ryanj

Recently, I undertook a project to migrate the Nagios server at work over to the latest Nagios and Centreon.

Since it was running NagiosQL previously, I was going to import the configuration files into my new Centreon, as we have some 3000 services and 300 hosts.

During the uploads, I had certain files that did not want to upload correctly, including hosttemplates.cfg. When I would load this file, Centreon would return with a blank page; no error, nothing; typically, you’d see a message saying the file loaded OK but that there were no entries inserted (something like the following, minus the last line):

But I was simply getting NOTHING – a plain blank page.

Poking around in /var/log/httpd/error_log

I discovered a whole lot of the following:

Or, for the text searchers among us: Uncaught exception 'Exception' with message 'Not ldap template has defined'

The internets held no hints, so on a whim, I went and enabled LDAP (which I had previously disabled on install as I wasn’t going to use it). (To do that: Administration -> Options -> Expand Options -> LDAP -> Enable LDAP authentication: Yes).

After I did this, it loaded every file I threw at it.

As an aside, the sheer number of PHP errors that Centreon generates frightens me a bit. The software works great, but I think the project has a lot of code cleanup and error handling to do; either that or SELinux is getting in the way (as I never bothered to turn it off), but this doesn’t smell like SEL to me.

BTW this is Centreon version 2.3.4 running on 64-bit RHEL 5.8, Nagios 3.4.1, all compiled from sources obtained May 15, 2012.

I would also love it if Contact templates worked right…

-r-

http://www.forbes.com/sites/dailymuse/2011/11/04/final-cut-words-to-strike-from-your-resume/

This morning I woke up to a tweet from a hacker group called LulzSec openly calling out Paypal and urging everyone with a Paypal account to close it in protest of PayPal’s recent actions against Wikileaks and other similar groups.

You may or may not have heard of LulzSec; they have been the people behind the recent high-profile Sony PSN network hack as well as the shutdown of News of the World’s servers (the Murdoch publication) going along with the phone hacking scandal in the UK. Teamed with them is Anonymous, another group of hackers who have also got some high profile notches in their belt.

I looked at this tweet and immediately warning bells went clanging off in my head.

If you ever needed a warning that something is about to be hacked, and hacked hard, this is it. For me, PayPal has links to both my primary bank account AND my primary credit card; granted, there’s not a lot of money in either, but this is still worrisome. Since PayPal has this information stored on servers somewhere, it stands to reason that this information can be stolen.

My previous advice about changing passwords regularly simply does not apply here; this is something that, once stolen, it simply will not matter if you change your PayPal password. The data is GONE. They will have your credit card/banking information and, if their previous methodology holds true, will post it on the internet in a massive data dump that anyone can take.

I don’t use PayPal much, and it’s a convenient way to order things off eBay, however personally, I’d rather keep my data safe than have this convenience (and I unfortunately don’t have an alternative to offer). I’d bet that you do too, even if you don’t agree with the political statement LulzSec is trying to make here. However I believe this will be the one warning that PayPal will get, and if nothing changes, they WILL get hacked.

If you’re one of the people who still think that can’t happen, I can tell you this: computer security is like putting a car alarm in your car. It’ll prevent casual thieves, and the tougher ones will prevent tougher thieves, but ultimately, if a thief wants your car (or your computer data), they WILL get it. Computer systems are still vulnerable to human error, design flaws, or even simply coercion; consider that all it would take would be for one admin at PayPal to be working with LulzSec and it’s all over but the crying.

So, once again, I urge you to close your PayPal accounts; if only to keep your identity and data safe.

Here’s a quick how-to (since PayPal’s site is understandably vague on the details):
1) Log into Paypal.
2) From the My Account tab, click on the Profile subtab (it’s just under the Merchant Services tab).
3) Click on My settings on the left-hand menu.
4) Next to Account Type, click the “Close Account” link.
5) Confirm you are you by (once again) typing in your full credit card number or bank account information (grrrr).
6) Click on the “Continue” button.
7) Complete the survey and click Continue.
Click continue THREE MORE TIMES.
9) Click the “Close Account” button to finally close your account.

