Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - ArchWill

Pages: [1]
1
Installation and Upgrades / Does IDS do anything?
« on: February 21, 2010, 02:01:28 pm »
I'm sure this is a dumb question but what does I'd do besides issue an alert and write a log notification when it finds a suspected intrusion? Does it block the IP? Is there any way to test it? I've googled "testing snort" but don't find anything that is clear and concise.

Thanks!

Arch

Arch

2
Installation and Upgrades / Block by time based on IP address
« on: February 12, 2010, 04:14:45 pm »
I want to be able to block users from going to certain sites except at given times. The problem is that I have it set to use HTTP proxy via the transparent mode. As such,it seems like the only way I can do it is by blocking certain IP addresses. Is there any way to do this while using transparent mode?

Thanks!

Arch

3
Installation and Upgrades / Another "Can't open /var/log/ebox/ebox.log" lock out message
« on: February 08, 2010, 03:28:36 pm »
I am running the new version 1.4. This morning, I tried to log into e-box and got this message:

A really nasty bug has occurred
Exception
Can't open /var/log/ebox/ebox.log (Permission denied)
Trace
Can't open /var/log/ebox/ebox.log (Permission denied) at /usr/share/perl5/Log/Log4perl/Appender/File.pm line 102



This is what happens if I  do this "$ ls -l  /var/log/ebox/"
total 45200
-rw-rw-rw- 1 root   root    13402759 2010-02-08 09:25 access.log.1
-rw-r----- 1 syslog adm            0 2010-02-07 08:01 ebox.log
-rw-r----- 1 syslog adm      1402073 2010-02-08 09:20 ebox.log.0
-rw-r----- 1 syslog adm       184062 2010-02-05 14:39 ebox.log.1.gz
-rw-r----- 1 syslog adm            0 2010-02-06 07:40 error.log
-rw-r----- 1 syslog adm     31213526 2010-02-08 09:25 error.log.0
-rw-r--r-- 1 ebox   ebox        2667 2010-02-07 08:01 esofttool.log
drwxr-xr-x 2 nobody nogroup     4096 2010-02-01 20:32 openvpn


When I did a "chmod 666 /var/log/ebox/" it works fine.

Any ideas?

Thanks!

Arch

4
Installation and Upgrades / Any difference between 1.4rc1 and the new version 1.4?
« on: February 05, 2010, 09:14:22 pm »
Is there any difference between 1.4rc1 and the new version 1.4? Do I need to even fool with the upgrade?

Thanks!

Arch

5
Installation and Upgrades / Version 1.4 rc1, boo boos
« on: February 02, 2010, 04:18:06 am »
This is a recap of the stuff I have found with verison 1.4 rc1. I installed it from your CD amd then did a restore of the config files from version 1.3x.


1. When I click on "system updates" I get this error: "An internal error related to a template has occurred. This is a bug, relevant information can be found in the logs."

2. After the first boot upon installation, there was a message saying it could not access "open /var/log/ebox/ebox.log" - I fixed it by issuing "sudo chmod 666 /var/log/ebox/ebox.log"

3. There are lots of errors in "/var/log/ebox/error.log". I don't know how much to post so I'll just post the last few lines:

Use of uninitialized value in string ne at /usr/share/perl5/EBox/Menu/Root.pm line 51.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in string ne at /usr/share/perl5/EBox/Menu/Root.pm line 51.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.


Thanks!

Arch

6
Installation and Upgrades / Should there be lots of errors in "/var/log/ebox/error.log"?
« on: February 01, 2010, 08:40:50 pm »
I am getting tons of errors in /var/log/ebox/error.log. I just picked a random point in the log and made a copy. See below:

