Monday, November 25, 2013

Oracle Linux Kickstart Install : failed to open /tmp/ks.cfg


While booting your Oracle Linux installation from an Kickstart NFS server, if you receive this error message below, all you you have to is granting permission to read the file to 'others' group.

# chmod 644 /kickstart/ks.cfg


Thursday, November 14, 2013

Splunk universal forwarder agent, Windows 2008 + Active Directory installation problem


I just wanted to try Universal Forwarder agent of Splunk v5 on my test Active Directory domain controller which is running on Windows 2008.

The service accounts privileges were Ok and I applied the whole procedure. By the way the service account had Domain Admin privileges but each time I tried to install the agent, I had the same error message.

"splunk installer was unable to start splunk services exit code '4'"

The resolution is weird, pointless but simple.

Try to type the service account as "account@domain" instead of "domain\account".


Symantec SSIM : End of sale.

http://www.symantec.com/connect/forums/symantec-security-information-manager-ssim-being-discontinued-new-customer-sales-september-5-?utm_content=buffere4d01&utm_source=buffer&utm_medium=twitter&utm_campaign=Buffer


Wednesday, November 13, 2013

Link : Case Study: Analyzing a WordPress Attack – Dissecting the webr00t cgi shell – Part I


http://blog.sucuri.net/2013/11/case-study-analyzing-a-wordpress-attack-dissecting-the-webr00t-cgi-shell-part-i.html

How to create Splunk / Citrix Netscaler log integration ?


It's not so easy to link a Citrix Netscaler WAF / LB to Splunk log management system and display the logs as mentioned in Splunk documentation. I spent more time than I thought. There is no explanation for this procedure in the documentation.

I will talk about my own way.

If you think that will be enough to apply the whole procedure in the link, you are completly wrong. No logs, no definitons.

http://support.citrix.com/article/CTX132533

Here is my procedure ;

- Splunk 5.0.4, build 172409
- Citrix Netscaler NS9.3: Build 50.3.nc

1- Create the correct rule in Netscaler. Please pay attention to the port is 8514.


2- You should create the Audit policy and link with the server that we recently created. After that, you should link it with the Global Policy which is not appearing the screen capture. 


3- You should create an Index in Splunk.


4- You should create a "Data Input" in Splunk.


5- You should enter the same information below.


6- You should download the Splunk App for Netscaler and install in Splunk.


7- Now you should the the first logs.



The path "" is not a valid path to the X.X.X generic kernel headers

I was trying to install VMware tools for Vsphere 4.1 to an Ubuntu 12.04 LTS server (right here I should say that I hate the VMware Tools Gcc and Make needs.)

During the installation it stopped with the error below.

Searching for GCC...
Detected GCC binary at "/usr/bin/gcc".
The path "/usr/bin/gcc" appears to be a valid path to the gcc binary.
Would you like to change it? [no] 

Searching for a valid kernel header path...
The path "" is not a valid path to the 3.8.0-29-generic kernel headers.
Would you like to change it? [yes]

The solution is right here : 

http://askubuntu.com/questions/131351/how-to-install-vmware-tools

sudo ln -s /usr/src/linux-headers-$(uname -r)/include/generated/uapi/linux/version.h /usr/src/linux-headers-$(uname -r)/include/linux/version.h

Simple but boring.