This morning we (the crew) pushed off for a trip to scatter some ashes along the north shore of Molokai on the Waipoul. The area was one of grandpa’s favorite places to go and one that I have had the privilege to share with him.
His boat, a 46 foot sampan he designed and built 30 years ago now carries some of his ashes in the anchor post on the bow, now adorned with a lei for the duration of the trip. Thank you grandpa for the memories and the amazing legacy you built and left for us to enjoy.

Unless I’m just not seeing it, there isn’t a way to differentiate alerts from drops with BASE for snort.  They all appear the same, and unless you know the the sid or the .rules file, all the information looks the same.  To help alleviate this, and give users the abillity to see rules that are dropping packets at a glance, I decided to task Oinkmaster.pl with this job.  Adding the phrase “DROPPED” to the end of the “msg:” section of the signature will make it appear that way in BASE and Aanval can now send an email whenever one of these rules are kicked off.
To do so simply add the following to your oinkmaster.conf file:

modifysid sid or rule “(.*msg:\s*”.+?)”(\s*;.+;)” | “${1}, DROPPED”${2}”

I’ve made the switch to Windows 7 on one of my machines.  It’s time to wrap my head around this new beast.  I installed Win7 x64 on a second hard drive and was dual booting the system for some of the tools I needed.

Now that Windows XP mode is up and running and documents were transferred, I decided it was time for XP to go, cutting the cord.  Unfortunately it’s not as easy as just removing the hard drive and calling it good, though the process isn’t all that hard. NOTE: Do at your own risk; I’m not responsible for damage.

1. Start the machine in Windows XP
2. Show hidden files and folders if they aren’t already and copy the “boot” folder and the bootmgr file to the Win7 drive.
3. Shut the machine down, remove the XP drive and boot off the Win7 DVD
4. Enter the System Recovery mode after the machine boots and click “Next” to enter the Recovery Toolbox
5. Click “Command Prompt” and type:

   "bootrec /fixmbr"

   "bootrec /fixboot"

6. Reboot into Windows 7 and open a command prompt. Run the following command to remove the other second boot option:

   "BCDEdit /delete {ntldr} /f"

More information if you installed on a second partition can be found at: http://blogs.techrepublic.com.com/window-on-windows/?p=1751&tag=leftCol;post-1306

One of my biggest peeves about Snort and running it inline is having to restart the Snort process to load new rules.  This had me worried with putting snort into production as it would make it awfully hard to tweak it while live.

Today I was browsing the Snort manual and found two short paragraph’s relating to the “–enable-reload” option.  Wha?  Why didn’t I find this earlier?  After a quick recompile with the “–enable-reload” command.  What a life saver this will be when we go live!

After using that option, you can simply issue a “kill -SIGHUP pid” to have it reload without restarting!

Check out the pg 107 of the Snort manual though, as some changes require a restart, so your not going to get off completely scott free.

According to an article on ESPN.com, the NCAA is looking to propose “a ban of all words, logos, numbers, or other symbols on players’ eye black beginning next season.”  You might be thinking, “big whoop”, in fact I was thinking the same thing, until I started reading further down the middle of the second paragraph.  The writer states, “For instance, after Tebow scrawled “John 3:16” on his eye black for the 2009 BCS Championship Game, 94 million people Googled that exact Bible verse.”

94 million? Are you kidding me?  I can’t believe that there are 94 million people tuning into the BCS Championship Game who needed to search Google for that verse.

Speaks pretty directly to the state of the Church in the US right now.

