ArghWebWorks

I found the Dreyfuss Model of Skill Acquisition only recently, but it helps me to clarify some things on my resume, or when people ask what level of experience I have with a given technology.

I can say that I’m level 4 with regard to php, but level 3ish with regard to MySQL. I used to be level 3ish with regard to vbscript and asp pages, but that’s lowered to about a 2. I’m a level 2 with regard to Search Engine Placement. Something I found interesting is that I see a decline between levels 4 and 5; a level 5 person apparently neither seeks advice nor follows established routines when doing their task. And yet, most companies want their people to follow a script, or a procedure, in order to perform their duties; for instance, check the file out of CVS, update it, commit it (with descriptive tags) and then make live.

I’m not too sold on the ideas behind this model, but it’s a good set of tools for self analysis.

The FUSE modules, bringing file systems into user-space, are pretty fascinating. I was tempted by the encryption modules, the ntfs modules, but the most seductive one has been sshfs. SSHFS is a mechanism for “mounting” a remote system’s filesystem as a directory on your system over the ssh protocol.

How did I do it?

Well, first, the system is running Debian, so I had to install the fuse module source (I used Synaptic and just searched for FUSE and likely candidates). Then I ran module assistant (which I had previously installed for nvidia support) with this command as root.

m-a a-i fuse

That built the module, then I had to install the module. “insmod fuse” didn’t work, so I had to walk down the /lib/modules/2.6.15/ path until I got close enough to track it down;

# insmod /lib/modules/2.6.15/kernel/fs/fuse.ko

Once that was done, I had to, as root, mount the filesystem somewhere. I created a mount point and then issued this command (as root)

#sshfs (user)@(server):(directory) (mountpoint) -o uid=(my uid),allow_other


It worked appreciably well- as my normal user I can traverse the directory and use bluefish and whatnot on the files within, just as if it were a local drive.

Let’s hear it for SSHFS!

I’m working on a couple of projects; I’m keeping the web development projects I’m doing (like this site, for instance) in subversion repository. I’m trying to get better at this, but some of the instructions out there assume that you actually know what you’re doing.

So, here’s how to include another repository in your working copy; I’m building a ‘common library’ of code, that I update, but I plan to maintain as its own entity; that way I won’t have multiple copies of various things running around.

First, checkout your working copy (assumes you have a repository already set up. Happily, there are many tutorials on that).
$>svn checkout file:///var/subversion/repositoryname
Then go into this working copy and use ’svn propedit’ to edit the properties of the root directory:
$>svn propedit svn:externals .
This’ll bring up an editor window for you. Place into it a tab delimition of directory and repository:
(in the file)
phplibs file:///var/subversion/libraryrepository
(out of the file)
now exit, and run svn update to import the externals.
Voila- you’re done! Pat yourself on the back.

So… you need to remove some addresses from your database…

Here’s how you do it.

Set the 'Errors-To' header in your email to something unusual... like 'zyxbounced@(your domain name ).' In your email server's virtuser's table, you want to pipe this to some script on your server. But you can't reference a script or other program in the virtuser table. So you use an alias: set in your virtusertable "zyxbounced@(your domain name): bounceremoval" and rebuild the virtusertable ( cd /etc/mail; make map hash virtusertable < virtusertable ). Then edit your aliases file (/etc/aliases) and you can set the forward to a script here. ( bounceremoval: "|/usr/local/bin/removalscript.pl" ) and rebuild the aliases database ( newaliases ).
Then write the /usr/local/bin/removalscript.pl script. You can probably look for the error message '5.7.1' and figure out who the message was to, and go from there. Once that's done, you need to soft link this file to the /etc/smrsh directory in order to give the sendmail restricted shell permission to run it.

Hurray! You’re done!

Wow. It’s taken me about six hours, all told, to get this thing working. But I’ve

1. upgraded snort to 2.4.4 and reinstalled (tip: make clean,./configure (with options), make, make uninstall, make install), using a unified (and thus fast) output plugin.
2. upgraded barnyard to 0.2.0 and reinstalled, reading the unified output from snort and outputting to a log file, to syslog and to a database on a second server.
3. reconfigured guardian to use the log file from barnyard and block files in there.
4. finally gotten BASE to read the alert entries from the database server on a third server ( the intranet server ).

A couple of tips along the way:

1. If your BASE can’t read the database, but there’s definately stuff in there, try taking the ‘detail full’ off of the _barnyard_ configuration output alert_acid_db entry. If that doesn’t work, try manually inserting an entry in the sensor table.
2. You don’t need to have both an alert_acid_db entry and a log_acid_db entry for the same ’sensor.’
3. barnyard’s acid_db entries use the same database config as snort would if you were logging directly from snort. So use the snort source/schemas creation script (/usr/local/src/snort-2.4.4/schemas/create_mysql ) to create the tables in the database. When you set up BASE, it offers to create the extra ACID tables.