The Linux Ninja

The OSSEC team has announced the released of OSSEC v2.0. The new features include (quoted from the announcement):

• Compiled Rules – Per popular demand, we are introducing the capability in the product to be able to use pre-compiled rules written in “C”. Customers who felt that the XML format for writing rules was very limiting, can now use the strong programming capabilities of C.
• Agentless Monitoring – Lot of enterprises are faced with the requirement to monitor devices where there are restrictions on Agents to be installed either because of scalability requirements or due to the lack of the native operating system support. In version 2.0, Ossec customers can perform integrity checking and real time logs inspection on remote systems (such as Linux based devices, firewall devices such as PIX and routers etc).
• New Language Support – We added support for the Dutch language in the install
• New Log Rules Support – We added support for Yum logs and fixed/improved many of the other rules for different messages.
• New reporting tool – We added a new tool to create and help generate reports

OSSEC is a multiplatform, open-source Host Intrusion Detection System (HIDS) that I have used before and have been pleased with the results. I’d recommend at least testing it out to see if it meets your needs. The new features definitely make it even more appealing as a solution to help monitor the security of your systems and I’ll definitely be investigating ways to integrate it into my current setup.

Codeweavers (also the makers of CrossOver Office) has announced the release of CrossOver Games 7.2. CrossOver Games is similar to Transgaming Cedega in that both are optimized versions of WINE for playing Windows games and the overall game support is similar. The extra thing  CrossOver Games has is that you can bundle it with CrossOver Office at a reduced price. Changes in version 7.2  include:

• Fixed Guild Wars on ATI Macs with 10.5.5.
• Added steam:// link support for OSX
• Fixed Steam+compiz
• Added support for “Shin Megami Tensei: Imagine” on the Mac
• A few improvements for City of Heroes
• Improved support for SPORE
• Improved support for WoW:WotLK
• Improved support for the latest Steam client
• A range of general DirectX improvements
  which will improve many games
• Updated Wine version

I’ve used CrossOver Office before and have been pleased with the results, but have never had a chance to use CrossOver Games. Perhaps Codeweavers wants to send me a copy so I can do a full review?

Rick Hodgin over at TG Daily has a great article up discussing Marvel’s latest announcement of a mini Linux computer that is only slightly larger than an electrical plug. The plug computer sports a 1200MHz CPU, 512 of RAM, 512 of onboard flash, gigabit ethernet, and USB 2.0. Running the Debian-based distro of your choice, this little device has an exciting list of potential uses within the home and beyond. The best part is that it only consumes 5 watts of power as well. All I have to do now is wait to get my hands on one!

Check out TG Daily’s article for more information.

In a post on the AndroidFanatic forums, admin ghostwalker announced his success in running X11 and several different GUIs (Gnome, KDE, IceWM and LXDE) on a T-Mobile G1. Basically, ghostwalker’s method uses a Debian shell with a VNC server running in the background. To access it, you simply use the Android VNC viewer from your phone. This keeps everything nice and simple so that you don’t lose your phone functionality while you are messing around in X11.

This opens up the possibilities for many new uses for Android based phones. Make sure to check the link for full instructions and some screenshots.

IBM developerWorks has a good article on the anatomy of the ext4 filesystem. The ext filesystem was recently included in the stable 2.6.28 Linux kernel release, so now is a good time to learn more about one of the Linux filesystems of the future. (The Fedora project announced that ext4 would be the default filesystem in their Fedora 11 final release).

Further reading for ext4:

• Kernel Newbies page on ext4 Features
• Phoronix Real World Benchmarks of The Ext4 File-System

Ted Ts’o has an interesting article on his blog detailing how to align filesystems to an SSD’s erase block size in linux, which is generally considered a very good thing to do. While Ted discusses how to go about doing this for most SSDs on the market, he also points out some of the problems with this method when using Intel’s next-generation series SSDs, in that the filesystem becomes terribly fragmented over time. However, he also explores several options to prevent this from occurring in the first place.

Also, be sure to check out his follow-up article exploring whether or not filesystems should be optimized for SSDs at all.

Another week has passed and it’s time again for the weekly Distro Roundup. Thanks again to DistroWatch for posting this information.

February 15:

• ArtistX 0.6 Based on Ubuntu 8.10, ArtistX is a Live DVD geared towards multimedia production. ArtistX contains almost 2,500 multimedia applications for 2D/3D graphics, audio and video editing and playback, and includes the 2.6.27 Kernel, Gnome 2.24 and KDE 4.2, and Compiz Fusion. For a complete list of included software, check out their website.
• sidux 2009-01 sidux is a full featured Debian sid based live CD with a special focus on hard disk installations, a clean upgrade path within sid and additional hard- and software support. The ISO is completely based on Debian sid, enriched and stabilized with sidux’ own packages and scripts. New additions include the 2.6.28.6-rc1 kernel, the deployment of the opensource OpenFWWF firmware for Broadcom wireless devices, improved support and optimization for SSDs, and general bug fixes. Hit up the link for the full release notes and download links.

