Archive for August, 2005

Mac Forensics in Los Angeles

Sunday, August 28th, 2005

Ever been hacked? Had information stolen? Who do you turn to? What do you do? No matter what the level, a security breech has occurred and action must be taken to ensure a repeat offense doesn’t happen. The first reaction to a security breech is to isolate it and fix it as soon as possible. However, writing to the systems in any way can cause clues to be overwritten. Therefore it is important to discover the identity of the attacker.

The more quickly that forensic analysis is performed the more likely that the attacker, vandal or thief will be apprehended. One of the best places to start in analysis is making a copy of the system that hasn’t been written to. For Windows this is done using a program like Ghost. On the Mac platform using Carbon Copy Cloner or the Disk Utility to create an image is a good move. It is best to get a copy of your system as soon after a security incident as possible.

On local systems, there are some valuable pieces of information that can be obtained about the identity of the person stealing data. This can be anything from the IP address of the attacker to the name of the drive they’re transferring data to. On many Operating Systems valuable logs or cached files are overwritten on a routine basis. If a clone is made, it is often best to create a clone, or a replica of the system in its current state, as soon as possible.

If it’s a server, then the logs of the server provide good clues as to where to look for the perpetrator. Once again it is helpful to create a clone of the system. However, this is not always possible on production servers. Copying the log files is the next best thing.

Firewalls can provide good clues as well. The logging cycles on firewalls typically store data for a shorter period of time than on workstations or servers. Creating a screen shot in PDF format of the firewalls logs or exporting the logs into a text file is a good starting point. Firewalls typically provide good information on what addresses are communicating with a network. This makes them good at specifically determining the identity of the attacker and according to logging levels, the attacks used.

No matter what the issue, time is of the essence. Contacting a professional to help is a good idea. Getting the FBI or the LA County District Attorneys office involved can take time and this can cause clues to be damaged, lost or destroyed. IT professionals can also assist in creating a chain of custody on the equipment that can later be used in court when and if the person who’s invaded your privacy is apprehended and put to trial.

Posted in General Technology | Comments Off

Installing MediaWiki on Mac OS X

Wednesday, August 17th, 2005

Installing MediaWiki

1. Create a database in MySQL called wikidb.
2. Create a new user called wikiserver that has full priviledges to this database (the user does not need to be called wikiserver, but that is the username we will be using for this walkthrough).
3. Download the latest stable release of MediaWiki from http://mediawiki.sourceforge.net.
4. Extract the tar files into a new folder (for this example we are going to call it wiki to keep things easy). This can be done using the tar -xvzf mediawiki.tar.gz (or subsititute your file name for mediawiki.tar.gz
5. Make the configuration files writeable using the command chmod a+w config while in the new wiki folder
6. Move the wiki folder onto a web server
7. From your web server, visit the site 127.0.0.1/wiki or the subfolder that you placed the wiki files into
8. At the MediaWiki Installation page, you will either see a notice that you can install MediaWiki or a notice that your system does not meet the minimum requirements for installion. If your system does not meet the requirements, install the modules that are listed. If it does, move on to the next steps
9. At the MediaWiki Installation page, scroll down to the Site Config section. Here, fill in the fields for:
a. Wiki name: The name assigned to your wiki.
b. Conact e-mail: Displayed when error notices are encountered.
c. Language: The language to be used for your Wiki
d. Copyright: The copyright type, typically leave this as the default setting
e. Admin Username: The username to use for administering the Wiki
f. Admin Password: The password to use for administering the Wiki
g. Shared Memory caching: Decide whether to use memcached
10. Fill in the appropriate values for the Email and authentication setup section:
a. Email (General): Enable or disable the global use of email for your Wiki
b. User-to-User email: Allow users to email one another
c. Email Notification: Allows users to be notified if there is a change in a folder or page
d. Email Authentication: Enable email authentication for the wiki. Sends request for users to click a link to authenticate into the wiki.
11. Database Configuration options:
a. Database Type: Most users use MySQL, but Oracle is an option as well, although experimental.
b. SQLServerHost: The address of the MySQL Server. If MySQL is on the system you are currently using then leave this field as localhost.
c. Database Name: The name of the database you will be using in MySQL to store your wiki’s data.
d. DB Username: If you used wikiserver in step 2 then use wikiserver here; otherwise use the username you chose in step 2.
e. DB Password: The password you assigned for your wikidb user.
f. Database Table Prefix: Use this option if you would like to share you will be using other tables within the wiki database for other applications.
g. Database Character set: leave this as defualt unless you will be using
h. Superuser account: The MySQL SuperUser account – typically root
i. Superuser Password: The MySQL SuperUser or root account password
12. Click on Install MediaWiki!
13. Move the LocalSettings.php file from the /config directory of the wiki installation into the root directory of the wiki installation
14. Go to the http://127.0.0.1/wiki folder and the default Main MediaWiki page will open
15. Customize the wiki to work for your organization

Posted in Mac OS X, Mac OS X Server, Web Development | 1 Comment »

Link Aggregation and Tiger

Sunday, August 7th, 2005

Link Aggregate Networking

Mac OS X 10.4 includes support for link aggregate networking. Link aggregate networking shares network traffic over two or more bonded Ethernet controllers, giving them one IP address for communication. This can allow the servers controllers to run at speeds of 2Gbps. Link aggregation is configured using the Network System Preference Pane.

To enable Link Aggregate Networking
1. Open the Network Pane from System Preferences
2. Click the Show: box and select Network Port Configurations
3. Click New
4. In the Name: box enter a name for the new aggregate port
5. In the Port: box select Link Aggregate
6. Places check marks in the boxes for each port you would like to aggregate
7. Click OK
8. Configure the Port as you would any other network port

Troubleshooting
Link Aggregate Ports must be used in conjunction with an Ethernet Switch.
Link Aggregate Port status can be viewed for each en adapter using the status tab in Network Preferences for the controller.
Assigning multiple LAN IP addresses to a Link Aggregate port can be tricky. I’d stay away from this if possible.
Do not assign two LAN IP addresses to a Link Aggregate port if they are not in the same IP scheme/subnet.

Posted in Mac OS X, Mac OS X Server | Comments Off