Related pages
Bloggers
Tags
News
2010. 03. 19. 23:32
On Wednesday I did a presentation on Balabit Meetup. I talked about a programming language that?s very close to me, it?s called Ruby. You can check the slides of my presentation below, moreover if you wanna try this brilliant language out, check the tryruby.org!
Posted by 
László Papp, Software Development Engineer
László Papp, Software Development Engineer2010. 03. 18. 16:45
Today, I would like to share with you some easy troubleshooting practices.
Which process is using a specified file?
with fuser:
usage: fuser -av filename
example:
with lsof:
usage: lsof filename
example:
with fuser:
usage: fuser -av port/protocol
example:
usage: lsof -i protocol:port
example:
usage: netstat -antp
example:
with lsof:
usage: lsof -p PID
example:
Sometimes you have a binary file but you would like to see the content of this file as far as possible.
I suggest using strings command.
usage: strings filename
for example, to see the strings that are at-least 32 characters long:
usage: ldd filename
example:
Which process is using a specified file?
with fuser:
usage: fuser -av filename
example:
pzolee@thor:~$ fuser -av .file.txt.swpkilling this process right now: fuser -av -ki filename
USER PID ACCESS COMMAND
.file.txt.swp: pzolee 30694 F.... vim
with lsof:
usage: lsof filename
example:
root@thor:/home/pzolee# lsof /var/log/messagesWhich process is using a specified port?
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
syslog-ng 1255 root 10w REG 8,2 313880 75944 /var/log/messages
with fuser:
usage: fuser -av port/protocol
example:
root@thor:~# fuser -av 22/tcpwith lsof:
USER PID ACCESS COMMAND
22/tcp: root 1275 F.... sshd
usage: lsof -i protocol:port
example:
root@thor:/home/pzolee# lsof -i :22with netstat:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1306 root 3u IPv4 5196 0t0 TCP *:ssh (LISTEN)
sshd 1306 root 4u IPv6 5199 0t0 TCP *:ssh (LISTEN)
usage: netstat -antp
example:
root@thor:/home/pzolee# netstat -antp | grep 22Which files are used by a specified process?
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1306/sshd
with lsof:
usage: lsof -p PID
example:
root@thor:/home/pzolee# lsof -p 5251Displaying printable strings of a file
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
syslog-ng 5251 root cwd DIR 8,2 4096 8182 /opt/syslog-ng/var/run
syslog-ng 5251 root rtd DIR 8,2 4096 2 /
syslog-ng 5251 root txt REG 8,2 1524414 34 /opt/syslog-ng/libexec/syslog-ng
syslog-ng 5251 root mem REG 8,2 66905 75946 /var/log/logstore.log
syslog-ng 5251 root 6u unix 0xffff8800280d1e00 0t0 42237 /opt/syslog-ng/var/run/syslog-ng.ctl
syslog-ng 5251 root 8u unix 0xffff8800280d0300 0t0 42233 /dev/log
Sometimes you have a binary file but you would like to see the content of this file as far as possible.
I suggest using strings command.
usage: strings filename
for example, to see the strings that are at-least 32 characters long:
pzolee@pzolee-laptop:~$ strings -n 32 /opt/syslog-ng/libexec/syslog-ngDisplaying shared library dependencies
g_markup_parse_context_end_parse
g_option_context_add_main_entries
OPENSSL_add_all_algorithms_noconf
/opt/syslog-ng/etc/syslog-ng.conf
/opt/syslog-ng/var/syslog-ng.persist
/opt/syslog-ng/var/run/syslog-ng.ctl
Configuration reload request received, reloading configuration
...
usage: ldd filename
example:
pzolee@pzolee-laptop:~$ ldd -v /bin/ps
linux-gate.so.1 => (0x00221000)
libproc-3.2.8.so => /lib/libproc-3.2.8.so (0x0028b000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0x003c8000)
/lib/ld-linux.so.2 (0x00ed8000)
Version information:
/bin/ps:
libproc-3.2.8.so (_3_2_5) => /lib/libproc-3.2.8.so
...
