iWebDev's blog

Redmine is a web-based project management and bug-tracking tool, it includes calendar and Gantt charts to aid visual representation of projects and their deadlines and supports multiple projects. The integration throughout the entire system is excellent and we can create nested subprojects and move issues/tickets from one project to another. For each project we are able to assign different users and turn certain functionality (milestones, time tracking, source control,..) on and off. This article describes how to install Redmine on OpenBSD 4.9. We will be using the official OpenBSD port from CVS. We will start by installing the prerequisites as binaries because if you have a fast internet connection, it is faster than building the ports from src. Lets install Ruby-On-Rails:

pkg_add -i ruby-1.9.2.136p0

pkg_add ruby-gems

Official releases include the appropriate Rails version in their vendor directory. So no particular action is needed. If we checkout the source from the Redmine repository, we can install a specific Rails version on your machine by running:

gem18 install rails -v=2.3.11

Install Rack:

gem28 install rack -v=1.1.0

gem18 install -v=0.4.2 i18n

gem18 install mysql

Redmine

It is recommended that the majority of users install the proper point releases of red mine. It is not recommended to install redmine from trunk.

Installation procedure

• Get the Redmine source code by either downloading a packaged release or checking out the code repository. See Download.
• Create an empty database and accompanying user named ”redmine” for example.

create database redmine character set utf8;
create user ‘redmine’@'localhost’ identified by ‘my_password’;
grant all privileges on redmine.* to ‘redmine’@'localhost’;

• Copy config/database.yml.example to config/database.yml and edit this file in order to configure your database settings for “production” environment. Example for a MySQL database (we have also to specify the mysql socket file):

production:
adapter: mysql
database: redmine
host: localhost
port: 3307
username: redmine
socket: /var/www/var/run/mysql/mysql.sock
password: my_password

• Generate a session store secret.

rake generate_session_store

• Create the database structure, by running the following command under the application root directory. It will create tables and an administrator account.

RAILS_ENV=production rake db:migrate

• Insert default configuration data in database, by running the following command:

RAILS_ENV=production rake redmine:load_default_data

• Test the installation by running WEBrick web server:

ruby script/server webrick -e production

Once WEBrick has started, point your browser to http://localhost:3000/. You should now see the application welcome page:

For years, computer forensic investigators have put a great deal of stock in the effectiveness of MD5 hashing. Now to quantify that statement, I mean specifically using MD5 hashes to identify known malicious files. The key word in that sentence is known, but let’s take that one step further to add the word “unmodified” known files. One minor change to a file, and the MD5 hash is now completely different, rendering the investigators search totally ineffective. So, what’s the answer? Easy, fuzzy hashing.

Fuzzy hashing allows the discovery of potentially incriminating documents that may not be located using traditional hashing methods. The use of the fuzzy hash is much like the fuzzy logic search; it is looking for documents that are similar but not exactly the same, called homologous files. Homologous files have identical strings of binary data; however they are not exact duplicates. An example would be two identical word processor documents, with a new paragraph added in the middle of one. To locate homologous files, they must be hashed traditionally in segments to identify the strings of identical data.

Download the ssdeep package from the following link. Once you downloaded it you have to extract and compile the package. The commands to perform these operations are:

wget http://downloads.sourceforge.net/project/ssdeep/ssdeep-2.6/ssdeep-2.6.tar.gz?r=http%3A%2F%2Fssdeep.sourceforge.net%2F&ts=1309466525&use_mirror=ovh

tar zxvfp ssdeep-2.6.tar.gz

and then

./configure && make && make install

Once you finished to install the tool you can perform this test: (ssdeep -V)

We have installed the ssdeep tool and it’s time to proceed to install the ssdeep PHP extension. Before to proceed you have to install the pear and the autoconf packages in order to allow you to use the pecl command:

pkg_add -i pear-1.7.2

pkg_add -i autoconf

export AUTOCONF_VERSION=2.64

After that you can try to install the PHP extension with the pecl system (pecl install ssdeep) but on my side I raised some issue related to the name of the libfuzzy.so and the error was

checking for ssdeep… configure: error: “Could not find ‘libfuzzy.so’. Try specifying the path to the ssdeep build directory.”

If you check in the /usr/local/lib folder you should find instead the libfuzzy.so.2.0 library. In order to avoid this issue I decided to install the extension manually. I download the pecl package from the original path (here the link to download it). Once you downloaded the package you have to extract it and run the command related to PHP. Here below the commands required:

wget http://pecl.php.net/get/ssdeep-1.0.2.tgz

tar zxvfp ssdeep-1.0.2.tar.gz

cd ssdeep-1.0.2

phpize

./configure

As you can see from the configure output you raised the same error, so you have to edit the configure file and change the name of the libfuzzy.so required with the libfuzzy.so.2.0 at line 4174.

SSDEEP_LIB_FILENAME=”lib$SSDEEP_LIB_NAME.so.2.0″

Now you have to perform the make and make install command

make && make install

You should get the following message from the shell:

The last step is to add the ssdeep.so extension in the php.ini:

nano /var/www/conf/php.ini

and add the following line in the extension section:

extension=ssdeep.so

Once you saved the file you have to restart the Apache service:

apachectl stop

apachectl start

If you check the phpinfo file, you should get the following section:

If you want to check the fully functionality of the extension installed you can copy the “example.php” file stored in the pecl package and run it into your webserver. In order to do that you have to perform this command (we supposed to be in ssdeep-1.0.2 folder):

mv examples/example.php /var/www/htdocs/

and the output should be this: