Openfire an easy to use IM Server

Openfire (formerly wildfire) from "Ignite Realtime" is a free and easy to install IM server based on XMPP protocol which is available for Windows, Linux and Mac platforms.
I have tried the windows version and it worked nice. Its client is named "spark" and there is a web-based client (Sparkweb) available as well.
I got to this simple and easy IM server while I was searching for a Linux client for Microsoft Live Communication Server. I have crawled a lot a of forums and after all it seems that there is no solution to that in the Linux world yet. Some posts on using Wine was available but the people who tested it didn't come out with a positive result.

How to Send Windows Events to Syslog Server

Once we have our Syslog server up and running we can easily configure all our network devices and Linux/Unix like servers to send their events to the Syslog server but this is not true for Microsoft Windows Servers as Microsoft do not support Syslog.
There are free softwares to convert Microsoft Windows Event Viewer logs into Syslog format and send it over to our Syslog server though.
I am going to introduce three different windows to Syslog forwarders here.
I have introduced the first one before and still insist on using the first one since it has more flexibility over the others like filtering out any messages we don't like to be forwarded or adding other applications log files and its development team is more active:
1- Datagram SyslogAgent
2- Eventlog to Syslog (Purdue University)
One of my visitors noted this one and I ran an initial test on it and it seems to be working fine and it is worth to see what he/she has commented:

"Purdue University has an outstanding Eventlog to Syslog utility. It's lightweight and completely free. It also runs on Win2k3, Vista, 32-bit and 64-bit systems.
I use it to forward event logs from about 160 servers, and have had no issues whatsoever."

3- NTSyslog
I had some issues with this one last time I tried to set it up so I gave up on this one.

Secure Your Apache

Once you start searching for a topic like "Securing Apache" or "Hardening Apache" you will get hundreds of results and everyone tries to set out his own security concerns. The fact is that not every recommendation applies to our environment but we need to study and take into consideration all possible approaches to secure our web server. Some of these guides are too much complicated and strict and some too mild!
The following is a very basic and reasonable list of things we have to do to bring minimum security to our Apache server. Of course, Server Hardening comes first!

1. Hide the Apache Version number, and other sensitive information.
2. Make sure Apache is running under its own user account and group.
3. Ensure that files outside the web root are not served.
4. Turn off directory browsing.
5. Turn off server side includes.
6. Turn off CGI execution.
7. Don't allow apache to follow symbolic links.
8. Turn off support for .htaccess files.
9. Run mod_security.
10. Disable any unnecessary modules.
11. Make sure only root has read access to apache's config and binaries.

For technical details on these and more steps follow the bellow link:
20 ways to Secure your Apache Configuration

My Firefox Add-ons

Here is the list of my favorite firefox add-ons:
FireFTP:
Des: Easy to Use FTP Client
Link: http://fireftp.mozdev.org/
Domain Details:
Des: Displays Server Type, IP Address with Location Flag.
Link: https://addons.mozilla.org/en-US/firefox/addon/2166
Live IP Address:
Des: Displays your IP address in Status Bar
Link: https://addons.mozilla.org/en-US/firefox/addon/1731
ScreenGrab:
Des: Saves current web page or part of it as image file
Link: Screengrab! :: Firefox Add-ons
Read it later:
Des: The title explains what it does!
Link: https://addons.mozilla.org/en-US/firefox/addon/7661
Showcase:
Des: A thumbnail view of currently opened tabs
Link: Firefox Showcase :: Firefox Add-ons
Download Statusbar:
Des: The title explains what it does!
Link: Download Statusbar :: Firefox Add-ons
ReloadEvery:
Des: Reloads your pages automatically on every x seconds
Link: ReloadEvery :: Firefox Add-ons
HTTP Live Header:
Des: Shows the http dialogue between your browser and the destination web server.
Link: https://addons.mozilla.org/en-US/firefox/addon/3829

JPGraph Error

I asked a colleague of mine to set up a PHP-Syslog-NG (http://code.google.com/p/php-syslog-ng/) as the central logging system of all our devices and servers. He did this on a FreeBSD 7.0 and everything started working fine but the "Graph" section which works with JPGraph couldn't draw any Graphs and it came up with this message: "JpGraph Error Font file "/usr/share/fonts/truetype/msttcorefonts/verdana.ttf" is not readable or does not exist..
After some digging into the codes and configs I got over the problem following the bellow steps:

1. Install TrueType font on FreeBSD (XfStt).
2. Fetch the "verdana.ttf" font and place it in the directory that XfStt created for TrueType fonts.
3. Change the default "TTF_DIR" parameter.