Argument "" isn't numeric in numeric lt (<) at /usr/share/perl5/EBox/Model/DataTable.pm line 2899.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/HTML/Mason/Component/Subcomponent.pm line 34.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/HTML/Mason/Component/Subcomponent.pm line 34.
Use of uninitialized value in string ne at /usr/share/perl5/EBox/Menu/Root.pm line 51.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in string ne at /usr/share/perl5/EBox/Menu/Root.pm line 51.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in string eq at /usr/share/perl5/EBox/CGI/View/DataTable.pm line 55.
Use of uninitialized value in string ne at /usr/share/perl5/EBox/Menu/Root.pm line 51.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/HTML/Mason/Component/Subcomponent.pm line 34.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/HTML/Mason/Component/Subcomponent.pm line 34.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/HTML/Mason/Component/Subcomponent.pm line 34.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Model/DataTable.pm line 2663.
Use of uninitialized value in string ne at /usr/share/perl5/EBox/Menu/Root.pm line 51.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/HTML/Mason/Tools.pm line 114.
Use of uninitialized value in string ne at /usr/share/perl5/EBox/Menu/Root.pm line 51.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/HTML/Mason/Tools.pm line 114.
Use of uninitialized value in string ne at /usr/share/perl5/EBox/Menu/Root.pm line 51.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/HTML/Mason/Component/Subcomponent.pm line 34.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/HTML/Mason/Component/Subcomponent.pm line 34.
Use of uninitialized value in numeric lt (<) at /usr/share/ebox/templates/ajax/setter/textSetter.mas line 11.
Use of uninitialized value in numeric lt (<) at /usr/share/ebox/templates/ajax/setter/textSetter.mas line 11.
Use of uninitialized value in numeric eq (==) at /usr/share/ebox/templates/ajax/tableBody.mas line 499.
Use of uninitialized value in numeric eq (==) at /usr/share/ebox/templates/ajax/tableBody.mas line 499.
Use of uninitialized value in numeric eq (==) at /usr/share/ebox/templates/ajax/tableBody.mas line 499.
Use of uninitialized value in numeric eq (==) at /usr/share/ebox/templates/ajax/tableBody.mas line 499.
Use of uninitialized value in numeric eq (==) at /usr/share/ebox/templates/ajax/tableBody.mas line 499.
Use of uninitialized value in numeric eq (==) at /usr/share/ebox/templates/ajax/tableBody.mas line 499.
Use of uninitialized value in pattern match (m//) at /usr/share/perl5/EBox/Validate.pm line 774.
Argument "" isn't numeric in numeric lt (<) at /usr/share/perl5/EBox/Model/DataTable.pm line 2899.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/HTML/Mason/Component/Subcomponent.pm line 34.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/HTML/Mason/Component/Subcomponent.pm line 34.
Use of uninitialized value in numeric lt (<) at /usr/share/ebox/templates/ajax/setter/textSetter.mas line 11.
Use of uninitialized value in numeric lt (<) at /usr/share/ebox/templates/ajax/setter/textSetter.mas line 11.
Use of uninitialized value in string ne at /usr/share/perl5/EBox/Menu/Root.pm line 51.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in string ne at /usr/share/perl5/EBox/Menu/Root.pm line 51.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in subroutine entry at /usr/share/perl5/EBox/Gettext.pm line 48.
Use of uninitialized value in subroutine entry at /usr/share/perl5/EBox/Gettext.pm line 49.
