Unofficial Snort 2.8.3.x patch for GCC 4.3.x build errors

Noted some issues lately in the community with build issues when building snort 2.8.3.x using GCC 4.3.x. Specifically you may receive output as follows:

In function ‘open’,
inlined from ‘server_stats_save’ at server_stats.c:349:
/usr/include/bits/fcntl2.h:51: error: call to ‘__open_missing_mode’ declared with attribute error: open with O_CREAT in second argument needs 3 arguments
make[5]: *** [server_stats.o] Error 1
make[5]: Leaving directory `~/snort-2.8.3.1/src/preprocessors/flow/portscan'
make[4]: *** [all-recursive] Error 1
make[4]: Leaving directory `~/snort-2.8.3.1/src/preprocessors/flow'
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory `~/snort-2.8.3.1/src/preprocessors'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `~/snort-2.8.3.1/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `~/snort-2.8.3.1'
make: *** [all] Error 2

If you are receiving the aforementioned error on build, it's likely a simple fix that you can apply to src/preprocessors/flow/portscan/server_stats.c... yes, the patch is below:

if you don't know how to patch the file, I suggest using google to figure it out ;-)

Click me for the patch
MD5
SHA256

Cheers,
JJC

How are your "Debian" SSL certs doing

Last night, while interviewing with Paul and Larry on the pauldotcom.com podcast, I had an interesting thought whilst bashing Debian and the latest OpenSSL party that they have created.

How many root Certificate Authorities run debian and generate signed ssl keys?

Obviously the implications on this are substantial.. I get in the middle of an affected ecom server/application and grab credit card numbers and identity info for a day or so.. then meander on my way. Alarming because of course it does not produce any real auditable trail for analysts to follow... I mean, there was no real break in as with TJX or Advance Auto....

So, the moral of this story is that you need to check with your CA and see if they issued you any certs/keys from any affected systems. If that is the case then they of course need to re-issue a known good cert/key to you.

I *hope* but doubt that it will happen, that any affected CA would notify their customer base if they had issued anything from an affected system.

Cheers,
JJC

Ubuntu Bashing Continued

It has been a while since I upgraded and subsequently wrote about my experience of upgrading Ubuntu 7.04 to Ubuntu 7.10. I gave Ubuntu 7.10 the good old college try, but have to report that I am now back to my FreeBSD Laptop.

The primary issues that I had with Ubuntu 7.10 had to deal with wireless networking. The connection speed would never exceed 23mbps and even when the driver stated that it was connected at 23mbps I could not achieve throughput of more than 5mbps, even with the laptop sitting 5' from the AP. The second, and most irritating, issue with the wireless networking setup of Ubuntu 7.10 was the consistent disconnects and intermittent reconnects. Often it would not reconnect and I would have to reboot and piss with it for 30 minutes before it would inexplicably reconnect. Of course this started to remind me of M$ reboots and I had to immediately remediate the situation with ufs and FreeBSD!


At first I thought that this was potentially related to the Broadcom 43XX chipset in the test laptop. I then tested with different Intel (non proprietary) wireless cards and different APs. An additional reason that I tested with different access points was due to the range limitation that I was experiencing with Ubuntu 7.10. I was only able to get to roughly 30' from the AP before I would lose signal.

The combination of these three wireless issues, in addition to the upgrade pain, led me to flatten the system and slap FreeBSD 6.2 REL onto it. That said, I am now back into my comfort zone of *BSD. I will also say that I have loaded the Broadcom 43xx windows driver using ndis and that I now have full 54mbps connectivity and a range of greater than 50' from the same APs that I had less than 30' with Ubuntu 7.10.

So, to conclude and finish this mild rant, I think that the new Ubuntu 7.10 is a decent distro overall "for the click brigade" but I also think that more time should have been put into the guts as opposed to the shininess of the whole thing. Of course, if you read some of my previous postings about the shininess setup issues that I experienced out of the box with Ubuntu 7.10....then perhaps they should have put more time into that as well.

Previous articles:
Ubuntu 7.04 to 7.10 Upgrade Notes Pt. 1
Ubuntu Upgrade to 7.10 Strike 2
Ubuntu Upgrade....or not (with compiz)

Cheers,
JJC

FreeBSD jabberd port mysql bug

As a quick post (esp since I have not been posting much lately) I recently ran into another issue with jabberd on freebsd. I say another, if you will remember a previous post concerning sasl - http://global-security.blogspot.com/2007/08/pidgin-on-linux-w-jabberd2-on.html.

This has more to do with cleaning up some of the errors that seem to exist in the mysql schema. Specifically, if you install jabberd2 from the ports tree "/usr/ports/net-im/jabberd" and configure it to use mysql as it's storage engine, you will receive several errors in your stdout our log files (depending on your configuration). These errors are generated when a users status changes, i.e. login, logout, away etc... I have included a quick snapshot of the errors below.

Nov 26 14:48:48 secure2 jabberd/sm[1629]: mysql: sql delete failed: Table 'jabberd2.status' doesn't exist
Nov 26 14:50:26 secure2 jabberd/sm[1629]: mysql: sql delete failed: Unknown column 'collection-owner' in 'where clause'
Nov 26 14:51:10 secure2 jabberd/sm[1629]: mysql: sql select failed: Unknown column 'object-sequence' in 'order clause'
Nov 26 14:51:10 secure2 jabberd/sm[1629]: mysql: sql insert failed: Unknown column 'status' in 'field list'
Nov 26 14:52:17 secure2 jabberd/sm[1629]: mysql: sql insert failed: Unknown column 'show' in 'field list'
Nov 26 14:52:58 secure2 jabberd/sm[1629]: mysql: sql insert failed: Unknown column 'last-login' in 'field list'
Nov 26 14:55:46 secure2 jabberd/sm[1629]: mysql: sql insert failed: Unknown column 'last-logout' in 'field list'
Nov 26 14:59:46 secure2 jabberd/c2s[1631]: [7] [192.168.1.2, port=3746] disconnect jid=user@test.com/Home, packets: 15
Nov 26 14:59:46 secure2 jabberd/sm[1629]: session ended: jid=user@test.com/Home
Nov 26 15:00:05 secure2 jabberd/c2s[1631]: [7] [192.168.1.2, port=3932] connect
Nov 26 15:00:05 secure2 jabberd/c2s[1631]: [7] SASL authentication succeeded: mechanism=DIGEST-MD5; authzid=user@test.com
Nov 26 15:00:05 secure2 jabberd/c2s[1631]: [7] bound: jid=user@test.com/Home
Nov 26 15:00:05 secure2 jabberd/c2s[1631]: [7] requesting session: jid=user@test.com/Home
Nov 26 15:00:05 secure2 jabberd/sm[1629]: session started: jid=user@test.com/Home

To remediate this, simply run the following against your jabberd2 mysql database:

CREATE TABLE `status` (
`collection-owner` varchar(256),
`object-sequence` bigint,
`status` text NOT NULL,
`show` text,
`last-login` int DEFAULT '0',
`last-logout` int DEFAULT '0',
PRIMARY KEY (`collection-owner`));

This will get ya going, I'm not gonna go into what's wrong with the script that is included in the jabberd2 install, I think that it's pretty straight forward.

Also note, I will try to post more regularly now but it's been a hectic few weeks for me (new job, family visiting etc...)

Cheers,
JJC

Nessus 3.06 on Ubuntu 7.10 _Gutsy Gibbon_

Post upgrading to Gutsy Gibbon on one of my test systems I needed to install an application that I regularly use (Nessus). To install this I downloaded the standard Nessus 3.0.6 deb package from nessus.org and attempted install via the package manager. The installation attempt produced the following Error: Dependency is not satisfied: libssl0.9.7. Normally I wouldn't write about this, but given the fact that I noticed several locations on the internet (various forums and blogs) about this issue being unresolved for many users I figured I would post what worked for me.

The first thing that I did was install libssl-dev "sudo apt-get install libssl-dev". After installing libssl-dev I again attempted to install the Nessus 3.0.6 deb package and received the same error " Error: Dependency is not satisfied: libssl0.9.7". My next step was to download libssl0.9.7_0.9.7g-5ubuntu1.1_i386.deb directly from packages.ubuntu.com and install this deb package. That's what did the trick, Nessus is now up and running and everyone (me) is happy.

Cheers,
JJC

Ubuntu Upgrade...or not (with compiz)

Perhaps it was a lack of patience on my part, or poor forward planning on Ubuntu's part, but I could no longer continue to attempt upgrading after what was likely the 30th failed attempt. As a result of this upgrade attempt outcome I decided to backup the /home/* directories and perform a clean install.

As one would expect the standard install succeeded with no problem. The expected options were available from custom partitioning to setting initial user and permissions during the installation. The only real issue that I had was with the "seamless" compiz implementation that I had heard so much about.

