Securing Linux: Setting up AIDE

December 6th, 2011

Part of the process in creating a more secure Linux enviornment is tracking changes to sensative system files. The Advanced Intrusion Detection Environment (AIDE) was developed as a GPL replacement for Tripwire. Aide takes a “snapshot” of the state of the system, registering hashes, modification time and other data regarding specific files. This “snapshot” is used to build a database that can be checked against current file states to determine if modifications have taken place. The AIDE system is straight forward to setup and maintain, with a couple of caveats. The AIDE manual can be found here.

In general, you should install AIDE on a new system, before plugging it into the network. Once you take the initial system snapshot, you should archive a copy of that snapshot offline — to be used as a future integrity reference. Here are the general steps to setting up a new AIDE installation on CentOS 5.x:
1) Install: #yum install aide
2) Initialize: #/usr/sbin/aide –init
3) Archive the initial database snapshot: #cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
4) Copy the snaphot offline (using SFTP etc)
5) Run a check to ensure you have a clean setup: #/usr/sbin/aide –check

The last step runs a check of current files against your AIDE database. Assuming you run the check immediately after initialization, you should get a confirmation that your setup is good:
AIDE, version xx.xx.xx
### All files match AIDE database. Looks okay!

6) Create a cron job to run a check periodically (at least daily is recommended), and send the results to a monitored email:
-> create a file in /etc/cron.daily/aide.cron with the following contents:
#!/bin/bash
/usr/sbin/aide –check | /bin/mail -s “Daily Aide Data” email@host.com

The database, by default resides in /var/lib/aide, and the configuration file is /etc/aide.conf
Note that SELinux needs to be enabled (and in at least “permissive” mode) for AIDE to process correctly. If you see errors such as:
“lgetfilecon_raw failed for /usr/share/apps/…:No data available” during initialization it is probably related to SELinux. If you can’t (or won’t) turn on SELinux, you can edit the aide.conf file to remove all references to selinux as follows:

Add these lines (you are really changes R, L and > defaults):
R=p+i+n+u+g+s+m+c+acl+xattrs+md5
L=p+i+n+u+g+acl+xattrs
>=p+u+g+i+n+S+acl+xattrs

Also, find and change these lines as follows (note these are default values, simply removing “+selinux”):
#DIR = p+i+n+u+g+acl+selinux+xattrs
DIR = p+i+n+u+g+acl+xattrs

#PERMS = p+i+u+g+acl+selinux
PERMS = p+i+u+g+acl

#DATAONLY = p+n+u+g+s+acl+selinux+xattrs+md5+sha256+rmd160+tiger
DATAONLY = p+n+u+g+s+acl+xattrs+md5+sha256+rmd160+tiger

  • Share/Save/Bookmark

jeff moore General, Productivity, Security

AT&T-Mobile Merger Rebuttal

May 9th, 2011

In an open letter to the FCC, Sascha Segan brings some enlightened and cogent arguments — from a consumers point of view — regarding the proposed AT&T-Mobile merger. http://www.pcmag.com/article2/0,2817,2384729,00.asp

  • Share/Save/Bookmark

admin General

Future of credit card form factor

October 6th, 2010

Kit Eaton at FastCompany posted an interesting article yesterday regarding the probable future of the plastic in your wallet. Yes, you’ve probably heard about RFID before, but as the prevalence of smartphone technology continues its inexorable march forward (“55.7 million people in the U.S. owned smartphones during the three months ending in August, up 14 percent from the the May period”), using smartphone technology to replace a piece of magnetized plastic makes more and more sense.

  • Share/Save/Bookmark

jeff moore General

Geek Productivity Tip: Undo a sent gmail message & include Bob

August 23rd, 2010

Yet Another Reason gmail Rocks! — Undo Send

Have you ever pressed the “Send” button in gmail — then immediately realized that you forgot to include an attachment, or all appropriate recipients — and wished you could “Undo” the transmission of that message? Well now you can thanks to Gmail Labs! Here is a “how-to” article on Mashable.

Bob

There are two other Lab entries that you should check out: “Got the wrong Bob?” and “Don’t Forget Bob”. The first tries to help reduce the chance of sending mail to the wrong recipient. When was the last time you got an email from a stranger asking, “Are you sure you meant to send this to me?” and promptly realized that you didn’t? Sometimes these little mistakes are actually quite painful — personal info to some random guy named Bob instead of Bob the HR rep? Doh!

