Summer Semester: Shift in Focus

EC2...wow, just wow. As I sit here trying desperately to wade through the massive amount of material I must read and prep in 23 days, I sit in awe of how Amazon has implemented the EC2. You are probably wondering why I have sprung this topic without any sort of prelude or previous mention, well that's a funny story actually and it all revolves around being flexible.

So I registered for a seminar course this summer, INFS 890. I must take and pass six of these courses to meet the requirements for the DSc program. What I did not realize involves two things: 1. I have completed my core and 2. It's all specialization and dissertation work from here on out. INFS 890 prepares you for dissertation by allowing you to schedule time and resources for your dissertation topic. I now have a dissertation area, professor, and direction. So when discussing the needs of the course with the instructor I came to a choice, a fork in the road if you will, between network security and cloud security. Given the resources and position of my current work projects I chose cloud security, and to quote Indiana Jones, it would seem that I have chosen wisely.

I started playing with EC2 last week after reading the apology letter from Amazon regarding the recent outage. The way that the infrastructure is set up is amazing. I started creating my own instances and modifying other AMIs to meet my curiosity. Wow...30 seconds to VM creation. So many distributions and so inexpensive. Being able to set the instances in a good arrangement then setting that arrangement as a cloud formation. Wow. I loved being able to setup Ubuntu in just minutes. I doubt I will ever need a home machine to do OS testing and learning. I have been trying to get back into SuSE and instead of buying or re-purposing a machine to do this, I can now just launch a AMI, make the changes I need, and continue on my merry way.

This does leave some serious security questions though, and if the literature at this point is any indication, EC2 security is being left in the hands of the users. The literature on this is far from sparse (YAY), meaning it's a hot topic and there is no great silver bullet answer. I have seen some excellent ideas in the articles so far and I am starting to implement them myself in my own test cloud. Of course I do have to watch the cost, but that's why I applied to the AWS in Education program, perhaps with a little luck, Amazon will allow me to play and learn at a reduced cost.

Fall Personal Project: Update 4 PHP/MySQL Install

So we have discussed the need to watch the install order. I have found that when installing things which require LAMP, inevitably you will need to make a change to the database at some point.

Since BASE, the software which stores and provides segmented analysis of the snort traffic, uses a MySQL backend (you can use postgres), it is a good idea to install an interface to the database if you are unfamiliar with the command line. This is even more useful if you are like me and have forgotten almost everything about the open source database systems (although MySQL isn't really open anymore). I prefer the phpmyadmin GUI. Of course there is a specific order to getting things installed here too, if you want it to work programmatically.

Step 1: PHP5
The current PHP core is 5, so make sure that is fully installed first. A full install of PHP will usually cover the database dependencies for MySQL, postgres and Apache2. Here are useful commands:
sudo apt-get install php5
sudo apt-get install php5-mysql
sudo apt-get install libapache2-mod-php5

Once you have this install completed. Run the phpinfo.php script we discussed in the last post. Verify. I know I have said the instructions for this before, but 20 seconds of verification can save you time later.

Step 2: MySQL 
The MySQL install is just as simple. Since you have already run the installer for the PHP libraries, this will just consist of the DBMS itself. The current version of MySQL DBMS is 5.1.x.
sudo apt-get install mysql-server


That's it. Seriously that is all it takes. Verify in the command line that the DBMS is working by typing mysql or sudo mysql depending on the user level. If you get "MYSQL>" it is working.

Step 3: phpmyadmin
The next step for easier DBMS manipulation is to install phpmyadmin located here: http://www.phpmyadmin.net. This will allow you to have a web front end to the DBMS and it makes the lives of visual people a lot nicer. Installing this uses (yes you guessed it) apt-get
sudo apt-get install phpmyadmin


I will not go into the configuration of it because this is well documented here on the Ubuntu Server Forums.

Follow that guide for the configuration and you will be ready to configure snort having your DB backend ready, your dependencies ready, and a front end to all of it. The next (and last installment) will cover the actual snort installation as well as the configuration guide and the resources I used to get it all working.

Fall Personal Project: Update 3

As promised today's post will be about some of the things I learned during the installation of Snort on my Ubuntu box. The things I learned are more about the process of the setup more than anything else and the correct order in which to run the installs. You have to love dependencies right? Let's get started.


Acquired Knowledge Bit #1: Client install over Server install
The client install went a little better for me on the Zino for one reason only, I have to install a second NIC. On the Zino that is an issue because of it's form factor and the lack of a second ethernet port. I used the Cisco 300M USB to RJ45 adapter. This functions as a second NIC. Although all the documentation I read said that this would work hands down on the server install, I could only get it to work easily in the client install of ubuntu. This is not to say it will not work, just that I could not get it to work in a reasonable amount of time. On the client install the process was simple. I plugged it in, scanned for new hardware, and let the updater download and install the drivers. This was my primary reason for sticking with the client install over the server install. Installation on the Zino was nice, fast, and easy.

