Tue, 28 Feb 2006
Potential AppArmour Presentation - 2006-02-28
Update: It's on! The talk starts at 19:00 on 2006-02-28 and is being held
at the Fotango offices.
For one night only Crispin Cowan, chief architect of AppArmor (and previously CTO and co-founder of Immunix) will be available to give his excellent talk on AppArmor to a lucky London audience.
What's the catch? It's tomorrow (Tuesday 28th of Feb) or nothing! Crispin is only in London for a couple of days and has a single slot in his diary, and he's graciously said he'd give his talk if we're interested. Because the speaker only has a limited amount of time available in town I need people to let me know if they are interested, and WILL TURN UP, before I ask him to give the talk. If you want to see this talk email me! But please be realistic about your chances of attending.
If we get 20 or more people confirm they want to come I'll send out another announcement confirming that it's on. If the meeting happens the venue will be the Fotango offices in Old Street (map). They'll be open from seven, an hour for the talk, some time for questions and then to a local pub for food and drink.
I saw this talk at FOSDEM and it was one of the weekends highlights from both a presentation and a technical viewpoint; if I didn't like it I wouldn't have hounded him ;) If you're interested in Linux security then you need to know about AppArmor, and who better to tell you about it than the man himself?
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2006/02/28 00:38 | /events | Permanent link to this entry | This entry + same date
Tue, 21 Feb 2006
CPAN Module: WebService::Google::Sets
The initial release of
WebService::Google::Sets
is now available from CPAN.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2006/02/21 18:47 | /tools/network | Permanent link to this entry | This entry + same date
Sat, 18 Feb 2006
GLLUG Ramble - Days long gone.
The way that GLLUG events are
organised has changed again recently and bought it more inline with how
things used to be done. When I first joined GLLUG the meetings (speakers
and venue) were mostly organised by a fearsome man (who was rabid about
his privacy so I won't mention his name) who had a nack for getting good
speakers but no skill at organising (most meetings were announced about
a week before they happened) or promoting them.
Fortunately someone was willing to step in to the breach; Colin Murphy. He spent a lot of time and effort making sure that fliers went out, news groups were told and that people felt welcome. For a while things went well for the group. Linux grew in popularity, more people were using it commercially (giving GLLUG the occasional sponsor like Veritas and Sun), and the pool of speakers grew. This lasted for a couple of years but then one day things went bang.
This next bit'll be a little vague as I wasn't present when it happened (I was outside talking to one of the sponsors) and I've heard a number of slightly different accounts over the years; I also don't want to offend people that gave a lot to keep the group going. At the end of an otherwise normal GLLUG a suggestion was made to change some of the details of how GLLUG was run. A clash of personalities, a disagreement about the merit of the ideas and some harsh words led to "He without a name" walking out of GLLUG and washing his hands of it. And this lead to the "GLLUG admin team".
Now to clarify what I mean by the "GLLUG admin team". It's basically a mailing list of people that offer to organise a meeting and try to split tasks among themselves. Anyone can join the list and will be given a fair chance if they step forward and offer to do one of the tasks (chase a speaker, send announcements, print fliers etc). I'll be honest, I don't really like the way this works.
In the past I've seen this lead to tasks being discussed to death, not picked up and left to the last minute. Like every thing organised by a group really :). A recent example is the January GLLUG meeting. It never happened. Who ever wanted to do it did no follow up, no chasing and let the whole thing slip to the point where it was cancelled. In contrast, all the GLLUGs I've organised have been mostly one man shows with me asking for the occasional thing to be done and then checking up on them. If something didn't get done it was my fault and everyone knew who to point at. I'd hunt the speakers, send the mail announcements, chase the occasional sponsor (Outcome Technologies bought the speakers dinner at my second GLLUG) and most of the other tasks. Some of the bits, updating the official GLLUG site, sending USENET announcements, are still handled by other people but this is more due to me either not having access (the site) or not seeing the point (USENET announcements). I'm not saying my way's right but when doing stuff for GLLUG it makes my life a lot easier.
I've been very quiet on the GLLUG front recently and with the exception of Sean Tohill (who is a master at getting us a place to hold meetings) and Chris Bell (who put the LiVeS evening together on his own) so have the rest of the admin team. While LUGs always used to have a purpose the more mainstream acceptance and use of Linux has marginalised their role in the community and forced a lot of them to either become online only or close their doors. I don't think GLLUGs ready to go away yet but I do think it needs an overhaul. And that's what I'll be posting about soon...
