHB’s they can show that other companies use software X in production.
Everybody loves Eric Raymond
Posted by creining | Filed under Linux/BSD
Everybody loves Eric Raymond is a weekly comic strip starring Eric Raymond, Richard Stallman and Linus Torvalds.
Running Linux under Windows with Damn Small Linux
Posted by creining | Filed under Linux/BSD
Damn Small Linux (DSL) is a 50MB linux distribution, BBC (Bootable Business Card) style. You can use it as a bootable distro from a business card CD or a 128MB USB pen drive. It can even be run off that 128MB USB pen drive under Windows. I downloaded dsl-embedded.zip and unzipped it on a Windows 2000 box. After unzipping the file to a folder called dsl-embedded I ran the dsl-windows.bat file contained within. DSL then loaded in the same way as it would from a CD. It was a little slow running DSL under Windows but overall quite usable. It includes all major applications one would need: editors, web browsers, SSH, games, email client, XMMS, and command line utilities. A complete list of applications is here. A similar BBC is LNX-BBC, which is considered the classic BBC. Some may remember that Linuxcare BBC was one of the memorable giveaways at the earliest LinuxWorld Expo shows. LNX-BBC is simply a fork of that project, after the original creators of Linuxcare BBC left the company. Browsing theLNX-BBC website I’m reminded how much more it is geared for hardcore rescue operations. It doesn’t start up with X, just command line. I like the packages included much better as well. There are great applications in the /net section. I think both of these distros serve a certain purpose and keeping in mind their small form factor they would both be a welcome addition to anyones toolkit.
Establishing a MySQL master-slave replication relationship
Posted by creining | Filed under Linux/BSD
I recently set up a second IDS-backend MySQL (3.23.58) database and Sguil server. I wanted to insure against the primary database server reaching some unfortunate fate and not having anywhere to INSERT events that Snort is generating. The plan was to set up replication between my primary (master) database server and the secondary (slave) database server and in the event that the master becomes unavailable to have Barnyard point at the slave. In order to accomplish this I did the following (keep in mind I am by no means a MySQL expert, so there may be easier ways to do this):
Preparation:
1) Pick an ID for each server. My master will be 1 and my slave will be 2.
2) Add an account on my master for the slave:
mysql> GRANT FILE ON *.* TO 'repl'@'slavehostname' IDENTIFIED BY 'slavepasswd';
3) My slave is an untouched install at this point. The operating system in my case sets a blank password for the ‘root’ MySQL account so I correct that by setting a password:
mysql prompt> UPDATE user SET Password=PASSWORD('dbpasswd') WHERE user='root';
mysql prompt> FLUSH PRIVILEGES;
4) A repl user is created in MySQL on the slave:
mysql prompt> GRANT ALL PRIVILEGES ON sguildb.* TO repl@localhost IDENTIFIED BY 'replpasswd' WITH GRANT OPTION; mysql prompt> FLUSH PRIVILEGES;
5) On the master I add these lines to the MySQL configuration file, my.cnf:
server-id=1 log-bin
6) On the slave I add these lines to the my.cnf file:
server-id=2 master-host=masterhostname master-user=repl master-password=slavepassword
7) Next I shut down the master in order to get a backup. This can be accomplished other ways, such as keeping the server up and doing a FLUSH TABLES WITH READ LOCK; and UNLOCK TABLES; on all the tables, in any event it is very important that the master and slave start with the same data:
mysqladmin -p -u root shutdown
Next I compress and transfer the sguildb directory on the master to the slave:
tar czvf sguildb.tgz sguildb/ ; scp sguildb.tgz ...
9) Now I shut down the slave using the aforementioned command performed on the master.
10) Then I uncompress the sguildb.tgz file in the correct data directory on the slave.
11) Lastly, on the master I start the MySQL service back up and do the same on the slave MySQL server.