“Got the wrong Bob?” is a Labs feature aimed at sparing you that kind of embarrassment. Turn it on from the Labs tab under Gmail Settings, and based on the groups of people you email most often, Gmail will try to identify when you’ve accidentally included the wrong person — before it’s too late. For example, if you normally email Bob Jones together with Mark and Susan, but this time you added Bob Smith instead, gmail will warn you that it might be a mistake.

“Don’t Forget Bob” is a Labs feature that helps remind you to include the correct group of recipients. Gmail suggests more people you might want to include based on the groups of people you email most often.

Drop me a comment and let me know about your favorite “Lab”!

  • Share/Save/Bookmark

jeff moore Productivity

Geek Productivity Tip: Access bookmarks from anywhere

September 13th, 2009

Introduction

Your web browser’s bookmarks come in handy for organizing and quickly retrieving your frequently-used sites (and, of course, as a memory-jogger for those infrequently-visited but important web pages). Unfortunately, sometimes technology can come between you and your bookmarks — maybe you’d like to synchronize the bookmarks on your work and home computer, maybe you need to access a site from a public machine, and at the least we all should periodically make backups of our local bookmarks in case of hardware failure. There are several options for storing and accessing your bookmarks from the cloud — allowing you to use them from anywhere, and on any machine. While there are many services and plugins available, I’ve chosen three services that allow you to store, access and and share your bookmarks in the cloud. The first, Xmarks, puts a priority on synchronization of bookmarks across multiple computers, while del.icio.us and diigo put an emphpasis on the social aspects of sharing those bookmarks with others.

Xmarks

Of the several browser plugins available, Xmarks does a great job of saving your bookmarks online. Available as a free download for IE, Firefox and Safari browsers, once you install Xmarks and create an account, it saves your bookmarks online.

  • Install Xmarks on each computer you use, and it seamlessly integrates with your web browser and keeps your bookmarks safely backed up and in sync. Xmarks will sync across browsers too. From my point of view, sync is definitely Xmarks strongest feature.
  • Of course, Xmarks also includes a few social-sharing features. For instance, Xmarks will highlight the 3 top sites in your Google results based on how many people have bookmarked them. Simply move your mouse over the site info icon to learn more about that site.
    Xmarks Google Search Feature

    Xmarks Google Search Feature

  • Xmarks also adds an information button in your browser’s address bar providing additional information about a particular URL. Click on the Xmarks info icon in your location bar to see detailed information about the site you are on, and discover other great sites just like it.
    Xmarks Additional URL Information

    Xmarks Additional URL Information

  • Public computer access: so what if you are using a public computer (or a friend’s machine) that doesn’t have the Xmarks plugin installed? No problem. You can view, edit, add and delete bookmarks from any browser by going to my.xmarks.com and logging in with your Xmarks username and password.
    Xmarks no-plugin access

    Xmarks no-plugin access

  • Other features include mobile access, sync profiles (allowing you to group your bookmarks by function, name each Sync Profile whatever you like and pick which bookmarks belong to it), and sharing (making designated bookmarks available to others in an RSS feed or web page)
  • Diigo

    “Inquisitive of the world unite!” Diigo boasts a powerful research tools and a knowledge-sharing community that allows users to do things like highlight and add “sticky notes” to compelling web pages, and provides tools for collaborate and search.

  • Diigo toolbar: with the Diigo plugin installed, you can start by importing your bookmarks from your browser (or del.icio.us), and identifying them individually as public or private. The Diigo plugin has a browser sidebar that provides easy access to your bookmarks, and to URL-specific social features such as comments from other Diigo readers, and annotations (see below). You can also send your Diigo bookmarks to Twitter, Facebook or your blog.
    diigo plugin options

    diigo plugin options

  • Annotations: Diigo provides the ability to add page comments, highlight passages, and even place sticky notes on specific pages which are available to other Diigo users. Sticky notes can float in window above a web page’s content, or you can view the notes only in the Diigo Sidebar. In the “Readers” tab of the Sidebar, you can link through to the bookmarks annotations of specific readers, and browse the Diggo community associated with a site.
  • Public computer access: as with Xmarks, you can access your Diigo account and bookmarks from the web. Diigo also provides a less feature-rich-yet-useful “Diigolet” (http://www.diigo.com/tools/diigolet) for other browsers.

    Diigo Toolbar

  • Commenting and conversations: you can post comments that other Diigo users can read (and add their own comments) against any web page
  • del.icio.us

    Like Diigo, Delicious allows you to upload your browser bookmarks, and emphasizes social bookmark sharing and interaction. They also provide a browser-based plugin tool that provides quick access to your bookmarked and most-visited site and tags. While the Diigo Sidebar has social sharing as its core focus, the Delicious browser-based Sidebar is used primarily to help you organize and access your own bookmarks.

