After some research I found that I had to find and install the right drivers.  According to the VMware Compatibility Guide the “igb version 2.1.10.2″ driver would work with these card.  It would be cool if VMware provided a link directly to the download, but instead I had to go to the driver download page and find the right driver.  I searched the page for 2.1.10.2 and found the drivers for Intel 82576 and 82580 NOTE: It appears there is an even new driver 2.4.10.

After downloading the ISO, I burnt it to a CD and left it in my computer (you can also mount the ISO if you have the correct software).  The VMGuru blog gave some good instructions on installing the drivers from the command line:

• Download and install vSphere CLI on your workstation
• Connect to the VMware host and put the host into maintenance mode
• Using the CLI, install the drivers off the CD with the following command:

vihostupdate.pl -–server [IP address] –-username root –-install –-bundle [CD/DVD]:\offline-bundle\DRIVER-NAME.zip

• Reboot the host and you should all the NIC’s

Many thanks to both VMGuru.nl and Bauer-Power.net for aiding me in getting the drivers installed.

If your situation is similar to mine, you have many remote users with mobile phones.  There are times when they need to replace the phone while traveling or something else happens that requires resetting up the phone to connect to your mail server.  We require our self-signed certificate to be installed on the phone, coupled with needing to know all the settings it can be frustrating to help setup a phone, over a phone.

To create a provisioning file, open up your favorite text editor, I like NotePad++.  I started the document out with providing information to provision the certificate:

<wap-provisioningdoc>

<characteristic type="CertificateStore">

<characteristic type="ROOT">

<characteristic type="<certhash>">

<parm name="EncodedCertificate" value="<base64encodedcert>"/>

</characteristic>

</characteristic>

</characteristic>

</wap-provisioningdoc>

There are a few steps that need to be performed in order to get the certificate into the right form:

1. In Windows, open the root certificate
2. Choose the Details tab
3. Find Thumbprint in the Field column and select the text in the box
4. Replace <certhash> with the copied thumbprint in the .xml document, delete the white spaces
5. Close the certificate dialog boxes and open the certificate in a text editor.
6. Remove the BEGIN CERTIFICATE and END CERTIFICATE lines as well as the line breaks so it is one big string
7. Copy the text and replace the <base64encodedcert> with the text.

Next is to setup the Exchange server settings.  You will add the following above the </wap-provisioningdoc> but after the last </characteristic> from the certificate settings.

<characteristic type="Sync">

<characteristic type="Connection">

<parm name="Domain" value="<domain goes here>"/>

<parm name="Password" value="1234"/>

<parm name="SavePassword" value="1"/>

<parm name="Server" value="<mail server goes here>"/>

<parm name="User" value="USERNAME"/>

<parm name="URI" value="Microsoft-Server-ActiveSync"/>

</characteristic>

<characteristic type="Mail">

<parm name="Enabled" value="1"/>

</characteristic>

<characteristic type="Calendar">

<parm name="Enabled" value="1"/>

</characteristic>

<characteristic type="Contacts">

<parm name="Enabled" value="1"/>

</characteristic>

</characteristic>

You can simply fill in the blanks at this point.  I found that Password and User are required but you can put bogus info in there.  When the user installs the file, it will ask for their name and password, so don’t worry about that right now.  When all is said and done you should have a file similar to this (with your own values of course):

