Sunday, August 26, 2012

Network device management and graphs for the busy Admin

If you are a busy admin and want to setup a SNMP based monitoring system quickly and easy, try JFFNMS. Its licensed under the GNU GPL model so there is no charge for using or modifying the tool. I will install JFF in a VMWare virtual machine using FreeBSD 9.0 as OS. I just created a new virtual machine with a 50GB hard disk to have many months of historical data.. also we can have years of information for reference and behavior. I just installed FreeBSD with the default options and making sure to set up the correct time-zone and assigned an IP address. After reboot,  logged on to the JFF box and verify network connection.

First step in every new OS installation are patches. I used the following command to patch the new FreeBSD installation:

jff# freebsd-update fetch

Once patches are downloaded, we need to install them:

jff# freebsd-update install

Once my OS is patched I need the newest FreeBSD ports collection using the built-in tool portsnap.

jff# portsnap fetch

Now its time to extract the downloaded ports file; go and grab a cup of coffee and work on your pending tasks, it could take a while.

jff# portsnap extract

Now we are ready to install applications. The first we need its our Apache web server. Any version newer that 2.2 works. We are going to install the newest Apache version from the ports collection. Again, go to lunch or finish your pending tasks and go back in 20 mins.

jff# cd /usr/ports/www/apache22
jff# make config
jff# make install clean BATCH=YES

It's time to test our web server. Add the following line to the /etc/rc.conf and start the web server.

jff# echo 'apache22_enable="YES"' >> /etc/rc.conf
jff# apachectl start

Browse to the JFF box IP address and you should receive the default page.

JFF use PHP languaje so we need to install it. 

jff# cd /usr/ports/lang/php5

Very important once in the  /usr/ports/lang/php5 directory, tell php to work with apache and then install it.

jff# make config

jff# make install clean BATCH=YES

JFF needs some PHP modules so let go ahead and install them. Select the GD, SNMP, SOCKETS and MYSQL modules from the 'make config' screen.

jff# cd /usr/ports/lang/php5-extensions/
jff# make config

jff# make install clean BATCH=YES

Modify the php.ini file after copiyng from the defaults

jff# cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini

jff# vi /usr/local/etc/php.ini

    error_reporting  =  E_ALL & ~E_NOTICE
    allow_url_fopen = On
    short_open_tag = On
    date.timezone = "America/Mexico_City"

Save the php.ini file after setting the previous values.

JFF uses MySQL for store of all configuration and data grabbed from devices. So lets proceed the installation.

jff# cd /usr/ports/databases/mysql55-server/
jff# make install clean BATCH=YES

Now that MySQL is installed we need to initialize the grant tables

jff# mysql_install_db --user=mysql

We will start MySQL for the first time

jff# mysqld_safe --user=mysql &

Modify the /etc/rc.conf file to start MySQL at boot and start MySQL as daemon.

jff# echo 'mysql_enable="YES"' >> /etc/rc.conf
jff# /usr/local/etc/rc.d/mysql-server start

Lets change the mysql root account password

jff# mysql
mysql> UPDATE mysql.user SET Password = PASSWORD('newpwd') WHERE User = 'root';

mysql> exit;

There are another pre-requisites that we need to install, they are nmap, rrdtool, fping, diffutils.

jff# cd /usr/ports/security/nmap && make install clean BATCH=YES

jff# cd /usr/ports/databases/rrdtool && make install clean BATCH=YES

jff# cd /usr/ports/net/fping  && make install clean BATCH=YES

jff# cd /usr/ports/textproc/diffutils  && make install clean BATCH=YES

jff# cd /usr/ports/graphics/graphviz  && make install clean BATCH=YES

After all the packages are installed, we will need to create the groups and users used by JFF.

jff# pw groupadd jffnms

jff# pw useradd jffnms -c 'JFFNMS User' -d /usr/local/etc/jffnms -s /nologin -g jffnms

jff# pw groupmod jffnms -m www

Its time to download the JFF software, unpack it and assign the required permissions. Download the package from and store it in the /usr/local/etc directory.

jff# cd /usr/local/etc

jff# tar xvzf jffnms-0.9.3.tgz

jff# chown -R jffnms:jffnms /usr/local/etc/jffnms-0.9.3

jff# chmod 770 /usr/local/etc/jffnms-0.9.3

jff# chmod -R ug+rw /usr/local/etc/jffnms-0.9.3

jff# ln -s /usr/local/etc/jffnms-0.9.3 /usr/local/etc/jffnms

Import the crontab file to schedule the pollers and modify the crontab file to match the values of our installation.

