Security Focus Pager 3.0
Confidential Network Inventory Feature helps you track BugTraq for important vulnerabilities
More selectable categories and better focus
Short descriptions now delivered directly to the pager
Better Organization and integration with the SecurityFocus.com web site
The Security Focus Pager is a dynamic application designed to help system administrators track content of interest to them on the SecurityFocus.com web site. It affords the system administrator the ability to select categories of interest and tracks them automatically, notifying the administrator when new content arrives. The Security Focus Pager displays short descriptive summaries allowing the administrator to stay up-to-date on relevant issues in the security world, including vulnerabilities, news articles, software releases, and other important information.
Security Focus hosts the BugTraq mailing list, the authoritative full disclosure source for immediate release of information pertaining to vulnerabilities and bugs as they are discovered. Through the Network Inventory feature we have provided system administrators the capability to screen content from the BugTraq mailing list for releases pertinent to specific, user defined network and software configuration profiles.
None of the configuration information you provide to the Security Focus Pager is transmitted to the SecurityFocus.com server at any time. The pager employs client side filtering, ensuring the details of your hardware and software configuration remain confidential. All configuration information is stored locally.
Operating Systems and software requirements
The Security Focus Pager currently has been released for both Windows (9x, NT SP3, 2000) and Linux with X. The Linux version currently is being distributed in two binary forms; one statically linked and one dynamically linked.
If you are using the dynamically linked version you will need to have the following libs installed:
Security Focus Pager
has been tested on machines with the following software combinations.
- Internet Explorer 4 & 5
Windows NT 4.0 SP6,
98SE and Windows 2000
Red Hat Linux
5.2 & 6.1
When the Security Focus Pager is first executed, you will be presented with a series of simple dialogs to initially setup the application. In particular, the pager needs to know the location of your HTML browser and mail programs. Follow the prompts and enter the paths to your external applications as directed. The pager employs a simple checking mechanism to make sure the path and executable exist; if not, you will not be able to proceed to the next step. All configuration information you enter is stored in the directory .sfpager in the user's home directory.
After this simple setup process is finished, the pager will run and appear as follows:
The article index window (on the left) contains the
default category "Announcements," which will always be present. You will
need to configure the pager to reflect your interests and needs before
other content will be displayed. Click on the Configuration button
(upper right) to configure the pager. This will present you with
the following screen.
There are four tabs on this screen, which allow access to different aspects of the pager's configuration:
The first tab, Categories, lists all the available topics. These topics are organized in a hierarchy, mirroring that found on the SecurityFocus.com web site. These will be automatically updated when new topics are added to the SecurityFocus.com server. The square boxes are selection boxes, and can be "checked" by clicking on them. Nested categories can be listed by clicking on any group name with a plus (+) sign beside it. This will expand the list to display all the sub categories listed "below" the higher level category. Clicking the minus (-) sign beside an expanded category will compress it and hide all the entries below it in the hierarchy.
The selection box beside any higher level category (with a plus sign beside it) can be checked; this will select everything under that higher level category including all sub-categories and topics. Topics within the selected group can then be individually deselected to tailor the content to your unique needs. This can facilitate the process of making many selections while omitting only a few topics. In the following example, every category and topic under "library" and "links" is selected, as is everything under "auditing", and the single topics "cryptography" and "firewalls".
Clicking on any box with a checkmark will deselect that topic or category.
When you are satisfied that you have selected everything
of interest to you, you can click on another configuration tab or click
Ok.
The changes you have made to the category selections will be applied after
you click OK and the article list on the main application interface will
be updated to reflect this.
The options tab will present you with the options
configuration screen. This screen is split into several sections:
The pager polls the SecurityFocus.com server at defined intervals for new content. This setting dictates how long this interval will be. Set it to short periods of time when you need to have up to the minute information, or longer periods of time if you do not need to be immediately notified of content. Regardless of this setting, you can manually poll the server at any time by clicking on the Update button on the main Pager window.
This setting dictates how many articles will be delivered for each top level category. A top level category is defined only as those categories which are not lower in a hierarchy than any others. In the "Categories" screenshot (above), tools, library, links, and mailing lists are top level categories. The rest are sub-categories. If there are not enough articles in all of the selected sub-categories under a particular top level category, less than the number of articles you request with this slider will be displayed. Otherwise, the newest articles taken from all of the top level categories will be displayed, up to the maximum defined here.As a result of this ordering scheme, you may not receive articles from every sub-category even if they contain content, if there are newer articles from other sub-categories under the same heading.
Also, this maximum does not affect the total number of articles displayed by the pager (which may be many more), just the maximum for each top level category.
This allows you to specify the manner in which you wish to be notified when the Security Focus Pager detects new content at the SecurityFocus.com server (done during server polling, the period of which is adjusted as previously described). There are currently two methods, and you can select either or both of them.
- Flashing Icon - This will flash the icon associated with the Security Focus Pager, and will depend on which Window Manager you have installed. It is known to not work with enlightenment; users of enlightenment should choose the Pop-Up Window option instead.
- Pop-up Window - This causes a pop-up notification to appear whenever new content is detected on the server.
This is the path to your preferred HTML browser, which will be executed whenever the SecurityFocus.com web site is accessed by double-clicking an article title or a banner. You can click the BROWSE button adjacent to the field to browse your filesystem for the web browser executable.This section of the Configuration Options screen allows you to select a skin to modify the appearance of the Security Focus Pager. Select a skin by clicking the dropdown menu and clicking the skin name of choice. The Security Focus Pager 3.0 comes with a number of default skins from which you can choose your favorite. You can also create your own skin. Skins are installed into the directory /usr/lib/SecurityFocus/pagerskins. Each skin must reside within it's own directory under the /usr/lib/SecurityFocus/pagerskins/ directory.Resizable Skin:
You have the option of using a resizable "No Skin" interface. Although not elegant, it does provide you the ability to resize the pager interface. Select "No Skin" to use this interface.
Some window managers have exhibited problems when changing skins; a workaround for this problem is to restart the pager program after changing configuration. This option will restart the pager automatically for you everytime you change the configuration. By default it is not checked; only select it if you experience difficulty changing configuration settings, in particular skins.
Security Focus hosts the BugTraq mailing list, the authoritative source for full disclosure release of information pertaining to vulnerabilities and bugs as they are discovered. Through the Network Inventory feature we have provided system administrators the capability to screen content from the BugTraq mailing list for releases pertinent to specific, user defined network and software configuration profiles.
The Network Inventory feature employs CLIENT SIDE FILTERING. This means that the details of your specific network configuration are not sent over insecure network connections or submitted to the SecurityFocus.com content server. Your client machine maintains the details of your Network Inventory configuration locally (in ~/.sfpager), which the Security Focus Pager consults when it receives new information from the BugTraq mailing list. It is worth emphasizing that This information is not transmitted to or stored on the SecurityFocus.com server at any time.
From the Network Inventory setup screen, you can configure and manage your profiles. These can be configured in any way you find convenient.
For a thorough examination of this feature, please
see the Network Inventory section of this document.
To access a specific section of the Network Inventory section, select one of the following:
- Network Inventory profile setup
- Creating a profile
- Modifying profiles
- Custom Products
- Network Inventory Options
- Walkthrough - Example network inventory configurations
When you have finished configuring the various options, click OK to apply the changes and return to the main Security Focus Pager screen.The options within this section dictate how the Security Focus Pager will notify you when it detects new vulnerability content in the BugTraq mailing list database. There are three check boxes, Brief E-mail notification, Verbose E-mail notification, and Popup Window.
- Brief E-mail notification - This option when checked causes the Security Focus Pager to deliver a descriptive sentance with the BugTraq tracking ID to the associated e-mail address. This was designed with pager and cell-phone users with e-mail gateways in mind but could conceivably be used in any way you see fit.
- Verbose E-mail notification - Selecting this option causes the Security Focus Pager to deliver a full report on the vulnerability including detailed patch information, and other specifics, to the E-mail address specified in the field below it.
- Popup Window - Causes an alert to be displayed in a pop-up window on the machine running the Security Focus Pager.
- Mailer Command Line - This is the path and any command line options for your e-mail program. The default is "/bin/mail -s "SecurityFocus Vulnerability"".
After you have configured your pager according to the above protocol, the SecurityFocus.com content server will be automatically polled for new content. After the server has been successfully contacted, the pager window will appear similar to the following example.
The small window on the left displays top level categories (designated with a (+) plus sign) and article titles from within your selected topics. These can be manipulated by clicking on article titles or the plus sign beside top level categories. Clicking on a top level category will expand the list to display all recent articles in all the sub categories in that particular hierarchy, up to the maximum defined in the configuration options screen. Clicking on an article title will select that article and display the content of it in the content window. In the example shown above, the article currently displayed is found under the top level category Library. The full article title can be revealed by resizing the article list window. New article titles appear with an exclamation mark beside them. This helps you keep track of which articles you have read.
The minimize button minimizes the pager and docks the application as an icon. The exact function of this will depend on your specific window manager. The pager will remain active and poll the SecurityFocus.com server at the defined interval, and will notify you via your selected notification method when new content is detected.
The exit button closes the pager entirely. You will not receive notification of new content when the pager is not running. The next time you open the pager, the SecurityFocus.com server can be polled for new content.
Moving the Security Focus Pager and Visiting Sites
You can drag the Security Focus Pager around the desktop by clicking and holding the left mouse button on any part of the frame and moving your mouse. Double clicking on the banner (in this example "BugTraq") will open your browser with the target organization's web site.
Changing the size of the index and content windows
The frame separating the Index and Content windows can be moved to expand either area within the confines of the entire pager window. To do this, move the mouse pointer over the frame, hold the left button, and drag the frame to the new position.
The search button can
be clicked to search the SecurityFocus.com web site for specific information.
After clicking on Search you will be presented with a dialog box similar
to the following. Here you can enter a phrase or keywords to search
for, then click Submit. Your default web browser will be opened and
the SecurityFocus.com web site displayed with a summary of your search
results. Cancel aborts the operation and returns you to the main
pager screen.
The update button causes the pager to poll the SecurityFocus.com content server for new articles, and refreshes the index window when new content arrives. This has the same effect as the automated polling process, the timing of which is defined in the configuration options window.
Clicking this button brings up the configuration window, detailed in the configuration section of this documentation.
When new content is detected, you will be notified according to the method you have selected in the configuration options window. If you have not selected any method of notification, you will still be able to detect new content by viewing the Security Focus Pager's main window. Unread articles are marked with a green exclamation mark, to help you easily identify unread content.
The methods of notification are:
These methods can be configured from the options tab on the configuration screen.
The articles displayed in the content window are summaries of information contained on the SecurityFocus.com web site. In many cases, links to much more detailed information can be obtained by visiting the SecurityFocus.com web site. To quickly access detailed information about a subject covered by an article in the Security Focus Pager, double click on the article title in the index window. This will open your default web browser with the relevant page from the SecurityFocus.com web site. This page may contain more detailed information, links to news articles, books, software, and other important resources.
The Network Inventory is a special feature designed to simplify the tracking of vulnerability notifications from the BugTraq mailing list. The Security Focus Pager stores the profiles you define for it locally, and consults it to filter content from the BugTraq mailing list and present you with an alert when vulnerabilities relating to your exact network configuration are revealed. This is done without releasing sensitive network configuration information to any third party, including Security Focus. This client side filtering process ensures that the details of your hardware and software setup remain confidential.
To access a specific section of the Network Inventory
section, select one of the following:
- Network Inventory profile setup
- Creating a profile
- Modifying profiles
- Custom Products
- Network Inventory Options
- Walkthrough - Example network inventory configurations
The Network Inventory setup screen can be accessed by clicking on the Configuration button on the Security Focus Pager's main window, then selecting the Network Inventory tab. When you first access the Network Inventory setup screen it will appear similar to the following:
The Network Inventory feature employs a profile based approach. This allows you to "split up" your network configuration into separate groups, keeping various elements of your total network segregated. This way, if you scrap a particular machine or setup you do not have to modify your entire configuration; just delete the profile for that specific machine or element of your network. Adding a machine or service is just as easy; you can modify an existing profile or create a new one to cover the added element. You could also sort content based on the operating systems used or specific network functions. For instance, if you had a group of Windows NT/2000 machines used for development, and a FreeBSD machine for your gateway and web server, you could create one profile for the Windows machines and one for your FreeBSD machine. This helps simplify administration of the separate machines and functional aspects of your network. The profiles can be arranged in any way you wish and are not limited to any specific combinations of software or hardware.
Before you can configure the Network Inventory you will have to create a profile. This is necessary even if you do not wish to keep separate profiles. You will have to create at least one profile to store your configuration in. To do this, click on the "New" button. You will be prompted to enter a profile name. This can be anything and can include spaces and special characters. After you have entered a profile name, click on "Okay" or press enter.
Profile Display Modes
Profile configurations can be accessed in three different ways. These can be accessed via the drop-down menu (labeled "profile display mode selector" in the screen shot, above). The methods are as follows:
All (Combined)
All (By Profile)
button. (The arrow represents sending the item "back" to the main index.).
Due to the possibility for ambiguity you cannot add products to a profile
from this display mode. Choose the profile you wish to add to from
the drop-down menu if you wish to add products to it. Profile Editing
Mode (designated by an entry for each profile name)
You can modify the contents of a profile by selecting the profile from the drop-down menu. Once you have selected a specific profile you can add or delete items, using the transfer buttons. You can also delete or rename a profile, by clicking on the delete or rename button while in this display mode.
Products can be added to a profile by clicking on
the product name in the index window. After the product name has
been highlighted, click the 
button to "send" the product to the currently selected profile. The
vendor and product name will appear in the profile display window.
This will not affect the products in the index window, which always displays
every product available.
Entire categories of products, for instance everything
from a specific developer, can also be "sent" to your profile. Select
the category (indicated by a (+) sign) by clicking on the category name,
then click the
button. The category will appear in the profile display window with
"ALL products" listed under the product heading to indicate that everything
from that vendor is currently "in" that profile. Any individual products
you have previously added from the same vendor will be automatically removed
for you and replaced with the single entry "ALL Products".
To delete a product or group of products (indicated
by "ALL products") select that product in the profile display window and
click the
(left arrow) button. To entirely clear the contents of a profile
without deleting the profile name, you can click the 
(double left arrow) button.
Defining Custom Products and Vendors
The Network Inventory feature provides a comprehensive list of products with known vulnerabilities which can be selected and added to your profiles. In many cases, you may have a unique product which has not been reported on the BugTraq mailing list, but which you would like to add to a profile so that the BugTraq mailing list database will be monitored for information pertaining to it. You may have a modified version of an open source product you wish to keep separate, or a new product which has not had any vulnerabilities reported yet. The Security Focus Pager has a custom product feature which allows you to define a product and assign it numerous keywords which will be used to search for related entries on the BugTraq mailing list. The Security Focus Pager will keep a list of all the custom products you have created which can be then manipulated (added to or removed from profiles) in a manner analogous to the manipulation of the standard products defined in the Network Inventory product tree.
There are three controls for manipulating custom products. These can be accessed by clicking the buttons under the window titled "Custom Vendor/Product Keywords" from the Network Inventory tab under the configuration window.
Add
Remove
Edit
Adding Custom Products to a profile
Adding custom products to a profile can be accomplished
by selecting the product from the Custom Vendor/Product Keywords
window by left-clicking, and then clicking the
button. Likewise, custom products can be easily removed from a profile
by selecting the product by clicking on its entry under a profile in the
profile display window, and clicking the
button.
Changing the Custom Products list display
You can "slide" the dividing line between Custom Product names and keywords back and forth within the confines of the Custom Products list window.
Put the mouse over the small "line" between the headings "Name" and "Keywords" until the mouse pointer changes to the line with right & left arrows as shown in the screenshot below. You can click and hold the right mouse button and slide the divider back and forth to display more or less of either the names or keywords.
The method employed to notify you when a vulnerability in your Network Inventory setup is detected on the SecurityFocus.com server will depend on the way you configure the Security Focus Pager. You can specify one or any combination of the following. All Network Inventory related options are configured from the Inventory Options configuration screen
Network Inventory Setup Walkthrough
This walkthrough provides an example of how to setup
the Network Inventory feature with two hypothetical network configurations.
The first one will be a simple small network with
5 machines. The second network example will walk you through the
steps of configuring your Network Inventory to reflect a large
network with numerous subnets.
For this example, assume
you have the following network configuration:
2 Windows 2000
machines for software development
Windows 98 machine
for graphic design, word processing, web design
Windows 95 machine
for fax services, accounting, and email
3COM OfficeConnect
Dual Speed Hub 8 (3C16750A)
3COM HomeConnect
ADSL Modem Ethernet
First, open the configuration window from the
Pager's main window by clicking on Configuration.
