Tip: Cygwin for Bzip2 (.bz2)

Archive for June, 2008

Tip: Cygwin for Bzip2 (.bz2)

Posted by

I find the Windows shareware and nagware tools for Gzip and Bzip2 files lacking. Some of it is adding unnecessary clutter to my OS. Part of it is compatibility with 64-bit Windows Server 2003. I also do not want to pay for a feature that I rarely use. Since I run Cygwin, it is easy enough to drop into the Bash shell to unzip and untar.

Copy the file to the Cygwin home folder (C:\cygwin\home\Administrator). Then start Cygwin and run the commands to unzip and untar. Extract (x) with the verbose details (v) from a file (f). Use the j switch for Bzip2 (.bz2) and the z switch for Gzip (.gz).

$ tar xvfj file.tar.bz2

$ tar xvfz file.tar.gz

The expanded files will then be in a folder called C:\cygwin\home\Administrator\file.

Rolling your own SIM

Posted by

I have been looking at pay-to-play security information management tools. Reviewed Q1Labs Radar, Cisco Mars, and Novell’s offering. The costs are tad high, particularly when a lot of the basic collections I can do with WMI scripts and C# code.

OSSIM (Open Source Security Information Management) is another option that I am looking into. Or maybe I will roll my own. Here are the key tools:

Hosts:

Log monitoring: Kiwi syslog, Snare
Signature-based analysis: Nagios, OSSEC
Vulnerability assessments: Nessus

Networks:

Local monitoring: Arpwatch
Signature-based analysis: Snort
Statistical-based analysis: Spade

Correlation:

Splunk
SQL Server 2005 SSRS and SSAS

Code or configure? Where is the best return for my time? I wager rolling my own will be a good learning experience. The money saved can then be invested in training materials and resources. Further, any analysis and cleanup will not go to waste if I change course. An off-the-shelf SIM tool will plug into a cleaned up network just as easily as it would into a unmonitored network, if not easier. I am going to keep tinkering for the time being.

That sums up my thinking at the moment.