After Hours

General discussion


In my own words...

By Justin Fielding ·
Tags: Off Topic
blog root

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

IBM alliance expands

by Justin Fielding In reply to In my own words...

<p class="MsoNormal">Novell and RedHat have joined IBM?s strategic alliance,
their highest tier partner status.  IBM
have said that the strengthened alliance will allow users to obtain standards
based Linux hardware, software and service through integrated channels.  Customers will be able to purchase one and
three year Linux support subscriptions for the Linux operating system on both
IBM and non-IBM hardware.  Suse Linux
Enterprise Server will certify IBM?s version of Apache Geronimo?an open source
J2EE application server Websphere Community Edition.</p>

Collapse -

Fedora Core 5 will include Mono

by Justin Fielding In reply to In my own words...

<p class="MsoNormal">Despite opposition from RedHat it has been announced the
Fedora Core 5 will include both the <a href="">Mono</a> runtime and <a href="">Mono</a> applications like <a href="">F-Spot</a> and <a href="">Beagle</a>.  Mono provides a base to develop and run .NET
applications on Linux and other Unix based operating systems (MacOS X, Solaris
etc) and is fast becoming a leading choice for application developers.  With the upcoming Windows Vista making
increasing use of the .NET framework it could mean that in the future running
Windows applications on a Linux platform becomes a realistic option.</p>

Collapse -

Fedora Core 5 will include Mono

by bwogi In reply to Fedora Core 5 will includ ...

It better be true. Infact its so amazing to see how beautifully fast the technology is moving. Forget about the wars. very healthy they are.

Collapse -

Fedora Core 5 will include Mono

by Justin Fielding In reply to Fedora Core 5 will includ ...

Yes, it's a good thing, I was really impressed with some of the Mono applications I had tried.

Collapse -

Remote Access: PPTP VPN with OpenBSD Tutorial, part 1

by Justin Fielding In reply to In my own words...

<p class="MsoNormal">Following up on my previous series on implementing VPN
tunnels with OpenBSD, I thought I should cover the configuration of another VPN
implementation, PPTP. PPTP stands for 'Point to Point Tunnelling Protocol.' This
allows users to 'dial-in' to access files or services on the internal corporate
network, from any Internet connection. The great thing about PPTP versus other
remote 'dial-in' types of VPN is that Microsoft Windows
(95/98/Me/NT/2000/XP/Vista) has a PPTP client built in, which means
administrators don't have to deal with any additional client software and the
problems that normally accompany it.</p>

<p class="MsoNormal">By far the most popular Open-Source PPTP server offering is <a href="">Poptop</a>. Poptop has the following features:</p>

<ul type="disc"><li class="MsoNormal">Microsoft compatible
authentication and encryption (MSCHAPv2, MPPE 40 - 128 bit RC4 encryption)</li><li class="MsoNormal">Support for multiple client
connections</li><li class="MsoNormal">Seamless integration into a
Microsoft network environment (LDAP, SAMBA) using RADIUS plugin</li><li class="MsoNormal">Works with Windows
95/98/Me/NT/2000/XP PPTP clients</li><li class="MsoNormal">Works with <a href="" target="_new">Linux PPTP client</a></li><li class="MsoNormal">Poptop is, and will remain,
totally free under the GNU <a href="" target="_new">General Public License</a></li></ul>

<p class="MsoNormal">While there isn't source for OpenBSD on the Poptop project
page, a <st1:place w:st="on"><st1:placetype w:st="on">port</st1:placetype> of <st1:placename w:st="on">Poptop</st1:placename></st1:place> is made available in the OpenBSD
packages archive. I'm going to run through installing and configuring Poptop on
an almost clean OpenBSD 3.7 installation; in fact, it's the exact same system
which I have just used in the IPSec tutorials. </p>

<p class="MsoNormal">I found the Poptop package <a href="">here</a>.
While I should use the <st1:country-region w:st="on"><st1:place w:st="on">UK</st1:place></st1:country-region>
mirror, it's slow and often incomplete, and the German mirror sites are usually
fast and exact! Note that this is the package for OpenBSD 3.7. If you're using
another release of OpenBSD, then be sure to get the package from the correct
branch. I don't think there would be a problem but the packaging system may
have been modified between releases.</p>

<p class="MsoNormal">Getting Poptop running is not as simple as it initially
sounds. We have to go through the following process:</p>

