Sunday, January 5, 2014

Moving Autosnort Blog

Greetings Autosnort Users,

It's been some time since I've posted here. I haven't been idle this whole time however, I've been focusing on other things.

Last fall I came across a guide on Ars Technica on how to build your own secure webserver with NGINX. Curious, I decided to read it. I was never one for being a "web admin" or "webmaster", since I've never been in those roles in my life, I decided I would live up to my reputation and learn how set up a webserver on NGINX along with several web applications.

Sure I have some experience with Apache and setting up/configuring web interfaces for snort, but NGINX was an entirely different beast to me. So I decided to dive in. Only I decided to modify the Ars Technica guide ever so slightly. They decided to use Ubuntu server for their guide, and that's fine, but I'm an individual that likes a good amount of challenge to my projects. I decided that following the exact same cookie cutter recipe wasn't what I wanted to do, so I settled on CentOS. In spite of RHEL-based operating systems being the preference in the corporate world of Linux, no one really has any guides for doing a damn thing in RHEL-based operating systems. I decided that wasn't fair or cool and dove in.

For the most part, it was pretty smooth sailing, but there were a couple of rough spots I had to be aware of and resolve myself, SELinux and how it wants the system to interact with UNIX domain sockets was one such example.

So, why was I spending time on all this? I'm moving away from blogspot and want to host things internally. So, I'm proud to introduce BlindSeeker, My new self-hosted website. The URL will read:

haxthruhere.dyndns-server.com

I'm using dynamicdns for DNS, since I have a dynamic IP, and while I could have chosen a better dyndns hostname, I think it fits, so it stays for now.

My site hosts 4 services:

A wordpress blog that I will be using to post product updates, etc. This will be acting as the new Autosnort blog. Update your bookmarks, and watch for news here.

A forum that can be used for discussing whatever you'd like, including questions related to Autosnort, etc.

A wiki that I'll be updating this heavily as I go along. I plan on releasing all core Autosnort guidance and documentation on this wiki, along with screenshots, etc. I'll also be hosting my guide on how I built BlindSeeker on CentOS here eventually and perhaps even more things down the line.

An etherpad instance -- Etherpad is essentially a multi-user instance of notepad with some chat capabilities built in, etc. It's very nice for collaboration/troubleshooting. Think of it as a no-hassle version of google docs. That can be used for collab.

Just to re-iterate the above, BlindSeeker, the server in my basement will be acting as the replacement for the Autosnort blog. I feel that I need to manage my own web applications and be responsible for securing my own stuff to grow as a security professional.

Things to be aware of:
1) The certificate for the site IS self-signed. Sorry, I don't believe in giving free money to CAs, not when they can be infiltrated and have wildcard certificates generated before anyone notices and investigates.

The certificate is issued by Triptych Security Inc for BlindSeeker.com (which doesn't match my dyndns hostname... I know, I know...) just so you know what to look for, If you are the (rightly so) paraniod type who needs to verify the details of the certificate, before you blindly accept self-signed certs. I may fix the details of the cert eventually, but it will always be self-signed.

2) Registration for the forums and to be a contributor on the wiki are both a manual process right now. You'll have to register for the forum or wiki (whichever you are interested in) and send me an e-mail with the username you registered in order for me to give you rights to do anything. Sorry, but that's just the way it is. It's more secure, prevents spam, and aside from initial access overhead is more tenable security-wise.

Also e-mail is required to register on the forums, but since I don't have a mail-relay set up, you won't get e-mail from my forums for anything. Same goes for registering to the wiki -- don't bother with your e-mail address there. I may fix this at some point, but not right now :\

3) I've established a Regular maintenance schedule. Saturday at 3:30am the system has updates applied and is rebooted. Sunday at 3am, all current etherpads are wiped from the server to maintain your privacy, and limit my liability for things copied to them. If you have anything important you want to preserve on your Etherpad instance(s) Save it before the Sunday weekly wipe.

Join me and become a BlindSeeker today.

Cheers,

DA_667