Journal - Week Two, Day Two

1. As I mentioned yesterday, I had a meeting with Nur and in the morning until the meeting I went over the integration, looking at notes and making any comments as to questions I have to ask. Here is the integration plan that I drafted and here is the summary of my work done so far.

2. During the meeting, some more questions arose, and I had to e-mail Gunes with these questions. Gunes is Nur's recently graduated PhD student who created the vulnerability analysis tool. Some of the questions that arose were concerning the vulnerable application to be tested on concerning versions and compatibility. The other questions were on the vulnerability analysis tool and the types of input or output I will be dealing with.

3. I then installed the older version of Traceroute onto the system as version 1.4a5 is the one with the vulnerability. It was difficult to find and I could only find RPM files which had to be converted into DEB files using alien. Here is the resource that I used to help download and convert the RPM. I found two files, and the first didn't download properly but I wasn't able to delete it because it was marked as a root file. I found this to help me remove the root locked file. The action that worked for me was simply doing sudo rm -rf. I soon came to realize that sudo was the keyword to act as root, and helped me properly run traceroot (to be discussed soon). As I mentioned, I have never used a Linux OS so this was all new to me.

4. I finally had traceroute installed properly, but was coming up with two errors. The first being that I would received the error "icmp socket: not permitted" when running traceroute under Systrace, and the other being that even if traceroute was being run alone, I would recevie continual no replies. My first thought was that it was permissions on Systrace, however a policy was being generated so the error was generated from traceroute. I did some googling (I am a pro now!!!) and found this which was the answer to my problem! At this point, this is when I clued in to the purpose of sudo (Duh! Systrace was in the sbin, not just bin, which stands for superuser, so it had to be run as root) and used the -I option. All in all, to run traceroute under Systrace, the full command is sudo systrace -A (-a) traceroute -I [hostname] . Yay! It finally worked, so I could wipe allthe sweat from my brow.