m-ice-devel Mailing List for Modular Intrusion Countermeasure Env.
Status: Beta
Brought to you by:
thetom
You can subscribe to this list here.
2004 |
Jan
(23) |
Feb
(4) |
Mar
|
Apr
(3) |
May
(4) |
Jun
(1) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2005 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Thomas B. <Th...@un...> - 2005-02-23 16:52:36
|
Hi, I released some alpha RPM packages at sourceforge. Bye, Thomas =2D-=20 TheTom <TheTom@UnixIsNot4Dummies.ORG> fingerprint =3D F055 43E5 1F3C 4F4F 9182 CD59 DBC6 111A 8516 8DBF |
From: Thomas <TheTom@UnixIsNot4Dummies.ORG> - 2004-07-10 00:46:20
|
Hi everybody... all you silent listeners. :) The current code in the CVS repository was (heavily) restructured in the last weeks to make it more suiteable for pseudonymisation and analysis. the restruction includes: - enhancement of logformat.h - parsing is done by the dataforwarder now to reduce the load on other components - library for parsing functions - reordering of module exec-path of dataforwarder + format + filter + pseudonymize - support for LAuS binary append logs + not bug free yet Additionally I started support for pseudonymisation. Pseudonymisation allows the protection of data privary while at the same time keeps the possibility for the site-security-officer (SSO) (or IDS) to re-identify attackers. This support includes: - library for pseudonymisation functions - tool for resolving pseudonyms and create pseudonyms (utils/pseudonymizer) - tool for generating a pseudonymisation key from n keys The last feature ensures that parties with different scopes (privacy vs. security) can be sure that n keys are needed (each owned by a differnet party) to re-identify users. What is still missing is a module for the dataforwarder to pseudonymize identifying artefacts included in log data as well as some debugging of the LAuS code in the dataforwarder's intReadFile() function. All the above mentioned code isn't tested. This will happen after the pseudo. module for the dataforwarder is done. Beside another approach I'll try to develop an analysis module based on statistical profiles of syscalls regarding application- level context. ... altum silentium... Bye, Thomas --=20 TheTom <TheTom@UnixIsNot4Dummies.ORG> fingerprint =3D F055 43E5 1F3C 4F4F 9182 CD59 DBC6 111A 8516 8DBF |
From: Thomas <TheTom@UnixIsNot4Dummies.ORG> - 2004-06-15 10:35:07
|
Hello developers, a few minutes ago I submitted a new snapshot of the M-ICE code. The dataforwarder is now able to handle the binary format of LAuS stream files (sync mode). The postprocessing module for the rawlog database is able to parse the binary data and puts it in an appropriate table. Now we have everything we need to develop more sophisticated analysis techniques and pseudonymisation. I'll start developing a pseudonymisation module next week. If someoneelse is doing this already please let me know. Bye, Thomas --=20 TheTom <TheTom@UnixIsNot4Dummies.ORG> fingerprint =3D F055 43E5 1F3C 4F4F 9182 CD59 DBC6 111A 8516 8DBF |
From: <ben...@id...> - 2004-05-25 08:06:55
|
Dear Open Source developer I am doing a research project on "Fun and Software Development" in which I kindly invite you to participate. You will find the online survey under http://fasd.ethz.ch/qsf/. The questionnaire consists of 53 questions and you will need about 15 minutes to complete it. With the FASD project (Fun and Software Development) we want to define the motivational significance of fun when software developers decide to engage in Open Source projects. What is special about our research project is that a similar survey is planned with software developers in commercial firms. This procedure allows the immediate comparison between the involved individuals and the conditions of production of these two development models. Thus we hope to obtain substantial new insights to the phenomenon of Open Source Development. With many thanks for your participation, Benno Luthiger PS: The results of the survey will be published under http://www.isu.unizh.ch/fuehrung/blprojects/FASD/. We have set up the mailing list fa...@we... for this study. Please see http://fasd.ethz.ch/qsf/mailinglist_en.html for registration to this mailing list. _______________________________________________________________________ Benno Luthiger Swiss Federal Institute of Technology Zurich 8092 Zurich Mail: benno.luthiger(at)id.ethz.ch _______________________________________________________________________ |
