Systemadministration - Seite 3 - Frank Berger, IT-Dienstleistungen

16.08.200717.01.2013

Vortrag - Oracle Grid Control 10g im Praxiseinsatz

Die Deutsche ORACLE-Anwendergruppe (DOAG) veranstaltet in diesem Jahr die 20. Deutsche ORACLE-Anwenderkonferenz in Nürnberg. Das Programm der SIG Database steht dieses Jahr unter dem Motto "Manageability". In diesem Programmbereich halte ich einen Vortrag mit dem Thema "Oracle Grid Control 10g im Praxiseinsatz".

Neben dem üblichen Vortrags-Programm gibt es in diesem Jahr ein Oracle 11g Labor und ein Oracle SOA Camp in denen mit eigenen praktischen Übungen erste Erfahrungen mit den neuen Oracle Technologien gesammelt werden können.

13.05.200717.01.2013

Cyrus 2.3.8 and Thunderbird 2.0 ACL Problem

I am currently moving my IT infrastructure to a new server. That included also an switch to Cyrus IMAP 2.3.8 - which comes with Fedora Core 6. After an smooth and short move I have seen - so far - on problem in combination with Thunderbird 2.0. I could move mails to the trash, but all "Delete Mail" buttons are disabled. :-(

It turned out that Cyrus 2.3.8 has a few more ACLs and to resolve that issue I had to add those ACLs to my mailboxes. You have a lot of users with many mailboxes? Jo Rhett has posted a short Perl-Script on the info-cyrus maillinglist http://lists.andrew.cmu.edu/pipermail/info-cyrus/2007-April/025878.html.

16.03.200717.01.2013

VMware Server under FC6 Kernel 2.6.19

Sometimes the Linux Kernel can be a little bit painful in my opinion. Just tried to compile the VMware Server Kernel Modules under 2.6.19 and got:

make[1]: Entering directory `/usr/src/kernels/2.6.19-1.2911.6.5.fc6-i686'
  CC [M]  /tmp/vmware-config0/vmnet-only/driver.o
  CC [M]  /tmp/vmware-config0/vmnet-only/hub.o
  CC [M]  /tmp/vmware-config0/vmnet-only/userif.o
/tmp/vmware-config0/vmnet-only/userif.c: In function â€˜VNetCopyDatagramToUserâ€™:
/tmp/vmware-config0/vmnet-only/userif.c:629: error: â€˜CHECKSUM_HWâ€™ undeclared 
(first use in this function)
/tmp/vmware-config0/vmnet-only/userif.c:629: error: (Each undeclared identifier is 
reported only once
/tmp/vmware-config0/vmnet-only/userif.c:629: error: for each function it appears in.)
make[2]: *** [/tmp/vmware-config0/vmnet-only/userif.o] Error 1
make[1]: *** [_module_/tmp/vmware-config0/vmnet-only] Error 2

If you search for the error message in google you can already find some patches for the VMware Kernel Modules. But I preferred to get it working manually...

I added CHECKSUM_HW to /lib/modules/2.6.19-1.2911.6.5.fc6/build/include/linux/skbuff.h:


#define CHECKSUM_NONE 0
#define CHECKSUM_PARTIAL 1
#define CHECKSUM_HW 1
#define CHECKSUM_UNNECESSARY 2
#define CHECKSUM_COMPLETE 3

Since config.h is missing as well, I gave config.h an touch as well:

touch /lib/modules/2.6.19-1.2911.6.5.fc6/build/include/linux/config.h

Now the Kernel Modules compile and VMware Server is up and running :-D

29.12.200617.01.2013

23C3 - Brain Overflow Mitigation

Die Aufnahmefähigkeit des menschlichen Gehirns ist doch sehr begrenzt und so kommt es beim Besuch einer Messe oder einer Konferenz wie dem 23C3 schnell zur Überlastung. Die Halbwertszeit des aufgenommenen Wissens sinkt dann sehr schnell auf unter 30 Minuten. Aus diesem Grund habe ich mich zur möglichst schnellen Aufbereitung der Vortragsinhalte - unter anderem mit diesem Blog - entschlossen.

Ich bin echt begeistert vom bisherigen Verlauf des 23C3. Die Organistation ist gut und bisher scheint alles glatt und ohne Zwischenfälle zu verlaufen.

