Monday, December 19, 2011

Upgrading Sun-Java on Ubuntu 10.04

It is always good from a security point of view to have all your systems up and running in the most current state.  Go to this particular URL

https://browsercheck.qualys.com/

Scan your browser by clicking on the check box.  There Qualys will tell you if there is any upgrade which is available.

Next go to this website

http://www.java.com/en/download/linux_manual.jsp?locale=en

Linux (self-extracting file) filesize: 20.7 MB     - for 32 bit systems
Linux x64 * filesize: 20.3 MB                            - for 64 bit systems



Next move become root on a terminal by executing

$sudo su
Copy the binary over to the destination shown below
#cp /home/bala/Downloads/jre-6u30-linux-x64.bin /usr/lib/jvm/
#cd /usr/lib/jvm
Now make that file as executable
#chmod +x jre-6u30-linux-x64.bin
Now run that executable
#./jre-6u30-linux-x64.bin
Move the old soft link file which pointed to the old java
#mv java-6-sun java-6-sun_old
Remove the bin file.
#rm jre-6u30-linux-x64.bin
Rename the extracted file.
#mv jre1.6.0_30/ java-6-sun-1.6.0.30
Create a new link to your extracted Java
#ln -s java-6-sun-1.6.0.30 java-6-sun
Now rename the old java plugin.
#mv /etc/alternatives/mozilla-javaplugin.so /etc/alternatives/mozilla-javaplugin.so_old
Now create a new soft link to you new java
#ln -s /usr/lib/jvm/java-6-sun/lib/amd64/libnpjp2.so /etc/alternatives/mozilla-javaplugin.so
# ll /usr/lib/mozilla/plugins/libjavaplugin.so
lrwxrwxrwx 1 root root 39 2010-09-19 09:11 /usr/lib/mozilla/plugins/libjavaplugin.so -> /etc/alternatives/mozilla-javaplugin.so*
# ll /etc/alternatives/mozilla-javaplugin.so
lrwxrwxrwx 1 root root 45 2011-12-19 20:42 /etc/alternatives/mozilla-javaplugin.so -> /usr/lib/jvm/java-6-sun/lib/amd64/libnpjp2.so*
# ll /usr/lib/mozilla/plugins/libjavaplugin.so
lrwxrwxrwx 1 root root       39 2010-09-19 09:11 libjavaplugin.so -> /etc/alternatives/mozilla-javaplugin.so*


http://java.com/en/download/installed.jsp?jre_version=1.6.0_30&vendor=Sun+Microsystems+Inc.&os=Linux&os_version=2.6.32-36-generic

If you have Newer version of firefox via ppa then one more step.

#ln -s /usr/lib/jvm/java-6-sun/lib/amd64/libnpjp2.so /usr/lib/firefox-10.0.1/plugins/libjavaplugin.so 

Monday, December 12, 2011

Ubuntu Date & Time update via NTP

Command Line ntpdate

Ubuntu comes with ntpdate as standard, and will run it once at boot time to set up your time according to Ubuntu's NTP server. However, a system's clock is likely to drift considerably between reboots if the time between reboots is long. In that case it makes sense to correct the time occasionally. The easiest way to do this is to get cron to run it every day. With your favorite editor, create (needs sudo) a file /etc/cron.daily/ntpdate containing:
 #!/bin/sh
 ntpdate ntp.ubuntu.com
Make sure that you make this new file executable:
sudo chmod 755 /etc/cron.daily/ntpdate
 
 
Source: https://help.ubuntu.com/community/UbuntuTime 

SNORT Sig updates Including SED

Whenever I update Snort Rules, the five SID mentioned below gets additional ! before $DNS server which makes SNORT not to start.  All these SID are included inside emerging-current_events.rules.

sid:2013353
sid:2013354
sid:2013355
sid:2013358
sid:2013359

so as a work around I have included sed "Serial Editor" along with my snort rules update script as shown below.

root@Bodhidarmar:/store/snort/rules# cat /var/scripts/snort_update.sh

#!/bin/bash
wget -q http://www.snort.org/sub-rules/snortrules-snapshot-xxxx.tar.gz/aaabbbcccdddeeefffggghhhiiijjjkkk -O /store/snort/archive/snortrules-snapshot-xxxx.tar.gz
oinkmaster.pl -o /store/snort/rules/ -Q
echo "Now Running Serial Edit to change the Bang Dollar DNS to Dollar DNS in ET-current_event[DOT]rules"
sed s/\!\$DNS/$DNS/ /store/snort/rules/emerging-current_events.rules > /store/snort/rules/emerging-current_events.rules



Note I have reduced the Font size above as they needs to be on one single line.

Saturday, December 10, 2011

Snort Sensor Name

To get the name of the sensor which is logging a particular event we need to include  sensor_name=Bodhidarmar in the snort.conf file.


root@Bodhidarmar:/home/bala# grep sensor_name /etc/snort/snort.conf
output database: log, mysql, user=********** password=**************** dbnames=******* host=localhost sensor_name=Bodhidarmar

Friday, December 9, 2011

Adit0 SSL VPN

While starting adito if it refuses to start do as shown in the link :-)

http://sourceforge.net/projects/openvpn-als/forums/forum/824507/topic/2883732

Add these two lines: 
wrapper.java.classpath.1=/opt/adito-0.9.1/lib/adito-boot.jar wrapper.java.mainclass=com.adito.boot.Bootstrap
 
To this file: /opt/adito-0.9.1/conf/wrapper.conf and service adito start should now work.

Thursday, December 8, 2011

Snort - fixing Error PortVar Lookup failed on '$FILE_DATA_PORTS'.

When we get the error "PortVar Lookup failed on '$FILE_DATA_PORTS'." on starting SNORT, this means to say that we need to declare the ports for '$FILE_DATA_PORTS' in our snort.conf file.


Source


http://blog.joelesler.net/

http://vrt-blog.snort.org/2011/11/say-hello-to-file-identify-category.html

SNORT FQDN resolution

If we want BASE to do resolution of the IP addresses as shown below.


We need to edit base_config.php file under the document root.