This message is not unfamiliar for me since I used a hackingtosh in the past, there it used to mean that the bootdevice could not be found. After booting in verbose mode (cmd+v at boot) to discover what was bugging my mac I tried single user mode (shift during boot) I was amazed to find the iMac would boot normally in safemode.

After scouting around a bit I found out about the “bless” command.

sudo bless --folder /System/Library/CireServces --bootefi

Fixed my problem, so luckily I don’t need to re-install my Mac.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

He is the same guy that did some hacking on the iPhone (blacksn0w), apparently it took him 5 weeks to crack it. It’s quite an impressive job, the playstation 3 remained untouched for 3+ years.

More information about this can be found on his blog.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

I think this certainly will have it’s uses, and it provides a nice alternative for 50 to 80% of the databases on the market.

Later this week I hope to become certified.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

It went quite smoothly, however there are a few pitfalls with the tls/ssl configuration, on my client I got several error messages regarding the TLS handshake. After looking in the server logs I found a bunch of error messages like illustrated below:

error: SSL handshake error (error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate)

The reason for this error was the “verify-mode” directive in c2s.xml, I changed this from 7 (where you require client certificates) to 2 (where you don’t require client certificates)

It is all working quite well, currently I am writing a ruby client to pass alerts trough my jabber setup.

Related posts:

1. Fun with puppet and rsyslog Today I switched from syslog-ng to rsyslog, I am also...
2. Using syslog-ng as a central loghost Today I woke up and found out that syslog-ng 3.0...

Related posts brought to you by Yet Another Related Posts Plugin.

Most of my clients connect using tls, however some devices do not support this (dd-wrt for example), so I also open an udp socket for use on the lan only.

I use splunk to mine my logs.

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)

# UDP socket for lan (dd-wrt etc)
$ModLoad imudp
$UDPServerRun 514

# TCP socket for tls clients
$ModLoad imtcp

$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile /etc/rsyslog/ca.pem
$DefaultNetstreamDriverCertFile /etc/rsyslog/loghost.pem
$DefaultNetstreamDriverKeyFile /etc/rsyslog/loghost.key.pem

$InputTCPServerStreamDriverAuthMode x509/name
$InputTCPServerStreamDriverPermittedPeer *.ryoku.org
$InputTCPServerStreamDriverPermittedPeer *.home
$InputTCPServerStreamDriverMode 1
$InputTCPServerRun 514

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

$IncludeConfig /etc/rsyslog.d/*.conf

# Templates for central loghost
$template t-messages,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/messages"
$template t-debug,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/debug"

$template t-auth,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/auth.log"
$template t-syslog,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/syslog"
$template t-cron,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/cron.log"
$template t-daemon,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/daemon.log"
$template t-kern,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/kern.log"
$template t-lpr,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/lpr.log"
$template t-mail,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/mail.log"
$template t-user,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/user.log"

$template t-mail-info,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/mail.info"
$template t-mail-warn,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/mail.warn"
$template t-mail-err,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/mail.err"

# Standard logfiles
auth,authpriv.*			?t-auth
*.*;auth,authpriv.none		-?t-syslog
#cron.*				?t-cron
daemon.*			-?t-daemon
kern.*				-?t-kern
lpr.*				-?t-lpr
mail.*				-?t-mail
user.*				-?t-user

# Mail logging
mail.info			-?t-mail-info
mail.warn			-?t-mail-warn
mail.err			?t-mail-err

# Catchall
*.=debug;\
	auth,authpriv.none;\
	news.none;mail.none	-?t-debug
*.=info;*.=notice;*.=warn;\
	auth,authpriv.none;\
	cron,daemon.none;\
	mail,news.none		-?t-messages

# Emerg goes to all who are logged in
*.emerg				*

Related posts:

1. Using syslog-ng as a central loghost Today I woke up and found out that syslog-ng 3.0...
2. Fun with puppet and rsyslog Today I switched from syslog-ng to rsyslog, I am also...

Related posts brought to you by Yet Another Related Posts Plugin.

Below is the module I wrote for puppet, the script I wrote to generate certificates for the client machine store the certificates into the files area of the module.

class rsyslog-client {

	package { "rsyslog":
		ensure => present,
	}

	package { "rsyslog-gnutls":
		ensure => present,
	}

	service { "rsyslog":
		ensure => running,
	}

	host { "loghost":
		ensure => present,
		name => "loghost",
		ip => "$loghost",
	}

	file { "/etc/rsyslog":
		ensure => directory,
	}	

	file { "/etc/rsyslog/$fqdn.key.pem":
		owner => root,
		group => root,
		source => "puppet:///rsyslog-client/$fqdn.key.pem",
		ensure => file,
		notify => service["rsyslog"],
	}

	file { "/etc/rsyslog/$fqdn.pem":
		owner => root,
		group => root,
		source => "puppet:///rsyslog-client/$fqdn.pem",
		ensure => file,
		notify => service["rsyslog"],
	}

	file { "/etc/rsyslog/ca.pem":
		owner => root,
		group => root,
		source => "puppet:///rsyslog-client/ca.pem",
		ensure => file,
		notify => service["rsyslog"],
	}

	file { "/etc/rsyslog.conf":
		owner 	=> root,
		group	=> root,
		content => template("rsyslog-client/rsyslog.conf.erb"),
		ensure  => file,
		require => package["rsyslog"],
		notify  => service["rsyslog"]
	}

}

I’ll post my rsyslog.conf of the central loghost when I have written a decent one.