jff# crontab -u jffnms /usr/local/etc/jffnms/docs/unix/crontab

jff# crontab -e -u jffnms

 The next its to change the permissions of some folders and files.

jff# chmod +s /usr/local/bin/nmap

jff# chmod a+x /usr/local/bin/nmap

jff# chmod +s /usr/local/sbin/fping

jff# chmod a+x /usr/local/sbin/fping

We are almost done.. Lets create and configure our MySQL database.

jff# mysql -u root -p

mysql> CREATE DATABASE jffnms;

mysql> GRANT ALL PRIVILEGES ON jffnms.* TO jffnms@localhost IDENTIFIED BY 'jffnms';


mysql> quit

jff# mysql -u jffnms -pjffnms jffnms < /usr/local/etc/jffnms/docs/install/jffnms-0.9.3.mysql

We have created the JFF tables and required records.

Next step its to setup apache for the JFF management web page. I preffer to set the jffnms directory as the Root Document  because in this case its a dedicated box. If the Apache web server will host another virtual directories or virtual servers, set it up accordingly.

jff# vi /usr/local/etc/apache22/httpd.conf

Add/modify the following values: 

SetHandler application/x-httpd-php
SetHandler application/x-httpd-php-source

RewriteEngine On
RewriteRule (.*\.php)s$ $1 [H=application/x-httpd-php-source]

ServerAdmin admin@domain.local
ServerName jff.domain.local:80

#DocumentRoot "/usr/local/www/apache22/data"
DocumentRoot "/usr/local/etc/jffnms/htdocs"

AllowOverride None
Order deny,allow
Allow from all

DirectoryIndex index.php index.html

Options Indexes FollowSymLinks Multiviews
AllowOverride All
Order allow,deny
Allow from all

Restart Apache web server

jff# apachectl restart

We are almost done..point your browser to the IP Address of your JFF Box  and will redirect you to the Setup page

Replace the correct values on the ERROR fields and save the configuration

WE ARE DONE!!!  Go to the main screen and browse a little to be familiar with the tool. Next step its to add the network devices and servers. You will need to know the read_only snmo community and allow to read snmp information.

In another article I will show you how to add hosts and obtain graphics like the following

See you in another post.. 

Friday, February 17, 2012

SensePost MD5 Hash list - Gives you a hash for any 1-8 alphanumberic character string

If you use an 8-character password, you must be worried. SensePost posted the hashes for these passwords. So take a loook at this list an change your password to use 12 characters or more.


Thursday, January 26, 2012

Don't use unique passwords anymore, try KeePass 2

I use to manage my passwords in an excel file stored in an encrypted drive. Why write them? Because I manage like 20 username/password combination, plus credit/debit card PIN's, my Wife's and two suns Birthday..  a lot information to keep in my little brain :) . This approach  "protects" my data but its very very manual the process of updating passwords and entering them in each application/web site.  But after reading this post (and many other of course) about the dangerous of managing unique or common passwords, I decided to search a tool to make my life easier. 

I looked at KeePass 2, its an OpenSource tool that has many features. One great feature its the ability to automatically input username and password to the applications. There are two easy ways to do this:

1.- Select the application window.. then go to the keepass window, select the password entry and press "Ctrl + V".. yessss!!  like pasting any clipboard item. KeePass will input the data for you in the previous active window.

2.- For this option you need to know the application window name. You need to name the keepass entry like the application window. Once you are in the applicacion, just press hotkey "Ctrl + Alt + A" and keypass will look an entry with the same name as the application and paste the data for you.

Of course these two hotkeys can be changed for whatever keys combination you like. I use this tool with my mail accounts (hotmail, gmail), with my facebook and twitter accounts and with my Remote Desktop connections and applications.

What about security?  Well, the database its protected by an AES 256-bit encryption. This encryption is used by the NSA to protect TOP SECRET information, so you can be 99% sure that your data will be safe. To open the password database, you have three options to protect them (or all together): 

a) A master password
b) A key file that you can store in an USB or network
c) A windows user account

My recommendation?  Use almost two of them and do an effort to use the three to open the database, will be more difficult if some one tries to stole your passwords. 

The best of this great tool?  ITS FREE of charge!!  Try it and let me know other tips/features.