Toscom https://tech.feedyourhead.at/ en Suricata Ruby-Gem https://tech.feedyourhead.at/content/suricata-ruby-gem <span class="field field--name-title field--type-string field--label-hidden">Suricata Ruby-Gem</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>I wrote a <a href="https://github.com/whotwagner/suricata">Ruby-Gem</a> for suricata. It offers classes to parse suricata-logs and ships with a nagios-plugin</p> <h2>Installation</h2> <p>Just call:</p> <pre> <code> gem install suricata </code></pre> <h2>Usage</h2> <p>The nagios-plugin searches for specific strings in the description-part of a logfile-entry. It's possible to create a whitelist of search hits which should be excluded.</p> <pre> <code> Usage: check_suricata [ -a alertfile ] [ -w whitelistfile ] -e searchstring -h, --help This help screen -a, --alertfile ALERTFILE alertfile(default: /var/log/suricata/fast.log) -w, --whitelist WHITELISTFILE whitelistfile -e, --search STRING searchstring -i, --interactive interactive -k, --ackfile ACKFILE ackfile(default: /tmp/surack.lst) </code></pre> <p>It is possible to interactively acknowlege search hits so that they will not occur on the next search:</p> <pre> <code> check_suricata -i -e "ET CHAT" Acknowlege the following entry: 10/04/2016-13:39:45.498785 [**] [1:2001595:10] ET CHAT Skype VOIP Checking Version (Startup) [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.0.1:40460 -&gt; 15.14.13.12:80 Acknowlege(y|n): y Acknowlege the following entry: 10/05/2016-09:25:01.186862 [**] [1:2001595:10] ET CHAT Skype VOIP Checking Version (Startup) [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.0.1:49491 -&gt; 100.254.198.10:80 Acknowlege(y|n): n </code></pre> <h2>Download the Sources</h2> <p>The sources can be found on my <a href="https://github.com/whotwagner/">github-account</a> and can be downloaded using git:</p> <pre> <code> git clone https://github.com/whotwagner/suricata </code></pre> <h2>Future Work</h2> <p>I currently work on a logfile-analyzer for Suricata. It will be included in the furure versions of this gem.</p> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Oct 11 2016</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Programming" hreflang="en">Programming</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/downloads" hreflang="en">Downloads</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/ruby" hreflang="en">Ruby</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/git" hreflang="en">git</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/taxonomy/term/97" hreflang="en">Toscom</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=209&amp;2=comment&amp;3=comment" token="OxMQl9MNyO5Ozx66YFYnJzt2HiZEoOsLthrf6eJoXdE"></drupal-render-placeholder> </section> Tue, 11 Oct 2016 14:09:28 +0000 Hoti 209 at https://tech.feedyourhead.at HackADay: Controlling computers and stuff with the mind https://tech.feedyourhead.at/content/hack-a-day-controlling-computers-and-stuff-with-my-mind <span class="field field--name-title field--type-string field--label-hidden">HackADay: Controlling computers and stuff with the mind</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>I am very slothful.  I let computers do my work. That's why I became a sysadmin. In this article I am going to describe how I lifted up my lazyness to the next level by triggering a command with my mind to install a new virtual machine with: MariaDB, Nginx and Wordpress.</p> <h2>Intro</h2> <p>When I first read about the <a href="http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0111332">human-to-human-brain-interface</a> I was fascinated. It's like a science-fiction-x-men-story: controlling another human with the mind. But this is a little bit creepy too. Controlling a computer with the mind instead sounds for me more comfortable. In that way I could do all my work just by thinking of it while I am lying in my bed. That's awesome.