Posts Tagged ‘lead’

Migration of audit messages from snoopy to auditd

Tuesday, April 20th, 2010

his article may be out of date and may be deleted in the future.

This article explains the migration from the previous service "Snoopy" to "Auditd". Only commands that are executed as a user with root rights should be recorded here.

 

Uninstall/disable snoopy
 

Configuration of auditd

Files needed
Auditd start/stop script

/etc/init.d/auditd

Rules for monitoring by auditd

/etc/audit/audit.rules

Auditd plugin for syslog service

/etc/audisp/plugins.d/syslog.conf

Edit the /etc/audit/audit.rules file
Auditd can be specifically configured to capture and exclude messages. The following list is helpful for excluding certain event entries ("msgtype"):

* 1000 – 1099 are for commanding the audit system
* 1100 – 1199 user space trusted application messages
* 1200 – 1299 messages internal to the audit daemon
* 1300 – 1399 audit event messages
* 1400 – 1499 kernel SE Linux use
* 1500 – 1599 AppArmor events
* 1600 – 1699 kernel crypto events
* 1700 – 1799 kernel abnormal records
* 1800 – 1999 future kernel use (maybe integrity labels and related events)
* 2001 – 2099 unused (kernel)
* 2100 – 2199 user space anomaly records
* 2200 – 2299 user space actions taken in response to anomalies
* 2300 – 2399 user space generated LSPP events
* 2400 – 2499 user space crypto events
* 2500 – 2999 future user space (maybe integrity labels and related events)

Adding the rules

In order for auditd to record the desired events, rules must be defined.

List of rules set up
Below is a list and explanation of the rules set up:

-a exclude,always -F msgtype>=2400 -F msgtype<=2499
-a exclude,always -F msgtype=PATH
-a exclude,always -F msgtype=CWD
-a exclude,always -F msgtype=EOE
-a exit,always -F arch=b64 -F auid!=0 -F auid!=4294967295 -S execve
-a exit,always -F arch=b32 -F auid!=0 -F auid!=4294967295 -S execve

The first rule excludes crypto events in user space – these include, for example, messages about a user logging in.
The second through fourth rules remove the information not necessary for monitoring before it is logged.
The fifth and sixth rules capture the commands entered by users moving within an interactive shell. Services etc. executed by the system are therefore not recorded.
It should be noted here that a separate rule must be created for systems that contain both 32- and 64-bit commands and libraries.

Rule syntax

In general, it makes sense to keep the number of existing rules low in order to reduce the load. Therefore, if possible, several rule fields (-F option) should be combined in one rule. Since Auditd obviously has a problem with multiple event entries that are defined in plain text, these have been created in individual rules. The syntax description of the individual rules is given in the next listing:

-a contains the instructions
The action value "exclude" and the list value "always" are specified for rules that should not lead to any log entry
The action values ​​"exit" and "always" have been specified for rules that should lead to a log entry
"exit" stands for a log entry after the command has been executed
-F defines a rules field
Depending on the application, the rules defined here filter by event entry ("msgtype"), architecture ("arch") and login UID ("auid").
-S stands for the syscall. In the rules that should lead to a log entry, the value "execve" is monitored – i.e. when commands are executed.

Redirect to syslog

Within the file /etc/audisp/plugins.d/syslog.conf the value

active = no
on

active = yes
set.

restart auditd with the command

/etc/init.d/auditd restart
the settings are accepted.

Additional information

The following man pages can be consulted for more information:

auditctl
audit.rules
auditd
auditd.conf

Saint Markianos and Martyrios a church reader and sub-deacon holy martyrs for Christ – The feast of Sub-deacons

