Information Security & US & Life & Love & Fashion & Hacking & Passion

ple on Tuesday asked the U.S. International Trade Commission to block the importation into the country of HTC's Google Android-based mobile phones, including the Google-branded Nexus One.

Apple asked the court for "a permanent exclusion order" that would bar from entry "all mobile communications devices and components" made by HTC that carry the offending technologies, according to court documents.

Apple on Tuesday sued HTC for alleged, multiple patent violations, claiming the Taiwan-based manufacturer's products infringe on its iPhone technology. Apple filed the actions with the ITC and the U.S. District Court for Delaware.

In the ITC filing, Apple says 11 HTC phones violate its patents, including the Nexus One, Touch Pro, Touch Diamond, Pure, Imagio, and myTouch 3G. Apple claims HTC infringed on a total of 20 patents governing a range of technologies.

Apple wants the ITC to block HTC and its partners from "importing, marketing, advertising, demonstrating, warehousing inventory for distribution, distributing, offering for sale" any of the listed phones.

Apple is also seeking unspecified monetary damages in the Delaware court.

"We can sit by and watch competitors steal our patented inventions, or we can do something about it. We've decided to do something about it," said Apple CEO Steve Jobs, in a statement. "We think competition is healthy, but competitors should create their own technology, not steal ours," said Jobs.

Patent suits are not uncommon in the ultra-competitive tech industry, but vendors generally take a low-key approach and let court documents speak for themselves. That Apple issued a press release featuring its high-profile CEO indicates the company views HTC's alleged infringements as a serious competitive threat.

"Apple has been and continues to be damaged by defendants' infringement," Apple said in its filing with the Delaware court. HTC has yet to file a formal response to the allegations.

InformationWeek has published an in-depth report on a data-centric approach to

2010.3.3 Wed

Once Snort is installed, It is required to install the Snort signature rules and keep them up-to-date.
By chance, there is a perl script that will give us some precious help: Oinkmaster.

#apt-get install oinkmaster

Install or update the rules.

To downlaod the Snort rules, we need to create a free account on the Snort website.
The Snort rules are made by Sourcefire and you can get them for free a few days after the commercial subscription release.

Once you are logged into your Snort account, you can get a code at the bottom of the page.


We need this code in the /etc/oinkmaster.conf file.

You need first to know which Snort version you have:

# snort -V

which generates the following output on our test machine:

,,_ -*> Snort! <*-
o" )~ Version 2.3.2 (Build 12)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2004 Sourcefire Inc., et al.

Modify the "url" settings in the /etc/oinkmaster.conf file as below:

url = http://www.snort.org/pub-bin/oinkmaster.cgi/yourcode_here/ snortrules-snapshot-2.3.tar.gz

This will download the snortrules-snapshot-2.4.tar.gz file. The version number in the file name changes depending on the Snort version you have. (2.0, 2.1, 2.2, 2.3, 2.4)

If you have a 2.6.x Snort version, you need to configure the "url" setting as below:

url = http://www.snort.org/pub-bin/oinkmaster.cgi/yourcode_here/ snortrules-snapshot-CURRENT.tar.gz

Let's create a backup folder.

#mkdir /etc/snort/backup

Let us now update the rules. We must be careful not to run oinkmaster as root particularly if your are not in a test environment.
So let's add a user called oinkmaster.

#useradd oinkmaster

Change some permissions to let oinkmaster user run the oinkmaster software:

#chown -R oinkmaster /etc/snort/backup #chown -R oinkmaster /etc/snort/rules #chown -R oinkmaster /var/run/oinkmaster #chmod 644 /etc/snort/snort.conf

Now, it's time to test the oinkmaster perl script under the oinkmaster user.

#su oinkmaster oinkmaster#oinkmaster -o /etc/snort/rules -b /etc/snort/backup 2>&1

The last instruction means that we call the oinkmaster perl script, we put the new rules in the /etc/snort/rules folder and if there is a change in the new rules, the current /etc/snort/rules will be backed up in the /etc/snort/backup folder.

Here is a example of our backup folder after running oinkmaster:

#dir /etc/snort/backup

rules-backup-20060205-163627.tar.gz

The crontab

Since we are quite lazy, we don't want to manually run this script every day.
A little cron will help us.

crontab -e -u oinkmaster 30 00 * * * oinkmaster -o /etc/snort/rules -b /etc/snort/backup 2>&1 >> /dev/null 2>&1

This will update the rules each day at 00:30
(The crontab command will update the /var/spool/cron/crontabs/oinkmaster file)

crontab -e will open nano by default. If you want to open vi instead just type:
#export EDITOR=vi

BASE is a graphical interface written in PHP used to display the logs generated by the Snort IDS and sent into the database. It stands for Basic Analysis and Security Engine.
You can find the BASE website here: http://base.secureideas.net/

---

1. DOWNLOAD BASE:

Download the latest version.

