Friday, August 31, 2012

Adding a linux server to the Domain:


If you have lots of Linux servers, and your company is running on a Windows Active Directory, you might find it binifisial to join your Linux servers to the domain and allow log-ins with you domain administrator accounts. The following tutorial will walk you though the process.

First you have to add the Centrify DirectControl Express repository:

~$sudo -s
~#aptitude install python-software-properties

For Ubuntu server 10.04 LTS

~#add-apt-repository "deb http://archive.canonical.com/ lucid partner"
For Ubuntu server 12.04

~#add-apt-repository "deb http://archive.canonical.com/ precise partner"
~#aptitude update

Now we install Centrifydc:

~#aptitude install centrifydc
~#adjoin -w -u DomainAccount Domain.name
~#adinfo

Now we need to add our domain Admin group to Sudoers

~#nano /etc/sudoers
add: %Domain Admins ALL=(ALL) ALL

Now we need to edit the centrifydc.conf file:

~#nano /etc/centrifydc/centrifydc.conf
Change the following line:

Change the line:

##pam.allow.groups: some:group

to

pam.allow.groups: Domain Admins

If you have a user on your domain that has the same name as the local admin acount on the linux server you need to edit the following:

#pam.ignore.users: some:user

to:

pam.ignore.users: local/domain account

WARNING: If you don't make this change you will lock out the local admin account

Save the file and then:

~#adreload
~#adflush
~#adquery user DomainAccount
Your all done, you should be able to log on the the Linux server with you domain admin accounts.

Awesome!
Posted by at No comments:

Thursday, August 16, 2012

Setting up synergy with encryption on two Windows computers:


If you don't know what Synergy is I'm not going to spend a lot of time trying to explain it. It's basically a way a way to share your keyboard and mouse between two computers without the need of a KVM Switch. You can read more about it at http://synergy-foss.org/.
The big problem with Synergy is that it sends all of your keystrokes to the remote computer plain text. If your own your own private network this is not a problem, but if your at work or on a public network this can be troublesome. If you didn't know this already intercepting data on a public network is stupid easy.
So that being said, we are going to use the SSH protocol to encrypt your data as it passes over the network. Again if you don't know what SSH is I'm not going to try to explain it here. Reading is your friend: http://en.wikipedia.org/wiki/Secure_Shell.
If your running Linux it is very easy to get this working, but on Windows It is a little more tricky. So lets get started:
A. Install OpenSSH:
  • Download Copssh from: https://www.itefix.no/i2/copssh-get. For our purposes the free version will work fine. Once you have it downloaded extract the zip and run the installer on both the computers you want to share the keyboard and mouse on.
  • when you get to service tab: Set the service account to synergy, and the password to something you won't forget.
  • once the install finish click on start and activate a user, and select synergy, click next.
  • created a passphrase, write it down if you can't remember it!
  • click activate
  • duplicate the steps on the second computer
B. Test SSH connections:
  • download a program called Putty. It can be found at: http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe.
  • once you have downloaded it then simply double click on it to run, there is nothing to install.
  • on the first computer, under host name, inter the IP address of the second computer and click connect
  • you will get a security alert, click yes
  • log in as: synergy, password:(whatever you made it)
  • if you have configured everything correctly then you should get a terminal prompt. If you don't, you missed something.
  • repeat this process on the second computer.
c. Install Synergy
  • download Synergy on both computers: http://synergy-foss.org/download/
  • ON the server(computer with keyboard and mouse installed):
    • install Synergy, at the end of the install select: Server(new setup)
    • click (Configure Server…)
    • Click and drag the monitor in the top right to the square on the grid corresponding to where the second computers monitor is next to the server.
    • double click on it and rename it to the computer name of the client computer and click OK.
    • click Apply and then start
    • your synergy server is now ready to except connections for clients.
  • ON the client:
    • before you install synergy we need to do a little script writing
    • click on (start, all programs, Copssh, start a unix Bash Shell)
    • type nano synergy.sh and enter the following line of test:
    • ssh -f -N -L localhost:24800:(IPofServer):24800 synergy@(IPofServer)
    • click Ctrl+X and then Y to save the config file
    • type ./synergy.sh it will ask you if you are sure, click yes, then type the password and it should drop you back to the terminal prompt. IMPORTENT, do not close this windows, it must be running for synergy to work, just minimize it and leave it running.
    • install Synergy, at the end of the install select: Client
    • for the server IP type: localhost, and click apply
    • you should be able to move your mouse from one screen to the other now and use your keyboard to type on either computers screen! Enjoy!

