INFO-TECH

Hello Friends,

Just a little Review on iball Groovy .

1. Effective range : 10 m
2. Working Time : 6-7 Hours
3. Supported Profiles : HSP, HFP, A2DP, AVRCP

iBall-Groovy Main Pannel

Playback Interface

Blue LED

• Simple and Slim design 
• Nice audio quality 
• Mic works absolutely fine , with clarity
• affordable price

I Personally Enjoying iBall Groovy!!!! Your reviews and experience is welcome here , any problems issues it will be nice if all of you can post here, I know this was just a little overview and not a complete analysis

Best Regards,
Girish

Hello Friends,

Squid is very popular proxy used on Redhat servers , here is little tutorial on configuring sqid , checking squid logs , Hope you will enjoy!

SQUID Configuration :
---------------------------

1. yum install squid*
2. vi /etc/squid/squid.conf

Parameters to configure :
-----------------------------

By Default no machine is allowed to connect proxy server except localhost so need to allow access
to our subnet 192.168.0.0/24 (Need to create acl Step 3)

1. visible_hostname universe.server.com    # universe.server.com is my Servers Hostname
2. http_port 192.168.0.60:8080             # My Servers Ip : 192.168.0.60 , Port 8080
3. acl mylan src 192.168.0.0/255.255.255.0 # mylan is name given to ACL
4. http_access allow mylan
5. http_access deny !mylan
6. Save changes and Exit
7. service squid start

On Client :
---------------
1. Open browser
2. Edit > Preferences > Connection settings > 
3. Manual Proxy Configuration > Http Proxy > 192.168.0.60 , Port 8080

Thats it!!!!
You should be able to browse websites here onwards!!!



Additional Configuration :
-------------------------------
http://www.redhat.com/archives/ext3-users/2010-August/msg00003.html
1. vi /etc/squid/squid.conf
2. cache_dir ufs /var/spool/squid 100 16 256 
Amount of Disk in MB to be used for Caching             : 100
Number of First  Level cache directories to be created  : 16
NUmber of Second Level cache directories to be created  : 256

Default Squid Cache directory  : /var/spool/squid/(16 dirs)/(256 dirs)/(the small files)

'Level-1' is the number of first-level subdirectories which will be created under the 'Directory'--> The default is 16.
'Level-2' is the number of second-level subdirectories which will be created under each first-level directory -->  The default is 256.

Where to check Squid Access Logs ? Who visited XYZ Sites?
-----------------------------------------------------------
Log File : /var/log/squid/access.log
Sample Logs :
---------------
[root@universe squid]# tail -f /var/log/squid/access.log
1350983287.130   2452 192.168.0.254 TCP_MISS/200 83569 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_35.png - DIRECT/125.99.127.201 image/png
1350983287.865   3913 192.168.0.254 TCP_MISS/200 61282 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_31.png - DIRECT/125.99.127.209 image/png
1350983288.327   1746 192.168.0.254 TCP_MISS/200 44226 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_08.png - DIRECT/125.99.127.209 image/png
1350983290.043   1595 192.168.0.254 TCP_MISS/200 22004 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_10.png - DIRECT/125.99.127.201 image/png
1350983290.214   2348 192.168.0.254 TCP_MISS/200 32779 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_26.png - DIRECT/125.99.127.209 image/png
1350983290.553   3932 192.168.0.254 TCP_MISS/200 66018 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_17.png - DIRECT/125.99.127.201 image/png
1350983291.331    777 192.168.0.254 TCP_MISS/200 830 GET http://metrics.htc.com/b/ss/htcww-en-prod,htcglobal-prod/1/H.25.2T/s3457431454036? - DIRECT/66.235.142.3 image/gif
1350983291.525   3197 192.168.0.254 TCP_MISS/200 79093 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_01.png - DIRECT/125.99.127.209 image/png
1350983292.021   1806 192.168.0.254 TCP_MISS/200 32147 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_28.png - DIRECT/125.99.127.209 image/png
1350983292.572   2529 192.168.0.254 TCP_MISS/200 66253 GET http://www.htc.com/managed-assets/images/home-page/marquee/wp-8x-360/blue/wp8_19.png - DIRECT/125.99.127.201 image/png

