From brian at shmoo.com Tue Mar 2 08:54:07 2004 From: brian at shmoo.com (Brian Wotring) Date: Tue, 2 Mar 2004 06:54:07 -0700 Subject: [osiris-devel] osiris-2.4.5-stable released Message-ID: <12EF1419-6C51-11D8-BDFA-000393578C14@shmoo.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Osiris version 2.4.5-stable released - --------------------------------------------------- Osiris - Host Integrity Monitoring http://osiris.shmoo.com This release of Osiris contains no new features, only the following bug fixes: - - all of the -Wall warnings have (finally) been addressed. - - Berkeley DB truncation not working as expected, db files were bigger than necessary on overwrite's (not archiving). This has been fixed. The db truncation routines will be put back in once they work reliably. - - installation script now detects gentoo and avoids startup script installation since gentoo has it's own way of doing this. - - init scripts are now more friendly across linux distros, they were stupidly not so until now. - - ported the Berkeley DB env init pool change from the current branch. Using multiple dbs in a file requires this. This release is the last planned release before the current branch is merged. Downloads: http://osiris.shmoo.com/data/osiris-2.4.5-stable.tar.gz http://osiris.shmoo.com/data/osiris-2.4.5-stable-win32.exe Checksums and Signatures: MD5(osiris-2.4.5-stable-win32.exe)= 35b7e5f96d60f287b6dfa1212d8273ec MD5(osiris-2.4.5-stable.tar.gz)= 1c94472a7d3c31c11baa63067089f35e http://osiris.shmoo.com/data/osiris-2.4.5-stable.tar.gz.sig http://osiris.shmoo.com/data/osiris-2.4.5-stable-win32.exe.sig Please forward any questions or comments to the Osiris mailing list: osiris at shmoo.com, and any questions related to development to the development list: osiris-devel at shmoo.com - -- Brian Wotring ( brian at shmoo.com ) PGP KeyID: 0x9674763D -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com iQA/AwUBQESRzQ3seZ6WdHY9EQKrggCg9Ou6IUZCxvmd13g/XFsI4JetWAwAnjWQ XbP/B6qTob1O/O97KkBdLoqf =u1Sm -----END PGP SIGNATURE----- From brian at shmoo.com Wed Mar 3 10:14:18 2004 From: brian at shmoo.com (Brian Wotring) Date: Wed, 3 Mar 2004 08:14:18 -0700 Subject: [osiris-devel] merge madness Message-ID: <70E70F19-6D25-11D8-96DB-000393578C14@shmoo.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The current branch has been merged into mainline; expect some warnings for the short term. The branch, "rel_3_dev" is now dead. Prior to the merge, a branch was created off of the 2.4.5 release to deal with critical bug fixes. The name of this branch is, "rel_2_stable". - -- Brian Wotring ( brian at shmoo.com ) PGP KeyID: 0x9674763D -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com iQA/AwUBQEX2PQ3seZ6WdHY9EQLp2gCg0DqMj/hZ2+ddHJsLesEh/MjEgUcAniVa XrMHddDdNyI9DiZkiw45YVC9 =GXFo -----END PGP SIGNATURE----- From thomas.jones at linux-howtos.com Fri Mar 5 13:19:04 2004 From: thomas.jones at linux-howtos.com (Thomas Jones) Date: Fri, 5 Mar 2004 12:19:04 -0600 Subject: [osiris-devel] 64 Bit Transparency? Message-ID: <200403051219.10535.thomas.jones@linux-howtos.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I am by no means an experienced developer (actually I am just starting my CS degree); so I am throwing this question as a learning experience for myself. I did a system call trace of osirismd to find all the neccessary files to place it into a jail. Anyways, i noticed that most(not all) system calls are explicitly declared as 64 bit. Now, again with my limited knowledge; i was under the impression that the functions were transparent to the API via _FILE_OFFSET_BITS. Next, I noticed as well that some calls were not using the explicit 64 bit structure: open("/var/lib/osiris/osirismd.conf", O_RDONLY) = 9 and yet the following attribute call is in large file structure: fstat64(9, {st_mode=S_IFREG|0600, st_size=221, ...}) = 0 Is there a reason why --- maybe certain platforms need this? Thanks for your help. Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: 'Thomas Jones Package Signing Key' iD8DBQFASMSdQT2komo99ukRAg9NAKDWk5WFbeeiYzfjAI3aM5D9094tggCgstyY 5beRp1MK6s5C69KHB2fvM/4= =WcbD -----END PGP SIGNATURE----- From brian at shmoo.com Mon Mar 8 11:51:47 2004 From: brian at shmoo.com (Brian Wotring) Date: Mon, 8 Mar 2004 09:51:47 -0700 Subject: [osiris-devel] Fwd: [osiris] Distro specific init scripts Message-ID: I can take care of it. The basic idea is that these distro specific init scripts will be used when possible, and the installer will resort to using the current (generic) script otherwise. I'm fine with using proc to get this info, unless someone can think of reasons as to why this would not be a good idea. Begin forwarded message: > From: Thomas Jones > Date: March 7, 2004 8:46:45 PM MST > To: osiris at lists.shmoo.com > Subject: Re: [osiris] Distro specific init scripts > Reply-To: Osiris Users > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Monday 08 March 2004 08:22, Brian Wotring wrote: >> These look good. Do you know where any identifying files are for >> these >> distros (SuSE and Debian)? That is, do you know if they have a file >> similar