Posted by Zoltán Pallagi, Software Development Engineer
Zoltán Pallagi, Software Development Engineer2010. 03. 15. 16:07
I am happy to announce that we have a new colleague in our German Team in Munich. His name is Frank Mild and has more than 18 years of sales and business development experience. Frank helps Dietmar, our other Sales Manager, to support more and more sales activities in the German speaking countries.
Frank and Dietmar have already been working together as colleagues, therefore Frank was not only a good recomendation for us, but I am also sure that they will be a good team for further successes.
Our aim is to have even stronger sales support in DACH and to be able to reach even more potential business partners and customers, to whom our products can be useful.
Frank and Dietmar have already been working together as colleagues, therefore Frank was not only a good recomendation for us, but I am also sure that they will be a good team for further successes.
Our aim is to have even stronger sales support in DACH and to be able to reach even more potential business partners and customers, to whom our products can be useful.
Posted by Enikő Visky, Regional Director
Enikő Visky, Regional Director2010. 03. 10. 10:09
We have moved forward again. From 2010 we issue CPE certificates about our trainings. if you need that, just indicate on the traning entry-form. The certificate do not contain CPE points, but hours, that helps everybody counting the points. It can be different for every profession. In addition CPE points are maximized if the training is product specific. The certified hours are 6 netto hours a day, therefore we issue 6 hours for SSB, 12 hours for syslog-ng PE and 6 hours for SCB. Fur further info wisit ISACA website.
Posted by Péter Höltzl, IT Security Consultant
Péter Höltzl, IT Security Consultant2010. 03. 08. 11:13
It was in November 2007 when the initial commit of X Control Box was pushed to our VC server -- the idea was to create a framework based on the current Shell Control Box codebase that can act as a base for all our future appliance-like products. We took the chance to rewrite everything that needed to be rewritten: we added proper widgeting for our interface elements, cleared up the CSS code and the browser-server communication, the search interfaces, the whole permission system and added detailed changelogging for everything that can be changed on the UI. The resulting codebased proved to be usable: it took only a couple of weeks to create the initial pre-alpha version of syslog-ng Store Box, and ever since then we've really benefited from having a well-usable common framework into which 2630 commits have added 300k+ lines of code and templates by now.
The video below shows this progress from the beginning to the current state using the amazing visualization tool Gource. Make sure you click over to YouTube and watch it in high quality, it really worth it!
The video below shows this progress from the beginning to the current state using the amazing visualization tool Gource. Make sure you click over to YouTube and watch it in high quality, it really worth it!
Posted by Péter Gyöngyösi, Senior Developer
Péter Gyöngyösi, Senior Developer2010. 03. 06. 15:45
Since the last post, I could hack a couple of hours on the plugins branch, which now compiles. The plugin framework is capable for supporting a quite important core functionality: all socket like sources/destinations are now found in an external plugin called "afsocket".
The reason I've started with afsocket is to make syslog-ng a bit less dependant on OpenSSL. A couple of distributions didn't include syslog-ng 3.0 in their current releases, because it uses OpenSSL from /usr, while syslog-ng should remain in the root directory.
By separating afsocket from the syslog-ng core, I can compile afsocket with and without TLS support, which can be put into separate packages. Thus syslog-ng can operate without OpenSSL.
And the same plugin framework will enable me to create a wide variety of plugins. My ideas:
Again, this functionality is experimental, and I'm still going to rebase the current code and will probably be integrated to syslog-ng 3.2. I got to release 3.1 final first though. :)
The reason I've started with afsocket is to make syslog-ng a bit less dependant on OpenSSL. A couple of distributions didn't include syslog-ng 3.0 in their current releases, because it uses OpenSSL from /usr, while syslog-ng should remain in the root directory.
By separating afsocket from the syslog-ng core, I can compile afsocket with and without TLS support, which can be put into separate packages. Thus syslog-ng can operate without OpenSSL.