Squid Forensics :
----------------------
http://philosecurity.org/2009/04/19/squid-forensics
Where in cache , file xyz.jpg stored ?
------------------------------------------
grep -r “xyz.jpg” /var/spool/squid/    --> recursively search

Monitoring and Displaying squid logs in a nice fashion, and may then go deeper with searching and reporting functions --> squidview
Squidview Tool   : http://www.rillion.net/squidview/
Sarg tool        : http://sarg.sourceforge.net/sarg.php

Squidview :
---------------
1. wget http://www.rillion.net/squidview/squidview-0.79.tar.gz
2. tar -zxvf squidview-0.79.tar.gz
3. cd squidview-0.79/
4. ./configure
5. make
6. cp Makefile.old Makefile
7. make oldgcc
Launch squidview : ./squidview


Best Regards,
Girish







 

Snort Tutorial :
-------------------

3 Basic Modes :
--------------------
1. Sniffer Mode
2. Packet Logger Mode (Logs Packets to disk)
3. Network Intrusion Detection System (NIDS) , analyze network traffic as per Rules Defined by users.

Sniffer Mode :
------------------
[root@universe rules]# snort -v
10/23-16:53:37.964423 192.168.0.104:22 -> 192.168.0.102:51490
TCP TTL:64 TOS:0x10 ID:9175 IpLen:20 DgmLen:712 DF
***AP*** Seq: 0xE9BBEF63  Ack: 0x7C361CE8  Win: 0x4B60  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2482891 2406025
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/23-16:53:37.964504 192.168.0.104:22 -> 192.168.0.102:51490
TCP TTL:64 TOS:0x10 ID:9176 IpLen:20 DgmLen:360 DF
***AP*** Seq: 0xE9BBF1F7  Ack: 0x7C361CE8  Win: 0x4B60  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2482891 2406025
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


Display packet data + Headers :
---------------------------------
[root@universe rules]# snort -vd
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/23-16:55:25.083474 192.168.0.104:22 -> 192.168.0.102:51490
TCP TTL:64 TOS:0x10 ID:10322 IpLen:20 DgmLen:168 DF
***AP*** Seq: 0xE9C66BA7  Ack: 0x7C364A68  Win: 0x4B60  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2509669 2416736
87 45 00 A3 DC 71 91 72 AE 1E 8B B0 A6 A6 2E 56  .E...q.r.......V
9A 29 BE 45 64 80 28 71 5C 46 02 FF 52 FF 54 8B  .).Ed.(q\F..R.T.
51 39 5D B0 3E 14 BA 5D 99 27 FA 89 D8 0C DC EC  Q9].>..].'......
46 5A 27 29 DB DA E4 20 00 3B 93 3A C6 A4 43 A9  FZ')... .;.:..C.
E9 99 30 EC 69 5B 83 8D 46 9D DF FA C8 93 F9 04  ..0.i[..F.......
A4 02 28 33 4F CF 2D 15 EB 48 1D 55 C7 17 20 2A  ..(3O.-..H.U.. *
F3 58 C7 73 EA A5 2D 3F 66 82 64 F3 AE 76 C3 42  .X.s..-?f.d..v.B
C8 52 A5 88                                      .R..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/23-16:55:25.084084 192.168.0.104:22 -> 192.168.0.102:51490
TCP TTL:64 TOS:0x10 ID:10323 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE9C66C1B  Ack: 0x7C364A68  Win: 0x4B60  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2509669 2416736
46 18 30 B7 BD 5C A8 16 E8 38 87 49 A7 CA DF 6C  F.0..\...8.I...l
AD 79 02 5F 17 A5 AF 17 6D 66 F6 E0 1F 3C 5B F9  .y._....mf...<[.
47 D4 CD 3C 62 03 D6 09 FB B3 B2 F5 4F 10 3C 05  G..34 BA 04 EB 0C EF 2A 7D 79 63 AE 3B AB 22 DE 2E  4.....*}yc.;."..
CE 79 D1 FB                                      .y..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