Related posts:

1. A central loghost As promised in my previous post, my configuration for a...
2. Puppet I’m tinkering around with puppet lately. For those who don’t...
3. Setting up jabberd2 Today I’ve setup a jabber daemon, more specific jabberd2 following...

Related posts brought to you by Yet Another Related Posts Plugin.

For those who don’t know what puppet is, it’s a tool for sys admins. It’s written in ruby so it’s quite platform independent. You can use the tool to describe your it landscape, you can write classes and add them to various nodes in your network in a central place. For example you can write an ssh class where make sure the sshd only accepts public keys and disables keyboard interactive authentication, you can also transfer files with puppet thus distributing all your keys.

The beauty is that puppet will make sure your node complies to the classes assigned to them on specified intervals. When a change is made to your node by a developer or user that conflicts with your central policy puppet will correct it leaving your landscape in a known state.

Related posts:

1. Fun with puppet and rsyslog Today I switched from syslog-ng to rsyslog, I am also...

Related posts brought to you by Yet Another Related Posts Plugin.

I configured my loghost to log all messages to /var/log/hosts/$hostname/$year/$month/, I reconfigured the servers on my lan to use the unencrypted transport (s_remote) and my servers somewhere on the internet to use the secure transport (s_tls)

@version: 3.0

options {
	chain_hostnames(no);
	stats_freq(43200);
	create_dirs (yes);
};

source s_local {
    unix-stream("/dev/log" max-connections(256));
    internal();
    file("/proc/kmsg");
};

source s_remote {
	tcp();
	udp();
};

source s_tls {
	syslog(ip(0.0.0.0) port(2009)
		transport("tls")
		tls( key_file("/etc/syslog-ng/key.d/syslog-ng-server.key") cert_file("/etc/syslog-ng/cert.d/syslog-ng-server.cert")
	peer_verify(optional-untrusted)) );
};

destination d_console_all { file("/dev/tty12"); };
destination d_messages { file("/var/log/hosts/$HOST/$YEAR/$MONTH/messages"); };
destination d_auth { file("/var/log/hosts/$HOST/$YEAR/$MONTH/auth.log"); };

filter f_auth { facility(auth, authpriv); };

log { source(s_local); destination(d_console_all); };

log { source(s_local); filter(f_auth); destination(d_auth); };
log { source(s_remote); filter(f_auth); destination(d_auth); };
log { source(s_tls); filter(f_auth); destination(d_auth); };

log { source(s_remote); destination(d_messages); };
log { source(s_local); destination(d_messages); };
log { source(s_tls); destination(d_messages); };

There is also a copy of splunk running on my loghost, to query and log-mine my logging, I am quite happy with this setup and will be adding notification to my logging using the “program” directive of syslog-ng soon.

Related posts:

1. A central loghost As promised in my previous post, my configuration for a...
2. Fun with puppet and rsyslog Today I switched from syslog-ng to rsyslog, I am also...

Related posts brought to you by Yet Another Related Posts Plugin.

First enable unsupported network devices within OSX, open up a terminal and type:

Once that has been done we need to create a sparse image file for the time machine backups, turn of time machine first. Then find out what your mac address is of the nic that will be connecting to your network attached storage device.

The reason why we need is mac address is because time machine uses the hostname and mac address to identify which sparse image to use. It’s time to create the disk image, do this on your local mac not on the storage device. Let’s say your computer name is “mac” and your mac address is 00:16:cb:af:91:d2 and the space you want to allocate for backups is 500g:

Connect to the network storage device in finder and move the sparse image you created to the share you want to use for time machine backups, go to the preferences of time machine, change the destination turn it on and you are set.

Related posts:

1. Using syslog-ng as a central loghost Today I woke up and found out that syslog-ng 3.0...

Related posts brought to you by Yet Another Related Posts Plugin.

Maltego gets it’s data from the web and it shows the relation between gathered information.

In the screenshot above I did a transformation on ryoku.org, it visualizes the connections he can find. He found my email adresses and some other data. The nice thing is that you can run transformations on the results again, adding them to the visual map. This gives a nice drilldown feature.

Too bad they have a 75 transformation limit on the community edition, but for the rest very nice and usable tool.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.