The process of setting it all up is a bit confusing at first if you are still in an ipv4 mindset. The concept of broadcasting and firewalls took me some time to get used too.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

This message is not unfamiliar for me since I used a hackingtosh in the past, there it used to mean that the bootdevice could not be found. After booting in verbose mode (cmd+v at boot) to discover what was bugging my mac I tried single user mode (shift during boot) I was amazed to find the iMac would boot normally in safemode.

After scouting around a bit I found out about the “bless” command.

sudo bless --folder /System/Library/CireServces --bootefi

Fixed my problem, so luckily I don’t need to re-install my Mac.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

He is the same guy that did some hacking on the iPhone (blacksn0w), apparently it took him 5 weeks to crack it. It’s quite an impressive job, the playstation 3 remained untouched for 3+ years.

More information about this can be found on his blog.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

The name doesn’t have a special meaning or deeper thoughts, I just like the name. For me sithid.com is a place where I will host my public projects and the spot where I experiment with ruby on rails.

Currently I am in the process of configuring redmine for project management, the domain should be available soon depending on your dns configuration.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

I think this certainly will have it’s uses, and it provides a nice alternative for 50 to 80% of the databases on the market.

Later this week I hope to become certified.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

It went quite smoothly, however there are a few pitfalls with the tls/ssl configuration, on my client I got several error messages regarding the TLS handshake. After looking in the server logs I found a bunch of error messages like illustrated below:

error: SSL handshake error (error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate)

The reason for this error was the “verify-mode” directive in c2s.xml, I changed this from 7 (where you require client certificates) to 2 (where you don’t require client certificates)

It is all working quite well, currently I am writing a ruby client to pass alerts trough my jabber setup.

Related posts:

1. Fun with puppet and rsyslog Today I switched from syslog-ng to rsyslog, I am also...
2. Using syslog-ng as a central loghost Today I woke up and found out that syslog-ng 3.0...

Related posts brought to you by Yet Another Related Posts Plugin.

Most of my clients connect using tls, however some devices do not support this (dd-wrt for example), so I also open an udp socket for use on the lan only.

I use splunk to mine my logs.

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)

# UDP socket for lan (dd-wrt etc)
$ModLoad imudp
$UDPServerRun 514

# TCP socket for tls clients
$ModLoad imtcp

$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile /etc/rsyslog/ca.pem
$DefaultNetstreamDriverCertFile /etc/rsyslog/loghost.pem
$DefaultNetstreamDriverKeyFile /etc/rsyslog/loghost.key.pem

$InputTCPServerStreamDriverAuthMode x509/name
$InputTCPServerStreamDriverPermittedPeer *.ryoku.org
$InputTCPServerStreamDriverPermittedPeer *.home
$InputTCPServerStreamDriverMode 1
$InputTCPServerRun 514

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

$IncludeConfig /etc/rsyslog.d/*.conf

# Templates for central loghost
$template t-messages,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/messages"
$template t-debug,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/debug"

$template t-auth,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/auth.log"
$template t-syslog,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/syslog"
$template t-cron,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/cron.log"
$template t-daemon,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/daemon.log"
$template t-kern,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/kern.log"
$template t-lpr,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/lpr.log"
$template t-mail,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/mail.log"
$template t-user,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/user.log"

$template t-mail-info,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/mail.info"
$template t-mail-warn,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/mail.warn"
$template t-mail-err,"/var/log/hosts/%HOSTNAME%/%$YEAR%%$MONTH%/mail.err"

# Standard logfiles
auth,authpriv.*			?t-auth
*.*;auth,authpriv.none		-?t-syslog
#cron.*				?t-cron
daemon.*			-?t-daemon
kern.*				-?t-kern
lpr.*				-?t-lpr
mail.*				-?t-mail
user.*				-?t-user

# Mail logging
mail.info			-?t-mail-info
mail.warn			-?t-mail-warn
mail.err			?t-mail-err

# Catchall
*.=debug;\
	auth,authpriv.none;\
	news.none;mail.none	-?t-debug
*.=info;*.=notice;*.=warn;\
	auth,authpriv.none;\
	cron,daemon.none;\
	mail,news.none		-?t-messages

# Emerg goes to all who are logged in
*.emerg				*

Related posts:

1. Using syslog-ng as a central loghost Today I woke up and found out that syslog-ng 3.0...
2. Fun with puppet and rsyslog Today I switched from syslog-ng to rsyslog, I am also...

Related posts brought to you by Yet Another Related Posts Plugin.