<wap-provisioningdoc>

<characteristic type="CertificateStore">

<characteristic type="ROOT">

<characteristic type="<certhash>">

<parm name="EncodedCertificate" value="<base64encodedcert>"/>

</characteristic>

</characteristic>

</characteristic>

<characteristic type="Sync">

<characteristic type="Connection">

<parm name="Domain" value="<domain goes here>"/>

<parm name="Password" value="1234"/>

<parm name="SavePassword" value="1"/>

<parm name="Server" value="<mail server goes here>"/>

<parm name="User" value="USERNAME"/>

<parm name="URI" value="Microsoft-Server-ActiveSync"/>

</characteristic>

<characteristic type="Mail">

<parm name="Enabled" value="1"/>

</characteristic>

<characteristic type="Calendar">

<parm name="Enabled" value="1"/>

</characteristic>

<characteristic type="Contacts">

<parm name="Enabled" value="1"/>

</characteristic>

</characteristic>

</wap-provisioningdoc>

Save the file as “_setup.xml” and your one step away from being able to deploy all of this!  The last step is to turn _setup.xml into a .cab file that can be installed on phones.  Open a command prompt and cd to the location of the _setup.xml file.  Type the following command to create a .cab file name mail.cab (name it whatever you want):

makecab /D COMPRESS=OFF _setup.xml mail.cab

The choice is yours as to how you want to deploy it.  You can put a link to it on a website, sync it with activesync and install it, etc.

When the user installs the .cab file they will be warned that the file is not signed, which is ok for the purposes of this document.  After the installation and the user click’s “OK” to close the window, ActiveSync should open on the phone prompting them for their name and password.  All the other settings are prepopulated including the certificate.

Keep in mind, there is a lot you can do with these provisioning files.  Lots of information is available on the web, Microsoft maintains a list of references that can be used in one of these files at http://msdn.microsoft.com/en-us/library/bb737536.aspx and also provides a strong overview of provisioning at http://msdn.microsoft.com/en-us/library/bb737289.aspx

First things first, you need to download Apple’s “iPhone Configuration Utility”.  The latest version for Mac or Windows can be found at http://www.apple.com/support/iphone/enterprise/.  I guess if you’re a real man you can just create the file by hand, but their application makes it pretty easy.

Once the utility is downloaded and installed creating your config is fairly intuitive and uses a wizard like approach allowing you to configure any of the supported categories.  For the sake of this post, setting up a config for Exchange only requires configuring three sections.

Open the iPhone Configuration Utility and select “Configuration Profiles” from the list on the left
Click the “New” button to create a new configuration profile.

After creating a new profile, the right side of the window should populate with all the categories that are configurable.  We’ll start with the “General” section as it’s mandatory.  Selecting the “General” category gives five options, of which only two are required; Name and Identifier.

• Name: You can name the profile whatever you want,
• Identifier: The important part is using a proper identifier and it needs to be in the format of com.company.profile

Next we’ll move down to the category titled “Exchange ActiveSync”.  Click the configure button to reveal all the options.

• Account Name: Provide a name for the account, this name is what will show up in the mailboxes list, so make it meaningful.
• Exchange ActiveSync Host: You’ll want to enter the url to your OWA server
• Domain: Enter your domain name
• User, Email Address and Password can all be left blank.  By leaving them blank this will allow the phone to prompt the user for their name and password
• The rest of the configuration options are optional, I just leave them as default, unless of course your business has different requirements

The last category that you may need to configure is “Credentials”.  This allows you to inject your company’s certificate in the profile.  This is useful should you use a self signed certificate.

• Simply choose Credentials, click Configure and select the certificate you would like to include.

Once you’ve completed the steps and the configurations you’d like to change, highlight the profile and click the Export button.  This will write out the configuration to a .mobileconfig file.  You can choose to sign the file if you like, the choice is yours.

Now that you have your .mobileconfig file, it is time to deploy it to your users.  The choice is your as to how you want to deploy it, whether you send it to a personal email address already setup on their device, you can email it to them where they can use iTunes to sync/install the profile, or you can post it on a web page where the user can visit the page and install the profile on their phone.

If you choose to deploy the file via a web page, you will need to add a new MIME type.

IIS: create a MIME type with extension as mobileconfig and application/x-apple-aspen-config
Apache:

<IfModule mod_mime.c>
	AddType application/x-apple-aspen-config .mobileconfig
</IfModule>

In the end, you’ve created an easily deployable configuration file for iOS devices.  It can save a lot of time and let users easily setup their devices from a remote location without much of any help from you.

