HeX is a project aimed at the NSM (Network Security Monitoring) community for use by network security analysts. The developers believe that simplicity and analysis work flow logic must be enhanced and emphasized through-out the process of designing this liveCD. Not only have they carefully chosen all the necessary applications and tools to be included to the liveCD, they have also tested them to make sure everything running as smooth as possible. In order to summarize the objective of HeX, they are trying to develop the first and foremost Network Security Monitoring & Network Based Forensics liveCD!
You can find information about Hex 2.0 here:
http://www.rawpacket.org/projects/hex/hex-livecd/version-20-release
Monday, October 27, 2008
Friday, September 05, 2008
HITBSecConf2008 Kuala Lumpur, Malaysia
Event Details:
Venue: The Crowne Plaza Mutiara Kuala Lumpur
Date : 27-30 October 2008
For more details about this event, please visit:
Howto Setup Syslog Server in Ubuntu using Apache2
I will show you how to setup Syslog Server using Apache2 in Ubuntu Linux.
Make sure you set a static IP address in Ubuntu. Edit this file:
#vi /etc/network/interfaces
This is your network configuration file(/etc/network/interfaces):
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
After that, you need to prepare your Syslog Server:
#mkdir /logs
#vi /etc/syslog.conf
I logged everythings under folder/logs/logger.log. This is my syslog.conf file:
*.* /logs/logger.log
If you like to log everything from auth, cron, lpr error and only syslogs warnings then you have to add next lines to /etc/syslog.conf.
auth.* /logs/logger.log
cron.* /logs/logger.log
kern.* /logs/logger.log
lpr.3 /logs/logger.log
syslog.4 /logs/logger.log
Edit ksyslogd file (/etc/init.d/ksyslogd)
#vi /etc/init.d/ksyslogd
You need to change this line SYSLOGD=”” to SYSLOGD=”-r -m0”
Restart your network:
#/etc/init.d/networking restart
After that, install Apache2
#apt-get install apache2 php5 libapache2-mod-php5 mysql-server mysql-client php5-mysql
Check your hostname (/etc/hostname) and make sure you have to put your local IP address in /etc/hosts. This is my /etc/hosts file:
127.0.0.1 localhost squid.cybersp.com
127.0.1.1 ubuntu
192.168.1.10 squid squid.cybersp.com
192.168.1.11 squid squid.cybersp.com
Modify your /etc/apache2/ports.conf and i decided to host on port 8080.
And go to apache2 site-available directory:
#cd /etc/apache2/sites-available
#touch squid.cybersp.com
Now edit squid.cybersp.com file
#vi /etc/apache2/sites-available/squid.cybersp.com
and make sure it looks like this:
ServerAdmin izhar@cybersp.com
ServerAlias squid.cybersp.com
DirectoryIndex index.php
DocumentRoot /logs
#touch index.php
#vi index.php
Make sure you set a static IP address in Ubuntu. Edit this file:
#vi /etc/network/interfaces
This is your network configuration file(/etc/network/interfaces):
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
After that, you need to prepare your Syslog Server:
#mkdir /logs
#vi /etc/syslog.conf
I logged everythings under folder/logs/logger.log. This is my syslog.conf file:
*.* /logs/logger.log
If you like to log everything from auth, cron, lpr error and only syslogs warnings then you have to add next lines to /etc/syslog.conf.
auth.* /logs/logger.log
cron.* /logs/logger.log
kern.* /logs/logger.log
lpr.3 /logs/logger.log
syslog.4 /logs/logger.log
Edit ksyslogd file (/etc/init.d/ksyslogd)
#vi /etc/init.d/ksyslogd
You need to change this line SYSLOGD=”” to SYSLOGD=”-r -m0”
Restart your network:
#/etc/init.d/networking restart
After that, install Apache2
#apt-get install apache2 php5 libapache2-mod-php5 mysql-server mysql-client php5-mysql
Check your hostname (/etc/hostname) and make sure you have to put your local IP address in /etc/hosts. This is my /etc/hosts file:
127.0.0.1 localhost squid.cybersp.com
127.0.1.1 ubuntu
192.168.1.10 squid squid.cybersp.com
192.168.1.11 squid squid.cybersp.com
Modify your /etc/apache2/ports.conf and i decided to host on port 8080.
And go to apache2 site-available directory:
#cd /etc/apache2/sites-available
#touch squid.cybersp.com
Now edit squid.cybersp.com file
#vi /etc/apache2/sites-available/squid.cybersp.com
and make sure it looks like this:
ServerAdmin izhar@cybersp.com
ServerAlias squid.cybersp.com
DirectoryIndex index.php
DocumentRoot /logs
Ok, now go to sites-enabled directory:
#cd /etc/apache2/sites-enabled
#ln -s /etc/apache2/sites-available/squid.cybersp.com squid.cybersp.com
Go to /logs directory and create an index.php file:
#cd /logs#touch index.php
#vi index.php
This is my index.php under /logs directory:
Now, restart your Apache:
#/etc/init.d/apache2 force-reload
Try to visit your Browser:
http://192.168.1.10:8080
Now, you have a Syslog Server. TRY IT!!!
Subscribe to:
Posts (Atom)
Posts