Posted by at 1 comment:

Tuesday, August 14, 2012

Installing Oracle Java on Ubuntu 12.04

OpenJDK is what Ubuntu uses as default for java web pages, but it leaves much to be desired. If you want to run Oracle Java on your Ubuntu computer simply open a terminal an enter the following commands:

~ $ sudo -s
~ # aptitude install python-software-properties *may not be needed
~ # add-apt-repository ppa:webupd8team/java 
~ # aptitude update 
~ # aptitude install oracle-java7-installer
~ # aptitude install oracle-jdk7-installer
~ # java -version
Posted by at 1 comment:

Installing and configuring a LogAnalyzer on an Ubuntu Server

This is a re-write of an article on Linux Journal that I found when researching the project. I've re-written it in my own words and added some content that was missing in the original article. A link to it can be found at the bottom of the page. 

1) Install Ununtu server with SSH and LAMP options selected
2) Run the following commands:
~ $sudo -s
~ #apt-get update
~ #apt-get upgrade
~ #apt-get install php5-gd
~ #apt-get install rsyslog-mysql rsyslog-relp
You will then be asked for your MySQL root password followed by being asked to create a password for rsyslog to use. This is the password that rsyslog will use in its config files.
3) To turn on accepting remote logs though we still have to uncoment a couple of lines in /etc/rsyslog.conf:
# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
Now, let's apply our changes:
~ #service rsyslog restart
4) Use your favorite editor and create /etc/rsyslog.d/relp.conf and enter the following in it:
$ModLoad imrelp
$InputRELPServerRun 20514
5) Make a working directory that it can store queue files in if needed.
~ # mkdir -p /var/rsyslog/work
Now we need to add the following to /etc/rsyslog.conf
# Buffering stuff:
$WorkDirectory /var/rsyslog/work # default location for work (spool) files
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName dbq # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
~ # service rsyslog restart
6) Install LogAnalyzer- As of this writing, the newest version is v3.4.4
~ # tar -xzf loganalyzer-3.4.4.tar.gz
~ # cd loganalyzer-3.4.4
~ # mkdir /var/www/logs
~ # cp -R src/* /var/www/logs/
~ # cp contrib/* /var/www/logs/
~ # cd /var/www/logs/
~ # chmod +x configure.sh secure.sh
~ # ./configure.sh
To enable the authentication part of LogAnalyzer we need to make an empty database for users to be stored in and grant privileges on it.
~ # mysql -p
mysql> create database LogAnalyzerUsers;
mysql> show databases;
mysql> grant all on LogAnalyzerUsers.* to LAUser@'localhost' identified by '(pick a password)';
mysql> quit
7) Now open a web browser and go to http://"serverIP"/logs/. You will be pointed to the installation script which will guide you through the process of setting up LogAnalyzer.
On step 3, make sure to enable user database. Enter the database, username, and password we created above. Enable "Require user to be logged in". On step 7 use the following settings:
Name the source something logical seeing as it is going to be the compiled *logs from all your servers.
Source Type = MYSQL Native
Select View = Syslog Fields
Table type = MonitorWare
Database Host = localhost
Database Name = Syslog (case sensitive)
Database Tablename = SystemEvents (case sensitive)
Database User = rsyslog
Database User = (whatever you made it in step 2)
Enable Row Counting = no

Forwarding log files to Log analyzer:

Linux Servers:
Setting up your other boxes is fairly straight forward. For this example, assume the server you have been setting up is named "myserv". If you don’t want to edit your hosts file then either use the FQDN or the IP in place of myserv. If you are willing to run rsyslog on them then all you have to do is install librelp:
sudo apt-get install rsyslog-relp
Then add the following to your rsysnc configuration file /etc/rsyslog.conf:
$ModLoad omrelp
# forward messages to the remote server "myserv" on
# port 20514
*.* :omrelp:"myserv":20514;RSYSLOG_ForwardFormat
Windows servers:
If you want your Windows 2000 - Server 2008 machines to send logs to your new central log server then check out eventlog-to-syslog. Just download it, unzip it, copy evtsys.exe to C:\Windows\system32\ and execute
C:\Windows\system32>evtsys.exe -i -h ip.address.of.myserv
I tested the x64 version of this in a Windows 7 Enterprize virtual machine and it worked great.
Network Devices:
If you want to point your network devices to this server then just remember that it is listening on port 514 for both TCP and UDP connections.

Article source:
Posted by at 7 comments:
Subscribe to: Posts (Atom)