From: Thomas <TheTom@UnixIsNot4Dummies.ORG> - 2004-05-24 09:31:57
|
Hi everybody. A short warning for everyone who is still actively developing: There is exploit code out there that is able to compromise CVS servers. Hopefully the SF staff uses a more secure setup then ordinary CVS servers but I dunno. So keep your eyes open for suspicious changes in the code and please let us know about it. Better safe then sorry. :) Thanks you. Thomas |
From: Thomas <TheTom@UnixIsNot4Dummies.ORG> - 2004-05-20 19:08:12
|
Hi, for everyone who wants to build his/her own RPM packages from the CVS source I attached the neeed spec file. Bye, Thomas |
From: Thomas <TheTom@UnixIsNot4Dummies.ORG> - 2004-05-20 19:06:20
|
Hi folks, a few minutes ago I've submitted a new version of the dataforwarder to our CVS that has the needed LAuS handling code. Additionally I fixed a segmentation fault while looping through the FileInfo array in the FdescServer code. Bye, Thomas |
From: Thomas <TheTom@UnixIsNot4Dummies.ORG> - 2004-04-25 20:11:00
|
Am So, 2004-04-25 um 11.39 schrieb Thomas: > Hello everybody, > is someone able to setup a machine that runs a LAuS-enabled > kernel and a M-ICE Dataforwarder and is accessible for > developers over the Internet? > > This kind of machine will be very helpful in developing > and enhancing M-ICE. > > This machine may run scripts that generate audit records automatically > to give other M-ICE components the needed > input for testing. I forgot. I put an example LAuS output on the web-site: http://m-ice.sourceforge.net/docs/aucat.txt Bye. Thomas |
From: Thomas <TheTom@UnixIsNot4Dummies.ORG> - 2004-04-25 09:45:31
|
Hello everybody, is someone able to setup a machine that runs a LAuS-enabled kernel and a M-ICE Dataforwarder and is accessible for developers over the Internet? This kind of machine will be very helpful in developing and enhancing M-ICE. This machine may run scripts that generate audit records automatically to give other M-ICE components the needed input for testing. Bye, Thomas |
From: Thomas <TheTom@UnixIsNot4Dummies.ORG> - 2004-04-24 12:51:24
|
Hi, I submitted a new version of the dataforwarder to the CVS. It handles files differently now, depending on a fileformat tag in the dataforwarder.conf file. Pleas enote that this feature is not tested but will become more stable within the next few weeks... depending on my time. Apropos I will be away till 10th of May. The new feature should be the beginning of the LAuS support for M-ICE. As soon as we have full LAuS support we can start developing new analysis methods based on syscalls. Bye, Thomas |
From: barry d. <_b...@ii...> - 2004-02-03 21:57:19
|
To create the correct library path in the various Makefiles change the following line in configure.ac LDFLAGS="-L$srcdir/libs $(xml2-config --libs)" to LDFLAGS="-L\$(top_srcdir)/libs $(xml2-config --libs)" baz |
From: Praveen M M. <pra...@ho...> - 2004-02-03 11:51:32
|
Hi All, This is not a question related to MICE, but have a query on Hard disk. Lets say I have a seagate hard disk of capacity 40GB. Then how on linux get this info from the hard disk by writing a C code. I need all the info about hard disk. I know this is not a simple code.....but what to know how to start about it. Please let me know if someone have any idea about the same. I hope its not an issue to post non-mice questions here. Thanks, Praveen _________________________________________________________________ Scope out the new MSN Plus Internet Software optimizes dial-up to the max! http://join.msn.com/?pgmarket=en-us&page=byoa/plus&ST=1 |
