Monday, October 27, 2008

Hex 2.0 Release!!

HeX is a project aimed at the NSM (Network Security Monitoring) community for use by network security analysts. The developers believe that simplicity and analysis work flow logic must be enhanced and emphasized through-out the process of designing this liveCD. Not only have they carefully chosen all the necessary applications and tools to be included to the liveCD, they have also tested them to make sure everything running as smooth as possible. In order to summarize the objective of HeX, they are trying to develop the first and foremost Network Security Monitoring & Network Based Forensics liveCD!

You can find information about Hex 2.0 here:
http://www.rawpacket.org/projects/hex/hex-livecd/version-20-release

Friday, September 05, 2008

HITBSecConf2008 Kuala Lumpur, Malaysia









Event Details:

Venue: The Crowne Plaza Mutiara Kuala Lumpur

Date : 27-30 October 2008

For more details about this event, please visit:

HITBSecConf 2008 Website

Howto Setup Syslog Server in Ubuntu using Apache2

I will show you how to setup Syslog Server using Apache2 in Ubuntu Linux.

Make sure you set a static IP address in Ubuntu. Edit this file:
#vi /etc/network/interfaces

This is your network configuration file(/etc/network/interfaces):
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface

auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1


After that, you need to prepare your Syslog Server:
#mkdir /logs
#vi /etc/syslog.conf
I logged everythings under folder/logs/logger.log. This is my syslog.conf file:
*.* /logs/logger.log

If you like to log everything from auth, cron, lpr error and only syslogs warnings then you have to add next lines to /etc/syslog.conf.
auth.* /logs/logger.log
cron.* /logs/logger.log
kern.* /logs/logger.log
lpr.3 /logs/logger.log
syslog.4 /logs/logger.log

Edit ksyslogd file (/etc/init.d/ksyslogd)
#vi /etc/init.d/ksyslogd

You need to change this line SYSLOGD=”” to SYSLOGD=”-r -m0”

Restart your network:

#/etc/init.d/networking restart

After that, install Apache2
#apt-get install apache2 php5 libapache2-mod-php5 mysql-server mysql-client php5-mysql

Check your hostname (/etc/hostname) and make sure
you have to put your local IP address in /etc/hosts. This is my /etc/hosts file:
127.0.0.1 localhost squid.cybersp.com
127.0.1.1 ubuntu
192.168.1.10 squid squid.cybersp.com
192.168.1.11 squid squid.cybersp.com

Modify your /etc/apache2/ports.conf and i decided to host on port 8080.

And go to apache2 site-available directory:
#cd /etc/apache2/sites-available
#touch squid.cybersp.com


Now edit squid.cybersp.com file
#vi /etc/apache2/sites-available/squid.cybersp.com

and make sure it looks like this:

ServerAdmin izhar@cybersp.com
ServerAlias squid.cybersp.com
DirectoryIndex index.php
DocumentRoot /logs

Ok, now go to sites-enabled directory:

#cd /etc/apache2/sites-enabled
#ln -s /etc/apache2/sites-available/squid.cybersp.com squid.cybersp.com

Go to /logs directory and create an index.php file:

#cd /logs
#touch index.php
#vi index.php

This is my index.php under /logs directory:









Now, restart your Apache:

#/etc/init.d/apache2 force-reload

Try to visit your Browser:

http://192.168.1.10:8080

Now, you have a Syslog Server. TRY IT!!!