Chattanooga
Unix
Gnu
Android
Linux
Users
Group
Hot Topics:
Sponsoring:
Ham Radio License
May-17, 2013 by: Stephen Haywood
From: Stephen Haywood ------------------------------------------------------ How do I go about getting a Ham Radio License? -- Stephen Haywood Owner, ASG Consulting CISSP, GSEC, OSCP T: @averagesecguy W: averagesecurityguy.info
I have the mobo. Which OS?
May-15, 2013 by: "kitepilot@kitepilot
From: "kitepilot@kitepilot.com" ------------------------------------------------------ Hello all: Well, somehow I got a link to this puppy: http://www.mini-box.com/pico-SAM9G45-X It has everything I need! My plan is to add a wireless radio to the miniPCI bus and deploy these babies as AP and bridges in my network. I don't need any security and/or fancy configuration other than to optimize the wireless link, because all security is done at the firewall level. Question is: Which OS? I am leaning towards a flat Debian, but I am entertaining building me a Open-WRT image for it. Any insights? Which one or which not? Thanks! ET
Bank software open source
May-13, 2013 by: Christopher Rimondi
From: Christopher Rimondi ------------------------------------------------------ Interesting stuff. They just released 1.0 Apparently, you can run a whole financial institution off this. http://mifos.org/ -- Chris Rimondi | http://twitter.com/crimondi | securitygrit.com
Linux.Cdorked.a How do we defend against it?
May-09, 2013 by: Rod-Lists
From: Rod-Lists ------------------------------------------------------ http://www.net-security.org/secworld.php?id=14882
June 22 (Meetup / mini-conference) Details & RF (more) P
May-07, 2013 by: David White
From: David White ------------------------------------------------------ Greetings, folks. Based on the feedback I've received, I'm going to go ahead and set a time for the "Chugalug And IT Crowd Meetup & Networking" to officially start at 2:00pm on Saturday, June 22. Proposed breakout sessions include (thus far): 1. Stephen Haywood: Security or Python Related 2. Aaron and/or Lynn Dixon: Bitcoin 3. David White: DNS & BIND 4. A Lawyer from Fleissner, Davis and Johnson on some sort of legal discussion (possibly intellectual property). I have a meeting with him on Wednesday. I will let folks know his proposed topic and name once he gives me the OK. There will be a swap meet (trade hardware), workshops presented by IT (and Legal) Professionals on various topics, and a chance for networking. Breakout Sessions will each be approximately 30 minutes long including 5 minutes on each side for introductions, networking, and/or moving to the next event. We will also have a breakout session to discuss future similar events, including a possible 2-Day Chattanooga IT Conference in 2014! If you're interested in presenting a breakout session, please contact me off-list. I created a Facebook Event for this, so if you want, please RSVP (and invite people) here: https://www.facebook.com/events/382728415173937/ Thanks, David -- David White Founder & CEO * * *CENTS * Computing, Equipping, Networking, Training & Supporting Nonprofit Organizations Worldwide http://developCENTS.com 423-693-4234
Apache SSL cert install
May-02, 2013 by: Christopher Rimondi
From: Christopher Rimondi ------------------------------------------------------ I don't have much experience configuring Apache. Thought I would run this by the group. I got my cert and put it in the /etc/pki/tls/certs directory. Then ran: sudo chmod 400 /etc/pki/tls/certs/mycert.pem Modified the ssl.conf file by adding this line: SSLCertificateFile /etc/pki/tls/certs/mycert.pem Finally, ran: chown root:root WildcardCertificate.pem Restarted apache and all seems to be working fine. However, I wanted to check to see if I missed anything or there are any gotchas that will come up later. Thanks, Chris -- Chris Rimondi | http://twitter.com/crimondi | securitygrit.com
Can't get oVirt going
April-19, 2013 by: Jonathan Calloway