</p> <h2>Hardware</h2> <p><img alt="Mindwave Equipment" data-entity-type="file" data-entity-uuid="516f6e07-edbb-4697-9daf-652540c07fd7" src="/sites/default/files/inline-images/mindwave_equippment.jpg" /></p> <h3>Headset</h3> <p>I did a little research and it seems the best option for an affordable EEG-headset would be the <a href="http://openbci.com/">OpenBCI-Project</a>. For my proof of concept it is still too expensive, that's why I took the <a href="http://store.neurosky.com/">Neurosky Mindwave Headset</a>. It's has just a few electrodes but it is cheap and might be good enough for my experiment. I ordered a Mindwave-Headset and not a Mindwave-Mobile-headset. The Mindwave-headset ships with a USB-dongle.</p> <p>Neurosky-Devices have a nice feature built-in: <a href="http://developer.neurosky.com/docs/doku.php?id=thinkgear_communications_protocol#thinkgear_data_values">eSense</a>. eSense  calculates the "attention"(are you focused?) and "meditation"(do you have many thoughts?) of a person. I will use this feature for triggering a command-execution.  I could also use the EEG-Data(16bin wave-format), but for this proof-of-concept I am fine with the eSense-meters.</p> <h3>Microcontroller</h3> <p>I have an old Raspberry Pi (Model B) and I installed <a href="https://www.debian.org/releases/jessie/">Debian Jessie</a> on it. A LED on a Gpio-Pin will indicate if I am concentrated or not.</p> <h2>Software</h2> <h3>Reading out EEG-Data</h3> <p>I wrote a <a href="https://github.com/whotwagner/mindwave">ruby gem</a> for interfacing the Mindwave Headset. It simply reads out all the data via serial line and parses it. There are several callback methods to overwrite.  In the following example I will override a method to read out the "attention"-value:</p> <pre> <div class="geshifilter"><pre class="ruby geshifilter-ruby" style="font-family:monospace;"><span style="color:#008000; font-style:italic;">#!/usr/bin/env ruby</span>   <span style="color:#CC0066; font-weight:bold;">require</span> <span style="color:#996600;">'mindwave'</span>   <span style="color:#9966CC; font-weight:bold;">class</span> EEG <span style="color:#006600; font-weight:bold;">&amp;</span>lt; <span style="color:#6666ff; font-weight:bold;">Mindwave::Headset</span> <span style="color:#008000; font-style:italic;"># override Attention-Callback-Method</span> <span style="color:#9966CC; font-weight:bold;">def</span> attentionCall<span style="color:#006600; font-weight:bold;">(</span>attention<span style="color:#006600; font-weight:bold;">)</span> str = eSenseStr<span style="color:#006600; font-weight:bold;">(</span>attention<span style="color:#006600; font-weight:bold;">)</span> <span style="color:#CC0066; font-weight:bold;">puts</span> <span style="color:#996600;">"this is an attention #{attention} #{str}<span style="color:#000099;">\n</span>"</span> <span style="color:#9966CC; font-weight:bold;">end</span> <span style="color:#9966CC; font-weight:bold;">end</span>   <span style="color:#008000; font-style:italic;"># create a new instance</span> mw = EEG.<span style="color:#9900CC;">new</span> <span style="color:#008000; font-style:italic;"># mw.log.level = Logger::DEBUG</span>   <span style="color:#008000; font-style:italic;"># if we hit ctrl+c then just stop the run()-method</span> <span style="color:#CC00FF; font-weight:bold;">Signal</span>.<span style="color:#CC0066; font-weight:bold;">trap</span><span style="color:#006600; font-weight:bold;">(</span><span style="color:#996600;">"INT"</span><span style="color:#006600; font-weight:bold;">)</span> <span style="color:#9966CC; font-weight:bold;">do</span> mw.<span style="color:#9900CC;">stop</span> <span style="color:#9966CC; font-weight:bold;">end</span>   <span style="color:#008000; font-style:italic;"># Create a new Thread</span> thread = <span style="color:#CC00FF; font-weight:bold;">Thread</span>.<span style="color:#9900CC;">new</span> <span style="color:#006600; font-weight:bold;">{</span> mw.<span style="color:#9900CC;">run</span> <span style="color:#006600; font-weight:bold;">}</span> <span style="color:#008000; font-style:italic;"># ..and run it</span> thread.<span style="color:#9900CC;">join</span>   mw.<span style="color:#9900CC;">close</span></pre></div></pre> <h3>Manipulating the Raspberry-GPIO-Pins</h3> <p>I found a nice ruby gem for manipulating the GPIO-Pins of my raspberry at <a href="https://rubygems.org/gems/rpi_gpio">rubygems.org.</a> This code will switch the GPIO_Pin 22 on every key-stroke:</p> <pre> <div class="geshifilter"><pre class="ruby geshifilter-ruby" style="font-family:monospace;"><span style="color:#008000; font-style:italic;">#!/usr/bin/env ruby</span>   <span style="color:#008000; font-style:italic;"># gem install rpi_gpio</span> <span style="color:#CC0066; font-weight:bold;">require</span> <span style="color:#996600;">'rpi_gpio'</span> <span style="color:#008000; font-style:italic;"># gem install io-console</span> <span style="color:#CC0066; font-weight:bold;">require</span> <span style="color:#996600;">'io/console'</span>   <span style="color:#6666ff; font-weight:bold;">RPi::GPIO</span>.<span style="color:#9900CC;">set_numbering</span> <span style="color:#ff3333; font-weight:bold;">:bcm</span> <span style="color:#6666ff; font-weight:bold;">RPi::GPIO</span>.<span style="color:#9900CC;">clean_up</span> <span style="color:#006666;">22</span> <span style="color:#6666ff; font-weight:bold;">RPi::GPIO</span>.<span style="color:#9900CC;">setup</span> <span style="color:#006666;">22</span>, <span style="color:#ff3333; font-weight:bold;">:as</span> =<span style="color:#006600; font-weight:bold;">&amp;</span>gt; <span style="color:#ff3333; font-weight:bold;">:output</span>   GPIO_NUM=<span style="color:#006666;">22</span>   <span style="color:#6666ff; font-weight:bold;">RPi::GPIO</span>.<span style="color:#9900CC;">set_high</span> GPIO_NUM   sohigh = <span style="color:#0000FF; font-weight:bold;">true</span>   input = <span style="color:#996600;">'c'</span>   <span style="color:#CC00FF; font-weight:bold;">Signal</span>.<span style="color:#CC0066; font-weight:bold;">trap</span><span style="color:#006600; font-weight:bold;">(</span><span style="color:#996600;">"INT"</span><span style="color:#006600; font-weight:bold;">)</span> <span style="color:#9966CC; font-weight:bold;">do</span> <span style="color:#CC0066; font-weight:bold;">puts</span> <span style="color:#996600;">"SiGINT Cleaning up.."</span> <span style="color:#6666ff; font-weight:bold;">RPi::GPIO</span>.<span style="color:#9900CC;">clean_up</span> GPIO_NUM <span style="color:#CC0066; font-weight:bold;">exit</span> <span style="color:#006666;">1</span> <span style="color:#9966CC; font-weight:bold;">end</span>     <span style="color:#9966CC; font-weight:bold;">while</span> input != <span style="color:#996600;">"q"</span> input = STDIN.<span style="color:#9900CC;">getch</span>   <span style="color:#9966CC; font-weight:bold;">if</span> sohigh <span style="color:#6666ff; font-weight:bold;">RPi::GPIO</span>.<span style="color:#9900CC;">set_low</span> GPIO_NUM <span style="color:#9966CC; font-weight:bold;">else</span> <span style="color:#6666ff; font-weight:bold;">RPi::GPIO</span>.<span style="color:#9900CC;">set_high</span> GPIO_NUM <span style="color:#9966CC; font-weight:bold;">end</span>   sohigh = !sohigh <span style="color:#9966CC; font-weight:bold;">end</span>   <span style="color:#CC0066; font-weight:bold;">puts</span> <span style="color:#996600;">"Cleaning up.."</span> <span style="color:#6666ff; font-weight:bold;">RPi::GPIO</span>.<span style="color:#9900CC;">clean_up</span> GPIO_NUM</pre></div></pre> <h2>Controlling a LED</h2> <p>So let's put all parts together. Here is some code which toggles a LED if the attention value is bigger than 79:</p> <pre> <div class="geshifilter"><pre class="ruby geshifilter-ruby" style="font-family:monospace;"><span style="color:#008000; font-style:italic;">#!/usr/bin/env ruby</span>   <span style="color:#CC0066; font-weight:bold;">require</span> <span style="color:#996600;">'mindwave'</span>   <span style="color:#CC0066; font-weight:bold;">require</span> <span style="color:#996600;">'rpi_gpio'</span>   <span style="color:#6666ff; font-weight:bold;">RPi::GPIO</span>.<span style="color:#9900CC;">set_numbering</span> <span style="color:#ff3333; font-weight:bold;">:bcm</span> <span style="color:#6666ff; font-weight:bold;">RPi::GPIO</span>.<span style="color:#9900CC;">clean_up</span> <span style="color:#006666;">22</span> <span style="color:#6666ff; font-weight:bold;">RPi::GPIO</span>.<span style="color:#9900CC;">setup</span> <span style="color:#006666;">22</span>, <span style="color:#ff3333; font-weight:bold;">:as</span> =<span style="color:#006600; font-weight:bold;">&amp;</span>gt; <span style="color:#ff3333; font-weight:bold;">:output</span>   <span style="color:#6666ff; font-weight:bold;">RPi::GPIO</span>.<span style="color:#9900CC;">set_low</span> <span style="color:#006666;">22</span>   <span style="color:#9966CC; font-weight:bold;">class</span> EEG <span style="color:#006600; font-weight:bold;">&amp;</span>lt; <span style="color:#6666ff; font-weight:bold;">Mindwave::Headset</span> <span style="color:#0066ff; font-weight:bold;">@ishigh</span> = <span style="color:#0000FF; font-weight:bold;">false</span> attr_accessor <span style="color:#ff3333; font-weight:bold;">:update</span>     <span style="color:#9966CC; font-weight:bold;">def</span> meditationCall<span style="color:#006600; font-weight:bold;">(</span>meditation<span style="color:#006600; font-weight:bold;">)</span> str = eSenseStr<span style="color:#006600; font-weight:bold;">(</span>meditation<span style="color:#006600; font-weight:bold;">)</span> <span style="color:#CC0066; font-weight:bold;">puts</span> <span style="color:#996600;">"Meditation #{meditation} #{str}<span style="color:#000099;">\n</span>"</span> <span style="color:#9966CC; font-weight:bold;">end</span>   <span style="color:#008000; font-style:italic;"># override Attention-Callback-Method</span> <span style="color:#9966CC; font-weight:bold;">def</span> attentionCall<span style="color:#006600; font-weight:bold;">(</span>attention<span style="color:#006600; font-weight:bold;">)</span> str = eSenseStr<span style="color:#006600; font-weight:bold;">(</span>attention<span style="color:#006600; font-weight:bold;">)</span> <span style="color:#CC0066; font-weight:bold;">puts</span> <span style="color:#996600;">"-&amp;gt; Attention #{attention} #{str}<span style="color:#000099;">\n</span>"</span>   <span style="color:#9966CC; font-weight:bold;">if</span> attention <span style="color:#006600; font-weight:bold;">&amp;</span>gt; <span style="color:#006666;">79</span> <span style="color:#9966CC; font-weight:bold;">and</span> <span style="color:#0066ff; font-weight:bold;">@update</span> == <span style="color:#0000FF; font-weight:bold;">true</span> <span style="color:#CC0066; font-weight:bold;">puts</span> <span style="color:#996600;">"FIRE IT UP"</span> <span style="color:#9966CC; font-weight:bold;">if</span> <span style="color:#0066ff; font-weight:bold;">@ishigh</span> <span style="color:#6666ff; font-weight:bold;">RPi::GPIO</span>.<span style="color:#9900CC;">set_low</span> <span style="color:#006666;">22</span> <span style="color:#0066ff; font-weight:bold;">@ishigh</span> = <span style="color:#0000FF; font-weight:bold;">false</span> <span style="color:#9966CC; font-weight:bold;">else</span> <span style="color:#6666ff; font-weight:bold;">RPi::GPIO</span>.<span style="color:#9900CC;">set_high</span> <span style="color:#006666;">22</span>   <span style="color:#0066ff; font-weight:bold;">@ishigh</span> = <span style="color:#0000FF; font-weight:bold;">true</span> stop <span style="color:#9966CC; font-weight:bold;">end</span>   <span style="color:#0066ff; font-weight:bold;">@update</span> = <span style="color:#0000FF; font-weight:bold;">false</span>   <span style="color:#9966CC; font-weight:bold;">end</span> <span style="color:#9966CC; font-weight:bold;">end</span> <span style="color:#9966CC; font-weight:bold;">end</span>   <span style="color:#008000; font-style:italic;"># create a new instance</span> mw = EEG.<span style="color:#9900CC;">new</span> mw.