Boy, when I started down the process of trying to get an IPS system setup, I had no idea what I was getting myself into.  I’m not much of a security guy or a linux guy, but I thought I’d give it a go.  I followed many different guides that all worked great for me, and thank you to those who put the following guides together: http://ubuntuforums.org/showthread.php?t=919472,  http://www.openmaniak.com/inline.php,  http://forum.learnit.vn/showthread.php?p=7007

Since I had an Ubuntu server disc, an Acer desktop with a Pentium D, 1GB of RAM an 3 nics (1 onboard and 2 100mb 3com’s) I thought I’d give it a go.  After a clean basic install of ubuntu 9.04 server, I ran the following to get it up to 9.10:

sudo apt-get install update-manager-core
sudo do-release-upgrade

The next step was installing all the dependencies:

sudo -i
apt-get -y install build-essential libpcap0.8-dev libmysqlclient15-dev /
mysql-client-5.0 mysql-server-5.0 bison flex apache2 libapache2-mod-php5 /
php5-gd php5-mysql libphp-adodb php-pear libc6-dev g++ gcc pcregrep /
libpcre3-dev iptables-dev bridge-utils

Next it was time to download and compile Snort and the rules:

cd /usr/src
wget http://dl.snort.org/snort-current/snort-2.8.5.2.tar.gz
tar zxvf snort-2.8.5.2.tar.gz
wget http://dl.snort.org/reg-rules/snortrules-snapshot-CURRENT.tar.gz
wget http://www.emergingthreats.net/rules/emerging.rules.tar.gz
cd snort-2.8.5.2
tar zxvf ../snortrules*
tar zxvf ../emerging*

./configure -enable-dynamicplugin --with-mysql --enabled-inline

make

make install

It should compile and make without any problems, if it does check out http://openmaniak.com/inline_pre.php for a good list of requirements.

It’s now time to get mysql ready:

mysql -u root -p

mysql> create database databasename;

mysql> grant all privileges on databasename.* to 'username'@'localhost' identified by 'password';

mysql> exit

Import the schema:

mysql -D databasename -u username -p < /usr/src/snort-2.8.5.2/schemas/create_mysql

Setup Snort:

cd /usr/src/snort-2.8.5.2

mkdir -p /etc/snort/rules /var/log/snort

cp etc/* /etc/snort/

cp rules/* /etc/snort/rules

Next up, editing the /etc/snort/snort.conf file:

1. Find var HOME_NET any and edit it to match your network(s) (var HOME_NET 192.168.0.0/16)
2. Find var EXTERNAL_NET any and change it to var EXTERNAL_NET !$HOME_NET
3. Find var RULE_PATH ../rules to var RULE_PATH /etc/snort/rules
4. I also added include $RULE_PATH/emerging.conf to read the emerging.conf rules file
5. Last, find the # output database: log, mysql, … and uncomment the line and change it to match your setup

Installing BASE:

First I upgraded and installed the required Pear modules:

pear upgrade-all

pear install Image_Color Image_Canvas-alpha Image_Graph-alpha

pear install Mail Mail_mime

Edit your /etc/php5/apache2/php.ini file and add under Dynamic Extensions:

extension=mysql.so

extension=gd.so

Restart Apache2:

/etc/init.d/apache2 restart

Download and setup BASE:

cd

wget http://sourceforge.net/projects/secureideas/files/BASE/base-1.4.4/base-1.4.4.tar.gz/download

cd /var/www

tar zxvf ~/base-1.4.4.tar.gz

mv base-1.4.4 base

cd base

cp -R /usr/src/snort-2.8.5.2/doc/signatures .

cd ..

chown -R www-data.www-data base

Go ahead and visit your site at http://yoursite/base and click continue:

• Step 1: enter /usr/share/php/adodb
• Step 2:  Database type = mysql; Database name = database name; Database host = localhost; Database username = username; Database Password = password
• Step 3: enter the name and password you’d like to use
• Step 4: click the Create BASE AG button
• Step 5: click Continue to go to the login screen

Bridging the Interfaces:

Load the bridge module:

modprobe bridge

Edit /etc/network/interfaces

# The loopback network interface

auto lo

iface lo inet loopback


# The primary network interface


auto eth2

iface eth2 inet static

        address 10.x.x.x

        netmask 255.x.x.x

        network 10.x.x.x

        broadcast 10.x.x.x

        gateway 10.x.x.x

        # dns-* options are implemented by the resolvconf package, if installed

        dns-nameservers 10.x.x.x

        dns-search searchbase


# The Bridge


auto br0

iface br0 inet manual

bridge_ports eth0 eth1

# Time to wait before loading bridge

bridge_maxwait 0

/etc/init.d/networking restart

Then setup the box to load the bridge kernel at startup:

crontab -e

@reboot root lsmod | grep bridge > /dev/null || /sbin/modprobe bridge;

