Category: Uncategorized

Γιατί ο Έλληνας για να διαπρέψει πρέπει να ξενιτευτεί;

Δίαβασα πρόσφατα αυτό το άρθρο. Παραθέτω την αρχή του:

"Έχει αναρωτηθεί ποτέ κανείς γιατί κανένας Έλληνας δεν έχει αναγνωριστεί ποτέ στον τόπο του; Γιατί ο Έλληνας για να διαπρέψει πρέπει να ξενιτευτεί;"

Δεν ξέρω ποιος ή τι εκνεύρισε τον alex για να το γράψει, αλλά η απάντηση είναι απλή: Φταίει η υπερσυγκέντρωση Ελλήνων στον ίδιο γεωγραφικό χώρο.

Using clamscan inside /etc/procmailrc

[ Originally I wrote this in June 2, 2004 ]

If for whatever reason you want to use ClamAV with sendmail and cannot use the clamav-milter (like when working with RedHat ES and its stock sendmail), using procmail as your local delivery agent might help. This is a very simple /etc/procmailrc:

# adamo, Thu May 27 16:26:48 EEST 2004

# Set the default path
PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin

# Uncomment this to monitor the recipes
#LOGFILE=/var/log/procmail.log

# NEVER forget the last dash (-) on the follwoing command
:0 Wc: /var/tmp/clamscan.${PPID}.$$.lock
| /usr/local/bin/clamscan --stdout --tempdir=/var/tmp --quiet --mbox -

# Delete emails that contain virii
:0 e: /var/tmp/formail.${PPID}.$$.lock
/dev/null

# Tag emails that contain virii
## :0 eWf: /var/tmp/formail.${PPID}.$$.lock
## | /usr/bin/formail -i "Subject: VIRUS FOUND -- PLEASE DELETE ME"

See also at the ClamAV wiki: ClamAndProcmail.

Setting up a minimal KA9Q (NOS) router

I used KA9Q (NOS) because it is small, easy to understand and works really well. If you want a more sofisticated solution, you may consider using IProute.

Hardware

  • HP 286 Vectra/12MHz
  • 2MB RAM
  • 360 KB floppy!
  • NE2000 compatible NIC
  • Intel Ethernet Express 16 NIC

Software

  • NET.EXE from any Simtel.Net mirror. This is version 920603 that runs even on a i286. You may want to grab the latest NET.EXE that runs on i386s from here.
  • ge2000.com
  • exp16.com

AUTOEXEC.BAT

exp16.com 0x60 0x300
ge2000.com 0x61 0x3 0x320
net.exe

AUTOEXEC.NET

hostname regina
attach packet 0x60 e0 20 1500
attach packet 0x61 e1 20 1500
ifconfig e0 ipaddress 10.0.0.200
ifconfig e0 netmask 0xffffff00
ifconfig e0 broadcast 10.0.0.255
ifconfig e1 ipaddress 10.0.1.200
ifconfig e1 netmask 0xffffff00
ifconfig e1 broadcast 10.0.1.255
ip ttl 255
route add default e0 10.0.0.199
domain addserver 10.0.0.1
domain cache clean on

I want to thank Nontas Tsigkas for providing the equipment and the time for this setup to work.

— adamo@dblab.ece.ntua.gr –.

tac_plus.2.1 and mSQL-1.0.x

[Now there exists a version 3.x of tac_plus from cisco, so info presented herein may not be of value to you.]

After several emails that I received from the tacplus-l@disaster.com subscribers on how I merged tacplus and mSQL, I decided to place some notes here. I cannot place the actual code, as I am not sure about the copyright issues, so I’ll do my best:

[Note: This is in no way a complete document, but it is better than nothing.]

Developement Tools and Environment

  • gcc-2.7.2
  • cisco tacplus.2.1
  • mSQL-1.0.16
  • HP-UX 9.04 (s800)
  • Solaris 2.5 (SPARC)
  • IOS 11.x

Why mSQL?

mSQL-1.0.x although lightweight, is heavily tested and stable. Our other choises were SYBASE and Postgres95 but both were very heavy for the available hardware at that time. Anyway, tacplus.2.1 can operate with any DBMS you like doing the same changes proposed here.

Code changes

  • Minor changes to Makefile for -I/usr/local/Minerva/include and -L/usr/local/Minerva/lib -lmsql to be included.
  • #include <msql.h;> to every sql related hacked .c and .h file.
  • Added a check_rules() function so that when the user is verified by the normal tac_plus procedure and things are OK, the new rules start checking and enforcing. check_rules() is called in default_fn.c after line 138 and if data->status != TAC_PLUS_AUTHEN_STATUS_FAIL. check_rules() is used to enforce any policy that cannot be otherwise enforced by vanilla tac_plus.
  • Added some code to divert accounting to mSQL after line 99 of do_acct.c Basically the code checks for the AV pairs service=exec and service=shell (which are the same but for different IOS releases: 10.x and 11.x). In fact the whole of do_acct.c could easily be rewritten to support mSQL or any other DBMS that you like.
  • Estimated coding time: 6 hours.

Database design

Because this project was developed in a very short timeframe, no regular analysis was conducted and all kinds of features required, were built on an add-hoc basis. This means that for almost every new feature to be added and proccessed, a new table is almost always created- which is bad practice. Experience gained though will lead to a full featured, well designed system when this can no longer function.

The schema is spaggeti-like and the only thing worth noting is that currently logged in users are kept in a table and every new login is checked against it. If the user attempting to login is already logged in, the session is dropped and logged for (possible) further investigation.

The whole system is supported by a number of scripts in ksh and perlMsql that are run by cron and reset values or extract statistics.

There you have it…

Acknowledgements

I would like to thank Panagiotis Christias and Panagiotis Sebos for their help and comments during the developement, testing and evolvement of this project.

If you have any suggestions and/or comments, email me at: Y.Adamopoulos@noc.ntua.gr.