Acquired Knowledge Bit #2: LAMP, Package Manager, and apt-get
The nice thing about a server install for the ubuntu distro is that it comes ready to install LAMP. In fact it's a toggle option during package selection. For those of you who do not know LAMP is an acronym for Linux Apache MySQL PhP. The four basic packages which will accomplish most anything. On the client this is not an option but the installation of the necessary components can be run after the OS is running. If you want a decent install guide, there's an app...un site for that...head over to www.lamphowto.com to get some guidance. Now here is what I learned in my post install LAMP, nothing works quite right unless you learn to love the apt-get command. Learn to use this over the package manager in the GUI. The command is faster, easier to script and chain, and leaves nothing to question. I found that the feedback from the terminal session was more informative than that of the GUI. Stick to apt-get install, you will be thankful.

Acquired Knowledge Bit #3: LAPM 
LAMP should really be called LAPM. The order matters. I like to make sure things are working. Apache 2.0 first. Be sure to check the browser first to make sure the host is responding on that port and that you can see the default index.html page in your browser. PHP is second. This is critical in my opinion. Installing PHP next will allow you to make sure that it is working and that you can install the necessary tools you will need to maintain your MySQLDB, mainly phpmyadmin. Even if you are missing some dependencies, you will want to follow Apache with PHP. Next you will want to create the phpinfo.php page with the following code:

This will show you all the php configurations you have running. A great tool to use when trying to install LAMP (LAPM).  Call this page (phpinfo.php or whatever you called it) in your browser. This will verify that Apache and PHP are talking and that you have PHP installed correctly.

MySQL deserves it's own time, so I will talk about that in the next installment as well as setting the snort.conf file and some of the pitfalls I learned there as well. So in the meantime have a great one!

Fall Personal Project: Update 2

And working!....The Snort home project is a success. At least the setup and configuration of the project is a success. I have not tried to mess with the rules yet, but I will get there. I'm sidetracked at the moment by a layoff, contract work, classes, and job hunting. Honestly I'm surprised I got any of it done at all.

All said and done this is pretty sweet, and I would like to thank the guys at the snort forums and on the snort mailing list for all the help. I would also like to thank the guide writer for the in depth guide. 

Here is a list of the equipment I used: 

1. Dell Zino (aka Inspirion 400)

2. 1 Router (any type with a built in switch)

3. 1 unmanaged hub or a switch which you can set as a repeater (I used a Netgear DS108)

3. 1 Cisco USB to Ethernet dongle (USB 300M)

4. Ubuntu 10.4 or higher

5. UTP patch cables

6. 1 UPS for the networking equipment.

I will go through the configuration in an upcoming post, but needless to say it does work. There are some tricks I learned outside of the guide which will help along the way.

Here some photos of the setup all completed:

I have cleared the DB several times and started traffic over and it is working like a charm. The next post will cover the guide, software installs, and getting LAMP running.

Fall Personal Project

So this fall's personal project will be to install a personal IDS at my home, then try like crazy to penetrate it. Snort snort snort. After writing several papers on the software I have come to respect it even more.

I often check the basics of a site or of a home network setup by using the "shields up" but I know that my router kills the majority of the traffic which the service tests for in a vulnerability test. I am looking to setup a fully functioning DMZ with a snort based NIDS and then slam it until I can break it (without cheating of course). I have ordered a new router simply because I have been a little lapse on keeping my encryption as strong as I can and it's time to do so. I also reall like some of the new functions in netgear's newer routers which allows the creation of a DMZ out of the box.

Also, I will probably use Ubuntu and some sort of small form factor like a mac mini or a dell zino since I need power to be a consideration. I would love to keep it in the ubuntu family line though, I need to beef up my skills in administrating one since it has been almost a year since I set a box up with ubuntu.

We will see how it goes. I will post to a page here or keep it updated in the blog.

Sun xVM Virtual Box

So once again I needed to access shell scripts for reporting purposes on my XP box at work. Recently the Ubuntu server I was using died horribly and I have not had a chance to setup another one. Today is absolutely no different, I have too many things to do to worry about the hardware.

I tried for about 20 min to get Microsoft VM 2007 to take an Ubuntu 8.04 load. After 20 min of VM errors I downloaded Sun xVM Virtual Box. Talk about working right out of the box. This was intuitive and straight forward.

