Jan 13

Prey

By linc F/OSS, Linux, Security No Comments »

Prey is a lightweight application that will help you track and find your laptop if it ever gets stolen. It works in all operating systems and not only is it Open Source but also completely free.

That’s what their website says anyway.

You have to admit that it sounds quite intriguing. There are a lot of utilities around that you can *pay* for that offer some reasonable facsimile of helping you track your stolen laptop and get it back, but this is the first open source one I have come across.

Further inspection shows this to be “the real deal”. At least as far as I am concerned. I cannot yet comment on the mac/win versions of the software, but the Linux version is pretty slick.

Essentially, Prey runs through cron every 10 minutes by default, completely in the background, hidden from view. It checks for the existence of a specific website and if it doesn’t find this website (gets a 404 message), it starts grabbing information from your machine like ip addresses, screenshots, pics from your webcam, etc., and sends them either to Prey’s website for you to view, or directly to your email account. This is all information designed to help you track down where your laptop is, and identify who might have it.

I tried it on my Ubuntu work laptop and the client is literally a drop-in dmg package. It installed and asked me to run a control panel applet for configuration. This only really asked me for 2 pieces of identifying information, the API key and the device key, both of which were available to me after I registered (for free) on Prey’s website at http://preyproject.com.

Once you are registered and get your device (laptop) listed on the website, you can tell Prey, via the website anytime, that your laptop is missing by going to http://control.preyproject.com (and after logging in) clicking on the appropriate device listing (they let you have 3 for free btw), changing the “Missing” slide switch to “on” and hitting the update button at the bottom of the page. There are other options in there you can change as well to suit your needs. The next time your laptop can find an internet connection and check in, Prey will have it sending reports out so you can find it. I was pretty happy and impressed with how well it worked actually.

The only con I can think of with this program is the fact that I run Linux. Not that people won’t steal laptops with Linux on them, but that I imagine that anyone who would steal one of my laptops would immediately install windows on it, thus rendering Prey useless. If I were to employ the use of that auto-login stuff, that could perhaps stave off a would be thief long enough for Prey to do it’s job, but I do like having to log in to my machines (just makes me feel more secure). It’s something to think about, and I will look into what other people have to say on the subject in Prey’s forums. That being said, however, I am still putting the software on my laptops. Hey, it can’t hurt right?

Jul 12

Sys_Basher

By linc CentOS, Home Life, Linux, Programming, Security, VMware No Comments »

Late last ‘week I noticed that my new nagios server was not responding anymore. Well, I checked it and it was down. Not only that, it was a vm on my test server and the entire server was down as well. Arrrgh.

Usually I use this as a foray to tell you all to remember to do your backups. Well, in this case I didn’t do them either. Hey, it’s a test vm server right? Yeah, well I am kicking myself about that anyhow. I just got nagios working really well the way I wanted. Oh well, I guess I get to practice some more right :-)

Well, as it turns out, my server had a catastrophic drive failure. I did EVERYTHING to try and resuscitate this thing. To start with, it had no partition table at all. Luckily I bought 2 of these servers and they were identically configured, so I checked out the partition table of the one and used fdisk to apply it to the broken one. After that I was able to fsck one partition, but as it would happen, that partition was only boot. Feh. The other partition had lost all it’s superblock info. I couldn’t even use a backup superblock. Nada. I noticed that mkfs had a command line switch of -S, which writes the superblock info on a artition without formatting or touching the inodes. I tried that and it appeared to be successful. At leat I could run fsck on the partition now and it was fixing the inodes. YAY! except that after a few hours of fixing, I still got nothing but a few system files in a pile under the lost-n-found directory. Shortly thereafter the drive lost it’s partition info again anyway. That’s life I guess.

So, it was off to Microcenter to get a new hdd. I brought that home and did a fresh CentOS 5.3 32 bit install and played with it a bit and thought to myself, hey, maybe I should run some kind of burn-in test on this server before I go investing a lot of time into it again.

That is where Sys_Basher comes in. Sys_Basher is a multithreaded memory and disk exerciser. That’s what the website says. It makes a pretty good burn in program by continually testing your memory and disk (which pushes on your cpu as well) for any length of time you specify. I kinda like it actually, and that is a good thing because there are woefully few burn-in or stress test type programs available to the Linux community. In fact, if you are a programmer and looking for a great project, you could generate a lot of traffic and interest by making one. Not that I don’t like Sys_Basher, mind you, but variety is the spice of life and certainly the way of open source!

Anyway, I ran Sys_Basher overnight on my new machine which passed with flying colors. Then, this morning, I decided that maybe I should run 64bit Linux on this box. Some days I am so fickle, but I decided it would be in my best interest to change up the OS before building a bunch of new test vms on there :-)

Maybe this time I’ll even back the darn thing up too! Wish me luck and, btw, do your backups!

May 04

Nagios

By linc CentOS, Linux, Programming, RedHat, Security No Comments »

Even though I wrote and use OSM I also use Nagios at work (along with OSM). Actually, I administer Nagios there, however I have never actually installed and configured it. It was in place before I started there.

That being said, my manager asked me how to get it installed and running today, as he wants to try using it at home. This sort of spurred me into setting it up at home tonight. It’s really nice having a server that can handle a few test VMs, by the way :-)

I decided I would install it on CentOS, because I need to be able to get it running on RedHat for work, so off to Google I went. After a bit of searching I finally came across a WONDERFUL site which provides a quick and dirty script for getting Nagios installed and working lickety split. It works perfectly and the only adjustment I made to the script, other than changing the passwords in it, was to comment out the SELinux lines because I already have SELinux disabled.