And the same plugin framework will enable me to create a wide variety of plugins. My ideas:
- Plugins for all syslog-ng components (source, destination, filter, rewrite, parser)
- Python scriptability (a simple correllation engine in Python?)
- macro transformation functions, for example: $(stripslashes $macro), usable anywhere in templates and stripslashes a plugin that is invoked whenever such an expansion occurs
- Hooks for transforming the log message as it enters syslog-ng (to fix parsing errors for example),
Again, this functionality is experimental, and I'm still going to rebase the current code and will probably be integrated to syslog-ng 3.2. I got to release 3.1 final first though. :)
Posted by Balázs Scheidler, Chief Executive Officer
Balázs Scheidler, Chief Executive Officer2010. 03. 06. 07:32
Things have been a little rough last couple of months, that's why I haven't posted here. I'm in a rush right now as well, but I just wanted to let you know that I have started working on modularizing syslog-ng.
It is only a preliminary prototype, and as of now it doesn't compile, but the way it's going to work is already visible: each plugin will have its own plugin and with some trickery the large syslog-ng.conf parser will call out to the plugin parser. The user will recognize such a plugin as an integral part of syslog-ng.
E.g. this is a sample configuration file:
@version: 3.0
@module: dummy
...
destination d_dummy { dummy(dummy_opt(yes)); };
...
See the dummy plugin code in my git repository, in the "plugins" branch. Please note that that branch is going to be rebased a couple of times yet, I've released it in the spirit of "release early, release often".
I hope to get some of the recent contributions into plugins, instead of bloating the core syslog-ng code. For example output colorization. I'm also thinking about adding built-in scripting support via Python.
It is only a preliminary prototype, and as of now it doesn't compile, but the way it's going to work is already visible: each plugin will have its own plugin and with some trickery the large syslog-ng.conf parser will call out to the plugin parser. The user will recognize such a plugin as an integral part of syslog-ng.
E.g. this is a sample configuration file:
@version: 3.0
@module: dummy
...
destination d_dummy { dummy(dummy_opt(yes)); };
...
See the dummy plugin code in my git repository, in the "plugins" branch. Please note that that branch is going to be rebased a couple of times yet, I've released it in the spirit of "release early, release often".
I hope to get some of the recent contributions into plugins, instead of bloating the core syslog-ng code. For example output colorization. I'm also thinking about adding built-in scripting support via Python.
Posted by Balázs Scheidler, Chief Executive Officer
Balázs Scheidler, Chief Executive Officer2010. 03. 05. 14:26
I have just found a bug in syslog-ng OSE 3.1beta2. When you use keep_hostname(yes) in the options, then at those sources where this field is empty (e.g. messages arriving on /dev/log), it eliminates the hostname, somehow this way:
After the patch:
Not a big bug, but was very embrassing. The patch is in Bazsi's git tree out there. Thank you Bazsi!
I wish you a pleasant weekend!
myuser@myhost:~$ logger hello
myuser@myhost:~$ grep hello /var/log/syslog
myuser@myhost:~$ 2010-03-05T14:05:33+01:00 myuser[]: hello
After the patch:
myuser@myhost:~$ logger hello
myuser@myhost:~$ grep hello /var/log/syslog
myuser@myhost:~$ 2010-03-05T14:05:33+01:00 myhost myuser[]: hello
Not a big bug, but was very embrassing. The patch is in Bazsi's git tree out there. Thank you Bazsi!
I wish you a pleasant weekend!
Posted by Péter Höltzl, IT Security Consultant
Péter Höltzl, IT Security Consultant2010. 03. 05. 13:58
It is well known that people and companies can get very innovative if they wish to cut the costs, and it is especially great if this results in a smart solution.
Making a market survey or buying an existing one is not cheap, and getting one for free can be a large benefit for smaller companies.
