Thursday, October 30, 2008

Apache EnableSendfile directive

I'm currently working on integrating Barnyard and BASE into the Security Onion LiveCD. After generating a new ISO and booting it up, I opened Firefox and went to http://localhost/base/. I was greeted with the BASE setup screen, but it was plain white with no CSS formatting:


The /base/styles/base_style.css file was in place and had the proper permissions, but doing "curl http://localhost/base/styles/base_style.css" would result in "transfer closed with bytes remaining". I created a small "Hello World!" test page in the styles directory and Apache served it just fine. I then copied base_style.css and began taking things out until Apache served the file. Ultimately, I determined that Apache couldn't serve non-PHP files over 255 bytes. I did some research and stumbled upon the EnableSendfile directive. I added "EnableSendfile off" to my Apache configuration file, restarted Apache, and verified that Apache could serve files over 255 bytes. BASE then showed up with the proper formatting:

Sunday, October 26, 2008

Upgrading from Fedora 8 to Fedora 9 using Preupgrade

In the past, I've upgraded to the latest Fedora version by using the unsupported "yum upgrade". This is potentially dangerous, but it always worked for me. When I read in Red Hat Magazine that Fedora had a new tool to do in-place upgrades, I was excited to try it out.

I tried out Preupgrade on a few Fedora 8 virtual machines and everything went smoothly. Preupgrade had earned my confidence, so I proceeded to "yum -y update && yum -y install preupgrade && preupgrade" on my main Fedora 8 desktop. It downloaded all the RPMs and rebooted into the installer. It upgraded the system and said it was ready for the final reboot. So I rebooted the machine and was greeted by a blinking GRUB prompt. Somehow, GRUB had lost its configuration and could no longer boot my Fedora installation. Doh!

I've never really played around in the GRUB shell, so I never realized how powerful and versatile it is. All I had to do was the following (the {tab} indicates to use the Tab key for filename completion):
kernel (hd0,2)/vmlinuz{tab} root=/dev/sda5
initrd (hd0,2)/initrd{tab}
boot
The system came up and I then did the following to re-write GRUB into the MBR:
grub-install /dev/sda
And we have a working Fedora 9 installation!

Thursday, October 23, 2008

Building Ubuntu LiveCDs with Reconstructor

As I mentioned previously, I'm currently working on the Security Onion LiveCD. I started building custom LiveCDs years ago by going through the painstakingly manual process of remastering Knoppix. Last year, I began using the Fedora Revisor tool which didn't require as much manual work, but it is limited in that it seems to require that software is installed using RPMs and configuration is done via kickstart file as the ISO is being generated. Earlier this year, I produced a custom BackTrack CD for the Greater Augusta ISSA using Gene Bransfield Jr.'s guide and the Linux Live scripts. For the Security Onion LiveCD, I decided to try a new approach. This is my first time using Reconstructor and it provides a good balance of automation while still allowing you to easily customize at any time.

The process hasn't been totally painless, however (I should mention that I'm using Reconstructor 2.8.1.):
  • I ran into a squashfs bug, which required updating squashfs-tools to a newer version than is currently available in Ubuntu's repositories.
  • In the main Customization interface, there is an Apply button above the Next button. When I first starting using Reconstructor, I assumed that when you click Next, your settings are automatically applied, but that is not the case. You must click Apply or else your settings will be lost.
  • If you select a custom Gnome background color, Reconstructor seems to increment it each time it is launched. For example, I configured my background color to be #486ac1. The next time I opened Reconstructor, it showed the value as #486ac2. The next time I opened Reconstructor, it was #486ac3, and so on.
  • As with any LiveCD, there is always the issue of space--one has to balance having every remotely-useful tool available with the size limitation of a 700MB CD. Reconstructor helps somewhat in that it estimates the ISO size before generation, but this estimation isn't always accurate. You still may have to fully generate the ISO before you know for sure that it is under 700MB.

Overall, Reconstructor is a very good tool. If you can work through the minor issues detailed above, it is the easiest way to build a fully customized LiveCD. I look forward to the upcoming Reconstructor 3.

Wednesday, October 22, 2008

Security Onion LiveCD

As part of my GCIA Gold research paper, I'm building a security LiveCD based on Ubuntu 8.04. The Security Onion LiveCD includes both Snort 2.8 and the new SnortSP. This gives Snort users a way of trying out SnortSP without having to worry about satisfying all the dependencies and compiling and installing it. The LiveCD also contains the following network/security utilities.
bastille
cheops-ng
corkscrew
daemonlogger
doscan
dsniff
etherape
fragroute
fragrouter
honeyd
hping2
hping3
hunt
idswakeup
iperf
ipgrab
iptraf
knocker
labrea
lanmap
ndiff
nemesis
netcat
netcat6
netcat-openbsd
netcat-traditional
netdiscover
netdude
netrw
netsed
ngrep
nmap
nsm-console
nwatch
p0f
pads
paketto
pbnj
pcaputils
pnscan
potion
psad
python-scapy
scanssh
scapy
sendip
socat
ssldump
tcpflow
tcpick
tcpreplay
tcpslice
tcpspy
tcpstat
tcptrace
tcpxtract
tshark
wireshark
xprobe
yersinia
zenmap

What other utilities would you like to see in the Security Onion LiveCD?

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive