cool wordpress themes

[lang_en]Trying to setup a tinderbox for sparc64[/lang_en][lang_nl]Een poging om een sparc64 tinderbox op te zetten[/lang_nl]

On September 9, 2008, In FreeBSD, Weblog, by Remko

[lang_en]Tonight I spend most of my time waiting. Waiting for the installation of a "standalone" tinderbox on the Sparc64 platform. The basic idea that I currently have is to see whether it would work at all. So currently the box installed MySQL, perl, php, apache and some more things that are required for the Tinderbox. It only forgot to install the mod_php info so I am rebuilding that at the moment.

When that completes I will test whether it actually does something usefull, and I already found Ion-Mihai to see whether we can setup a QAT for sparc64.

There is one limitation for now. It will only run during daytime. I appreciate my sleep :) [/lang_en]

[lang_nl]Vanavond heb ik de meeste tijd doorgebracht met wachten. Wachten op de installatie van een standalone Tinderbox voor het Sparc64 platform. Het basis idee dat ik hiermee heb is om te zien of het uberhaupt kan werken. Dus tot heden zijn MySQL, Apache, perl, php en nog wat meer ports geinstalleerd die nodig zijn voor de Tinderbox. Echter php was gebuild zonder Apache ondersteuning, dus dat moet even opnieuw.

Zodra dat werkt kan ik zien of het inderdaad bruikbaar is, ik heb Ion-Mihai al gevonden om te zien of we wellicht een QAT op kunnen zetten voor Sparc64.

Er is echter 1 limitatie voorlopig, de machine zal alleen tijdens de dag draaien. Ik vind mijn slaap belangrijk genoeg om hem savonds uit te zetten :-) [/lang_nl]

2 Comments
Leave A Response

Tagged with:
 

[lang_en]PF statistics script updated (MRTG)[/lang_en][lang_nl]PF statistieken script geupdate[/lang_nl]

On September 7, 2008, In Weblog, by Remko

[lang_en]I Just released version 2.0 of the script pf-to-mrtg.pl. I was bored with the old script and it annoyed me that it looked so darned ugly. I rewrote it to match some more current scripts that I use, better options handling, better usage instructions, better usage of the options and information (we might be able to use the information multiple times without using pfctl -si multiple times itself). This also prepares for a potential cacti alike script. Check it out :) [/lang_en]

[lang_nl]Zojuist heb ik versie 2.0 van het script pf-to-mrtg.pl vrijgegeven. Ik was uitgekeken op het oude script, en het "irriteerde" me dat het zo lelijk eruit zag ;) . Ik heb het herschreven om wat recentere opties die ik gebruik in te voegen zodat we betere opties kunnen verwerken, betere instructies, op de toekomst voorbereid, als er meerdere bronnen van informatie uit het script gehaald moet worden (zodat bv een cacti-achtige oplossing mogelijk wordt). Bekijk het eens! :-) [/lang_nl]

0 Comments
Leave A Response

Tagged with:
 

Recent experiences

On June 15, 2008, In Technical, by Remko

So, recently I obtained several new experiences :-) .

I am working with Fortigate machines (AFA1000's) and Juniper Netscreen SSG550's, which are both great machines to work with. I touched a couple of netscreens just a week before I started my new assignment, and now I work full time with them. Beyond that I also try to support the team I am in now with cisco/networking knowledge so that the team can keep on rolling (even if the grand-master will be on holiday within 2 months from now).

Apart from the work experience I also did some work in perl again and finished up check_honeynet.pl v2.0.3b (Which will eventually become v2.0) and I am playing around with svn and mirroring subversion stuff (For FreeBSD and my own projects).

Seeing my upcoming agenda makes it a bit challenging to properly give all my activities enough time, but I am sure I Can manage that just fine.

0 Comments
Leave A Response

Tagged with:
 

check_honeynet v2.0.a2

On June 4, 2008, In Downloads, by Remko

Release 2.0.a2 (Alpha quality) for check_honeynet is here :-) , go check it out!