The following is a startup script from http://openmaniak.com/inline_final.php that I used and modified for my setup.  I saved it in /etc/init.d/snortd:

#!/bin/bash

#

# snort_inline

start(){

# Start daemons.

echo "Starting ip_queue module:"

lsmod | grep ip_queue >/dev/null || /sbin/modprobe ip_queue;

#

echo "Starting iptables rules:"

# iptables traffic sent to the QUEUE:

# accept internal localhost connections

iptables -A INPUT -i lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

iptables -A OUTPUT -o lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

# send all the incoming, outgoing and forwarding traffic to the QUEUE

iptables -A INPUT -j QUEUE

iptables -A FORWARD -j QUEUE

iptables -A OUTPUT -j QUEUE

# Start Snort_inline

echo "Starting snort_inline: "

/usr/local/bin/snort_inline -c /etc/snort_inline/snort_inline.conf -Q -D -v 

-l /var/log/snort_inline

# -Q -> process the queued traffic

# -D -> run as a daemon

# -v -> verbose

# -l -> log path

# -c -> config path

}

stop() {

# Stop daemons.

# Stop Snort_Inline

# echo "Shutting down snort_inline: "

killall snort_inline

# Remove all the iptables rules and

# set the default Netfilter policies to accept

echo "Removing iptables rules:"

iptables -F

# -F -> flush iptables

iptables -P INPUT ACCEPT

iptables -P OUTPUT ACCEPT

iptables -P FORWARD ACCEPT

# -P -> default policy

}

restart(){

stop

start

}

case "$1" in

start)

start

;;

stop)

stop

;;

restart)

restart

;;

*)

echo $"Usage: $0 {start|stop|restart|}"

exit 1

esac

You can start snort with :

/etc/init.d/snortd start

And configure the server to run the snortd script at boot:

update-rc.d snortd defaults 95

And there we have it, what should be a functional Snort box compiled with inline support!  Wrapping my head around this has been a chore, I’m pleased that it’s at least running!  I haven’t put it in the middle of everything yet, so far I’ve just put it between my system and the network to play with rules.  One downside I found deals with restarting the snort process to load new rules; doing so will interrupt traffic until snort starts up again which can be around a minute or so.

If you have information you’d like to share and include in The Hatch, please feel free to use the link at the top of the page titled “Submit Hatch Information”.  You will be presented with a form asking for the state, river name, bug, and month’s you’ll find the bug hatching. These updates will be included in periodic updates to the app.

Thanks everyone.

After the purchase of a new MacBook Pro about a year ago, I thought you know what?  I’m going to try and develop an app.  I hadn’t seen anything related to fly fishing and thought maybe I could create an app that provides a hatch chart for rivers across the US!

Going into this, I had NO experience with developing anything for the iPhone or Mac OS for that matter.  Sure I’d written some scripts, and about 7 years ago I wrote an app to import users into Active Directory, but I was a clean slate and ready to learn.  Initially, and some may remember, the app started out working like the Weather app, super simple, but it got the job done.  I gleaned a lot off forums, friends, and screw-ups to get it working and it did!  Apple even published the darn thing for me.  After some requests and a complete redesign by Brisk Studios, a much improved version 2 was out with almost 30 states and 300+ rivers, entomology photos and a great new interface.  Entomology photo’s were slow coming, but Lucas Carroll (http://www.flickr.com/photos/luke_c_photography/) was kind to provide some of his amazing photography and with the help of Jason Neuswanger (http://www.troutnut.com) a huge portion of the photography was hammered out.

With the new version I also tried to push the app to a lot of blogs and a few magazines looking for reviews and was very pleased with what came out (I have a pretty good list here).  Most recently American Angler even wrote a quick blurb about it in their Jan/Feb 2010 issue!

