f00 Brewery Kegging

As I mentioned previosly, Missy and I have started brewing our own beer.  We are starting to produce some respectable ales and are cranking out many diverse batches.

Last weekend we kicked it up to the next level and purchased an Oster 5cubic foot fridge, 4 corny kegs and all the CO2 gear to keg our brews.

Its amazing to be able to skip the botteling step and have draft beer on tap in my ‘man cave’.

Bottling involves de-labeling and sanitizing 52 12oz beer bottles, cooking a batch of ‘priming sugar’, sticking the beer in the bottles and capping them.  Then you wait at least 2 weeks for ‘bottle conditioning’ and you drink.

With kegging you transfer from your secondary fermentation vessel to the keg, pressurize it, roll it around a bit and wait a few hours.  You are drinking your beer in less than a day as opposed to two weeks.

I will post pictures and tutorials for the kegging project once its finished.

Network Security Monitoring with Arpwatch

Arpwatch is an amazingly useful tool that promiscuously listens on a specified interface for arp broadcasts.  It takes what it learns and saves the the output in a database for later reference in the following format.

mac_address ip unix_date/time hostname

It will take any changes/additions and log them to /var/log/messages as well as optionally emailing them.

This functionality is useful for detecting

  • Man-in-the-middle attacks
  • Arp spoofing/poisoning
  • Session hijacking attacks
  • New hosts introduced onto your network

Set up and configuration is easy.  Just download and compile arpwatch from lbnl’s site, create an arpwatch user (unless you want it to run as root… which you don’t), create an empty arpwatch database (touch/home/arpwatch/arp.dat) and run it.

The command line arguments you run will differ depending on how your network is set up, so check out the man page to be safe. The following should work for most situations.

/usr/sbin/arpwatch -i eth0 -u arpwatch -f /home/arpwatch/arp.dat -n x.x.x.x/21 -e –

-i eth0 tells it to listen on /dev/eth0 only.  You can run multiple instances of arpwatch for each nic/network if you are multihomed.

-u arpwatch tell it to run as the user ‘arpwatch’ instead of root.

-f /home/arpwatch/arp.dat tells it to save the arp database in that file instead of the default location

-n x.x.x.x/21 tells it that an additional address range is in use on this interface.  If you have IPs outside of those defined on your monitor nic it will report them as bogon.

-e – tells it not to email you with every thing it discovers.  You will want to run it this way the first time to avoid flooding your mail box.