Below is the module I wrote for puppet, the script I wrote to generate certificates for the client machine store the certificates into the files area of the module.

class rsyslog-client {

	package { "rsyslog":
		ensure => present,
	}

	package { "rsyslog-gnutls":
		ensure => present,
	}

	service { "rsyslog":
		ensure => running,
	}

	host { "loghost":
		ensure => present,
		name => "loghost",
		ip => "$loghost",
	}

	file { "/etc/rsyslog":
		ensure => directory,
	}	

	file { "/etc/rsyslog/$fqdn.key.pem":
		owner => root,
		group => root,
		source => "puppet:///rsyslog-client/$fqdn.key.pem",
		ensure => file,
		notify => service["rsyslog"],
	}

	file { "/etc/rsyslog/$fqdn.pem":
		owner => root,
		group => root,
		source => "puppet:///rsyslog-client/$fqdn.pem",
		ensure => file,
		notify => service["rsyslog"],
	}

	file { "/etc/rsyslog/ca.pem":
		owner => root,
		group => root,
		source => "puppet:///rsyslog-client/ca.pem",
		ensure => file,
		notify => service["rsyslog"],
	}

	file { "/etc/rsyslog.conf":
		owner 	=> root,
		group	=> root,
		content => template("rsyslog-client/rsyslog.conf.erb"),
		ensure  => file,
		require => package["rsyslog"],
		notify  => service["rsyslog"]
	}

}

I’ll post my rsyslog.conf of the central loghost when I have written a decent one.

Related posts:

1. A central loghost As promised in my previous post, my configuration for a...
2. Puppet I’m tinkering around with puppet lately. For those who don’t...
3. Setting up jabberd2 Today I’ve setup a jabber daemon, more specific jabberd2 following...

Related posts brought to you by Yet Another Related Posts Plugin.

For those who don’t know what puppet is, it’s a tool for sys admins. It’s written in ruby so it’s quite platform independent. You can use the tool to describe your it landscape, you can write classes and add them to various nodes in your network in a central place. For example you can write an ssh class where make sure the sshd only accepts public keys and disables keyboard interactive authentication, you can also transfer files with puppet thus distributing all your keys.

The beauty is that puppet will make sure your node complies to the classes assigned to them on specified intervals. When a change is made to your node by a developer or user that conflicts with your central policy puppet will correct it leaving your landscape in a known state.

Related posts:

1. Fun with puppet and rsyslog Today I switched from syslog-ng to rsyslog, I am also...

Related posts brought to you by Yet Another Related Posts Plugin.

I configured my loghost to log all messages to /var/log/hosts/$hostname/$year/$month/, I reconfigured the servers on my lan to use the unencrypted transport (s_remote) and my servers somewhere on the internet to use the secure transport (s_tls)

@version: 3.0

options {
	chain_hostnames(no);
	stats_freq(43200);
	create_dirs (yes);
};

source s_local {
    unix-stream("/dev/log" max-connections(256));
    internal();
    file("/proc/kmsg");
};

source s_remote {
	tcp();
	udp();
};

source s_tls {
	syslog(ip(0.0.0.0) port(2009)
		transport("tls")
		tls( key_file("/etc/syslog-ng/key.d/syslog-ng-server.key") cert_file("/etc/syslog-ng/cert.d/syslog-ng-server.cert")
	peer_verify(optional-untrusted)) );
};

destination d_console_all { file("/dev/tty12"); };
destination d_messages { file("/var/log/hosts/$HOST/$YEAR/$MONTH/messages"); };
destination d_auth { file("/var/log/hosts/$HOST/$YEAR/$MONTH/auth.log"); };

filter f_auth { facility(auth, authpriv); };

log { source(s_local); destination(d_console_all); };

log { source(s_local); filter(f_auth); destination(d_auth); };
log { source(s_remote); filter(f_auth); destination(d_auth); };
log { source(s_tls); filter(f_auth); destination(d_auth); };

log { source(s_remote); destination(d_messages); };
log { source(s_local); destination(d_messages); };
log { source(s_tls); destination(d_messages); };

There is also a copy of splunk running on my loghost, to query and log-mine my logging, I am quite happy with this setup and will be adding notification to my logging using the “program” directive of syslog-ng soon.

Related posts:

1. A central loghost As promised in my previous post, my configuration for a...
2. Fun with puppet and rsyslog Today I switched from syslog-ng to rsyslog, I am also...

Related posts brought to you by Yet Another Related Posts Plugin.