Always run named-checkconf -z after making changes to your Bind configuration. And of course you should read the output and fix errors.
For lazy people like me make is pretty useful:
root@dns:/etc/bind# cat Makefile
all:
named-checkconf -z
rndc reload
Just type make and your configuration gets checked and if everything is in order Bind is reloaded.
I’ll be giving a three hour Wireshark tutorial and a 1hour presentation about check_mk (and some other Icinga / Nagios related tools) at this years FrOSCon on August 25th and 26th. Both are in German. The tutorial is at a beginner level and hands on. So bring your own notebook. I’ll also explain some other network troubleshooting techniques.
Cloudshark is another nice tool if you want other people to take a look at your captures. Don’t use it for anything with security relevant data, passwords, …
They also sell an appliance so you can use this service in your enterprise (I’d realy like to test that).
List the hosts, and corresponding network addresses, from which a page and its resources are loaded.
Most of my work is done on the command line. My mail (Gnus) , IRC (irssi) and jabber client (irssi + bitlebee) are all running inside a screen session. I now added
icli to another screen window to keep track of my monitoring
Just calling icli will list all checks, I usualy just filter for service that are either warning or critical (or not okay) using the option -z \!o.
root@mon:~# icli -z \!o
file.example.com
APT-Status WARNING APT WARNING: 13 packages available for upgrade (0 critical updates).
web.example.net
SSH CRITICAL Server answer:
dev.example.com
APT-Status WARNING APT WARNING: 31 packages available for upgrade (0 critical updates).
web1.example.net
HTTP WARNING HTTP WARNING: HTTP/1.0 404 Not Found - 869 bytes in 0.123 second response time
blog.example.net
WordPress example.net CRITICAL Your core is out of date! 3.4 -> 3.4.1
Keeping track of changes made in /etc can be very hard. Recently I decided to give etckeeper a try an so far I like it very much. ectkeeper hooks into apt and whenever an update make any changes those are checked into git. You can also commit changes you’ve done manually to any file in /etc. Besides file content, etckeeper also tracks file permissions and ownership.
To see what has changed since the the last commit just type git status
root@mon:/etc# git status
# On branch master
# Changed but not updated:
# (use "git add
# (use "git checkout --
#
# modified: check_mk/main.mk
# modified: icinga/icinga.cfg
# modified: icinga/objects/check_mk/check_mk_objects.cfg
#
no changes added to commit (use "git add" and/or "git commit -a")
You can than commit with etckeeper commit and use git status to see what has changed.
I’m using Emacs and Gnus since 1999. Over the time I accumulated about 10GB of Mail. Emacs is running in a screen session on my host server which can be accessed by ssh. Finding Mail is sometimes a problem, especaily when I don’t remember which folder I moved that mail to.
Mairix is a nice tool which allows to index large amounts of mail and search them afterwards.
If you are lazy (just like me) and don’t want to do your IP subnetting by hand checkout sipcalc.
Sipcalc can work both with vintage IP and IPv6.
As you might know IPv6 uses it’s own Ethernet type 0x86dd. You can use this easily capture only IPv6 traffic with wireshark just uses eth.type == 0x86dd as filter.
If you are using Snort as IDS you might want to take a look at pulledpork for updating an managing rules.
