Configuring Syslog-ng on Ubuntu

Syslog-ng is a replacement for the default syslog daemons you get with most Linux distributions. The advantage of syslog-ng is that the configuration is easier to understand, and it gives the sys-admin numerous advantages. Especially in complex environments.

Let's say we have a RADIUS environment which is able to send authentication and accounting information through syslog to external devices. And let's assume that a relevant part of this syslog information is needed by a department within a large cooperation.

Installing syslog-ng (on Ubuntu) is done by the following command:

# sudo apt-get install syslog-ng

Through the use of syslog-ng we can store, and/or forward syslog information based on the following (but not limited to):

source IP address
destination IP address
syslog level
content in the original syslog message by using regular expressions.

All this can be configured in the /etc/syslog-ng/syslog-ng.conf file.

Posted on August 26, 2011 by Willem and filed under Linux, Tips'n Tricks and tagged syslog syslog-ng.

Wireshark on Ubuntu 10.10

Last week, I acquired a small netbook @ work for testing purposes (HP Mini 5103). You don't want to know how handy a second laptop is when you're testing authentication environments.

For flexibility purposes I installed a dual-boot with Microsoft Windows 7 Enterprise and Ubuntu Linux v10.10 from a USB Flashdrive (1, 2), erasing all the preinstalled HP/McAfee crap. This all worked like a charm, up to the installtion of Wireshark in Ubuntu. Starting the sniffer application resulted in an empty list of network adapters. No network adapters mean no capturing capabilities.

This was probably related to the lack of rights while starting the application. Running it from the terminal with sudo resulted in some weird error regarding a display-thingy (which is still the main reason why Linux isn't penetrating the desktop market).

While searching the Interwebs, I found the following solution. Which, after some alterations to the commands, the following worked for me;

In a terminal session, execute these commands:

sudo addgroup –quiet –system wireshark (this command simply didn't work in my case)
sudo chown root:wireshark /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

usermod -a -G wireshark <my user name>

Reconfigure the Wireshark Common package and answer ‘Yes’ to the question ‘Should non-superusers be able to capture packets?

sudo dpkg-reconfigure wireshark-common (I needed to add the sudo part on this command)

After rebooting the laptop, Wireshark started normally with all the network interfaces available for capturing traffic.

UPDATE: I did a reinstall of the OS, and this time Wireshark started 'properly' from the Terminal application by typing (without the quotes) 'sudo wireshark'.

Posted on March 6, 2011 by Willem and filed under Linux, Software, Tips'n Tricks and tagged 5103 HP dual-boot netbook ubuntu wireshark.

Vanishing HD Space on Popcorn Hour

Sometimes you think you're mind is playing tricks on you. I have that sometimes. E.g. I have a Popcorn Hour (Networked Media Tank) which holds movies and series I watch. Bits and Bytes come and go on that machine. Thing you've seen are deleted, and replaced by new content. But over the 'years' it seemed to hold less and less content. Oke, movies have increased in size (10-20GB per movie is nothing nowadays). So I didn't really think much of it....

Until I started transporting the content with Transmit instead of FileZilla. Transmit was configured to show even the hidden files, and hidden files it showed. I found 4 hidden temporary pureftp-upload files of almost 32GB each. The timestamps on those files differed from late last year to a couple of months back

.pureftpd-upload-<some random string>

The problem was that I couldn't remove them from the Popcorn, but I really wanted my 120GD of free space back. Turned out that the FTP daemon on the Popcorn was locking these files. Reboot of the popcorn didn't help.

The way to remove them was to stop the FTP daemon on the Popcorn in the menu, and access the device through SMB (or another protocol you can use), and make sure that you can see hidden files.
Select the files and press delete, and they should be gone. After that you can re-enable the FTP service if you like.

Posted on July 15, 2010 by Willem and filed under Linux, Software, Tips'n Tricks, Video and tagged popcorn hour pureftp.

Installing & Configuring CentOS 5.4 (Day 2)

Oké. Day 2. After the successful installation and configuration of CentOS with Adobe Coldfusion, I needed to install MySQL as a database. So, I started the virtual machine, and found out why Linux will (probably) never cut it as a common desktop environment.