PLAIN TEXT
PERL:
  1. #!/usr/bin/perl
  2. # $Id: check_honeynet.pl 801 2008-06-03 20:40:53Z remko $
  3. ###########################################################################
  4.  
  5. ###########################################################################
  6. # Copyright (C) 2005-2008, Remko Lodder <remko@FreeBSD.org>. All rights reserved.
  7. #
  8. # Redistribution and use in source and binary forms, with or without
  9. # modification, are permitted provided that the following conditions
  10. # are met:
  11. # 1. Redistributions of source code must retain the above copyright
  12. #    notice, this list of conditions and the following disclaimer.
  13. # 2. Redistributions in binary form must reproduce the above copyright
  14. #    notice, this list of conditions and the following disclaimer in the
  15. #    documentation and/or other materials provided with the distribution.
  16. #
  17. # THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  18. # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  19. # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  20. # ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
  21. # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  22. # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  23. # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  24. # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  25. # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  26. # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  27. # SUCH DAMAGE.
  28. ###########################################################################
  29.  
  30. ###########################################################################
  31. # Contributors:
  32. # Ivo Naninck, (Language), Marc Plaisier (language), Mart vd Wege (Mailer
  33. # suggestion),
  34. # Lance Spitzner (the most valueable feedback regarding the script).
  35. # Richard Arends (suggested the actual perl mailer; and gave a good example
  36. # on how to use the module),
  37. # Robert Blacquiere (showed me Simple::Config, which I am using now to
  38. # obtain configuration informatin, as well as write statistics to a
  39. # temporary file)
  40. #
  41. # Script:
  42. # This is a stand alone script written for honeynet.org. It's purpose is
  43. # to check the listed mirrors to see which one is outdated and notify
  44. # the administrator of the outdated mirror if needed. This way the
  45. # mirrors will always be within a certain timeframe and can be removed
  46. # if they are too outdated.
  47. #
  48. # Written in colaboration with Lance Spitzner <lance@honeynet.org>
  49. ###########################################################################
  50.  
  51. ###########################################################################
  52. # Differences between releases, started this between 1.5 and 1.6 sorry
  53. # for the loss of potential usefull information (although I might be able
  54. # to retrieve the missing data from my CVS branches).
  55. # Note that all the three version based versions are just bugfixes to some
  56. # degree.
  57. # Version       Who             What
  58. # 1.1           Remko           Initial script to check the mirrors.
  59. # 1.1->1.2      Remko
  60. # 1.2->1.3      Remko
  61. # 1.3->1.4      Remko
  62. # 1.4->1.5      Remko           Code cleanups, restructure of code; corrected
  63. #                               some bugs between various releases spotted
  64. #                               by Lance.
  65. # 1.5->1.6      Remko           Cleanups, changed structure for timestamp
  66. #                               retrieval; make it human readable and match
  67. #                               on a specific pattern. Made the version dependend
  68. #                               on the configuration version and visa-versa
  69. #                               to be able to make big config changes.
  70. #                               BF-1: Fix the email send options by using the
  71. #                                     correct Net::SMTP commands.
  72. #                               BF-1: Fix the parsing of the new mirrorprobe
  73. #                                     layout.
  74. #                               BF-2: Change the Mailer used to send out the
  75. #                                     report.
  76. # 1.6->1.7      Remko           Implement Config::Simple, makes configuration
  77. #                               much easier!
  78. # 1.7->2.0      Remko           a1: Implement that we can trace various sites with
  79. #                               multiple problems more easily by using a
  80. #                               semi-persisent configuration file.  This brings
  81. #                               the entire branch to an entirely new world.
  82. #                               Which is why we bump the version to 2.0
  83. #                               a2: Implement file-statistics checker, if the
  84. #                               file does not exist yet, we need to make sure
  85. #                               we know and that we can bypass certain readins
  86. #                               so that we are not going to get into trouble
