Category: Gentoo

It’s been a while since I last posted, but I’m finally managing to get some time for Gentoo dev work again. Fortunately due to the amount of time I’ve delayed other people have been busily working away on the crypto stuff and now with relatively few changes and some testing I was able to integrate their work. With big thanks to Federico Zagarzaz

Well its finally done. After getting Robins permission to help him maintain openldap and with the help of Markus Ullmann I have just commited openldap 2.3 to the tree, although it is hardmasked until Robin and I are happy with it. A lot of things have changed in this version ( changelog) with notable upgrades to syncrepl and the ability to change a lot of the settings of the server itself on the fly as instead of reading it from an external configuration file it is now in the DIT itself. I recommend anyone using openldap to give it a shot and let us know if you come across any problems. One thing that will be of interest to those people who have been bitten by openldap upgrades in the past is that this time around we have set it up so that the openldap 2.3 ebuild will install not only all the relevant openldap 2.3 files but also the libraries from openldap 2.1 and 2.2. While this adds a little to the compilation time, we feel that it will mean less upgrade problems and allow people to rebuild their applications to link to the newer libraries (which unfortunately arn’t backwards compatible) at their leisure, thus avoiding breaking your pam authentication while you’re waiting for all the linked packages to rebuild. In the process we have also closed about 6 bugs for openldap 2.1 and 2.2 so i’d appreciate any and all testing done on the new ~ARCH versions of those.
I’ve filed a bug to get cryptsetup stabilized in its latest form, but I’m also considering whether or not it should just be pulled, as although it is becoming a standard for cryptographic related things, it is completely superceded by cryptsetup-luks and I don’t believe that cryptsetup is currently maintained, whereas cryptsetup-luks is actively maintained and a full drop in replacement. I’ll spend some time thinking about this and let people know via the normal channels.
Kolab is still not going anywhere, I’ve been waiting for the 2.1 release which is meant to make packaging it a lot more feasible, but it seems to have slipped past its timelines for that so I’m just going to continue to wait. Fortunately when it does come out I have offers of help from Gunnar and seemant to help me get it into the tree.

Well I’ve just finished adding all the relevant ebuilds for the new version of sguil. I have also updated my HOWTO so you should be able to get the latest version of sguil up and running with minimal fuss on Gentoo!
It seems that Stuart is busy with some other things in addition to being sick. I hope he gets better soon, but I think rather then waiting any longer I will shortly commit OpenCA to the tree so that we can start to get some testing.
Openldap 2.3 is getting closer to going into the tree and now that I have some time again (I went on a trip to Amsterdam, Vienna, Rome and Florence) I will be looking to finalise and squash any remaining bugs.
Finally if you are a fan of cryptsetup-luks then keep your eyes peeled for updates because I plan to release a few new ebuilds shortly (and some corresponding documentation) which should really simplify its usage in Gentoo.

Well I’m starting to run out of time to get all the things done that I would like before I go on holidays this friday. I’m currently working on openldap 2.3, which, assuming things go to plan I will be helping robbat2 put in the tree shortly. We are waiting on some more testing for one bug, but if bug #105380 is actually fixed then it should be in and hardmasked sooner rather then later. Aside from that I finally got some openca stuff written up. You can find the current ebuild (please forgive its current state) here, so feel free to test it out and let me know if you have any problems. Stuart said that might have some time to webapp-configalize it, so with any luck you won’t have to put up with my habit of dumping things in /var/www/localhost/htdocs/openca 😉 Sguil has just had a major version bump, so as I write this I am currently on ironing out the changes and getting new ebuilds into portage for that. I believe that its quite a change and I’m very keen to see all of the sguil crowds good work in action. On a different note i’ve been told that I can mark a number of my ebuilds as stable on x86 due to difficulty in testing them! No surprise there I guess. As a result of this I have marked sflowtools as stable on x86 (its exceeded all the criteria) and will be looking to add others as and where appropriate, so PLEASE if you are using any of the more obscure things that I maintain, let me know!
Finally, it seems that Till Adams managed to get seemant all fired up about kolab (not surprising as Till is a great bloke with a wealth of information about groupware related matters in general) and consequently seemant has expressed an interest in helping me get kolab into portage. On that note I have started to read up on where things are and when kolab 2.1 is released, which I am told should be in the next month or so, things are looking good to get this into portage. Until then I’ll keep working on something that I can put into my overlay for all you eager people to test.

Well I had a relatively productive day yesterday as I managed to go over all of netmons bugs and close a fair few off. In particular I rewrote and merged some patchsets for arpwatch and revbumped it so that now it does actually support being run as a particular user. I’d appreciate testing for this ebuild which is arpwatch-2.1.13. Other ebuilds that might be of interest to various people include a major revbump for Hydra and also for net-snmp. I am hopefuly that the new net-snmp should solve most of the outstanding (and there are a lot) bugs related to net-snmp, so if you are having problems for whatever reason with our current net-snmp ebuilds then give net-snmp-5.3_pre4 a go. I also made some changes to barnyard and snort init scripts to fix some honouring of various variables, no revbumps involved though so you will have to re-emerge them if you want to try them out.
Kolab is currently on the backburner. Its still no where near where i’d like it to be in relation to getting it into the tree. Instead i’ve been working on some OpenCA ebuilds and will probably add them shortly after i’ve sorted out the webapp-config part of them.

Well I think I have got most of the major issues with the first versions of SGUIL that I put into portage. If you have emerged them to try it out then please make sure you re-emerge them as the latest changes are fairly important. I also just finished the first tentative version of a HOWTO. This can be found here. Please let me know if there are any errors in it, be they spelling or logic, and obviously submit a bug if you have a problem with the ebuilds themselves. I’m normally around in #gentoo-netmon on freenode if you have any general questions but I also highly recommend #snort-gui as a place to contact the SGUIL devs.

My crypto bugs are starting to get longer 🙁 This is mainly due to me not using crypto loop and various other common bug topics. Sometime soon I plan on sitting down and setting up some crypto loop stuff so that I can replicate and solve all these bugs, hopefully in the next week or so.

well its been quite some time since I last blogged, so my apologies to anyone who was relying on this as a way of keeping track of what I was up to (or not as the case may be).

First of the bat is Linux World expo in London. I was there both days and had a chance to meet with a few of the other devs which was the definite highlight of the show for me. All in all I was very dissapointed with the show as I felt there was a little too many exhibitors and not enough things to exhibit, certainly the show seemed to be lacking anything amazing or new, about the only thing that was at all interesting for me was the new java desktop from Sun, looking glass, which while pretty eye candy didn’t seem that useful, but maybe thats just me being a cynic. Meeting some of our users was great and not at all what I expected. I was expecting a large amount of angst ridden, black wearing ricers to turn up but in actuality I didn’t see one for the entire show, quite the opposite we got a lot of older people that were obviously IT professionals. Gentoo’s community remains one of its strongest points in my opinion.

On to more technical things. I have just finished writing all the things to get sguil into portage. I can’t emphasize how useful and powerful sguil is to anyone who has had to use an IDS before, I fully recommend you check it out and while your doing that you can test my ebuilds 🙂 To do that go here and grab the entire net-analyzer overlay. Once you have emerged all the packages (note that there is important information in the einfo in most of the ebuilds so if you emerge them all in one go you might want to record the output) you should be able to do the following to get it all up and working:
* create the sguil database as per the instructions and using the script provided.
* put the relevant db information into the relevant configuration files, basically /etc/snort/barnyard.conf and /etc/sguil/sguild.conf.
* you should also probably setup snort to log to a db while you are doing this but its by no means compulsory.
* create yourself a sguild user with the following command sguild -c /etc/sguil/sguild.conf -u /etc/sguil/sguild.users USERNAME
* start snort, sancp, barnyard, sguild, sensor-agent, log_packets in that order (the order isn’t really that important but doing it like that will save you having to wait for processes that might have been started before a dependant one had been started and it could get the required information from it). Check /var/log/messages while you are doing this to make sure that there are no obvious errors.
* at this point you can run sguil.tk and login using the account you created.

Thats all there should be to it! I am looking to put this into portage very soon (read less then a day) unless some major bugs turn up. I will be writing this all up fully shortly so expect a link in my next blog but if you need any help with this until then find me on #gentoo-netmon.

Aside from netmon stuff, i’ve been doing some work on cryptsetup{-luks} and its scripts but I won’t go into any detail until I have something that I can show people.

Finally kolab 🙂 I promised I would be working on this and well, i’ve been slacking. I greatly appreciate people like Gunnar Wrobel who have been doing a lot of work to get kolab ebuilds functional and have been contacting me for help. That all said there has not been much that I could do right now to get kolab into portage as they are still changing a lot of things around, including the build process and the packaging. That combined with changing patchsets to other components has meant that it is not a stable candidate for inclusion so until that all changes it unlikely we can get ebuilds for all of kolab. Still I promise to put more time and effort into this and my other netmail responsibilities very soon, though my work (for cash) is crippling my spare time right now.

Well I finally put the network monitoring ebuilds into CVS. Once you’ve added the relevant files to /etc/portage.keywords you should now be able to emerge JKFlow or CUFlow and follow the HOWTO for nice graphs! On a different note I also threw lurker into CVS so let me know if there are any problems with that. Thanks to stuart for explaining some webapp-config details.

I am now starting work on kolab and have decided that I have procrastinated enough with netmon stuff and time to get back into net-mail! Follow this bug for information on kolab.

Well with thanks to mcummings for providing ebuilds for some nasty old perl modules, and ka0ttic pointing me in the right direction with some ebuild questions, I have got a working set of ebuilds for some network monitoring. In summary the network monitoring is done with flows sent to a central box that can then process them and present near real time graphs broken down in a variety of ways. I won’t bore you all with more, but I have written a HOWTO about this and if you are interested you can read it here. Suggestions / patches are welcome, either for the ebuilds or the HOWTO. The ebuilds are in my overlay but you are better off reading the HOWTO on how to install and use them.

Now some of my distractions are past I will see if I can get some real progress on the kolab ebuilds.

Just a quick blog to let people know that I have just finished a HOWTO for lvm + dm-crypt + suspend2. This is primarily aimed at the gentoo laptop users, but some of the concepts (in particular an explanation on initramfs) might be of interest to a wider audience. You can find it hosted on my own site here or on the suspend2 wiki here. I am interested in any feedback. On a similar note I have just about finished a laptop tips page which will hopefully be of use to those people trying to get the most out of their laptops.
I have been spending some time on writing a cryptsetup-luks ebuild which I hope to get into portage shortly. Additionally I have added sflowutils which is the start of the packages I am going to put into portage relating to large scale network monitoring.
Finally I have started to look at and assess kolab ebuilds, though its going to be a long road :/