Recent Posts

• PGP Desktop for Mac
• It has been a while.
• Kubuntu Server, Nagios and Mysql
• Comment Spammers
• Kubuntu server and Vmware
• Feisty Fawn and VPNC
• Modifying GPSMAP
• Major Update to Real Estate Page
• Real Estate online lead generation - Google
• Google Maps….Global Ajax Radio Buttons

Search

Topics

• Backtrack CD
• Cisco
• Google
• Google Maps Mashup
• Linux
• Mysql
• Nagios
• PGP
• PHP
• Postgres
• Security
• Snort
• Uncategorized
• Web Design
• Webmin

Links

PGP Desktop for Mac

By klard | April 13, 2008

Is pretty much broken.
   If you are trying to use PGP’s mail feature with Entourage and Exchange it doesn’t work. You can encrypt mail and send it but you cannot un-encrypt the mail in-line. I have found a work around which is to highlight the encrypted string and paste it into a text box then un-encrypt that…pretty hokey but it works. Additionally if you get a PGP encrypted attachment when you double click on it, the attachment gets saved in the clear under your user folder/Documents/Microsoft User Data/Saved Attachments. This has got to be one of the worst features I have seen from a security standpoint. I mean yeah so I have an encrypted attachment so what I was thinking is that you move it to another folder and saved it in the clear….not.
    We also purchased the WDE (whole disk encryption) feature and umm it doesn’t work either. WDE does not even see the Mac disk. There are quite a few articles on the web that say PGP is working on WDE for the Mac….too bad that isn’t what the salesperson told us when we were buying it.
   In closing we have done quite a bit of work recently while trying to get PGP to work and frankly if you want some of the features described above (sans WDE), GnuPG works a lot better and is free as in beer.

Topics: PGP, Security | No Comments »

It has been a while.

By klard | December 30, 2007

I have completely switched focus in the last year from primarily development to security. That being said I have been struggling with getting snort to run on a gigabit ethernet tap. I compiled pf ring into a redhat kernel on a quad core 64 bit Opteron platform. While the platform and the network interface can keep up snort is really struggling to keep up.
In an effort to find out what snort is doing I enabled the performance monitor but had a darned struggle figuring out exactly what was being logged in Snort 2.8.1. The fields are defined in perf-base.c in the snort code but I have taken the liberty of copying and pasting them here to possibly save someone some time.
I will post later on the steps to get pf ring runnign on a 64 bit platform.

* unixtime(in secs since epoch)
* %pkts dropped
* mbits/sec (wire)
* alerts/sec
* K-Packets/Sec (wire)
* Avg Bytes/Pkt (wire)
* %bytes pattern matched
* syns/sec
* synacks/sec
* new-sessions/sec (tcp stream cache)
* del-sessions/sec (tcp stream cache)
* total-sessions open (tcp stream cache)
* max-sessions, lifetime (tcp stream cache)
* streamflushes/sec
* streamfaults/sec
* streamtimeouts
* fragcreates/sec
* fragcompletes/sec
* fraginserts/sec
* fragdeletes/sec
* fragflushes/sec
* current-frags open (frag cache)
* max-frags (frag cache)
* fragtimeouts
* fragfaults
* num cpus (following triple is repeated for each CPU)
* %user-cpu usage
* %sys-cpu usage
* %idle-cpu usage
* mbits/sec (wire)
* mbits/sec (ip fragmented)
* mbits/sec (ip reassembled)
* mbits/sec (tcp stream rebuilt)
* mbits/sec (app layer)
* Avg Bytes/Pkt (wire)
* Avg Bytes/Pkt (ip fragmented)
* Avg Bytes/Pkt (ip reassembled)
* Avg Bytes/Pkt (tcp stream rebuilt)
* Avg Bytes/Pkt (app layer)
* K-Packets/Sec (wire)
* K-Packets/Sec (ip fragmented)
* K-Packets/Sec (ip reassembled)
* K-Packets/Sec (tcp stream rebuilt)
* K-Packets/Sec (app layer)
* Pkts recieved
* Pkts dropped
* Blocked-KPackets (wire)
* udp-sessions
* max-udp-sessions
* del-udp-sessions/sec (udp stream cache)
* new-udp-sessions/sec (udp stream cache)
* max-sessions, interval (tcp stream cache)
* curr-tcp-sessions-initializing (tcp stream cache, of total-sessions open)
* curr-tcp-sessions-established (tcp stream cache, of total-sessions open)
* curr-tcp-sessions-closing (tcp stream cache, of total-sessions open)
* tcp-sessions-mistream/sec (tcp stream cache, of new-sessions/sec)
* tcp-sessions-closed/sec (tcp stream cache, of del-sessions/sec)
* tcp-sessions-timedout/sec (tcp stream cache, of del-sessions/sec)
* tcp-sessions-pruned/sec (tcp stream cache, of del-sessions/sec)
* tcp-sessions-dropped_async/sec (tcp stream cache, of del-sessions/sec)
* hosts in attribute table
* attribute table reloads

Topics: Security, Snort | No Comments »

Kubuntu Server, Nagios and Mysql

By klard | June 10, 2007

In an effort to get nagios to monitor an Mysql database on a remote server I decided to try and get the command working. First off to get the Nagios plugins to work for mysql you have to install the mysql client libraries. In order to get the client libraries to install correctly you have to install XML::Parser … and of course to get XML::Parser to install from CPAN you have to install the Expat library manually. Step by stpe here is what it took.

Install Expat from here
Install the XML::Parser from CPAN like soo “cpan install XML::Parser”
Install the libmysqlclient-dev from apt “apt-get install libysqlclient-dev”
Install DBD::mysql from CPAN “cpan install DBD::mysql”

Then you have to modify the nagios commands.cfg by adding

define command{
command_name check_mysql
command_line $USER1$/check_mysql -H $HOSTADDRESS$ -u $ARG1$ -p $ARG2$
}

And modify the localhost.cfg with the service check info

define service{
use local-service
host_name blah
check_command check_mysql!USERNAME!PASSWORD
service_description MYSQL
}

Topics: Linux, Mysql, Nagios | No Comments »

Comment Spammers

By klard | May 27, 2007

Just a quick note to you stupid comment spammers (which I know your bot will never read). Wordpress has for quite some time added a no-follow tag to comment links by default. That being the case your worthless comment posts with all your link code do not and will not provide any benefit to anyone so stop it.

Topics: Uncategorized | No Comments »

Kubuntu server and Vmware

By klard | May 27, 2007

   I recently install Kubuntu server on my desktop so that I could run Nagios to monitor my colo machines … more about that later. Of course as ultimately happens every time I make a change I ran into issues. This time with VMWare. The problem was that vmware would not compile. First off the server headers are not installed … 2 questions, what the heck are you going to do on a server without the headers and secondly why are the base headers along with the generic headers installed but not the server headers???

   Once you get the headers installed and of course you have downloaded vmware the you have to install all the packages vmware requires.

sudo apt-get install linux-headers-`uname -r` build-essential xinetd

Then try

sudo ./vmware-install.pl

which will fail with a vmmon error along the lines of “make: *** [vmmon.ko] Error 2
make: Leaving directory `/tmp/vmware-config4/vmmon-only’ Unable to build the vmmon module.”

To fix this download the VMWare any any update from here and run the runme.pl. When it asks if you want to run configure type yes. This will over come the vmmon error and you will be all set.

Topics: Linux | No Comments »

« Previous Entries

Technical Tips and Tricks
Random technical things I run across every day, from Windows to Linux to *BSD

Technical Tips and Tricks uses the RockinChrome theme designed by Cory Miller