From: Jonathan Calloway ------------------------------------------------------ All (but mainly Lynn), So, I've installed CentOS 6 using a visualization install. I installed the packages and dependencies for oVirt. However, when I run setup-engine and go through the prompts, it fails to complete with an error about the HTTP service not being able to start. There error is: Installing: Configuring oVirt Engine... [ DONE ] Configuring JVM... [ DONE ] Creating CA... [ DONE ] Updating ovirt-engine service... [ DONE ] Setting Database Configuration... [ DONE ] Setting Database Security... [ DONE ] Creating Database... [ DONE ] Updating the Default Data Center Storage Type... [ DONE ] Editing oVirt Engine Configuration... [ DONE ] Editing Postgresql Configuration... [ DONE ] Configuring the Default ISO Domain... [ DONE ] Configuring Firewall... [ DONE ] Starting ovirt-engine Service... [ DONE ] Configuring HTTPD... [ ERROR ] Error: Can't start the httpd service Please check log file /var/log/ovirt-engine/engine-setup
Linux Fun and Power Saving
April-19, 2013 by: Stephen Haywood
From: Stephen Haywood ------------------------------------------------------ Does building a web app on Ubuntu using web.py and Redis count? How about fixing an OpenVAS XML parsing bug in Metasploit using Kali Linux and the OpenVAS appliance? Stephen Haywood Owner, ASG Consulting CISSP, GSEC, OSCP W: www.averagesecurityguy.info T: @averagesecguy On Apr 18, 2013, at 8:06 PM, William Wade wrote: On topic woot! I was just going to talk about what I just finished setting up. Mostly because I hope it will give others ideas and encourage you to get crazy and make something. Thanks to Aaron, I got a Pogoplug at the last swap meet. Now I like to have a home computer that I can log into via ssh to get to files and what not that I need. Also I like to have a web server for testing as well as sending large files. So I have had my main desktop running 24/7. This worked fine but the amount of power it uses is more than I would like. I setup Arch Linux on the pogo plug and setup apache and a few other servers. I did not have and extra usb hard drive that could hold my data that I needed access to from time to time. So I setup wake on lan on the desktop and a script with the MAC address on the Pogoplug. Now I can ssh into the Pogoplug, wake up the desktop and ssh over to it. Nothing amazing, but I think the power saving is nice. And all possible through Linux and open source. What fun little projects has everyone else been doing with Linux recently?
Linode accounts compromised...again.
April-16, 2013 by: Lynn Dixon
From: Lynn Dixon ------------------------------------------------------ Why do people still use linode? It seems like they are compromised on a regular and routine basis. http://blog.linode.com/2013/04/12/security-notice-linode-manager-password-reset/
Linux volunteer opportunity
April-03, 2013 by: Luke Prince
From: Luke Prince ------------------------------------------------------ I love the idea of a Raspberry Pi kiosk and would happily volunteer some time to help set it up on that platform. I have always wanted to play with one, and this could be the perfect opportunity! On Wed, Apr 3, 2013 at 10:01 AM, wrote: > Send Chugalug mailing list submissions to > chugalug@chugalug.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://chugalug.org/cgi-bin/mailman/listinfo/chugalug > or, via email, send a message with subject or body 'help' to > chugalug-request@chugalug.org > > You can reach the person managing the list at > chugalug-owner@chugalug.