Sunday, October 25th, 2020

saint-Markian-and-Saint-Martirios-cleargymen-church-martyrs-3rd-century
Saint Markianos (Saint Markian) and Martyrios are little known saints in the Western realm and there is too little of information in English about this two early martyrs who lived circa year 340. What is special about them is that besides being a strong confessors of the True Eastern Orthodox faith, they served in the Church as simple 'reader' and 'sub-deacon'. This two designations were very much respected in the early Church as sub-deacons were usually the ones who have served in the Church inseparable as a Church service helpers to the patriarchs or some high clergy as Metropolitans and Bishops. We have many saints in the Church that are from a simple warriors as Saint Georg and Saint Dimitrios the Wonderworker (The MyrhBringer) to monks, bishops, patriarchs and pretty much all kind of people from the society from the begger to the richest and most famous kings and queens. However it is rare to meet in the ( Act of the Martyrs – latin: Acta Martyrum), to find  canonized saints that were in the lowest step in Church hierarchy as a simple 'psalm' and holy writtings reader or a sub-deacon. A Sub-deacon for those who don't know is a pearon that is a like a servant helper to the priest or bishop) that has been responsible for helping with the Church service and resolution of material and administrative needs of the christian community.
Usually in the Eastern Orthodox Church, the church reader or sub-deacons were and asre still called hipodeacon or "ipodiakon" in Greek / Slavonic church language), they didn't have the right at that early ages of christianity to publicly teach on faith matters or do apologetics (defendings of faith), however this 2 saintly man Markianos and Martyrios seem to have been a burning with the power of the spirit of God in their heart and the situation they were put in when the Church was under persecution and the patriarch Paul of Constantinople I (was patriarch from 340 ~ 350 AD). Saint Paul removed from his Church headship sent to Exile in Armenia and some time after drawned. He is commemorated in the Church on 6th of November. Hence considering situation St. Markian and Martyrius had to either defend and die for the faith or be scared and run away far in the caves or distant places of the empire such as villages on the outskits far away from the center city Rome …

The Heresy of Arius has been the most modern and the new modified faith claiming Christianity gathering followers in a viral way, and due to that the Arians have been in position where most of the public authorities in the Roman empire has been on their side against the Orthodox Christians.

Marcian_and_Martyrius_the_notaries_of_Constantinople-circa-355AD. 

Due to that in the church communities in near and distant lands of empire, the Arians were fiercely persecuting the Orthodox, and for a time even Emperor Saint Constantine The Great were deceived by their hypocrisy. It was terrible times for true confessors of faith. But not only Arians were persecuting Christians, as paganism were still deeply rooted in many of the lands and the Edict of Mediolan who gave equal rights to the religion in AD 313 was not strictly followed and senators of Roman regions with Paganist beliefs, were also harshly raising persucutions against their enemies the Christians who according to them are destroying the ancient culture and beautfy of paganism, not venerating the old pagan gods and against the wicked debauchery customs who were followed by pagans in 3rd / 4th century.

beheading-of-saint-Martyrios

Practically everyone who have admitted publicly Jesus Christ as a Creator of the World and a Son of God one hipostasys of the Holy Trinity God The Father, The Son and the Holy Spirit, were captured put to prison and quickly executed, if they don't turn out from their christian beliefs.

Arians has taken a lead even more with the set on the throne of Emperor Constantius II the son of Constantine I-st, as he has also fallen in the Arianism* heresy and who has taken in the court as a close advisory Eusebius and Philip who due to their half-pagan half-arian half superstitious understanding of the world have led a fierce war against Christianity and did a lot of evils to Christ Church.

* Arianism – believes that Jesus Christ is the Son of God, who was begotten by God the Father, and is distinct from the Father (therefore subordinate to him), but the Son is also God the Son but not co-eternal with God the Father. Arian theology was first attributed to Arius (c. AD 256–336), a Christian presbyter in Alexandria of Egypt.
saint-Markian-and-Saint-Martirios-cleargymen-church-martyrs-3rd-century.jpg
Until dethronment of Patriarch Paul I, St. Markianos and St. Martyrios have been a notaries of St. Paul (a typist to the patriarch and a kind of personal secretaries of the Patriarch) besides serving as Church reader and sub-deacon. They were famous for their time with their warm preaching of the Words of God – the Gospel of the Christ following the example of the apostles. Due to the raising heresies they also take an active part in writting many documents against the heretical "arians" and so called "macedonians" who teached anti-christian teachings who were newly invented and unknown to the ancient church teachings. They've had a special gift from God to be able to speak in a way to defend the faith so noone with his knowledge or high-education couldn't stand overcome them in disputes on church matters and many times they have disputed with Arian heretics exposing their fallacy (delusions) putting them to shame.

