Tuesday, December 20, 2011

Problem with inactive agent in OSSEC Web Interface

I was just debugging OSSEC Web interface. Namely, it incorrectly showed that one host was not responding event though there were log entries that showed otherwise. The problem was that this particular host was transferred to another network, and thus, its address was changed.

I figured out that the list of available agents within Web interface is generated from a files found in /var/ossec/queue/agent-info directory. There, you'll find one file per agent. The file name itself consists of agent name and IP address separated by a single dash. In order to display if an agent is connected or not the PHP code from Web interface (which itself is placed in /usr/share/ossec-wui directory) obtains time stamp of a file belonging to a particular client and if this time stamp is younger that 20 minutes, it proclaims agent OK, otherwise, it shows it as inaccessible.

In this case it turned out that the old agent wasn't removed using manage_client tool (selecting option R, for remove). So, the old information remained, which wasn't updated and thus the Web interface reported inactive agent.

List all tabs across all windows in Firefox...

I have a lot of windows opened at the same time, and in each window there are many tabs. This makes it a nightmare to find a specific tab; you have to go window by window, and tab by tab. So, I just spent half an hour, maybe more, searching for a way to list all tabs that are opened in all windows. It turns out that there is not much information. In majority of cases you'll find news and tips on how to see all tabs in a single window (that one is easy) but not much than that. I also found a post how to do it in Safari, but not in Firefox. Finally, I came across this post in which poster is looking for a way to search all tabs in all windows. One of the responders mentioned a plugin called Tabhunter, which did the trick. So, to make this particular problem more visible in Google searches, I'm writing this post.

Sunday, December 11, 2011

Why I don't believe in God but strongly wish there is one...

... or in other words, why I'm agnostic. This is related to Christian way of thinking about God, and I suppose that it extends to some other large religions as well. It certainly doesn't cover every possible religion nor it is meant to. I'm not going to discuss every possible religion for a simple reason that I neither have time nor will nor interest to do so.

First, let me say that I strongly believe that humans are inherently good, in a sense that they are emphatic, caring, willing to help, etc. What's more, I believe that all living beings are such, not only humans! This is my personal belief, even though, I think there is a strong evidence in favor of such thinking. Namely, from biology and evolutionary psychology it is known that being emphatic increases the chances of survival! Next thing I do believe, is that this life is not meant to be enjoyable but rather living beings suffer during their life time. Constantly they are under different threats. Of course, some suffer more, some, lucky ones, less, but in the end we all suffer.

So, when some person is evil I think that the primary reason for being such is that the life made him/her that way. Many people never felt a love, never had anything, and how could they give something like that when they never received it, they even don't know what that is!? Yes, I know, you may now say that the behavior is genetically determined, but then the things are even more worse as it means we are "programmed" to be evil or god. And how can someone be guilty in that case?! So, here we are, I ask, why would someone be punished for eternity for something that's not his/her fault? Based on this simple question I refuse to believe there is a God.

This, I hope, answers the first part of the title. As for the second part, I desperately  wish there is a God for those that suffer, that help others without thinking on themselves, or do any other good to others. In this life they will not receive anything, and if this life is all there is, then it's unfair! You can now say something along the line that the whole is more important than the parts and thus it's unimportant what happens to individual, but I don't agree.

To conclude, this is a very simplified view, but it fairly well represents what I think about the life and an idea of a God.

Saturday, December 10, 2011

Higgs field vs. Higgs particle...

Well, it turns out that this week there will be a press conference in CERN that will present results of the search for Higgs particle. It could be that the physicists will not find it, or it could be they found some sign of its existence. Anyway, reading article What if there is no Higgs boson, a found a blog with The Higgs FAQ 1.0. If you are not physicists, like me, then I strongly recommend that you read that particular FAQ. It explains very good what's all the fuss about Higgs particle is, and basically stresses that the particle itself is not so important as it is the Higgs field! Actually, it seems to me that the Web site with The Higgs FAQ has a lot of material easy to understand for lay persons so I also recommend that you look into it.