We now have to uncompress the files and put them in the correct folder:

#tar -xvf base-1.4.4.tar.gz #mv /home/user/Desktop/base-1.4.4 /var/www/base/

---

2. CONFIGURE BASE:

We need ADOdb (Active Data Objects Data Base) for BASE. AdOdb is in fact a database abstraction library for PHP.
Informations about ADOdb can be found here: http://adodb.sourceforge.net/

Download "ADOdb for PHP": http://adodb.sourceforge.net/#download
Again we now have to uncompress the files and put them in the correct folder:

#tar -xvf adodb504.tgz #mv /home/user/Desktop/adodb /var/www/base

There are two ways to configure BASE:
Either you use a wizard or you change the config file by yourself.

A) Using the wizard

#chown -R www-data /var/www/base/

The change above will be needed to let the web server user (www-data) write in the BASE directory. Open a web browser and select the BASE directory:
http://localhost/base

Here you are entering a wizard:

Step 0: Check if everything is okay to begin the wizard.


Step 1: Language and path to ADOdb: /var/www/base/adodb/ .


Step 2: MySQL settings.


Step 3: BASE authentification settings.


Step 4: Create the MySQL database and tables (click on Create BASE AG).


B) Change the config file

It's not mandatory to use the wizard, you can do everything manually.
The first thing to do is to set the file base_conf.php.dist.
Open base_config.php.dist in the BASE directory and change the lines as shown below.

$DBlib_path="./adodb"; $DBtype="mysql"; $alert_dbname = snort; $alert_host = localhost; $alert_port = ""; $alert_user = snortuser; $alert_password = snortpassword; $archive_dbname = snort; $archive_host = localhost; $archive_port = ""; $archive_user = snortuser; $archive_password = snortpassword;

Then you must rename the file from base_conf.php.dist to base_conf.php

#mv /var/www/base/base_conf.php.dist /var/www/base/base_conf.php

Second thing to do is to import the BASE MySQL tables into the snort database:

# mysql -u root -p snort < /var/www/base/sql/create_base_tbls_mysql.sql

---

3. CONNECT TO BASE:

Just access the BASE web link:
http://localhost/base
You will be prompted for a new password for the admin user.

---

4. BASE GRAPHS:

First we have to install the graphics library php5-gd for handling graphics directly from PHP scripts.

# apt-get install php5-gd

Then restart the apache webserver:

# /etc/init.d/apache2 restart

Second thing to do is to download three php PEAR libraries.
PEAR stands for "PHP Extension and Application Repository".

To download and install the librairies easily, the best thing to do is to install the php-pear package:

# apt-get install php-pear

Then we have to install the following packages:
Image_Graph, Image_color and Image_Canvas.

#pear install --force Image_Color #pear install --force Image_Canvas #pear install --force Image_Graph

Since there are some dependencies, you need to install the scripts in the order above.
Now, you have access to the graphs ...

Here are two typical error messages:

1 - Php5-gd is not installed:

PHP ERROR: PHP build incomplete: the prerequisite GD support required to generate graphs was not build into PHP. Please recompile PHP with the necessary library (--with-gd).

2 - Php-pear and/or its extensions are not installed correctly:

Error loading the Graphing library:
Check your Pear::Image_Graph installation!
Image_Graph can be found here:at http://pear.veggerby.dk/. Without this library no graphing operations can be performed.

---

5. BASE OPTIONAL SETTINGS:

To customize the BASE tool, edit /var/www/base/base_config.php

There are two useful settings to activate:

A/Enabling DNS resolution

$resolve_IP= 1;

B/ Enabling colored alerts
Strangely, it seems that when you use the wizard procedure, the lines concerning the colored alerts are lost.
So if you used the manual install procedure, just active the $colored_alerts variable, or (ie: you used the wizard procedure) copy the lines below in your base_config.php file.

/** * This option is used to set if BASE will use colored results * based on the priority of alerts * 0 : no * 1 : yes */ $colored_alerts = 1; // Red, yellow, orange, gray, white, blue $priority_colors = array ('FF0000','FFFF00','FF9900','999999','FFFFFF','006600');