Aperture Science

Sounds simple enough, but this is just an intro post for some other cool PowerShell related posts.

One thing I needed was a WebDav server, and well, why not use my handy little Qube server.

If you want to set up the Apache WebDav module (in this case on NetBSD) simply:

1. Ensure you have the apache DAV module installed
2. We need a folder for the DavLock database, i did the following:
   
3. Once you have the folders, add the following lines to your http.conf. Note this will assume that the folder webdav is stored wherever the rest of your htdocs are, so you need to make the folder or create a symbolic link from there to where you want WebDav files to be stored.
   
4. Restart/Reload the Apache Service
5. DONE!

Notes:

I should probably explain the lines we are entering in the httpd.conf file, as they will cause you some confusion if I don't.

The first line is specifying where we want the DavLockDB, in this case, we want the files to be called DavLock, in the folder we created earlier.

We then have the usual Apache location tags, in this case we want the location to be /webdav. Change this to suit your needs. You could also use Directory tags.

The next three lines are to do with authentication and authorisation. I only ever perform authentication with HTTP Digest (the first line), and I always where possible create a new authentication realm which Apache calls the AuthName. Finally we need to have a list of usernames and passwords, AuthUserFile will point to where we have a file of usernames and passwords setup in the correct method for Apache.

The file section, is something that was covered in the Apache documentation, and to be frank, I don't fully understand as the Apache configuration layout is still perplexing to me. What I know is that this line is limiting who can access the webdav location, in this case, valid-user means anyone who authenticates successfully and isn't a guest will have access. I am sorry I couldn't be any more helpful.

So now we have all of this sorted, I will be able to show you all soon, some of the cool PowerShell stuff I have been investigating. As a teaser, I have been looking at the various was PowerShell can integrate with web applications, as well as new methods for PowerShell to copy and save data that it creates.

I have also been working on some updates to my standard template, minor tweaks in formatting really, as well as some fun stuff around making the copy script I use every day an even more powerful and flexible tool.

I am going to start by warning the Windows System Administrators that the next few blog posts will not contain any Microsoft products.

Remember the good old days on the Internet? Do you remember the .COM boom and bust?

Well, I get to reminisce on an almost daily basis because one of my main servers at home is from that very time period!

Last year I bought a Sun Cobalt Qube 2 from eBay. I was so excited to get my hands on one of these little blue boxes, at the time I didn’t consider what I would use it for, not to mention what operating system I would be running on it. All I knew was I would have my very own Qube 2, and not one of the x86 sell out Qube 3 units!

When I was a very young IT Professional, quite a number of people I knew were involved in running various Cobalt systems, and in fact some of my early web development, system administration and security experience were on the platform. This was something of a teenage-hood dream that one day, I might get to own one.

Specifications (http://www.computinghistory.org.uk/det/1112/cobalt-qube-2/):

Cobalt Qube 2

• 64Bit MIPS RISC CPU QED RM5231-250Q (superscalar, 250MHz)
• System Controller: Galileo GT-64111
• PCI-ISA Bridge/ATA Controller: Via VT821C586 (Apollo VP)
• 1x16MB RAM (EDO 3.3V, SIMM-Modul 72 Pin, proprietary) – Mine has 128mb!
• Maximum memory: 256MB
• Ultra-ATA 10.2GB hard drive (Seagate ST310212A)
• Maximum fixed disk capacity (BIOS limitation): 30GB
• 2 network interfaces (Tulip) DECchip DC21142 10/100baseTX-FDX
• 6-key-panel + 2x16 LCD-Display
• 1 high-speed serial port (SubD9)
• 1 PCI-slot (proprietary)
• 1 housing fan (4x4 cm, 12V, unsettled)
• 1 small, external 36 Watt power supply unit (12V, 3A)
• Dimensions: 18,4cm x 18,4cm x 19,7cm
• Weight: 2.8kg
• Power supply: 100-240V, 50/60Hz
• Power input: 25 Watt
• Operating environment: 5-40°C, 10-80% air humidity
• Non-operating environment: -10-50°C, 5-93% air humidity
• Original retail price (2000, through Sun): approx. USD 2500

The big thing to note is that it isn’t a standard x86 or x64 CPU, it’s a little endian MIPS processor, and thus you will need an operating system designed specifically for it.

I decided in the end that this server would run Subversion to keep track of all my PowerShell code versions, as well as some personal PHP content that I wrote. All it would need is Subversion, Apache and MySQL.

When the unit arrived, I did some initial investigation and discovered I had one of basically 4 options for what operating system to run on the Qube:

1. The original OS (quite out-dated and very vulnerable)
2. A Debian port to the CPU.
3. A Gentoo Port (Experimental)
4. NetBSD (very mature)

I decided that I would indeed run a more modern operating system and thus ruled out option 1. I decided that Debian would be easier as I am quite familiar with it and Ubuntu.

The Ubuntu install was pretty easy however after a few days it was easy to see that the performance was poor, something that I discovered as a known issue with some of the Qube 2.

I then went on to using NetBSD. This was such a learning curve for me, as for once I had to learn how to use UNIX properly, and there would be no nice friendly finishing touches, and it certainly wouldn’t be as easy to install or use as Linux.

The biggest thing that I needed to get my head around first was text editor VI, this was quickly followed by the Shell which was CSH (not the friendlier BASH) and finally that I would need to COMPILE my applications outside of what was already there! There is a very easy to use and friendly system called PKGSRC which allows you to quickly find and compile your applications; not only that but everything there is tested and made to work on NetBSD, so it will all just work when you need it to.

So, through a lot of messing about I did indeed get the system running, but I wasn’t 100% happy with it, and I never really made my notes into a sensible form. The system ran for almost a year without fault, until last week when it all came crashing down.

I went to install a new application, and soon discovered that the pkgsrc tree was out of date, when I went to update this, I realised I lost my connection. After an hour of trying to update and then loosing connectivity, I ran the uptime command and realised the system was indeed rebooting; further investigation made me realise that the file system had become damaged! Oh no, my previous Qube!

I decided to try and reinstall the operating system, this would also allow me to install NetBSD 5.1 (I originally installed 5.0) and also update all of the applications at the same time. This time, I would document the process.

I will have a number of blog posts over this week and next covering everything I will be doing to bring my little Qube back to a functioning state.

This is a simple guide to building an email gateway which will perform anti-spam and anti-virus filtering prior to delievering email to its intended destination.

I also make use of a sendmail milter to verify the recpients of email messages are valid, and drop the messages if the recpient is found to be invalid. Recipient filtering not only reduces the amount of work that the gateway has to do (as it doesn't perform any anti-spam analyasis etc on the message) but reduces the load on the destination server(s) and protects them.

The milter works by simply connecting to the destination server and testing if it accepts the recipient address prior to accepting the rest of the email body from the machine which is connected to it. If you use Exchange as your destination server, make sure it doesn't accept invalid recipients and returns an NDR which is the default. If the recipient isn't valid, the miltor returns to the SMTP server which is attempting to send email to it that the mail box is full or invalid.

New doco for the Snort build will be comming. There is the following updates to be made:

• Snorby working! (just having issues with PDF files)
• More rule tweaks
• More general tweaks