Step 1:
An easy way to use TrueType fonts in BSD is to install XfStt which is available through ports collection at "/usr/ports/x11-servers/Xfstt/".
After the installation a directory will be created for TrueType fonts at "/usr/local/lib/X11/fonts/TrueType/".
Step 2:
downloading verdana.ttf and placing it in "/usr/local/lib/X11/fonts/TrueType/".
I fetched my copy from "http://www.afosteo.org/Download/Fonts/"
Step 3:
The final step is to point JPgraph TTF_DIR parameter inside the jpg-config.inc configuration file to to proper location.
jpg-config.inc is located at "/usr/svr/php-syslog-ng/html/includes/jpgraph"

Make Putty Tab Based!

Everyone knows Putty well but I always prefer to use SecureCRT because I can open different connections in a tab based manner, I can easily clone my sessions in case I need more than one session to the same device mainly for debugging or diagnostic reasons and I can save my connections into a database which easily can be backed up (Putty stores the sessions into registery!).
The good part about Putty is free, it is handy and requires no installation!
Well there are always great people out there to make things work better and thanks to Ramesh I have leaned that there is a free add-on called "Putty Connection Manager" which does all the job I pointed out earlier. You have your Tabbed based interface, You can clone your sessions and everything is stored in a database and above all it makes putty look more modern ;)
There are many other useful add-ons for Putty and you can learn about them through the following link:
The Geek Stuff » Turbocharge PuTTY with 12 Powerful Add-Ons - Software for Geeks #3:

Email Security Vocabulary!

Improve your email security Terminology:

• Domainkeys (http://en.wikipedia.org/wiki/DomainKeys)
• DKIM (http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail)
• SenderID (http://en.wikipedia.org/wiki/Sender_ID)
• SPF (http://en.wikipedia.org/wiki/Sender_Policy_Framework)
• BATV (http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation)
• DNSBL (http://en.wikipedia.org/wiki/DNSBL)
• Spamtrap (http://en.wikipedia.org/wiki/Spamtrap)
• DCC (http://en.wikipedia.org/wiki/Distributed_Checksum_Clearinghouse)
• Greylisting (http://en.wikipedia.org/wiki/Greylisting)
• Nolisting (http://en.wikipedia.org/wiki/Nolisting)
• Callback Verification (http://en.wikipedia.org/wiki/Callback_verification)
• Spamassassin (http://en.wikipedia.org/wiki/SpamAssassin)
• Bayesian Filtering (http://en.wikipedia.org/wiki/Bayesian_filter)
  
• Backscatter (http://en.wikipedia.org/wiki/Backscatter_(e-mail))
• Hashcash (http://en.wikipedia.org/wiki/Hashcash)
• Tarpitting (http://en.wikipedia.org/wiki/Tarpitting)

TCPDUMP Tutorial

TCPDUMP is a wonderful command line tool which helps analyzing and troubleshooting network traffic on a Linux host.

The tcpdump options I use the most are:

• -n : Don't resolve hostnames.

• -nn : Don't resolve hostnames or port names.

• -v, -vv, -vvv : Increase the amount of packet information you get back.

The followings are the most tcpdump expressions I use:

Display any traffic souring and destining a specific host:

• tcpdump host "Host Address"

Display any traffic sourcing a specific host:

• tcpdump src "Host-address"

Display any traffic destining a specific host:

• tcpdump dst "Host-address"

Display any ICMP traffic:

• tcpdump icmp

Display traffic sourced or destined a specific network:

• tcpdump net "net-address"

Display any traffic sourcing or destining a specific port:

• tcpdump port "port-number"

Display any traffic sourcing a specific port:

• tcpdump src port "port-number"

Display any traffic destining a specific port:

• tcpdump dst port "port-number"

It is also possible to use "AND", "OR", and "Excpet":