So in closing, thanks to all the people that have helped GLLUG over the years. The organisers, from the Aussie who kicked it all off, to those on the admin team today. The speakers who have given their own time to educate others, the people who have gifted us venues, the sponsors who have allowed us to show our gratitude and the people that turn up and make the pub discussions afterwards worth giving up a Saturday for.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2006/02/18 15:46 | /geekstuff | Permanent link to this entry | This entry + same date
Shiny Laptops but Shoddy Hardware
I'm not a Mac fan, I tried. I really did. After Paul Graham declared Macs
supreme and the worthy of attention David Heinemeier
Hansson bashed Windows developers I pulled my old iBook out of the
cupboard and gave it another couple of weeks. And then went right back to
my Dell Latitude running Windows (and Linux in VMWare).
While this is old ground for me what's recently bought my Mac hating to the forefront is the stupidly high number of hardware failures Mac laptops seem to have. I'm not sure if it's just shoddy hardware or that every Mac user I work with secretly takes his Mac home for some hard lovin' over the weekend but it's amazing how many of them break. And then come back from Apple still broken. I guess the people doing the repairs do their diagnostics using Apples as well...
While I've not seen any real numbers on it anecdotal evidence from tech conferences (and now the office) makes buying a Mac laptop look like a custody war, you get the machine most days but Applecare will get their fair amount of time over the years...
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2006/02/18 14:45 | /geekstuff | Permanent link to this entry | This entry + same date
frdns.pl - Forward and Reverse DNS Lint
The frdns.pl forward and
reverse DNS checking script is one of those little mistake catchers
that allow you to work with a safety net. In this case it checks that
your deployed forward and reverse DNS records are present and correct; it
checks the results from real DNS queries, not by zone file parsing.
frdns.pl accepts a CIDR range and polls each IP for a reverse DNS record. If it gets one it'll try to forward resolve the name and compare the two results. If the forward record is missing, or the two parts don't match, it'll print the problem. You can supply a flag to make it only display valid or broken records and with a little bit of shell wrapping it (and iterating through your networks) you've got a nice cronjob that'll give you a bit more confidence that your DNS is clean.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2006/02/18 14:19 | /tools/commandline | Permanent link to this entry | This entry + same date
Thu, 09 Feb 2006
cidr_pinger.pl - Small Tools
I needed a command line tool to ping a number of CIDR network ranges, show
me the status of each IP address and give me a return time for those that
responded. I now have cidr_pinger.pl.
It's not as fast as a 'nmap -sP blah/24' but it does give me a return
time. Although it only took ten minutes work with the ever incredible CPAN
I'm putting it on here so I don't have to write it again...
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2006/02/09 00:18 | /tools/commandline | Permanent link to this entry | This entry + same date
Wed, 08 Feb 2006
Adding Multiple FireFox Extensions
Adding FireFox extensions through the GUI one-by-one is, if you ignore
memory leaks, one of the browsers most annoying quirks. Fortunately,
modern versions of the browser allow you to drop a number of xpi files
in to your "extensions" directory and install them as a batch when you
start FireFox. Of course you need local copies to do this but that's
where a little bit of perl web spidering comes in...
The hardest part of the process is actually finding where to drop them. If you are using a modern Windows system (2K/ XP+) you'll find the "extensions" directory under %APPDATA%, which you can display with "echo %APPDATA%" from within cmd.exe. The other catch is that FireFox (and Thunderbird) create a profile name based on random characters. The full path will end up looking something like this: 'C:\Documents and Settings\dwilson\Application Data\Mozilla\Firefox\Profiles\XXXXXXXX.default\extensions'
You'll still be prompted once to install them all (I've not dug too deep in to completely silent installs yet) but it's a lot simpler than the alternative. And a good first step on way path to completely unattended installs.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2006/02/08 18:15 | /tools/firefox | Permanent link to this entry | This entry + same date
Tue, 07 Feb 2006
Undeadly Add-ons and IMDB/Google Images
I've got a couple of new Greasemonkey scripts I've been using. First up is
Expand
Undeadly/OpenBSD Journal Comments. Which does just that.
I've also started using the Mozilla.org Add-on Pages - 100 results per page script after I started to go insane from constantly clicking for more results.
The last plugin from the batch was never finished as someone else had already gotten around to it! Google Images in IMDb was just waiting to be written. It adds a link, next to the stars name, to a Google Image search of that actor/actress. What's really neat is that when you're browsing a film, each of the cast has an "[I]" next to their name which does the same.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2006/02/07 23:36 | /tools/online/greasemonkey | Permanent link to this entry | This entry + same date
Extend Firefox Contest Finalists Announced
As the title says, Mozilla.org has announced the Extend Firefox
Finalists. Of the 18 plugins that have made it to the last round I'm
already using five of them so I'm pretty happy with the list.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2006/02/07 00:33 | /geekstuff | Permanent link to this entry | This entry + same date
Mon, 06 Feb 2006
Patching for Custom Config File Locations
While
discussing the FIA via SSH article, one of my comments got some
feedback; the comment was sudos config potentially giving the game away.