<span style="color:#9900CC;">update</span> = <span style="color:#0000FF; font-weight:bold;">true</span>   <span style="color:#008000; font-style:italic;"># mw.log.level = Logger::INFO</span>   <span style="color:#008000; font-style:italic;"># if we hit ctrl+c then just stop the run()-method</span> <span style="color:#CC00FF; font-weight:bold;">Signal</span>.<span style="color:#CC0066; font-weight:bold;">trap</span><span style="color:#006600; font-weight:bold;">(</span><span style="color:#996600;">"INT"</span><span style="color:#006600; font-weight:bold;">)</span> <span style="color:#9966CC; font-weight:bold;">do</span> mw.<span style="color:#9900CC;">stop</span> <span style="color:#9966CC; font-weight:bold;">end</span>   <span style="color:#008000; font-style:italic;"># Create a new Thread</span> thread = <span style="color:#CC00FF; font-weight:bold;">Thread</span>.<span style="color:#9900CC;">new</span> <span style="color:#006600; font-weight:bold;">{</span> mw.<span style="color:#9900CC;">run</span> <span style="color:#006600; font-weight:bold;">}</span> <span style="color:#008000; font-style:italic;"># ..and run it</span>   <span style="color:#CC0066; font-weight:bold;">puts</span> <span style="color:#996600;">"Starting..."</span> thread.<span style="color:#9900CC;">join</span>   <span style="color:#CC0066; font-weight:bold;">puts</span> <span style="color:#996600;">"Cleaning up.."</span> mw.<span style="color:#9900CC;">close</span> <span style="color:#6666ff; font-weight:bold;">RPi::GPIO</span>.<span style="color:#9900CC;">clean_up</span> <span style="color:#006666;">22</span></pre></div></pre> <p> <video controls="" height="360" width="480"><source src="/sites/default/files/DateiUploads/mindwave_led_lightup.mp4" type="video/mp4"></source></video></p> <h2>Automization</h2> <p>Automization is a very important part of our work at <a href="http://www.toscom.at/">Toscom</a>. I believe that sysadmins should automize as much as possible. Not only to be more efficient but also for quality management. So we do not configure servers manually but program the configuration and reuse this code as often as possible. This makes the next step very easy. I just install the configurations-management-system <a href="https://www.ansible.com/">Ansible</a> on the raspberry pi, download some (wordpress related) ansible-roles from <a href="https://galaxy.ansible.com/">ansible-galaxy </a>and call ansible-playbook within my script. Since Version 2 Ansible also includes modules for controlling <a href="https://aws.amazon.com/">Amazon AWS-Services</a>. So I will create my virtual machine in the Amazon-Cloud. Here is my playbook.yml:</p> <pre> <code> - hosts: localhost connection: local gather_facts: False tasks: - name: Provision Wordpress Instance ec2: aws_access_key: "MY-ACCESS-KEY" aws_secret_key: "MY-SUPER-SECRET-ACCESS-KEY" key_name: pi_key instance_type: t2.micro image: ami-ed82e39e wait: true wait_timeout: 500 assign_public_ip: yes vpc_subnet_id: subnet-de3b5da8 region: eu-west-1 group_id: sg-75d3c412 register: ec2 - name: Add new instance to host group add_host: hostname={{ item.public_ip }} groupname=launched ansible_user=ubuntu with_items: '{{ec2.instances}}' - name: Wait for SSH to come up wait_for: host={{item.public_dns_name}} port=22 delay=60 timeout=320 state=started with_items: '{{ec2.instances}}' - name: install wordpress hosts: launched become: True gather_facts: True vars: wp_mysql_host: 'localhost' session_post_max_size: '128M' session_upload_max_filesize: '128M' session_max_input_time: '70' session_max_execution_time: '90' roles: - valentinzberea.wordpress </code></pre> <p>I use the following roles (from <a href="https://galaxy.ansible.com/">ansible-galaxy</a>):</p> <ul><li>mats116.nginx        </li> <li>valentinzberea.wordpress</li> <li>mats116.mariadb-server    </li> <li>valentinzberea.hhvm</li> </ul><h2>Proof of Concept</h2> <p>In the next video clip, I recorded a proof of concept. First I got a connection with my headset (the light turns blue), then it took me a while to be focused. As soon as I have a focus level of 80, my program will turn on a LED and call ansible-playbook. In the clip we will see that in my Amazon AWS-Console a new virtual machine will start and install Wordpress, MariaDB and Nginx. At the end of the clip, I will copy the IP-address of the new host and connect to the Wordpress-Page on it.