From: Thomas <TheTom@UnixIsNot4Dummies.ORG> - 2004-02-02 10:57:52
|
Am Mo, 2004-02-02 um 11.58 schrieb barry day: > On Sat, Jan 31, 2004 at 04:32:10PM +0100, Thomas wrote: > > Hi developers! > > > > I will start supporting the Linux Audit Subsystem (LAuS) > > today. Therefore the following changes will happen. > > - nomore SCSLog support > > - a kernel will be made available with LAuS support > > compiled in > > - the mysql database for raw-logs will change > > - the post-processing module for the regex analysis will > > be enhanced > > - the admin-guide will be enhanced by a LAuS chapter > > > > Enjoy the weekend. > > > > Thomas > > > Can you expand on this some more. Is there a document on LAuS? I included a small setup section in the admin-guide and added links to the packages. The laus package includes alot of man-pages. There is a more detailed security-guide describing laus but it is not available for now. (expect for people with access to portal.suse.de) Bye, Thomas |
From: barry d. <_b...@ii...> - 2004-02-02 10:52:18
|
On Sat, Jan 31, 2004 at 04:32:10PM +0100, Thomas wrote: > Hi developers! > > I will start supporting the Linux Audit Subsystem (LAuS) > today. Therefore the following changes will happen. > - nomore SCSLog support > - a kernel will be made available with LAuS support > compiled in > - the mysql database for raw-logs will change > - the post-processing module for the regex analysis will > be enhanced > - the admin-guide will be enhanced by a LAuS chapter > > Enjoy the weekend. > > Thomas Can you expand on this some more. Is there a document on LAuS? baz |
From: Thomas <TheTom@UnixIsNot4Dummies.ORG> - 2004-01-31 15:32:14
|
Hi developers! I will start supporting the Linux Audit Subsystem (LAuS) today. Therefore the following changes will happen. - nomore SCSLog support - a kernel will be made available with LAuS support compiled in - the mysql database for raw-logs will change - the post-processing module for the regex analysis will be enhanced - the admin-guide will be enhanced by a LAuS chapter Enjoy the weekend. Thomas |
From: Thomas <TheTom@UnixIsNot4Dummies.ORG> - 2004-01-31 09:44:38
|
Am Fr, 2004-01-30 um 06.20 schrieb Praveen M Morab: > Hi All, Hi. > My first current job is to write a decoding module for the bufferdaemon. So > the module will collect all the PIX logs from /var/log/message file and put > the logs into ringbuffer. I have written a code which will do this, but I > have some querys. You can circumvent the messages file by reading directly from the network. Just tell the PIX to use a remote syslog host and then tell the bufferdaemon to listen on the syslogd port. This way you get the logs directly. Unfortunately I never tested the bufferdaemon processing UDP packets (UDP is used with syslog). > 1. How the module will be connected to the Bufferdaemon or is it a simple > function. It is loaded like a shared library (or call it DLL). > 2. What is this ringbuffer.....is it some form of IPC or just buffer. It is just an array used in a special manner... like a ring-buffer. ;) > I am bit confused with this, so can anyone please let me know. Yes, at the first glance it looks very compley and confusing but in real it is sooo simple. :) Bye, Thomas |
From: Praveen M M. <pra...@ho...> - 2004-01-31 03:07:30
|
Hi All, Sorry for the last email......I have fixed the problem....and now can checkout the code. Praveen _________________________________________________________________ Check out the new MSN 9 Dial-up fast & reliable Internet access with prime features! http://join.msn.com/?pgmarket=en-us&page=dialup/home&ST=1 |
From: Praveen M M. <pra...@ho...> - 2004-01-31 02:20:42
|
