Archive for September, 2010
Snort has many logging ability’s, syslog, unixsock, tcpdumps, csv, xml, unified and my favourite, database. All these logging methods are great if you are going to look through your logs regularly. But if your busy doing other things or maintaining snort isn’t you main priority how are you expected to keep up to date with the logs.
I find that having snort email me every morning with a simple report is a much better way of ensuring that no one is attacking my systems. It only takes me a minute to read through the report and if there is something I think needs looking at I can easily log into my database and get as much information on the event as I need. So how do you setup email reports, well if you installed Snort on a Debian based system it is already installed, just not setup correctly: Read the rest of this entry »
Laptop batteries are generally Lithium-ion batteries, they work buy moving Lithium Ions from the negative electrode to the positive when being used and the opposite when they are charging. They are often used for laptops as they have the best energy-to-weight ratio of all the battery types and only slightly loose change when not in use (about 5-10% per month).
They do, as many of you will know, have several disadvantages, the most prominent being their shelf life. When you charge a Lithium-Ion battery it causes deposits in the electrolyte (much like limescale in your kettle). These deposits reduce the total charge of the battery as well as increasing internal resistance. This is why your laptop batteries eventually die and why laptop manufactures do no cover batteries under warranty, classing them as consumables. Read the rest of this entry »
An Intrusion Detection system is like a burglar alarm for your computer. It monitors you network and system activities for malicious activities or policy violations and reports to some kind of Management Station. This is great as it lets your know who where when & how people are trying to break into your network, and knowing this is half the battle. You may be thinking that this isn’t enough and you want to block all hacks from happening, well most IDS systems include some “Network Intrusion Prevention” features. However the main concern should be closing up vulnerabilities rather then blocking someone already trying to hack your systems ,after all its a bit late if they are already in your system, and this way you may block any innocent users.
Read the rest of this entry »
NRPE (Nagios Remote Plugin Executor) is a Nagios agent witch allows for remote system monitoring by executing scripts on a remote system allowing monitoring of disk usage, system’s load or number of users currently logged in and much more.
Normally Nagios can only monitor public services such as HTTP & FTP. This is great if you only want to monitor public servers, however I bet that most people want to monitor their own servers and have access to private information, that’s were NRPE comes in. It works on a client server basis, you install a daemon on the machine you want to monitor, then setup your Nagios server to connect to the remote daemon to gather information Read the rest of this entry »