There is a lot more info in Apple’s Enterprise Deployment Guide that is worth the read.

modifysid sid or rule “(.*msg:\s*”.+?)”(\s*;.+;)” | “${1}, DROPPED”${2}”

Now that Windows XP mode is up and running and documents were transferred, I decided it was time for XP to go, cutting the cord.  Unfortunately it’s not as easy as just removing the hard drive and calling it good, though the process isn’t all that hard. NOTE: Do at your own risk; I’m not responsible for damage.

1. Start the machine in Windows XP
2. Show hidden files and folders if they aren’t already and copy the “boot” folder and the bootmgr file to the Win7 drive.
3. Shut the machine down, remove the XP drive and boot off the Win7 DVD
4. Enter the System Recovery mode after the machine boots and click “Next” to enter the Recovery Toolbox
5. Click “Command Prompt” and type:

   "bootrec /fixmbr"

   "bootrec /fixboot"

6. Reboot into Windows 7 and open a command prompt. Run the following command to remove the other second boot option:

   "BCDEdit /delete {ntldr} /f"

More information if you installed on a second partition can be found at: http://blogs.techrepublic.com.com/window-on-windows/?p=1751&tag=leftCol;post-1306

Today I was browsing the Snort manual and found two short paragraph’s relating to the “–enable-reload” option.  Wha?  Why didn’t I find this earlier?  After a quick recompile with the “–enable-reload” command.  What a life saver this will be when we go live!

After using that option, you can simply issue a “kill -SIGHUP pid” to have it reload without restarting!

Check out the pg 107 of the Snort manual though, as some changes require a restart, so your not going to get off completely scott free.

Since I had an Ubuntu server disc, an Acer desktop with a Pentium D, 1GB of RAM an 3 nics (1 onboard and 2 100mb 3com’s) I thought I’d give it a go.  After a clean basic install of ubuntu 9.04 server, I ran the following to get it up to 9.10:

sudo apt-get install update-manager-core
sudo do-release-upgrade

The next step was installing all the dependencies:

sudo -i
apt-get -y install build-essential libpcap0.8-dev libmysqlclient15-dev /
mysql-client-5.0 mysql-server-5.0 bison flex apache2 libapache2-mod-php5 /
php5-gd php5-mysql libphp-adodb php-pear libc6-dev g++ gcc pcregrep /
libpcre3-dev iptables-dev bridge-utils

Next it was time to download and compile Snort and the rules:

cd /usr/src
wget http://dl.snort.org/snort-current/snort-2.8.5.2.tar.gz
tar zxvf snort-2.8.5.2.tar.gz
wget http://dl.snort.org/reg-rules/snortrules-snapshot-CURRENT.tar.gz
wget http://www.emergingthreats.net/rules/emerging.rules.tar.gz
cd snort-2.8.5.2
tar zxvf ../snortrules*
tar zxvf ../emerging*

./configure -enable-dynamicplugin --with-mysql --enabled-inline

make

make install

It should compile and make without any problems, if it does check out http://openmaniak.com/inline_pre.php for a good list of requirements.

It’s now time to get mysql ready:

mysql -u root -p

mysql> create database databasename;

mysql> grant all privileges on databasename.* to 'username'@'localhost' identified by 'password';

mysql> exit

Import the schema:

mysql -D databasename -u username -p < /usr/src/snort-2.8.5.2/schemas/create_mysql

Setup Snort:

cd /usr/src/snort-2.8.5.2

mkdir -p /etc/snort/rules /var/log/snort

cp etc/* /etc/snort/

cp rules/* /etc/snort/rules

Next up, editing the /etc/snort/snort.conf file:

1. Find var HOME_NET any and edit it to match your network(s) (var HOME_NET 192.168.0.0/16)
2. Find var EXTERNAL_NET any and change it to var EXTERNAL_NET !$HOME_NET
3. Find var RULE_PATH ../rules to var RULE_PATH /etc/snort/rules
4. I also added include $RULE_PATH/emerging.conf to read the emerging.conf rules file
5. Last, find the # output database: log, mysql, … and uncomment the line and change it to match your setup

Installing BASE:

First I upgraded and installed the required Pear modules:

pear upgrade-all

pear install Image_Color Image_Canvas-alpha Image_Graph-alpha

pear install Mail Mail_mime

Edit your /etc/php5/apache2/php.ini file and add under Dynamic Extensions:

extension=mysql.so

extension=gd.so

Restart Apache2:

/etc/init.d/apache2 restart

Download and setup BASE:

cd

wget http://sourceforge.net/projects/secureideas/files/BASE/base-1.4.4/base-1.4.4.tar.gz/download

cd /var/www

tar zxvf ~/base-1.4.4.tar.gz

mv base-1.4.4 base

cd base

cp -R /usr/src/snort-2.8.5.2/doc/signatures .

cd ..

chown -R www-data.www-data base

Go ahead and visit your site at http://yoursite/base and click continue:

• Step 1: enter /usr/share/php/adodb
• Step 2:  Database type = mysql; Database name = database name; Database host = localhost; Database username = username; Database Password = password
• Step 3: enter the name and password you’d like to use
• Step 4: click the Create BASE AG button
• Step 5: click Continue to go to the login screen

Bridging the Interfaces:

Load the bridge module:

modprobe bridge

Edit /etc/network/interfaces

# The loopback network interface

auto lo

iface lo inet loopback


# The primary network interface


auto eth2

iface eth2 inet static

        address 10.x.x.x

        netmask 255.x.x.x

        network 10.x.x.x

        broadcast 10.x.x.x

        gateway 10.x.x.x

        # dns-* options are implemented by the resolvconf package, if installed

        dns-nameservers 10.x.x.x

        dns-search searchbase


# The Bridge


auto br0

iface br0 inet manual

bridge_ports eth0 eth1

# Time to wait before loading bridge

bridge_maxwait 0

/etc/init.d/networking restart

Then setup the box to load the bridge kernel at startup:

crontab -e

@reboot root lsmod | grep bridge > /dev/null || /sbin/modprobe bridge;

The following is a startup script from http://openmaniak.com/inline_final.php that I used and modified for my setup.  I saved it in /etc/init.d/snortd:

#!/bin/bash

#

# snort_inline

start(){

# Start daemons.

echo "Starting ip_queue module:"

lsmod | grep ip_queue >/dev/null || /sbin/modprobe ip_queue;

#

echo "Starting iptables rules:"

# iptables traffic sent to the QUEUE:

# accept internal localhost connections

iptables -A INPUT -i lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

iptables -A OUTPUT -o lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

# send all the incoming, outgoing and forwarding traffic to the QUEUE

iptables -A INPUT -j QUEUE

iptables -A FORWARD -j QUEUE

iptables -A OUTPUT -j QUEUE

# Start Snort_inline

echo "Starting snort_inline: "

/usr/local/bin/snort_inline -c /etc/snort_inline/snort_inline.conf -Q -D -v \

-l /var/log/snort_inline

# -Q -> process the queued traffic

# -D -> run as a daemon

# -v -> verbose

# -l -> log path

# -c -> config path

}

stop() {

# Stop daemons.

# Stop Snort_Inline

# echo "Shutting down snort_inline: "

killall snort_inline

# Remove all the iptables rules and

# set the default Netfilter policies to accept

echo "Removing iptables rules:"

iptables -F

# -F -> flush iptables

iptables -P INPUT ACCEPT

iptables -P OUTPUT ACCEPT

iptables -P FORWARD ACCEPT

# -P -> default policy

}

restart(){

stop

start

}

case "$1" in

start)

start

;;

stop)

stop

;;

restart)

restart

;;