  • Delicious bookmarks uploads: you can easily upload your browsers bookmarks to Delicious. I liked the fact that all bookmarks are set as private by default — meaning I didn’t have to worry about my online banking or other private links being suddenly publicly available. Installing the browser plugin was a snap (I allowed the plugin to add the Delicious menu item to my browsers main menu), and I found the tools to be straight-forward and easy to use.
  • Saving bookmarks
  • Saving a Bookmark on Delicious is likely to be a little different than what you’re used to. Don’t worry, the process is intuitive and you’ll find that tags and notes will make your bookmarks much easier to manage. Depending on which buttons you’ve added to your browser, you can click the “Tag” or “Bookmark this on Delicious” button to save a new bookmark. Regardless of the buttons you’ve chosen, you’ll see the following dialog box.

    Save bookmark with Delicious

    Save bookmark with Delicious


    You can also Tweet out your bookmark as you save it.

  • Public computer access: as with the other services, you can access your bookmarks online from your Delicious account. From within your account, you can also see the marks other people are making in the “Fresh Bookmarks” tab from your account home, as well as bookmarks organized by Delicious popularity under the “Popular Bookmarks” tab.
    • Share/Save/Bookmark

    jeff moore Productivity

  • Aptalent’s e-commerce system helps maximize your SEO strategy

    May 24th, 2009

    Introduction

    As a company, we’ve been installing, configuring, integrating and consulting to business regarding e-commerce systems for over 7 years, so from the beginning, we knew the direction when we wanted to take our own e-commerce product.   With roots deep in the wine industry, the Aptalent team understands the real direct-to-consumer issues producers face today; our e-commerce system seeks to help make wine purchase & shipping easy for the customer, and site administration a no-brainer for the producer.  With features such as product searching & comparision, compliance intelligence, simple checkout and built-in SEO optimization, the Aptalent e-commerce system (borrowing from Gary V. ) “crushes” it!

    SEO Features

    The democratization of the direct-to-consumer market is leveling the playing field for smaller producers with limited distributor access. Combined with a coherent social media presence, a sound SEO strategy can help raise a brand’s market presence; Aptalent’s e-commerce systems helps producers maximize their SEO strategy by combining best-in-class product search features with built-in search intelligence.

    Easy-to-read product URLs

    Based on the Magento open-source engine, Aptalent’s e-commerce system generates product URLs that are easy for both users and search engines to read (i.e. such as “http://{your-domain}/2007-grenache-rose.html”). Using product (and category) detail within the URL means that search engines know where your products are and can directly link to them — driving targeted customers directly into the core of your store.
    * Search engine “spiders” can index your entire store and increase your product’s visibility — thereby increasing the probability of new customer acquisition and increased sales;
    * Search engines and product comparison sites can link directly to your products, helping to drive revenue with highly targeted leads;
    * Descriptive URL’s help users make sense of and increase the quality of your site’s navigation;
    * URLs with incorporated keywords boost natural search engine ranking and increase site traffic.

    Canonical URLs

    Aptalent’s e-commerce system uses the canonical HTML tag, support for which was announced recently by Google, Yahoo! and Live. Essentially, this means that your products can be indexed in a multitude of ways (for customer review and searching convenience), and the search engines won’t penalize your site. Previously, many sites have encountered issues with multiple versions of the same content on different URLs. This creates three big problems:
    * Search engines don’t know which content version(s) to include/exclude from their indices;
    * Search engines don’t know whether to direct the link metrics (trust, authority, anchor text, etc.) to one page, or keep it separated between multiple versions;
    * Search engines don’t know which content version(s) to rank for query results
    When this happens, site owners suffer rankings and traffic losses and engines suffer lowered relevancy. Fortunately, the Aptalent e-commerce system handles all of this for you — potentially increasing your site’s visibility, search-ability, and search relevance.

    Contact Aptalent today and let us show you how we can help you maximize your SEO strategy and increase sales!

    • Share/Save/Bookmark

    jeff moore Aptalent E-Commerce, SEO

    Wine Producers + Social Media = A Perfect Pairing?

    May 19th, 2009

    Introduction

    Can social media help producers expand their market, and extend their brand?  Is social media a fad or does it represent a siesmic sales-channel shift?

