Openfire an easy to use IM Server

Openfire (formerly wildfire) from "Ignite Realtime" is a free and easy to install IM server based on XMPP protocol which is available for Windows, Linux and Mac platforms.
I have tried the windows version and it worked nice. Its client is named "spark" and there is a web-based client (Sparkweb) available as well.
I got to this simple and easy IM server while I was searching for a Linux client for Microsoft Live Communication Server. I have crawled a lot a of forums and after all it seems that there is no solution to that in the Linux world yet. Some posts on using Wine was available but the people who tested it didn't come out with a positive result.

How to Send Windows Events to Syslog Server

Once we have our Syslog server up and running we can easily configure all our network devices and Linux/Unix like servers to send their events to the Syslog server but this is not true for Microsoft Windows Servers as Microsoft do not support Syslog.
There are free softwares to convert Microsoft Windows Event Viewer logs into Syslog format and send it over to our Syslog server though.
I am going to introduce three different windows to Syslog forwarders here.
I have introduced the first one before and still insist on using the first one since it has more flexibility over the others like filtering out any messages we don't like to be forwarded or adding other applications log files and its development team is more active:
1- Datagram SyslogAgent
2- Eventlog to Syslog (Purdue University)
One of my visitors noted this one and I ran an initial test on it and it seems to be working fine and it is worth to see what he/she has commented:

"Purdue University has an outstanding Eventlog to Syslog utility. It's lightweight and completely free. It also runs on Win2k3, Vista, 32-bit and 64-bit systems.
I use it to forward event logs from about 160 servers, and have had no issues whatsoever."

3- NTSyslog
I had some issues with this one last time I tried to set it up so I gave up on this one.

Secure Your Apache

Once you start searching for a topic like "Securing Apache" or "Hardening Apache" you will get hundreds of results and everyone tries to set out his own security concerns. The fact is that not every recommendation applies to our environment but we need to study and take into consideration all possible approaches to secure our web server. Some of these guides are too much complicated and strict and some too mild!
The following is a very basic and reasonable list of things we have to do to bring minimum security to our Apache server. Of course, Server Hardening comes first!

1. Hide the Apache Version number, and other sensitive information.
2. Make sure Apache is running under its own user account and group.
3. Ensure that files outside the web root are not served.
4. Turn off directory browsing.
5. Turn off server side includes.
6. Turn off CGI execution.
7. Don't allow apache to follow symbolic links.
8. Turn off support for .htaccess files.
9. Run mod_security.
10. Disable any unnecessary modules.
11. Make sure only root has read access to apache's config and binaries.

For technical details on these and more steps follow the bellow link:
20 ways to Secure your Apache Configuration

JPGraph Error

I asked a colleague of mine to set up a PHP-Syslog-NG (http://code.google.com/p/php-syslog-ng/) as the central logging system of all our devices and servers. He did this on a FreeBSD 7.0 and everything started working fine but the "Graph" section which works with JPGraph couldn't draw any Graphs and it came up with this message: "JpGraph Error Font file "/usr/share/fonts/truetype/msttcorefonts/verdana.ttf" is not readable or does not exist..
After some digging into the codes and configs I got over the problem following the bellow steps:

1. Install TrueType font on FreeBSD (XfStt).
2. Fetch the "verdana.ttf" font and place it in the directory that XfStt created for TrueType fonts.
3. Change the default "TTF_DIR" parameter.

Step 1:
An easy way to use TrueType fonts in BSD is to install XfStt which is available through ports collection at "/usr/ports/x11-servers/Xfstt/".
After the installation a directory will be created for TrueType fonts at "/usr/local/lib/X11/fonts/TrueType/".
Step 2:
downloading verdana.ttf and placing it in "/usr/local/lib/X11/fonts/TrueType/".
I fetched my copy from "http://www.afosteo.org/Download/Fonts/"
Step 3:
The final step is to point JPgraph TTF_DIR parameter inside the jpg-config.inc configuration file to to proper location.
jpg-config.inc is located at "/usr/svr/php-syslog-ng/html/includes/jpgraph"

Make Putty Tab Based!

Everyone knows Putty well but I always prefer to use SecureCRT because I can open different connections in a tab based manner, I can easily clone my sessions in case I need more than one session to the same device mainly for debugging or diagnostic reasons and I can save my connections into a database which easily can be backed up (Putty stores the sessions into registery!).
The good part about Putty is free, it is handy and requires no installation!
Well there are always great people out there to make things work better and thanks to Ramesh I have leaned that there is a free add-on called "Putty Connection Manager" which does all the job I pointed out earlier. You have your Tabbed based interface, You can clone your sessions and everything is stored in a database and above all it makes putty look more modern ;)
There are many other useful add-ons for Putty and you can learn about them through the following link:
The Geek Stuff » Turbocharge PuTTY with 12 Powerful Add-Ons - Software for Geeks #3:

Dig DNS Lookup in Windows!

Every System Administrator dealing with DNS administration knows the power of "dig" command-line tool in Linux/Unix environment. But there are times when an administrator needs to monitor and troubleshoot DNS from a Windows station and she would then realizes the deprivation!
The good news is that many Linux/Unix tools have been ported to windows (Check my post about Windows IPFW) and one of them is the "dig" utility.

The windows version of "dig" can be downloaded and installed from here: http://members.shaw.ca/nicholas.fong/dig/


For those who are new to "dig" the following link helps:
Dig Howto: http://www.madboa.com/geek/dig/

Free Windows TFTP and Syslog server!