After the exile of Patriarch Paul heresy-archs arians turned their poisonous hatred against the patriarch two pupils Markianos and Martyrios. Craftly acting they acted slyly with a craftul lie and promised them a lot of gold a good place in the emperor's court, to raise them in the church hierarcy (in the part of the church which was already confessing arian heresy) and give them a lot of privileges from the king with the condition to accept, support and confess arianism.

But God's servents despised everything from this world, rejected the offered golden gifts, preferred eternal Heavenly honors than short and vain worldly and even laughed at them.

As Arians saw nothing can't convince them to their malice teaching, heretics condemned them to death, which was desired by the confessors (which remembered well the exile and the manly martyrdom of their teacher St. Patriarch Paul) and with all their being desired to be with Christ in the Eternal prepared palaces, where life will be without end in never ending bliss as promised by Christ in the Holy Scriptures. They preferred Christ more than the temporary life enjoyments.

saint_Markian-and_Martirios-orthodox-icon

When brought to the place of the execution of their false made accusement and sentence for being blasphemers of Christ, two saints asked for a small time
to pray. Brough up their eyes to the heaven and prayed with the words:

" – Oh Lord, who have unseenly created our hearts, who arrange all our deeds – "He formed the hearts of them all; he understands everything they do." (Psalm 33:15), receive with peace the souls of your servents, because we're mortified for your name – "Yet for Your sake we are killed all day long; We are accounted as sheep for the slaughter." (Psalm 44:22). We're joyful that you give us such a death, we depart from this life because of your name. Let us to participate in the eternal life in You, the source and giver of life."

Praying with this words, they bowed their holy heads and under sword and was killed by beheading by the unfortunate arians because of their confession of the divinity of Christ as true uncreated Son of God who existed before all ages before the creation of the world as we Christians believe to this date.

Some of the Christians took their holy relics and buried them outside the Melandissia Gate of the Constantinople. Later Saint John of Chrysostom built a church in their name over the place of their miracle-working relics. There the sick for many ages received divine healings  of different incurable diseases by the prayers of the holy martyrs of God, Praised in Trinity in all ages.

By the prayers of your Holy Martyrs St. Markianos and Martyrios Lord Jesus Christ have mercy on us !

Apache increase loglevel – Increasing Apache logged data for better statistic analysis

Tuesday, July 1st, 2014

apache-increase-loglevel-howto-increasing-apache-logged-data-for-better-statistic-analysis
In case of development (QA) systems, where developers deploy new untested code, exposing Apache or related Apache modules to unexpected bugs often it is necessery to increase Apache loglevel to log everything, this is done with:

 

LogLevel debug

LogLevel warn is common logging option for Apache production webservers.
 

Loglevel warn


in httpd.conf is the default Apache setting for Log. For some servers that produce too many logs this setting could be changed to LogLevel crit which will make the web-server log only errors of critical importance to webserver. Using LogLevel debug setting is very useful whether you have to debug issues with unworking (failing) SSL certificates. It will give you whole dump with SSL handshake and reason for it failing.

You should be careful before deciding to increasing server log level, especially on production servers.
Increased logging level puts higher load on Apache webserver, as well as produces a lot of gigabytes of mostly useless logs that could lead quickly to filling all free disk space.

If you  would like to increase logged data in access.log / error.log, because you would like to perform versatile statistical analisys on daily hits, unique visits, top landing pages etc. with Webalizer, Analog or Awstats.

Change LogFormat and CustomLog variables from common to combined.