A number of people suggested the same solution, patch where the source
looks for the config file and compile it yourself. The idea is that you
put a fake config file in the usual place, patch the source to use a
different location and then compile the application. When it runs it
leaves the fake config alone, uses the custom location you added and the
attacker is none the wiser.
This isn't difficult to do. For example a number of honeypot articles recommend patching syslog so the attacker doesn't see a "log to remote host" config setting. Technically this works just fine. But that's not where you pay the price...
Doing something like this is a small security win but a huge usability loss. Firstly, every time you want to upgrade the binaries you need to patch, compile and occasionally even package them. After you've done this step you need to find a way of incorporating their distribution with the rest of your software. Lastly you have the enjoyment of having a sysadmin spend half an hour changing settings, restarting the command/daemon and NOTHING HAPPENS! Why? Because they changed the default config file. Which is a fake... You'll do this once and then swear off the technique for anything except a one man research box that you don't want to keep current.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2006/02/06 23:33 | /security | Permanent link to this entry | This entry + same date
Sun, 05 Feb 2006
Greasemonkey (and JavaScript) Debugging in FireFox
Since being bitten by the Greasemonkey bug I've found
dozens of ways to write broken and invalid JavaScript. While the JavaScript
console that comes bundled with FireFox has helped track them down it's come
up short on a number of occasions. Fortunately we've now got FireBug,
a per page JavaScript console with a bundle of extras. Including an
integrated element inspector and XMLHttpRequest sniffer that shows you any
AJAX traffic.
And now for an related, annoying quirk. If you view source on a page, you get the source *before* any Greasemonkey changes have taken place. Which is often the exact opposite of what you want. I've worked around this with the "View Generated Source" function in the Web Developer Extension.
Bonus extension: Html Validator Firefox Extension. Displays a little icon on the bottom right of the screen which shows when a page has warnings or errors. It can show the total warnings and errors for the page but you need to enable this option. Double click the icon for more details.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2006/02/05 14:50 | /tools/firefox | Permanent link to this entry | This entry + same date
Doomed in Crowds on Mars
I'm on call this weekend so I'm pretty limited in what I can get up to. At
least that's my excuse for watching TV...
First up I saw the movie adaptation of Doom. I've blogged about the Doom movie before and unfortunately I was right. It was bloody terrible. Almost no plot, insanely bad voice acting from Rosamund Pike and lots of pointless corridors. The only highlight was the first person section that gave a nod to the original franchise. What the film needed was a lot more action from the get go, dropping the marines in a running battle that never let up would have had no adverse effect on the "plot" while giving action fans (and fans of the games) a better experience. 2/10
The other disappointment was the IT Crowd. A new comedy on Channel 4. It's a bad premise with a naff implementation. It's just not funny.
On a positive note I was pleasantly surprised by what could have been a very niche show, Life on Mars. A time travel drama featuring a bemused, possibly in a coma, John Simm as the lead man. Heavily influenced by The Sweeny with some great "is it real?" moments and a very competent cast it's one of the few things worth watching at the moment. First Dr Who and now this. The BBC might just be making a Sci-fi comeback!
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2006/02/05 00:16 | /geekstuff | Permanent link to this entry | This entry + same date
Sat, 04 Feb 2006
File Integrity Assessment via SSH Article - Sysadmin Article
Hal Pomeranz has an interesting article on File
Integrity Assessment via SSH over at sysadmin magazine (well
worth a subscription). At my last job a couple of us discussed doing
something similar so I enjoyed the article; it's nice to see someone
actually implement the damn thing.
The basic idea addresses one of the implicit weaknesses with FIA tools. You give the attacker an obvious target to try and subvert. While there are little tricks you can employ to make their life harder (add a false positive so if they replace the binary with a fake it doesn't report everything you'd expect etc.) Hals technique moves the whole FIA setup off the machine. You only copy the FIA tools in when you're going to run the scan. This won't stop kernel level hacks written just for screwing with FIA but it does raise the bar a fair bit.
One of my suggested tweaks for this would be to replace the null passphrase root SSH. Firstly I dislike allowing root to SSH to a machine. Secondly, keys with no passphrase are often a bad thing. While SSH agent can make them better, a non-privileged account, sudo and the NOPASSWD option are often a better choice.