to redhat's /etc/redhat-release? >> > Well i had been trying to construct a all-in-one init script that > determined > the host system. I came across a few problems -- one being i kept > getting the > dreaded EOF from cut-and=paste. aarrrgghh!!! In restrospect, i could > have > used a hex editor to find it. oh well. > > Anyways, to answer your question this is what i came up with: > > > if [[ ${DISTRO} == "" ]]; > then > if [ -e /proc/version ]; > then > DISTRO=`cat /proc/version | grep -o -e 'SuSE' -e > 'Redhat' -e > 'Debian'` > else > ${ECHO} "Unable to determine the host distribution. > Please > set" > ${ECHO} "the DISTRO variable manually." > fi > fi > > > I first attempted to use other files such as debian's > /etc/debian-version, > suse's /etc/SuSE-release. But IMHO, the /proc/version should be the > proper > place to extract the info. However, again; it would be easy to change > over o > these files as well for info. > > The extended patterm matching was the best, most efficient command i > could > construct. Nested if's would work; but seems a bit overkill for the > use. > > What do you think? Do you want me to finish the all-in-one using > either of > these scenarios ---- or do you want to take care of it? > > ;) > Thomas > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.2 (GNU/Linux) > Comment: 'Thomas Jones Package Signing Key' > > iD8DBQFAS+ysQT2komo99ukRAumrAJ9Ej4gDrdTfsu7xay0x8OjFulAO3gCgt1sr > mEX1ZbYYoHcFNNAVs0z2CLk= > =pKDq > -----END PGP SIGNATURE----- > > _______________________________________________ > osiris mailing list > osiris at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris > > -- Brian Wotring ( brian at shmoo.com ) PGP KeyID: 0x9674763D From thomas.jones at linux-howtos.com Sun Mar 14 22:09:56 2004 From: thomas.jones at linux-howtos.com (Thomas Jones) Date: Sun, 14 Mar 2004 21:09:56 -0600 Subject: [osiris-devel] SuSEHelp Integration Message-ID: <200403142110.04517.thomas.jones@linux-howtos.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, I've integrated the developers documentation with the SuSEHelp application. this should give new developers a very easy way of searching through the docuementation for functions, etc......... I intend to place this in a seperate development rpm. Given this only applies to the SuSE distribution; and the distro is rpm-based; it only makes sense. Anyways, i haven't heard any feedback on the osirismd rpm i distributed. Which may be good or bad. I figured if something was wrong ... you would have already heard about it. ;) With your go ahead Brian, i will finish it up; and send it to you for your checking/processing. Then all should be done with that one ---- on to the scanning agent (no problem). Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: 'Thomas Jones Package Signing Key' iD8DBQFAVR6KQT2komo99ukRAtKqAKCnuRqN5SUbZ6Ncy8b9QLZfauTWfACfVXkM tvtBrKKCunTHXMCi3eK/LIk= =Pnpi -----END PGP SIGNATURE----- From thomas.jones at linux-howtos.com Sun Mar 14 22:13:08 2004 From: thomas.jones at linux-howtos.com (Thomas Jones) Date: Sun, 14 Mar 2004 21:13:08 -0600 Subject: [osiris-devel] SuSEHelp Integration In-Reply-To: <200403142110.04517.thomas.jones@linux-howtos.com> References: <200403142110.04517.thomas.jones@linux-howtos.com> Message-ID: <200403142113.10174.thomas.jones@linux-howtos.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 14 March 2004 21:09, Thomas Jones wrote: OOPPSS! Forgot the pics -- here they are! By the way, I will probably change the parent directories to: Security ----> Applications ----> Development ----> Osiris Development Docs Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: 'Thomas Jones Package Signing Key' iD8DBQFAVR9EQT2komo99ukRAggvAKC4DHnfYjyLiXB49QsfaiePVZu5WwCfZ/4U MYys5eJzo+gR9xa2ZcHYg+Y= =250I -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: snapshot1.png Type: image/png Size: 134168 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/osiris-devel/attachments/20040314/bc103eea/attachment.png -------------- next part -------------- A non-text attachment was scrubbed... Name: snapshot2.png Type: image/png Size: 160610 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/osiris-devel/attachments/20040314/bc103eea/attachment-0001.png -------------- next part -------------- A non-text attachment was scrubbed... Name: snapshot3.png Type: image/png Size: 47872 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/osiris-devel/attachments/20040314/bc103eea/attachment-0002.png -------------- next part -------------- A non-text attachment was scrubbed... Name: snapshot4.png Type: image/png Size: 149885 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/osiris-devel/attachments/20040314/bc103eea/attachment-0003.png From yazz at osdn.com Mon Mar 15 18:07:32 2004 From: yazz at osdn.com (Yazz D. Atlas) Date: Mon, 15 Mar 2004 15:07:32 -0800 Subject: [osiris-devel] Bug: osirisd 3.0.4 does't daemonize correctly... Message-ID: <40563734.1060109@osdn.com> Since playing around with Osiris lately I found an item I think is a bug. Ssh into a system and stop osirisd by hand and them restart it using the command bellow. Now try to exit that