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Chugalug digest..." > > > Today's Topics: > > 1. Re: Linux volunteer opportunity (Kiosk station) (Mike Robinson) > 2. Re: Linux volunteer opportunity (Kiosk station) (Darren Breidigan) > 3. Re: Intro to Python class at the library (Dan Eveland) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 3 Apr 2013 07:05:55 -0500 > From: Mike Robinson > To: chugalug@chugalug.org > Subject: Re: [Chugalug] Linux volunteer opportunity (Kiosk station) > Message-ID: > Content-Type: text/plain; charset="us-ascii" > > The usual way to run a kiosk-station is to configure a user-name (often > password-free, often always-logged-on by default) which runs the kiosk > application directly as its "shell." Thus, when that user logs-on, the > kiosk is running; when the kiosk program ends for any reason, the user is > now by definition logged-off. Or, if you want a GUI, select a > window-manager such as Matchbox which is designed for this purpose. > > > http://serverfault.com/questions/59329/im-looking-for-secure-linux-kiosk-software > > http://users.telenet.be/mydotcom/howto/linuxkiosk/intro.htm > > http://www.engineering.uwaterloo.ca/twiki/bin/view/Linux/LinuxKiosk > > http://www.flatcoder.co.uk/how-to-build-a-secure-kiosk-operating-system/ > > > --------- > Mike Robinson > Technical Director > Sundial Services International, LLC > http://www.sundialservices.com > miker@sundialservices.com > (615) 268-3829 > http://www.linkedin.com/pub/mike-robinson/51/532/5a > > > > > I'm not a guru but, I think some kind of kiosk would not be out of my > reach. > > > > Maybe Lubuntu with Firefox in kiosk mode? > > > > https://addons.mozilla.org/en-us/firefox/addon/r-kiosk/ > > > > > > On 04/01/2013 11:58 AM, Nate Hill wrote: > >> Hi all, > >> > >> As part of our 3D printing service we are offering at the library, > >> with thanks to some help from James and Bill of Engage 3D, we now have > >> 4 formerly retired and discarded computers running Ubuntu. The plan > >> is to have those running as Tinkercad stations, but Tinkercad is going > >> away (lame) so we'll use something else. Obviously we can do a lot > >> more than just this with these machines. > >> > >> I know there are some Linux based kiosk systems out there; setups that > >> allow people to schedule reservations of computers. We don't yet have > >> the demand that we need something like this, but I'm hoping as we > >> expand hours and services on The 4th Floor this will really grow into > >> a public computer lab running all open source goodies. > >> > >> I've got a machine that could be tasked as the 'computer signup > >> station'. Does anyone on this list want to give this project a shot? > >> We'd love to have you. > >> > >> Nate > >> > >> -- > >> Nate Hill > >> nathanielhill@gmail.com > >> http://4thfloor.chattlibrary.org/ > >> http://www.natehill.net > >> > > > > > > > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: http://chugalug.org/pipermail/chugalug/attachments/20130403/2813f869/attachment-0001.html > > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: smime.p7s > Type: application/pkcs7-signature > Size: 2116 bytes > Desc: not available > URL: http://chugalug.org/pipermail/chugalug/attachments/20130403/2813f869/attachment-0001.bin > > > > ------------------------------ > > Message: 2 > Date: Wed, 03 Apr 2013 09:47:23 -0400 > From: Darren Breidigan > To: chugalug@chugalug.org > Subject: Re: [Chugalug] Linux volunteer opportunity (Kiosk station) > Message-ID: > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Thanks for the links. > > Some suggest running the whole thing off a flash drive. > > It could probably all be done on a Raspberry Pi. > > > ------------------------------ > > Message: 3 > Date: Wed, 3 Apr 2013 10:01:21 -0400 > From: Dan Eveland > To: Chattanooga Unix Gnu Android Linux Users Group > > Subject: Re: [Chugalug] Intro to Python class at the library > Message-ID: > L2n5KYwgSOQ@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > I am Nate's web guy. I have now made it much more obvious when registering > to show if you are on the wait-list. It was way too subtle with small text. > Basically anyone who registered after 7:30PM on April 1st is on the wait > list. I see Michael Scholten in the class and Lynn Dixson on the wait list. > Feel free to email me directly if you would like me to check. > > > On Wed, Apr 3, 2013 at 6:32 AM, Michael Scholten >wrote: > > > Thanks Nate > > On Apr 2, 2013 7:47 PM, "Nate Hill" wrote: > > > >> Hey > >> I will follow up with my web guy and see what's up with registered folk > >> vs wait list folk > >> Thanks > >> > >> On Tuesday, April 2, 2013, Lynn Dixon wrote: > >> > >>> Michael > >>> I didn't get any response other than the confirmation on the webpage. > >>> Hopefully we were able to get in the class! > >>> On Apr 2, 2013 7:22 PM, "Michael Scholten" > wrote: > >>> > >>>> (in late response to you Lynn...) I signed up. Pretty certain I am in > >>>> the first 25 as there were still 2 slots open after I put my name in > >>>> although I can't be sure. Should we/I have gotten any sort of > confirmation > >>>> Nate? Email or otherwise? > >>>> > >>>> -Michael > >>>> > >>>> > >>>> On Tue, Apr 2, 2013 at 3:18 PM, rdflowers wrote: > >>>> > >>>>> Simple interactions with a database, examples of actual code that are > >>>>> fairly simple, BUT are beyond the "Hello, World" stage, > python.orgmailing lists, getting new modules from > >>>>> python.org or elsewhere, hashes, sets, multisets, tips and tricks; > >>>>> or, some non-crowded subset of all that. > >>>>> > >>>>> ----- Message from stephen@averagesecurityguy.**info --------- > >>>>> Date: Tue, 2 Apr 2013 14:16:25 -0400 > >>>>> From: Stephen Haywood > >>>>> > >>>>> Reply-To: Chattanooga Unix Gnu Android Linux Users Group >>>>> chugalug@chugalug.org> > >>>>> Subject: Re: [Chugalug] Intro to Python class at the library > >>>>> To: Chattanooga Unix Gnu Android Linux Users Group >>>>> chugalug@chugalug.org> > >>>>> > >>>>> > >>>>> What specific things would you expect a 102 course to cover? > >>>>>> > >>>>>> Stephen Haywood > >>>>>> Owner, ASG Consulting > >>>>>> CISSP, GSEC, OSCP > >>>>>> T: @averagesecguy > >>>>>> W: averagesecurityguy.info > >>>>>> > >>>>>> > >>>>> > >>>>> ----- End message from stephen@averagesecurityguy.**info ----- > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> R. D. Flowers, Chattanooga, TN, USA > >>>>> http://chalice.us/poe/ > >>>>> > >>>>> > >>>>>
Curl and client SSL certs
March-06, 2013 by: Stephen Haywood
From: Stephen Haywood ------------------------------------------------------ I am trying to access a web site with a client side cert using the Curl command, curl --cert test.crt --key test.key https://someweb.site. Curl returns this error message: curl: (58) unable to use client certificate (no key found or wrong pass phrase?). I have verified that the cert and key go together using openssl x509 -noout -modulus -in test.crt | openssl md5 and openssl rsa -noout -modulus -in test.key | openssl md5, which both return the same MD5 sum. I have also verified the key does not have a passphrase using openssl rsa -in test.key -out test
The return of CISPA
March-04, 2013 by: David White
From: David White ------------------------------------------------------ I opposed this last year, and am reviewing articles I can find about it, as it has returned, and am trying to determine if there's any big changes to the new legislation, and whether or not any of my own opinions have changed in the last year. http://www.computerworld.com/s/article/9237262/Return
Fwd: Security Engineer (Washington DC) Multiyear
February-15, 2013 by: Matt Keys
From: Matt Keys ------------------------------------------------------ -------- Original Message -------- Subject: Security Engineer (Washington DC) Multiyear Date: Fri, 15 Feb 2013 10:40:38 -0500 From: Harry Reinhardt To: My name is *Harry Reinhardt* and I support *Ryan Pustilnik *at *ALTA IT Services*. I came across your resume within our database at ALTA today and your skill set appears to be a good fit for a *Security Engineer *opening with one of our Teaming Partners in *Washington DC*. I have included the requirements below if you are interested please send me a Word resume and give me a call at your earliest convenience. ** Thanks, Harry Reinhardt in support of Ryan Pustilnik/ALTA IT Services *Security Engineer* *(Two