  87. #                               later on.
  88. ###########################################################################
  89.  
  90. use strict;
  91. use warnings;
  92. use LWP::Simple;
  93. use Getopt::Std;
  94. use Mail::Sendmail;
  95. use Config::Simple;
  96.  
  97. ###########################################################################
  98. # variables. All configurable options are defined below. Please adjust them
  99. # to your need.
  100. ###########################################################################
  101.  
  102. # Version, author and script specific behaviour
  103. my $author              = 'Remko Lodder <remko@FreeBSD.org>';   # Name of the author
  104. my $name                = __FILE__;                             # Our scriptname.
  105. my $MAJOR               = '2';                                  # Our major version
  106. my $MINOR               = '0';                                  # Our minor version
  107. my $PATCHLEVEL          = 'a2';                                 # Our patchlevel
  108. my $version             = "$MAJOR.$MINOR.$PATCHLEVEL";          # Our version.
  109.  
  110. ###########################################################################
  111. # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  112. # Do not edit anything below this line unless you know what you are doing.
  113. # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  114. ###########################################################################
  115.  
  116. ###########################################################################
  117. # Prototypes, specify upfront what we are going to use if globally needed
  118. # and prototype arrays, hashes and functions.
  119. ###########################################################################
  120.  
  121. # create the option hash, we will use that later to add our option flags.
  122. my %option              = ();
  123.  
  124. # Template our arrays
  125. my (@MIRRORS);
  126.  
  127. # Template some standard variables
  128. my ($CONFIGFILE, $status, $reporthost, $timestamp,$target,
  129.     $enable_mail, $cfg, $cfg_out, $outfile, $alert_max,
  130.     $alert_min, $alert_mid, $mail_from, $mail_bcc, $mail_cc);
  131.  
  132. # Prototype functions
  133. sub fetch_data ($$);
  134. sub email_report ($$$);
  135. sub convert_input ($);
  136. sub process_mirrors (@);
  137. sub create_timestamp ($);
  138.  
  139. ###########################################################################
  140. # Script itself
  141. ###########################################################################
  142.  
  143. getopts("cC:f:F:hpR:tv", \%option);
  144.  
  145. my $config_flag   = 1 if $option{f};
  146. my $config_option = $option{f};
  147.  
  148. my $create_flag   = 1 if $option{c};
  149. my $help_flag     = 1 if $option{h};
  150. my $process_flag  = 1 if $option{p};
  151. my $test_flag     = 1 if $option{t};
  152. my $convert_flag  = 1 if $option{C};
  153. my $fetch_flag    = 1 if $option{F};
  154. my $retrieve_flag = 1 if $option{R};
  155.  
  156. # Simply assign the contents of the configuration parameter to the
  157. # configuration file variable, otherwise overrule it with the
  158. # default value
  159.  
  160. $CONFIGFILE     = $config_option || "./honeynet.cf";
  161.  
  162. # Read in current configuration.
  163. # This should always succeed, in case it doesn't then we cannot do
  164. # anything at all.
  165.  
  166. $cfg            = new Config::Simple($CONFIGFILE);
  167.  
  168. #####
  169. ##### Global variable assignment after reading config
  170. #####
  171.  
  172. # Read in some variales upfront, so that we can more
  173. # easily use them later on.
  174.  
  175. @MIRRORS        = $cfg->param('CONFIG.mirrors');
  176. $outfile        = $cfg->param('CONFIG.outfile');
  177. $enable_mail    = $cfg->param('CONFIG.enable_mail');
  178. $alert_max      = $cfg->param('CONFIG.alert_max');
  179. $alert_mid      = $cfg->param('CONFIG.alert_mid');
  180. $alert_min      = $cfg->param('CONFIG.alert_min');
  181. $mail_from      = $cfg->param('CONFIG.fromaddr');
  182. $mail_bcc       = $cfg->param('CONFIG.ccaddr');
  183. $mail_cc        = $cfg->param('CONFIG.mirroradmin');
  184.  
  185. if (-e "$outfile")
  186. {
  187.  
  188.         # Read in the statistics from our last run
  189.         $cfg_out        = new Config::Simple($outfile);
  190.  
  191.         # Make an instant backup before we do a new run.
  192.         $cfg_out->write("$outfile.orig");
  193. }
  194. else
  195. {
  196.         # Create the statistics file for our entire run
  197.         $cfg_out        = new Config::Simple(syntax=>'ini');
  198. }
  199.  
  200. # Make sure that there us a version statement in the configuration file, so that we can see whether we are
  201. # compabible or not.
  202.  
  203. if (!$cfg->param('CONFIG.version'))
  204. {
  205.         print "It appears that you do not have a version statement in your configuration file. This means that the version you are using now is
  206. too old, make sure that you obtain the latest one and update that to your needs.";