ssh session, it just hangs. ( example of what I'm talking about ) # /usr/local/sbin/osirisd -r /usr/local/osiris/ # exit logout (just hangs here) You might want to look at the following URL for some code to solve this. (I'm not a programmer so forgive me if I can't submit my own patch) http://www.erlenstar.demon.co.uk/unix/faq_2.html#SEC16 (cut and pasted from above URL) A daemon process is usually defined as a background process that does not belong to a terminal session. Many system services are performed by daemons; network services, printing etc. Simply invoking a program in the background isn't really adequate for these long-running programs; that does not correctly detach the process from the terminal session that started it. Also, the conventional way of starting daemons is simply to issue the command manually or from an rc script; the daemon is expected to put itself into the background. -- Yazz D. Atlas Voice: 408-802-9608 (cell) Senior Systems Engineer / Senior BOFH Fax: 510-226-8814 [ O | S | D | N ] Open Source Development Network / VA Software http://www.osdn.com 47071 Bayside Parkway Fremont, CA 94538 AIM:"Entropy Works 42" IRC:"Aaton irc.slashnet.org" ICQ:"11445680" gpg --keyserver wwwkeys.pgp.net --recv-key 0x0C57DDA0 GPG: 644C E9FF D0AF 3C5E 5C73 5E05 00EF C7EC 0C57 DDA0 From Alexei_Roudnev at exigengroup.com Mon Mar 15 18:32:10 2004 From: Alexei_Roudnev at exigengroup.com (Alexei_Roudnev at exigengroup.com) Date: Mon, 15 Mar 2004 15:32:10 -0800 Subject: [osiris-devel] Bug: osirisd 3.0.4 does't daemonize correctly... Message-ID: I saw it in 2.2.0 and I was sure that problem was resolved. Temporary solution: (1) NEVER start and stop daemons by this way, do it by running /etc/init.d/daemon start or ... stop /File name depends, of course/ (2) In this init file, use 'nohup' or some other method to get rid of the control terminal. OR - don't login as a root, login as a user and then 'su' or 'sudo'. (signal, sent by user, can not kill root process). It is well known problem with many daemons, caused by SIGHUP signal and some other issues, when control terminal is closed. Alex Roudnev Exigen Group "Yazz D. Atlas" Sent by: osiris-devel-bounces+alexei_roudnev=exigengroup.com at lists.shmoo.com 03/15/2004 03:07 PM Please respond to Osiris Developers To: osiris-devel at lists.shmoo.com cc: Subject: [osiris-devel] Bug: osirisd 3.0.4 does't daemonize correctly... Since playing around with Osiris lately I found an item I think is a bug. Ssh into a system and stop osirisd by hand and them restart it using the command bellow. Now try to exit that ssh session, it just hangs. ( example of what I'm talking about ) # /usr/local/sbin/osirisd -r /usr/local/osiris/ # exit logout (just hangs here) You might want to look at the following URL for some code to solve this. (I'm not a programmer so forgive me if I can't submit my own patch) http://www.erlenstar.demon.co.uk/unix/faq_2.html#SEC16 (cut and pasted from above URL) A daemon process is usually defined as a background process that does not belong to a terminal session. Many system services are performed by daemons; network services, printing etc. Simply invoking a program in the background isn't really adequate for these long-running programs; that does not correctly detach the process from the terminal session that started it. Also, the conventional way of starting daemons is simply to issue the command manually or from an rc script; the daemon is expected to put itself into the background. -- Yazz D. Atlas Voice: 408-802-9608 (cell) Senior Systems Engineer / Senior BOFH Fax: 510-226-8814 [ O | S | D | N ] Open Source Development Network / VA Software http://www.osdn.com 47071 Bayside Parkway Fremont, CA 94538 AIM:"Entropy Works 42" IRC:"Aaton irc.slashnet.org" ICQ:"11445680" gpg --keyserver wwwkeys.pgp.net --recv-key 0x0C57DDA0 GPG: 644C E9FF D0AF 3C5E 5C73 5E05 00EF C7EC 0C57 DDA0 _______________________________________________ osiris-devel mailing list osiris-devel at lists.shmoo.com https://lists.shmoo.com/mailman/listinfo/osiris-devel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.shmoo.com/pipermail/osiris-devel/attachments/20040315/76a3da2a/attachment.htm From luke at responsys.com Wed Mar 17 10:31:54 2004 From: luke at responsys.com (Luke West) Date: Wed, 17 Mar 2004 07:31:54 -0800 Subject: [osiris-devel] Bug: osirisd 3.0.4 does't daemonize correctly. .. Message-ID: <3DD86CAAF0AFD211A88400508B8B3B530AF8E297@ex-pa-u1.us.responsys.com> All, If you have ssh'd from machine1 to machine 2, there is a way to get out of the session on machine 2, but it is brutal. Use the interrupt built into SSH ~. (tilde dot) L. -----Original Message----- From: Alexei_Roudnev at exigengroup.com [mailto:Alexei_Roudnev at exigengroup.com] Sent: 15 March 2004 23:32 To: Osiris Developers Cc: osiris-devel-bounces+alexei_roudnev=exigengroup.com at lists.shmoo.com; osiris-devel at lists.shmoo.com Subject: Re: [osiris-devel] Bug: osirisd 3.0.4 does't daemonize correctly... I saw it in 2.2.0 and I was sure that problem was resolved. Temporary solution: (1) NEVER start and stop daemons by this way, do it by running /etc/init.d/daemon start or ... stop /File name depends, of course/ (2) In this init file, use 'nohup' or some other method to get rid of the control terminal. OR - don't login as a root, login as a user and then 'su' or 'sudo'. (signal, sent by user, can not kill root process). It is well known problem with many daemons, caused by SIGHUP signal and some other issues, when control terminal is closed. Alex Roudnev Exigen Group "Yazz D. Atlas" Sent by: osiris-devel-bounces+alexei_roudnev=exigengroup.com at lists.shmoo.com 03/15/2004 03:07 PM Please respond to Osiris Developers To: osiris-devel at lists.shmoo.com cc: Subject: [osiris-devel] Bug: osirisd 3.0.4 does't daemonize correctly... Since playing around with Osiris lately I found an item I think is a bug. Ssh into a system and stop osirisd by hand and them restart it using the command bellow. Now try to exit that ssh session, it just hangs. ( example of what I'm talking about ) # /usr/local/sbin/osirisd -r /usr/local/osiris/ # exit logout (just hangs here) You might want to look at the following URL for some code to solve this. (I'm not a programmer so forgive me if I can't submit my own patch) http://www.erlenstar.demon.co.uk/unix/faq_2.html#SEC16 (cut and pasted from above URL) A daemon process is usually defined as a background process that does not belong to a terminal session. Many system services are performed by daemons; network services, printing etc. Simply invoking a program in the background isn't really adequate for these long-running programs; that does not correctly detach the process from the terminal session that started it. Also, the conventional way of starting daemons is simply to issue the command manually or from an rc script; the daemon is expected to put itself into the background. -- Yazz D. Atlas Voice: 408-802-9608 (cell) Senior Systems Engineer / Senior BOFH Fax: 510-226-8814 [ O | S | D | N ] Open Source Development Network / VA Software http://www.osdn.com 47071 Bayside Parkway Fremont, CA 94538 AIM:"Entropy Works 42" IRC:"Aaton irc.slashnet.org" ICQ:"11445680" gpg --keyserver wwwkeys.pgp.net --recv-key 0x0C57DDA0 GPG: 644C E9FF D0AF 3C5E 5C73 5E05 00EF C7EC 0C57 DDA0 _______________________________________________ osiris-devel mailing list osiris-devel at lists.shmoo.com https://lists.shmoo.com/mailman/listinfo/osiris-devel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.shmoo.com/pipermail/osiris-devel/attachments/20040317/a57b3b46/attachment.htm From Alexei_Roudnev at exigengroup.com Wed Mar 17 13:27:18 2004 From: Alexei_Roudnev at exigengroup.com (Alexei Roudnev) Date: Wed, 17 Mar 2004 10:27:18 -0800 Subject: [osiris-devel] Bug: osirisd 3.0.4 does't daemonize correctly. .. References: <3DD86CAAF0AFD211A88400508B8B3B530AF8E297@ex-pa-u1.us.responsys.com> Message-ID: <061b01c40c4d$7ae4da10$6601a8c0@exigengroup.com> MessageIt is not a big problem (manual start) - as I was saying, the safest way to do it is to login as a user, then use su or sudo -s. Unfortunately, some rc files/scripts send SIG_HUP when finised, so if daemon aborts on this signal, it can be aborted when RC script finished. May be, it is not an issue on modern OS, but I saw it a few tims in past. Anyway, daemon should be _daemon_. It is a bug. ----- Original Message ----- From: Luke West To: 'Osiris Developers' Cc: 'osiris-devel-bounces+alexei_roudnev=exigengroup.com at lists.shmoo.com' Sent: Wednesday, March 17, 2004 7:31 AM Subject: RE: [osiris-devel] Bug: osirisd 3.0.4 does't daemonize correctly. .. All, If you have ssh'd from machine1 to machine 2, there is a way to get out of the session on machine 2, but it is brutal. Use the interrupt built into SSH ~. (tilde dot) L. -----Original Message----- From: Alexei_Roudnev at exigengroup.com [mailto:Alexei_Roudnev at exigengroup.com] Sent: 15 March 2004 23:32 To: Osiris Developers Cc: osiris-devel-bounces+alexei_roudnev=exigengroup.com at lists.shmoo.com; osiris-devel at lists.shmoo.com Subject: Re: [osiris-devel] Bug: osirisd 3.0.4 does't daemonize correctly... I saw it in 2.2.0 and I was sure that problem was resolved. Temporary solution: (1) NEVER start and stop daemons by this way, do it by running /etc/init.d/daemon start or ... stop /File name depends, of course/ (2) In this init file, use 'nohup' or some other method to get rid of the control terminal. OR - don't login as a root, login as a user and then 'su' or 'sudo'. (signal, sent by user, can not kill root process). It is well known problem with many daemons, caused by SIGHUP signal and some other issues, when control terminal is closed. Alex Roudnev Exigen Group "Yazz D. Atlas" Sent by: osiris-devel-bounces+alexei_roudnev=exigengroup.com at lists.shmoo.com 03/15/2004 03:07 PM Please respond to Osiris Developers To: osiris-devel at lists.shmoo.com cc: Subject: [osiris-devel] Bug: osirisd 3.0.4 does't daemonize correctly... Since playing around with Osiris lately I found an item I think is a bug. Ssh into a system and stop osirisd by hand and them restart it using the command bellow. Now try to exit that ssh session, it just hangs. ( example of what I'm talking about ) # /usr/local/sbin/osirisd -r /usr/local/osiris/ # exit logout (just hangs here) You might want to look at the following URL for some code to solve this. (I'm not a programmer so forgive me if I can't submit my own patch) http://www.erlenstar.demon.co.uk/unix/faq_2.html#SEC16 (cut and pasted from above URL) A daemon process is usually defined as a background process that does not belong to a terminal session. Many system services are performed by daemons; network services, printing etc. Simply invoking a program in the background isn't really adequate for these long-running programs; that does not correctly detach the process from the terminal session that started it. Also, the conventional way of starting daemons is simply to issue the command manually or from an rc script; the daemon is expected to put itself into the background. -- Yazz D. Atlas Voice: 408-802-9608 (cell) Senior Systems Engineer / Senior BOFH Fax: 510-226-8814 [ O | S | D | N ] Open Source Development Network / VA Software http://www.osdn.com 47071 Bayside Parkway Fremont, CA 94538 AIM:"Entropy Works 42" IRC:"Aaton irc.slashnet.org" ICQ:"11445680" gpg --keyserver wwwkeys.pgp.net --recv-key 0x0C57DDA0 GPG: 644C E9FF D0AF 3C5E 5C73 5E05 00EF C7EC 0C57 DDA0 _______________________________________________ osiris-devel mailing list osiris-devel at lists.shmoo.com https://lists.shmoo.com/mailman/listinfo/osiris-devel ------------------------------------------------------------------------------ _______________________________________________ osiris-devel mailing list osiris-devel at lists.shmoo.com https://lists.shmoo.com/mailman/listinfo/osiris-devel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.shmoo.com/pipermail/osiris-devel/attachments/20040317/91b6545d/attachment.htm From thomas.jones at linux-howtos.com Wed Mar 17 01:41:56 2004 From: thomas.jones at linux-howtos.com (Thomas Jones) Date: Wed, 17 Mar 2004 00:41:56 -0600 Subject: [osiris-devel] Osiris man page Message-ID: <200403170042.02135.thomas.jones@linux-howtos.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey all, I contructed a man page for inclusion into my rpm. This should be a good template to construct the others quickly. I need input on the description section. Here it is. Luke - Why we are at it --- let's go ahead and come up with the osirisd description as well. What about your public email addy? Is this ok to you? Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFAV/M4QT2komo99ukRAqMnAJ9cHmMxkiKK2iavMTZFZPeYvYsbiACeIRzm Ey7fin+gtWgxUtaPGL0BgMc= =vxLO -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: osirismd.1 Type: application/x-troff Size: 1473 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/osiris-devel/attachments/20040317/7eb56a9d/attachment.tr From luke at responsys.com Thu Mar 18 10:24:54 2004 From: luke at responsys.com (Luke West) Date: Thu, 18 Mar 2004 07:24:54 -0800 Subject: [osiris-devel] Osirisd question Message-ID: <3DD86CAAF0AFD211A88400508B8B3B530AF8E310@ex-pa-u1.us.responsys.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brian, In the (very) old days of Osiris when you had to run the osiris and scale executables against an individual Windows host, I built a chunk of Perl to map a network drive, then run the scanner against this new drive. This had the advantage that the remote host did not have to have anything installed on it. I have spoken to a number of people about using Osiris, and they don't like new software being installed. Is there an easy(ish) way of running the osirisd scanner against remote Windows hosts using this map-a-network-drive routine. L Luke West London Data Centre Manager Mobile 07740 592800 Office 0870 6090082 Fax 0870 6090083 -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBQFm+5ZtEQoqsKtbVEQKGKwCgld/e9wzFJ2eRFs+PuwSbdFDshRwAn0j3 L5E28dPjq15ktQyH0TC0TR0W =/Jhy -----END PGP SIGNATURE----- From brian at shmoo.com Thu Mar 18 11:14:14 2004 From: brian at shmoo.com (Brian Wotring) Date: Thu, 18 Mar 2004 09:14:14 -0700 Subject: [osiris-devel] Osirisd question In-Reply-To: <3DD86CAAF0AFD211A88400508B8B3B530AF8E310@ex-pa-u1.us.responsys.com> References: <3DD86CAAF0AFD211A88400508B8B3B530AF8E310@ex-pa-u1.us.responsys.com> Message-ID: <4CE13C52-78F7-11D8-BAAA-000393578C14@shmoo.com> Not that I would recommend. First, files are not the only thing that are scanned by the agents. Second, there is the issue of complicating the data path, and the security of that path. Installing software does suck, I agree, but the alternatives present more complications (in my opinion). On Mar 18, 2004, at 8:24 AM, Luke West wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Brian, > > In the (very) old days of Osiris when you had to run the osiris and > scale > executables against an individual Windows host, I built a chunk of > Perl to > map a network drive, then run the scanner against this new drive. This > had > the advantage that the remote host did not have to have anything > installed > on it. I have spoken to a number of people about using Osiris, and they > don't like new software being installed. Is there an easy(ish) way of > running the osirisd scanner against remote