Wednesday, June 25, 2008

PyFlag Installation on Fedora 8

So I finally decided to be brave and install PyFlag.

First you have to get the source code (more info on wiki or compile tutorial):


# yum install darcs
$ darcs get http://www.pyflag.net/pyflag



After this, you will have a folder called pyflag. If you look at the install instructions from the PyFlag site, you can see that there are several packages that must be installed before installing PyFlag. Most of these can be found in yum repos, but under different names (items in parenthesis are the debian package names):

python-dateutil
clamav
clamav-server (clamav-daemon)
mysql
mysql-devel
mysql-server
file-devel (libmagic-dev)
pexpect (python-pexpect)
python-imaging
python-mysqldb (manual install)


# yum install python-dateutil clamav clamav-server mysql mysql-devel mysql-server file-devel pexpect python-imaging



After installing all of these packages, you must initialize mysql:


# /sbin/chkconfig mysqld on
# /sbin/service mysqld start
# mysqladmin -u root password 'new-passwd'



You must use quotes around the new-passwd you choose, and don't forget what it is!

You must also setup clamav-server so it will work. Make sure you know where everything is installed, because things get funky with clamav and Fedora:


# rpm -q --filesbypkg [packagename]



Where [packagename] is replaced by the package(s) you installed. I went ahead and installed all of clamav packages just to be safe. Two files of interest are the daemon file itself and the configuration file. My locations are:


/usr/sbin/clamd
/usr/share/doc/clamav-server-0.92.1/clamd.conf



This is annoying, because when you run the clamd daemon, it says it can't find the clamd.conf file in the appropriate place: /etc/clamd.conf So you can add a symbolic link to the real location:


ln -s /usr/share/doc/clamav-server-0.92.1/clamd.conf /etc/clamd.conf



You'll have to figure out how to set up your own clamd.conf file.

Ok, at this point you are able to install PyFlag:


$ cd pyflag
$ sh autogen.sh
$ ./configure
$ make
$ su -
# make install



Make sure that you have no errors when running configure, make and make install. Now, before running PyFlag, you must set up the configuration file to point to the mysql.sock file. Fedora places the mysql.sock file in a different location than the default (/var/run/mysqld/mysqld.sock). So open up the configuration file using your favorite editor:


$ vi ~/.pyflagrc



Change the line that says:


dbunixsocket=/var/run/mysqld/mysqld.sock

to


dbunixsocket=/var/lib/mysql/mysql.sock


Notice that ``run'' is changed to ``lib'' and the `d' is absent from the end of mysql. You are now set.

Also make sure that PyFlag points to the clamav socket (for example):


clamav_socket=/var/run/clamd.d/clamd.sock



If everything goes well, you can then set up PyFlag:


$ pyflag



Follow the instructions on the website for setting up pyflag by going to http://127.0.0.1:8000.

There was only one other thing I changed. Since I already have a service listening on port 8000, I changed the port in the configuration file:


httpserver_port=7000



I'll have a post later after I've played around with this for a while...

Tuesday, June 24, 2008

Gateway GM5420 Desktop: Vista to XP

I should have written this back when I converted the machine and it was still fresh. I'll write it up as best I remember now, however.

So back in November I bought a Gateway GM5420 Desktop . It came with Vista, which I was more than willing to try. It remained a Vista machine, but was barely used until May. DH hated Vista and refused to adapt. I wasn't really all that pleased either. The only thing I really liked about the machine was the ATI Video card, but even then, we don't watch that much TV to keep it around just for that... So we decided to make the machine a dual boot for Vista and XP.

There was one big problem: XP doesn't support SATA drives by default. After searching the Gateway website, it became clear that I wasn't going to find SATA drivers for XP. There were barely any drivers for XP at all. So after some investigation, I found the motherboard information:

Love Valley and Stoughton Motherboard Intel(r) MQ96510J



After some searching around on Intel's site, I found the appropriate drivers. I downloaded the Matrix Storage drivers, which resulted in the following executable:

iata82_enu.exe **

Now, I wanted to Slipstream my installation, so I had to extract the drivers from the executable:

mkdir drivers
iata82_enu.exe -a -p C:\drivers



At first I tried to Slipstream the image using the first tutorial, but things didn't work out for me as expected. I then found out about nLite, which is a nice tool that allows you to add drivers, updates and create a bootable ISO. There's information about it here and here.

So everything worked and XP was installed. I had another problem, the network drivers where not included. This was the easy part, however. The drivers for Intel Pro Network Connections Driver 11.2 are available online.

I still had Vista on the other side, however and needed to make it dual boot. This was no problem, there's a nice tutorial online that can be followed. I just used EasyBCD as mentioned in the article and comments and it worked.

** Note: When I did this, actually the only download available was a Floppy drive file. I then had to use Virtual Floppy Drive 2.1 to extract the drivers

Tuesday, June 17, 2008

Memory Acquisition Just Got Easier

This is for those who asked me to keep this material up, for your further studies :-)

As you may remember, the traditional dd.exe method does not work on Windows 2003 sp 1 and above. Two opensource tools have been released that get past this:

Memory DD
Win32dd

For more details check out Volatility's blog.

Monday, June 16, 2008

Introduction

So I've been keeping various blogs for classes and projects. Now I've decided to keep up with my own blog, so I'm starting over again. It's gonna be slow here in the next few days, since I'm on vacation, but it should pick up.