m0n0wall will be a home project

Our instructor required us to use Smoothwall, in the end. The network team will become the firewall team on Monday, and the firewall team will take network's place. Yep, we're switching roles at that point.

We have documented the procedures, except for one part--the changing of the IP address on the printer from one subnet to the next. Apparently, there's an issue with the firewall on the school's side, and we can't just set a rule in our firewall to treat the printer with (insert specific MAC address here) as static IP address (something.something.something.something).

We have explored various options in nmap, and will be installing nessus tomorrow. I wonder if we'll learn anything about locking systems down a bit, but I'm told we will learn that "later". When? We've got a course on viruses (not writing them or using them, but identifying them), web security, and security "best practices". Perhaps next quarter will be the quarter for learning that sort of thing.

Apparently, Metasploit 3 is out. Our instructor ran a classroom demonstration. I keep forgetting how easy it is to attack anymore--doesn't require any real skill with tools like that. The Metasploit site shows short movies on how to use the tool, as well.

The skill may be in defense, but maybe it's just me hoping that my education so far's not worthless. So far I've figured out that any network component that talks to any other component is probably vulnerable to at least one *known* exploit, and that defense is always going to be the side that's "behind". You can't always defend against everything, after all. You'd go crazy and/or cause the "availability" of your resource(s) to become non-existent.

I suppose there's still time to find a tech support job and become internet-famous for being a fine vegan home-cook...

m0n0wall project at school

I'm going to a local technical college where I'm in the information security program. Well, the sguil boxen at work didn't end up working as anticipated due to hardware issues. Shortly thereafter, I left my position with the manufacturing company to concentrate on school full-time.After four quarters of "core knowledge education", we are allowed to choose an "option". I chose the Communications Security course, which is kind of like learning skills for the CEH, but not quite.

My instructor named me team lead for the firewall team on our first project--I'll try very hard to live up to the responsibility. My team is working with the network design and implementation team on our project. The project is pretty simple in nature: design and implement a network structure we can use in-class on (but apart from) the school's network for learning about attacks and defense. (Yes, we will be touching on some of the administration and security tools both the "good guys" and "bad guys" use. It is my hope I will not end up a "corporate script kiddie", as a certain CEH trainer liked to call some of his former students in their role.)

I have to admit to a FreeBSD bias. I'm in love with an operating system. While I may use another OS temporarily, FreeBSD is my choice in OS. Considering this, and knowing that Smoothwall's been done to death in my classroom, I convinced my team to try m0n0wall with remote logging instead of Smoothwall.

Hopefully all will go fairly well. If not, we will have to go with a "known entity" as one of my senior team members is quite familiar with Smoothwall.

Funny story to add quickly to this chaos:
Most of our hardware has been rearranged in our network room at my home. My husband did most of the work while I was at school one day. Consequently, I'm not sure which boxes are hooked up to the KVM and which aren't. I've had very minimal time to play with FreeBSD since I had been in school from 8am to 3pm and at work from 4pm to midnight every day from September 24th 2006 until July 13th 2007, then had a wedding to plan and implement. (I guess that's like a big project...)

So I'm in panic mode level 2, trying to figure out which Windows box has the CD burning hw/sw installed on it, and whether it's hooked up to the KVM. NONE of the Windows boxes were either hooked up or had the right equipment! So panic mode reaches level 3 of 5. I *need* to burn m0n0wall's image to CD before noon. It's almost 10am. Finally, I wonder if I can get one of the BSD boxen to do it, seeing as it's got the hardware to do so. I start to look up how-to's.

And whaddyaknow? FreeBSD has "burncd" as part of this balanced, nutritious OS. YAY! I get the information downloaded and burnt, and I'm good to go! Five minutes, and NO FUSS!!

This is part of the reason I *love* FreeBSD. It's like a tall, handsome, mysterious stranger who can fulfill almost my every computing need. Oh, and he's not charging me any extra to get the job done and satisfy my desires. ;)

Ohhhhhkay.

Now the system seems to be registering xl0 interface. Hmmm. I ensured the correct IP was listed in /etc/defaults/rc.conf (don't try this at home, kids! Always use /etc/rc.conf!), moved the riser card and rebooted a couple of times.

Quite odd. I wonder if the whole area isn't prone to electrical funkiness--the power supply is across the machine from the board and that end of the power cable you plug into the computer. There is nothing but a screw between it and the NIC. I ensured earlier it wasn't loose or anything. Very, very strange.

Wish my boss would be cool with actual new hardware instead of new-to-us hardware.

"women who love too much & the interfaces that ignore them"

I'm feeling dull and thick today, like half my blood has been replaced by sugar-free molasses. It's kind of like watching Jerry Springer after eating a tube of toothpaste.

I've got an entry in my /etc/rc.conf file that reads:
ifconfig_xl0="inet 192.168.1.9 netmask 255.255.255.0"

It's almost the same as its counterpart, ifconfig_fxp0--one number and two letters difference, in fact. There don't appear to be typos, and I have Known Good hardware installed on the box.

So why can't I see xl0 when I do an ifconfig? Why does it tell me "ifconfig: interface xl0 does not exist"?

Added "network_interfaces="fxp0 xl0 lo0" to my /etc/rc.conf, to no avail. I've added a line to /etc/defaults/rc.conf that says: 'ifconfig _xl0="inet 192.168.1.9"' and rebooted my machine. Checked /dev/net and did not see an xl0.

I'm looking at this sort of thing under uname -a:
"FreeBSD toybox.company.com 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri jan 12 10:40:27 UTC 2007 root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386

"ifconfig xl0 create" also does not seem to work. The error message ends up being "ifconfig: SIOCIFCREATE: Invalid arguement". I wonder what's wrong...did I just not read the manual closely enough? Does the same action taken in 6.0 not work in 6.2?

Minor issue getting barnyard_start.sh to start

For the last few days, I had been receiving an error when attempting to start the script barnyard_start.sh on a new Sguil sensor. The error was:

'Warning: /usr/local/etc/nsm/barnyard.conf(137) => Unknown output plugin "sguil" referenced, ignoring!Fatal Error, Quitting ..'

I walked away from it for a few days, not quite understanding what it meant, realizing I can sometimes completely misread an error's meaning when I'm stressed. Then I found this: snort forum archive

Interesting! Maybe I could reconfigure Barnyard with the --enable-mysql option as well as the --enable-tcl option. So I tried it.

First time it didn't work. I removed barnyard-0.2.0 from /usr/local/src using "rm -r barnyard-0.2.0". (Be really careful with rm -r! It can wipe your system if you're not careful!) Then I did this: "tar -xvzf barnyard-0.2.0.tar.gz", and tried the "./configure --enable-mysql --enable-tcl --with-tcl=/usr/local/lib/tcl8.4".

It worked! Sguil has successfully been installed and is usable on the unit.

Yes, it's the hardware

Seems to have the same issues with random panics no matter which version of the OS is installed or what packages it's installing.

Bossman is ordering new HDD's for the units. Luckily I've got one or two good ones here to work on, so I won't be so far behind my work flow.

Yup, gotta be the hardware, I think...

Can't figure out any other reason right now that segmentation fault 11 errors AND panics occur. And when the make/make install is issued in /usr/ports for perl, it crashes almost immediately. Then another make will get it to go farther. Then another makes it farther. Then, unexpected errors occur.

Oh, well. I suppose I can waste time with my friends when this chore is done. Must get perl to work!