Presentations and Articles by Hal Pomeranz

You've managed to stumble across my largely unartistic homepage, put here to help folks find some of the more useful information that I make available from this site. For the impatient, here's a quick index of the important information you can find here.

My name is Hal Pomeranz, and I make my living as an independent consultant through Deer Run Associates, the firm that I run with my wife, Laura LeHew. The primary focus of our consulting practice is computer and information security, though I also do a reasonable amount of consulting and training related to DNS, Sendmail, and a wide variety of other topics related to Unix systems, networking, and Open Source software. We're based out of Eugene, Oregon but I travel fairly frequently for different jobs.

There are also a number of other "hats" I wear from time to time:

I'm a Faculty Fellow of The SANS Institute. Basically, I'm the "Unix Guy" for SANS. I'm the track coordinator, primary courseware author, and primary instructor for their six-day Unix/Linux Security (GCUX) certification track.
I'm one of the co-founders of the IT Pro Forum, a local user group here in Eugene for professional IT workers. We're always looking for interesting technical speakers, so please email me if you'd like to come give a talk.
Lately I've been participating in several different blogging efforts. Righteous IT is my own personal slant on all things IT-related, while Command Line Kung Fu and the SANS Forensics Blog contain hard-core tech writing for serious propeller-heads.

In previous episodes of my life, I've been the Technical Editor for Sys Admin Magazine, coordinated the Solaris Security Benchmark for the Center for Internet Security, and served on the Board of Directors for USENIX, BayLISA, and BBLISA. I am also a recipient of the SAGE Outstanding Achievement Award. If you'd like updates on whatever I'm working on currently, you can follow me on Twitter.

Linux and General Unix

So I'm the "Unix guy", which means a lot of my thinking and writing is devoted to Unix and Linux systems:

Want to get your iPhone to work with Linux infrastructure? I recently put together a talk that discusses my experiences doing this.
In a Forensics vein, here are the slides from the Intro to Linux Digital Forensics talk I've been giving to some user groups in my vicinity.
I find that lots of people don't know their way around the Unix command-line as well as they could, and there are a few little tricks can vastly improve your productivity. Here are a couple of different versions of a talk I call "Unix Command-Line Kung Fu": the version I gave most recently at the Open Source Bridge conference in Portland, and an earlier version that I've given a few times at SANS Conferences.
Here's an article I wrote about the Linux pam_cracklib interface for password security. This article was originally published in Sys Admin Magazine.
Here's a quick recipe on tunneling Syslog-NG traffic over SSH. This is very useful when you need to move log data across an untrusted public network like the Internet. This article was originally published in Sys Admin Magazine.
I've been playing around with running AIDE scans remotely via SSH, using some simple shell scripts. This article was originally published in Sys Admin Magazine.
I gave a pair of somewhat related talks to the local Linux/Unix groups here in the Willamette Valley. The first talk is a quick introduction to how attackers break into Linux/Unix systems and what they do once they get in. The second talk covers some simple techniques and freely available tools for detecting when your Linux/Unix systems have been compromised.

Solaris

I spent the first fifteen years of my professional career working with Sun Microsystems gear, SunOS, and Solaris. So I have quite a few useful Solaris-related documents to share:

Here is an article I wrote on Solaris BSM, aka kernel-level auditing. This article was originally published in Sys Admin Magazine.
I tossed off a quick document on compiling statically-linked binaries for Solaris because it came up as a topic for discussion in one of my classes. Sun, unfortunately, makes this a lot harder to do than you might think.
Here are the notes from my SANS Webcast on Solaris Security.
I was the primary author and maintainer for Solaris Security: Step-by-Step, originally published by the SANS Institute. This is a handy little guide (IMHO) for building a secure server platform based on Solaris. SANS is no longer publishing this guide, but were kind enough to allow me to distribute the PDF of my document from this site.
Here is some material I maintain on how to use the Solaris Jumpstart facility to quickly build large networks of similar systems. You'll find the PDF of a presentation I give on the subject, plus some useful scripts and other utilites that I reference in the presentation.
In particular, I developed the configurator tool as a mechanism for performing the actions from my Solaris Security: Step-by-Step guide during a custom Jumpstart install. The script can also be run manually, however.

DNS and Sendmail

I've been working with Sendmail as long as I've been working with Unix (literally-- the reason they gave me root access on my first Unix system was to figure out Sendmail and get email working). I also do a lot of work with DNS and BIND. So I've got a lot of content in these areas to share:

I've made the course book for my "Demystifying Sendmail" course available for free download.
Here's a quick article I wrote on a Sendmail 8.13 anti-spam feature called "greet_pause" (originally published in Sys Admin Magazine)
I wrote an article for Sys Admin Magazine called "Improving Sendmail Security by Turning it Off". The article generated so much feedback that I wrote a follow-up piece called "Just Can't Get Enough Sendmail".
Here's another security-flavored Sendmail article that describes how to run Sendmail as an unprivileged user to help reduce the impact of as yet unknown vulnerabilities (again, originally published in Sys Admin Magazine)
Here's an overview talk I gave at the July 2004 Portland Linux User Group meeting on the current anti-spam landscape.
I also gave a talk on "DNS and BIND" to my local Linux/Unix user group, EUGLUG. Among other things, this talk covers running BIND9 chroot()-ed under (RedHat) Linux.
Here's another Sys Admin Magazine article, "A Simple DNS-Based Approach for Blocking Web Advertising". Since writing the original article, I've received feedback from several sources with lots of good ideas. Read more about it in my short update to the original article.
Related to both the EUGLUG talk and the Sys Admin article on blocking web advertising, here's an updated list of domains you can use for blocking web-based advertisements. Check out either my article or the EUGLUG talk for more info on how to use this file.
I'm currently the last known maintainer for the h2n program-- a tool which converts /etc/hosts files to DNS zone files. The tool was originally developed for the Albitz/Liu DNS and BIND book (published by O'Reilly), but a couple of my customers wanted some additional mods, and I told Cricket I'd be happy to be the de facto maintainer.

Other Random Stuff

I've found myself doing a lot of web programming lately (the other LAMP-- Linux, Apache, MySQL, and Mod Perl). I've come up with what I think is a slightly different work-around for the broken way MSIE treats the <BUTTON> tag.
I'm also the maintainer for the PLOD tool which was designed to help System/Network Admins (and others) keep a running log of what they're working on. Frankly, I don't think many people are using it anymore, but I periodically get requests for the latest version, so here it is.
I used to write Perl Practicum, a Perl programming column for the USENIX ;login: magazine-- pretty basic stuff, but most of it's still relevant. Philippe Bereski was kind enough to do a French translation.
Here are pointers to talks I've given on NTP and the IT aspects of my move to Eugene.
On the lighter side, here's a humorous editorial I wrote for 8wire called "Great Moments In Customer Service".

Return to: Deer Run Home >