</p> <p> <video controls="" height="360" width="480"><source src="/sites/default/files/DateiUploads/mindcontrol_aws_wordpress.mp4" type="video/mp4"></source></video></p> <p>I did not use the Wave-Stream of the EEG-Data to detect the thoughts but only read out the attention-level of my mind. I also exited the script as soon as it fired up a command, otherwise I would have multiple command-executions on "long" thoughts aso.</p> <h2>Problems</h2> <ol><li>I cheated. I did not use the wave-data at all. I just used the attention-level I got from the Mindwave-Headset.</li> <li>This is difficult to use. How does one deliberately hold a focus with his mind? Some practice is needed...</li> <li>What if someone focuses longer? A timer is needed then, otherwise it toggles many times in a row</li> </ol><h2>Conclusion</h2> <p>I triggered a command with my mind which created a virtual machine (Amazon EC2-Instance), installed MariaDB, Nginx and Wordpress. That is one of my daily tasks and I was able to make it just by concentrating. If I combine this project with my <a href="https://tech.feedyourhead.at/content/controlling-power-outlets-using-the-rapberry-pi">power-outlets</a>, I could even make tea with my mind. It's not perfect. This technique is not very precise (neither is this headset). Even though I am very happy with the result. Maybe I will go deeper and compare signatures of EEG data to detect different states of mind.</p> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Sep 16 2016</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/hackaday" hreflang="en">HackADay</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/raspberry" hreflang="en">Raspberry</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/ruby" hreflang="en">Ruby</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Programming" hreflang="en">Programming</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/hardware" hreflang="en">Hardware</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/taxonomy/term/97" hreflang="en">Toscom</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=200&amp;2=comment&amp;3=comment" token="2BmXclPgiIaQ8G9zkGASPYUrQx8quVImoHS9NOI2gYA"></drupal-render-placeholder> </section> Fri, 16 Sep 2016 07:06:56 +0000 Hoti 200 at https://tech.feedyourhead.at Simple WebApp-Stress-Tool https://tech.feedyourhead.at/content/simulty <span class="field field--name-title field--type-string field--label-hidden">Simple WebApp-Stress-Tool</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>I wrote a simple webapp-stress-tool. <a href="https://github.com/whotwagner/simulty">Simulty</a> is a very simple webapp-stress-tool. It reads random urls from a file and executes multiple get-requests simultaneously to them.</p> <h2>Download:</h2> <pre> <code> git clone https://github.com/whotwagner/simulty </code></pre> <h2>Usage:</h2> <p>Create a file with one url per line and start the stresstest with:</p> <pre> <code> ./simulty.rb <urlfile> <number-of-threads> </number-of-threads></urlfile></code></pre> <h2>Sample-Urlfile:</h2> <pre> <code> http://www.somefoobar.com/index.php?fun https://www.somefoobar.com/user/login.php http://www.somefoobar.com/whatever/somewhere/over/the/rainbow.php </code></pre> <p>Tip: This Urlfile could be generated from a logfile.