By default Apache is logging with following LogFormat and Customlog
 

LogFormat "%h %l %u %t "%r" %>s %b" common
CustomLog logs/access_log common


Which will be logging in access.log format:

 

127.0.0.1 – jericho [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326


Change it to something like:

 

LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"" combined CustomLog log/access_log combined


This would produce logs like:

127.0.0.1 – jericho [10/Oct/2000:13:55:36 -0700] “GET /apache_pb.gif HTTP/1.0” 200 2326 “http://www.example.com/start.html” “Mozilla/4.08 [en] (Win98; I ;Nav)"

 

Using Combined Log Format produces all logged information from CustomLog … common, and also logs the Referrer and User-Agent headers, which indicate where users were before visiting your Web site page and which browsers they used. You can read rore on custom Apache logging tailoring theme on Apache's website

The Lord’s Prayer – Otche Nash in 10 Languages Choire performance (The Lord’s Prayer in Church Slavonic, Russian, English, Syriac, Egyptian, Bulgarian, Serbian, Macedonian, Latin)

Friday, November 30th, 2012

The Lord's Prayer – Otche Nash, Отче Наш (Slavonic with English)

Otche nash in Church Slavonic in Glagolica Otche nash in Church Slavonic in Glagolica

Ѿче на́шъ иже еси на н[е]б[е]се[хъ],

 да с[вѧ]ти́тсѧ и́мѧ Твое́,

да прїидетъ ц[а]рствїе Твое́,

да буде[тъ] волѧ Твоѧ́,

ѧко на н[е]б[е]си и на земли́.

Хлѣ́бъ на́шъ насущныи да́ждъ на́мъ дне́сь,

и оста́ви на́мъ дол[ъ]гы на́ша,

ѧко и мы оставлѧ́емъ дол[ъ]жникомъ на́ши[мъ].

 и не в[ъ]веди на́съ в напа́сть

но изба́ви на[съ] ѿ лука́ваго:

 ѧко твое есть ц[а]рствїе

и сила и слава во в[е]ки.

Аминь.

 

Otche Nash in modernized Church Slavonic

Отче на́шъ иже еси на небесехъ,
да святи́тся и́мя Твое́,
да прїидетъ царствїе Твое́,
да будетъ воля Твоя́,
яко на небеси и на земли́.
Хлебъ на́шъ насущныи да́ждъ на́мъ дне́сь,
и оста́ви на́мъ долъгы на́ша,
Яко и мы оставля́емъ долъжникомъ на́шимъ.
и не въведи на́съ в напа́сть
но изба́ви насъ от лука́ваго:
Яко твое есть царствїе
и сила и слава во веки.
Аминь.

Русские переводы 1860 г.

Отче нашъ, сущій на небесахъ!
да святится имя Твое;
да пріидетъ Царствіе Твое;   
да будетъ воля Твоя и на землѣ, какъ на небѣ;
хлѣбъ нашъ насущный дай намъ на сей день;
и прости намъ долги наши, какъ и мы прощаемъ должникамъ нашимъ;
и не введи насъ в искушеніе, но избавь насъ от лукаваго

 

 

Отче наш in Russian Language

The Lord's Prayer (Modern English)

Our Father, who art in heaven, hallowed be Thy name. Thy Kingdom come, Thy will be done, on earth as it is in heaven. Give us this day our daily bread; and forgive us our trespasses as we forgive those who trespass against us; and lead us not into temptation, but deliver us from the evil.

The Lord's Prayer in (Old English KJV translation)

Our Father, who art in heaven, hallowed be Thy name.
Thy Kingdom come, Thy will be done, on earth as it is in heaven.
Give us this day our daily bread;
and forgive us our trespasses
as we forgive those who trespass against us;
and lead us not into temptation,
but deliver us from evil.