Use of uninitialized value in subroutine entry at /usr/share/perl5/EBox/Gettext.pm line 72.
Use of uninitialized value in subroutine entry at /usr/share/perl5/EBox/Gettext.pm line 48.
Use of uninitialized value in subroutine entry at /usr/share/perl5/EBox/Gettext.pm line 49.
Use of uninitialized value in subroutine entry at /usr/share/perl5/EBox/Gettext.pm line 72.
Subroutine EBox::Loggerd::O_APPEND redefined at /usr/share/perl/5.8/Exporter.pm line 65.
 at /usr/lib/perl/5.8/POSIX.pm line 19
Subroutine EBox::Loggerd::O_CREAT redefined at /usr/share/perl/5.8/Exporter.pm line 65.
 at /usr/lib/perl/5.8/POSIX.pm line 19
Subroutine EBox::Loggerd::O_EXCL redefined at /usr/share/perl/5.8/Exporter.pm line 65.
 at /usr/lib/perl/5.8/POSIX.pm line 19
Subroutine EBox::Loggerd::O_RDWR redefined at /usr/share/perl/5.8/Exporter.pm line 65.
 at /usr/lib/perl/5.8/POSIX.pm line 19
Subroutine EBox::Loggerd::O_WRONLY redefined at /usr/share/perl/5.8/Exporter.pm line 65.
 at /usr/lib/perl/5.8/POSIX.pm line 19
Use of uninitialized value in subroutine entry at /usr/share/perl5/EBox/Gettext.pm line 72.
Use of uninitialized value in subroutine entry at /usr/share/perl5/EBox/Gettext.pm line 72.
Use of uninitialized value in string ne at /usr/share/perl5/EBox/Menu/Root.pm line 51.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Menu/Separator.pm line 44.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/HTML/Mason/Component/Subcomponent.pm line 34.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/HTML/Mason/Component/Subcomponent.pm line 34.
Use of uninitialized value in numeric lt (<) at /usr/share/ebox/templates/ajax/setter/textSetter.mas line 11.
Use of uninitialized value in numeric lt (<) at /usr/share/ebox/templates/ajax/setter/textSetter.mas line 11.
Use of uninitialized value in numeric eq (==) at /usr/share/ebox/templates/ajax/tableBody.mas line 499.
Use of uninitialized value in numeric eq (==) at /usr/share/ebox/templates/ajax/tableBody.mas line 499.
Use of uninitialized value in numeric eq (==) at /usr/share/ebox/templates/ajax/tableBody.mas line 499.
Use of uninitialized value in numeric eq (==) at /usr/share/ebox/templates/ajax/tableBody.mas line 499.
Use of uninitialized value in numeric eq (==) at /usr/share/ebox/templates/ajax/tableBody.mas line 499.
Use of uninitialized value in numeric eq (==) at /usr/share/ebox/templates/ajax/tableBody.mas line 499.
Use of uninitialized value in pattern match (m//) at /usr/share/perl5/EBox/Validate.pm line 774.
Argument "" isn't numeric in numeric lt (<) at /usr/share/perl5/EBox/Model/DataTable.pm line 2899.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/HTML/Mason/Component/Subcomponent.pm line 34.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/HTML/Mason/Component/Subcomponent.pm line 34.
Use of uninitialized value in numeric lt (<) at /usr/share/ebox/templates/ajax/setter/textSetter.mas line 11.
Use of uninitialized value in numeric lt (<) at /usr/share/ebox/templates/ajax/setter/textSetter.mas line 11.
Use of uninitialized value in pattern match (m//) at /usr/share/perl5/EBox/Validate.pm line 774.
Argument "" isn't numeric in numeric lt (<) at /usr/share/perl5/EBox/Model/DataTable.pm line 2899.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/HTML/Mason/Component/Subcomponent.pm line 34.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/HTML/Mason/Component/Subcomponent.pm line 34.
Use of uninitialized value in numeric lt (<) at /usr/share/ebox/templates/ajax/setter/textSetter.mas line 11.
Use of uninitialized value in numeric lt (<) at /usr/share/ebox/templates/ajax/setter/textSetter.mas line 11.

