OSSIM : Nagios3 Warnings

Recently I’ve successfully update my OSSIM machine from version 2.1.x to version 2.2.x. It took several times to finish the update process.

After restarting the machine, I found out several warning messages from Apache depicted in the following figure :

The warnings were caused by the conflict between several nagios-apache configuration files. In my case there are two configuration files (apache2.conf and nagios3.conf) soft-linked to the same configuration file :

The solution is just delete the “apache2.conf” file.

RPM Spec File for Suricata 0.8.x

Several days ago, Suricata version 0.8.1 was released. One of the change in this release is that the LibHTP is included with the Suricata package.

To ease the Suricata installation, I am developing an RPM spec file for openSUSE 11.1. It was based on the work of Josh at SecureMind and several openSUSE packagers.

Here is the files included in the RPM :

/etc/suricata/suricata.yaml
/usr/bin/suricata
/usr/include/htp/bstr.h
/usr/include/htp/dslib.h
/usr/include/htp/hooks.h
/usr/include/htp/htp.h
/usr/include/htp/htp_decompressors.h
/usr/include/htp/utf8_decoder.h
/usr/lib64/libhtp-0.2.so.1
/usr/lib64/libhtp-0.2.so.1.0.2
/usr/lib64/libhtp.a
/usr/lib64/libhtp.so
/usr/share/doc/packages/suricata
/usr/share/doc/packages/suricata/AUTHORS
/usr/share/doc/packages/suricata/INSTALL
/usr/share/doc/packages/suricata/LIBHTP_LICENSING_EXCEPTION
/usr/share/doc/packages/suricata/QUICK_START
/usr/share/doc/packages/suricata/TODO
/usr/share/doc/packages/suricata/doxygen.conf

You can download the spec file here.

Book Info : “Security Add-ons Benteng Firefox Anda” Has Been Released

In my previous post, I informed you that I was writing a book on information security for Internet users. Now the book has been published.

Information of the book :

  • Title ” Security Add-ons” Benteng Firefox Anda
  • Publisher : PC+
  • Published : in December 2009
  • ISBN : 979-3827-35-1
  • Page : 95

And here is the book cover :

It should be available in the bookstore near you with a reasonable price, so please buy it. :D

Nmap 5.20 Released

I just got information that Fyodor has released Nmap version 5.20.

It offers more than 150 significant improvements, including:

  • 30+ new Nmap Scripting Engine scripts
  • enhanced performance and reduced memory consumption
  • protocol-specific payloads for more effectie UDP scanning
  • a completely rewritten traceroute engine
  • massive OS and version detection DB updates (10,000+ signatures)

You can find out more about this in the CHANGELOG

UPDATE: On Jan. 27, 2010, Fyodor released Nmap 5.21, it’s a bug-fix release.

OISF Release Suricata

The Open Information Security Foundation has released Suricata.

From the OISF website :

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.

Currently (as of version 0.8), the Suricata engine has the following features :

  • Multi-threaded
  • Automatic Protocol Detection
  • Gzip Decompression
  • Independent HTP Library (HTTP Parser from Ivan Ristic)
  • Standard Input Methods
  • Unified2 Output
  • Flow Variables
  • Fast IP Matching
  • HTTP Log Module

If you’re interested to learn more about it, please do visit OISF website.

But beware that at this moment, Suricata is still in beta phase, so you might want to test it before using it in the production site.