3 Main Commands :
--------------------
snort -v                 --> Headers
snort -dv                --> Headers + Packet Data
snort -dev               --> Headers + Packet Data + Data Link Layer
snort -dev -l ./log      --> -l for specifying Log Directory
snort -dev -l ./log -h 192.168.0.0/24   --> Log data with specified network range
snort -dev -l ./log -b  --> Binary mode logging
snort -dev -r packet.log --> Read packets with -r switch


Links :
----------
http://seclists.org/snort/2010/q4/533

How to create own snort Rules :
--------------------------------------
SQL Injections are becoming very common attacks on websites , in such cases we can detect attemps on IDS like snort
We need to find signature for most common SQL Injection Queries
Ex.
' or 1=1--  -->  %27+or+1%3D1--
Rule for attack :
--------------------
alert tcp any any -> any any (content:"%27+or+1%3D1--";msg:"Dude Someone is performing SQL INJECTION";sid:1000003;rev:1;)

Content = %27+or+1%3D1--
msg     = Message you want to display
sid     = Unique ID assigned to this rule
sid & rev uniquely identify the rule

Implement Rule in Snort :
-------------------------------
1. vi sqlinjection.rules     (I created this file /etc/snort/rules )
2. alert tcp any any -> any any (content:"%27+or+1%3D1--";msg:"Dude Someone is performing SQL INJECTION";sid:1000003;rev:1;)
3. Save and Exit
4. vi /etc/snort/snort.conf
5. Edit As Below :
   ----------------------------------
   include $RULE_PATH/youtube.rules
   include $RULE_PATH/sqlinjection.rules
   ----------------------------------
   In our case #RULE_PATH = /etc/snort/rules/
6. Save and Exit

7. snort -v -i eth0 -l . -c /etc/snort/snort.conf --snaplen 1518 
-l .             --> Save files in current directory
-c               --> Snort configuration file
--snaplen 1518   -->

8. Execute attack on client machine
 
Snort Output :
-----------------
Action Stats:
     Alerts:            5 (  0.074%)   --> We successfully caught ATTACK!!!
     Logged:            5 (  0.074%)
     Passed:            0 (  0.000%)

9. Check file alert in current directory
[root@universe rules]# pwd
/etc/snort/rules
[root@universe rules]# cat alert
[**] [1:1000003:1] Dude Someone is performing SQL INJECTION [**]
[Priority: 0]
10/23-20:05:06.145217 192.168.0.101:45670 -> 192.168.0.13:8080
TCP TTL:64 TOS:0x0 ID:2665 IpLen:20 DgmLen:332 DF
***AP*** Seq: 0x6564F124  Ack: 0x28B08D67  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 42526540 5354755
[**] [1:1000003:1] Dude Someone is performing SQL INJECTION [**]
[Priority: 0]
10/23-20:05:06.230814 192.168.0.104:28692 -> 220.226.205.30:80
TCP TTL:64 TOS:0x0 ID:41431 IpLen:20 DgmLen:260 DF
***AP*** Seq: 0x29121933  Ack: 0x43B3A536  Win: 0x2E  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5354776 23618074

Now we have All required information about ongoing Attack!!!!


Why we used --snaplen ??
------------------------------
Command : snort -V
My Current Snort version : Version 2.9.0.5
When I use snort without --snaplen option , I was not able to collect alerts , nor any alert file was generated
With reference to : http://seclists.org/snort/2010/q4/533
The IPQ and NFQ DAQs had an internal buffer limitation that is fixed in the latest release.




Will be adding more soon.....

