Monthly Archives: October 2011

Snorby Installation on Ubuntu 11.04

snorby is a ruby ​​application that is used to display / report the results of detection of intrusion detection software such as Snort, Sagan, and suricata. Snorby has an attractive appearance and layout, it is neat and easy to use, making snorby become one great option, beside anval, base, and the standard snortreport as snort reporting sotware to user. if you want to install snort, on a previous post i have written about the basic installation of Snort, which is one of the standard and widely IDS used.

Snorby is a ruby ​​application, because of that its installation process us a little bit new for me. Snorby installation tutorials have been written and published on the internet. It is also displayed on the main page of, but the installation tutorials is not comprehensive enough. so if you are looking for the comprehensive one, you can go to wiki pages. There is snorby installation in ubuntu without the use of RVM. The installation tutorial is complete enough to be followed if we want to install snorby on ubuntu machine.

snorby installation:

1. install dependencies

sudo apt-get install gcc g++ build-essential libssl-dev libreadline5-dev zlib1g-dev linux-headers-generic libsqlite3-dev libxslt-dev libxml2-dev imagemagick libmysqlclient-dev libmagick9-dev git-core mysql-server wkhtmltopdf[/php] Continue reading Snorby Installation on Ubuntu 11.04

How To Enable Site and Module Apache2 (Ubuntu)

Apache2 on ubuntu comes up with different configuration. you can find all configuration files on /etc/apache2.
There are some folder/file that we need to understand if we want to enable virtual hosting and enable non-default module on apache2. Here they are:

1. Folder / Directory
this is the folder where you store you site configuration. by name based vitual hosting means you can have different domain for your ip address. example and, so you will have two different file configuration inside this folder. No rule to name each configuration file. You can view sample from “default” files.

this is the folder that stores symlink (symbolic link) from configuration files. any site whose configuration file is stored here as symlink is enabled, means you can browse the site. Continue reading How To Enable Site and Module Apache2 (Ubuntu)

Scan and Check External Harddisk Windows

Sometime you find your external harddisk doing something wrong by displaying folder that can’t be opened, instead it asks you to format your drive. it means there is logical failure in the harddisk. Windows by default has provide us the ability to scan and fix disk error. Usually if windows reads flash/external disk that may be corrupted it will show us question whether we want to scan and fix disk or not. In my case, i found some folders unaccessible and windows shows me the question to scan and fix each time i plug in the external harddisk. but when i follow the instruction to scan and fix harddisk the operation is never get done.
Continue reading Scan and Check External Harddisk Windows

VLAN Tagging Switch HP Procurve

LAN Select the VLAN to configure.
Tag / Untag / Exclude All. For a port or trunk to participate in a VLAN, its tagging policy must be defined. By default, all ports and trunks are configured as untagged members of VLAN1, and are excluded from all other newly created VLANs.
You can use the Tag / Untag / Exclude All box to configure all ports at once. Click this box until the appropriate options displays:

E — exclude all ports from this VLAN.
T — participate in the selected VLAN and tag all frames.
U — participate in the selected VLAN and leave all outgoing frames untagged. Each port can have only one untagged VLAN membership. If a port is an untagged member of a VLAN and a second VLAN is selected for untagged membership, then the first VLAN membership is automatically changed to E (Exclude).
Then, you can use the Port boxes to refine the ports participation and tagging settings.

Cookie Injection With Greasemonkey

Http cookie is used for an origin website to send state information to a user’s browser and for the browser to return the state information to the origin site. it can also be taught as ticket for us to enter website, from simple explanation, it will be similiar with ticket for entering specific place. User that has examined ticket are free to enter or go in or out the place, for example once u have logged to, in new tab or window, you don’t have to enter log in information again, because your log in state has been stored by your browser through http cookie.

Browser use this http cookie to store information of your session, so that, user that have stored cookie has some advantages such as :

1. saved logging session
2. tracked browsing preference
3. preferred search or article provided by website
4. any service that can be done by storing browsing state on your computer.

because it is usually stored in text format in computer, http cookie will not contain virus or harm computer in a way virus does.

although it gives us advantages but http cookie may harm us in these ways:
1. Used by spyware to track browsing activities (in bad way).
2. Used by hacker to gain access to log in any web service

How to view cookies
you can view your cookies in firefox :
1. tools – option – privacy – remove individual cookie
there you can simply view cookie stored in your computer and remove it.
2. firefox plugin – View Cookies
this plugin is easy to use, you just need to right click anywhere on the site – click view page info – click view cookies menu.
3. wireshark
you can capture cookies with wireshark, in earlier network infrastructure (hub, unprotected wifi) wireshark can be used to capture entire network activities, so that u can easily steal cookies but now you need more efforts to steal/capture network activities

Cookie injection
Cookie injection is a method to modify our own cookie / inject cookie information to our computer/browser, using this method we can gain access to any browser state in particular sites.
In firefox Cookie injection can be done with greasemonkey. greasemonkey is plug-in that enable user script to be run to modify browsing activities.
These are the steps :

1. Download Greasemonkey
2. Install cookie injector script
3. Open sites you want to inject
4. Alt+C , enter cookie information to the form
5. You get logged in in without entering log in forms


Setting Proxy for Git

Git can use general proxy configuration on server,
such proxy configuration on ubuntu

export http_proxy=http://username:passwd@proxyserver:port

or use config git

[php]git config –global http.proxy http://username:passwd@proxyserver:port[/php]

if your proxy server doesnt need username and password simply write this command

[php]git config –global http.proxy http://proxyserver:port[/php]

now you can use git behind proxy

root@idsubuntu:/home/administrator# git clone
Cloning into snorby…
remote: Counting objects: 7232, done.
remote: Compressing objects: 100% (2159/2159), done.
remote: Total 7232 (delta 5054), reused 7081 (delta 4926)
Receiving objects: 100% (7232/7232), 4.83 MiB | 17 KiB/s, done.
Resolving deltas: 100% (5054/5054), done.