Blog

Awesome Screenshot URL tracking and niki-bot

UPDATE: Awesome Screenshot 3.7.12 now offers an 'opt-out' setting to address this (but it's on by default) - read my new article here.

Back in June, my OSSEC logs alerted me to some web crawling activity by a crawler with a user-agent of 'niki-bot'. Chances are if you grep or analyse your web logs, you've seen it too.

Secure Keyboard Entry on OS X blocks interaction with Yubikeys

I recently got a few Yubikeys and have been implementing PAM, SSH integration and the like for two factor authentication across a range of infrastructure.

I'm pleased to say that Yubico's free and opensource Validation Server/KSM seem to work quite well, with the docs only marginally incorrect from time to time.. not bad for open source software :)

OSSEC, Drupal, and different Syslog identities per site

I really like OSSEC, the open-source intrusion detection system, and deploy it wherever I'm working. Not only is it great from a security point of view (detecting brute force attacks, crawlers, XSS injection attempts, bad permissions on files, modificatons to files, notification of installed/removed packages, presence of rootkits etc etc), but it's also really good at exposing the general state of things on your infrastructure that might otherwise go unnoticed (even if they're logged).

Kippo deb package updated to 0.8

I have updated my Kippo Debian package to be using the latest 0.8 release of Kippo and also to run on the current Debian stable release, 'Wheezy'.

Installing

1. Add this line to /etc/apt/sources.list or create a new file called /etc/apt/sources.list.d/mig5.list

deb http://debian.mig5.net/debian/ wheezy main

2. My repo is signed with my GPG public key. To fetch the key:

Trying to automate the initial OSSEC installation steps

I haven't got around to packaging OSSEC for Debian yet - mainly because I haven't decided how to handle the fact that OSSEC uses a server->agent model that depends on the generation/importing of unique keys for communication (not unlike Puppet with SSL certificates), from an automation/Puppet perspective.

Kippo deb package updated

The Debian package that I made for Kippo last year, was a few commits behind (though not by much!).

When recently firing up a fresh Kippo sensor, I realised there were some bugs in the postinst script on a fresh install - additionally, there were some other bugs when removing and re-installing Kippo.

These have been fixed, and the Kippo package is now in-line with revision r219 of the subversion repo maintained by desaster.