</p> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Apr 22 2016</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/downloads" hreflang="en">Downloads</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/ruby" hreflang="en">Ruby</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Programming" hreflang="en">Programming</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/network" hreflang="en">Network</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/web" hreflang="en">Web</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/taxonomy/term/97" hreflang="en">Toscom</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=177&amp;2=comment&amp;3=comment" token="PTQEqErQeUkRAVDafW9aRuz25ARuUyrr5dGbKFPfnqI"></drupal-render-placeholder> </section> Fri, 22 Apr 2016 10:25:55 +0000 Hoti 177 at https://tech.feedyourhead.at Shorewall: setup Geo-IP filtering https://tech.feedyourhead.at/content/shorewall-setup-geo-ip-filtering <span class="field field--name-title field--type-string field--label-hidden">Shorewall: setup Geo-IP filtering</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p> </p> <p><a href="http://shorewall.net/"><img alt="shorewall - iptables made easy" data-entity-type="file" data-entity-uuid="c015785f-1634-461e-a809-09f0f9303889" src="/sites/default/files/inline-images/shorewall.png" /></a></p> <p>Sometimes it is neccessary to filter packets based on their geo-ip location. <a href="http://shorewall.net/">Shorewall</a> can make use of the xt_geoip-module for iptables. In this article I will explain how to setup this module on <a href="https://www.debian.org/">Debian</a>.</p> <h2>Installing the module</h2> <p>First of all we have to install the xt_geoip-module which is a part of the xtables-addons-common-package:</p> <p> </p> <pre> <code> apt-get update &amp;&amp; apt-get install xtables-addons-common </code></pre> <h2>Building the GeoIp-Database</h2> <p>Now we need some more packages for the geoip-building-scripts:</p> <pre> <code> apt-get install unzip libtext-csv-xs-perl </code></pre> <p>xtables-addons-common ships two scripts located in /usr/lib/xtables-addons:</p> <ul><li>xt_geoip_dl for downloading the database</li> <li>xt_geoip_build for building the database</li> </ul><p>So let's create and change in our temporary working-directory:</p> <pre> <code> mkdir /var/tmp/geoip cd /var/tmp/geoip </code></pre> <p>In our working-directory we will first download the csv-files:</p> <pre> <code> /usr/lib/xtables-addons/xt_geoip_dl ls -la drwxr-xr-x 2 root root 4,0K Apr 6 08:21 . drwxrwxrwt 4 root root 4,0K Apr 6 08:21 .. -rw-r--r-- 1 root root 1,8M Apr 5 15:28 GeoIPCountryCSV.zip -rw-r--r-- 1 root root 8,5M Apr 5 08:27 GeoIPCountryWhois.csv -rw-r--r-- 1 root root 4,2M Apr 5 15:28 GeoIPv6.csv </code></pre> <p>Iptables and shorewall will look for the database in /usr/share/xt_geoip. So we have to create this directory first:</p> <pre> <code> mkdir /usr/share/xt_geoip </code></pre> <p>Finally we can build the database:</p> <pre> <code> /usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip *.csv ls -l /usr/share/xt_geoip/ drwxr-xr-x 2 root root 12K Mär 26 22:50 BE drwxr-xr-x 2 root root 12K Mär 26 22:50 LE </code></pre> <h2>Using xt_geoip</h2> <p>Let's load the kernel-module and make sure that it will be loaded automatically when the system boots:</p> <pre> <code> modprobe xt_geoip echo xt_geoip &gt;&gt; /etc/modules </code></pre> <p>Using the module in shorewall is very simple. Let's say we are using portforwarding for our HTTP-server and we want to block connections from USA and Russia. In that case we just have to edit /etc/shorewall:</p> <pre> <code> ?SECTION NEW HTTP(REJECT):info inet:^[RU,US] lan:$WEBSERVER DNAT inet lan:$WEBSERVER tcp www </code></pre> <p>It's important that we block before the rule for portforwarding becauses DNAT also creates an ACCEPT-rule.</p> <h2>Automate Geoip-Updates</h2> <p>We just have to keep the database on our system up2date. Therefore I wrote this little script:</p> <p><em>/usr/local/sbin/update-xt_geoip.sh:</em></p> <pre> <code> #!/bin/bash # chmod this script with 700 GEOIPDIR="/usr/share/xt_geoip" test -d $GEOIPDIR || mkdir -p $GEOIPDIR TMPDIR=`mktemp -d -p /tmp` cd $TMPDIR /usr/lib/xtables-addons/xt_geoip_dl /usr/lib/xtables-addons/xt_geoip_build -D $GEOIPDIR *.csv rm -r $TMPDIR </code></pre> <p>Now we can easily create a cronjob which runs this script daily:</p> <pre> <code> @daily /usr/local/sbin/update-xt_geoip.sh &gt; /dev/null </code></pre> <p>That's it! Have fun.