Select the "Network Inventory" tab.
You will be presented with the following screen:
By default there are no profiles and the display mode is "All (By Profile)". You can now begin to configure the Network Inventory.
Creating Profiles
1. Red Hat Linux Machine
Click on the 
button to create a new profile. Since we are creating separate profiles
for each machine, we will name this one "Linux Internet Gateway" by typing
the name into the dialog box.
Click on OK. You will see the profile
name in the profile display mode selector box: 
The profile display window will be empty, because there are no products
associated with this new profile.
This machine has Red Hat Linux 6.1 installed on it. The important functional software on this machine includes Apache httpd 1.1.0, sshd 1.29, sendmail 8.93, pine 4.21, and wu-ftp 2.5.0.
We will add these products one at a time to the profile for tracking on the BugTraq mailing list.
First we'll start with the operating system, Red
Hat Linux 6.1. Scroll down the product list until you find "Red Hat".
Click the (+) plus sign beside the "Red Hat" heading (or double click the
heading "Red Hat") to expand the list of products by Red Hat. Scroll
down the list until you find the version of Red Hat Linux you are using,
in this case indicated by the name "Linux 610". Select this item
by left clicking on it. Add it to the new profile by clicking the
button. You will see the product listed in the profile display window,
as "Red Hat Linux 610". You can "hide" the product list for
Red Hat products by clicking the (-) minus sign beside Red Hat once you
have added Linux to your profile.
Next, scroll through the product list until you find
"Apache Group". Expand the product list by clicking the (+) sign.
Select "Apache 110" from the list and add it to the profile with the
button. "Hide" the product list for Apache Products by clicking the
(-) sign. The Apache HTTP server has been added to the list and appears
in the profile display window as "Apache Group Apache 110".
Repeat this method for sendmail, pine, wu-ftp, and sshd. Sendmail is found under "Eric Allman", pine under "University of Washington", wu-ftp under "Washington University", and sshd under "SSH Communications Security". At this point the Network Inventory screen should appear as follows:
If you wish to confirm that you have entered the proper products, you can slide the "dividor" between "Vendor" and "Products" by positioning your mouse over the line dividing the headings "Vendor" and "Product" in a manner analagous to changing the custom products display.
2. Windows 2000 Machines
Now you can create a profile for the Windows 2000
machines on your network. Click the
button, and enter the name "Windows 2000 Development" in the dialog box
which appears. Click OK. The name of this profile, "Windows
2000 Development" will now be in the profile display mode selection box,
and the profile display window will be empty. You can now add the
components of your Windows 2000 development machines to this profile.
From the Microsoft developer group in the product list, select Windows
2000 and add it to the profile with the
button. Do the same for Microsoft Visual Studio 6.0, Office 2000,
and Internet Explorer 5.0. Since Office 2000 contains several components
(e.g., Word 2000, Excel 2000) you can add these components as well, to
ensure you receive all information related to these components. Next,
add Symantec Norton Antivirus 2000. It can be found under the Symantec
vendor. Add Netscape Communicator 4.7, Mirabilis ICQ 99a 2.21 build
#1800, and IPSWITCH WS-FTP LE 5.0.
RealNetworks RealPlayer Basic 7.0 does not have an
entry. Create a custom entry for this by clicking "Add" under the "Custom
Vendor/Product Keywords" window. After you click "Add" you will be
presented with a dialog box requesting a name for the custom entry as well
as a set of keywords to identify with the custom product you have created.
Enter "RealPlayer Basic 7.0" in the "Name" box. Next, add several
keywords separated by commas that you wish to associate with Real Player
Basic 7.0. For this example enter "Real Player", "Real Networks",
"RealNetworks", and "Realplayer". A BugTraq entry will be delivered
to you if any of the keywords match the contents of the advisory.
After you have entered this information, the dialog box should appear as
follows:
Click OK and you will have created a new custom item.
Select this item from the "Custom Vendor/Product Keywords" window and click
the
button to add it to your profile.
Your Network Inventory screen should look like this:
3. Windows 98 Graphics, Word-processing, and Web Design machine
You can now create a
profile for the Windows 98 machine on your network. Click
and enter the name for this profile. Enter "Windows 98 Machine" in
the profile creation dialog box, and click Ok. You will be presented with
a screen similar to that for the previous entries - "Windows 98 Machine"
will be displayed in the profile display mode selection box, and the profile
display window will be empty. Add the components of your Windows
98 machine to the profile by selecting them from the product list and clicking
the
button, as in the previous example. At the time of release, there was no
entry for Symantec pcAnywhere 9.0, or the Adobe products. Since Symantec
pcAnywhere 8.0 has an entry, you can select this one; of course, some vulnerabilities
in this version may have been fixed in pcAnywhere 9.0, and there may be
new ones in the newer version. It would be advisable to create a
custom product entry for pcAnywhere 9.0 and add this. You will also
probably find that Adobe Photoshop and Illustrator do not have entries;
due to the nature of these programs it would seem unlikely that a vulnerability
directly related to them will be discovered, but it would be advisable
to create custom entries for them anyway in case one is discovered.
To create the custom product entries required for this machine, use the following procedure.
Click "Add", and enter Symantec pcAnywhere 9.0 in the "Name" field. Appropriate keywords for this entry would be "symantec" and "pcanywhere". Enter them in the keyword list field with the following format: symantec,pcanywhere
Create two more custom entries with the following properties.
button.
When you have finished these steps, the following items will be displayed in the profile display window:
4. Windows 95 Accounting, Email, Fax machine
By now you should be familiar with the process of creating a new profile and adding products to it. Create a profile for this machine and call it "Windows 95 Business Machine". Add Windows 95b, Internet Explorer 4.0, Microsoft Office 97 (and any individual components of Office 97 you find listed), IPSWITCH FTP-LE 5.0, and Symantec pcAnywhere 8.0. Also, create custom product entries for Symantec WinFax Pro 10.0 and ACCPAC Simply Accounting 7.0. Appropriate keyword entries for these two products would be "WinFax,Win Fax" and "ACCPAC,accounting" respectively. Adding "Symantec" as a keyword for pcAnywhere would cause entries for all symantec products to be delivered to you; if you would like this, this keyword can be included. To ensure only entries related to Winfax Pro are "noticed", leaving this keyword out would be fine. Additionally, when a product name is two concatenated words (e.g., "WinFax", "OfficeConnect"), including two entries, one with a space, will help ensure you do not miss any vulnerability reports.
5. Network Hardware
In this example you are using a 3COM 8 port ethernet
hub and a 3COM ADSL Modem. Create a new profile for these products
by clicking
and enter the name "Network Hardware". Now, search the product
list for the 3COM heading and expand the list by double clicking the heading
or the plus (+) button beside the heading. None of the products you
have are listed under this category, so you will have to create more custom
entries for them. Click the "Add" button and enter the name "3COM
8 Port Hub (3C16750A)". It would be especially useful to be specific
with these keywords since 3COM manufactures many products, most of which
would not be of interest to you with this network setup. Enter the keywords
"OfficeConnect,3C16750A,3C16750,Dual Speed Hub,3COM hub,Office Connect".
You will notice that you are entering the keywords "OfficeConnect"
and "Office Connect". This ensures that you will be notified
regardless of how the entry on the BugTraq list is entered. Similarly,
the product number is 3C16750A - entering this as well as 3C16750
may
help ensure you are notified if a vulnerability for a slightly different
model is reported. Click OK and then add this product to your profile with
the
button.
Next, create a custom product entry for your ADSL modem. Call it "3COM HomeConnect ADSL Modem" and assign it the keywords "3COM ADSL Modem,ADSL Modem,HomeConnect,Home Connect". Add this custom product to your Network Hardware profile the same way you added other custom products to profiles.
Suppose on your Windows 2000 machines you are using lots of Microsoft software, and do not wish to constantly update your profile for these machines when you add or remove Microsoft products. You can add an entry which will encompass all Microsoft products by following these steps.
Select your "Windows 2000 Development" profile by clicking the arrow on the profile display mode selection box. This will cause the following selection box to appear:
Click "Windows 2000 Development" (which is
the title of your profile) to select it and display it in the profile display
window. You will see a list of all the products associated with "Windows
2000 Development" in the profile display window. You can scroll
through the product list window until you find the Microsoft category.
Now click (once) the category name "Microsoft" to highlight it.
