Hal's Low-Tech Homepage

What is This?

You've managed to stumble across my completely unartistic homepage, put here to help folks find some of the more useful information that I make available from this site. For the impatient, here's a quick index of the important information you can find here.

My name is Hal Pomeranz, and I make my living as an independent consultant through Deer Run Associates, the firm that I run with my wife, Laura LeHew. The primary focus of our consulting practice is computer and information security, though I also do a reasonable amount of consulting and training related to DNS, Sendmail, and a wide variety of other topics related to Unix systems, networking, and Open Source software. We're based out of Eugene, Oregon but I travel fairly frequently for different jobs.

There are also a number of other "hats" I wear from time to time:

I'm a Senior Faculty Member for The SANS Institute. Basically, I'm the "Unix Guy" for SANS. I'm the track coordinator, primary courseware author, and primary instructor for their six-day Unix/Linux Security (GCUX) certification track.
I maintain the Solaris Benchmark document for the Center for Internet Security and am an active contributor on their other Unix-related documents.
I'm the Technical Editor for Sys Admin Magazine. We're always on the lookout for good content, so feel free to either contact me directly or peruse more info at the Sys Admin web site.

Normally, this is enough to keep me busy...

Recently Added

If you attended my Unix Command-Line Kung Fu talk at the SANS 2008 conference in Orlando, you'll remember that I promised to make a PDF of the slides available as soon as I finished the notes. Well, the slides are finally ready and you can get them here.

Solaris

I spend a lot of time working with the Solaris operating system, and have created a number of useful resources in this area:

I'm the primary author and maintainer for Solaris Security: Step-by-Step, originally published by the SANS Institute. This is a handy little guide (IMHO) for building a secure server platform based on Solaris. SANS is no longer publishing this guide (they've recently replaced it with another publication) but were kind enough to allow me to distribute the PDF of my document from this site.
Here are the notes from my SANS Webcast on Solaris Security.
I tossed off a quick document on compiling statically-linked binaries for Solaris because it came up as a topic for discussion in one of my classes. Sun, unfortunately, makes this a lot harder to do than you might think.
Here is an article I wrote on Solaris BSM, aka kernel-level auditing. This article was originally published in Sys Admin Magazine.
Also in a Solaris vein, here is some material I maintain on how to use the Solaris Jumpstart facility to quickly build large networks of similar systems. You'll find the PDF of a presentation I give on the subject, plus some useful scripts and other utilites that I reference in the presentation.
In particular, I developed the configurator tool as a mechanism for performing the actions from my Solaris Security: Step-by-Step guide during a custom Jumpstart install. The script can also be run manually, however.

DNS and Sendmail

I've been working with Sendmail as long as I've been working with Unix (literally-- the reason they gave me root access on my first Unix system was to figure out Sendmail and get email working). I also do a lot of work with DNS and BIND. So I've got a lot of content in these areas to share:

I've made the course book for my "Demystifying Sendmail" course available for free download. More information can be found here.
Here's an overview talk I gave at the July 2004 Portland Linux User Group meeting on the current anti-spam landscape.
Here's a quick article I wrote for Sys Admin Magazine on a Sendmail 8.13 anti-spam feature called "greet_pause".
I wrote an article for Sys Admin Magazine called "Improving Sendmail Security by Turning it Off". The article generated so much feedback that I wrote a follow-up piece called "Just Can't Get Enough Sendmail".
Here's another security-flavored Sendmail article from Sys Admin Magazine that describes how to run Sendmail as an unprivileged user to help reduce the impact of as yet unknown vulnerabilities.
I wrote an article, "Name Server Security with BIND and chroot()", for an on-line journal called 8wire, which is sadly now defunct. This article covers how to get BIND8 running chroot()-ed under Solaris.
I also gave a talk on "DNS and BIND" to my local Linux/Unix user group, EUGLUG. Among other things, this talk covers running BIND9 chroot()-ed under (RedHat) Linux.
Here's another Sys Admin Magazine article, "A Simple DNS-Based Approach for Blocking Web Advertising". Since writing the original article, I've received feedback from several sources with lots of good ideas. Read more about it in my short update to the original article.
Related to both the EUGLUG talk and the Sys Admin article on blocking web advertising, here's an updated list of domains you can use for blocking web-based advertisements. Check out either my article or the EUGLUG talk for more info on how to use this file.
I'm currently the last known maintainer for the h2n program-- a tool which converts /etc/hosts files to DNS zone files. The tool was originally developed for the Albitz/Liu DNS and BIND book (published by O'Reilly), but a couple of my customers wanted some additional mods, and I told Cricket I'd be happy to be the de facto maintainer.

General Security Resources

Here is all the security material that didn't fit into the Solaris or DNS/Sendmail categories above:

Here's an article I wrote about the Linux pam_cracklib interface. This article was originally published in Sys Admin Magazine.
Here's a quick recipe for getting two Syslog-NG servers to talk to one another over an SSH tunnel. This is very useful when you need to move log data across an untrusted public network like the Internet. This article was originally published in Sys Admin Magazine.
I've been playing around with running AIDE on systems remotely via SSH, using some simple shell scripts. Here's an article on the subject that I wrote for Sys Admin Magazine, and here is a directory of related tools.
I gave a pair of somewhat related talks to the local Linux/Unix groups here in the Willamette Valley. The first talk is a quick introduction to how attackers break into Unix systems and what they do once they get in. The second talk covers some simple techniques and freely available tools for detecting when your systems have been compromised. Thanks to the Eugene Unix and GNU/Linux User Group and the Mid Willamette Valley Linux User Group for having me come give these talks.

Other Random Stuff

I've found myself doing a lot of web programming lately (the other LAMP-- Linux, Apache, MySQL, and Mod Perl). I've come up with what I think is a slightly different work-around for the broken way MSIE treats the <BUTTON> tag.
I'm also the maintainer for the PLOD tool which was designed to help System/Network Admins (and others) keep a running log of what they're working on. Frankly, I don't think many people are using it anymore, but I periodically get requests for the latest version, so here it is.
I used to write Perl Practicum, a Perl programming column for the USENIX ;login: magazine-- pretty basic stuff, but most of it's still relevant. Philippe Bereski was kind enough to do a French translation.
Here are pointers to talks I've given on NTP and the IT aspects of my move to Eugene.
On the lighter side, here's a humorous editorial I wrote for 8wire called "Great Moments In Customer Service".

Return to: Deer Run Home >