Good luck.

-r-

I pretty much have to put this here because, well, it makes me have a nerdgasm. Plus I want to have a good reference for if I ever build something this awesome.

http://blog.backblaze.com/2011/07/20/petabytes-on-a-budget-v2-0revealing-more-secrets/

-r-

I’m doing a minor revamp of the site. Since this isn’t really much of a DJ weblog anymore (and is more of a tech blog), I’ll retool it to suit. None of the old posts are going away, but some of the layout will change. More thank likely, no one but me will care.

-r-

Minutes ago, I watched the final launch of the Space Shuttle.

As a kid who wanted desperately to be an astronaut, who had space curtains and sheets on his bed, who had photos of the solar system on his wall and a mobile hanging from his ceiling, who used to pester the PR department at NASA endlessly with badly-written letters and requests for official photography (and you better believe I got some from them!), who knew that Calgary was 13th on the list of alternate landing sites for the shuttle if it needed to, this marks a special day for me.

I remember waking up early one morning, because I knew that the space shuttle was going to pass over Calgary on its re-entry path. I knew what to look for, and sure enough, almost right on time, I saw the plasma trail streak across the sky. Raising my binoculars, I could JUST make out the shape of the shuttle, glowing red with re-entry heat, as it passed above. 5 minutes later, the double sonic boom reached my ears ever so quietly, but it brought a huge smile to my young face.

The space shuttle is just a little older than I am. Its first official launch was in 1982, the same year I was born. As such, I grew up with it. It was always a part of my existence.

I look at space exploration and the ideals that govern the people who pursue it and think that these are perhaps some of the purest of human pursuits. We seek to explore, to understand, and to create in space; earthbound, we seem more interested in conquest, conversion, and destruction. The shuttle program delivered some amazing breakthroughs for humans over the years (and no, I don’t have a link to back that up; but I’m not afraid to say it).

To put it in perspective, the TV flashed a statistic that said that over 30 years, the shuttle program cost $115 billion USD. To me, this is worth mentioning; the cost of the Iraq war starting in 2003 is on the order of $845 billion USD (with estimates of true cost at around $3 TRILLION USD) in just FIVE YEARS. So much death and destruction, with so little gain; by contrast, 30 years of advancements, science, and exploration cost less than an 8th of that.

Talking tech, the shuttle was called the most complex machine ever built. However, even this last mission is being flown has computers that only have about a megabyte of memory and are “only” capable of around 1.2 million instructions per second. By contrast, a modern Core i7 processor does over 50 BILLION instructions per second. Even my little Motorola Milestone has a processor that is capable of more (I will always remember the fact that modern calculators, even in the 80′s and 90′s, have faster processors and more memory than those that took the Apollo astronauts to the moon).

NASA hasn’t announced any plans for a future manned launch vehicle; meaning that at least for the short term, any manned spaceflight will be firmly in the hands of private companies. This isn’t a terrible thing; but it is likely to be out of reach financially for most of us for some time (also consider that space tourism, while attractive, doesn’t hold the same value as exploration and science; at least, not to me).

And so, today marks the end of an era. To all of the astronauts, scientists, engineers, and others who participated, I say thank you. You gave a little boy something to aspire to, and a dream to follow. And while I may not have followed it and you into space, some part of me was changed just knowing that it was possible.

May we always continue to push beyond our boundaries, to seek what we do not know. May the ideals of space exploration not be lost on earthbound pursuits.

Goodbye, space shuttle, and thank you.

-r-

… it may appear as that I know what I’m doing in linux, and for the most part you’d be correct. But sometimes, it’s the little things that you never REALLY needed, but suddenly do, and realize that, while basic, you just don’t know how to do it.

