While discussing the FIA via SSH article, one of my comments got some feedback; the comment was sudos config potentially giving the game away. A number of people suggested the same solution, patch where the source looks for the config file and compile it yourself. The idea is that you put a fake config file in the usual place, patch the source to use a different location and then compile the application. Read on →

Since being bitten by the Greasemonkey bug I’ve found dozens of ways to write broken and invalid JavaScript. While the JavaScript console that comes bundled with FireFox has helped track them down it’s come up short on a number of occasions. Fortunately we’ve now got FireBug, a per page JavaScript console with a bundle of extras. Including an integrated element inspector and XMLHttpRequest sniffer that shows you any AJAX traffic. And now for an related, annoying quirk. Read on →

I’m on call this weekend so I’m pretty limited in what I can get up to. At least that’s my excuse for watching TV… First up I saw the movie adaptation of Doom. I’ve blogged about the Doom movie before and unfortunately I was right. It was bloody terrible. Almost no plot, insanely bad voice acting from Rosamund Pike and lots of pointless corridors. The only highlight was the first person section that gave a nod to the original franchise. Read on →

Hal Pomeranz has an interesting article on File Integrity Assessment via SSH over at sysadmin magazine (well worth a subscription). At my last job a couple of us discussed doing something similar so I enjoyed the article; it’s nice to see someone actually implement the damn thing. The basic idea addresses one of the implicit weaknesses with FIA tools. You give the attacker an obvious target to try and subvert. While there are little tricks you can employ to make their life harder (add a false positive so if they replace the binary with a fake it doesn’t report everything you’d expect etc.) Hals technique moves the whole FIA setup off the machine. Read on →

What do multiple Nagios status pages, network traffic graphs and RT incident queues have in common? They’re all tabs I have open throughout the day. Because any of them can change at anytime, watching them has been always been a PITA. I used to get around this with a custom kludge that drove IE through a set series of pages. On the upside it worked. On the downside the periodic flicker of page changes drove me nuts. Read on →

Once you’ve been using a tool for a while you often reach a plateau where it’s “good enough” and you stop looking for ways to tweak it. I’ve been using bash for a number of years and I’ve got set in my ways; until I sat next to a co-worker who uses zsh. My first Linux machine had a 14” monitor that could only do low resolutions. Screen space was at a premium and every character was precious. Read on →

If you’re a heavy bash user you’ll often find yourself writing short snippets of code on the command line. Typically they’ll be based around a main loop and you’ll end up entering them over multiple lines to keep them readable. Unfortunately when you try reuse the command, by retrieving it from the bash command history, it’ll be transformed in to one semicolon laden unreadable mass. Unless you read on… One of the options bash allows you to set is ‘lithist’. Read on →

One of the lesser known features of bash is ‘$TMOUT’. When assigned a positive number this variable has two functions. When used in a script TMOUT is the timeout value for the ‘select’ command and the ‘read’ built-in. When used in an interactive shell, and assigned a positive number, $TMOUT is the number of seconds bash will wait (after outputting the prompt) before it terminates; typically killing the users session. This is often used to ensure that unused root prompts are not left logged in for more than a minute or two without auto-closing. Read on →

A topic that’s been discussed to great length on one of (many) Linux lists I lurk on has been that of mounting one file over another. It’s easier to show this with an example: $ cat password dwilson:password $ cat fakepassword attacker:fakepassword (root) $ mount --bind fake_password password $ cat password attacker:fakepassword While this requires root access (or flimsy mount permissions) to execute, it is a nasty little trick. An ‘ls’ won’t show anything strange but a ‘mount’ command will. Read on →

The Blosxom Immediate Action Feeds Plugin adds a number of links to the bottom of each blosxom post; both HTML and RSS flavours. These links allow easy interaction with a number of online services. This version of the plugin adds links for del.icio.us, Digg and reddit. When one of the links is clicked it takes the user to the site and attempts to autofill as many of the required fields as possible. Read on →