Tag Archives: mysql

Brute-Force attacks for securitychecks in your network with Medusa

Share Button

It’s a good practise to questioning the security of your home network¬† and even more critical for you company network. The most obvious are weak passwords that ease the unauthorized access to systems and data for Hackers (to be more precisely: Cracker) and intruders. That could damage the systems, data or miss use of the system to damage or infiltrate of other systems. As examples are Administrative access to Databases, E-Mail Servers or other critical infrastructures. Read more

Authenticate your Linux with Active Directory

Share Button

Think about that you are managing a network with 20 or more Workstations with various Operating Systems like Windows, Mac and Linux and that you have to manage or troubleshoot them one by one if you have authentication problems or just want to change passwords on those machines. This would be a lot of work, right? So what you need is a centralized user/group management like OpenLDAP or Active Directory. Most Businesses utilize already Microsoft’s Active Directory because of the majority of Microsoft Windows Workstations. Because of that I like to talk about Active Directory Authentication for non Windows workstations and introduce you to several solution that will help you do that.

The first solution is the full hands on solution which involves a lot of script modifications and the installation of additional libraries. The entire procedure is written down in the TechNet issue of December 2008 and available for download at Microsoft and because of that I am not going into detail on that one, instead I like to introduce you to three third party applications that will do all that by just installing it and performing a few little configuration steps. Those three Applications are Likewise, Quest Authentication Services and Centrify.

Likewise Solution:

Likewise offers basically two solutions. The first one is Likewise Open which is free and just allows you to join workstation to your Active Directory, authenticate your users against Active Directory and let you manage group memberships at the Active Directory side. The second Solution is Likewise Enterprise. Likewise Enterprise offers Single Sign-On for Enterprise Applications like Microsoft Sharepoint or other Application or Services that can Authentication via directory Services like apache, JBoss, MySQL, WebSphere and other systems via SSH and without Directory Service it would required separate User and Password credentials. With Likewise Enterprise Single Sign-On, LDAP, Kerberos and Applications or Services tied to Directory Authentication only one username and password will be managed centralized in the Datacenter. Likewise Enterprise also provides group policies tools to create granular access policies to ensure users have all the permissions they need to do their job and more. If you use Likewise Enterprise you can also produce reports of users activity and with Likewise Enterprise and¬† Operations Dashboard Administrator can see what’s going on with users in real time which makes security and policy monitoring simple and effective. Considered all the features described above makes Likewise Enterprise complaint with SOX, PCI BSS, Base II, HITECH and HIPAA. Likewise Enterprise let you also add additional security with its optional smart card feature. If your organization still uses SUN’s Network Information Services (NIS) you should migration to the more secure Active Directory from Microsoft since its not secure and no longer supported by SUN. Likewise Enterprise provides NIS Migration tools which moved user accounts and password files to Active Directory. Likewise Enterprise also provides Hypervisor Management tools so users managing VMware vSphere and Citrix XenServer are authenticated against Microsoft Active Directory. Likewise has Binary Packages available for Red Hat, Suse, Fedora, Centos, Debian, Ubuntu, Mac OS X, Solaris, HP-UX, AIX and FreeBSD in 32 Bit and 64 Bit Architecture.

You can join your Workstation to Active Directory with one command for example on Linux type: /opt/likewise/bin/domainjoin-cli join domainName ADjoinAccount and press enter. To authentication against Active Directory in the GUI use DOMAIN\username and on the CLI use: DOMAIN\\username and that is all you have to do.

Overall I think Likewise solution is well build and should offer you solutions for most of your IT challenges.

Quest Authentication Services

Quest Authentication services is a patented technology. If I look over the information about this solution it appears that you need to installed a portion on the Server it self and then the Agent on the non Windows clients. Quest claims to have 1000 customers with over over 5 million installed seats. It supports Linux, Unix and Mac OS X Clients. It also appears to be that this solution is not offering a free solution to at least authenticate your non Windows clients.

Quest extend the authentication, authorization and administration infrastructure of Active Directory to the rest of the enterprise, enabling Unix, Linux and Mac OS X systems to act as full citizens within Active Directory. It also enables Audits, alerts and shows the detailed change of history. This solution also enables a Group Policy framework which allows you to manage Linux and Mac Clients through Microsoft’s Group Policy management. Access control capabilities will also be extended to non Windows clients. Single Sign-on will be available to non Windows client by enabling Kerberos and LDAP like Windows Clients and you could authenticate to Applications like SAP, Siebel and DB2. Quest provides migration tools to migrate from NIS to Active Directory.

Quest appears to be that is provides all necessary features to run your heterogeneous network and manage all user accounts through Active Directory. The only thing I would wish for is that Quest would offer a free agent other than that I think its good.

Centrify

Centrify offers its product in basically four version, Express, Standard, Enterprise and Platinum. Lets go over each edition and see what its features are.

Express Edition: Includes Centrify DirectControll Express and Centrify DirectManage Express plus Centrify-enabled open source tools.

Standard Edition: Includes Centrify DirectControl, Centrify DirectManage and DirectAuthorize plus Centrify enabled open source tools

Enterprise Edition: Includes everything in the Standard Edition plus Centrify DirectAudit

Platinum Edition: Includes everything in the Enterprise Edition plus Direct Secure

In edition add-on modules are available for Single Sign-On to SAP, web applications for apache and J2EE and DB2.

So lets have a look over all these editions and its features.

Centrify DirectControl (Express): Enables Active Directory-based single sign-on to Unix, Linux and Mac.

Centrify DirectManage (Express): Discovers non-Windows systems and join them to Active Directory.

Centrify-Enabled Open Source Tools: Enhances productivity with painless remote access and Samba integration.

Centrify Direct Authorize: it enables you to lock down sensitive systems and eliminate uncontrolled use of root permissions.

Centrify DirectAudit: helps you to run detailed logging and spot suspicious activity by showing which user access what system and it allows you to monitor current user sessions.

Centrify DirectSecure: can block untrusted systems from communicating with trusted systems, encrypt data in motion.

Centrify also offers Centrify-Enabled Compnents like Kerberos Utilities, NIS Services, OpenSSH, Putty and SAMBA. Centrify supports the following Operating Systems: Apple Mac OS X, Centos, Citrix XenServer, Debian, HP-UX, IBM AIX, Mandriva, Suse, Solaris, Red Hat, Fedora, IRIX, Ubuntu and VMWare ESX Server all in 32 Bit and 64 Bit. Centrify also is the only one that is Microsoft Certified which means a lot for businesses that uses already Microsoft and like to integrate non Windows clients. The only difference I found between the Centrify Express and the other suites is that the Express Edition only offers Community Support and the other Editions offer 24/7 professional support.

My conclusion is that I like Centrify Suite the best because you get the most features in the free Edition compared to the other solutions and it supports the most Operating Systems. Coming in on second place is Likewise it offers basic features for free to get you started and the ability to integrate your non Windows clients and then if you like more you could upgrade and purchase one of the more advanced features and last but not least is Quest Authentication Services because I was not able to find a free client that at least enables you to authenticate your non Windows clients against Active Directory and I think their package offers you the most important features but not all the features that the other two offers. Overall I think either one of those solutions will get you where you like to be.

Please let me know if you know any other solutions that might be better or at least worth mentioning here also let me know if I stated something wrong here and I am happy to correct it. I hope that this article helped you to make a decision with which product you like to go or at least get you started with Active Directory Authentication for non Windows Clients.

Graph your network environment with Cacti

Share Button

There are many commercial and open source solution out there to graph your network utilization and in this article I am going to show you how to use Cacti the open source RRDTool-based graphing solution. Cacti is freely available at http://www.cacti.net and comes preloaded with a few Host and Graph Templates. If a template for the device you are trying to set up is not available by default you can download contributed cacti host and graph templates at http://docs.cacti.net/templates and import those to your cacti installation.

The installation and configuration for Cacti is on Ubuntu very simple. Let’s go over the installation procedure. First I recommend that you always update your apt-get repository with

sudo apt-get update

and then you can go ahead and install the latest version available from the repository with

sudo apt-get install cacti cacti-spine

accept all dependencies and the installation will start. During the installation the installer probably ask you a few questions depending on your current system setup but on a fresh install it most likely will ask your if you like to install MySQL and for a SQL Root user password. Further more it will also ask you if you like to use db-config to setup the cacti SQL Database and it will also ask for a password again. The next step it will ask you if you like to configure the installation for a version of apache web server. I recommend to use Apache2 unless you know what you are doing.

Now the installation should be done and the next step of the configuration is web based. Start you preferred web browser and browse to http://yourserver/cacti and you will see a disclaimer if your installation worked as planned, click next to start the web based configuration. Read the information displayed on those pages and make sure that there are now errors and click on finish at the end. If you run into errors try to solve those and re-run the steps until everything is the way it suppose to be.

Now you are done and you can browse to your Cacti website again and this time it should ask to to login. Use admin for the user name and password. The Cacti website now forces you to change your admin password for the website. Enter a desired password. Now there are two things that needs to be checked that they are correct. On the left pane click on settings and in the right pane click on the tab Paths. Make sure that all paths are green and it states that the file is found. Click on the Poller tab and change the poller from cmd.php to spine and scroll all the way to the bottom and click on save. Now you are done and can start adding devices and graphs.

Watch the video below to see the entire installation, configuration and adding devices and graphs. If you like the video don’t forget to rate it and leave a comment if you like.

Thanks for reading and enjoy the video.

1 2