RCLUG invited Gianni Amato to LinuxDay2008 as speaker on Forensic Analysis with Linux. It is really nice to make Gianni’s acquaintance. He is really competent! Speaking with Gianni I discover that he wrote a nice python script to crypt/decrypt files called OCrypt.py. OCrypt.py has a GUI interface written in Tkinter. Gianni would like to write a GTK+ interface, but he hadn't much free time. So I offered to write a GTK+ interface for OCrypt.py using PyGtk and Python. Now, I recorded the creation of the interface with Glade using recordmydesktop.
There isn't my voice in these days I have a sore throat...
You can find updated glade file and the python script of OCrypt-gtk.py on my github.com repository.
giovedì 18 dicembre 2008
lunedì 15 dicembre 2008
DNS queries logging on WRT54GL
This morning I came up with another idea.
The last year I would try datamining on DNS data from my local dnsmasq.
But how could I collect all the queries of dnsmasq if it is installed on a WRT54GL without writing on the flash?
This morning I think, easy denever you could email the logs of dnsmasq on a dedicated gmail account.
So I looked for an smtp client on Kamikaze 7.09 which is installed on my WRT54GL:
Taking a look there I could configure /etc/ssmtp.conf as follows:
And then how to log queries with dnsmasq?
Reading the documentation of dnsmasq I find:
The log-queries option tells dnsmasq to verbosely log the queries it is handling and causes SIGUSR1 to trigger a complete dump of the contents of the cache to the syslog.
So in /etc/dnsmasq.conf I added the following line
But on Kamikaze 7.09 where dnsmasq writes the logs?
Dnsmasq uses syslogd for the logging.
Taking a look to /etc/init.d/boot you can find this:
So how to read the logs? Easy we use the logread.
How could we email this logs? For this purpouse I wrote a script:
And then we could email everything, using another script:
And then I want that mail_dnslog.sh running periodically so reading here and here I wrote a simple crontab.
The last year I would try datamining on DNS data from my local dnsmasq.
But how could I collect all the queries of dnsmasq if it is installed on a WRT54GL without writing on the flash?
This morning I think, easy denever you could email the logs of dnsmasq on a dedicated gmail account.
So I looked for an smtp client on Kamikaze 7.09 which is installed on my WRT54GL:
root@openwrt:~# ipkg info *smtp*
Package: ssmtp
root@openwrt:~# ipkg install ssmtp
Taking a look there I could configure /etc/ssmtp.conf as follows:
root={your email acc name}@gmail.com
mailhub=smtp.gmail.com:465
rewriteDomain=gmail.com
hostname=gmail.com
FromLineOverride=YES
UseTLS=YES
AuthUser=your username
AuthPass=your password
And then how to log queries with dnsmasq?
Reading the documentation of dnsmasq I find:
The log-queries option tells dnsmasq to verbosely log the queries it is handling and causes SIGUSR1 to trigger a complete dump of the contents of the cache to the syslog.
So in /etc/dnsmasq.conf I added the following line
log-queries
But on Kamikaze 7.09 where dnsmasq writes the logs?
Dnsmasq uses syslogd for the logging.
Taking a look to /etc/init.d/boot you can find this:
syslogd -C16 ${log_ip:+-L -R $log_ip}
So how to read the logs? Easy we use the logread.
How could we email this logs? For this purpouse I wrote a script:
root@openwrt:~# cat /bin/print_dnslog.sh
echo -e "Subject: DNS Log\n"
logread | grep query
And then we could email everything, using another script:
root@openwrt:~# cat /bin/mail_dnslog.sh
/bin/print_dnslog.sh | ssmtp mybackup_mail@gmail.com
And then I want that mail_dnslog.sh running periodically so reading here and here I wrote a simple crontab.
root@openwrt:~# crontab -e
* * * * * /bin/mail_dnslog.sh
domenica 14 dicembre 2008
NSLU2 && lighttpd && esmtp
This morning I came up with an idea. How could I know when someone access to my lighttpd webserver installed on my NSLU2?
The answer is easy, denever, active mod_accesslog and then take a look to the access.log!
Ok, but if I want to reaceive a mail for each access? :)
Reading there, I discovered that it is possible to redirect the access.log to a process.
So I wrote this line in the /etc/lighttpd/lighttpd.conf on my NSLU2:
The I installed and configured esmtp on my NSLU2:
Editing /etc/esmtprc:
But there is a problem: lighttpd write access.log only when is stopped...
So I shall not receive an email on each access on my webserver.
I will receive an email on each restart of lighttpd.
The answer is easy, denever, active mod_accesslog and then take a look to the access.log!
Ok, but if I want to reaceive a mail for each access? :)
Reading there, I discovered that it is possible to redirect the access.log to a process.
So I wrote this line in the /etc/lighttpd/lighttpd.conf on my NSLU2:
accesslog.filename = "| mail -i -s Webaccess my_email@anywhere.com"
The I installed and configured esmtp on my NSLU2:
apt-get install esmtp
Editing /etc/esmtprc:
hostname=smtp.googlemail.com
username=yourname@gmail.com
password=yourpass
starttls=enabled
But there is a problem: lighttpd write access.log only when is stopped...
So I shall not receive an email on each access on my webserver.
I will receive an email on each restart of lighttpd.
venerdì 12 dicembre 2008
GMAIL + IMAP + MUTT
How to use our gmail account from console with mutt?
So this is how I configured mutt to access my gmail account via IMAP.
Open your ~/.muttrc and set the following options
If your user account on gmail is yourname@googlemail.com then set your folder as follow:
Notice...yourpass will be saved in clear text on ~/.muttrc.
Do you want to save your postponed mail (written with mutt) on gmail drafts? :)
Add in your ~/.muttrc the following row:
And now, how to send email from mutt via smtp.googlemail.com?
As MTA I installed esmtp:
Then I configured mutt to use esmtp as MTA, adding in ~/.muttrc:
Then I configured esmpt editing /etc/esmtprc:
Notice that also /etc/esmtprc is a clear text, so yourpass would be read from root
So this is how I configured mutt to access my gmail account via IMAP.
Open your ~/.muttrc and set the following options
If your user account on gmail is yourname@googlemail.com then set your folder as follow:
set folder = imaps://yourname@imap.googlemail.com
set imap_pass = yourpass
Notice...yourpass will be saved in clear text on ~/.muttrc.
Do you want to save your postponed mail (written with mutt) on gmail drafts? :)
Add in your ~/.muttrc the following row:
set postponed = "=[Google Mail]/Drafts"
And now, how to send email from mutt via smtp.googlemail.com?
As MTA I installed esmtp:
apt-get install esmtp
Then I configured mutt to use esmtp as MTA, adding in ~/.muttrc:
set sendmail = "esmtp -v -X ~/tmp/esmtp.log"
Then I configured esmpt editing /etc/esmtprc:
hostname=smtp.googlemail.com
username=yourname@gmail.com
password=yourpass
starttls=enabled
Notice that also /etc/esmtprc is a clear text, so yourpass would be read from root
Iscriviti a:
Post (Atom)