*)

echo $"Usage: $0 {start|stop|restart|}"

exit 1

esac

You can start snort with :

/etc/init.d/snortd start

And configure the server to run the snortd script at boot:

update-rc.d snortd defaults 95

And there we have it, what should be a functional Snort box compiled with inline support!  Wrapping my head around this has been a chore, I’m pleased that it’s at least running!  I haven’t put it in the middle of everything yet, so far I’ve just put it between my system and the network to play with rules.  One downside I found deals with restarting the snort process to load new rules; doing so will interrupt traffic until snort starts up again which can be around a minute or so.

Thanks everyone.

Going into this, I had NO experience with developing anything for the iPhone or Mac OS for that matter.  Sure I’d written some scripts, and about 7 years ago I wrote an app to import users into Active Directory, but I was a clean slate and ready to learn.  Initially, and some may remember, the app started out working like the Weather app, super simple, but it got the job done.  I gleaned a lot off forums, friends, and screw-ups to get it working and it did!  Apple even published the darn thing for me.  After some requests and a complete redesign by Brisk Studios, a much improved version 2 was out with almost 30 states and 300+ rivers, entomology photos and a great new interface.  Entomology photo’s were slow coming, but Lucas Carroll (http://www.flickr.com/photos/luke_c_photography/) was kind to provide some of his amazing photography and with the help of Jason Neuswanger (http://www.troutnut.com) a huge portion of the photography was hammered out.

With the new version I also tried to push the app to a lot of blogs and a few magazines looking for reviews and was very pleased with what came out (I have a pretty good list here).  Most recently American Angler even wrote a quick blurb about it in their Jan/Feb 2010 issue!

In all, it’s been a fun and extremely time consuming process.  There are currently over 46k rows of data in one of the SQLite tables that were hand entered.  The process has been rewarding in the fact that it’s something that I’ve created, but equally as frustrating.  One of the downsides to the app store is the commenting/review system, though it’s inherit in any retail scenario.  Anyone who’s going to take the time to comment, will most likely be a complainer.

Most recently, “Andyfisher” left a comment stating:

The data on my favorite river is plainly incorrect and the number of rivers it covers is too limited!  This app still needs a lot of work because it’s substandard.  Don’t buy it before it’s radically updated!

Wow, Andyfisher, please let me know which river(s) needs more work and I’ll see what else I can find.

A man named Robert emailed me:

Your site is a joke, at least this time of year.  The same 4 flies
cannot be appropriate for every river in the US

One of the hard things about creating an app like this is you have to generalize some information.  I fully understand that a stonefly pattern that kills in Montana may not work as well on the Deschutes; but in no way is this app meant to replace a good old local fly shop.  In fact, I would encourage users to visit fly shops for indepth knowledge of the local regions!

On that note, the latest version that I’ve submitted for approval is coming with photo’s of patterns by Montana Fly Company.  They have a great list of fly shops that sell their product and maybe in a future version I’ll figure out a way to provide a list of shop for states.

This whole process has really made me sit back and take criticism lightly and understand that I can’t please everyone.  Sure I’d love to have exact information for every river, stream, lake, and body of water in the US, but then I know I’d get bashed for giving away ‘secrets’.

I’ve got in touch with some great folks like Lucas Carroll as mentioned above, Cameron Mortenson and the folks behind http://www.fishykid.org/, David Gross at http://www.flyfishingsherpa.com, the great guys at Korkers, http://paflyfish.com/, http://eastcoastangler.blogspot.com/, and http://www.midcurrent.com.  I’m sure I’ve missed someone, but thanks everyone for the support and helping spread the word.

Should I have the chance to do it over or anyone thinking of creating an app I’d do the following:

• Wait to release a more complete app rather than slowly adding rivers as time permits
• Realize that it can’t be created for free
• Realize it is rewarding, but don’t count on it to be a gold mine