Best Regards,
Girish

Hello Friends,


As a beginner I struggled to run Snort IDS (Intrusion Detection System) on my Personal  RHEL 5 ,

Its absolutely easy but , was not for me on RHEL 5 especially , due to dependencies.


Snort Download Link                                 : http://www.snort.org/snort-downloads

RHEL5, Cent OS 5.5, or Fedora Core 11 : http://www.snort.org/snort-downloads/rhel5/


My Snort Version : Snort 2.9.0

Linux Kernel        : 2.6.18-8.el5xen

Linux OS             : RHEL 5


I am uploading all required dependencies for snort 2.9.0 here , you need to follow simple steps to install snort in 2 minutes.

After installation comes gr8 part of IDS World!!!!!

Soon will be adding snort tutorials!!!

Best Regards,
Girish

Author: Ashish Garg

The struts2 framework makes it easy to share certain solutions using an "Interceptor" strategy. When you request a resource that maps to an "action", the framework invokes the Action object. But, before the Action is executed, the invocation can be intercepted by another object. After the Action executes, the invocation could be intercepted again. Unsurprisingly, we call these objects "Interceptors."

Interceptors can execute code before and after an Action is invoked. Most of the framework's core functionality is implemented as Interceptors. Features like double-submit guards, type conversion, object population, validation, file upload, page preparation, and more, are all implemented with the help of Interceptors. Each and every Interceptor is pluggable, so you can decide exactly which features an Action needs to support.

Interceptors can be configured on a per-action basis. Your own custom Interceptors can be mixed-and-matched with the Interceptors bundled with the framework. Interceptors "set the stage" for the Action classes, doing much of the "heavy lifting" before the Action executes

Strtus2 provide some default interceptor but developer can create his own interceptor as per requirement. Below is an configuration of interceptor in struts configuration file.

<package name="default" extends="struts-default">
   <interceptors>
       <interceptor name="timer" class=".."/>
       <interceptor name="logger" class=".."/>
   </interceptors>
   <action name="login"
      class="tutorial.Login">
        <interceptor-ref name="timer"/>
        <interceptor-ref name="logger"/>
         <result name="input">login.jsp</result>
         <result name="success"
            type="redirectAction">/secure/home</result>
   </action>
</package>

User Defined Interceptor

import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.xwork.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.struts2.StrutsStatics;

/**
 *
 * @author Ashish Garg
 */
public class LoginInterceptor extends AbstractInterceptor implements StrutsStatics {

    private static final Log log = LogFactory.getLog(LoginInterceptor.class);
    private static final String USER_HANDLE = "USER_ID";
    private static final String LOGIN_ATTEMPT = "loginAttempt";

    @Override
    public void init() {
        log.info("Intializing LoginInterceptor");
        System.out.println("Intializing LoginInterceptor");
    }

 public String intercept(ActionInvocation invocation) throws Exception {

        final ActionContext context = invocation.getInvocationContext();
        HttpServletRequest request = (HttpServletRequest) context.get(HTTP_REQUEST);
        HttpSession session = request.getSession(true);

        // Is there a "user" object stored in the user's HttpSession?
        Object user = session.getAttribute(USER_HANDLE);
        if (user == null) {
            // The user has not logged in yet.

            // Is the user attempting to log in right now?
            String loginAttempt = request.getParameter(LOGIN_ATTEMPT);

            /* The user is attempting to log in. */
            if (!StringUtils.isBlank(loginAttempt)) {
                return invocation.invoke();
            }
            return "login";
        } else {
            return invocation.invoke();
        }
    }
}

