At the weekend I completed a new nagios / icinga plugin. The check_juniper_srx_ipsec_tunnel.pl plugin checks via SNMP the IPSec VPN / Tunnel State for a given VPN Gateway on a Juniper SRX gateway.

Usage: ./check_juniper_srx_ipsec_tunnel.pl -H <Juniper Hostname> -g <IPSec Tunnel Gateway> -C <SNMP Community>

You will find the plugin on my projects page

Related Posts:

• how to determine the runtime and start time of a Linux process
• how to test the plain and encrypted SMTP/POP3/IMAP and HTTP …

We’ve written about how a bad economy is indeed good for open source software. We’ve also recognized that with open source software’s maturity and place at the enterprise software table, a bad economy can be a double-edged sword for open source since the failure or fade of large enterprise customers, say big banks, hurts open source vendors right alongside traditional software providers.

What is interesting is that after a couple of years of economic rebuilding, we’ve seen recently how open source is being driven by innovation, particularly in cloud computing, …

Permalink: http://bit.ly/VNLTQe



The Safe DML project provides automatic creation of backups and an undo functionality for MySQL. These two abilities do not rely on the command line shell and can simply be executed by queries.

$DML() Options

Inside the stored procedure, $DML(), you can find the following options that can be set:

-- Switches logging on/off
DECLARE logging BOOLEAN DEFAULT FALSE;
-- Clears the logs per call
DECLARE clearLogs BOOLEAN DEFAULT TRUE;
-- Set to FALSE to backup only the current db in use
DECLARE backupAllDB BOOLEAN DEFAULT TRUE;
-- Disables filtering out of unsupported statements
DECLARE dmlFilter BOOLEAN DEFAULT TRUE;

• The logging option enables/disables logs written by Safe DML into the `debug` table in the …

Permalink: http://bit.ly/1vSmnGm



There is no native undo ability inside MySQL. Thus, the common methods to workaround the problem is through creating backup dumps and enabling binary logging, using transactions, and requiring the WHERE clause in Data Manipulation Language commands by using the safe updates option. These methods have drawbacks:

1. Creating backups via mysqldump and using binary logging to revert to a point in time will have the same effect as an undo functionality. However, these are executed via the command line shell. Since these tools are not executed inside MySQL, this method may not be convenient and presents limitations on when it can be used.
2. Transactions allow you to "undo" as long as you have not committed your data manipulation changes. Imagine if you discover data manipulation changes that you wish to …

Background Knowledge

TaskFreak! presently does not have a means via the web interface to present a complete list of tasks for which the current user is the project leader. I will show you how to add “My Projects” list based on bpiper’s solution with a slight difference. My solution is almost identical to bpiper’s but with a different approach to continue support of the supported interface languages. To do this each supported language file will require to be edited.

Thanks to bpiper for posting your solution.

Solution

1. Edit /taskfreak/include/language/en/freak.php starting at line #15. Add in a new array key/value at any point you desire like so “‘my_projects’ => ‘My Projects’,” (without double quotes), see below for example.

   Note: Each interface language file will be …

I previously reported about my joy with MySQL-Proxy and a simple SQL-Injection detection based on a simple heuristic.

Today I present the more interesting approach that I promised to publish after my webinar yesterday. This approach is based on the idea that SQL queries issued by an application always have a certain structure. This structure can be learned and remembered by MySQL-Proxy. Any SQL query that has a different structure can then be considered an attack.

Training Mode

The first Lua script learn_sql_queries.lua uses MySQL-Proxy’s read_query hook to catch COM_INIT_DB and COM_QUERY packets. COM_INIT_DB packets are issued when the database is …

“MySQL Proxy is a simple program that sits between your client and MySQL server(s) that can monitor, analyze or transform their communication. Its flexibility allows for unlimited uses; common ones include: load balancing; failover; query analysis; query filtering and modification; and many more.”

The flexibility of MySQL Proxy is based on the fact that every aspect is scriptable with Lua. Because I am new to MySQL Proxy and the Lua language I tried to implement a very simple script that waits for incoming SQL queries, tokenizes them and tries to detect SQL Injection heuristically by searching for certain disallowed SQL functions, databases, tables, statements or comments. When an SQL query is believed to contain an SQL injection is it not executed and a “Possible SQL …

I have a somewhat strange relation to parser since a while. Like everyone I started with writing little parsers by hand and bounced several times against yacc and flex failing to get around their very own syntax.

Then I discovered lemon and used it in lighttpd for the configuration and HTTP parsing, finally a parser syntax I could read. But it still was a split between lexing and parsing.

Along the the way there was ragel with its wonderful dot-output to visualize its state-engine, very neat and a mixed lexer and parser.

2-3 weeks ago I finally stumbled over LPEG and I'm happily writing parsers now. Like a simple one that can parse complex SELECT queries and …

Have you ever wanted to know who’s the top committer in your company?
In my previous company we etablished the term “CVS King”, a title comparable to “Employee of the month”. The developer with the most cvs commits was the “CVS King of the month”. We determined who was the “CSV King” using commit emails that were sent to all developers on each cvs commit.
Two years ago we switched to Subversion, so now we’re talking about the “Subversion King”. Naturally all this is anything but serious ;)

Anyway, today i programmed a little php script that uses a different approach to determine who is the “Subversion King of the Month”. It’s counting the line delta directly from the svn repository using svnlook. So the developer with the most lines added to …