blog.andrewallen.co.uk

blog.andrewallen.co.uk

Filed under

security

See all posts on posterous with this tag »
Dec 10 / 5:56am

Security Podcasts on my Podroll

There are now quite a number of podcasts available, covering all areas of Information Security - I find it a great way to stay up to date with the industry news, particularly when commuting. A fairly comprehensive list can be found at http://getmon.com/, while my current regular favorites are below:

  • Paul Dot Com Security Weekly (feed) - one of the longest established US based security podcasts, normally around 2 hours long, with interviews, technical segments and industry news.
  • Risky Business (feed) - an Australian based ~30 minute show, neatly split into news, interview and sponsor interview
  • 2600 | Off The Hook (feed) - airs every Wednesday night at 7:00 PM EST in New York City on listener supported WBAI 99.5 FM.

I've created an aggregated feed of my Podroll, which makes subscribing quick and simple - on my phone, it means adding just one feed, instead of lots of different feeds for different podcasts (very useful when rebuilding your phone after flashing the latest ROM)... I did try RSSmix.com, which IronGeek also uses, but I found updates through the site don't seem to be that regular (and the site itself can run pretty slow as well), which means missing out on the latest content. Instead, I use Yahoo Pipes to merge and manipulate the various feeds together, and then publish through Feedburner to get some extra control / statistics.

You can subscribe to my Podroll feed here (http://feeds.andrewallen.co.uk/andrewallen/podroll), or you can view the Yahoo Pipes source here.

Update - Dec 14

I've updated the pipe to include the following feeds, and also strip posts with no enclosures:

Loading mentions Retweet
Filed under  //  security  

Comments (0)

Nov 13 / 1:51pm

PostgreSQL not starting on BackTrack 4 Pre-Final

If you are following the latest releases in regards to BackTrack, following a recent update you may have experienced error when PostgreSQL attempts to start:

Starting PostgreSQL 8.3 database server: main* The PostgreSQL server failed to start. Please check the log output:

Then further down:

could not load server certificate file “server.crt”: No such file or directory

Here is a quick fix - at the console, type:

cd /etc/ssl/certs
ls -ld /etc/ssl/private
sudo ls -l /etc/ssl/private/
make-ssl-cert generate-default-snakeoil –force-overwrite
cd /etc/ssl/certs

Re-run the update commands, and you should be good to go:

apt-get update
apt-get upgrade
apt-get dist-upgrade
Loading mentions Retweet
Filed under  //  security  

Comments (0)

Sep 22 / 5:43am

Metasploit Unleashed now available!

Over on the Offensive Security blog, muts has just announced that the free version of their online course ‘Metasploit Unleashed – Mastering the Framework’ is now available.

“The current version of the online course is based on donations – if you enjoy the course – consider making a donation to HFC via the “donations” page. The Video / PDF version of the course has been held back until the MSF will release a stable v3.3 – so we don’t miss out on all the new and wonderful features which are being included.”

Over the past month, I’ve been working through Penetration Testing with BackTrack online course, which I can highly recommend – I’ll definitely be looking forward to the video / pdf version of Metasploit Unleashed J

Loading mentions Retweet
Filed under  //  security  

Comments (0)

Nov 1 / 3:29am

Exporting logs from Check Point FireWall-1

I've recently been trying to improve a SOX process for analysing firewall activity, currently based on a manual daily check. As part of that work, I knocked together a quick batch file which can be used for automating the export of logs from Check Point FireWall-1, since by default, the logs generated are not readable as standard ascii text. The logs need to be exported using 'fwm.exe logexport', which outputs into a more readable CSV format, allowing you to carry out pre-processing of the data using other tools, such as the excellent fwlogsum.

@ECHO OFF & SETLOCAL ENABLEEXTENSIONS

:: "fw1export.cmd" (version 1.0, 01/11/2007)
:: by Andrew G. Allen, http://www.andrewallen.co.uk/

:: This work is licenced under a Creative Commons License.
:: Visit http://creativecommons.org/licenses/by/2.0/uk/ for more information.
 
:VARIABLES
 
SET v_SCRIPTDIR=D:\SCRIPTS
SET v_WORKINGDIR=%v_SCRIPTDIR%\FW1EXPORT
SET v_INPUTDIR=D:\WINNT\FW1\R60\fw1\log
SET v_FWM=D:\WINNT\FW1\R60\fw1\bin\v_FWM.exe

:END_VARIABLES

:: *** NO EDITING REQUIRED PAST THIS POINT *************************************

::       1         2         3         4         5         6         7         8
:: 45678901234567890123456789012345678901234567890123456789012345678901234567890

:CODE

IF NOT EXIST %v_SCRIPTDIR% MD %v_SCRIPTDIR%
IF NOT EXIST %v_WORKINGDIR% MD %v_WORKINGDIR%

DIR /B %v_INPUTDIR%\2007*.log | FIND /V "ptr" > %v_WORKINGDIR%\FW1EXPORT.TMP
FOR /F "TOKENS=1 DELIMS=" %%A IN (%v_WORKINGDIR%\FW1EXPORT.TMP) DO (
   IF NOT EXIST %v_WORKINGDIR%\%%A (
      %v_FWM% logexport -n -p -i %v_INPUTDIR%\%%A -o %v_WORKINGDIR%\%%A
   )
)
DEL /Q /F %v_WORKINGDIR%\FW1EXPORT.TMP

:END_CODE

You should setup the attached batch as a scheduled task to run once per day, once the logs have rotated.

Loading mentions Retweet
Filed under  //  security  

Comments (0)