Using Annoyance Filter

Annoyance Filter is an adaptive Bayesian junk email filter written by John Walker.

Training annoyance-filter on what is and what is not spam:

/usr/bin/annoyance-filter --mail ${MAIL} \
	--junk ${HOME}/Mail/spam \
	--prune \
	--write ${HOME}/.annoyance.dict

Note: The same command retrains annoyance-filter.

To use annoyance-filter with procmail edit your ${HOME}/.procmailrc:

 
:0fw:
| ${HOME}/bin/annoyance-filter-run
 
:0:
* ^X-Annoyance-Filter-Classification: Junk
${MBOXDIR}/annoyance

The above recipe executes the script annoyance-run on incoming email. 

 
#!/bin/sh
# annoyance-run - Script to run annoyance-filter from .procmailrc

exec /usr/bin/annoyance-filter \
	--read ${HOME}/.annoyance.dict \
	--transcript - \
	--test -

Using bogofilter

* This note was written on September 7, 2003

  1. Keep some (~50) spams in a separate folder (eg. ~/Mail/spam)
  2. Edit your ~/.bogofilter.cf 
    bogofilter_dir=~/.bogofilter
user_config_file=~/.bogofilter.cf
db_transaction=no
spam_header_name=X-Bogosity
spam_subject_tag={BOGOSPAM}
unsure_subject_tag={BOGOSPAM}
stats_in_header=Yes
db_cachesize=32
db_log_autoremove=yes
db_lk_max_locks=16384
db_lk_max_objects=16384
timestamp=Yes
spamicity_tags = Yes, No, Unsure
spamicity_formats = %0.6f, %0.6f, %0.6f
header_format = %h: %c, tests=bogofilter, spamicity=%p, version=%v
terse_format = %1.1c %f
log_header_format = %h: %c, spamicity=%p, version=%v
log_update_format = register-%r, %w words, %m messages
terse=no
block_on_subnets=no
charset_default=iso-8859-7
replace_nonascii_characters=N
min_dev=0.375
robs=0.0178
robx=0.52
ham_cutoff  = 0.00
spam_cutoff = 0.99
ns_esf = 1.000
sp_esf = 1.000
thresh_update=0.01
  3. bogofilter -Mn < ${MAIL} /* learn what is NOT spam */
  4. bogofilter -Ms < Mail/spam /* learn what IS spam */
  5. Add the following four (4) lines to your ~/.procmailrc: 
    # http://bogofilter.sf.net
:0HB:
* ? bogofilter -u
${HOME}/Mail/bogofilter

How I became a system administrator

* Originally written at Thu Sep 2 05:17:58 EEST 1999.

This is how it started

Every penny that I have made today and every one that I will make, I owe it to my Prof. Timos Sellis who has trusted me more than enough:

When I entered the NTUA EE School (Fall of 1990), I had no computer and no money to buy one. Also I wanted to become a Computer Engineer. The labs are not always open and keys are not the easiest thing to find. Somehow until Fall of 1993 I managed. But by then it was impossible to continue without a computer.

It was then that I heard from a friend that Prof. Sellis was looking for a System’s Administrator for his lab machines. The Following dialog is real:

 
Yiorgos: Hi, I heard that you are looking for a System's Administrator
Timos: Yes, do you know of any?
Yiorgos: Yes, actually I'd like to do that
Timos: Do you know anything about it?
Yiorgos: No, not a thing!
Timos: That's OK, you will learn

This dialog changed my professional life. It is because of Timos’ trust that I am able to make my living today.

[ I was not a total ignorant of Unix internals. I was a Unix power user who could do anything that could be done without root access. It was just that I was ignorant of administering systems and maintaining things like DNS and sendmail ]

The least I can do as to thank Timos for the door he opened to me into the amazing world of System Administration is to document the story down.

[ needless to say that I graduated without owning a computer ;-) ]

With lots of gratitude,

Yiorgos Adamopoulos.