For this installation I used an HP laptop that I have, this laptop contains an ATI X series video card and therefore supports 3D acceleration. I was disappointed that the compiz (3D) desktop acceleration did not work out of the box, so here is what I did to make it work: Initially I simply tried to enable Extra effects after enabling the proprietary video card. This only produced the error "Composite extension not found"...after enabling in xorg.conf (as described below) I received the fairly generic error "Unable to enable visual effects" or similar... So here are my steps to enable compiz on Ubuntu 7.10 with ATI drivers (what worked for me)

• Enable all of the repos that have proprietary software and the like System -> Administration -> Software Sources.
• Enable the proprietary video card driver from the Restricted Drivers Manager.
• Make sure composite extensions are enabled : vi /etc/X11/xorg.conf

Section "Extensions"
Option "Composite" "1"
EndSection

• Install xserver-xgl "sudo apt-get install xserver-xgl
• Install compizconfig-settings-manager "sudo apt-get install compizconfig-settings-manager" *this is not a requirement but gives you a level of customization that is nice.
• Restart X
• Try it out System -> Preferences -> Appearance -> Visual Affects (select what you want here...I used Extra then Custom from the last apt-get install)

Everything else worked nicely, enabled the proprietary fwcutter for my wireless card and it worked, no more mucking with it as in previous versions, very nice!

All in all, I give this version a Thumbs Up despite the upgrade mess, seems more stable so far and clean.

Hope this helps someone out :-)

Cheers,
JJC

Ubuntu Upgrade to 7.10 Strike 2

As I write this, I have attempted roughly 10 "upgrades" via the Update Manager with the same result each time as displayed below.


Obviously this is producing some anxiety on my behalf, as I am anxious to upgrade. That said, I fear that the upgrade process, much like previous upgrade processes from the Ubuntu folks, is a complete joke.

In preparation for the joke to be a fact, I kicked off the download and noted again that the servers are getting hammered... bitTorrent anyone?


Cheers,
JJC

Ubuntu 7.04 to 7.10 Upgrade Notes pt 1

Time to see if the Ubuntu folks have cleaned up their upgrade process. Previous upgrade attempts have been painful to say the least (this means pre-7.10).

I kicked the process off at about 21:30 EST by updating my existing 7.04 installation with all of the latest package updates as noted in the Ubuntu upgrade process documentation. The update went smoothly with the simple exception that a boatload of other users must be doing the same thing and loading up the repos. I did have to restart the updates a few times to get all files to download (again, likely related to repo overload, considering the fact that I regularly update my Ubuntu systems and this is not a normal occurrence). It should be noted that the Upgrade to 7.10 option was available prior to updating my packages, but IAW the upgrade documentation I performed the package update first.

The first thing we do after making sure all packages are updated is click on the Upgrade button to kick off the 7.04 to 7.10 upgrade process and again click Upgrade in the release notes. This kicked off the upgrade process and started to download the Upgrade Tool (again a little slow...likely load related). Once the Upgrade Tool finished downloading and kicked off, more downloading and waiting as the Upgrade Tool runs through upgrade preparations, software channel modifications, fetching upgrades, installing upgrades, clean up and system restart.

This is where the trouble began, again I suspect due to load on the distribution servers. After waiting for about an hour on file 50 of 56, I canceled the process and started again in the hopes that it would jumpstart the download. Unfortunately this did not work, so I left it to fetch overnight, and woke up to the screenshot to the right.

With all of the excitement and everyone else attempting to update and upgrade at the same time, I'll be intermittently trying to complete my upgrade over the next week in the hopes that it will complete. That being said, I have spoken with a few of my associates that were able to fetch all of the upgrade files (~6 hours of downloading at painfully slow rates) and they had their upgrade fail roughly halfway through the process, thereby rendering their system useless and forcing a clean install of 7.10.

The same associate of mine "giovani" also suggested using bittorrent for the mass distribution medium, to alleviate some of the pain that we are all feeling with the seemingly overloaded repos. Something definitely needs to be done, bittorrent or otherwise, to clean up these load produced upgrade and update failures.

More to follow...

Cheers,
JJC

Canonical releases Ubuntu 7.10

Canonical Ltd. released the latest version (7.10) of the Ubuntu Server, Desktop, Kubuntu and Edubuntu Editions today. You can get more information about these releases and download them at the official Ubuntu site.

The Ubuntu developers have also created an upgrade path for users that are currently on the 7.04 ("Feisty Fawn") release. As stated on their website, the migration is as simple as insuring that all updates have been applied to your Feisty Fawn installation then opening System -> Administration -> Update Manager -> Select Upgrade (you may need to check for new updates). At this point you simply follow the on-screen instructions.

I will be testing this process tonight on my HP laptop and posting my results when complete.

Cheers,
JJC