You can learn more about tcpdump options and expressions with great examples at this location: http://dmiessler.com/study/tcpdump/

MultiMail - SMTP Stress Testing Tool

For a while I was looking for an email stress tool which could help me sending hundreds of emails to a single mail server with designated properties like a specific subject, body or attachment.
MultiMail is a free SMTP stress tool:
CodeProject: MultiMail 2.0 - Freeware SMTP stress testing tool. Free source code and programming help

Subpixel Rendering and ClearType

Subpixel rendering is a technology which makes the texts on your computer display screen appear more clear. The first thing I loved about IE7 when it first came out was the difference between the appearance of texts on IE7 and Firefox and I wished I could have the same text quality on Firefox until I found the solution when my IE7 started crashing again and again a couple of days ago and I had to make a complete move to Firefox!
ClearType is the Microsoft implementation of subpixel rendering technology and it is "turned off" in Windows XP, by default. it can be turned on though. On Vista Computers it is turned on by default.
ClearType can be "turned on" at OS or Application Level. In the case of IE7 and Microsoft Office 2007 it is turned on at the application level but to enjoy reading texts in other applications like firefox in windows XP it must be turned on at the OS level by downloading The "ClearType Tuner" from the following Link:
http://www.microsoft.com/typography/ClearTypePowerToy.mspx
Click on the following image to see the difference:
More information on ClearType:
ClearType - Wikipedia, the free encyclopedia

Dig DNS Lookup in Windows!

Every System Administrator dealing with DNS administration knows the power of "dig" command-line tool in Linux/Unix environment. But there are times when an administrator needs to monitor and troubleshoot DNS from a Windows station and she would then realizes the deprivation!
The good news is that many Linux/Unix tools have been ported to windows (Check my post about Windows IPFW) and one of them is the "dig" utility.

The windows version of "dig" can be downloaded and installed from here: http://members.shaw.ca/nicholas.fong/dig/


For those who are new to "dig" the following link helps:
Dig Howto: http://www.madboa.com/geek/dig/

A great Free IE7 add-on

IE7Pro is a free IE7 add-on which brings a lot of great features to your browsing.
The followings are the features I like the most about IE7Pro:
Search Bar: This makes IE7 search like Firefox which brings up a search bar and you can run live lookups.
Tab History: Keeps a history of all opened tabs and I can easily browse from this list
Tab Recovery: If for any reason IE7 closes unexpectedly and I have had a couple of opened tabs it will show me the list of opened tabs the next time I run IE7.
Save Session: if I save a session by loading it the next time it will open all tabs I had open at time the I saved the session. (Very useful and time saving)
Save Pages as Images: This is really wonderful! I can save a whole page in .PNG format and it works very quick.
Page Auto Refresh: This way I can set an interval on each tab which IE7 will automatically reload the page!
Auto-scroll: Once enabled it will scroll down a page automatically with a tunable speed.

Exchange Server 2007 Component Architecture

Microsoft changed the Exchange Server architecture dramatically in its 2007 edition and instead of just a Back-End and Front-End role there are five different roles; Hub-Transport, Edge-Transport, Mailbox, Client Access and Unified Messaging.

Download Microsoft Exchange Server 2007 Component Architecture Diagram From Here:
Microsoft Exchange Server 2007 Component Architecture

GFI Endpoint Security

For those who are very concerned over host security in terms of information theft or malicious code infections through CD/DVD, USB Storages,Tape Devices, Serial and Parallell ports, Printers, etc. GFI Endpoint will be the solution.
It works in a client/Server manner which the Endpoint Server controls hosts by deploying an agent to every desired host. (GFI also provides its agent in .msi file which is very good for large Active Directory Deployments.)
Endpoint makes it possible to block or put restrictions on each device type (Read-Only or Full-Access) based on users or groups and provides great reporting on all events.
If someone has Full-Access permission over any kind of available devices it will log all applications which were used and the filenames which were transfered or printed.
If you are wondering how to block access to USB and CD drives try GFI Endpoint.
For more info check GFI EndpointSecurity Here!