    As you have undoubtedly heard by now, social media purports to change the customer-communication model; in many ways social media is like a cocktail party, making it possible for like-minded people to find one another and communicate.   Wine enthusiasts, for example, have a multitude of options for sharing their likes, questions and stories (more on this later), and since wine is inherently social, wine producers + (appropriately harnessed) social media should equal a perfect pairing.   What aspects of social media should a producer harness, and just as importantly, how?

    Social Media Components

    Decanting the panoply of relevant social media components can seem daunting, however, there really are a handful of useful tools that can get you started.  I’ve broken them out by category:

    Network: Facebook, Twitter
    Video: Viddler, YouTube
    Blogs: WordPress, Blogger

    Networking tools such as Facebook and Twitter offer ways of connecting with customers: better than in the old broadcast (advertising, promotion) model — networking tools allow producers to start a two-way conversation with wine enthusiasts. In its most simplistic state, networking helps build brand awareness, and more importantly, listen to potential customers. Video and blogs help with brand identity and brand awareness (think: search).

    Does Social Media Really Change Anything?

    Using social media networking tools is a great way for producers to communicate directly with their current customers.  But in addition, the use of video and blogging tools helps build brand identity and market penetration — especially with younger enthusiasts.  

    A couple of examples: Facebook has more than 175 million users (and there are more users ages 26-44 than 18-25 — insidefacebook.com).   Creating a Facebook community can help keep the brand fresh in enthusiasts minds.  In the same vein, Twitter allows a producer to present personality and a spirit of caring to current and potential customers.  

    With youtube.com in the top 3 Internet sites, a video indexed by Google helps lift a brand in a related search. Video + blogging tools help increase a site’s (and associated product’s) search scores, and thus results (when used as part of a sensible overall SEO strategy). Combined, these tools represent a systemic shift in the ways a producer can open/create and keep new dialogs with enthusiasts. 

    What Is the Community Saying? 

    Customers are talking.  A producer should choose to listen. An easy example, here are a couple of Twitter posts representing customer opinions expressed during recent weekend tasting excursions:  

    “Featherstone, ’03 vineyard of the yr. Beautiful resto on the veranda. Amazing 07 cab franc and sauv b credit card gonna suffer today #wine”

    Outstanding!  Let’s share this with the world! Somms listen up!  Wouldn’t it be great to capture the feedback and begin an on-going conversation with this customer?  Perhaps he/she could be introduced to other varietals/vintages or perhaps more could be learned regarding value-added services (for instance wine club membership) that would interest them.

    Here is a slightly different post:

    “Can’t believe [XXX Winery] closed their picnic area to visitors. #Wine Club members only now. I guess they have enough business. Shame”

    Even established brands can benefit from having a social media cognizance.  Can a producer capture or reply to every relevant post? Probably not. Should they try? Hell yes.

    How To Harness The Tools

    Harnessing the power of social media is an on-going effort, and one that will take time.  Start simply, and plan on it taking time to find the right “voice” for your brand, and to begin building a social media rapport with your customers.  Some brands have already recognized social media’s potential and are moving quickly to get their conversations going.  One well known example is Murphy-Goode Winery – hiring a “Lifestyle Correspondent” who will “report on the cool lifestyle of Sonoma County Wine Country, and of course, tell people what you’re learning about winemaking”.   

    Murphy-Goode’s approach may be all-out, but here’s an example of a common-sense approach to harnessing social media: V. Sattui Winery .  Check them out!  They have a direct-link to their Facebook account, and are using embedded YouTube video (“The Wine Guys”) to promote their brand. 

    Pick the Low-Hanging Social Media Fruit

    Can social media help producers expand their market, and extend their brand? Absolutely. As we’ve discussed, the thoughtful use of networking, video and blogging tools can help a producer better hear the enthusiast’s voice, and increase brand awareness.

    • Share/Save/Bookmark

    jeff moore Social Media, Wine

    Adding Fields to the Default Magento Registration Form

    May 5th, 2009

    Introduction

    Our goal was to add a few fields to the standard Magento Registration form (Magento 1.21, using the default template structure), enabling us to capture information such as company name, and phone.

    Solution

    The standard registration page URL is: /customer/account/create/

    and calls register.phtml ( in the path: /app/design/frontend/default/default/template/customer/form/).