That really was it. Pretty simple. Of course the rip here is actually getting Nagios to monitor your systems, and that is probably beyond the scope of this post, which was really meant as a reference for that install script. Configuring nagios by the command line is not for the faint of heart. The files you need to pay attention to end up in /usr/local/nagios/etc and /usr/local/nagios/etc/objects. Just keep in mind that the configs seem to reference eachother in a cyclical way and you really need to pay attention. I found a good starter-help at the bottom of this website for adding your first non-local machine. Once you get that working you’ll understand how to add more, but I still found it a bit of a frustrating experience for a few minutes.

I did note, however, that there are quite a few projects out there which claim to configure Nagios for you via a web interface. I hope to give them a shot or two in the coming days/nights. Let me know if any of you have tried any and how they fair.

Apr 16

FIRE!

By linc Home Life, Security 3 Comments »

Many of you know my day job is that of a systems administrator. As one, I have to be concerned about things like data integrity, backups and disaster recovery. Somehow, while on one of my daily train rides, my mind wandered and hit on the fact that I really don’t perform these functions at home, and I should. Or, at least I should do them better. Of course, I do have the technology!

What I thought of was that my wife, like plenty of you out there, likes to keep paperwork. Now this is important stuff like tax returns, current bills, car service records, etc., and documents like birth certificates and such. Now some of these are in a small fire safe, but some of them are in a file cabinet.

So, what happens if there is a fire and I lose my file cabinet? I GUARANTEE that the IRS audits me because that’s where my tax returns are :-)

Now a month ago or so I was reading an article on how to reduce clutter at home and one of the suggestions it made was to set up a “scanning station” where you scanned in your bills/documents/what have you and then shredded them. The basic idea was to use your computer and scanner as an avenue to better manage your paperwork. No more hunting for the last cable bill or pay stub through that grocery bag of miscellaneous paperwork you keep next to your easy chair, or worse, your “junk” drawer.

My idea was to use that scanning station idea as an avenue to not only reduce my personal paperwork clutter, but also as a security measure. Scan those important docs and get them available digitally. Get them all together. Scan all your important family photos. Imagine losing all those memories in a fire! Get all your music and anything else you can get together digitally and put all that stuff on a removable hard drive. In fact, have all that information backed up on that drive every day. You can figure out how to do that, I know you can!

Take that removable drive, maybe a big old cheapie USB drive and have your kids do an art project and cover it (not the vents or plugs) in bright red construction paper or masking tape with a white FIRE sign on it. Lastly, get it located in an as convenient spot as possible and drill everyone in the house that if there is an EMERGENCY, make sure to grab that FIRE drive on their way out the door if at all possible. Don’t even bother to unplug it, just grab and run. You can always get a new power supply or just slap the drive in a machine if need be, but you would at least have your important stuff available to retrieve.

That’s it. That’s the idea. Run with it and let me know how it works out. Now I have to go convince my wife that scanning for the next three months is going to be great fun :-)

Oct 21

Ossec insmod error

By linc Linux, Ossec, RedHat, Security No Comments »

Let me preface this by saying that if you are not running Ossec on at least your external facing machines, then you should be. It’s great software!

The reason this post is here is for reference mostly and maybe to be able to help someone out later via their favorite search engine.

I have been getting a couple errors reported lately through Ossec emails that report: “insmod: Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters. You may find more information in syslog or the output from dmesg”. Well, after checking, the actual error is found in /var/log/messages and is “floppy.o: init_module: No such device”. AHA! Well, it just so happens that these machines are servers *with no floppy*. The fix for this to turn off the errors seems to be to add “alias floppy off” in the /etc/modules.conf file and then run a “depmod -a”.

Sep 20

Linux PPC and WPA

By linc Apple/Mac, Home Life, Linux, Security, Slackintosh, Ubuntu No Comments »

Crap. That’s my final thought on the subject.

Last night I decided to finally update my wireless infrastructure and start using WPA instead of just using mac filtering. It’s not that I am uber concerned about the security aspect of it because, let’s face it, the only way to really have a secure box and network it to shut it off. What drove me to this is my cheap router only has 25 slots for mac addresses to filter and I had them filled up. I decided if I couldn’t do that then I ought to bring things up to speed with the WPA instead (plus it’s much easier to remember a passphrase than bunches of hexidecimal octets.

I had no problem with my Mac Mini, my Ubuntu 8.04 laptop, my wife’s Ubuntu laptop, my kid’s eMac, or my new Linpus laptop. I ran into serious issues with LinuxPPC though. I was running Slackintosh on my iBook but after researching the net a bit I was disappointed to find that WPA has been an issue for a long time on the airport card. I thought, well maybe Ubuntu has it better, so I installed Ubuntu 8.04 for PPC and, although the desktop was quite nice, there was no support for WPA there either. My only option at that point was to put OS X back on the iBook. What a bummer.

Jun 28

Port Scan Attack Detector

By linc Linux, Security No Comments »

I mentioned on the show on it’s last go round that I was looking for a port scan detector for work. At least I think I mentioned it was for work…. Anyhow, long ago I used to use a program called Portsentry, which still appears to be around, but in disuse. So, I went looking around for other options. The two I ran into frequent mention for were snort, which also mentioned frequently that it was difficult to configure, and PSAD.

Well, it was PSAD that I decided on. I did a little preliminary testing this week. PSAD is easy to install, in fact, there were packages available for RedHat and Ubuntu already. It’s also very easy to configure, just edit the /etc/psad/psad.conf file. All in all I was very satisfied with this piece of software. One particular caveat, though, is beware of running it on a network with windows machines. Not that PSAD doesn’t work well, but quite the opposite. it takes considerable “tuning”, I learned, to get things running nice on a windows network because windows computers flood the network with a lot of unnecessary traffic – specifically udp traffic. Think I am kidding? Try it and see ;-)

preload preload preload