I recommend the following three, very simple, tasks to lock down your Linux server(specifically Debian Etch).

1. Prevent root logins from SSH
2. Turn off ident
3. Disable RPC(only do this if you do not use NFS)

Preventing root logins via SSH is a good idea for two reasons.

• Allows you to accurately log who is accessing your system…root can be somewhat anonymus if people know the password.
• If someone who does know the root password becomes a threat, you simple have to restrict their username from being granted access(and physical security of course). This is a lot better than haveing to change the root password in a pinch (I like not having to update documentation every time someone leaves my company).

Removing Ident is merely to make NESSUS complain less. Its not really needed so lets shut it off.

• Open /etc/inetd.conf in Vi/Emacs/whatever
• Comment out the line that begins with ident(just add a # at the beginning of the line)
• Save the file and restart inetd:  /etc/init.d/inetd restart

Finally, another thing to make NESSUS happy is to disable RPC if you arent using it(NFS shares mainly). Simple remove the package portmap from your system. On Debian: apt-get remove portmap

These two sites help quite a bit:

http://www.techcuriosity.com/resources/exim/exim.php

http://bradthemad.org/tech/notes/exim_cheatsheet.php

I found it very useful.

http://bradthemad.org/tech/notes/exim_cheatsheet.php

http://stupidgamer.com/2008/05/01/barack-obama-on-gta-iv/

trapsink works, trap2sink does not work.

I do not know why, but I have tested this. With trapsink configured alerts are received in IT Assistant, with trap2sink configured, no alerts are seen in the alert log.

That solves that! I think I finally have a fully managed 64-bit Debian Server….whats next?

Yesterday, I spent hours getting the nuances setup correctly to just get this thing to be “managed” by the central Dell OpenManage server, hopefully my hard work will help someone out there.

First, in terms of server monitoring, Dell has their “client” OpenManage Server Administrator(OMSA), and their “server” IT Assistant.

My IT Assistant is installed on windows and is pretty self-explanatory to get that part done, and I already explained how to install OMSA.

Now, in order for IT Assistant to manage an OMSA client, it must have SNMP read-only access to it, and in Linux, this is done through snmpd via SMUX and in Debian, SMUX is disabled by default(but isn’t immediately obvious).

First of all, you need to enable SNMP read-only access to your server.

Then, you need to add a smux configuration for the dell OID. Add this to your recently-made snmpd.conf

# Allow Systems Management Data Engine SNMP to connect to snmpd using SMUX

smuxpeer .1.3.6.1.4.1.674.10892.1

As I said, by default Debian has SMUX turned off. You need to re-enable it by deleting the -I -smux in the startup options line in the /etc/default/snmpd file.

Now make sure you restart your snmpd service

/etc/init.d/snmpd restart

Your Debian SNMP configuration is complete. You can check the status of the dell data engine by:

/opt/dell/srvadmin/dataeng/bin/dataeng status

Now add a ‘range’ in IT Assistant with the IP of your server and community string you setup for your server. Then run a discovery job and it should appear in your devices list. The icon next to the device signifies if there are any current alerts applicable to this server.

Congratulations, you can now “manage” your server.

My current problem is that it appears that I cannot have IT Assistant generate alerts for my server since it can only do so if it receives a trap from the server. I find this pretty silly, it should support alerting me based on its polling, not just by waiting for an alert.

I defined a trapsink in my snmpd.conf, and the hardware log shows the event(me pulling out a hard drive), but no trap is received by the IT Assistant. My syslog shows the following:

May  1 14:05:41 inp2552zeus snmpd[5992]: Got trap from peer on fd 14

May  1 14:05:42 inp2552zeus snmpd[5992]: Got trap from peer on fd 14

May  1 14:05:43 inp2552zeus snmpd[5992]: Got trap from peer on fd 14

May  1 14:05:44 inp2552zeus snmpd[5992]: Got trap from peer on fd 14

May  1 14:05:45 inp2552zeus snmpd[5992]: Got trap from peer on fd 14

Anyone have any idea what the issue could be?

First, the easiest way to get OMSA(the openmanage service) on your box is to add the sara repositories to your apt.

add to the bottom of /etc/apt/sources.list:

deb ftp://ftp.sara.nl/pub/sara-omsa dell  sara

Now, (as root) run

aptitude update

to update your package list(from this new repository) then

aptitude install dellomsa

to download and install the package.

Once that is done, you may need to start the service:

/etc/init.d/dsm_om_connsvc start

If you are running 32-bit, you are done. If you have 64-bit, here is where it gets a lil hairy.

You have to download the following 32-bit debs from the main debian repository. Links provided are for the STABLE branch, if you are running unstable, please find your own links

• libpam-modules
• libsepol1
• libselinux1

After you downloaded each of these 32-bit(i386) debs, extract the files out of them(do not install) with the dpkg -x command. If you can’t figure out how to do that, just read the dpkg manual.

Example:

dpkg -x libselinux1_1.32-3_i386.deb ./temp

When you are done you should find the following 4 files wherever you extracted them.