Exchange Server Event ID:505

Yesterday I was called in by a customer to resolve a mount issue on a Microsoft Exchange Server 2003 database. This one was new to me and easy to resolve!
I could see "Event ID: 505" in application logs saying:

Information Store (2028) An attempt to open the compressed file "drive:\Exchsrvr\MDBDATA\priv1.edb" for read / write access failed because it could not be converted to a normal file. The open file operation will fail with error -4005 (0xfffff05b). To prevent this error in the future you can manually decompress the file and change the compression state of the containing folder to uncompressed. Writing to this file when it is compressed is not supported."

Exchange server 2000 service pack 3 and later versions can not open databases which are compressed with NTFS compression feature. So the only resolution would be to uncompress the folder holding exchange server databases. for me this worked nice but Microsoft also recommends running an offline defragmentation (eseutil /d "database location") before mounting the database.
For more info check this:
Database does not mount, and you receive error 0xfffff05b after you apply SP3 to Exchange 2000

Perl and Regular Expressions

I have been drawn into an exciting area called "Perl scripting!". It is a great fun and until I started studying Perl I didn't know how much I was lost in system and network administration!
Currently, what I mostly need to do with Perl is text processing.
In my first project I needed to telnet into a Fortigate firewall, send a couple of commands, fetch the output, process and reorder the output which was the main purpose of the job and store it in a file and trigger an action if specific pattern observed in the output.
All these required complex text processing which could not have been accomplished without "Regular Expressions".
The following are the references I found very useful for me to get a grasp on "Regular Expressions" in Perl.

Regular expressions in Perl
Perl regular expressions tutorial
Steve Litt's Perls of Wisdom: Perl Regular Expression

Windows Installation Over Network!

I don't like these kind of things but I had to figure out how to boot a PC with a blank hard disk, create partitions for OS installation, format them and then start windows XP installation over network, which needs all the required drivers for TCP/IP support in MS-DOS only environment.
MS-DOS boot disk with TCP/IP networking enabled can be obtained for free at:
Universal TCP/IP Network Bootdisk
If your hard disk is not formatted you can aquire standard MS-DOS boot disks from here which comes with FDISK and FORMAT commands:
Free Boot Disks

After creating partitions and formatting them with the standard MS-DOS boot disk the Universal TCP/IP network bootdisk (Supports both static and DHCP configuration) helps creating and connecting to a network drive which holds the installation files.

Problems Cheer Me Up!!!

I love troubleshooting and fixing complex problems or those problems others couldn't fix! I tend to chase problems and when I find the source of the problem and the fix I feel like a tank full of fuel! Everytime it feels like it is the happiest moment I have ever had in my life!
What a boring life it would be, if there were no problems to fix!

Fighting Spam with Barracuda Spam Firewall

It's been a couple of weeks since I started working on a dedicated solution to fight incoming spam and I did some study on the history and mechanisms available to block spam and which methods are efficient for an Internet Data Center. I was thinking of implementing Spamassassin using Qmail as MTA, but our company policy has changed and now I am considering an Anti-spam Appliance. There are many appliances available and most of them have other security features like Firewalling, Virus scanning and DoS protection.
Spam Firewall from Barracuda Networks seems a great option to me with different mechanisms including Bayesian and great control over what should be considered spam and non-spam (ham) and provides a good visibility to what is happening on the box by its statistics. Its control panel has got a lot of screens which might bring complexity but it also gives great control and make any policy enforcement possible!
I am really impressed with the administration options and I like to get my hands on it!
Spam Firewall is actually a Linux platform running spamassassin in its core.

Free Windows TFTP and Syslog server!

It might sound crazy but I got a Cisco PIX firewall at home (PIX 501) and my internet traffic is running through it with a PPPoE connection and I have configured it to accept remote VPN connections as well in case I need to access my data at home while at work.
I was looking for a free and light TFTP server to backup my PIX configuration regularly and I found exactly what I was looking for at http://tftpd32.jounin.net/. tftpd32 is not just a TFTP server but also a DHCP and Syslog server as well. The next question was running TFTP as a service which I found the answer here: HOW TO install Windows tftpd as service.

