Like most best laid plans we didn’t envisage a recent URL change to sancp which would prevent you from being able to perform a full install or a sensor install for that matter. As result we took the opportunity to do some serious coding over the past few days and provide a quick stability/fix release that has ended up providing a lot more polish than intended … which is a GOOD thing

Some of that polish includes:

1. Pre-checking the environment to ensure NSMnow will run as expected
2. Better configuration of mysql
3. Upgraded sancp to 1.6.2-release.C
4. Removed some Perl dependencies

Head over to the project page and check out the release notes in the documents section for more detailed information or alternatively grab the new download and start spreading the NSM love.

Announcing NSMnow 1.0 – “NSM in 10 minutes” without all the headaches and fuss of a manual build process.

What NSMnow will do is turn any Debian based system, others are coming, into a Network Security Monitoring platform. NSMnow will download all the requisite source files (snort, sancp, barnyard2, sguil), Debian packages and sguil dependencies (such as Tcl/tk, wireshark, mysql) and configure everything for you. If you are interested in the details of what is going on and where we have put everything you can read the documentation pages.

While we are still advocating for, and working on, a live CD for a standardised Network Security Monitoring environment we have decided to release NSMnow to help others get into NSM on their chosen platform with minimal fuss.

NSMnow has been tested on the following systems Debian “etch”, “lenny” and on Ubuntu 8.04.

Head to the project page or download NSMnow.

NOTE: NSMnow will download and use our updated barnyard2 and snort will be using the new unified2 format.

YubiPAM is a module for PAM that provides support for One Time Passwords (OTP) authentication. It supports the OTPs generated from a Yubikey authentication token. YubiPAM aims to be a simple, easy to configure, module for the Yubikey.

It is based upon an offline (ie. no Yubico API) solution that supports multi-user systems. Obviously it requires that you know the AES of your Yubikey. However, future releases will support syncronising the database with your Yubikey in a more streamlined fashion, and thus not necessarily knowing the AES of your Yubikey.

The current features are:

1. Manual add/delete from database. Using the ykpasswd tool you can add delete yubikey entries from the database (default: /etc/yubikey).
2. Per user accounting. Supports indiviudal user account authorisation. This is currently limited to one Yubikey dongle per user account.
3. Single factor sign in. Currently only single factor (ie. Yubikey OTP) is currently supported. There will be an additional second factor password option added in the near future.
4. Static heuristic support. Heuristic support for OTP data deltas is hard coded. This will be changable in the next release.

By all means use and abuse, with any feature requests or flames being directed to dev [at] securixlive [dot] com. We would love to hear any feedback.

Head to the project page.