</p> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Apr 06 2016</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/firewall" hreflang="en">Firewall</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Linux" hreflang="en">Linux</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/security" hreflang="en">Security</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/network" hreflang="en">Network</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/sysadmin" hreflang="en">Sysadmin</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/taxonomy/term/97" hreflang="en">Toscom</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <div class="node__links"> <ul class="links inline"><li class="comment-add"><a href="/content/shorewall-setup-geo-ip-filtering#comment-form" title="Share your thoughts and opinions." hreflang="en">Add new comment</a></li></ul> </div> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class="title">Comments</h2> <article data-comment-user-id="0" id="comment-286" about="/comment/286" typeof="schema:Comment" class="comment js-comment by-anonymous"> <mark class="hidden" data-comment-timestamp="1609441774"></mark> <footer class="comment__meta"> <article typeof="schema:Person" about="/user/0" class="profile"> </article> <p class="comment__submitted"><span rel="schema:author">Submitted by <span lang="" typeof="schema:Person" property="schema:name" datatype="">senkron24 (not verified)</span> on Dec 02 2020</span> <span property="schema:dateCreated" content="2020-12-02T18:18:37+00:00" class="rdf-meta hidden"></span> </p> <a href="/comment/286#comment-286" hreflang="en">Permalink</a> </footer> <div class="content"> <h3 property="schema:name" datatype=""><a href="/comment/286#comment-286" class="permalink" rel="bookmark" hreflang="en">pls update ...</a></h3> <div property="schema:text" class="clearfix text-formatted field field--name-comment-body field--type-text-long field--label-hidden field__item"><p>pls update this its not more work ...</p> </div> <drupal-render-placeholder callback="comment.lazy_builders:renderLinks" arguments="0=286&amp;1=default&amp;2=en&amp;3=" token="rKVrb6Ymb-qrcakO27HZ7PR0RH48RACyAvI04xkQrMQ"></drupal-render-placeholder> </div> </article> <div class="indented"> <article data-comment-user-id="1" id="comment-287" about="/comment/287" typeof="schema:Comment" class="comment js-comment by-node-author"> <mark class="hidden" data-comment-timestamp="1609441828"></mark> <footer class="comment__meta"> <article typeof="schema:Person" about="/users/hoti" class="profile"> </article> <p class="comment__submitted"><span rel="schema:author">Submitted by <span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span> on Dec 31 2020</span> <span property="schema:dateCreated" content="2020-12-31T19:10:28+00:00" class="rdf-meta hidden"></span> </p> <p class="parent visually-hidden">In reply to <a href="/comment/286#comment-286" class="permalink" rel="bookmark" hreflang="en">pls update ...</a> by <span lang="" typeof="schema:Person" property="schema:name" datatype="">senkron24 (not verified)</span></p> <a href="/comment/287#comment-287" hreflang="en">Permalink</a> </footer> <div class="content"> <h3 property="schema:name" datatype=""><a href="/comment/287#comment-287" class="permalink" rel="bookmark" hreflang="en">Thanks for reminding me…</a></h3> <div property="schema:text" class="clearfix text-formatted field field--name-comment-body field--type-text-long field--label-hidden field__item">Thanks for reminding me. Someone told me already but I forgot. I'll have to upgrade my firewall anyway, I will update this article then</div> <drupal-render-placeholder callback="comment.lazy_builders:renderLinks" arguments="0=287&amp;1=default&amp;2=en&amp;3=" token="RMBKLYmqKf9wskyFCBapDM1-cyGk9cE1N5IjCzjCM4o"></drupal-render-placeholder> </div> </article> </div> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=175&amp;2=comment&amp;3=comment" token="lFMJZ4hwExFr22uehBEfbrtyFuBrM7mejZVGefIw7Yw"></drupal-render-placeholder> </section> Wed, 06 Apr 2016 05:45:00 +0000 Hoti 175 at https://tech.feedyourhead.at