• libsepol.so.1

• libselinux.so.1

• pam_unix.so

• pam_nologin.so

Once you find these files, copy the two files that start with “libse” to the /lib32 directory and the two “pam_” files to the /lib32/security directory(you may have to create the security subdirectory).

Now, edit the /etc/pam.d/omauth file and replace the uncommented out lines with the path starting with /lib/security to /lib32/security. It should look something like this when you are done.(ignoring the commented out lines at the top)

auth       required     /lib32/security/pam_unix.so nullok

auth       required     /lib32/security/pam_nologin.so

account    required     /lib32/security/pam_unix.so nullok

One last step! Its an easy one. Just run the command ldconfig. This will update pam to read the new config files(the one you just edited) and now openmanage will be looking in the correct spot!

Now just browse to your web interface:(change IP as necessary). Make sure you use https to browse it, http will not work.

https://10.1.1.1:1311/

Login as root and BAM you are done.

This guide was built from a conglomoration of sites:(kudos to them!)

http://linux.dell.com/debian_9g.shtml

http://lists.us.dell.com/pipermail/linux-poweredge/2007-June/031531.html

http://blog.loftninjas.org/?p=100

Originally from: http://burnthescript.com/?p=35

If you have been to college, or even if you haven’t, you have probably been to a good amount of house parties in your life. Most people at a house party just sort of blend in. They go about their business, and are pleasant enough. Some people cannot seem to do that. So without further ado the ten worst people you will meet at any house party…

Ten Worst People You Meet At A House Party

10. The “Inappropriate Music Guy”- This guy can take one of two forms, if there is a DJ he is the jackass requesting “November Rain” in the middle of a dance set. If the DJ doesn’t comply he tends to get whiny as hell, and say things like “Come on man, nobody likes this crap, just play something good” and proceeds to point to a full dance floor. If the DJ does agree, he sits around glaring at the DJ every time the song switches to see if it’s “his song.” When his song finally hits he gets a big goofy grin on his face and bobs his head, sometimes giving the thumbs up. His song also always results in the dance floor completely clearing.

The other form is if the party does not have a DJ this person will saunter his way over to the stereo (usually an Ipod at this point), and very slyly add his own playlist. A playlist of such party classics as “Knights in White Satin” and a random Velvet Underground B-side. If anyone criticizes his picks, or doesn’t recognize one, he gets elite. “I can’t believe you haven’t heard this song, its on King Crimson’s Unreleased basement tapes!” Seriously? You really just can’t believe I haven’t heard this song? Fuck off Inappropriate Music Guy.

9. The “I Need a Specific Drug Guy”- This guy is always looking for a drug, the party just isn’t a party without one. Usually he just wants weed, and if he finds it, he just sits there, gets high, and does nothing the rest of the night. Sometimes it’s not weed though, he wants something like Extacy (because he couldn’t possibly have sex without it), or every party usually has one guy looking for coke. You can tell if he found it because his eyelids are stapled to his forehead the rest of the night, and everything he says has 17 extra words said at 700 miles per hour.

Notice this person never has the drug they want on them, but has no problem asking everyone around for some. They also get very offended if someone who they barely know won’t give them free drugs, often retorting with the scathing “Dude, why are you being a dick?” He’s the same person trying to get a keg cup without paying.

8. The “This Party is Nothing Compared To…”/ “Story Topper” guy- This guy has been too all the best parties, with way more fun people, hotter girls, more drugs, better music, a bigger ice luge, a live dancing polar bear, a dedicated fellatio room, etc. These parties are never local. They are “when he was home” or “visiting friends in west bumblefuck.” You guys don’t party nearly as hard as those kids do. This party is ok, but it just doesn’t compare. Rarely does this person have a very specific story from that party, thats usually covered with a “I was so hammered I barely remember it.”

This guys alternate role at a party is that of the always fun to be around “story topper.” If you have done something he has done it twice; if you have seen a band, he smoked with them on their bus; if your best friend has cancer, his died in a plane crash on the way to a treatment center on his mothers fucking birthday. The best way to handle this guy is too see how ridiculous of a story you can get him to tell. Talk about the time you were attacked by a heard of gorillas on PCP in Antarctica. See where he goes from there.

7. The “Watch How Much I can Drink Guy”- This guy can drink SO MUCH. Just watch! He’s already had 14 shots tonight before he even got to the party. Which is why he’s not pounding more at this very second. In fact you haven’t seen him drink anything in four hours, but trust him, he has been drinking SO much. When you weren’t looking he says he finished two pints of tequila, on top of the 11 beers and 14 shots from before. He can drink more then you, and anyone else at the party. If anyone challenges his claims, his response is usually along the lines of “Anytime man, but not tonight, I already had a ton of booze.” If this person actually drinks anything at the party, you will know because they will be the person lying in their own vomit.

6. The “Inappropriately Dressed Girl”- It doesn’t matter the occasion or the climate. If it’s twenty degrees she’s in a skirt and tube top, if it’s summer she’s got on Ug boots and a bubble jacket. These girls usually move in packs, three of them will walk in at once, dressed for June in Miami, when its fucking January in Boston. They then tend to act as if they don’t know they are dressed inappropriately, and get looks on their face like “Why is everyone staring?” As if that wasn’t the point. If you want a good shot at getting laid, talk to one of them. Be careful, because these girls are not usually as attractive as they seem at first. Most of them are between 5-7 on the scale. However the fact that they stand out in a room full of people dressed reasonably, makes them look hotter, especially if its absolute zero outside, and they’re in a skirt. Oh, and use a condom, you’ll thank me later.

5. The Crying Girl- She appears later in the evening after a seemingly normal girl gets drunk. Sort of the female version of the drunk “I love you man” guy (however he doesn’t make the list, because he not the worst, so much as just slightly aggravating, just tell him you love him too, give him a hug and move on). This girl is crying. She’s not sure why, and she promises she’s “not usually like this.” Maybe it’s that she saw her ex-boyfriend a month ago wearing a Rush t-shirt with his new girl, and there was a rush for the jello shots at the party, and it reminded her of him, and blah blah blah… Don’t try to comfort her, everything you say is gonna come out wrong. Just leave her in the corner, she’ll stop at some point, and nine times outta ten there is someone at the party who gets caught in her emotional web. Let them handle it.

4. The Stumbling Mess- This person is just a hammered mess, incoherently ranting to you about something, or just doing their best impression of someone who can actually walk. Usually the same person at every party, every group of friends has that person who just cannot handle their liquor, or if they can have NO concept of their limits. It can be a guy or girl, sometimes if you’re really lucky it’s one of each and they have found each other. Usually at that point they start dancing horribly and running into shit. The best thing you can do with these people is just let them pass out, or if you are really evil give them shots till they throw up in the bathroom and call it a night so you don’t have to deal with them anymore. In certain situations this can be the most flat out aggravating person at the party, because their is no ability to reason with them. If you get any speech out of them at all it’s basically a slurred “Why are you getting mad man, I’m just having fun.” This being after the third time he’s thrown an elbow into the back of your head while he “dances.”

3. Dr Jekyll and Mr Hyde- Goes from cool person at the beginning of the night, who you can have a decent conversation with. However once they get drunk, it’s FIGHTING TIME. Everyone is looking at them, everyone is starting with them. It can be hard to spot this person, because they were chill at first. However they may possess are a few key signs…

1. Does he look like he left the gym, didn’t change, and came right to the party?

2. Does he have a basic tribal tattoo or barbed wire?

3. Did he find the coke he was looking for?

If you answered yes to one or more of the above questions, be aware. Not scared, just aware, because most of these guys like to yell and maybe even push, but can’t actually handle themselves worth a shit. Still, remember, fights ruin parties, so just tell him you saw some guy out in the hall talking shit about him, and when he leaves lock the door.

2. The Politcal Drunk- Almost inevitably in college with little or no political background. Rarely actually a government or politics major, might be a white guy with dreadlocks, or a Che’ Guevara shirt, or more likely both . This person knows how to fix everything, if we just adopted Zaire’s economic structure, with Canada’s health plan, and Slovakia’s school systems we would be so much better off. They never have specific examples, just vague ideas. They feel like they are breaking shocking news when they tell you Bush isn’t a very good president. Did you know he has married big business and government? Because they do! Not only do they know these things, they think the party atmosphere is a wonderful setting for their rants. I don’t suggest getting involved with these discussions, however tempting to call the person on their bullshit it might be. This person on some nights also plays the part of religious topic drunk.

1. The Vulture- This guy is the worst for a simple reason, you actually want to hit him when you see him in action. The rest of the people on this list you can ignore, and if your drunk enough even converse with. They aren’t bad people, just shitty drunks. This guy sucks, he walks into a party, nobody ever quite knows how he knows about the party or who he’s there with. At the very least he makes an awkward drunken pass at the party hosts girlfriend or visiting sister. When he’s caught he acts innocent, and pretends he is deeply offended by your accusations. You can then spot him by his mid-party tactics of trying to comfort the Crying Girl (so he can get laid), or hit on the Inappropriately Dressed Girl. As he gets drunker, his tactics get worse, and by the end of the night you can usually see him curled up on a couch with a passed out girl trying to maneuver his hand down her shirt. This guy tends to have had his ass kicked more then anyone else in history.

The Daily Show: The Long, Flat, Seemingly Endless Bataan Death March To The White House

Basically, Its an app that “grabs” multiple PuTTY windows into one, tabbed interface. It supports having an encrypted proprietary database of all your connection entries, complete with macroing your login credentials post-login commands.

Its current version, 0.6.0, works well enough, but has several GUI bugs(window not coming into foreground when clicking into the PuTTY window), and its macros do not support any kind of EXPECT functionality(only perform next command if the previous one returns “x”).

I still recommend it, beyond its annoyances, and hopefully they will be corrected soon. Here is a link to their site: http://puttycm.free.fr/