Struts-Configuration For User Defined Login Interceptor

<struts>
    <!-- Configuration for the default package. -->
    <package name="default" namespace="/" extends="struts-default">
        <interceptors>
            <interceptor class="com.Garg.Action.LoginInterceptor" name="loginInterceptor">
            </interceptor>
            <interceptor-stack name="loginStack">
                <interceptor-ref name="loginInterceptor"/>
                <interceptor-ref name="defaultStack"/>
            </interceptor-stack>
        </interceptors>
        <default-interceptor-ref name="loginStack"></default-interceptor-ref>
        <global-results>
            <result name="login" type="redirect">Login</result>
        </global-results>
        <action name="Login" class="com.Garg.Action.LoginAction">
            <interceptor-ref name="loginStack"></interceptor-ref>
            <result name="success">/jsp/ViewJSP.jsp</result>
            <result name="input">/jsp/Login.jsp</result>
        </action>
          </package>
    </struts>

Free GPS apps are about a dozen in the iPhone app store, but, surprisingly, there aren’t a lot of free iPhone compass apps out there. This Compass App can be very useful and can be integrated with various other applications dealing with Map and Directions to know the current proceeding magnetic direction. Driver related apps can make a best use of it. This app can also be used for fun sake.

The iPhone Compass app, works like actual magnetic needle compass. Launch the Compass app by tapping its button "Compass Direction", and it shows you the magnetic direction you're facing.

// code for allocing "Compass Direction" button
    btnCompass= [UIButton buttonWithType:UIButtonTypeRoundedRect];
    [btnCompass setTitle:@"Compass Direction" forState:UIControlStateNormal];
    [btnCompass addTarget:self action:@selector(showCompass) forControlEvents:UIControlEventTouchUpInside];
    btnCompass.frame = CGRectMake(20, 350, 280, 30);
    [self.view addSubview:btnCompass];

// method to proceed for CompassViewController
-(void)showCompass{
    NSLog(@"going to call show Compass");    
    [UIView beginAnimations:@"View Flip" context:nil];
    [UIView setAnimationDuration:1.0];
    [UIView setAnimationCurve:UIViewAnimationCurveEaseInOut];
    [UIView setAnimationBeginsFromCurrentState:YES];
    [UIView setAnimationTransition:UIViewAnimationTransitionCurlUp forView:self.navigationController.view cache:NO];
    CompassViewController *compassViewController = [[[CompassViewController alloc]initWithNibName:@"CompassViewController" bundle:nil]
autorelease];
    [self.navigationController pushViewController:compassViewController animated:YES];
    [UIView commitAnimations];
}

Compass Button

In CompassViewController, viewDidLoad accommodates the following code. It makes use of CLLocationManager(and its delegate ) which 

helps to get direction for magnetic needle

//Compass Image View
    imgCompassView = [[UIImageView alloc]initWithFrame:CGRectMake(20,90,280,280)];
    [imgCompassView setImage:[UIImage imageNamed:@"compassImg.png"]];
    [self.view addSubview:imgCompassView];
    imgCompassView.center = CGPointMake(160, 230);
    
    //Needle Image View 
    imgNeedle = [[UIImageView alloc]initWithFrame:CGRectMake(152,140,16,93)];
    [imgNeedle setImage:[UIImage imageNamed:@"directionArrow.png"]];
    [self.view addSubview:imgNeedle];
    //imgNeedle.center = CGPointMake(160, 230);
    
    //ManagerLocation 
    location_Manager = [[CLLocationManager alloc] init];
    location_Manager.desiredAccuracy = kCLLocationAccuracyBest;
    location_Manager.delegate = self;
    location_Manager.distanceFilter = kCLDistanceFilterNone;
    [location_Manager startUpdatingHeading];

The needle pointer that shows you where the magnetic direction you're facing.

CLLocationManagerDelegate:
/*---------- getting Direction Angle -------------*/
-(void)locationManager:(CLLocationManager *)manager didUpdateHeading:(CLHeading *)newHeading{
    //[location_Manager stopUpdatingHeading];
    NSLog(@"New magnetic heading %f",newHeading.magneticHeading);
    [imgCompassView setTransform:CGAffineTransformMakeRotation(2*M_PI*newHeading.magneticHeading/360)];
}
/*----------------- End of above task ----------------*/
 

newHeading.magneticHeading co ordinate helps to move the needle pointer.

Show Compass