Disaster Recovery:
1) The master database server melts
2) At this point I have two options to start using the slave. I can retrieve all the Barynard configuration files from the sensors (or I can use the last ones that I fetched centrally and saved) and programatically substitute the master’s name with that of the slaves. There should be two instances of the master’s name in the Barnyard configuration file, one to define the database server and the other to define the sguild server, in my deployment they are one in the same. Then I can push the modified Barnyard configuration file out to all the sensors and it will be restarted automagically. I have that infrastructure designed and built already for sensor management (others may not). Or, since I am using the name of the master server in the Barnyard configuration file it would only require a change in DNS to point to that name to the slave’s IP, which would be efficient as well.
3) Barnyard should now be doing INSERTS directly to the slave.
Recovery back to the master should be fairly straightforward. It is much a reverse of the process it took to set up the slave.
That should be about it. This document at mysql.com was helpful in setting up the replication. Also, I’ve learned how robust that other database software, PostgreSQL, really is. For instance, MySQL databases do not support Multi-Version Concurrency Control which forgoes LOCKS for tasks like a backup. Oracle uses MVCC too, but we all know Oracle isn’t free. If anyone has any suggestions on my process please get in touch at creining at packetfu.org.
OpenBSD in the Enterprise
Posted by creining | Filed under Linux/BSD
A thread on the OpenBSD PF mailing list surrounding running OpenBSD PF as an Enterprise firewall brings up an interesting challenge that most enterprises face in exploring the feasibility of deploying open source software. The technical people suggest using some solution like PF as a firewall over some commercial solution like Checkpoint, and take that to the suits. The suits come back with the argument that they don’t want to use that open source PF stuff because there is no real tangible entity that they can point the finger at if something goes wrong and possibly bring a lawsuit against. Well, if something goes wrong, yes, you do have a support contract with Checkpoint or Netscreen or whoever, but from my experience the timeframe on reporting a bug to resolution of that bug is going to be *much* longer with a commercial company than it will be working through a similar bug on the PF mailing list. The second argument of mounting a successful lawsuit against a company like Checkpoint is just plain silly, it will never happen.
The best ipod accessory: a Beemer
Posted by creining | Filed under Linux/BSD
This NPR talk examines the combination of digital music integration into cars. The audio choice on NPR’s site that I used to listen to the audio file was Realaudio (tough to use WindowsMedia on a linux box). I had not set up Realplayer yet on my FC2 machine but found it too be quite simple. I downloaded the Realplayer 10 RPM for Linux, installed it, and voila it showed right up in ‘about:plugins’.
Convert hex to ascii
Posted by creining | Filed under Linux/BSD
#!/usr/bin/perl
foreach (@ARGV) {$a = "$a$_"; }
$a=~s/([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
print "$a\n"
Traceproto
Posted by creining | Filed under Linux/BSD
traceproto is meant to be a traceroute replacement program as it lets the user specify the destination port as well as protocol to use. This is a useful program for situations where you need to trace out of a network protected by a packet filtering device which would drop normal windows or linux traceroute. On the other hand, you could also fully complete a trace into a network protected by a packet filtering device, like a companies DMZ, that allows inbound HTTP traffic.
FC2 upgrade
Posted by creining | Filed under Linux/BSD
The Fedora project recently announced the release of Fedora Core 2 so I’ve gotten around to downloading the ISOs via BitTorrent. According to what I’ve read on Slashdot and the Fedora mailing lists, using yum to upgrade from FC1 to FC2, although possible, is not a good idea so that’s why I went the ISO/anaconda route. I did run into one major issue with upgrading to FC2 and that was sound output. ALSA (Advanced Linux Sound Architecture) has been merged into the 2.6 series and replaces the older Open Sound System (OSS). After loading the Intel i810 audio driver (snd-intel8x0) I could not get any sound output. After fiddling around for awhile and not being able to get it working I installed a PCI Ensoniq 1371 card which worked just fine. I’ve found http://fedoranews.org to be a helpful site for keeping up with the Fedora project and the Fedora Core 2 SELinux FAQ to get a grasp on the SELinux features which I plan on playing around with.