Such as this:

Find the size of a directory in linux; I know how to find TOTAL disk free space (aka df) but in a directory? Well damn, no idea. Enter this article:

$ du -s
or
$ du -ch | grep total

Huzzah!

-r-

At home, I run a FreeNAS-based filer system that houses just under 4TB of disk for my various uses at home. It runs off of a USB key that I mounted in the chassis.

So far, the system has been nearly flawless. It’s running on some not-so-awesome hardware (unless I’m a complete moron, there’s no option in the BIOS for “power on after power loss”, NOR is there support for Wake-On-Lan, meaning that when the power dies at my house, the filer doesn’t come back on, which causes my Nagios monitoring server to spam the hell out of me telling me it’s down), but it could be far worse.

The system was built on FreeNAS version 7, which, for all its awesomeness (that’s a technical term, by the way), had a few drawbacks; notably, the upgrade path was non-existent. Installing FreeNAS 8 (which was in beta at the time I built the filer) required a complete reformatting of the disks and reset up (apparently, according to a few posts in their forums, the devs are working on a POSSIBLE upgrade path, but for the moment it doesn’t exist if you’re using UFS).

Last night, I came home to a squealing UPS box and my three servers off and down for the count. I had been wondering why I wasn’t able to connect to home yesterday, figuring that my ISP was having a REALLY bad day (or my cable modem needed a reset); alas, no, it was a hardware problem. I reset the UPS and powered it back on; everything came up, for about 5 seconds, after which time the UPS promptly died again.

I moved everything to a power bar (power strip, for you yanks in the crowd) and turned it all back on. The filer came up, though things were UNhappy; the system wouldn’t respond to SNMP from the Nagios system, so I decided to reboot it one more time to clear any possible errors from the rapid power changes.

THAT was a bad idea.

When the box came back online, it spewed incessant amounts of network errors to the interface (something about the interface receiving invalid ethernet headers of length 0 with a packet length of 0) and would not respond to any real packets.

Anyway this is getting a bit long, so I booted an Ubuntu 10.10 live CD, made sure the box was accessible via SSH over the network, and left for work.

I was trying to get the UFS disks mounted into the Ubuntu environment, and was having a time of it, until I found this post: http://bitsofarmor.blogspot.com/2008/09/mounting-freebsd-partitionufs-in-ubuntu.html. The second comment is what I needed; the line: sudo mount -r -t ufs -o ufstype=ufs2 /dev/disk /mount/point is what I needed.

Also, since fdisk was not showing the partitions, doing a cat /proc/partitions got me the list of disks and partitions I needed so that I could actually mount the disks.

A few mkdirs for the mount points later, and I was in business.

-r-

Recently, I used Clonezilla to snap a copy of my laptop before I moved from Ubuntu to Arch Linux, just in case it went so sideways that I needed to get a properly working operating system back on the lappy in a hurry.

Clonezilla is a wonderful utility to image disks with and includes lots of awesome features. That aside, after I got my new Arch Linux laptop up and running, I realized that I had some stuff on the OLD hard drive (that had been wiped out by the OS change) that I needed. I could have just as easily used Clonezilla to make an image of my current (Arch) system, reimage to the old (Ubuntu), boot it up, grab the data and put it somewhere accessible, then re-reimage to the Arch system again.

This honestly wouldn’t have taken very long; the imaging process only takes about 15 minutes each way. However, I didn’t want to do that, and figured that it should be perfectly possible to simply mount the Clonezilla hard drive image on my current system, open it up, grab what I needed, then close it back up again.

The other possibility would have been to make a virtual machine, boot Clonezilla, image the Ubuntu system into the VM, boot the VM, grab the data, and then delete the VM; however, in this particular case, this wasn’t an option.

As it turns out, I was right; it IS possible to mount a Clonezilla image and read it, but I needed to do some SERIOUS messing around to get it to work just right. (honestly, it WAS probably more work than it was worth in light of just re-imaging things twice or using a VM; but this is a good thing to know how to do in case you’re trying to restore a system that you don’t have the original hardware for or any number of other silly things).