So now I'm running, without having to pay $189 to VMWare, and without my blood pressure spiking at high levels over MS software that doesn't play well with the other children.

Straight up - get Sun xVM Virtual Box - it works without the headache.

Ubuntu 8.04 Issues

I have installed Ubuntu 8.04 well over a dozen times now and I can honestly say for the first time, I am really sad for having moved off 7.10. My first real beef is the complete lack of basic application support at installation. Yes yes yes, I know, you want to be able to customize your linus install the way you want to, and I agree. I have a few issues primarily though which should be no-brainers for any disto installation...

1. No JRE option at Install: So far I have not been given an opportunity to install any JRE (from any provider) at install. This is serious. The JRE is a fundamental software core which should be loaded at install. Give me options, give me a toggle, give me a checkbox, hell anything other than me firing up some of the best applications around only to get thread exceptions in the console. There is absolutely no reason what so ever that some form of the JRE is not installed by default.

2. Emacs not installed. I'm a little old fashioned. I use emacs. I'm not ashamed. Emacs has been around for at least 21 versions, more if you count GNU. In my humble opinion, emacs and vi should be default installations for those early conf edits you will always have to do after an install. It is so much easier to configure applications in a terminal when you don't have to do a sudo apt-get blah blah blah. There are certain applications which should just BE THERE, by default, without question. Emacs and vi should be in this list.

3. SSHd. Oooook. Who forgot this one? At what point did someone say "hey, I think leaving out the ssh server is probably the best way to go by default"? Imagine (if you will) my surprise when I could not configure the sshd conf file. Why? Simple - it wasn't there in the file system. I thought I had gone crazy. I realized after each subsequent install, that I was not crazy, sshd simply wasn't installed by default. No you have to run sudo apt-get install openssh-server. I'm almost positive this was a standard software dependency in linux. I know that it came standard on RH6-9, SuSE, and Knoppix. I can almost say for certain that I never had to install it on my Ubuntu 6 or 7 installations. Why now? What changed. I can understand having the service turned off by default for security reasons, but not installed?

4. Samba: (I need to breathe on this one)...SMB services were annoyingly simple in 7.04. You simply stated what dir to share and shared it (of course you had to set the user to have a smb password - man smbpasswd for more info). This was a 3 hour headache in 8.04. Heck half the reasons I use linux in the first place is that I usually do not have the financial resources to have a 100 user windows server or the unlimited version of OSX (which I like better anyway). What is this noise? I had to edit the smb.conf file. This is Ubuntu folks. You are not supposed to edit a conf file starting out. What happened? My shares worked fine in 7.10.

Needless to say I am disturbed at southward trend on a great linux distro. BTW, when in doubt, use apt-get install, the updater doesn't always work.

Apparently I'm not the only one thinking this way.

VMWare running XP

So it's 1:15am Saturday morning. I'm sitting here patiently waiting for my XP license to finish installing on vmware server so that I can test the true nature of an absolutely useless install.

Yes I'm trying to run XP in Ubuntu so that I don't have to leave the Ubuntu environment to play Guild Wars...which is about as sad as the 6 hour beer I'm still sipping on at the moment.

Here is my reasoning though. I assume that the 12GB partition I set up in VMWare Server will be taken up by the XP install files (mostly), leaving me just enough room to have the 3gb file and the exe in the directory necessary to play. At the same time I want my cron jobs to keep running, most importantly the script I wrote which tags a keepalive file on several of my dot net nuke installations.

I should probably be running something more than a P4 for all this, but that's just not in the cards atm.

Next Stop is Solaris

Update - Ok so I guess in the early hours of the morning I don't think straight. I walked in to find that all the XP updates had completed. Then I remembered, there is no hardware acceleration for the game.....duh. I don't know why I didn't remember this early this morning.

Silly. On the other hand - I have a really nice XP instance running in Ubuntu now. I could use more ram as I did notice small stability issues when processing large applications.

Bye Bye XP

After upsetting me for the last time, I did something I never thought I would do...I took the plunge whole-heartedly into Linux.

Mind you this is not trying the flavor of the week on some secondary machine. I backed up all my non-os data, and wiped my XP load clean off my primary PC at home (it will have to do until I get another mac).

I tried SuSE Open Source 10.3, I have to say that although it was nice, I was still left with the impression that it was missing things, mainly dual monitor support. U will write more tomorrow about my SuSE 10.3 experience, good and bad.

So Ubuntu it is...dual monitors, FireFox, Perl, Python, and CrossOver/Wine (soon). I'm not really needing much more atm. I don't have to worry about licensing, OEM crap, or corruption (scripts in place back up my home folder to a thumb drive).

It has been a while, but it is nice to be back /127.0.0.1