  207.         exit(1);
  208. }
  209.  
  210. if ($cfg->param('CONFIG.version'))
  211. {
  212.         my($version_def_major,$version_def_minor) = $cfg->param('CONFIG.version') =~ /(\d+)\.(\d+)/;
  213.  
  214.         # the script can defer between MAJOR and MINOR releases; bugfixes aka patchlevels are
  215.         # not affected by this and can thus be ignored.
  216.         # TODO: This check should be made more flexible in the future, version 1.4 and 1.5 share
  217.         # the same configuration file and should both pass.
  218.  
  219.         if(($version_def_major lt $MAJOR) or ($version_def_minor lt $MINOR))
  220.         {
  221.                 print "You appear to be using an older configuration file that might not be compatible with the current version of the
  222. script, please validate that you have the latest options included and copy over the version statement from the latest available configuration
  223. file. Make sure that the old version statement is overwritten!
  224. The current script runs on version: $version, while the configuration is for version $cfg->param('CONFIG.version')\n";
  225.                 exit(1);
  226.         }
  227. }
  228.  
  229. # Create a new timestamp that will be fed into the mirrors, which we can use to test the
  230. # age of the mirror.
  231.  
  232. if ($create_flag) {
  233.         create_timestamp($cfg->param('CONFIG.probefile'));
  234. }
  235.  
  236. elsif ($process_flag) {
  237.         # Process the mirrors using the hash we have for them.
  238.         process_mirrors(@MIRRORS);
  239. }
  240.  
  241. # test mode, printout information on screen.
  242. elsif($test_flag)
  243. {
  244.         # In test mode we dont send out emails.
  245.         $enable_mail = 0;
  246.  
  247.         print("$name: Starting\n");
  248.         print("$name: Processing mirrors\n");
  249.  
  250.         # Process the mirrors using the hash we have for them.
  251.         process_mirrors(@MIRRORS);
  252.  
  253.         print("$name: Finishing\n");
  254. }
  255.  
  256. # convert input from unixtime to human readable time.
  257. elsif($convert_flag)
  258. {
  259.         print "$option{C} resolves to " . convert_input($option{C}) . "\n";
  260. }
  261.  
  262. # fetch the mirrorprobe file from the given host
  263. elsif($fetch_flag)
  264. {
  265.         my $result = fetch_data($option{F}, $cfg->param('CONFIG.sourcefile'));
  266.         open(OUT, "> $cfg->param('CONFIG.outdir')/$option{F}.timestamp");
  267.                 print OUT $result;
  268.         close(OUT);
  269. }
  270.  
  271. # Fetch the mirror timestamp and parse it. Print the output back on the screen.
  272. elsif($retrieve_flag)
  273. {
  274.         my $result = fetch_data($option{R}, $cfg->param('CONFIG.sourcefile'));
  275.         print("$option{R} was last modified " . convert_input($result) . "\n");
  276. }
  277.  
  278. # People expect a help option, provide it for them.
  279. elsif ($help_flag)
  280. {
  281.         print_help();
  282. }
  283.  
  284. # No valid options had been given, fallback to the help information.
  285. else
  286. {
  287.         print_help();
  288. }
  289.  
  290. # print_help: expects no input, just prints the help information on how
  291. # the application should work.
  292. sub print_help
  293. {
  294.         print("Usage:\t$name [ -c ] [ -C <value> ] [ -f <configurationfile> ] [ -F <host> ] [ -h ] [ -p ] [ -R <host> ] [ -t ]
  295. \t-c\tCreate the timestamp for the localmachine. This timestamp can be used to determine when the mirror was last updated.
  296. \t-C\t<value> converts the unix timestamp to human readable format
  297. \t-f\t<filename> Use the specified configuration file
  298. \t-F\t<host> fetch the timestamp for an external host, for example: www.honeynet.nl
  299. \t-h\tprint this help.
  300. \t-p\tCheck the status of the mirrors, and report the output to us
  301. \t-t\tTest mode, does not send out emails, but prints the information on the screen.
  302. Version: $version
  303. Originally written by Remko Lodder <remko\@FreeBSD.org, for the honeynet project.\n");
  304. }
  305.  
  306. # create_timestamp: expects a variable filled with where we should store
  307. # the unixtime (for remote mirrors).
  308. sub create_timestamp ($)
  309. {
  310.         my $probefile = shift;
  311.         open(F_OUT, "> $probefile");
  312.                 print F_OUT "Mirrorprobe time: " . time() . "
  313. Local time: " . convert_input(time());
  314.         close F_OUT;
  315. }
  316.  
  317. # convert_input: expects unixtime and converts it to human readable time.
  318. sub convert_input ($)
  319. {
  320.         my $output      = scalar localtime(shift);
  321.         return $output;
  322. }
  323.  
  324. # fetch_data: gets two variables as input, one with the fqdn of the remote host and one
  325. # with the location of where we expect the remote file. XXX: This looks a bit ugly at the
  326. # moment.
  327. sub fetch_data ($$)
  328. {
  329.         my $source      = shift;
  330.         my $sourcefile  = shift;
  331.  
  332.         my $return_data = ();
  333.         my $data        = get("http://$source$sourcefile");
