Recently I setup a machine for OSSIM 2.2. The installation process went smoothly. But after I reboot the machine and using Linux kernel 2.6.31 there is an error message saying that my volume group is not found and the boot process stuck.
Recently I’ve successfully update my OSSIM machine from version 2.1.x to version 2.2.x. It took several times to finish the update process.
After restarting the machine, I found out several warning messages from Apache depicted in the following figure :
The warnings were caused by the conflict between several nagios-apache configuration files. In my case there are two configuration files (apache2.conf and nagios3.conf) soft-linked to the same configuration file :
The solution is just delete the “apache2.conf” file.
Several days ago, Suricata version 0.8.1 was released. One of the change in this release is that the LibHTP is included with the Suricata package.
To ease the Suricata installation, I am developing an RPM spec file for openSUSE 11.1. It was based on the work of Josh at SecureMind and several openSUSE packagers.
Here is the files included in the RPM :
/etc/suricata/suricata.yaml /usr/bin/suricata /usr/include/htp/bstr.h /usr/include/htp/dslib.h /usr/include/htp/hooks.h /usr/include/htp/htp.h /usr/include/htp/htp_decompressors.h /usr/include/htp/utf8_decoder.h /usr/lib64/libhtp-0.2.so.1 /usr/lib64/libhtp-0.2.so.1.0.2 /usr/lib64/libhtp.a /usr/lib64/libhtp.so /usr/share/doc/packages/suricata /usr/share/doc/packages/suricata/AUTHORS /usr/share/doc/packages/suricata/INSTALL /usr/share/doc/packages/suricata/LIBHTP_LICENSING_EXCEPTION /usr/share/doc/packages/suricata/QUICK_START /usr/share/doc/packages/suricata/TODO /usr/share/doc/packages/suricata/doxygen.conf
You can download the spec file here.
In my previous post, I informed you that I was writing a book on information security for Internet users. Now the book has been published.
Information of the book :
- Title ” Security Add-ons” Benteng Firefox Anda
- Publisher : PC+
- Published : in December 2009
- ISBN : 979-3827-35-1
- Page : 95
And here is the book cover :
It should be available in the bookstore near you with a reasonable price, so please buy it. :D
I just got information that Fyodor has released Nmap version 5.20.
It offers more than 150 significant improvements, including:
- 30+ new Nmap Scripting Engine scripts
- enhanced performance and reduced memory consumption
- protocol-specific payloads for more effectie UDP scanning
- a completely rewritten traceroute engine
- massive OS and version detection DB updates (10,000+ signatures)
You can find out more about this in the CHANGELOG
UPDATE: On Jan. 27, 2010, Fyodor released Nmap 5.21, it’s a bug-fix release.
The Open Information Security Foundation has released Suricata.
From the OISF website :
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.
Currently (as of version 0.8), the Suricata engine has the following features :
- Automatic Protocol Detection
- Gzip Decompression
- Independent HTP Library (HTTP Parser from Ivan Ristic)
- Standard Input Methods
- Unified2 Output
- Flow Variables
- Fast IP Matching
- HTTP Log Module
If you’re interested to learn more about it, please do visit OISF website.
But beware that at this moment, Suricata is still in beta phase, so you might want to test it before using it in the production site.
Snort version 2.8.5 has just been released on September 15, 2009.
Here are the new additions from the previous version :
- Ability to load a new snort.conf without stopping & restarting Snort.
- Ability to specify different Snort configurations based on VLAN tags or CIDR blocks.
- Detection, Rate, and Event filtering. The ‘threshold’ keyword is now deprecated.