Ossec HIDS – How cool is it?

Since I have been using Ossec on production systems for the last year or so, I would say it’s pretty good stuff – why is that?

I happen to like that Ossec has some awesome capabilities, some of which I already had solutions for, but since this app is pretty slick and all inclusive, I decided to switch over to using Ossec for said tasks. One thing to like about it, is that the daemon watches the system for file changes, in very similar fashion to tripwire, etc.


It can watch your SSH port and shun violators that try and brute force your system for weak passwords(you shouldn’t allow root to login remotely anyways :P).

It also watches the messages file, and alerts you when bad stuff has happened, like segfaults…..gosh….I wish I had a better example right about now 🙂

Another cool thing, which you probably won’t or shouldn’t see very often, is that it alerts you when the Ossec Daemon has been started – this should only happen if you restart your system, or make changes to the daemon and explicitly tell it to HUP(hang up sucka, minus the sucka part).

Well, that was a quick example of the coolness that Ossec is – for me, I was a little bit hesitant to use Ossec on my systems, just cause it comes from a large company, and isn’t just an open source project. At the end of the day though, it works pretty well and I am happy with its abilities!

Advertisements
Categories: TechBlog

Ubuntu Landscape – First impression

Decided to try out the Landscape service from Ubuntu, as I guess the constant MOTD spam finally caught my eye (thanks marketing folks at Ubuntu). Basically, this service is geared for shops that are interested in a central portal for supporting their Ubuntu systems, as it will graph performance, poll/display system hardware, display processes and users, software updates, scripts that can be run on multiple machines under Landscapes control, etc.

So far, it’s been quick and painless to get the service started and running on a single system, and it’s a 30-day trial, so it will give you a taste of what it’s all about. Essentially, all you need to do is a simple “apt-get update” and then a “apt-get install landscape-client”, and then configure landscape via a “landscape-config” from the command line; of course, you will need to be king of the universe, or sudo to root for these commands to be a success.

I will report back when then trial is over, but for the company that needs management and support for their systems, and has a budget for such items, this maybe a service that would be of value-add. In a month, I will report back on my overall impression of the service.

Thanks for reading, and come back in 30 days for the final review.

Categories: TechBlog

Snaps – VirtualBox can’t operate in VMX root mode

Tried to start a VM under VirtualBox today, and got the above message…Turns out, that when I installed kvm/qemu packages for Android virtual environment, it switch on VT.

Instead of pulling your hair out by recompiling your kernel, you could do this as a workaround:

“Try disabling kvm module…
modprobe -r kvm_intel” with root privileges. This worked for me…”

Source:
http://forums.virtualbox.org/viewtopic.php?t=7796

Categories: TechBlog

WordPress Speedup – Multiple hostnames for parallel connections

Recently while working on a site for a client, and using Google Page Speed, there is a recommendation for using multiple hostnames to serve content, which helps decrease page load times, as your browser is able to open more than 2 connections to your site. After looking around, I decided the cleanest and cheapest method, would be to just do the following:

1. Create a DNS cname that point to your site, for example:

static.parraz.net CNAME would point to parraz.net A Record.

2. Now that I have a new hostname, this static.parraz.net domain will be used to serve content from parraz.net, in the example; Now, make sure that your web server answers for this name, and uses the SAME document root. We want to use the same info, as both URL’s are serving the same content, except that your browser can open connections to both static and www hosts on a single page request.

If your using apache, just add a VhostAlias of “static.parraz.net”, from the example, and restart apache to make sure the change takes affect.

3. Now, just verify that your new hostname is working in a browser, and that the content is being served correctly; We can now download and install the OSSDL WordPress plugin. This plugin was designed for either CDN or hostname usage, and since we are not expecting to get Slashdotted anytime soon, I suspect that this mod will work for the long haul – once we exhaust our hostname mod,  we can also switch to Rackspace CloudFiles or another CDN, for the real deal 😉

4. Download and install plugin as instructed below:

http://wordpress.org/extend/plugins/ossdl-cdn-off-linker/

Once the plugin in activated, click edit, and use the “static.parraz.net” hostname from the example, and click on Save. One advantage I saw, was that this plugin changes the php URL dir, so no rewrites are required, so that also keeps it quite simple.

 

Your done – Your site will now load faster to most user agents (browsers, I said it!)

Categories: TechBlog

OpenSuse 11.3 & XEN kernel – Boot issue resolved

These “boots” were apparently not exactly made for walking. Just installed OpenSuse 11.3 for fun, and decided to make it a VM host with XEN.

Sounds harmless enough 😀

Until I tried to boot from the XEN kernel….fail

Turns out that the line for booting the kernel in your

/boot/grub/menu.lst

is incorrect: here is an excerpt from an article I found:

“And this was the solution, after changing

kernel /xen.gz vgamode=0x317

to

kernel /xen.gz vga=mode-0x317

booting the xen-kernel worked!”

Mine happened to look like this:

/boot/xen.gz vgamode=0x314

And voila – once I modified the line, I was able to boot into my XEN kernel, as it was designed:

 

Sources:

Original Post

Bug Report

Categories: TechBlog

Browsing HTTP headers can get you a job

I have a habit, but it’s not unhealthy, and could possibly even lead to helping you get a job. How you ask? How will viewing the HTTP Headers of random websites you visit, possibly help you get a job?

Here are a couple of examples:

X-hacker: If you’re reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.

or

X-Recruiting: If you’re reading this, maybe you should be working at Zappos instead.  Check out jobs.zappos.com

And how does one get this info? You can use “curl” from the command line of a linux machine, and if the machine is a web server, it will more than likely contain this package.

For example: curl -I techcrunch.com

Which will result in:

HTTP/1.1 200 OK

Server: nginx

Date: Mon, 08 Nov 2010 17:37:43 GMT

Content-Type: text/html; charset=UTF-8

Connection: close

Last-Modified: Mon, 08 Nov 2010 17:35:53 +0000

Cache-Control: max-age=190, must-revalidate

Vary: Cookie

X-hacker: If you’re reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.

X-Pingback: http://techcrunch.com/xmlrpc.php

Link: <http://wp.me/NaxW&gt;; rel=shortlink

X-nananana: Batcache

 

So the above header basically informs you, or more correctly, your web browser that the server is Nginx, the date of the reply, content type of html,  keep-alive is not enabled or advertised to the browser as being enabled, cache control that requires validation, and a couple of random X-headers. The funny one is last, which is probably coming from their cache layer, the X-nanananana BatCache – great sense of humor, love it 🙂

Till next time.

Categories: TechBlog