Openings) * Location: Washington DC Pay Rate: up to 60-70/hr. (W2 and C2C Options both Available) Position Type: Multiyear Contract *Candidates MUST be Either EAD, Green Card Holders OR US Citizens* *NO Criminal Background * ** *Requirements * ·10 years of experience in the Information Security industry ·*MUST have BOTH Hands-on Network Security Engineering AND Policy experience* ·6 years of experience in Windows/Unix/Linux system administration and network administration ·Cryptology; Scripting (Linux, Windows) ·In depth TCP/IP, ICMP, UDP and ARP knowledge, including protocol analysis ·Experience with penetration testing, protection, detection, intrustion and web application security assessments ·Experience with malware analysis and remediation; SLA Management ·Security tools (Intrust, Foundstone, Nessus, Nmap, Core Impact, Metaspolit)** ·OS Hardening experience with Windows or Unix/Linux ·Knowledge of the following hardware/software/Operating Systems** ·Tools of our current environment (Which are subject to change at any time) include Intrust, Foundstone, Nessus, Nmap, Snort, Backtrack Linux, Linux (Red Hat), Virtualization technologies and concepts, Windows Server technologies, Active Directory, Group Policy, networking, grep, diff, vi** ·Additional experience (not mandatory, but desired) include: Core Impact, Metaspolit, fireEye, Netwitness, Bluecoat, ArchSight, splunk ·In-depth security scanning, assessments, and audits of all infrastructure, as well as monitoring and responding to security alerts (IDS, etc.) ·Perform system administration tasks hardening Windows/Linux servers and systems as well as take the lead on security projects\ ·COOP Activities: Baseline Configuration creation and management / maintenance ·Malware management and removal / analysisAntivirus software deployment / configuration / troubleshooting / management ·SOP Development, Documentation Writing, Computer Forensics, Log, Audit and Alert review, POA&M Review / remediation, Security System Management, Vulnerability Analysis / Review (Windows / Linux), Ryan Pustilnik Technical Recruiter ALTA IT Services www.altaits.com Main Phone: 301-740-2110 Cell: 410-703-9776 Fax: 301-948-4596 */Please view this email as our intention to try to help potential candidates find a job in these hard economic times. If this has reached you in error and does not apply, please delete and accept our apologies for contacting you. If you would like your email to be permanently deleted, please reply with the request. If you are interested in referring a candidate, please do, as we provide referral bonuses/*
OT: UTC IT job
February-15, 2013 by: Reed Gregory
From: Reed Gregory ------------------------------------------------------ Anyone interested feel free to ping me. Reed https://ut.taleo.net/careersection/ut
[OT] Gadget Carrier
February-12, 2013 by: Chad Smith
From: Chad Smith ------------------------------------------------------ Hello, The world of computing, as you know, is getting more and more mobile - tablets, smart phones, mobile hot spots, internet-hungry handheld game consoles and media players... I was wondering if anyone had any experience / luck shopping for a bag or carrier or something that could hold them all - and their wires, SD cards, and extra batteries... I have a laptop bag for my laptop, and I have backpack for mega-hauls, but I'm looking for an everyday carrier big enough for my 7" tablet, a smart phone, a media player, a mobile hot spot, a game system, and maybe one or two other pocket-sized devices, and the aforementioned accessories. (I even have a couple of pocketable power strips that I carry with me. So far, I have tried something called a "Gadget Bag" - which was really for a camera, and was too small for the tablet... a tolietries bag (which fit everything, and offered decent organization, but no padding, and the zipper kept mis-firing almost immediately)... and a small, somewhat padded bag that would fit a small netbook, but didn't