Benjamin Smee

well its been quite some time since I last blogged, so my apologies to anyone who was relying on this as a way of keeping track of what I was up to (or not as the case may be).

First of the bat is Linux World expo in London. I was there both days and had a chance to meet with a few of the other devs which was the definite highlight of the show for me. All in all I was very dissapointed with the show as I felt there was a little too many exhibitors and not enough things to exhibit, certainly the show seemed to be lacking anything amazing or new, about the only thing that was at all interesting for me was the new java desktop from Sun, looking glass, which while pretty eye candy didn't seem that useful, but maybe thats just me being a cynic. Meeting some of our users was great and not at all what I expected. I was expecting a large amount of angst ridden, black wearing ricers to turn up but in actuality I didn't see one for the entire show, quite the opposite we got a lot of older people that were obviously IT professionals. Gentoo's community remains one of its strongest points in my opinion.

On to more technical things. I have just finished writing all the things to get sguil into portage. I can't emphasize how useful and powerful sguil is to anyone who has had to use an IDS before, I fully recommend you check it out and while your doing that you can test my ebuilds :) To do that go here and grab the entire net-analyzer overlay. Once you have emerged all the packages (note that there is important information in the einfo in most of the ebuilds so if you emerge them all in one go you might want to record the output) you should be able to do the following to get it all up and working:
* create the sguil database as per the instructions and using the script provided.
* put the relevant db information into the relevant configuration files, basically /etc/snort/barnyard.conf and /etc/sguil/sguild.conf.
* you should also probably setup snort to log to a db while you are doing this but its by no means compulsory.
* create yourself a sguild user with the following command sguild -c /etc/sguil/sguild.conf -u /etc/sguil/sguild.users USERNAME
* start snort, sancp, barnyard, sguild, sensor-agent, log_packets in that order (the order isn't really that important but doing it like that will save you having to wait for processes that might have been started before a dependant one had been started and it could get the required information from it). Check /var/log/messages while you are doing this to make sure that there are no obvious errors.
* at this point you can run sguil.tk and login using the account you created.

Thats all there should be to it! I am looking to put this into portage very soon (read less then a day) unless some major bugs turn up. I will be writing this all up fully shortly so expect a link in my next blog but if you need any help with this until then find me on #gentoo-netmon.

Aside from netmon stuff, i've been doing some work on cryptsetup{-luks} and its scripts but I won't go into any detail until I have something that I can show people.

Finally kolab :) I promised I would be working on this and well, i've been slacking. I greatly appreciate people like Gunnar Wrobel who have been doing a lot of work to get kolab ebuilds functional and have been contacting me for help. That all said there has not been much that I could do right now to get kolab into portage as they are still changing a lot of things around, including the build process and the packaging. That combined with changing patchsets to other components has meant that it is not a stable candidate for inclusion so until that all changes it unlikely we can get ebuilds for all of kolab. Still I promise to put more time and effort into this and my other netmail responsibilities very soon, though my work (for cash) is crippling my spare time right now.