yep, that's how it should work.
On Jan 27, 2010, at 7:55 PM, Terry MacDonald
<terry.macdon...@gmail.com> wrote:
Hi All,
Actually have one more question regarding snapshots. If we're
running a recompiled version of Server 3.0.1 on ESXi, how does
Capture-HPC decide which snapshot to revert to? Is it always the
latest one?
Cheers
Terry MacDonald
2010/1/27 Terry MacDonald <terry.macdon...@gmail.com>
Hi Christian,
Thanks for the quick reply.
The reasoning for the reverting to different snapshots was really
just to make life easiler when tracking one of our corporate builds.
We were hoping to have a VM (running on ESXi host) that we could
keep updating the same as the rest of our corporate machines. We
then want to throw the URL's that our staff have visited each day to
this VM to see if anything dodgy turns up. I was hoping to have an
easy way of reverting back to a different 'earlier' corporate build
to see if that is vulnerable as well as the 'latest' build. I
figured using the revert function could be the way to do it.
Regarding the URL's addded into the database.... looking at the
database schema I don't think I can delete the url from the table as
that means the url_operation records would lose the url_id reference
they need.
>>>>> from capture_mysql.sql
create table url (
url_id serial,
url carchar(2083) not null,
currentstatus char(1) refences status(status_id),
lastvisittime char(23),
operation_id integer references operation(operation_id),
PRIMARY KEY(url_id)
);
create table url_operation (
url_id integer references url(url_id),
operation_id integer references operation(operation_id),
clientprogram_id interger references clientprogram(clientprogram_id),
visitstarttime char (23),
visitfinishtime char(23),
status_id char(1) references status(status_id),
webserverip char(15),
PRIMARY KEY (url_id,operation_id)
);
<<<<<<<<
The thing I'm worried about is that our list of URL's we need to
process is up to 30,000 URLs per day. If the URLs need to stay in
the database then the database will get big very quickly - and I
don't really want to index the Internet :). Any ideas on how the
database size can be kept small with a large number of URL's to
visit? I guess the only other answer is to run with logs only?
Cheers
Terry MacDonald
2010/1/27 Christian Seifert <christian.seif...@gmail.com>
Terry, see inline...
On Tue, Jan 26, 2010 at 7:42 PM, Terry MacDonald <terry.macdon...@gmail.com
> wrote:
Hi All,
I’ve got some questions that someone may be able to help with around
the configuration of Capture-HPC and any restrictions on it's use.
- Does Capture-HPC have the ability to run multiple types of Client
VMs on a single VMWare host? i.e. one group of 3 VM's of Windows XP
SP2, and another group of 2 VM's with Windows XP SP3 at the same
time? And have them all report back to the single Capture-HPC Server?
You can run multiple types of VMs, but cant selectively send one URL
to a specific one.
- Does a single Capture-HPC Server support controlling Capture-HPC
clients on more than one VMWare server? i.e. If we have Capture-HPC
client VMs running on 4 separate ESXi hosts will one instance of
Capture-HPC Server handle controlling them all? Will the MySQL
database support getting data from these instances?
Yes
- Can I run some URL's through Internet Explorer, and some other's
through Firefox, and some other's through Acrobat Reader, but all
from within the same VM image? i.e. If a Capture-HPC Client VM image
has firefox and Adobe Acrobat reader installed on it, can I instruct
Capture-HPC to open all URL's ending in .pdf from within acrobat,
and all .swf files in Internet Explorer, and all the rest in Firefox?
Yes, as part of the input file, you can specify which application to
open it with.
- Next question – in the Capture-HPC Server Readme.txt, Christian t
alks about different vm’s and same vm’s as part of the
explanation in the ‘same_vm_revert_delay’ and
‘different_vm_revert_delay’. Do you know what he’s meaning with
those two settings? Does it mean that I can run different client VM’
s on the same VMWare host? Or is it that I can run different Client
VM’s on different VMWare hosts? Or some other explaination?
it just pertains to the VM instance. Assume you have three VM
instances on one box: A, B, C. If you revert A twice, it would wait
same_vm_revert_delay seconds; if you revert A and then B, it would
wait different_vm_revert_delay.
- Next – if I supply the list of urls to test to the command line, I
know that Capture-HPC logs which URL’s it has processed. I also kno
w that if I want to supply a new list of URL’s I can do that easily
by supplying a new file. Now, if I instead use the new database way
of introducing URL’s, does Capture-HPC server clear out those
URL’s from that url table itself, or do I need to clear it out? Is t
he list of URL’s supposed to stay in the database and the table jus
t keep growing? Or is the URL ‘lifed’ so that after a certain
length of time the url will be removed from the url table (if it has
n’t been check in X days)
I believe you need to clear it out; however, if capture visited
URLs, it will tag them as such. So if you add additional URLs to the
table, you should be fine. No need to clear out the old entries...
- And finally, is there a way of selecting the snapshot that the
Capture-HPC Server reverts the client back to? Or is it always the
last one that was made for that virtual machine?
No, that is currently not supported. Can you explain the use case
for reverting to different snapshots?
Thanks
Terry MacDonald
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
--
----
Web: http://www.ecs.vuw.ac.nz/Main/GradChristianSeifert
PGP key
http://homepages.ecs.vuw.ac.nz/~cseifert/pgpkey.txt
Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583
B046 BAEF
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