My task was made even more difficult because the laptop I was on was not connected to the internet; I needed a few packages first, and ended up having to do a bunch of USB-key-fu (read: download a file onto a USB key then move it across to the laptop) to get what I needed on the laptop. After that, I had to compile partclone from source in order to have the right utility to actually reconstruct the image into a file that could be read properly.

First off, credit where it’s due: the procedure for this comes mostly from this thread, which I modified for an EXT4 file system rather than NTFS.

1. My Clonezilla image was split into several 2GB files and gzipped (you can find out what kind of compression, if any, is used on the file in one of a few ways: use the command file filename and read the output; read the filename itself (in my case, there’s a .gz in there which indicates gzip); read the Info-packages.txt file created by Clonezilla in the directory your image files are in; inside that file is usually a hit about what kind of compression was used on the file). Combine them into one and unzip:
   cat sda1.ext4-ptcl-img.gz.a* | gzip -d -c > sda1.img.
2. Install partclone, partimage, or ntfsclone (depending on what you need or have access to). As I mentioned, in my case I had to compile partclone.extfs from source before I could do anything else.
3. Using the correct partclone variant (in my case, partclone.extfs), build a disk image file that is in the proper format to be read by a loop device: partclone.extfs -r -s sda1.img -o sda1-extfs.img --restore_row_file (note that your command may vary).
4. Mount the image file somewhere useful:
   mkdir /mnt/image
mount -o loop sda1-extfs.img /mnt/image

Now all you have to do is navigate into /mnt/image (or wherever you have the disk image mounted), go find your data, and make copies as desired.

** Note:

You can probably combine steps 2 and 4 into one long command, as long as you have partclone installed (e.g cat sda1.ext4-ptcl-img.gz.a* | gzip -d -c | partclone.extfs -r -o sda1-extfs.img --restore_row_file. I didn’t do it that way because I thought I had partclone installed before I started but didn’t; so, while the first step was running, I did the rest of what I needed to in order to get partclone onto the system. The command above MAY NOT WORK – I haven’t tested it, though it should work just fine.

As some of you may or may not have noticed, there has been a raft of spam and other scams around the internet lately. I’m writing this to help you all out in the fight against this tide of … well, crap.

As I work in IT, computer security is something I deal with every day. IT is also not only my job but something I enjoy exploring for fun. I’ve learned a lot in my years in IT and I thought I’d share some techniques that can help keep you and your information safe on the internet.

1. Use a SECURE password:

   What exactly is a secure password? Th1S!s4S3cUreP@ssw0rd. In case you couldn’t read that, it says “this is a secure password”, cleverly disguised. Secure passwords follow these general guidelines:

   • They are at least 8 characters long
   • They contain a mix of upper- and lower-case letters, numbers, and symbols
   • They are not a dictionary word (or based on a dictionary word)
   • Do not use the same password for more than one place

   There are two common ways to generate secure passwords:

   1. Think of a favorite phrase. For example, perhaps you’re a Robert Frost fan: “I have many miles to go before I sleep.” Now, take that phrase and use only the first letter of each word: “ihmmtgbis”. Next, replace some lower- with upper-case letters, and add in some numbers or symbols for common letters: “IHmMtgB!5″ Add in a bit more randomness, if you like, to make it a easier to remember: “IHmMtgB4!5″ (I added a 4, which makes sense for the word “before”). Bingo. Secure password, and easy (enough) to remember.
   2. Take a sentence or set of words that’s easy to remember and mess it up in a similar manner, like I did with “this is a secure password” above.

   Both of these methods should be easy to remember, and damn near impossible to crack (in any reasonable length of time anyway).