Today I had a few minutes of spare time and coded my first test program in Groovy, which uses GSQL and Groovy closures to access an Oracle database via JDBC:

import groovy.sql.Sql;

def my_id = 3;
def sql = Sql.newInstance("jdbc:oracle:thin:@localhost:1521:XE",
            "DS2", "DS2", "oracle.jdbc.driver.OracleDriver");

println("Printout all Products:");
sql.eachRow("SELECT prod_id, title from products order by prod_id") {
    println("${it.prod_id}, ${it.title}");
}

println("Printout Product with Prod_id=3:");
sql.eachRow("SELECT prod_id, title from products where prod_id = ${my_id}") {
    println("${it.prod_id}, ${it.title}");
}

I am really impressed by Groovy. Nice scripting language and if you know Java it is quite easy to get started! But be careful with it. The power of that language comes from heavy usage of OO techniques like Introspection and Reflection. Extensive usage can make a program quite slow. So it is up to you and your requirements...

Yesterdays presentation on "JSON RPC - Cross Site Scripting and Client Side Web Services" by Steffen Meschkat gave some inside information of the Google Maps API. He described in depth their approach with is very similar to an XSRF attack. They create SCRIPT-Tags on the fly to circumvent the same origin policy.

Again my stack for today:

12:45 Saal 4 - Fuzzing in the corporate world
14:00 Saal 1 - Bluetooth Hacking Revisited
16:00 Saal 3 - SIP Security - Status Quo and Future Issues
17:15 Saal 3 - Subverting AJAX
18:30 Saal 1 - Security in the cardholder data processing?!
21:45 Saal 1 - Automated Exploit Detection in Binaries

28.12.200617.01.2013

23C3 - The Beginning

Die Faszination im IT-Bereich liegt mitunter darin das es quasi jeden Tag etwas komplett Neues zu entdecken gibt. Diesem Leitsatz folgend gab es gleich am ersten Tag des 23C3 eine geballte Ladung an neuen Themen.

Im ersten Vortrag von Rechtsanwalt Peter Voigt ging es um die Neufassung des deutschen Strafrechtsparagraphen 202c. Der Vortag war insofern interessant als das bereits bekannte Fakten nochmals für den rechtlichen Laien aufbereitet dargestellt wurden. Die Einführung dieser Änderung wird jedenfalls erhebliche negative Auswirkungen auf die Arbeit im IT-Security Bereich haben.

Sputnik RFID
The picture above shows the active RFID tag of the CCC Sputnik Project. The Sputnik project
is an self made location tracking system. The tag consists of an micro-controller and an NRF24L01 RF-IC. The location tracking is based on transmitting the tag ID with 5 different power levels and software based correlation of several readers.

In the next talk "Fudging with Firmware" the speaker mainly focused on how to get started with an firmware image file - like you get it from your DSL-Router vendor.His tool UWfirmforce looks really interesting:

[frank@t01 UWfirmforce-0.0.1]$ wget http://www.uberwall.org/releases/UWfirmforce-0.0.1.tar.gz
[frank@t01 UWfirmforce-0.0.1]$ tar -xzvf UWfirmforce-0.0.1.tar.gz
[frank@t01 UWfirmforce-0.0.1]$ cd UWfirmforce-0.0.1
[frank@t01 UWfirmforce-0.0.1]$ make
make[1]: Entering directory `/tmp/UWfirmforce-0.0.1/plugins'
cc -W -fPIC -Wall -g -O2 -c ar.c

...

cc -o UWfirmforce UWfirmforce.o plugin.o  
UWfirmforce.o: In function `UWfirmforce_dlerror':
/tmp/UWfirmforce-0.0.1/UWfirmforce.c:298: undefined reference to `dlerror'
collect2: ld returned 1 exit status
make: *** [UWfirmforce] Error 1
[frank@t01 UWfirmforce-0.0.1]$ cc -o UWfirmforce UWfirmforce.o plugin.o -ldl
[frank@t01 UWfirmforce-0.0.1]$ ./UWfirmforce -v wgt634u_1_4_1_10.img | less

Analyzing file: wgt634u_1_4_1_10.img
Matching GZIP signature #0 at offset 26788
compression deflate, flags FNAME, 06/04/2005 07:27:46, OS Unix
Score: 100%

Matching CPIO signature #1 at offset 90769
binary big-endian, uid 21197, gid 19184, 16/06/1952 00:54:47
Score: 0%

...

The talk "Java wird Groovy" was even more interesting. It was an short but quite good introduction to Groovy. The final talk of the day about the OpenXPKI project made references to the tools sscep and CertNanny which you should definitely checkout if you have to deal with SSL certificates.

Like yesterday my stack of talks for tomorrow:

11:30 Saal 2 - Router and Infrastructure Hacking
12:45 Saal 2 - JSON RPC - Cross Site Scripting and Client Side Web Services
14:00 Saal 3 - Secure Network Server Programming on Unix
16:00 Saal 1 - A Hacker's Toolkit for RFID Emulation and Jamming
17:15 Saal 1 - RFID hacking
18:30 Saal 1 - Stealth malware - can good guys win?
21:45 Saal 1 - Black Ops 2006 Viz Edition