Lynis volunerability scanner

Lynis is a security vulnerability scanner similar to the Debian harden package or Bastille Linux.

The main advantages it provides over those tools is its support for multiple operating systems and a very clear and friendly reporting format.

Advertisements

Intense PC – Tiny intensely powered PC

The Intense PC (Front panel view)With its tiny dimensions, high-powered hardware spec, low power consumption and Linux Mint installed out of the factory, the Intense PC or its branded sibling, the Mint Box, might very well be the next computer I buy. The manufacturer operating out of Israel makes this practically a no-brainer.

About the only gripe I have about this device is that it contains no battery. Next to modern phones, laptops and tablets, the PC’s “habit” of shutting down at the slightest power interruption makes it seem as anachronistic as an 80s double cassette boom-box.

Quick list of server deployment/life cycle management systems

I’ve recently decided to take the time and look into the various open-source systems for server deployment and life cycle management. As the amount of servers in the data-center grows, as well the the demands for quicker response to rapidly changing IT needs in the organization, performing manual server installation, or even using a manually configured Kickstart server simply doesn’t cut it.

The following is a list of server deployment and life cycle management systems I could find on the Internet, and what I could learn from reading the documentation available on their websites. Continue reading

Looking of an open source Acronis replacement

I’ve been bothered for a while about the fact that was the system disk in one of my home computers to fail, I would find myself forced to go through a long a tedious re-installation process.

Given that I have the disk-space to spare, I’ve been looking for an Acronis-like tool I could use to back up my computers, Clonezilla seems to be the leading option, but it seems to lack the ability to perform online backups.

Running Fedora’s liveusb-creator on Ubuntu

One of the things I find most annoying about Linux distributions is that when it comes to distribution-oriented tools, they tend to make other distributions feel like second-class citizens even when compared to Windows. One such example is the Ubuntu One service which had a Windows client released recently and will soon see a Mac client while it is yet to be unsupported on any other distro besides Ubuntu. Another such, albeit smaller, example is the Fedora liveusb-creator tool.

The Fedora liveusb-creator tool is used when one wants to install Fedora while using a USB stick rather then a CD-ROM. While Ubuntu does include a comparable tool called “Startup Disk Creator”, that tool only supports creation of bootable USB sticks for Debian-derivative distributions.

Installation of theĀ  liveusb-creator tool is of course extremely easy on Fedora where it is accessible directly from the distribution’s repositories, the tool’s website also provides a Windows installer, but when it comes to other distributions the site resorts to providing a source archive without even including instructions as to what packages might be needed to run it.

Fortunately for users of other distributions, the Fedora liveusb-creator tool is written in Python, therefore running it on other distributions is a rather simple task, following are 3 simple steps required to use the liveusb-creator on Ubuntu, similar steps may apply to other Debian-derived distributions as well.

Continue reading

Configuring Aviem PRO2100 UPS on Debian 6.0 (Stable/Squeeze)

The Aviem PRO2100 is a SOHO Line-Interactive Uninterruptible Power Supply (UPS) unit that sells at a very compelling price/performance point. The PRO2100 is a 1000VA unit that sells at a price which is only slightly above that of other manufacturers` 650VA units, whereas comparable strength units typically sell for twice as much. What this means is that you can use if to power two computers for the price typically paid to power one.

That being said, the Aviem`s weak point is it`s Linux support (I cannot vouch for Windows support since I did not attempt to connect it to a Windows machine). While The UPS does ship with a CD that includes Linux software, it suffers from several shortcomings that are unfortunately all too common even for enterprise-level Linux supporting hardware:

  1. The CD only contains precompiled 32bit X86 binaries without any source code or any pointers to where the source code may be found.
  2. No pointers are given as to where updated software versions be be found, what seems to be the product name, “PowerD”, also doesn’t yield anything useful in a Google search.
  3. The software relies on an installation shell-script rather being packaged for use with the system`s package manager (E.g. RPM or DPKG) or at least something like Autopackage. The installation script also seems to assume all Linux systems are roughly built and behave like RedHat and would generally make a mess of your system regardless of the distribution (For example, the script tries to place binaries in “/etc” and set insecure file permissions such as “777”).

This particular software CD has another strange problem to it as the included “Readme.txt” file seems to be completely unreadable gibberish as well as resist being converted to anything readable with “iconv”.

All in all the software on the CD has a very strong abandon-ware feel to it and it is nothing I would be willing to install on my systems.

Continue reading

Cobbler “Advanced Networking” not quite up to task

System administrators that deploy tools such as RHEL’s Kickstart are typically concerned with rapidly deploying large numbers or servers, therefore it is quite unfortunate that Kickstart has only very basic network configuration support. What it means is that sysadmins have had to resort to manually configuring IP addresses and NIC Bonding for each and every installed server.

Cobbelr’s Advanced Networking feature seems to suggest a solution for this problem. It seem to me, however, that the approach taken is impractical for large organizations. Cobbler’s approach is to have the sysadmin use the Cobbler command line tool feed in the configuration for each and every NIC on the new server, prior to server installation and based on NIC MAC addresses.

This approach is impractical because the last thing a sysadmin faced with installing dozens of servers wants to to is to boot each and every server with one tool or another in order to check what the MAC addresses are, might as well manually configure the servers once they are already installed with a operating system…

The approach we’ve taken in my organization was to develop our own internal tool that automatically performs network configuration based on detecting where the various NICs are connected to by pinging well-known IP addresses. This approach has an additional benefit in that it can be used to quickly reconfigure the server when faulty NICs or motherboards are replaced (E.g. when the MAC addresses change).