  334.  
  335.         # IF the remote data is present, take out the numberic time value and return that
  336.         # ELSE obscure the data, which will revert to 1969/1970 (depending on what the machine
  337.         # considers EPOCH).
  338.         if ($data)
  339.         {
  340.                 chomp $data;
  341.  
  342.                 $return_data = $data;
  343.                 $return_data =~ s/\n/\ /;
  344.                 if ($return_data =~ /\S+ \S+ (\d+) \S+/)
  345.                 {
  346.                         $return_data = $1;
  347.                 }
  348.                 return $return_data;
  349.         }
  350.  
  351.         else
  352.         {
  353.                 $data = 0;
  354.                 return $data;
  355.         }
  356. }
  357.  
  358. # proccess_mirrors: gets an array as input with all the mirrors in it. It will walk through all hosts
  359. # and do specific actions with them, like printing out a report, or emailing it to the remote
  360. # administrator. It keeps a record of the current statustime.
  361. sub process_mirrors (@) {
  362.         my %mirror_time;
  363.         my @mirror_list = @_;
  364.  
  365.         for my $target(@mirror_list)
  366.         {
  367.                 $mirror_time{$target} = fetch_data($target,$cfg->param('CONFIG.sourcefile'));
  368.  
  369.                 # We should probably dont need to use this since it is implied in the routine itself.
  370.                 if(!$mirror_time{$target})
  371.                 {
  372.                         $mirror_time{$target} = 0;
  373.                 }
  374.  
  375.                 # declare our local time before continueing.
  376.                 my $honeynet_ctime      = time();
  377.                 my $mirror_ctime        = $mirror_time{$target};
  378.                 my $mirror_difftime     = $honeynet_ctime - $mirror_time{$target};
  379.  
  380.                 # If the resulting number is less then zero, the remote host is outdated.
  381.                 my $mirror_timediff     = $cfg->param('CONFIG.timeout') - $mirror_difftime;
  382.  
  383.                 # Everything that has a calculated time which is bigger then the timeout is
  384.                 # on the right track, everything that isn't, gets either notified or the
  385.                 # output will be present on screen.
  386.                 if ($mirror_timediff gt "0")
  387.                 {
  388.                         if($cfg->param('CONFIG.verbose') ne "0")
  389.                         {
  390.                                 $status = "OK";
  391.                                 $timestamp = scalar localtime($mirror_time{$target});
  392.                                 $reporthost = $target;
  393.                                 write;          # Write out our template.
  394.                         }
  395.                                 next;
  396.                 }
  397.                 else
  398.                 {
  399.                         my $info = $cfg_out->param("mirrors.$target");
  400.                         if (defined $info && $info gt 0)
  401.                         {
  402.                                 if ($info eq $alert_max || $info eq $alert_mid || $info eq $alert_min)
  403.                                 {
  404.                                         # The email option is enabled and we found an outdated mirror
  405.                                         # jump to the email_report function.
  406.                                         if($enable_mail)
  407.                                         {
  408.                                                 email_report($target,$mirror_time{$target},$info);
  409.                                         }
  410.                                 }
  411.  
  412.                                 # Update our local statistics first before anything else
  413.                                 $cfg_out->param("mirrors.$target", $info+1);
  414.                                 $cfg_out->param("checktime.$target", scalar localtime($mirror_time{$target}));
  415.                         }
  416.                         else
  417.                         {
  418.                                 # The email option is enabled and we found an outdated mirror
  419.                                 # jump to the email_report function.
  420.                                 if ($enable_mail)
  421.                                 {
  422.                                         email_report($target,$mirror_time{$target}, $alert_min);
  423.                                 }
  424.  
  425.                                 # Begin our statistics with 1.
  426.                                 $cfg_out->param("mirrors.$target", 1);
  427.                                 $cfg_out->param("checktime.$target", scalar localtime($mirror_time{$target}));
  428.                         }
  429.  
  430.  
  431.                         if($cfg->param('CONFIG.verbose') ne "0")
  432.                         {
  433.                                 $status = "FAIL";
  434.                                 $timestamp = scalar localtime($mirror_time{$target});
