Senin, 29 November 2004

FreeBSD Project Goals

After reading PHK's Why Bother? article, I wondered about the goals of the FreeBSD project. I found them in the handbook:"1.3.2 FreeBSD Project GoalsContributed by Jordan Hubbard.The goals of the FreeBSD Project are to provide software that may be used for any purpose and without strings attached. Many of us have a significant investment in the code (and project) and would certainly not mind a little financial compensation now and then, but we are...

Answering PHK's "Why Bother?" with FreeBSD Question

In the October issue of Daemon News, Poul-Henning Kamp asks "Why Bother?" He wants to know why people use FreeBSD when Linux gets most of the attention from users and vendors. He also wants to know why developers should continue to work on FreeBSD. I will tailor my response for FreeBSD, as that is the BSD with which I am most familiar. Some of my arguments will apply to other variants. Some of my reasons even apply to other open source operating...

Minggu, 28 November 2004

Thoughts on the United States Air Force Computing Plans

As a former intelligence officer and computer network defender I was asked my thoughts on the US Air Force's new computing deal with Microsoft. In short, Microsoft will provide core server software, maintenance and upgrade support, and Dell will supply more than 525,000 Microsoft desktop Windows and Office software licenses to the Air Force.From a business perspective, this is an important deal for Microsoft. For all of their seeming independence, the services tend to watch each other closely to see what technological advances are being considered...

Jumat, 26 November 2004

Five Ways Sguil is Different

On Wednesday I mentioned that a chapter from my book appeared in a new form at Informit.com. A snort-users reader asked how Sguil differed from ACID and BASE. In short, there are five reasons:1. Sguil is a real-time interface to Snort alerts (and more).2. Sguil is a Snort alert management system with integrated analyst accountability features.3. Sguil offers growing alert handling capabilities.4. Sguil is built to minimize "window management,"...

Kamis, 25 November 2004

Metanetworks Claims "first wire-speed 10G Ethernet IDS/IPS product in the world"

While browsing the tcpdump-workers mailing list I came across a post describing the The Meta Traffic Processor PCI Card. This device "is a standard 32-bit/33MHz, PCI half-card with two copper Ethernet ports. The MTP appears to the host's operating system as a standard network interface card capable of enforcing from 600 to 1500 stateful policies to capture and/or block specific packets. The policies can be directly derived from public domain signatures...

Several recent Blog entries described ways to keep FreeBSD applications up-to-date. Based on my use of these tools, this is how I chose to update one of my servers this morning. First I updated the ports tree, INDEX-5, and INDEX.db:cd /usr/portsportsnap fetchportsnap updatemake fetchindexportsdb -uNext I checked to see which applications needed to be updated:janney:/usr/ports# portversion -v -l "<"bash-3.0.15 < needs updating...

FreeBSD Ports Tree Breaks 12,000 Ports

Last night the FreeBSD ports tree broke the 12,000 mark. The tree has added about 2000 ports per year for the past four years. This graph shows the number of ports added per year since 1995. I commend FreshPorts for providing such an excellent interface to the tree, and for keeping up with the growth in the number of applications available. FreshPorts recently integrated VuXML data, allowing users to visually see what port versions have a security...

Rabu, 24 November 2004

Using Portindex to Generate INDEX-5

Now that we've seen how to keep the ports tree up-to-date using tools like Portsnap, and seen how to generate an INDEX-5 file with 'make index', I'd like to offer an alternative INDEX-5 generation mechanism. Matthew Seaman's Portindex is a Perl tool replacing a similar application of the same name. The old version was pulled from the ports tree when the developer started acting strangely. Here's the problem Portindex solves. If you use CVSup...

Installing Java on FreeBSD

In January I explained how I installed the java/jdk14 port on FreeBSD 5.2. Today I installed the java/jdk14 port on one 5.3 RELEASE system, janney, and then used packages built during the install process to install the JDK on my 5.3 RELEASE laptop, orr. The FreeBSD project cannot distribute packages of the latest Java software due to Sun's licensing restrictions. (Really old 1.3.1 binary packages are offered from the FreeBSD Foundation.) I can...

CERT/CC Publishes Principles of Survivability and Information Assurance

CERT/CC just published ten Principles of Survivability and Information Assurance. They are: 1. Survivability is an enterprise-wide concern. 2. Everything is data. 3. Not all data is of equal value to the enterprise – risk must be managed. 4. Information assurance policy governs actions. 5. Identification of users, computer systems, and network infrastructure components is critical. 6. Survivable Functional Units (SFUs) are a helpful way to think about an enterprise’s networks. 7. Security Knowledge in Practice (SKiP) provides a structured approach....

Informit.com Publishes Sguil Chapter

My buddy Keith McCammon told me he found Informit.com serving up chapter 10 from The Tao of Network Security Monitoring as Why Sguil Is the Best Option for Network Security Monitoring Data. Controversial, and not my doing. :) Still, the whole chapter is there in browsable HTML, along with embedded screenshots. We are still testing Sguil 0.5.3 but expect to release it so...

Using FreeBSD Update to Patch FreeBSD

When the FreeBSD Security team released an advisory for fetch(1), I knew I could turn to Colin Percival's FreeBSD Update for binary security upgrades. Installation is simple. Here's how to installing via package:pkg_add -vr freebsd-updatemkdir /usr/local/freebsd-updatecp /usr/local/etc/freebsd-update.conf.sample /usr/local/etc/freebsd-update.confHere is how FreeBSD Update patched the fetch(1) vulnerability:orr:/root# freebsd-update fetchFetching...