The config in '/etc/sudoers' will make it easier for a competent attacker to work out what's going on (although to make life harder you can still rename commands as mentioned in the article) but this is better than allowing such a dangerous entry point to all your systems.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2006/02/04 20:28 | /security | Permanent link to this entry | This entry + same date
Fri, 03 Feb 2006
foXpose and the NOC
What do multiple Nagios status pages, network traffic graphs and RT incident queues
have in common? They're all tabs I have open throughout the day. Because
any of them can change at anytime, watching them has been always been a
PITA. I used to get around this with a custom kludge that drove IE through a set series of pages. On
the upside it worked. On the downside the periodic flicker of page changes
drove me nuts.
I've moved to a two monitor set up at home, while this allows me to work and watch a page at same time the requirement to view multiple pages is still an important, and awkward, one. Thanks to foXpose this is suddenly a lot easier.
foXpose creates a tab that contains a miniature view of every tab you have open (apart from itself) and shows them all in a single tab. The great thing about it is that if any of the "real pages" change then the miniature one also adjusts. So you can watch too many tabs at once in real time! A foXpose tab has become an almost permanent resident in my right hand monitor.
If you work on a single monitor then Tab Sidebar might be more useful, instead of a whole tab of tabs, it opens a sidebar with a compressed version of each tab in it. While still allowing you to web browse in the main window.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2006/02/03 18:35 | /tools/firefox | Permanent link to this entry | This entry + same date
Thu, 02 Feb 2006
Command Return Codes and Long Command Prompts
Once you've been using a tool for a while you often reach a plateau where
it's "good enough" and you stop looking for ways to tweak it. I've been
using bash for a number of years and I've got set in my ways; until I
sat next to a co-worker who uses zsh.
My first Linux machine had a 14" monitor that could only do low resolutions. Screen space was at a premium and every character was precious. These days most of the machines I spend a lot of time on have 19-21 inch monitors. Unfortunately, I still have the same bash prompt.
As screen estate isn't quite so precious anymore I've changed to a two line prompt:
dwilson@fully.qualified.machine.name:/full/path/to/cwd/ $ type_commands_here
This gives me all the details of where I am (with each part allowing double click selection, ready for pasting in another terminal) while also having an almost empty line ready for my commands. While it still feels a little strange, after eight years of using a single line prompt, it's growing on me.
The other little bash tweak I've added recently, and this was inspired by
zsh, is to show all non-zero return codes from commands I've run in the
shell. As most of you know, a majority of unix command line tools return
'0' on success. If it returns a different exit code then something is
probably wrong. While you can check the exit code explicitly with an
'echo $?' this soon becomes very, very tedious. After
mentioning what I wanted to do, a number of sample command lines and
scripts bounced around the GLLUG list. After some discussion
Tethys came up with this little bit of magic:
show_exit_code() {
retval=$?
if [ $retval -ne 0 -a "$HISTCMD" != "$lastcmdnum" ];then
lastcmdnum="$HISTCMD"
echo " -- exit code: $retval"
fi
}
export PROMPT_COMMAND=show_exit_code
If you add this to your .bash_profile (or .bashrc if you source that) every time a command returns a non-zero code the shell will show it to you. This snippet also handles a number of the edge cases, it doesn't get in the way of piping, if a command returns a bad value and you press enter or Ctrl-C the code isn't displayed again and some other annoying bits my initial version didn't deal with.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2006/02/02 23:28 | /tools/commandline | Permanent link to this entry | This entry + same date
Wed, 01 Feb 2006
Preserving Command Line Loop Formatting in Bash
If you're a heavy bash user you'll often find yourself writing short
snippets of code on the command line. Typically they'll be based around
a main loop and you'll end up entering them over multiple lines to keep
them readable. Unfortunately when you try reuse the command, by retrieving it
from the bash command history, it'll be transformed in to one semicolon
laden unreadable mass. Unless you read on...
One of the options bash allows you to set is 'lithist'. If you enable
it, either for the current session, by entering 'shopt -s
lithist' or by putting adding the command to your .bash_profile or
.bashrc all future multi-line commands will be correctly preserved. You'll
go from this:
$ for file in `ls *`; do command $file; otherthing $file; done
To this:
$ for file in `ls *` do command $file otherthing $file done
Which as you can see is much easier to read. One note though, enabling this option means that commands are also stored with embedded newlines in the .bash_history file. While this isn't necessarily a problem it does mean that grepping through that file may only return parts of a single command.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2006/02/01 23:58 | /tools/commandline | Permanent link to this entry | This entry + same date
Copyright © 2000-2005 Dean Wilson
