Archive for November, 2008

When webhosting goes sour!

Sunday, November 16th, 2008

Consider this a small digression from a software update and an opportunity for a little venting of frustration and discontent at our current webhosting provider.

You may or may not have noticed some peculiarities with the website in the past 24 hours. Let me provide you some of the context behind these shenanigans.

Last night during a small development session and our NSMnow-1.2 branch, I noticed that some packages were not being retrieved from our website. No dramas, it’s probably my router crapping out again. It’s a good time for a break and the router will correct itself shortly.

15 minutes later …

So I’m watching “An American Haunting” with my girl and get a text from coops indicating the website is down for him as well. Hmmm … maybe this is more serious. So I open firefox and directly navigate to the page. It’s not there … Arrggh!!!

Coops calls and it appears as if the DNS has changed. That’s weird our webhost didn’t let us know they were changing. We manage webhosting separately to our DNS and were certain we would get some notification of any changes. Continuing on, a nslookup on the new webhost IPs and name server IPs and reflecting them on our DNS provider a short time later had the site back up and running. Sweet!

How wrong were we, the server that was hosting was only current as of Oct 15, 2008. That’s a month of work missing. WTF?!

Jumping on the phone to get some answers we were very displeased with some of the following answers:

  • “We didn’t inform you because there was no downtime on our hosting servers”
  • “I’m sorry Sir, we cannot access the old servers to copy your information across”

Bloody Help Desk! … Serenity Now!! … Serenity Now!!!

Fortunately our backup regime is reasonably frequent so now things should be back to normal. We aplogise for any inconvenience.

Thanks for listening, I feel better now.

Posted in Other | No Comments »

Securix-NSM 1.0.1 – Working as advertised

Wednesday, November 12th, 2008

Ooops!

We have identified what we consider to be a significant issue, regarding sancp, to work its way into the 1.0 release. We regard it significant because it removes a key peice of information (session data) that should be available to an NSM analyst.

More detail can be found in the NSMnow-1.1.1 update post.

One positive aspect of this stability update is that we are very happy with the Securix-NSM development framework that allows us to easily generate updates to our ISO. This translates to quicker turnarounds on stablility fixes and more frequent updates.

Now that can only be a good thing. Enjoy!

Posted in Securix-NSM | 2 Comments »

NSMnow 1.1.1 – Time to revert sancp

Wednesday, November 12th, 2008

Recently a rather significant issue with sancp 1.6.2 (release.C) was identified which prevented sguil client users being able to perform queries on the sancp data.

Whilst the data was being captured by sancp it, unfortunately it was not making its way to the sguil server. its data being flush at the expected intervals. The only way to force sancp to flush its information to file was to force a close process and restart it. This is not the ideal solution and so we have reverted to 1.6.1 which we have confirmed works as expected.

It was also a good time to update barnyard2 to a recent 2-0.5 version so that made its way into this stability update.

Enjoy!

Posted in NSM | No Comments »

Barnyard2-0.5 … Now FreeBSD friendly

Tuesday, November 11th, 2008

Given that all our work is typically built on a Debian system and tested on at least Debian/Ubuntu systems we don’t always expect them to work on others straight out of the box. We’ve had some feedback recently of the efforts to compile barnyard2 on FreeBSD machines and with a little TLC we’ve applied the appropriate patches for it work.

In addition we tracked down a peculiar bug with relatively addressed filenames in batch mode, which should now work as expected.

And finally the parameter parsing of the spo_sguil output plugin has been modified to align with the spo_database output plugin and now expects “key=value” pairs in the configuration file instead of the old “key value” pairs.

Enjoy!

Posted in Barnyard2 | No Comments »

A successor is born … Securix-NSM 1.0

Sunday, November 9th, 2008

With the large amount of feedback we received from the Knoppix-NSM distribution we thought how would we do this if we had the time to do it again. What we’ve been working on over the past few months is a number of foundation applications, namely barnyard2 and NSMnow, that will aid the integration of security applications to provide a stable NSM framework.

Even with the simplicity of NSMnow some people will still rather test out the features of something new via the easiest means possible. By todays standards that means is typically the live CD or live USB mediums.

Securix-NSM is the direct successor of Knoppix-NSM, based on a more pure Debian system, giving you all the benefits of the most used NSM applications pre-configured and ready to go. From our perspective this is the best mechanism for presenting NSM related applications on the Debian platform.

If you have any feedback or would even like to become involved with improving the Securix-NSM platform then by all means let us know.

So head over to the Securix-NSM project page to grab a copy. We’ll also keep the Knoppix-NSM links a live for sometime until we’re happy that all documentation has be ported across and that a full transition has been completed.

Posted in Securix-NSM | 4 Comments »