X11 - No DesktopYesterday I (properly) shutdown the system (which had the GNOME Desktop), and today it started with some back to the 60's desktop. Every icon gone. All that I'm left with was a terminal window, clock, and a FireFox window. This environment is the basic X11 desktop.

Posted on April 2, 2010 by Willem and filed under Annoying, Linux, Operating Systems, Personal, Tips'n Tricks and tagged Desktop GNOME fail.

Adobe Coldfusion 9 on CentOS 5.4 (x64)

A while back I figured out how to install Adobe (could have been Macromedia back then) Coldfusion MX on an Ubuntu linux server. This config still runs as it should, but in the mean time several things have changed in the world of software. I've been leaning towards Centos 5.4, and Adobe released Coldfusion 9 somewhere in 2009. These two 'events' made me decide to combine the two.

Before I continue, I must warn you that the Coldfusion installer is still broken..... So there's some manipulation of code involved.

Since the new 'server' is going to run in a virtual environment I started in a VMWare Workstation. This way I could make snapshots of my progress. This made it easier to start from scratch. The problem with Linux and me is that I tend to reinstall the OS when things go haywire. So VMWare is a safe way out in this case.

Posted on April 1, 2010 by Willem and filed under Annoying, Linux, Software, Tips'n Tricks and tagged Adobe CentOS Coldfusion Installation fail vmware.

Why Linux Won't Work

.... for me at this moment (and probably for most others).

I'm still in the fase of migrating my Windows server to a more 'reliable' Operating System. The new server should cover the following basic functionalities:

Filesharing (either via Samba or NFS)
Webserver with PHP and Coldfusion
SSH server
RADIUS Server
Central user database (e.g. an LDAP server)
a NZB downloader of some sort
etc.

Up till now I've tried several Linux distros (Ubuntu 7, Ubuntu 8, and CentOS 5), and none of them are that easy to configure.

It seems that NFS isn't that easy to configure, since Apple OSX requires some special features (standards anyone??). Especially when you want some sort of user authentication. Just do a search on Linux, NFS and Apple OSX.

So after NFS didn't really work, I tried SMB for filesharing. While CentOS has some GUI to configure the shares, it lacks the interface of permissions for users...
You create users within the Linux environment, and if you wanna connect to a Samba share you need to configure additional users (in a different userdatabase).
This can be done by synchronization, but you need to do some scripting etc.

So far I've managed to install a working SSH server (with x509 authentication) and a Webserver.

When I compare this with Windows.... Well, there's no real comparison. Windows has a real central user database (not talking about the Active Directory here, but the local user database). And every service I need can talk to this database, and every service recognizes this database. No need to start 'hacking' some configuration files to make it work.

Well, as long as there's no new (read:better) interface of configuring those services and combining them with a shared user database ....

LINUX >> /dev/null

Recommendations can be left in the comments (if there are any)......

Posted on March 24, 2009 by Willem and filed under Annoying, Apple, Linux, Microsoft and tagged Apple CentOS Migrate NFS SMB ubuntu.

Undocumented Coldfusion Ports

After running 'chkrootkit' on one of my Ubuntu server at work, I got a responds:

Checking `bindshell'... INFECTED (PORTS: 4000)

A message which started a 'mild' shiver across my back, because the rootkit checker just reported that one of the processes on the server could be compromised.

First I took the server of the network. Just to make sure. After that I searched the Internet for a possible explaination. Nothing substancionally. until I found the following command to see what is occupying the port.

sudo netstat -e -p -n -a | grep 4000

This gave me the following result:

udp6 0 0 :::4000 :::*
65534 13886 4739/coldfusion8

So it seems that Adobe Coldfusion is using this port. But this can't be found in any of the official Adobe Coldfusion documentation. There are some (blog)posts related to this, but nothing more.

Posted on August 27, 2008 by Willem and filed under Annoying, Linux, Operating Systems, Security and tagged Coldfusion infected port 4000.