Windows hosts using this > map-a-network-drive routine. > > L > > Luke West > London Data Centre Manager > Mobile 07740 592800 > Office 0870 6090082 > Fax 0870 6090083 > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.0 > > iQA/AwUBQFm+5ZtEQoqsKtbVEQKGKwCgld/e9wzFJ2eRFs+PuwSbdFDshRwAn0j3 > L5E28dPjq15ktQyH0TC0TR0W > =/Jhy > -----END PGP SIGNATURE----- > _______________________________________________ > osiris-devel mailing list > osiris-devel at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris-devel > > -- Brian Wotring ( brian at shmoo.com ) PGP KeyID: 0x9674763D From Alexei_Roudnev at exigengroup.com Thu Mar 18 13:12:54 2004 From: Alexei_Roudnev at exigengroup.com (Alexei Roudnev) Date: Thu, 18 Mar 2004 10:12:54 -0800 Subject: [osiris-devel] Osirisd question References: <3DD86CAAF0AFD211A88400508B8B3B530AF8E310@ex-pa-u1.us.responsys.com> Message-ID: <068701c40d14$a240f6d0$6601a8c0@exigengroup.com> It will be unsecure (share system disks) and extremely slow. > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Brian, > > In the (very) old days of Osiris when you had to run the osiris and scale > executables against an individual Windows host, I built a chunk of Perl to > map a network drive, then run the scanner against this new drive. This had > the advantage that the remote host did not have to have anything installed > on it. I have spoken to a number of people about using Osiris, and they > don't like new software being installed. Is there an easy(ish) way of > running the osirisd scanner against remote Windows hosts using this > map-a-network-drive routine. > > L > > Luke West > London Data Centre Manager > Mobile 07740 592800 > Office 0870 6090082 > Fax 0870 6090083 > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.0 > > iQA/AwUBQFm+5ZtEQoqsKtbVEQKGKwCgld/e9wzFJ2eRFs+PuwSbdFDshRwAn0j3 > L5E28dPjq15ktQyH0TC0TR0W > =/Jhy > -----END PGP SIGNATURE----- > _______________________________________________ > osiris-devel mailing list > osiris-devel at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris-devel > From brian at shmoo.com Fri Mar 19 09:39:25 2004 From: brian at shmoo.com (Brian Wotring) Date: Fri, 19 Mar 2004 07:39:25 -0700 Subject: [osiris-devel] Re: [osiris] Database Update Comments In-Reply-To: <1079706713.27636.3.camel@corp.godshell.com> References: <1079642859.16552.42.camel@corp.godshell.com> <06f101c40d41$1babdd60$6601a8c0@exigengroup.com> <1079706713.27636.3.camel@corp.godshell.com> Message-ID: <3863BA84-79B3-11D8-90C7-000393578C14@shmoo.com> Have a look at src/osirismd/md_notify.c and look for the NOTIFY_UPDATE_URL_FORMAT macro. If you are sucessfull, forward a patch to this list. If you are not comfortable with editing the source, but know what changes you would like to see to that URL, forward that to this list and someone will review it and possibly make the change. On Mar 19, 2004, at 7:31 AM, Jason 'XenoPhage' Frisvold wrote: > On Thu, 2004-03-18 at 18:31, Alexei Roudnev wrote: >> I'd like to see this comments in the mail (I maintain all change >> reports as >> a mail archive). >> It was discussed some time ago, and was decided as reasonable. > > Speaking of mail... :) What can I change in the source to HTMLize the > mail a little? The links I receive in the mail aren't clickable with > my > mail client (evolution), presumably because of the ? in the link... > With a little HTML magick, I guess this could be fixed... :) > > Or is there something more permanent that can be done? > > > -- > --------------------------- > Jason 'XenoPhage' Frisvold > Engine / Technology Programmer > friz at godshell.com > RedHat Certified - RHCE # 803004140609871 > MySQL Pro Certified - ID# 207171862 > MySQL Core Certified - ID# 205982910 > --------------------------- > "Something mysterious is formed, born in the silent void. Waiting alone > and unmoving, it is at once still and yet in constant motion. It is the > source of all programs. I do not know its name, so I will call it the > Tao of Programming." > _______________________________________________ > osiris mailing list > osiris at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris -- Brian Wotring ( brian at shmoo.com ) PGP KeyID: 0x9674763D From Alexei_Roudnev at exigengroup.com Fri Mar 19 11:53:08 2004 From: Alexei_Roudnev at exigengroup.com (Alexei Roudnev) Date: Fri, 19 Mar 2004 08:53:08 -0800 Subject: [osiris-devel] Re: [osiris] Database Update Comments References: <1079642859.16552.42.camel@corp.godshell.com><06f101c40d41$1babdd60$6601a8c0@exigengroup.com><1079706713.27636.3.camel@corp.godshell.com> <3863BA84-79B3-11D8-90C7-000393578C14@shmoo.com> Message-ID: <07e301c40dd2$a88358d0$6601a8c0@exigengroup.com> OK. MY problem is that I can work with osiris few days, then mst switch to another task, then can return (in a few weeks) to it. For now, it works prettyn stable (except 'config' mistery with CPU loop) so I had not a reason to return for a while. I'll look. Notification change require additional parameter in host configuration (or at least in global configuration) - to send notification or not. ----- Original Message ----- From: "Brian Wotring" To: "Osiris Developers" Sent: Friday, March 19, 2004 6:39 AM Subject: [osiris-devel] Re: [osiris] Database Update Comments > > Have a look at src/osirismd/md_notify.c and look for the > NOTIFY_UPDATE_URL_FORMAT macro. If you are sucessfull, forward a patch > to this list. > > If you are not comfortable with editing the source, but know what > changes you would like to see to that URL, forward that to this list > and someone will review it and possibly make the change. > > On Mar 19, 2004, at 7:31 AM, Jason 'XenoPhage' Frisvold wrote: > > > On Thu, 2004-03-18 at 18:31, Alexei Roudnev wrote: > >> I'd like to see this comments in the mail (I maintain all change > >> reports as > >> a mail archive). > >> It was discussed some time ago, and was decided as reasonable. > > > > Speaking of mail... :) What can I change in the source to HTMLize the > > mail a little? The links I receive in the mail aren't clickable with > > my > > mail client (evolution), presumably because of the ? in the link... > > With a little HTML magick, I guess this could be fixed... :) > > > > Or is there something more permanent that can be done? > > > > > > -- > > --------------------------- > > Jason 'XenoPhage' Frisvold > > Engine / Technology Programmer > > friz at godshell.com > > RedHat Certified - RHCE # 803004140609871 > > MySQL Pro Certified - ID# 207171862 > > MySQL Core Certified - ID# 205982910 > > --------------------------- > > "Something mysterious is formed, born in the silent void. Waiting alone > > and unmoving, it is at once still and yet in constant motion. It is the > > source of all programs. I do not know its name, so I will call it the > > Tao of Programming." > > _______________________________________________ > > osiris mailing list > > osiris at lists.shmoo.com > > https://lists.shmoo.com/mailman/listinfo/osiris > -- > Brian Wotring ( brian at shmoo.com ) > PGP KeyID: 0x9674763D > > _______________________________________________ > osiris-devel mailing list > osiris-devel at lists.shmoo.com > https://lists.shmoo.com/mailman/listinfo/osiris-devel > From brian at shmoo.com Mon Mar 22 11:06:57 2004 From: brian at shmoo.com (Brian Wotring) Date: Mon, 22 Mar 2004 09:06:57 -0700 Subject: [osiris-devel] log formats Message-ID: http://osiris.shmoo.com/logs -- Brian Wotring ( brian at shmoo.com ) PGP KeyID: 0x9674763D From brian at shmoo.com Mon Mar 22 21:50:21 2004 From: brian at shmoo.com (Brian Wotring) Date: Mon, 22 Mar 2004 19:50:21 -0700 Subject: [osiris-devel] modular interface Message-ID: The next major release of Osiris (version 4.0) will be a merge of the 2.x and the 3.x branches. For all of the changes that will be going into 4.0, see the ChangeLog file. The biggest difference with this release will be the modular interface for the scan agent. For more information, go here: http://osiris.shmoo.com/modules/ The changes to the Windows build system that are needed to support modules has not been completed, but for all other systems, the code is checked into the top of the source tree. Comments and suggestions are welcome. -- Brian Wotring ( brian at shmoo.com ) PGP KeyID: 0x9674763D From brian at shmoo.com Thu Mar 25 22:55:45 2004 From: brian at shmoo.com (Brian Wotring) Date: Thu, 25 Mar 2004 20:55:45 -0700 Subject: [osiris-devel] AIX support Message-ID: <75713654-7ED9-11D8-B0EB-000393578C14@shmoo.com> I've just committed a handful of changes required to support AIX into the top of the source tree. I know there are AIX users on this list lurking somewhere, we should have support for you in the 4.0 release. -- Brian Wotring ( brian at shmoo.com ) PGP KeyID: 0x9674763D From thomas.jones at linux-howtos.com Tue Mar 30 16:16:58 2004 From: thomas.jones at linux-howtos.com (Thomas Jones) Date: Tue, 30 Mar 2004 15:16:58 -0600 Subject: [osiris-devel] Configuration issues Message-ID: <200403301516.58612.thomas.jones@linux-howtos.com> Brian, I have been playing with various "small" configuration changes and documenting the results. I've noticed some peculiar behaviors. Jason Frisvold had brought up documentation inconsistencies invloving the NoEntry directive. I found that the following to be true for the 3.0.4-current release: - NoEntry has no effect on the scanners direction. i.e. with or without is no difference. - However, the Exclude file ("whatever") directive does the job of removing a directory and it contents from a scan. I believe that this may be a documentation issue. - I ran a scan with the following rule: Exclude header ("63 30 31") and it produced checksum errors on completely unrelated files??? I don't know about this one. I will check the logs more closely. - The exclusion directive( and probably inclusion as well) is NOT case-sensitive. This could be a BIG issue later. I was attempting to exclude the System.map-2.4.21-199-athlon file from the /boot directory. I put in the following rule - Exclude file ("S"). This removes ALL files with "S" or "s" in it. Equivalent to [Ss]. - I went ahead and manually changed the rule to both ("Sy") and ("sy") to see changes ---- it now only removed the file i wanted System.map*. But with both rules it does the same. So it seems broken. Or maybe that's the intended behavior. I have all the logs and databases from my tests. And i documented each case in my configuration file. So if you need these; it should help out alot. ;( Thomas From brian at shmoo.com Wed Mar 31 08:22:36 2004 From: brian at shmoo.com (Brian Wotring) Date: Wed, 31 Mar 2004 06:22:36 -0700 Subject: [osiris-devel] osiris-4.0 beta released Message-ID: <79BF5577-8316-11D8-B33C-000393578C14@shmoo.