I felt handicapped from the start that as a small Hungarian company, we haven't had much information about the global market we were aiming at. Purchasing a global market study cost much more than what we could have afforded.
I was hoping that all this will change when we become a bigger company. And now, although we are still not that big, we could afford to buy a study. But there is always something that seems to be more important and promises imminent benefits. I have realized that we will not spend on that sort of thing until its price is higher than the margin of error in our marketing budgets.
But if everything goes well, this will not even be necessary, because our latest initiative offers free market data for everyone.
Communities have always had high priorities for BalaBit: they are part of our philosophy, our strategy and everyday life. We have always been an active member of the open source software community, and our products are based open formats and open standards.
The Open IT Survey 2010 project offers nothing less than a market survey to be filled by community members who are free to use the results. Participants can complete the anonymous questionnaire in a few minutes, and gain access to global marketing data about IT market trends.
The members of the community have the needed knowledge, we should just collect and share it for everyone's benefit. The open-source movement owes its success to the community, and we are positive that communities are important in shaping the future.
The Open IT Survey wishes to collect the last year's results and this year's expectations, focusing on the performance and trends of the IT and IT security fields. The project has been launched only recently; the first results will be available at the beginning of April at the openITsurvey2010.balabit.com site. According to the organizers, the target group is "everyone who is interested in the results."
The project builds its communication heavily on the community; participants can recommend the project to others on the Facebook Community Portal, as well.
We would like the project to become a regular survey, and gradually collect and share more and more information to everyone, therefore we count on the community's feedback and opinion. Comments and ideas are welcome on the Facebook page.
Posted by Attila Kiss, Marketing Manager
Attila Kiss, Marketing Manager2010. 03. 02. 17:10
I start a new series on Hungarian sights to inform you about our country. The first post is about the Cave Bath which is the only thermal cave in Europe. Some weeks ago I was there with my girlfriend and it was really impressive.
The Cave Bath is a thermal bath in a natural cave in Miskolctapolca, which is part of the city of Miskolc, Hungary, and is unique in Europe.
The thermal water (temperature: 30°C, 86°F) is reputed to cure pain in the joints, and since it has lower salt content than most thermal waters (around 1000 mg/litre), people can bathe in it for much longer, practically for an unlimited amount of time. The Cave Bath can be visited all year long except for January.
The cave and the thermal spring have been known since ancient times, but Tapolca became a popular bathing place only after the Ottoman occupation of Hungary (16th-17th century). During this time the area belonged to the Greek Orthodox abbey of Görömböly; the development of Tapolca into a bathing place was the idea of the abbot in 1711. He also brought doctors from Kassa, today Koąice, Slovakia to examine the beneficial effects of the water. Three pools and an inn were constructed in 1723. The cave itself was not used yet, as the pools were outside. The water was colder than it is now, because the cold water springs of Tapolca (now playing an important role in providing Miskolc with drinkable water) were used too. By the mid-18th century, after a short period of popularity, the bath was neglected and by the 1800s the buildings were in ruins.
In 1837 the new abbot of Görömböly had the buildings restored and expanded. He also had the first indoor pool (though still outside the cave) built, but only for wealthy guests.
In the early 20th century the growing city Miskolc bought the area from the Greek Orthodox Church not only because of the thermal water but also because of the drinking water source (which now provides half of the city's water supply).
In the following years, new public baths were built. In 1934 Tapolca was officially recognised as a spa town. In 1939 the construction of a new bathing house began. During the construction several archaeological findings were unearthed, and a new, previously unknown water spring was found with a water temperature of 31.5°C. The thermal bath was opened in 1941 but the Cave Bath itself was opened only on 14 May 1959.
Since then the bath complex has been expanded several times. The outdoor pool and the characteristic, seashell-shaped roof before it were built in 1969. In the 1980s new rooms and corridors were built, and warmer pools (34°C and 36°C) were constructed. The newest expansion of the bath complex started in 1998.
Posted by Attila Kiss, Marketing Manager
Attila Kiss, Marketing Manager