2. Change your password regularly:

   Hackers use many techniques to get ahold of your password; common ones are phishing (which is to use a email that appears to come from somewhere you have an account, i.e. ebay, to trick you into “resetting” or “confirming” your information on a false website) and social engineering (which is to get your password or other information out of you using good old fashioned TALKING), and malware (bad software installed on your PC that can do things like log your keystrokes and send them to a malicious user). Once they have your password, it doesn’t matter how secure it is, they have it and can use it. For this reason, it’s a good idea to change your passwords regularly. You don’t even have to change it by much – a single character difference is all it takes.

3. Use HTTPS where you can:

   Just what is HTTPS? Most people will recognize the little lock icon their browser shows when they visit, for example, a banking website. That lock means that you’re communicating with the server over an ENCRYPTED, SECURE link; this is HTTPS. Most websites that you visit will have http:// in front of the address (for example, http://blog.thewulph.com, or http://www.facebook.com). If this is the case, your browser is communicating in PLAIN TEXT (yes, that’s right: plain text) over the internet. Anyone who happens to be in the path of the traffic between you and whatever server you’re talking to can read all of the information that travels down that path.

   Normally, that’s not much of a problem; 99% of what we do on the internet (well, maybe 95% now that everyone uses Facebook) is not important enough to encrypt. However, bank sites and other places were very personal information is stored and used (read: Facebook) need to protect their customers. That’s where HTTPS comes in.

   HTTPS uses a form of encryption to do the talking; now, all the traffic is basically gibberish until decrypted on the other side. Sites such as Facebook and even Google search are now offering HTTPS as an option, and it’s a good idea to make sure this is turned on all the time.

   With Facebook in particular, the recent raft of spam that has been posted to people’s walls is due in no small part to unencrypted passwords (sent using the regular HTTP site rather than the HTTPS site) being captured and used by hackers.

   If you are a Firefox user, look into a plugin called HTTPS Everywhere (http://www.eff.org/https-everywhere), which will automatically switch you to HTTPS for sites that have it available. If not, most sites have available in their settings an option to ALWAYS use HTTPS. The one place that this cannot be directly controlled (until they move to an ONLY HTTPS login page) is login pages; Facebook is the worst for this. MAKE SURE that you are on https://www.facebook.com when you login (note the S on httpS), otherwise people can capture your password even before any sensitive information starts flowing.

   HTTPS isn’t perfect, and there are many reasons to still be very careful even when you see the lock icon in your browser, but it’s a good place to start.

Those are some easy techniques to follow, for the most part.

Dropbox and Keepass – Password Bliss

So how to keep track of all these passwords? Well, here comes my little product pitch.

Dropbox is an awesome utility that gives you 2GB of online storage for free. (If you sign up and use the link above, we’ll both get an additional 250MB of online storage for free! So do it!). You can use this online storage to store things like photos, music, or whatever, and have it synchronize across all of your computers and devices (they have iPhone/iPad, Android, Blackberry, Mac, PC, and Linux versions – so you really can have everything everywhere, not to mention a web interface that gives you the same functionality!). Dropbox will even let you share files and photos with people online, which can be pretty handy.

How does this help with passwords?

Well, another free utility called Keepass allows you to securely store all of your passwords in one file. It also has a built in random password generator, so you don’t have to think of secure passwords. Keepass is also available for all of your devices, so you’ll always have it around.

Keepass is very easy to use, and you can copy/paste passwords into websites or anything else you use on your systems using keystrokes or a standard copy/paste menu command. This makes integrating those impossible-to-remember passwords into your life easier.

Using Dropbox, you can simple store a copy of both Keepass (it can be downloaded as a file that doesn’t need installing) and your keepass .kdb file and have it available everywhere you are.

I can hear the question: how is storing everything in one file secure? Well, according to the Keepass author, the file is encrypted 300 times over; as well, people would have to get ahold of your FILE in order to do anything useful with it. And, as long as you choose a secure master keepass password and change it from time to time, you’ll always have what you need at your fingertips.

There you have it; my article on passwords and advice for the day. What are you waiting for? Save us all the spam and start using secure passwords. PLEASE.

-r-