Friday, December 9, 2011

Evolution & Thunderbird

I can not describe how much Evolution annoys me! I'm using it for years, maybe 10 or so by now, and I can say with quite a bit of a confidence that it's full of bugs, at least on Fedora, and there was no release in past few years that didn't have some quirks that made me go mad! And today, it happened that it didn't want to create a meeting within a Google calendar with a usual unhelpful error message about failed authentication. To make things even more weird, it did show my available calendars on Google, and that requires authentication so it should work! After some searching on the Internet I found workaround that includes removing calendars from Evolution and re-adding them back again. This, by itself, made me closer to look for an alternative and to switch. Anyway, I started to remove all Google calendars from Evolution, but then, removing some didn't work!? The ones that were turned off because I didn't provide password for them. Even restarting Evolution didn't help. What helped in the end was that I changed username and afterward removal was successful!

The reason I'm using Evolution for so many years was that it had integrated calendar with mail client, todo lists and memos. I need at least calendar function along with a mail client. I'm already using Thunderbird but as a secondary mail client for some unimportant mail accounts and I know that it progressed quite nicely, and more importantly, it has Calendar extension. So, I started contemplating about switching mail client NOW! Well, everything OK except that I have huge mail archives stored in Evolution and I have to import them into Thunderbird. It turns out there is no migration wizard and that it has to be done manually. Then, it turned out that Thunderbird uses Mbox format, while Evolution uses Maildir format (it also used Mailbox until a year or so ago).

In essence, Mbox uses one file for all mail messages, while maildir uses one file per message. Maildir has many advantages over Mailbox and thus has become preffered way of storing mail messages on a file system. One reason I want maildir is that I'm doing backups and when one mail message is stored in a mbox (which by itself is huge file containing many messages) backup process will copy the whole file again.

Anyway, judging from the information I found on the Internet this is a long requested feature in Thunderbird. Thunderbird supports pluggable mail stores since version 3.1, but maildir format is not planned before version 11. In the end, I decided to wait a bit more and then to switch to Thunderbird.


I forgot to mention one more bug. When I try to save existing calendar into ical file the evolution simply crashes, and this is 100% repeatable. I discovered this when I decided to clean up all the old calendars from evolution, but first I wanted to save them, just in case.

Tuesday, December 6, 2011

Problems with resolver library...

I just had a problem that manifested itself in a very strange way. I couldn't open Web page hosted on a local network, while everything else seemingly worked. The behavior was same for Chrome and Firefox. In due course I realized that every application had this problem. On the other hand, resolving with nslookup worked flawlesly. This was very confusing. To add more to the confusion, while running tcpdump it was obvious that there were no DNS requests sent to the network! So, it was obvious that the problem was somewhere in the local resolver. At first, I suspected on nscd that was used as a caching daemon on Fedora, but in Fedora 16 this daemon is not installed. So, how to debug this situation? Quick google query didn't yield anything useful.

Reading manual page of resolv.conf there is section that says that you can use directive option debug. But trying to do that yielded no output! Neither there were any results using the same option but via RES_OPTIONS environment variable. This is strange, and needs additional investigation as why it is so, and more importantly to know how to debug local resolver.

In the mean time I figured out that the ping command behaves the same as browser and since ping command is much smaller it is easier to debug it using strace command. So, while running ping via strace I noticed the following line in the output:
open("/lib64/libnss_mdns4_minimal.so.2", O_RDONLY|O_CLOEXEC) = 3
which immediately rung a bell that the problem could be nsswitch! And indeed, opening it I saw the following line:
hosts:      files mdns4_minimal [NOTFOUND=return] dns myhostname
which basically said that, if mdns4 returns not found dns is not tried. It seems that mdns4 is used whenever the domain name ends in .local, which was true in my case. So, I changed that line into:
hosts:      files dns
and everything works as expected.

Since I didn't install explicitly mdns, I decided to remove it. But then it became clear that wine (Windows Emulator) depends on it. So, I left it.

About Me

scientist, consultant, security specialist, networking guy, system administrator, philosopher ;)

Blog Archive