Hi All, My first current job is to write a decoding module for the bufferdaemon. So the module will collect all the PIX logs from /var/log/message file and put the logs into ringbuffer. I have written a code which will do this, but I have some querys. 1. How the module will be connected to the Bufferdaemon or is it a simple function. 2. What is this ringbuffer.....is it some form of IPC or just buffer. I am bit confused with this, so can anyone please let me know. Thanks, Praveen _________________________________________________________________ Learn how to choose, serve, and enjoy wine at Wine @ MSN. http://wine.msn.com/ |
From: Thomas <TheTom@UnixIsNot4Dummies.ORG> - 2004-01-30 22:53:49
|
Am Fr, 2004-01-30 um 10.08 schrieb Praveen M Morab: > Hi All, Hi Praveen. Accessing CVS via SSH is described in the developer guide section 2.1. Bye, Thomas |
From: Praveen M M. <pra...@ho...> - 2004-01-30 19:47:16
|
Hi All, I tried to connect to cvs server to checkout code. When I tried > ssh pra...@cv... ------Error was permission denied I tried > ssh -l praveen_morab cvs.sourceforge.net and I enter the passwd of my SF account and > cvs -d:pserver:ano...@cv...:/cvsroot/m-ice co m-ice--------timeout error. All this was done from my sys admin m/c, so I had full access to our network. So can anyone please tell me the solution for this. Thanks, Praveen _________________________________________________________________ Get a FREE online virus check for your PC here, from McAfee. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 |
From: Praveen M M. <pra...@ho...> - 2004-01-29 08:15:51
|
Hi All, To checkout code from CVS, do we need SSH client. I am not able to checkout the code. If yes then how to set up SSH client. Please let me know. Thanks in advance, Praveen _________________________________________________________________ Find high-speed net deals comparison-shop your local providers here. https://broadband.msn.com |
From: Praveen M M. <pra...@ho...> - 2004-01-19 09:14:56
|
Hi, I guess sys admin in my company has blocked.... I will check with him. Regards, Praveen >From: Thomas <TheTom@UnixIsNot4Dummies.ORG> >Reply-To: TheTom@UnixIsNot4Dummies.ORG >To: Praveen M Morab <pra...@ho...> >CC: "m-i...@li..." <m-i...@li...> >Subject: Re: [m-ice-devel] cvs issue >Date: Mon, 19 Jan 2004 10:13:32 +0100 > >Am Mo, 2004-01-19 um 07.14 schrieb Praveen M Morab: > > Hi, > >Hi. > > > > > > I am not able to checkout the source code by cvs > > -d:pserver:ano...@cv...:/cvsroot/m-ice co m-ice command. Did >anyone > > of you had the same problem. > >Is it still not working? > >Bye, > Thomas > > > > > >------------------------------------------------------- >The SF.Net email is sponsored by EclipseCon 2004 >Premiere Conference on Open Tools Development and Integration >See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. >http://www.eclipsecon.org/osdn >_______________________________________________ >m-ice-devel mailing list >m-i...@li... >https://lists.sourceforge.net/lists/listinfo/m-ice-devel _________________________________________________________________ Rethink your business approach for the new year with the helpful tips here. http://special.msn.com/bcentral/prep04.armx |
From: Thomas <TheTom@UnixIsNot4Dummies.ORG> - 2004-01-19 09:11:49
|
Am Mo, 2004-01-19 um 07.14 schrieb Praveen M Morab: > Hi, Hi. > > I am not able to checkout the source code by cvs > -d:pserver:ano...@cv...:/cvsroot/m-ice co m-ice command. Did anyone > of you had the same problem. Is it still not working? Bye, Thomas |
From: _bjd_@.SYNTAX-ERROR - 2004-01-19 07:00:21
|
I just did an update without a problem baz |
From: Praveen M M. <pra...@ho...> - 2004-01-19 06:14:54
|
Hi, I am not able to checkout the source code by cvs -d:pserver:ano...@cv...:/cvsroot/m-ice co m-ice command. Did anyone of you had the same problem. Regards, Praveen _________________________________________________________________ Check out the new MSN 9 Dial-up fast & reliable Internet access with prime features! http://join.msn.com/?pgmarket=en-us&page=dialup/home&ST=1 |