Click the
to add everything in the Microsoft category to your "Windows 2000 Development"
profile. Your profile will now contain an entry "Microsoft ALL
Products" which indicates that you will be notified when anything in
the category "Microsoft" is released. All the individual Microsoft
components will be automatically removed for you and replaced with the
single "Microsoft ALL Products" entry.
Suppose now that you have upgraded your Windows 95
machine to Windows 98 Second Edition, but have kept all the other software
components intact. You can rename the profile to reflect this.
First, select the profile from the profile display mode selection box (above).
Once you have this profile selected (all the profile's components will
be listed in the profile display window) you can rename it by clicking
on "Rename". Enter the new profile name; call it "Windows 98 Business
Machine" to keep it easily distinguishable from your other Windows
98 machine. Now, select the entry "Microsoft Windows 9500b"
and click the
button to remove it. You can now add Microsoft Windows 98 SE to the
profile, by finding "Microsoft Windows 9800se" under "Microsoft"
and clicking the
button.
More information on manipulating your profiles
Notification Setup
Refer to the notification setup at the end of the Large Network example portion of this documentation for an example of the procedure for this.
This example will walk you through the steps of creating a Network Profile to reflect the setup of a large network with several subnets including many machines. When dealing with large networks of this type, with clusters of machines running similar software configurations, it is better to define a profile for each type of machine rather than each individual machine on your network.
The topography of this hypothetical network is summarized in the following diagram:
This network has 6 main components:
In this example we will split the network into 5 profiles:
1. Network Hardware From the network inventory
setup screen, click
to create a new profile. Enter the name of this profile, "Network
Hardware". You will be presented with a blank profile display
window and the name of the profile, "Network Hardware", in the profile
display mode selection box. Search the component list for Cisco.
Expand
the list of products under Cisco by clicking the plus (+) sign next
to the name. Since you are running a Cisco Catalyst 2900 series
switch
with supervisor software 2.16, select "Catalyst 29xx supervisor
software 216" with a single right click and add it to the
Network
Hardware profile by clicking the
button. It might be favorable to be notified of all information
related to Cisco products. Select the Cisco Category by right clicking
once, then click the
button to add the entire Cisco tree to your profile. This will be
indicated by the entry "Cisco ALL Products" in your profile
display window, and the other Cisco entries will disappear.
Create a new profile for
your servers. Click
and enter the name "Servers", then click Ok. It might be a
better idea to give this a more specific name. Click "Rename" and
enter "Sun Enterprise 3500 Servers" and click Ok. The Network
Inventory screen will look like this:
Next you will add the products
you are running on these servers to this profile. Search through
the product list until you find the category "Sun". Expand
this category by clicking the plus sign beside it. Now, select "Solaris
700" (Solaris 7.00) and click
to add it to the profile. Do the same for "Solstice AdminSuite
510" and "OpenWindows 300" (AdminSuite 5.10 and OpenWindows
3.00), also under the "Sun" category. Optionally you
can just add the entire "Sun" product tree by clicking on the "Sun"
category name and clicking the button.
You have now configured your "Sun Enterprise 3500 Servers" category.
Click
and create a profile named "Workstations". Add the software
components of the workstations to the new profile. The workstations
contain the following products: Microsoft Windows NT Workstation
4.0 with Service Pack 6, Microsoft Office 97, Internet Explorer
5.0 for NT, and IPSWITCH WS_FTP LE 5.0. You should not have
to create any custom entries for any of these products as they are already
in the BugTraq database.
Click
and create a profile named "Research workstations".
Since these are Sun workstations running Solaris 7.0, search the product
list for "Sun", and find the entry "Solaris 70". Add
this to the profile with the
button. Now find the other components and add them to the profile
in the same way. These are: Solaris CDE, Sun Java Plug-in 1.1.2,
StarOffice 5.1, and Netscape Communicator 4.7. Solaris CDE may not
have an entry in the product list. If this is the case, create a
new custom product by clicking Add and entering the name "Solaris
Common Desktop Environment". Appropriate keywords to use would
be: "solaris cde,cde,common desktop environment".
Now add this new custom product to the profile.
These machines are running
FreeBSD 3.4, XFree86 3.3.3, and all the packages which can be installed
with the FreeBSD distribution. First, create a new profile for these
machines. Call it "Admin". Add "FreeBSD 333"
from the FreeBSD category, and then add "X11R6 333" from the XFree86
category. You can now select individual packages which were distributed
with your FreeBSD distribution from the product list. (For example,
if you use sendmail, pine, ftpd, etc).