  435.  
  436.                                 # Only override if the message has the old timestamp and thus is broken.
  437.                                 if($timestamp =~ /19[6-7]\d/)
  438.                                 {
  439.                                         $timestamp = "Mirrorprobe file problems!";
  440.                                 }
  441.                                 $reporthost = $target;
  442.                                 write;          # Write out our template.
  443.                         }
  444.                 }
  445.         }
  446.  
  447. # Specify how our output is going to look like. This generates a nice overview
  448. # on the current status of the various mirrors.  This is only being used if we
  449. # print verbose.
  450. # Below: HEADER
  451. format STDOUT_TOP =
  452. ----------------------------------------------------------------------------
  453. --------------------------- Honeynet Check results -------------------------
  454. ----------------------------------------------------------------------------
  455. Status  Site                                    Last changed
  456. .
  457.  
  458. # Format specifier for the content of the printout.
  459. format STDOUT =
  460. @<<<<  @<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<  @<<<<<<<<<<<<<<<<<<<<<<<<<<
  461. $status, $reporthost,                           $timestamp
  462. .
  463. }
  464.  
  465. # email_report: expects a target and a mirror_time, sends out an email to
  466. # the desired administrator and informs them about the current status of
  467. # the mirror.
  468. sub email_report ($$$)
  469. {
  470.         my $status      = ();
  471.         my $alert_msg   = ();
  472.         my $target      = shift;
  473.         my $mirror_time = shift;
  474.         my $alert       = shift;
  475.         my $recipient   = $cfg->param("MIRRORS.$target") || $mail_cc;
  476.  
  477.         # Make the mirror time a human parseable time, if this matches the beginning of time
  478.         # (For computers at least). Tell that there is a problem.
  479.         $mirror_time    = scalar localtime($mirror_time);
  480.  
  481.         if ($mirror_time =~ /19[6-7]\d/)
  482.         {
  483.                 $status = "Your mirror seems to have troubles fetching the mirrorprobe file.";
  484.         }
  485.         else
  486.         {
  487.                 $status = "At this moment it seems that your mirror was last updated on $mirror_time.";
  488.         }
  489.         if ($alert eq $alert_max)
  490.         {
  491.                 $alert_msg = "NOTE WELL: This is the final warning you will be receiving.  Please repair the mirror as soon as possible. In the meantime we will remove your mirror.";
  492.         }
  493.         else
  494.         {
  495.                 $alert_msg = "NOTE WELL: This is alert number $alert for your host. Please be advised that our current maximum is at $alert_max.\n";
  496.         }
  497.  
  498.         my $message = "Hello $recipient,
  500. You are recieving this email because your Honeynet Project mirror ($target) seems to be outdated.
  501. $status
  503. Could you please check whether everything is working as expected?
  504. If there is something wrong or you do no longer wish to be a mirror, please notify $mail_cc
  506. Thanks for supporting the Honeynet Project!
  508. If you have questions or concerts, please do not hesitate to contact us!
  510. $alert_msg
  512. --
  513. The Honeynet Project Mirror Admins";
  514.  
  515.         # Fill our mailhash with information that we are going to send.
  516.         my %mail = (
  517.                 To              => "$recipient",
  518.                 From            => "$mail_from",
  519.                 Bcc             => "$mail_bcc",
  520.                 # only addresses are extracted from Bcc, real names disregarded
  521.                 Cc              => "$mail_cc",
  522.                 # Cc will appear in the header. (Bcc will not)
  523.                 Subject         => "$target seems to be outdated, please investigate",
  524.                 'X-Mailer'      => "$name $version using Mail::Sendmail version $Mail::Sendmail::VERSION",
  525.                 message         => "$message",
  526.         );
  527.  
  528.         # Add an additional header so that we can show that this is our thing.
  529.         $mail{'Honeynet.org : '} = "http://www.honeynet.org";
  530.  
  531.         # Send out the mail, if succesfull print that we did OK else
  532.         # give error.
  533.         if (sendmail %mail)
  534.         {
  535.                 print "Mail alert sent OK.\n";
  536.         }
  537.         else
  538.         {
  539.                 print "Error sending mail: $Mail::Sendmail::error \n"
  540.         }
  541. }
  542.  
  543. # And as a final action make sure we write out our configuration file.
  544. # Temporary to write out the exact config to our statistics file, later we will use this to write
  545. # down our run-time statistics into a "peristent" file.
  546.  
  547. $cfg_out->write($outfile);
  548.  
  549. # End of the script.

0 Comments
Leave A Response

Tagged with:
 

Honeynet Mirror check tool 1.7 released

On March 24, 2008, In News, Technical, by Remko

So, Saturday and today I spend a bit of time updating my honeynet check mirror application, which retrieves information from various mirrors to do an educated guess on when the mirrors did a last sync (all in perspective ofcourse because it doesn't tell the actual status, but at least it's a guide, and if properly done, we can see what happends).

That ofcourse doesn't mean the tool is honeynet only, you can easily change it for your own needs to enlist several own mirrors etc. It's just that I named it for the honeynet project: check_honeynet, one could argue to name it "evil-mirror-validator" or something (evil- are prefixes of most of my projects).

Anyway: back to the discussion: v1.7 has a new way of parsing configuration records which is rather straight forward. I will be implementing the same for 2.0 (which is actually just a continued development on top of 1.7). This makes use of the Config::Simple module, which enables me to write it all ini-style based (it was already like that, but then resolved more ugly then it is now).

If you browse to the downloads section, you will find it there, with a published web-frontend and so on. If you have any comments please let me know. From what I saw from my local tests this just works fine.

For 2.0 I will be issueing a seperated statistics file, which I will write ini based (from the application) to gather statistics about [ok] [bad] [banned] hosts. This way we can more selectively send messages to the bogus mirror, and even ban them (which could result in an automated removal from the main site for example) if they trigger the (adjustable) thresholds.

1 Comments
Leave A Response

Tagged with:
 
© 2003-2010 Evilcoder.org
Bear