<ol start="1" type="1"><li class="MsoNormal">Recompile
BSD Kernel for GRE support and additional tun devices.</li><li class="MsoNormal">Create
additional tun devices.</li><li class="MsoNormal">Install
package.</li><li class="MsoNormal">Configure
Poptop to run with full strength encryption.</li><li class="MsoNormal">Allow
Poptop traffic through the firewall.</li></ol>

<p class="MsoNormal">I know recompiling the Kernel can sound quite scary to
someone who hasn't done this before. It did to me. This was required when I
first performed a Poptop installation with OpenBSD 3.6. I don't know if it's
still required, but as far as I can tell it is, (if anyone knows otherwise then
please let me know!). You don't need to do this for every system built. I did
it the first time and then kept a copy of the new kernel to use on later

<p class="MsoNormal">The following process is just one way in which Poptop can be
configured, but I'm sure there are others. I found this quite difficult the
first time with various mailing lists and forum posts giving conflicting
information. Hopefully, this guide brings all of the correct information
together into one place.</p>

<p class="MsoNormal">First of all, copy and unzip the system source files to your
/usr/src directory. I won't go in to too much detail with explaining simple
actions like this, I'm assuming by now most people following these tutorials
are pretty comfortable with performing basic operations in BSD. The source will
be located in files called src.tar.gz, and sys.tar.gz, either located on your
installation CD or downloaded from the OpenBSD FTP servers.</p>

<pre># tar ?xzf src.tar.gz ?C /usr/src/</pre><pre># tar ?xzf sys.tar.gz ?C /usr/src/</pre>

<p class="MsoNormal">Move to the platform independent config directory and create
a copy of the GENERIC config file:</p>

<pre># cd /usr/src/sys/conf</pre><pre># cp ./GENERIC ./Custom-Poptop-build</pre>

<p class="MsoNormal">Now we need to edit the config,</p>

<pre># vi ./Custom-Poptop-build</pre>

<p class="MsoNormal">First comment out the inbuilt GRE support:</p>

<pre>#pseudo-device gre # GRE encapsulation interface</pre>

<p class="MsoNormal">Secondly increase the number of tun devices to match the
maximum number of concurrent users you expect to have connected. I have set
this to 50, which is much more that I will ever need (I would say 10 is enough
for my needs):</p>

<pre>pseudo-device tun 50 # network tunneling over tty</pre>

<p class="MsoNormal"><!--[if gte vml 1]><v:shapetype id="_x0000_t75" coordsize="21600,21600"
o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f"
<v:stroke joinstyle="miter"/>
<v:f eqn="if lineDrawn pixelLineWidth 0"/>
<v:f eqn="sum @0 1 0"/>
<v:f eqn="sum 0 0 @1"/>
<v:f eqn="prod @2 1 2"/>
<v:f eqn="prod @3 21600 pixelWidth"/>
<v:f eqn="prod @3 21600 pixelHeight"/>
<v:f eqn="sum @0 0 1"/>
<v:f eqn="prod @6 1 2"/>
<v:f eqn="prod @7 21600 pixelWidth"/>
<v:f eqn="sum @8 21600 0"/>
<v:f eqn="prod @7 21600 pixelHeight"/>
<v:f eqn="sum @10 21600 0"/>
<v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
<o:lock v:ext="edit" aspectratio="t"/>
</v:shapetype><v:shape id="_x0000_i1025" type="#_x0000_t75" height:96.75pt'>
<v:imagedata src="file:///C:\DOCUME~1\Justin\LOCALS~1\Temp\msohtml1\01\clip_image001.jpg"
</v:shape><![endif]--><!--[if !vml]-->

<img alt="" src="" /></p><p class="MsoNormal">Now lets rebuild the kernel; we need to create a copy of the
platform dependent configuration file:</p>

<pre># cd /usr/src/sys/arch/i386/conf</pre><pre># cp ./GENERIC ./Custom-Poptop-build</pre>

<p class="MsoNormal">Edit this config file to point to the previously modified platform
independent config:</p>

<pre># vi ./Custom-Poptop-config</pre>

<p class="MsoNormal">Replace:</p>

<pre>include ?../../../conf/GENERIC?</pre>

<p class="MsoNormal">With:</p>

<pre>include ?../../../conf/Custom-Poptop-build?</pre>

<p class="MsoNormal">Now start the building process:</p>

<pre># config ./Custom-Poptop-build</pre><pre># cd ../compile/Custom-Poptop-build</pre><pre># make depend && make</pre>