In all, it’s been a fun and extremely time consuming process.  There are currently over 46k rows of data in one of the SQLite tables that were hand entered.  The process has been rewarding in the fact that it’s something that I’ve created, but equally as frustrating.  One of the downsides to the app store is the commenting/review system, though it’s inherit in any retail scenario.  Anyone who’s going to take the time to comment, will most likely be a complainer.

Most recently, “Andyfisher” left a comment stating:

The data on my favorite river is plainly incorrect and the number of rivers it covers is too limited!  This app still needs a lot of work because it’s substandard.  Don’t buy it before it’s radically updated!

Wow, Andyfisher, please let me know which river(s) needs more work and I’ll see what else I can find.

A man named Robert emailed me:

Your site is a joke, at least this time of year.  The same 4 flies
cannot be appropriate for every river in the US

One of the hard things about creating an app like this is you have to generalize some information.  I fully understand that a stonefly pattern that kills in Montana may not work as well on the Deschutes; but in no way is this app meant to replace a good old local fly shop.  In fact, I would encourage users to visit fly shops for indepth knowledge of the local regions!

On that note, the latest version that I’ve submitted for approval is coming with photo’s of patterns by Montana Fly Company.  They have a great list of fly shops that sell their product and maybe in a future version I’ll figure out a way to provide a list of shop for states.

This whole process has really made me sit back and take criticism lightly and understand that I can’t please everyone.  Sure I’d love to have exact information for every river, stream, lake, and body of water in the US, but then I know I’d get bashed for giving away ‘secrets’.

I’ve got in touch with some great folks like Lucas Carroll as mentioned above, Cameron Mortenson and the folks behind http://www.fishykid.org/, David Gross at http://www.flyfishingsherpa.com, the great guys at Korkers, http://paflyfish.com/, http://eastcoastangler.blogspot.com/, and http://www.midcurrent.com.  I’m sure I’ve missed someone, but thanks everyone for the support and helping spread the word.

Should I have the chance to do it over or anyone thinking of creating an app I’d do the following:

• Wait to release a more complete app rather than slowly adding rivers as time permits
• Realize that it can’t be created for free
• Realize it is rewarding, but don’t count on it to be a gold mine

PHEW, didn’t know how long the skunk would go into the new year.  A buddy of mine and I went out for a quick trip to the Crooked today.  I haven’t been fishing there in over a year but had heard that fishing had picked up in the last few months and the weather was decent, so why not?

We arrived on the river at about 1pm.  The temp rose about 6 degrees on the drive over to a nice and balmy 45.  I’m not sure what the water temp was, but there was still ice on the surface of some of the slower water.

Brett hooked a good sized whitefish right off the bat and we started working our way downstream.  On the way down we noticed a few rises about 100 yards down stream so we promptly switched out the nymph’s and went for some small BWO’s.  They ended up being the ticket, we totaled 8-9 trout a piece in one small section of water!

We were off the water about 3 hours later and had a great time of fellowship and fishing.

Following along a previous post about reading and goals, especially the Bible, I happened across a website called http://www.youversion.com.  It’s essentially an online bible, journal, reading plans, and community based website, but I’d say one of the best features is the slew of mobile apps.

Reading the Bible and picking from one of the many translations can be done without creating an account.  To take advantage of the reading plans and many of the other features, you need to walk through the simple process of setting up an account.  With the newly created account, you have access to the included reading plans with the ability to tag, note, journal, and share verses, as well as engage with other users.

With the newest version of their mobile apps, you can now even log in and perform many of the same tasks including following the synchronized reading plans so you can keep on top of the daily reading wherever you are.

Many of the versions required internet access, most likely due to licensing issues, but there are a few versions that are downloadable so you can read without having internet access.

It’s a pretty good app, great concept and a great addition to any iPhone or mobile device.  In no way should it take the place of a traditional printed Bible, but it is an interesting addition with the benefit of reading plans to help keep you on track!

http://blog.youversion.com/post/488/20-ways-to-read-the-bible-in-2010-pick-your-plan-personalize-it