Archive for January, 2009
Snort Log Parser
Hey guys, I’d like to share a script I wrote to make reporting simpler for Snort. Snort is an open source intrusion detection / prevention system. It blocks or detects packets based on rules. Its an awesome security tool to see exactly what is going on in your network and offers great protection if you decide to put it in prevention mode. And its all free!
I installed it on my very old compaq computer which runs Ubuntu server edition. Didn’t really have a reason, just wanted to see how it works…will be getting rid of it soon since it slows down the network (Counter Strike and Snort don’t mix).
Anyway, to check the logs I had to ssh to the compaq (that computer has no monitor) and manually go through the logs. Usually the same event would’ve tripped 400 times in a row. Scrolling through all of this and logging into the compaq everytime was a pain. So I wrote a bash script that bundled the same events together, output the number of times they occured and emailed this information to me everyday. Now all I had to do was check my email. I also added a threshold so it would only email rules that tripped at least 20 times.
I’m sure this method isn’t as efficient as some of the other parsers that are out there…but this one’s awesome since I made it! Here it is…
PHP Login System Tutorial – Part 2
So far we’ve made our database, connected to it, and wrote a function to get rid of
SQL Injection attempts. Now we can make the registration page.
We’ll have a form with a couple fields and a submit button that sends everything to our database.
The first thing we’re going to do is include the db_connect.php page. This will connect us to our database and give us access to the protect function we created earlier.
This form will then submit to itself and insert the data into our db.
< ?php //Create registration form (register.php) include "db_connect.php"; if(!$_POST['submit']) // 'submit' hasn't been clicked so output html. { ?>
So what the first IF statement does is checks to see if the form has been submitted. If it hasn’t it outputs the html form.
<html> <form method="post" action="register.php"> First Name: <input type="text" name="first"/> Last Name: <input type="text" name="last"/> Desired Username: <input type="text" name="username"/> Password: <input type="password" name="password"/> Confirm Password: <input type="password" name="pass_conf"/> Email: <input type="text" name="email"/> About: <textarea name="about">Tell us about yourself</textarea> <input type="submit" name="submit" value="Register"/> </form> or <a href="index.php">Login</a> </html>
Notice the forms action is register.php which is the page itself. When ‘submit’ is posted we go to the else block here. This is where we store the posted values into variables. We call our protect function on these values to cleanse them of any injection attempts.
PHP Login System Tutorial – Part 1
This is Part 1 of my PHP Login System tutorial. By the end of this series, you’ll have your own custom social networking site. Users will be able to register, login, edit their profile and add pictures. We’re aiming for a very stripped down version of Facebook and Myspace.
For this tutorial you’ll need a webserver running PHP and mySQL. Click here for instructions on how to set one up on your local machine with XAMPP.
Lets start by making our database. Our users table will have 7 fields.
id, first, last, username, password, email and about.
Heres the SQL code to make this happen. You can paste it into your phpmyadmin SQL tab. Make sure you change the `db` in the first line to match the name of your database.
CREATE TABLE `db`.`users` ( `id` INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY , `first` VARCHAR( 32 ) NOT NULL , `last` VARCHAR( 32 ) NOT NULL , `username` VARCHAR(32) NOT NULL, `password` VARCHAR(255) NOT NULL, `email` VARCHAR(255) NOT NULL, `about` TEXT NOT NULL ) ENGINE = MYISAM;
We make the id auto_increment so that every user that is added to the db has their own id. Since this field will be unique, we’ll make it our primary key. It will be used to reference each user later.
Our database is setup. We just need to connect to it using php. We’ll create our first php file, “db_connect.php”.
PHP Basics
Heres a quick intro to PHP. A lot will be left out, I’m assuming you know basic programming (variables and loops). W3 Schools is a great place to learn PHP more in depth.
To try this code make sure you have XAMPP installed, check out this tutorial if you haven’t set it up yet.
Every script should begin and end with the php open/close tags.
< ?php //Comments //rest of code here ?>
Here are some examples
< ?php // two backslashes are used for comments // A variable is created using the dollar sign before the name of the var $v1 = "bananas" ; //semicolon after each statement //echo is used to print to the screen echo $v1; //You can print multiple items using a comma $v2 = "apples" ; echo $v1, $v2; //If statements are similar to those in C++ and Java. $uno = 1 ; $dos = 2 ; if($uno < $dos) { echo "WOO!" ; } else { echo "WTF!?"; } ?>
XAMPP Setup
In this tutorial we’ll get XAMPP setup so we can start coding websites.
XAMPP for Linux
Download XAMPP from ApacheFriends. You can put it in your home directory.
Open up a terminal and run this command
tar xvfz xampp-linux-1.7.tar.gz -C /opt
This will extract the XAMPP (should be called lampp) directory to /opt. If you already have an XAMPP installation this command will overwrite it so be careful. Now we need to start the LAMP server using this command
/opt/lampp/lampp start
Now everythings up and running. You can test the setup by going to http://localhost in a web browser.
To start a website you need to create a folder in the htdocs directory under lampp. You can make a simple index.html file and put it in the created folder. Now visit http://localhost/your_created_folder and you should see your index.html file.
-
You are currently browsing the archives for January, 2009
Facebook
Recent Comments