Setting up a minimal KA9Q (NOS) router

I used KA9Q (NOS) because it is small, easy to understand and works really well. If you want a more sofisticated solution, you may consider using IProute.

Hardware

  • HP 286 Vectra/12MHz
  • 2MB RAM
  • 360 KB floppy!
  • NE2000 compatible NIC
  • Intel Ethernet Express 16 NIC

Software

  • NET.EXE from any Simtel.Net mirror. This is version 920603 that runs even on a i286. You may want to grab the latest NET.EXE that runs on i386s from here.
  • ge2000.com
  • exp16.com

AUTOEXEC.BAT

exp16.com 0x60 0x300
ge2000.com 0x61 0x3 0x320
net.exe

AUTOEXEC.NET

hostname regina
attach packet 0x60 e0 20 1500
attach packet 0x61 e1 20 1500
ifconfig e0 ipaddress 10.0.0.200
ifconfig e0 netmask 0xffffff00
ifconfig e0 broadcast 10.0.0.255
ifconfig e1 ipaddress 10.0.1.200
ifconfig e1 netmask 0xffffff00
ifconfig e1 broadcast 10.0.1.255
ip ttl 255
route add default e0 10.0.0.199
domain addserver 10.0.0.1
domain cache clean on

I want to thank Nontas Tsigkas for providing the equipment and the time for this setup to work.

— adamo@dblab.ece.ntua.gr –.

tac_plus.2.1 and mSQL-1.0.x

[Now there exists a version 3.x of tac_plus from cisco, so info presented herein may not be of value to you.]

After several emails that I received from the tacplus-l@disaster.com subscribers on how I merged tacplus and mSQL, I decided to place some notes here. I cannot place the actual code, as I am not sure about the copyright issues, so I’ll do my best:

[Note: This is in no way a complete document, but it is better than nothing.]

Developement Tools and Environment

  • gcc-2.7.2
  • cisco tacplus.2.1
  • mSQL-1.0.16
  • HP-UX 9.04 (s800)
  • Solaris 2.5 (SPARC)
  • IOS 11.x

Why mSQL?

mSQL-1.0.x although lightweight, is heavily tested and stable. Our other choises were SYBASE and Postgres95 but both were very heavy for the available hardware at that time. Anyway, tacplus.2.1 can operate with any DBMS you like doing the same changes proposed here.

Code changes

  • Minor changes to Makefile for -I/usr/local/Minerva/include and -L/usr/local/Minerva/lib -lmsql to be included.
  • #include <msql.h;> to every sql related hacked .c and .h file.
  • Added a check_rules() function so that when the user is verified by the normal tac_plus procedure and things are OK, the new rules start checking and enforcing. check_rules() is called in default_fn.c after line 138 and if data->status != TAC_PLUS_AUTHEN_STATUS_FAIL. check_rules() is used to enforce any policy that cannot be otherwise enforced by vanilla tac_plus.
  • Added some code to divert accounting to mSQL after line 99 of do_acct.c Basically the code checks for the AV pairs service=exec and service=shell (which are the same but for different IOS releases: 10.x and 11.x). In fact the whole of do_acct.c could easily be rewritten to support mSQL or any other DBMS that you like.
  • Estimated coding time: 6 hours.

Database design

Because this project was developed in a very short timeframe, no regular analysis was conducted and all kinds of features required, were built on an add-hoc basis. This means that for almost every new feature to be added and proccessed, a new table is almost always created- which is bad practice. Experience gained though will lead to a full featured, well designed system when this can no longer function.

The schema is spaggeti-like and the only thing worth noting is that currently logged in users are kept in a table and every new login is checked against it. If the user attempting to login is already logged in, the session is dropped and logged for (possible) further investigation.

The whole system is supported by a number of scripts in ksh and perlMsql that are run by cron and reset values or extract statistics.

There you have it…

Acknowledgements

I would like to thank Panagiotis Christias and Panagiotis Sebos for their help and comments during the developement, testing and evolvement of this project.

If you have any suggestions and/or comments, email me at: Y.Adamopoulos@noc.ntua.gr.