    We accomplished our goal by following these four steps:

    1) We added php/html form elements necessary to create new input boxes for each additional field in register.phtml: (i.e. here’s the code for the company_name element):

    <div class=”input-box”>
    <label for=”company_name”><?php echo $this->__(‘Company Name’) ?></label><br/>
    <input type=”text” name=”company_name” id=”company_name” value=”<?php echo $this->htmlEscape($this->getFormData()->getCompany()) ?>” title=”<?php echo $this->__(‘Company Name’) ?>” class=”input-text” />
    </div>

    2) We added complementary elements under “getDefaultEntities()” in Setup.php (path: /app/code/core/Mage/Customer/Model/Entity/), one for each additional field created above:

    company_name’ => array(
    ‘label’ => ‘Company Name’,
    ‘required’ => false,
    ‘sort_order’ => 64,
    ),

    3) Add to the content of $customer in AccountController.php (path: /app/code/core/Mage/Customer/controllers/) by grabbing the new fields from posted info, in the createPostAction() function:

    $customer = Mage::getModel(‘customer/customer’)->
    setCompany($this->getRequest()->getPost(‘company_name’));

    4) Finally,  we will need to add database records to table eav_attribute, corresponding to the newly created fields.  The idea is to add to the associated data model, where newly defined model data is entered as the “attribute_code”, with the corresponding entity_type_id (which for this data happens to be ’1′).

    Using your favorate SQL editor (i.e. phpMySQL or sqlYog — highly recommended), execute the following SQL statement for each field created above (replacing ‘company’ and ‘Company Name’ with the respective field name information as required):

    INSERT INTO eav_attribute (entity_type_id, attribute_code, backend_type, frontend_input, frontend_label, is_global,is_visible, is_required, is_configurable, is_filterable_in_search) VALUES(’1′, ‘company’, ‘varchar’,  ‘text’, ‘Company Name’, ’1′, ’1′, ’0′,  ’1′,  ’1′);

    Your new registration form could look something like this: https://buytournesolwine.com/index.php/customer/account/create/

    • Share/Save/Bookmark

    jeff moore Magento

    Creating “Pretty Permalinks” in WordPress

    May 1st, 2009

    WordPress documentation includes an article on using Permalinks — providing a nice intro into how to make your blog entries’ URLs more user friendly. For example, a fresh WP 2.7 install uses a post URL in the format: “http://example.com/?p=N” (where N = a post number).

    I wanted to make the permalink URLs for our Aptalent Solutions blog a bit friendlier — for instance in the format: “http://example.com/category/post-name/”. Since we are using Apache2 under Linux (2.6 kernel) and WordPress 2.7, we needed to make the following 3 changes:
    1) ensure mod_rewrite is enabled in apache2: depending on your distro, mod_rewrite may be off by default. To enable, we needed to edit our apache httpd.conf file and ensure the following line was uncommented:
    LoadModule rewrite_module modules/mod_rewrite.so

    We then needed to find the mod_rewrite.so file (on our system it was located in the /usr/lib/httpd/modules folder) and copy it to the “modules” folder under apache (using a command such as “cp /usr/lib/httpd/modules/mod_rewrite.so /usr/local/apache2/modules/” (make sure to substitue the location of your apache modules folder).
    We  then needed to restart the apache server (…/apache2/bin/apachectl restart), and check that mod_so.c shows up in Apache’s included modules (the command “apachectl -l” will show you which Apache modules are currently loaded). 
    2) add an “AllowOverride” directive to the virtualhost entry: we had to make sure that our apache server’s WordPress site entry had the following entry (located within the conf’s <VirtualHost> entry):

     <Directory “/var/www/vhosts/WP-physical-directory/”>

                    AllowOverride all

                    Options FollowSymLinks

                    Order allow,deny

                    Allow from all

           </Directory>

    Where “WP-physical-directory” is the actual physical folder where your WP site lives.

    3) add an .htaccess file: in the root folder of our WordPress installation, we ran the following commands:
    touch .htaccess
    chmod 755 .htaccess

    And finally, in our WordPress admin, under “Settings”, “Permalinks” we chose the “Custom” radio button, and typed “/%category%/%postname%” (without the quote marks) as the custom structure format.

    Now we can post a permalink URL such as http://www.aptdev.com/wordpress/creating-pretty-permalinks-in-wordpress

    Happy posting.

    • Share/Save/Bookmark

    jmoore WordPress

    What is Aptalent Solutions?

    April 8th, 2009

    Aptalent Solutions is a the development group behind Aptalent, Inc.  a web presence, ecommerce and integration design company dedicated to exceptionally functional, business-oriented applications.  We are the makers of vertical ecommerce systems that are fully integrated with accounting backend systems using our own integration engine.

    • Share/Save/Bookmark

    jeff moore General