7
Installation and Upgrades / "a really nasty bug" - Can't open /var/log/ebox/ebox.log (Permission denied)
« on: February 01, 2010, 03:10:38 pm »
I was just trying to add a site to ban inside ebox. I added the site (farmville.com), clicked ok, told it to save the chanes and now I can't get back in ebox. I only get this message:


A really nasty bug has occurred
Exception
Can't open /var/log/ebox/ebox.log (Permission denied)
Trace
Can't open /var/log/ebox/ebox.log (Permission denied) at /usr/share/perl5/Log/Log4perl/Appender/File.pm line 102.



if I run " apt-cache policy ebox" I get this:
ebox:
  Installed: 1.3.19-0ubuntu1~ppa1~hardy1
  Candidate: 1.3.19-0ubuntu1~ppa1~hardy1
  Version table:
 *** 1.3.19-0ubuntu1~ppa1~hardy1 0
        500 http://ppa.launchpad.net hardy/main Packages
        100 /var/lib/dpkg/status
     0.11.99-0ubuntu11 0
        500 http://us.archive.ubuntu.com hardy/universe Packages


Help!!

Arch

8
Installation and Upgrades / scp backup will not run
« on: January 31, 2010, 08:44:01 pm »
I am using the most recent version marked "Core version      1.3.16 "

Any time I try to set ebox backup to run via scp I get a mail to the ebox user titled "/usr/share/ebox-ebackup/ebox-remote-ebackup --full" and it says:

root command /usr/share//ebox-ebackup/ebox-duplicity-wrapper remove-older-than 1D
--force scp://eboxuser@192.168.1.105 --ssh-askpass --no-encryption failed.
Error output: Host
key authenticity could not be verified (missing known_hosts entry?)
 Running 'sftp  eboxuser@192.168.1.105' failed (attempt #5)
 Giving up trying to execute 'sftp  eboxuser@192.168.1.105' after 5 attempts
 Traceback (most recent call last):
   File "/usr/bin/duplicity", line 463, in <module>
     with_tempdir(main)
   File "/usr/bin/duplicity", line 458, in with_tempdir
     fn()
   File "/usr/bin/duplicity", line 390, in main
     globals.archive_dir).set_values()
   File "/usr/lib/python2.5/site-packages/duplicity/collections.py", line 476, in
set_values
     backend_filename_list = self.backend.list()
   File "/usr/lib/python2.5/site-packages/duplicity/backends.py", line 504, in list
     l = self.run_sftp_command(commandline, commands).split('\n')[1:]
   File "/usr/lib/python2.5/site-packages/duplicity/backends.py", line 473, in run_sftp_command
     raise BackendException("Error running '%s'" % commandline)
 duplicity.backends.BackendException: Error running 'sftp  eboxuser@192.168.1.105'

Command output: .
Exit value: 1

I have tried running "sudo /usr/share/ebox-ebackup/ebox-remote-ebackup --full" from the command line but it gives the same error

Any ideas?

Thanks!

Arch

9
Installation and Upgrades / "Users" in Squid reports only show up as "127.0.0.1"
« on: January 07, 2010, 06:16:46 am »
I have installed three versions of Ebox (Ubuntu 8.04, 9.04, 9.10) several times...messing around with different configurations. In the current setup, all the squid reports show that everyone that connects is user "127.0.0.1". In previous versions, the IP address of the connecting workstations showed up (as in 192.168.1.2 or 198.168.1.3, etc)...any ideas why?

For example, the following are two entries from /var/log/squid/access.log from the two different machines

Bad machine
1262838205.802     82 127.0.0.1 TCP_MISS/200 572 POST http://safebrowsing.clients.google.com/safebrowsing/downloads?client=navclient-auto-ffox&appver=3.5.6&pver=2.2&wrkey=AKEgNiseWDf9tXOPq3ZZ54ir8sG7H594s7-57kHDbTfr0ZV2FpN2MWcJJgJbrNhDX0PNb9gAwNsXPli5l-VeQf_vLycCoYKJCg== - DIRECT/74.125.67.138 application/vnd.google.safebrowsing-update
1262838205.977     92 127.0.0.1 TCP_MISS/200 659 GET http://safebrowsing-cache.google.com/safebrowsing/rd/goog-phish-shavar_a_81151-81160.81151-81155.81156-81160: - DIRECT/74.125.165.36 application/vnd.google.safebrowsing-chunk

Good machine

1262462454.929    288 192.168.1.58 TCP_MISS/200 4025 GET http://otype.de/css/960gs/960.css - DIRECT/84.19.167.111 text/css
1262462455.070    427 192.168.1.58 TCP_MISS/200 8099 GET http://otype.de/css/otype.css - DIRECT/84.19.167.111 text/css


Any idea how this gets set??

Thanks!

Arch

10
Installation and Upgrades / Missing e-box modules in Ubuntu Karmic installation
« on: December 27, 2009, 11:01:18 pm »
I loaded what comes in the Ubuntu Karmic /9.10 repositories and it works very well. There are several modules that are missing from the Karmic / 9.10 standard packages…the main one being intrusion detection (ebox-ids). While I realize it is not supported, has anyone been able to add them?

 

Thanks!

 

Arch

11
Installation and Upgrades / Tons of error entrys in firewall filter log
« on: December 27, 2009, 03:08:34 am »

I get tons of entries like this in /var/log/syslog (and other log files):

Dec 26 20:57:16 eboxcomputer kernel: [14195.642736] ebox-firewall drop IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:5c:22:81:c1:08:00 SRC=xx.xx.xxx.1 DST=255.255.255.255 LEN=334 TOS=0x00 PREC=0x00 TTL=64 ID=0 PROTO=UDP SPT=67 DPT=68 LEN=314


The IP address of the external NIC  is  xx.xx.xxx.100. The logs record the hits at least a few times a second. Any ideas?

Thanks!

Arch




Pages: [1]