Manipulating and Viewing Profiles
Now that you have created your profiles, you may want to check them over to ensure everything is configured the way you intend. Select "All (By Profile)" from the profile display mode selection menu. Your display will look as follows:
You can scroll through the list using the scrollbars on the right and bottom of the window to view the entire listing. The amount of the window that "Vendor" names or "Product" names take up can be changed by resizing the window (as per resizing the custom product display) You can also expand or shrink the list by clicking the (+) or (-) sign beside profile names in the profile display window; this toggles whether or not the details of a profile are listed below it or not.
To add products to or remove products from a profile, you must select that profile from the profile display mode selection box. Selecting "All (Combined)" and "All (By Profile)" provides you with an easy way to scan through the list and look at everything you are tracking on the BugTraq mailing list, although you cannot make changes to your profiles from this mode.
You must now configure the pager to notify you when BugTraq entries relevant to the configuration you have specified in your profiles are detected. From the configuration window click the Inventory Options tab. You will be presented with the following screen (detailed in the configuration options section of this documentation):
In this example, assume you have a cell phone with an e-mail gateway at which you would like to receive a short descriptive sentence with the BugTraq tracking ID, and an administrative email account at which you would like to receive the full detailed report. Your e-mail address for the cell phone gateway is 1234567@cellphone.net and the e-mail address to which you would like full reports sent is admin@host.com. Click the checkbox next to "Brief Email Notification" and enter your cell phone gateway address, "1234567@cellphone.net", in the field directly below the title you've just checked. Now click the box beside "Verbose Email Notification" and enter "admin@host.com" in the field below it. Additionally, you wish to receive a pop-up window notifying you of vulnerabilities which affect you. Check the box beside "Popup window".
Ensure that the entry under "Mailer Command Line" reflects the mail program the pager should invoke, typically just /bin/mail.
You have now configured the Security Focus Pager
to notify you the moment it receives BugTraq vulnerabilities which can
threaten the integrity of your network.
(See also Using Skins)
You can create your own "skins" for the Security Focus Pager to modify it's appearance. The following briefly outlines the method involved in this; for an example, look in /usr/lib/SecurityFocus/pagerskins/focus/. It would be wise to not modify the contents of this directory as it contains the default skin used by the pager; make a backup copy of this directory if you plan to change the contents of it.
You will need to create the following files. All of them should be stored in a unique directory in /usr/lib/SecurityFocus/pagerskins/, for example in .../pagerskins/MyNewSkin/. All images are 24bit BMP (Windows Bitmap) format except for pager-mask.bmp (2-color BMP). Keep track of the coordinates of all important regions of the image (the top left corner of all buttons on the pager.bmp image, the top left corner and size of the content window, the top-left corner of the banner and logo). These should be relative to the top left corner of the entire image, which is designated as 0,0.
SKIN.INI should have the following format:
The following entries designate the position on pager.bmp of the
associated button. Upon loading the skin, the Security Focus Pager
will place the entire button image with the upper-left corner of the image
located to the x,y coordinates indicated. (When clicked, the button
image at this location will be replaced with the "click" version of the
button). Careful design will ensure the button bitmap images "fit"
properly into the location designated here. (There need not be any
special modification to the pager.bmp image to accomodate the button, whatever
exists in pager.bmp will be replaced with the button image). It should
be noted that the mapping of the function to the button will match the
exact size of the button image and is not specified in skin.ini.
If you had a 20 pixel by 20 pixel help button image and placed it at location
120,70, the rectangular region of the interface bounded by 120,70 and 140,90
would be entirely mapped to the help button.
The format of the following entries is label=x,y
The following issues have been recognized at the time of release:
How to contact us: SecurityFocus.com
1660 South Amphlett Blvd.
Suite 128
San Mateo, CA 94402(650) 655-2000 tel
(650) 655-2099 faxTo send us email:
info@securityfocus.com.For Public Relations, please contact our agency:
Donna Candelori
Candelori Communications, Inc
1270 Oakmead Pkwy, Suite 314
Sunnyvale, CA 94086
(408) 774-3414
(408) 774-3419 fax