My IT and development musings.

+menu-


  • Category Archives Security
  • Debmon on Debian 6 (squeeze)

    I wanted to try out the latest revision of Icinga and decided that Debmon would be the fastest. I thought that, anyway, until I wasted two hours trying to get aptitude to play nice with Debmon.

    In an effort to save someone else some time, here are my notes for installing Debmon on Debian 6 (squeeze)…

    Be sure that the server timezone is set to UTC. Use dpkg-reconfigure tzdata to change it as necessary

    nano /etc/apt/sources.list

    deb http://ftp.us.debian.org/debian stable main
    deb-src http://ftp.us.debian.org/debian stable main
    deb http://ftp.debian.org/debian/ squeeze-updates main
    deb-src http://ftp.debian.org/debian/ squeeze-updates main
    deb http://security.debian.org/ squeeze/updates main
    deb-src http://security.debian.org/ squeeze/updates main
    deb http://backports.debian.org/debian-backports squeeze-backports main
    deb http://debmon.org/debmon debmon-squeeze main
    

    Command line:

    gpg --keyserver pgpkeys.mit.edu --recv-key DC0EE15A29D662D2
    gpg -a --export DC0EE15A29D662D2 | apt-key add -
    apt-get update
    apt-get upgrade
    apt-get install mysql-server
    apt-get install icinga-web icinga-phpapi icinga-web-pnp
    

    After this follow the Debmon write-up at http://debmon.org/IcingaIdoutilsIcingaWebInstallation

    For PNP, use https://wiki.icinga.org/display/howtos/Setting+up+PNP+with+Icinga#SettingupPNPwithIcinga-RRDToolandPerlBindings


  • Openfire 3.7.1 authenticating with an Active Directory global catalog server

    As in my previous post for 3.7.0 (link), I’ve created a patch for Openfire to authenticate against the entire global catalog. The actual changes and even the line numbers are identical:

    Index: LdapManager.java
    ===================================================================
    --- LdapManager.java    (revision 1)
    +++ LdapManager.java    (revision 2)
    @@ -622,7 +622,11 @@
                * the secure connection has been established. */
                if (!(startTlsEnabled && !sslEnabled)) {
                    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    +           if (baseDN == null || baseDN.trim().isEmpty()) {
    +               env.put(Context.SECURITY_PRINCIPAL, userDN);
    +           } else {
                    env.put(Context.SECURITY_PRINCIPAL, userDN + "," + baseDN);
    +           }
                    env.put(Context.SECURITY_CREDENTIALS, password);
                } else {
                    if (followReferrals)
    

    This has been up and stable for several months now with no issues.

    To download the compiled openfire.jar, please click here.


  • Use of Snort in conjunction with your head end router

    Following repeated reports of inappropriate intranet port scans, we implemented a vanilla installation of Snort. To be honest, I needed to change out my adult diaper after looking at the raw, unfiltered data.

    As some background, we’ve installed Snort on a rather old HP DL180 G1 with 4GB of RAM and a pair of dual core processors. And to be fair, directing the network traffic of 350+ machines at a five year old server may not have been the kindest thing I’ve done in a while, but it did hold the load.

    After building rudimentary filters in BASE (Basic Analysis and Security Engine) and analyzing less than 24 hours worth of data, I was able to easily pick out a dozen workstations and a server that needed immediate attention from the IT team. I am looking forward to integrating Snort with iTop for a more complete network management solution, and hopefully I have more to share on this topic soon.