Posted on August 10, 2007
I'm very happy tonight. I've just read the news that SCO lost their case against Novell. At Just Sports, I was the target of one of SCO's extortion attempts, so this is a particularly enjoyable event. It turns out the letter I wrote to SCO when they attempted to extort software licensing out of us was added as evidence and is part of the sealed court record.
SCO's loss is awesome news, much thanks to Novell, IBM, Redhat for fighting this and to Groklaw for documenting the whole affair.
Tagged with: Linux |
Posted on February 13, 2006
Some idiot on GameSurge decided to SYN flood the site today. After parting with this lovely message “<JacKer> say bye to your site” a minor synflood from a total of 4 ip addresses hit the webserver. I ssh'ed in realizing I didn’t copy over the old iptables firewall rules to the new webserver box and thus the auto-syn-flood filter wouldn’t kick off. After spending a few minutes coding
this PHP script which runs from the CLI, I was able to test it and watch it filter out the 4 ip addresses spewing SYN packets.
It works first by running netstat and gathering the ip addresses in a state of SYN_RECV. It then goes out and gets a list of already filtered IP addresses from iptables. Then if there are more than 3 of one ip address in the state of SYN_RECV and if it is not already being dropped by iptables it gets added to a list and dropped. I plan on making this a little more sophisticated in the future, for example one cool thing to do would be to look for ip addresses in the same subnet and drop the subnet if there are enough to justify it. Anyway, if you find this helpful let me know. I've only tested it on Gentoo Linux with PHP 5.1 but I can't imagine it wouldn't work on any BSD based system.
Tagged with: Linux |
Posted on January 26, 2006
Tip to the FreeBSD Community: telling users to RTFM when they have simple questions is another reason why FreeBSD is relatively unpopular in comparison to certain linux distros. Take Gentoo and Ubuntu, both have very accomodating communities who go out of their way to help users.
Tagged with: Linux |
Posted on April 12, 2005
I recently started using the hardened-dev-sources in gentoo's portage and grsecurity has a cool feature to track ip addresses. There used to be an open-source python program called HostSentry that was developed by Psionic. Psionic was bought by Cisco and the package disappeared. After moving to these kernels I started thinking about HostSentry and how instead of watching wtmp, one could do trend analysis and alerting based upon /proc. Now with additional information such as the ipaddress, I've been thinking of a way to store process info in a table and then write a program to analyze the current activity vrs the previous activity and send alerts based upon it.
I've prototyped the data gathering tool in php, I call it "processripper" and it goes through /proc and extracts the data that could be useful and shoves it in a PostgreSQL table. The next step will to write a tool that builds some trend data, and then determines what kind of alerts to send.
I'm thinking a web interface showing trend analysis would be cool at some point too... Stuff like what user uses most of your cpu time, or what applications run the most processes on an ongoing basis.a Anyway, just thought I would throw that out there. Once I get something working I'll put it in the ehpg cvs.
Tagged with: Linux |
Posted on March 31, 2005
I have an AMD64 at work and since I don't have to use windows, I've been using Gentoo up to now. I love Gentoo, it's great on my servers, easy to manage, very configurable, etc. It was a natural switch for me from years of Slackware.
I've been having problems recently though with running Linux on my AMD64. For example, I went out and purchased Data Architect from The Kompany to do some database design type stuff. It's a binary only product that won't run against libraries linked against a 64 bit glibc. That's understandable for a closed source appliction. I started to setup a env to chroot into for 32bit applications. I couldn't get glibc to actually compile. I eventually resigned to not being able to use it. The X server (x.org) would randomly lock up, eat cpu, and become unresponsive. I would have to ssh in and restart xdm to get it going again. And openoffice *sigh*. I really like the OOo Ximian hacks, I find the UI for 1.1.x ugly. But alas portage only has OOo 32bit binary's that work on amd64. It won't compile cleanly natively. OOo 2.0 beta has potential. I used it for a bit. But I couldnt justify the 30 second startup times, nor the crashing when trying to export a file. So I switched.
I'm running Ubuntu now. I've had it for a day. It took about 15 minutes to install, it found all my hardware, I didn't have any configuration to do outside of a few choices to be made in a ui installer. Apt is pretty slick, and the debian base has come a far way since I originally wrote it off in 1995 ;-). We'll see how the experiments go, but so far I'm pretty happy with Ubuntu, gnome, gdesklets, and the sort. I'm not happy about not having access to mp3encode in the universe repository, but hey, I guess I can live with ogg here at work.
Tagged with: Linux |