have a lot of organization to it, and looked too much like a purse (after getting 3 comments from different people in the same week, I decided it was time to retire it). I was super disappointed by the Gadget Bag, even the name seemed right, but the size was way off. I realize it's kind of dumb carrying all those things, but I like the sense of security knowing I have a ton of ways to get online. And, that way when someone asks me "iOS or Android" I can say "Why choose? And why leave out webOS, Maemo, and whatever the heck this thing runs?" Plus, there's the Geek Cred, which was being off-set by the "He carries a Purse" cred.... *- Chad W. Smith*
Fwd: [Dc404-Chat] OT: need several Linux admins
February-11, 2013 by: Stephen Haywood
From: Stephen Haywood ------------------------------------------------------ This just came across the DC404 mailing list. Thought some of you may be interested. > -----Original Message----- > From: Michael A Nutley [mailto:jrnasst@bellsouth.net] > Sent: Monday, February 11, 2013 15:28 > To: Watson, Keith > Subject: need several Linux admin. > > We need several Linux Admin., folks that can support Linux servers and > storage products, salary range is 60k to 80k fulltime direct hire plus > benefits bonus, for a company that employs thousands of employees, > We appreciate your refers, please send inquiries, candidates, resumes to > following contact info, thanks > Michael > JRN & Associates > 770-433-8507 Dir.# > jrnasst@bellsouth.net > > >
WAY OT - Party Space
February-05, 2013 by: Stephen Haywood
From: Stephen Haywood ------------------------------------------------------ My wife wants to have a valentines party for 30 kids, and I need a place to have it. There are a lot of "party" places with gimmick to go along with them. I just need a room to decorate and that has tables and chairs. Any thoughts? -- Stephen Haywood Information Security Consultant CISSP, GSEC, OSCP T: @averagesecguy W: averagesecurityguy.info
OT Webmaster job
February-05, 2013 by: Stephen Haywood
From: Stephen Haywood ------------------------------------------------------ I have no idea what kind of servers they are running but The Pool Place is looking for a web master. I will be looking to fill a webmaster position in the next few weeks, based in Chattanooga. Does not require extensive coding experience, but familiarity with HTML and content management. Spread the word to send resumes to sales atpoolplaceonline.com. -- Stephen Haywood Information Security Consultant CISSP, GSEC, OSCP T: @averagesecguy W: averagesecurityguy.info
Fwd: [Dc404-Chat] Researchers Demo Hack Against African Micro-Finance Accounts
February-05, 2013 by: Stephen Haywood
From: Stephen Haywood ------------------------------------------------------ Mike, I thought you might be interested in this one. Researchers Demo Hack Against African Micro-Finance Accounts http://it.slashdot.org/story/13/02/04/1338243/researchers-demo-hack-against-african-micro-finance-accounts http://preview.tinyurl.com/a6ap6zx keith -- Stephen Haywood Information Security Consultant CISSP, GSEC, OSCP T: @averagesecguy W: averagesecurityguy.info
Oh this is hilariuos
January-29, 2013 by: Rod-Lists
From: Rod-Lists ------------------------------------------------------ I was trying fill an online job application when I got this error. ERROR: Object reference not set to an instance of an object.: at EmployBridge.OAE.Web.Applicant.EntryForms.GeneralInformation.CopyValuesToApplication(Application application) in C:\Projects\EmployBridge\Source Code\EmployBridge.Oae.Support\EmployBridge.OAE.DEV\EmployBridge.OAE.Web\Applicant\EntryForms\GeneralInformation.aspx.cs:line 602 at EmployBridge.OAE.Web.Applicant.EntryForms.GeneralInformation.Save() in C:\Projects\EmployBridge\Source Code\EmployBridge.Oae.Support\EmployBridge.OAE.DEV\EmployBridge.OAE.Web\Applicant\EntryForms\GeneralInformation.aspx.cs:line 357 at EmployBridge.OAE.Web.Applicant.EntryForms.GeneralInformation.ButtonNextClick