<p class="MsoNormal">Hopefully you shouldn't get any nasty errors thrown up. Once
the build process has completed you should find the kernel (filename is simply 'bsd')
with the size 4.9MB. Let's now replace the default kernel:</p>

<pre># cp /bsd /bsd.old</pre><pre># cp./bsd /bsd</pre>

<p class="MsoNormal">Now a reboot will verify that all is working okay. After
logon you should see the name of your new kernel (Custom-Poptop-build) to the
right of the timestamp. Well that's the kernel recompiled; it wasn't as tricky
as it sounds was it? That's enough for one installment. In the next one, we'll
continue with creating the additional tun devices that you'll need, and then
actually installing and configuring the Poptop package.</p>

Collapse -

Life with Nagios

by Justin Fielding In reply to In my own words...

<p class="MsoNormal">Just an update on my experience so far with Nagios.  After playing around with various front-ends
for easy configuration (which I previously mentioned), I wasn?t happy with the
setup they had given and found I was often forced to setup functions which I
didn?t want, just to stop the configuration tool from throwing up errors and
let me proceed.  Back to square one, I
had to bite the bullet and set aside quite a bit of time to properly read the
manuals and fully understand the configuration process?Lots of time, boring
manuals, but in the end well worth it.  I
now have Nagios configured to monitor quite a few of our servers and alert when
various system variables reach warning or critical levels.  This has proven to be very useful for pinpointing
intermittent problems with our mail server, with alerts coming in because of
mail queue size, number of processes, memory usage and so on; it really helps
give a wider view of the big picture and lets me know exactly what to look for
in system logs.  I have even found that I
can fix some problems pre-emptively before they become a problem (before users
notice), examples being low disk space, jammed mail queue due to spam attacks

<p class="MsoNormal"></p>

<p class="MsoNormal">Overall I would say not to be put off by what first looks to
be a complex configuration, once understood it?s pretty simple and the rewards
are well worth the initial effort.  Has
anyone else had success with Nagios?</p>

Collapse -

Life with Nagios

by jdpadro In reply to Life with Nagios

<p>Question, how long did it actually take to complete the installation? And which distribution did you use for the implementation?</p>

Collapse -

Life with Nagios

by Justin Fielding In reply to Life with Nagios

I decided to go with ubuntu for the base system, the apt usage means for easy installation of apache/php plus updates; I have really started to like this distribution.<br /><br />The actual nagios install (e.g. install and set up to the point of it monitoring itself and one other host with the nrpe plugin) took me roughtly one working day, maybe 6-7 hours, however that was starting with the example config files, then breaking everything down and creating my own config structure with host and service directories which means adding new hosts etc is much easier.  If I did it again it would probably tak a couple of hours, starting with my current layout as a base even faster than that.

Collapse -

Life with Nagios

by bobby1041 In reply to Life with Nagios

I've had a great experience with Nagios.  The only issue that I have with Nagios is adding comments or scheduling downtime...I cannot fully get those features to work...I get the following error <em>"Sorry, but you are not authorized to commit the
specified command. Read the section of the documentation that deals with authentication and
authorization in the CGIs for more information." </em>  <br /><br />But hey, other than that I have it running on a Suse Linux 9.3 Pro, PIII 700mhz, 256 mb ram.  It is monitoring 11 hosts and 35 services.  It is a great monitoring tool, but you just have to put a good day or more into getting it up and running and configure hosts and services.  <br /><br />The most critical service that I check is both of our company websites, the check_http command does this and what I do is have it alert me on my Verizon cell text email address.  This gives you the ability to be advised and fix issues before your boss notices them.<br />

Collapse -

Life with Nagios

by Justin Fielding In reply to Life with Nagios

<p class="MsoNormal">Exactly, our smtp server is being a bit temperamental at the
moment, mainly due to frequent attempts by spammers to throw junk at it.
 Nagios has meant that we can be alerted and then deal with the problem
before any of our end users notice.  We are of course working on a
replacement smtp implementation with greater protection from such attacks,
however in the mean time at least our users have no perceived downtime :)</p>

Related Discussions

Related Forums