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Osiris version 4.0.0-beta released - ---------------------------------------------------- Osiris - Host Integrity Monitoring http://osiris.shmoo.com This beta release of Osiris contains many new enhancements and fixes. The complete ChangeLog is attached with this message. The 4.0 release will be the result of the merging of the stable and current branches in the code base. Out of all of the differences, the ones I would like to bring attention to: a) This release is NOT compatible with the 2.x or 3.x code releases. Although this is unfortunate the benefits associated with the changes outweighed compatibility. b) Support for modules: this is a new way for developers to extend what the scan agent monitors. See http://osiris.shmoo.com/modules for more details. c) Support for AIX (thanks to Duane Dunston) and IRIX (thanks to Karen Wieprecht). Please forward anything that looks like it needs attention to me or the development list so we can get it fixed before the release. Downloads: http://osiris.shmoo.com/data/osiris-4.0.0-beta.tar.gz http://osiris.shmoo.com/data/osiris-4.0.0-beta-win32.exe Checksums and Signatures: MD5(osiris-4.0.0-beta.tar.gz)= d2d709e6135e78b82d035acc29f669a0 MD5(osiris-4.0.0-beta-win32.exe)= 9ecd458f1c26c8db3a114883cc5a82cf http://osiris.shmoo.com/data/osiris-4.0.0-beta.tar.gz.sig http://osiris.shmoo.com/data/osiris04.0.0-beta-win32.exe.sig Please forward any questions or comments to the Osiris mailing list: osiris at shmoo.com, and any questions related to development to the development list: osiris-devel at shmoo.com Differences with version 4.0 ================================================= - - Versions 2.x is NOT compatible with version 4.0. - - new modular interface. This allows for developers to easily extend the functionality of the scan agent. See http://osiris.shmoo.com/modules for details. - - support for monitoring user database (module). - - support for monitoring group database (module). - - support for monitoring kernel extensions (module). - - support for AIX (thanks to Duane Dunston). - - support for IRIX (thanks to Karen Wieprecht). - - added reg-ex to the project so that the regular expressions used with filters as well as scan config rules will work the same on all supported platforms. Thus windows scan agents and management consoles now support regular expressions. - - notification settings are now more configurable. On a per-host basis, notification for the following can now be specified: a) scheduler fails to start a scan. b) send notification after every scan, even if no changes occured. c) send notification when an agent has lost its session key. d) send notification when changes are detected. - - filters now can single out specific attribute changes to files. Previously the filters would be all or nothing with respect to showing what changed for a specific file. - - CLI now will dig out the config used for the trusted db and use it if no config name is specified for the config related commands. - - all logs generated by the management console now have ID codes to make the logs more friendly to log analysis tools. See the documentation or the online docs for logging codes, http://osiris.shmoo.com/logs - - syslog levels: info, warn, and err are now used. The syslog facility is still configurable. The log_intensity config paramater is no more. - - The name of the osiris user/group created during the installation can now now be specified as a configure option. The default is, "osiris". - - The osiris root directory can now be specified as a configure option, the default is, "/usr/local/osiris". - - logs now reveal the ID of the scan config used, in addition to the name. - - The CLI now lists hosts in alphabetical order. - - CLI now will make use of the EDITOR environment variable so you can choose what editor to use to edit and create scan configs. - - database format made more efficient and the records are printed in a alphabetical order in print-db routines as well as in any logs or notifications (new version of Berkeley DB: 4.2.52). - - The source now builds under MinGW. As a result, the build system on Windows is no longer the cumbersome pain that it was. The Visual Studio project files have all been removed, with joy. - - new make targets: "agent" and "console" now create installation packages for the scan agent and the management console that can be run from read-only media. - -- Brian Wotring ( brian at shmoo.com ) PGP KeyID: 0x9674763D -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQGrGHA3seZ6WdHY9EQKhHwCcDwdjtrZ/wxTskNDLamxBZZbwdBYAoP27 hWN+awy9//QlENw8NJ6pdHgQ =WkQl -----END PGP SIGNATURE-----