The traditional means to update the FreeBSD ports tree involves using CVSup in a manner described well by Dru Lavigne. After the sysutils/cvsup port is installed, and ports-supfile modified to point to a real CVSup server (e.g. *default host=cvsup8.FreeBSD.org'), you run commands like this:cvsup -g -L 2 /usr/local/etc/ports-supfileportsdb -uUThe first command updates the ports tree in /usr/ports. The second command creates or updates the INDEX...

Selasa, 23 November 2004

Prof Kerr on KeyKatcher Case

I always enjoy reading Professor Orin Kerr's Computer Crime Case Updates. This week he comments on the dismissed wiretapping case mentioned by SecurityFocus.com and Slashdot. Although some commentary from the likes of Slashdot is helpful, I prefer reading the opinions of a Harvard Law graduate and former Supreme Court clerk. The case is simple: does use of a keystroke logger constitute a wiretap? The judge in the case said no. I agree with Prof Kerr's assessment that the opinion is wrong. If someone listens in on a phone between the handset...

Kudos for Proper Incident Handling at The Register

The UK-based news site The Register was victimized by an advertisement provider, Falk AG, beginning Saturday. The ads served by Falk AG were carriers for the Bofra worm, which uses a buffer overflow in FRAME, IFRAME, and EMBED elements of pre-XP SP2 Internet Explorer. The Register promptly issued a warning on Sunday morning, followed by a statement on restoration of service this morning. The Register estimates the number of visitors who could...

Minggu, 21 November 2004

OpenOffice.org 1.1.3 Packages for FreeBSD 5.3 RELEASE

Back in January I described installing OpenOffice.org 1.1.0 on FreeBSD 5.2 RELEASE. I used packages from the FreeBSD OpenOffice Porting Team. I am happy to report I installed OpenOffice.org 1.1.3 on FreeBSD 5.3 RELEASE using packages hosted at http://oootranslation.services.openoffice.org/pub/OpenOffice.org/ooomisc/FreeBSD/. The FreeBSD project does not maintain precompiled packages for OpenOffice.org (OOo), presumably because it takes too long...

Jumat, 19 November 2004

Fixing Weird Behavior after Thunderbird and Mozilla UpgradesFreeBSD 5.3 RELEASE shipped with thunderbird-0.7.3_1.tbz and firefox-0.9.3_1.tbz. Newer precompiled packages are available, so I upgraded to thunderbird-0.9_2 and firefox-1.0,1.When I started Thunderbird, I found I had no mail in any of my folders. My default folder languages had also changed to Arabic. After searching the Web, I found this forum which suggested deleting the compreg.dat...

Upgrading FreeBSD Packages with Portupgrade and without CVSup

freebsd.png" align=left>As much as I like FreeBSD's ports system, I dislike keeping the tree up-to-date using CVSup. I haven't yet tried Colin Percival's portsnap tool, which uses HTTP to distribute compressed and cryptographically signed snapshots of the ports tree. This is a great alternative, but I try to avoid compiling from source using the ports tree when possible. I run several very generic and slow systems, and I'd much rather install and upgrade software using precomplied packages. Portupgrade is the tool of choice to update software...

Great Thread on Network Performance Troubleshooting

Now that FreeBSD 5.3 has arrived, users are trying to determine if any performance issues are caused by their hardware, OS, or applications. There's a great freebsd-stable thread discussing a user's attempt to improve NFS performance. One of Robert Watson's comments is especially useful, since he spells out five steps to troubleshoot network performance:"I think the first thing you want to do is to try and determine whether the problem is a link...

Snort 2.3.0 RC1 Released

Jeremy Hewlett announced the release of Snort 2.3.0 RC1. The major additions are the snort_inline code and the new sfportscan portscan detector. Sguil users should recognize that alerts from the new portscan detector are not yet fully integrated, due to lack of support in Barnyard. Bamm is working on a modified op_sguil Barnyard component to support sfportscan output. If you enable sfportscan with Sguil, you'll see the alerts appear in the Sguil...

Rabu, 17 November 2004

Using x86info to Learn About HTT

Back in July I described my experiences running a June snapshot of FreeBSD 5-CURRENT on a Dell Poweredge 750 1U server. Recently I installed FreeBSD 5.3 RELEASE on the same hardware; here is the dmesg output for a kernel recompiled with SMP support. While perusing the freebsd-current mailing list I came upon this thread which in part debated the merits of recompiling for SMP support on HTT machines. According to Intel:"Hyper-Threading Technology, available on Intel Pentium 4 processors supporting Hyper-Threading Technology, is a form of simultaneous...

Sabtu, 13 November 2004

Robert Watson Comments on FreeBSD 5.3 Networking Performance

While perusing the freebsd-questions mailing list, I read a post by Robert Watson describing FreeBSD 5.3's networking performance. In short, it seems FreeBSD 5.3 will process packets slower than FreeBSD 4.x, due to the transition to the SMPng architecture. Performance will improve over the next few months as optimizations are done within the new architecture. Tracking 5-STABLE will cause these improvements to be integrated into running systems....

Sun Java Desktop System Live CD

I downloaded the .iso for the live CD version of the Sun Java Desktop System. When booting it reports being based on the Linux distro Morphix, version 0.4. I was sad to see the X autoconfiguration fail on my Thinkpad a20p, so I couldn't test it on my primary system. I was able to boot the CD on my Shuttle SB52G2 and on a Dell Optiplex GX100. On the Shuttle JDS was not able to automatically detect my Linksys WMP55AG A+G Wireless PCI Adapter. I didn't feel like fiddling around with Linux so I wasn't able to access the network on the Shuttle....

Jumat, 12 November 2004

FreeBSD for Linux Users

Dru Lavigne published an excellent article called FreeBSD for Linux Users. She does a nice job explaining run levels, kernel differences, startup scripts, package installation, and documentation. She plans to follow up the article with one on similarities between FreeBSD and Lin...