Categories
Conferences

LCA 2015

LCA 2015 is almost here!

I will be arriving in Auckland on Sunday and departing on Saturday.

Those of you wishing to get in touch with me during the conference can here.

Categories
Security

A valid reason not to broadcast an SSID

I never thought I would find a reason not to broadcast an SSID for a wireless network, alas I have.

Fortinet provide a number of Wireless devices designed for remote deployment (in particular the FAP-11C, FAP-14C and FAP-28C), these devices connect back to your Wireless Controller via a remote network such as one you would use in a hotel. The devices are intended for travelling and remote staff to use your corporate network as if they were in the office.

A handy feature of these devices is that they include multiple LAN ports (1, 4 and 8 respectively), which are particularly handy for VoIP phones and other network devices that you would rather not have on WiFi.

Unfortunately, Fortinet’s software currently only allows you to have these ports:

  1. Disconnected / None
  2. Bridged to the WAN Port
  3. NAT to the WAN Port
  4. Bridged to an SSID / Wireless Network

To get around this and prevent malicious users from connecting to what should be an internal network: Note – this section assumes your SSID / Network name is A_LAN_Network.

  • Create a local group that doesn’t contain any users: 
  • Configure the SSID WiFi Options: 
  • Hide the SSID – Unfortunately this has been removed from the GUI in FortiOS 5.2, use the commands below in the CLI:
    • config wireless-controller vap
      • edit A_LAN_Network
        • set broadcast-ssid disable
  • Apply the SSID to the LAN Port under the FortiAP Profile: 

Pictured above is the FortiAP Profile options for a FAP-11C. It should be noted that the FAP-14C puts all 4 LAN ports on the single selected option whereas the FAP-28C allows all 8 LAN ports to be placed on different SSIDs / Networks.

Categories
Hardware

Fitting your NC360T into a PCIe 1x slot

Since adding a RAID card into my HP MicroServer (N40L) I’ve been struggling with the loss of my dual port NIC. After looking through a fair few posts where other people have trimmed their card to fit the slot and reading through the PCI Express standard I decided to do it as well.

There are other options, such as cutting the slots on the motherboard and covering the excess pins on the card with tape, however I didn’t want to risk any damage to the motherboard.

  1. Mark the cuts We want to leave 7 pins, this leaves 2 lanes for the PCIe 1x slot. Version 2 of the PCI Express spec gives us 500MB/s per lane. I’ll leave you to do your own math there as my intentions are for segregation rather than speed. 
  2. Mark the back as well
  3. Sand and file back I sanded with a Dremel to the point below, then used a file to carefully reduce the remaining bit that looks as if it would hold the card out of the slot slightly. Sanding took about 2 minutes and produced a very clean result. This would be a great time for your phone to not be in your pocket.
  4. Clean any dust and debris off the card carefully.
  5. Insert the card and see if it appears, mine shows in ESXi 5.1 as below

Categories
How to Software

How to: Setup Redmine 2.1.4 on Ubuntu 12.10

Redmine is the best software package I’ve come across when dealing with software development and I highly recommend its use to everyone, however quite a few people have issues setting it up. Especially those who are new to Ruby or Rails. This guide walks you through the basics of setting it up on a fresh Ubuntu 12.10 installation.

sudo apt-get update
sudo apt-get upgrade
  • Install Ubuntu 12.10 (this guide uses Ubuntu Server 12.10 64-Bit). I would recommend installing this on it’s own server or virtual machine.
  • Update the system
  • If any kernel upgrades are required, this would be a good time to restart the server.
  • Install the packages we will require, this may take some time as the list is quite long.
sudo apt-get install ruby rubygems libruby libapache2-mod-passenger ruby-dev zip unzip libmysqlclient-dev libmagickcore-dev libmagickwand-dev mysql-server mysql-client

You will be prompted for a MySQL root password. Usual decent password practices apply.

  • Download Redmine v2.1.4 from RubyForge.

    http://rubyforge.org/frs/?group_id=1850

    You can download either the tar or zip version. Download the MD5 Sum of the file as well (it will have the same file name but with ‘.MD5’ at the end and will be quite small.
wget http://rubyforge.org/frs/download.php/76495/redmine-2.1.4.tar.gz
wget http://rubyforge.org/frs/download.php/76495/redmine-2.1.4.tar.gz.md5
  • Confirm the MD5 of the file you downloaded matches the one in the md5 file
md5sum redmine-2.1.4.tar.gz
cat redmine-2.1.4.tar.gz.md5

If the strings do not match, one of the two files is corrupted.

  • Untar or Unzip the file and move the folder to an appropriate location
tar -xzvf redmine-2.1.4.tar.gz
unzip redmine-2.1.4.tar.gz
sudo mv redmine-2.1.4 /usr/local/share
cd /usr/local/share/redmine-2.1.4/
  • Install appropriate gems
sudo gem install bundler
sudo gem install rdp-mysql2
  • Install the Redmine ‘bundle’ without dev / test environments and other database components
sudo bundle install --without development test postgresql sqlite
  • Create a MySQL user and Database for Redmine (using the local server)

    In these steps “your_password” should be replaced by a password different from the root account.
  • Connect to the MySQL Server Daemon:
mysql -u root -p
  • Create the new user:
CREATE USER 'redmine'@'localhost' IDENTIFIED BY  'your_password';
  • Create the new database:
CREATE DATABASE IF NOT EXISTS redmine;
  • Grant the user rights over the database:
GRANT ALL PRIVILEGES ON  redmine . * TO 'redmine'@'localhost';
  • Create the Database configuration file
sudo nano config/database.yml
  • Enter the following text, replacing your password as per above
production:
  adapter: mysql2
  database: redmine
  host: localhost
  username: redmine
  password: your_password
  • Generate the session secret:
sudo rake generate_secret_token
  • Create the empty Redmine Database structure
sudo RAILS_ENV=production rake db:migrate
  • Populate the database with default data (optional: Only skip this step if you know what you’re doing in terms of configuring workflows / etc in Redmine)
sudo RAILS_ENV=production redmine:load_default_data
  • When prompted, select the appropriate language.

  • Configure Apache
sudo nano /etc/apache2/sites-available/default
  • Delete all the existing data in the file and insert the following base config:

DocumentRoot /usr/local/share/redmine-2.1.4/public

AllowOverride all
Options -MultiViews

  • Restart Apache2
sudo service apache2 restart
  • Open Redmine: http:/// Default details: Username – admin Password – admin

Other steps you should take:

  • Configure Redmine to send emails
  • Enable the Ubuntu Firewall (UFW)
  • Create a backup script that backs up uploaded files and the MySQL database
  • Tweak the Apache2 configuration to be more secure
  • Install the Nagios monitoring client
  • Setup rsyslogd to log to a remote location

Depending on demand I may create some How To guides for the above.