The Lord's Prayer in Anglo Saxon (Old English) – Faeder Ure

Отче наш на Български (In  Bulgarian) (In  Bulgarian) 

Отче наш, Който си на небесата!
Да се свети Твоето име,
да дойде Твоето Царство,
да бъде Твоята воля,
както на небето, тъй и на земята;
насъщния ни хляб дай ни днес,
и прости нам дълговете ни,
както и ние прощаваме на нашите длъжници,
и не въведи нас в изкушение,
но избави ни от лукавия;
защото Твое е царството,
и силата, и славата вовеки.
Амин

 

 Български Песнопения – Отче наш

Otche Nash in Greek

Πάτερ ἡμῶν ὁ ἐν τοῖς οὐρανοῖς ἁγιασθήτω τὸ ὄνομά σου· ἐλθέτω ἡ βασιλεία σου· γενηθήτω τὸ θέλημά σου, ὡς ἐν οὐρανῷ καὶ ἐπὶ τῆς γῆς· τὸν ἄρτον ἡμῶν τὸν ἐπιούσιον δὸς ἡμῖν σήμερον· καὶ ἄφες ἡμῖν τὰ ὀφελήματα ἡμῶν, ὡς &kapp a;αὶ ἡμεῖς ἀφίεμεν τοῖς ὀφειλέταις ἡμῶν· καὶ μὴ εἰσενέγκῃς ἡμᾶς εἰς πειρασμόν, ἀλλὰ ῥῦσαι ἡμᾶς ἀπὸ τοῦ πονηροῦ. [Ὅτι σοῦ ἐστιν ἡ βασιλεία καὶ ἡ δύναμις καὶ ἡ δόξα εἰς τοὺς αἰῶνας· ἀμήν.

 

Отче наш по греческ и с субтитрами и переводом (Pater imon)

bun d-bashmayo nithqadash shmokh tithe malkuthokh nehwe sebyonokh aykano d-bashmayo oph bar`o hab lan lahmo d-sunqonan yowmono washbuq lan hawbayn wahtohayn aykano doph hnan shbaqan l-hayobayn lo ta`lan l-nesyuno elo paso lan men bisho metul d-dylokh hi malkutho whaylo wteshbuhto l`olam `olmin Amin

Syriac Orthodox Prayer Abun D'Bashmayo (The Lord's Prayer)

The Lord's prayer in Latin language (IX century) – Cod.Sang. 17

Pater noster qui in celis es, sanctificetur nomen tuum, veniat regnum tuum, fiat voluntas tua, sicut in celo et in terra, panem nostrum supersubstantialem da nobis hodie, et dimitte nobis debita nostra, sicut et nos dimittimus debitoribus nostris, et ne nos inducas in temptationem, sed libera nos a malo.


The Lord's prayer in Coptic Language (Egyptian)

Je peniwt etqen niv/oui: mareftoubo n~je pekran: mareci~ n~je
tekmetouro: petehnak marefswpi: m~v~r/] qen t~ve: nem hijen pikahi:
penwik n~te rac]: m/if nan m~voou: ouoh ,a n/e~teron nan e~bol: m~v~r/]
hwn: n~ten,w e~bol: n~n/e~te ouon n~tan e~rwou: ouoh m~perenten e~qoun
e~piracmoc: alla nahmen e~bol ha pipethwou: qen Pi,~rictoc: I/couc
Pen[oic: je ywk te ]metouro: nem ]jom: nem piwou: sa e~neh: a~m/n.
Je penyoat et khen ni fee owi: maref toovo en je pekran: mares ee en je tek met ooro: petehnak maref
shoapi: em efreeti khen et fe: nem hijen pi kahi: pen oik ente rasti: meef nan em fo oo: owoh ka nee e
te ron nan evol: em efreeti hoan: en ten koa evol: en nee e te oo on entan eroa oo: owoh em perenten
ekhoon e pi rasmos: alla nahmen evol ha pi pet hoa oo: khen pi ekhristos: Eesoos Penchois: je thoak
te ti met ooro: nem ti gom: nem pi oa oo: sha eneh: ameen.

 

The Lord's Prayer in Coptic (Egyptian Language)

Pater Nostra with English Translation

Interesting comment to make here is in the English translation the prayer is said to say "but deliver us from evil", where in Church slavonic Orthodox Church text the text is literally translated reading "deliver us from the evil one", stressing that evil is not an abstract force as most of modern people think but it is personalized and there is the evil one which is has a personality and is not some abstract force like taught and belived by multitudes of people including Christians today.

Molitva Gospodnia (Oce Nash) in Serbian Language

Оче наш који си на небесима,
да се свети име твоје;
да дође царство твоје;
да буде воља твоја и на земљи као на небу.
Хљеб наш насушни дај нам данас;
и опрости нам дугове наше као и ми што опраштамо дужницима својим;
и не уведи нас у искушење,
но избави нас од злога.
Јер је твоје царство и сила и слава, Оца и Сина и Светога Духа, сада и увијек и у вјекове вијекова. Амин.  

Oce Nash (The Lord's Prayer) by George Milosh in Saint Elias Serbian Orthodox Church in Aliquippa, PA


Otche Nash (Oche Nash) in Macedonian Language

 

The Lord's Prayer in Macedonian Language

Оче наш, кој си на небесата,
да се свети името Твое;
да дојде царството Твое;
да биде волјата Твоја
како на небото, така и на земјата.
Лебот наш насушен дај ни го денес,
и прости ни ги долго вите наши,
како што им ги проштаваме и ние на нашите должници.
И не воведувај нѐ во искушение
но избави нѐ од лукави от.

 

Oče naš – Otche nash in Croatian Language

Oče naš,
koji jesi na nebesima,
sveti se ime Tvoje,
dođi kraljevstvo Tvoje,
budi volja Tvoja,
kako na nebu, tako i na zemlji.

Kruh naš svagdanji daj nam danas,
i otpusti nam duge naše,
kako i mi otpuštamo dužnicima našim,
i ne uvedi nas u napast,
nego izbavi nas od Zloga!.
Amen.

After some exploration, I've noticed there is a website with the effort to collect on one place The Lord's prayer in All present talkable Languages – check it here

How to exclude sorbs.net for a particular IP address in Qmail Mail server install / Fix to Thunderbird mail sent error (Exploitable Server See: http://www.sorbs.net/lookup.shtml?xx.xx.xx.xx) error

Tuesday, November 1st, 2011

In the office, some of my colleagues has started receiving error messages, while trying to send mail with Thunderbird and Outlook Express
The exact error they handed to me reads like this:

An error occured while sending mail. The mail server responded: Exploitable Server See:
http://www.sorbs.net/lookup?xx.xx.xx.xx. Please check the message recipient

Here is also a screenshot, I’ve been sent via Skype with the error poping up on a Thunderbird installed on Windows host.

Typing the url http://www.sorbs.net/lookup?xx.xx.xx.xx lead me to sorbs.net to a page saying that the IP address of the mail client which is trying to send mail is blacklisted . This is not strange at all condireng that many of the office computers are running Windows and periodically get infected with Viruses and Spyware which does sent a number of Unsolicated Mail (SPAM).

The sorbs.net record for the IP seems to be an old one, since at the present time the office network was reported to be clear from malicious SMTP traffic.

The error sorbs.net disallowing the mail clients to send from the office continued for already 3 days, so something had to be done.

We asked the ISP to change the blacklisted IP address of xx.xx.xx.xx , to another one but they said it will take some time and they can’t do it in a good timely matter, hence to make mail sending work again with POP3 and IMAP protocols from the blacklisted IPs I had to set in the Qmail install to not check the xx.xx.xx.xx IP against mail blacklisting databases.

On qmail install disabling an IP check in RBLSMTPD is done through editting /etc/tcp.smtp and following recreate of /etc/tcp.smtp.cdb – red by qmailctl script start.
The exact line I put in the end of /etc/tcp.smtp to disable the RBLSMTPD check is:

xx.xx.xx.xx:allow,RBLSMTPD="",RELAYCLIENT="",QS_SPAMASSASSIN="0"

Further on to recreate /etc/tcp.smtp.cdb and reload the new cdb db records:

qmail:~# qmailctl cdb
qmail:~# qmailctl restart
...

Onwards, the sorbs.net IP blacklist issue was solved and all office computers from xx.xx.xx.xx succeeded in sending mails via SMTP.