Archive

Archive for the ‘Geeky stuff’ Category

Snort IDS

May 22, 2007 Leave a comment

I am redoing the IDS system at work.  The current IDS uses snort and BASE.  Base just isn’t able to keep up under the current load.  We got a new quad core server with 4 gigs of ram that should do nicely for base.  I also decided to redo the sensors at the same time.  They were both running FreeBSD and I wanted to go to CentOS 5 because I am much more familiar with it than FreeBSD.  I installed CentOS 5 and did a test run with tcpdump.   It just can’t keep up the kernel is dropping packets even when loging just the raw packets to a file.  The traffic isn’t huge its about 3000 packets per second (around 32 Mbps).  Even after tunning some kernel parameters and some network parameters it was still dropping packets.

From what I have read the FreeBSD network stack is a lot better at this type of thing.  I am testing another FreeBSD box to see if it can keep up without dropping packets.  If it can keep up then I am going to use freeBSD for the sensors and stick with CentOS for the BASE front end.

UPDATE:  FreeBSD took it like a champ 0 dropped packets, so it looks like its FreeBSD for snort

Categories: Geeky stuff, Security

mdid Mysql authentication

November 3, 2006 Leave a comment

Mdid mysql authentication is finished, it is a dirty dirty dirty hack, but it works. Had to chop it into active directory authentication method since mdid does not support two different methods at the same time. Defiantly getting better at C# active directory took me a few days, since I don’t know how the AD api worked and also because I was hacking up someone else’s code. Mysql authentication took maybe 2 hours and most of that was googleing how to implement md5(base64) hashing in c#, it’s actually in System.Security.Cryptography which is nice, didn’t have to write my own function.

Categories: Geeky stuff

Compiling Apache

March 9, 2005 Leave a comment

One of my least favorite things to do is compiling apache. All the different modules are always a pain to get working. Webdav, modssl, php with gd curl fdftk pdflib etc, mod perl, etc. Unfortuantly I use odd addons to php so I almost have to compile. Finally after over a day of fussing I got a newversion up on the main web server. Now that I have curl I can finish my project for authinticating students using ssl and a php script on another server.

Categories: Geeky stuff

RHCE

June 16, 2003 Comments off

I passed the RHCE exam, and I might add I did it without installing X, damn I rock.
Dear Jeffrey B. Holden:
The results of your RHCE Certification Exam are reported below. The
RHCE Certification Exam allows candidates to qualify for the
Red Hat Certified Engineer (RHCE) and Red Hat Certified Technician
(RHCT) certificates. Please note that the RHCE designation is
understood to both include and supersede the RHCT designation.
SECTION I: TROUBLESHOOTING
RHCE requirements: completion of compulsory items (50 points)
RHCT requirements: completion of compulsory items (50 points)
Compulsory troubleshooting score: 50.0
Non-compulsory troubleshooting score: 50.0
Total troubleshooting score: 100
SECTION II: MULTIPLE CHOICE
RHCE minimum requirement: 50 percent
RHCT minimum requirement: none
Multiple choice score: 90.0%
SECTION III: INSTALLATION AND CONFIGURATION
RHCE minimum requirements: total section score of 50 percent
70 percent on RHCT components
70 percent on RHCE-specific components
RHCT minimum requirement: 70 percent on RHCT components
Installation and Configuration score: 85.9
RHCT score: 81.8%
RHCE score: 87.5%
RHCE overall requirement: average of 80 for Sections I, II, and III
Your average: 91.97%
RHCE Certification: PASS
Congratulations — you are now certified as a Red Hat Certified
Engineer! Your RHCE Certificate number is 809003516308049.
The attached file is your personal print-ready certificate.
Please reply to this email address if your name does not appear
correctly, and we will send a modified version of the certificate.
You are entitled to print this document and use it to demonstrate
that you are an RHCE, provided you remain an RHCE in good standing.
You may not modify or change the document’s contents in any way, nor
may you appropriate any elements of this document for use in other
electronic documents or printed materials. You may only print the
document in its entirety. Any other use of the document must be
approved by Red Hat, Inc.
Your RHCE number should be available for verification at Red Hat
Certification Central:
http://www.redhat.com/training/certification/verify/?rhce_cert_display:certno=809003516308049&rhce_cert_display:verify_cb=Verify
You can verify the certificates of other RHCEs and RHCTs at
https://www.redhat.com/training/certification/verify
Please visit RHCE Connection, our web site exclusively for RHCEs:
https://www.redhat.com/training/certification/
There you will find special offers from Red Hat, logo art, job
listings, and more. You can also use the site to manage your contact
information. In order to access the site, you will need a PIN number.
You can have the PIN sent to the email address we have on file at
https://www.redhat.com/training/certification/lostpin.html
Certification in Red Hat Linux opens up new opportunities. We hope
you will keep Red Hat updated with your experiences and successes
with Red Hat Linux.
Please feel free to call or email with ideas and suggestions as to ways
we can enhance our Red Hat Linux training and certification programs.
Thank you very much for your interest in Red Hat Linux!
Red Hat Certification Central <rh-09991@redhat.com>

Categories: Geeky stuff, Uncategorized