OpenSSH Vulnerabilities

It seems that public key authentication isn't as save as you might have thought. That is if you're using a Debian based OpenSSH solution. This package can be found in many Linux distributions like;

Debian (duh ;) )
Ubuntu
Kubuntu
etc.

The problem is that the random number generator (which is of vital importance in generating key-pairs) isn't as random as you might think. It seems that there are only about 30.000 combinations in this specific generator. This leaves the door wide open for brute-force attacks.

So, the first you must do is update your OpenSSH software, and generate new keypairs for all devices / users which might have keys which were generated with the vulnerable OpenSSH software. Softwarepackages depending on OpenSSH are;

OpenVPN
DNSSEC
OpenSSH
Certificates used in TLS connections
etc.

More info on the subject can be found here [1, 2, 3].

Posted on May 20, 2008 by Willem and filed under Linux, News, Security, Software and tagged Debian OpenSSH PKI vulnerability.

Adobe Coldfusion MX on Ubuntu Server

Ever since I went 'Apple', the urge of moving away from Microsoft Windows operating systems is getting bigger and bigger. A couple of weeks ago I installed a two Ubuntu servers (v7.x) at work. Mainly for testing , and educational purposes.
The installation went extremely smooth on old Compaq ML370 server hardware. So, as a test I tried to install Adobe Coldfusion MX (Coldfusion 8 ) on the Ubuntu server (with Apache, and MySQL).

There are several postings on the Internet suggesting that it should be possible. Even though Ubuntu isn't on the supported platforms list for Adobe Coldfusion MX.

Posted on May 10, 2008 by Willem and filed under Linux, Operating Systems, Software, Tips'n Tricks and tagged Adobe Apache2 Coldfusion Linux ubuntu.

Ubuntu 'Hardy Heron' Released

As of yesterday, the latest Ubuntu release 'Hardy Heron' is available for download (both client and server). Every time a major Linux distri(bution) hits 'the shelves', the Linux community roars. With each release (Ubuntu or whatever flavor) the Linux community gets closer, and closer to Windows.

Even though the OS itself is getting better and better. It still lacks the support of decent major software like Adobe Creative Suite, etc. It's missing the software people use in every day (business)life.
Sure, there a million different ways of running Microsoft Office or Adobe Photoshop on a Linux OS, but these require a commercial piece of software (CrossOver) , or in depth knowledge of the OS to make it work (Wine in some cases). Two things that shouldn't be required. Not if you're used to Windows (or Apple's OSX). And even if you find a 'substitute' it's most likely to have an awful user experience.

The average housewife won't use Linux, because her friends all use Windows. All those nice little Windows programs, which makes life easier (or a living hell with all the mal/spyware out there). So if the Linux community wants to make a difference they need to create some sort of critical mass (by their selves, or by Microsoft screwing up) to get the attention of the 'normal' user. But in a community where there's no real (commercial) business model, it's gonna be damn hard.

Microsoft created this critical mass by playing (probably) the best marketing trick in the world; Release Windows 95, and turn a blind eye to those who use a pirated copy at home. The home users create demand on the workfloor, so businesses start to use it on their workstations. Soon everyone was addicted. And now it's damn hard to beat the addiction.

B.t.w., Apple is doing it a lot better. They created a nice and stable OS (just like the average Linux desktop distribution), BUT the OS has ALL the relevant drivers for the hardware used. ALSO they have a complete (and cheap) software suite (iLife and iWork), which is more than enough for the average family. No need to search the caverns of the Internet for software, and they look and feel the same as the OS.

So, I guess that my conclusion is that the OS is nearing perfection, but it (Linux in general) lacks good and decent third party software (and a good marketing machine :) )

In the mean time; I'm gonna upgrade my Linux (mail, web, and ssh) servers at work to 'Hardy Heron'.

Posted on April 25, 2008 by Willem and filed under Apple, Linux, Microsoft, News, Operating Systems, Personal, Software and tagged Apple Hardy Heron Linux Microsoft OSX Windows iLife iWork ubuntu software.