Access is Denied: c0070005

I was called in by a customer to look into a problem they had been experiencing for a long time. On their Active Directory Domain Controller, when the administrator user logs in it receives an "Access is Denied" dialogue box with "Win32" facility and "ID no: c0070005" as bellow in "Active Directory Users and Computers" by right-clicking on every object:


Another symptom was that the administrator user could not run Exchange Server System Manager. But a user with administrator privilege did not get any of these errors.
There are a lot of causes and resolutions mention on different forums, Microsoft official support website and blogs but finally I found one matching and resolving my problem Here!
The problem was that someone or some process had added Administrator user account to the "Guests" and "Domain Guests" group! I suspect that an application or process did this modification and not a user!

Exinda Networks WAN Optimizer Applicance!

We are providing Internet bandwidth to different organizations and individuals and provide a variety of services over that bandwidth like Web, Email, and Voice. Customers can select from a category of services with different pricing matching their bandwidth or quality requirements and we need to make sure customer are receiving what they have signed with us.
Some are receiving Dedicated Bandwidth and some Shared Bandwidth and no matter in which of these two categories they fall, they expect good quality on delay sensitive services like Voice and Conferencing traffics which needs to be guaranteed. These policies can be imposed on DSLAMs and Routers close to the customer but not every detail can be addressed on Routers and DSLAMs besides it makes sense to have an appliance standing on top of the network hierarchy as a single point of policy enforcement.
Many vendors provide appliances which are called WAN Accelerators or Optimizers and they all optimize or accelerate traffic by features such as Compression, Caching, Changing TCP headers and enforcing QoS.
I have one of these appliances from "Exinda Networks" in my network for evaluation. It provides reporting through statistics and graphs and it does it really great! There are a variety of different report categories available such as Realtime, Applications, Hosts, Subnets, Conversations, and Application Statistics and in each category it is possible to get more detailed into a specific traffic type. All these reports help build up a network traffic profile and then develop and enforce proper optimizer policies to meet the concerns, criteria, and requirements.

How to Implement Source Routing With Linux

As mentioned in my previous post I got an Internet gateway which is a Linux box and I have two Internet connections connected to that server. One is a 2Mbps Leased-Line and the other a 1Mbps wireless connection. I want hosts from specific subnets have their Internet traffic directed to the wireless Internet connection while others go through the Leased-Line link.

This is easily done with Linux and iproute2 suit which is installed by default on Fedora.

By default all routes are stored in a table called "main" and by issuing the following command the routes stored inside this table can be displayed:

• ip route list table main
  

The results are exactly that same as just running the "route" command.

Any queries coming to this server for routing decisions will be looked up in the "main" table unless mentioned otherwise. But how is this possible?

It is also possible to define a new routing tables and have different routing entries inside the new defined table and apply rules so that traffic from specific sources are directed to this new table for route look up!

First:

we need to create a new table which easily handled by adding the name at the end of /etc/iproute2/rt_table. It may look like this:

10 wireless-link

Second:

New routes should be added to this table:

• ip route add 192.168.120.0/24 via 192.168.10.1 table wireless-link
• ip route add default via 80.120.99.12 table wireless-link (This defines the default route for "wireless-link" routing table)
• ip route list table wireless-link (This will display routes added to wireless-link)

Third:

Route rules must define when requests must be looked up in the "wireless-link" table!

• ip rule add from 192.168.120.0/24 table wireless
• ip rule list (display ip rules)

From now on, every traffic coming from 192.168.120.0/24 will be leaded to wireless-link table so its default route will be 80.120.99.12 while traffic from other sources will be still lookup routes in the "main" table which has its own default route (Leased-Line).

To undo ip rules and routes the following syntax must be followed:

• ip rule del from 192.168.120.0/24 table wireless
• ip route del default via 80.120.99.12 table wireless-link

Route Policy With Linux

In one of our premises I have two firewalls; A Linux iptable and a Microsoft ISA Server.
I got two Internet connections, each connected to one firewall and the plan is to remove the ISA server and add the Internet connection (currently servicing ISA server users) to the Linux box which makes two internet connections on the same server. I got around 20 VLANs and I want to split Internet traffic between these two connections based on the source address. This can easily be done by iproute2 suite. I have not done this before but I am studying it and it seems easy and straightforward. I will post more on this later.

Hardening Linux: Service Shutdown!