It might sound crazy but I got a Cisco PIX firewall at home (PIX 501) and my internet traffic is running through it with a PPPoE connection and I have configured it to accept remote VPN connections as well in case I need to access my data at home while at work.
I was looking for a free and light TFTP server to backup my PIX configuration regularly and I found exactly what I was looking for at http://tftpd32.jounin.net/. tftpd32 is not just a TFTP server but also a DHCP and Syslog server as well. The next question was running TFTP as a service which I found the answer here: HOW TO install Windows tftpd as service.

How To Set Up A Linux Syslog Server

Any network administrator in charge of a few network devices would like to keep a record of the events on these devices like:

• who logged into devices (or tried to connect to network devices)
• when does he/she try to login
• what did she/he do after login
• what changes and events have been announced on the device (like interface status change)

And lots of other information that might give a clue about a policy violation or tracking a series of events that led to a network disruption incident.
What I am talking about is to have a simple SYSLOG server in place to collect all log messages to a central location.
If you need to setup a quick and easy syslog server just follow the link bellow. It is meant for Debian but will work on almost all Linux distributions :
Linux Syslog Server - How To Set Up A Debian Linux Syslog Server

The Challenges of a Firewall Administrator

A firewall administrator must have a good understanding of the applications and the way they work behind the scenes. Some protocols are unruly in their communication pattern and some put layer 3 and layer 4 addressing in payload which adds another twist to the problem. at last, sometimes the direction which the protocol is initiated is unclear!
When working with firewalls to provide access to services and applications the following must be considered carefully :

1. Some protocols are untruly in their communication (FTP)
   
2. Some put addressing in payload (FTP, SIP, PPTP)
   
3. Some confuse us about the direction of the communication (SNMP, SNMPTrap)

So anyone who is in complete charge of a firewall needs to know how the communication of protocols happens.
Do we need an inbound or outbound connection? (Where will the traffic be initiated?)
Is it TCP or UDP or do we need to put a protocol number?
Do we also need to handle address translation in payload?

All this brings up a great challenge to a firewall administrator which makes him to get to know applications and protocols well enough to tackle the problems.

Syslog Message Header Format

Finally I fixed my problem with huawei syslog messages! Actually I found a work around to it on my Syslog-NG server. There is a bad_hostname("regexp") directive in syslog-ng configuration file which can be used to ignore wrong hostnames extracted from syslog header messages if specified, and the cool thing is that you can use regular expresions to specify a range of hostnames matching your criteria. Once a bad_hostname matched syslog-ng will look into the IP header instead for the source address and places this address as the hostname.

But to realize what exactly the problem was I decided to take a close look into RFC 3164. Section 4.1.2 says:

• The HEADER contains two fields called the TIMESTAMP and the HOSTNAME.
• The TIMESTAMP field is the local time and is in the format of "Mmm dd hh:mm:ss" (without the quote marks)
• A single space character MUST follow the TIMESTAMP field
• The HOSTNAME field will contain only the hostname, the IPv4 address, or the IPv6 address of the originator of the message. The preferred value is the hostname
• Example: <34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8

It has firmly defined how a syslog message format should be and to see how Huawei is complying with this format I have captured traffic from huawei routers and switches with tcpdump:
>Oct 28 16:15:03 2006 SHZ-C2H-Router IFNET/5/UPDOWN:S[|syslog]

OK! instead of the HOSTNAME stgraight after the TIMESTAMP I see "2006" which is the YYYY part of the current date on huawei devices!
Anyway, as soon as the bad_hostname directive is there no need to bother for this kind of problem!

Does Windows Support SNMP v3?

Moving towards SNMP v3 needs some thinking before the final decision to make sure all parties included in the migration are capable of that! This includes the Managers and Agents.
Managers can be a major concern since many of them do not support SNMP v3 nodes which can cause the whole move to collapse in the planning phase!!!
Agents includes all Devices like Switches, Routers, Firewalls or operating systems (Windows and unix/linux family). Many devices come with SNMP v3.
For Unix and Linux servers the Net-SNMP provides a complete solution for the move but for Microsoft Windows servers it should be mentioned that the SNMP service which is built into the operating system does not support SNMP v3 but luckily there is an alternative which is installing the Windows version of Net-SNMP:
Installing Net-SNMP on Windows

How to Configure SNMPv3

SNMPv3 provides both authentication and encryption (privacy) which addresses the security issues in SNMP v2/3 (No Authentication and Confidentiality) implementation which was only based on community names.
with SNMP v3 it is now possible to create username/password and define which MIBs is the user allowed to view and all these can also be encrypted.
This is a good resource to get a quick view on how to configure Cisco and Net-SNMP for SNMPv3:
Configuring SNMPv3
If you are intrested to know more about SNMP this is a thorough resource which many documents are referring to as a technology reference:
Essential SNMP, Second Edition

Setting up Syslog-ng in Fedora Core 5

I am busy with setting up a php-syslog-ng server on Fedora Core 5 these days but things are really getting harder than I imagined! Having the syslog-ng service itself up and running is simple and straight forward but adding the opportunity to monitor the logs through a web interface; which is what I really need has made my life difficult!
The difficulty is where different details from Apache, MySQL and syslog-ng configuration file must be adjusted.
I am documenting the process as I go on and will put it here once completed.