February 17:

• Arch Linux 2009.02 Arch Linux is aimed at the more experienced user and offers a simple, lightweight, and flexible system that can be customized to the user’s preference. With 2009.02, Arch Linux added kernel 2.6.28, ext4 support including installation to ext4 root partitions, and a development release of AIF (Arch Linux Installation Framework) – the next generation installer.
• DragonFlyBSD 2.2 DragonFly BSD, a fork of FreeBSD 4.8, announced their latest 2.2 release. The HAMMER filesystem developed by the DragonFly team is now considered production ready. Designed for large storage media (500G and up), HAMMER offers several interesting features including historical data retention that basically gives you a data snapshot every 30-60 seconds. The 2.2 release also represents major stability improvements across the board – new drivers, much better pkgsrc support and integration, and a brand new release infrastructure with multiple target options. For a full list of features and improvements, check out the link.

February 19:

• Epidemic 3.0 Beta 2 Epidemic is a Debian based distro from Brazil. The latest version features Linux kernel 2.6.26, KDE 4.2, OpenOffice.org 3.0 and Iceweasel 3.0; pre-configured Compiz Fusion; several new system administration modules, including Enetwork for network configuration, Easy Channel that provides a one-click method for installing proprietary device drivers, multimedia codecs and non-free software, and Ependrive which allows saving changes made during a live session to a USB storage device; various improvements to the Einstaller; and a dramatic reduction in boot times. (The link goes to DistroWatch.com as Epidemic’s website is not in English)

February 20:

• ALT Linux School Server ALT Linux School Server is based on ALT Linux OfficeServer and is an extended version of the server suite aimed at educational institutions. School Server has no version number as it is intended to represent a new line of distributions. Features in this release are: Linux kernel 2.6.25, base system on glibc 2.5.1; DHCP server; DNS server Bind 9.3.5; proxy server; Squid 2.6.STABLE18 (with statistics viewer); a firewall; network interfaces management console; time server OpenNTPd 3.9p1; Samba 3.0.30 and FTP server ProFTPd 1.3.0rel; repository mirrors setup service (using NFS); printing server CUPS 1.3.9; updates setup tool; backup system based on Synbak 1.2.2; accounts management with OpenLDAP 2.3.41; mail server with a spam filter (Postfix 2.4.9, SpamAssassin 3.2.4); MySQL 5.0.51 (for Moodle and Mediawiki); web-server Apache 2.2.8; OpenSSH 5.0p1 to do protected access; OpenSSL 0.9.8d; Moodle 1.9.2 (with examples) and Mediawiki 1.13.0.

After buying my Asus EEE PC 1000HA, I initially installed Ubuntu Netbook Remix on it. After learning more about (#!) CrunchBang Linux and seeing that they had released an optimized version for the EEE PC called CrunchEEE. I’ve been using CrunchEEE on my EEE PC for the last week and decided to do a review.

Continue reading

A new packet capture repository has been launched called pcapr that is sponsored and run by Mu Dynamics.  pcapr appears to be a good alternative to OpenPacket and it supports protocol tagging, searching, and packet viewing in the web browser. Richard Bejtlich of Tao Security and also previously involved with OpenPacket, announced in a blog post earlier this month that he was no longer involved with OpenPacket and one of the reasons was the launching of Pcapr.

Here’s a quick snippet from the pcapr FAQ:

What is pcapr?

Packets are fundamental to how applications and systems communicate with each other and as far as we can tell, there’s no simple way for people to access specific packet sequences to learn, understand, troubleshoot and/or debug these systems. pcapr exists as a repository of these packets, providing full-text search, automatic tagging, viewing and editing of these packets.

I’ve created an account over at pcapr and the features that it offers work well and it is also nice to be able to “preview” the packet capture contents before doing downloading and opening in wireshark for further examination.

Ed Skoudis from InGuardians released 3 new cheat sheets to complement his SANS 504 and 560 courses today, all are 2-page and laid out for easy tri-folding.

1. Super Netcat Cheat Sheet Great cheat sheet that contains many common and some not so common netcat commands that can be extremely useful in a pinch.
   
2. Misc Tools Cheat Sheet Contains commands for Hping, Metasploit 3.x, Metasploit Meterpreter, and FGDump
3. Windows Command Line Cheat Sheet Contains alot of useful Windows command line commands that are sure to improve your Windows Command Line Kung-Fu

If you are interested in more network security / pen-testing content, you should also check out the other articles & white papers that the team from InGuardians have produced.