Archive
Posts from 2005
Verifying digital signatures
I recently downloaded the samhain file integrity verification suite, and wanted to verify the authenticity of the package. The samhain developers distribute samhain as tar archive, which includes the source code and a detached ASCII signature file: To verify the source code that is contained in the file samhain-2.0.10a.tar.gz using the detached ASCII signature stored in the file samhain-2.0.10a.tar.gz.asc, I downloaded the samhain developers public key, and imported it into my keychain with the gpg "--import" option: Once the public key was imported, I used gpg's "--fingerprint" option to extract a digital fingerprint from each public key: Once I had the fingerprint and the keyid, I verified both pieces of information with a trusted source. After I verified the authenticity of the key I imported, I used gpg's "--verify" option along with the signature file (an encrypted hash) to verify the files contents with the key I just imported: Verifying signatures can help ensure that the source code you download hasn't been replaced with a malicious variant. The gpg(1) manual contains lots of information on signatures, and provides a detailed breakdown of the available gpg options.
$ read more →Observing disk I/O with the DTraceToolkit
I just noticed that my article Observing Disk I/O with the DTraceToolkit was published in this months SysAdmin magazine. If you are looking for ways to analyze Disk I/O on your systems, this article introduces several cool DTrace scripts to help get you started.
$ read more →Debugging Solaris in.rarpd issues
While performing a routine jumpstart this week, one of my friends was receiving a steady stream of Timeouts while attempting to jumpstart a system: He had used the jumpstart server earlier in the week to build a system, and was uncertain why the server he was jumpstarting couldn't get an IP address. He asked me if I could take a look at the problem, so I fired up snoop on the jumpstart server to see if the RARP requests were reaching the server: The requests were indeed getting to the server, but for some reason the server wasn't sending anything back to the client. I double checked all the configuration files (e.g., /etc/bootparams, /etc/ethers, /etc/hosts), and then double checked that the host had valid entry in /etc/tftpboot. Everything appeared to be correct, so I fired up truss to watch what in.rarp was doing: The truss output indicated that certain RARP requests were being processed by in.rarpd, but the MAC address of the system my friend was attempting to jumpstart was not showing up…
$ read more →Beware of your printer
I read the article Is Your Printer Spying On You? in awe. While I have always known that government intelligence agencies were working back room deals in the sake of "protecting America," it never dawned on me that they are using the printer companies to identify people through the material they print. This is some spooky stuff!
$ read more →Converting from nslookup to dig
I have used nslookup for years to access information in the Domain Name Systems (DNS), and was sad to see that it was moved to the "deprecated" state when dig (domain information groper) was released. Since I knew nslookup(1m) inside and out, I put off learning about dig, and instead focused on learning other interesting technologies. I recently wanted to add TSIG support to a DNS server, and needed to be able to test signing keys. I didn't see support in nslookup, so I decided to sit down and learn everything there was to know about dig…
$ read more →