I am developing a security guide to provide recommendation to harden a Linux box after a base installation. One of the basic steps to harden a Linux box is to evaluate all Services and shutdown anything that is not necessary for the operation of the operating system and services it offers to its clients. Shutting down Services provides the following benefits:

• Decreases boot up process resulting in higher uptime
• Less system resources are consumed which increase the overall performance of server
• Removes / reduces the risk of any Service vulnerability or abuse

To accomplish this you should know about the functions of each and every Service. There are different documents available to explain this. Here I have found something that helped me a lot because my document is based on Redhat I have found this matching my requirements the best:
Understanding Your Redhat Enterprise Linux Daemons

Application Layer Monitoring

It's been some time since I set up "ManageEngine Applications Manager" to monitor our services availability and health status. Like many popular monitoring applications it provides SNMP (Monitoring resources like CPU, Memory, Network Interfaces, Disks) and ICMP (Monitoring Layer 3 availability) monitoring but it goes beyond that by sending application specific probes to make sure different applications and services are available and healthy. A variety of application and services are supported like:

• POP3 and SMTP
• Web Server monitoring: This includes IIS and Apache with the ability to perform URL Monitoring
• Database Monitoring: DB2, MS-SQL, MySQL, Oracle
• Microsoft .NET / Tomcat / JBoss / WebSphere Monitoing

For the complete list click here.
The top reason I choose ManageEngine was the ability to monitor URLs. We are hosting around 200 web sites and it happens that a single URL goes down while the web server itself is healthy and no sign of service fault can be recognized.
Currently I am using MS-SQL, MySQL, Apache and IIS monitors and I really like the outputs, Reports and Graphs. The GUI provides quick overall view and quick access to monitors and reports.
Another great thing is the SLA management feature which lets us defining different SLA levels and assign them to monitor groups and report when a monitoring group has violated SLA Agreement.
It is really crucial to have a complete logging and monitoring solution functioning up to the application layer. There are a lot of application layer monitoring systems available; Commercial and Free. Many vendors are now including this level of monitoring into their network monitoring products.
To learn more on Different Monitoring tools just visit: http://www.monitortools.com/

Aimlessness is a vice

"Until thought is linked with purpose there is no intelligent accomplishment... Aimlessness is a vice ... They who have no central purpose in their life fall an easy prey to petty worries, fears, troubles, and self-pityings, all of which are indications of weakness, which lead, just as surely as deliberately planned sins (though by a different route), to failure, unhappiness, and loss, for weakness cannot persist in a power-evolving universe. "

As a Man Thinketh, James Allen

Develop These IT Skills!

10 Skills an IT professional should be thinking about developing to keep on top of things in the tech world in the next five years:

1. Voice Over IP


2. Unified Communications


3. Hybrid Networks


4. Wireless Technology


5. Remote User Support


6. Mobile User Support


7. Software As a Service


8. Virtualization


9. IPv6


10. Security

Download the full text in pdf format here:
http://downloads.techrepublic.com.com/abstract.aspx?docid=305505&tag=nl.e108

Project Management and Leadership

I have always had a special interest in management topics specially Project Management. TechRepublic is one of the greatest sources available for IT Project Managers. It is not intended to be for professional project managers but helps IT specialist to improve their project management skills and visions. Here is a quick topic I found interesting on their latest newsletter:

Exhibit leadership on challenging projects

The Best Practices For Network Security In 2007

I got many Draft posts in blogger and when I feel like posting something new and I got nothing in mind I just go and review my drafts and today I came across a topic highlighting Best practices for network security in 2007.
In this topic 7 practices are mentioned in order of importance:

1. Roll out corporate security policies
2. Deliver corporate security awareness and training
3. Run frequent information security self-assessments
4. Perform regulatory compliance self-assessments
5. Deploy corporate-wide encryption
6. Value, protect, track and manage all corporate assets
7. Test business continuity and disaster recovery planning

For the complete article click bellow. If you interested in security from the management perspective don't miss the link. You will find lots of interesting links to valuable resources you can not find in one place.

Computerworld - The best practices for network security in 2007

Started CCSP Path with SNPA

After a relatively long time I took the 642-522 exam known as "Securing Networks with PIX and ASA - SNPA" today and passed smoothly. I could achieve this by studying Cisco Press SNPA official certification study guide and hands on experience on cisco PIX devices.
SND is the next stop...