Friday, February 27, 2009

More movement to Open Source

I’ve decided to take yet another leap, deep into the world of Open Source.  This year I will be replacing all of our Cisco PIX and VPN infrastructure with pfSense and OpenVPN.  I’ve been contemplating this for quite awhile, but have only recently decided to take the plunge.  pfSense, if you haven’t heard of it, is an Open Source firewall based on FreeBSD.image

After spending time reading about Untangle, Astaro, Smoothwall and m0n0wall I’ve decided that pfSense is probably the best based upon my needs.  I’ll be running it from a repurposed server with VmWare ESXi.  This will allow me some portability in case the box dies an untimely death as well as giving me the opportunity to put some other items on the same hardware for my dmz.  I’m sure I’ll be blogging about this as I go so stay tuned as I squeeze more money out of my budget with great Open Source software.

Thursday, February 26, 2009

Cheap and Dirty Security Camera

When we recently opened of a satellite office and the question of site security came up.  We decided as part of our security solution to install security cameras at each door.  After careful consideration we chose the Axis M1031-W Network Camera.  This camera was relatively cimageheap (~$260) and allows us great flexibility in how we handle security.  We can stream directly to a centralized computer, we can take snapshots based on detected movement, we can take snapshots based upon PIR sensor movement (passive infrared..aka movement in the dark) or we can simply chose to stream based upon a set schedule.  There are a multitude of options on this camera including a blinding light to illuminate the area if movement is detected and two way audio to scare the jeepers out of someone walking by.  I choose to ftp snapshots to a Linux remote server.  I wrote a simple shell script to keep only a certain number of days of photos.  Here’s the script if you are interested:

#!/bin/bash
FTPDIR=”/home/camera”
DAYSOLD=90
find $FTPDIR –mtime +$DAYSOLD –exec rm  {} \;
#eof

Easy peasy. Schedule that pup up by editing your crontab (crontab –e) to run every day ( 0 0 * * 0-6 /usr/bin/cleanftp) and you’re all set.

Monday, February 23, 2009

ShoreTel – Receptionist Phone Setup (Tricks and Tips)

So how do you set up your receptionist’s phone with Shoretel?  Our requirements were:image

1. All calls to the main number should be directed to the receptionist phone during business hours.
2. The receptionist should have her own extension (outside) and voicemail.
3. When the receptionist steps away from her desk, she should be able to transfer the calls to a group of 3 secretaries.  All the phones should ring simultaneously until the call is answered. If no one answers, the call should be placed in the general email box.

So how did we accomplish this?  Well we started off by creating a regular user account for the receptionist.  Then we created an Operators hunt group and and Operators-backup hunt group.  The Operators hunt group it tied to the main outside line.  The only member of the group is the receptionist.  The second hunt group, the Operators-Backup group has all 3 secretaries as members and is set to simultaneously ring all phones (Distribution Pattern = Simultaneous).  When the receptionist needs to leave her desk, she busy’s out the hunt group (*18<main-extension-number>) and all calls roll to the Operators-Backup group.  This works because the “Call Stack Full” option in the Operators group points to the Operators-Backup group.  When she gets back she just types in the same code and the Operator hunt group “unbusy’s” the line.  Unbusy is a word, I swear. I just used it in a sentence.

So how did you do it? Hit me up in the comments.

Thursday, February 19, 2009

Hard Disk Erasing Utility

Got a stash of old drives or machines laying around for disposal?  Don’t let them go out the door without stifling your secrets! Use Darik’s Boot and Nuke to wipe your files off the drive.  image

Let’s hope you do this sober because it’s a one way ticket to complete and utter destruction of the data on the drive. :)  This Open Source Software tool allows you to create a boot floppy, CD or DVD image which can be used to boot the machine and wipe any and all partitions or drives on the machine.  The software overwrites your data with random bits of data on a few different passes.  Think of the disk as a chalkboard.  When you wipe the chalk off a chalkboard using an eraser, sometimes a faint image can still be seen. If you wipe it multiple times the image gets less readable each time. Same deal with your data.  Definitely a good tool for the old tool bag.  Enjoy the tasty destructive goodness!

Tuesday, February 10, 2009

Snare - Log collection tool

Too many logs to keep track of?  Missing critical events because it's too much work to manually check the event logs on all your servers?  Can't fix what you can't see?!?!?  Try Snare.  Snare  "provides front end filtering, remote control, and remote distribution for Windows eventlog data."  image We use this tool on all our servers to forward event logs to a Linux box running syslog-ng.   We also point all our infrastructure gear and linux servers (again with Snare) here. We view the logs via phpLogCon a web based front end.  This combination works really well to centralize all of our logs.   Snare is named after the pneumonic  "System iNtrusion Analysis & Reporting Environment."  There are versions of Snare for just about every operating system as well as a customized version called Epilog for IIS, ISA, Apache, Squid and Lotus Notes.  If you haven't centralized your logging yet take a byte out of this tool!

Wednesday, February 04, 2009

WinSCP - The coolest ftp/sftp client out there

Ok...there's like a gazillion ftp clients out there.  WinSCP stands above all the rest. Why you ask?  Well...because:

* It's Open Source
* It supports SFTP (which you should really be using if you are hosting files..but that's another discussion) and SCP
* It can be batched (so it can be scheduled) and it can be run from the command line
* It integrates with Putty's Pageant for SSH authentication
* It can run from removable media
* It has an integrated text editor
* It does the best job of directory synchronization I've seen in any ftp client (manual, semi-automatic and fully automatic)
* It has a Windows Explorer interface or optionally a Norton Commander interface (for you old farts that remember the DOS days)
* Supports Drag&Drop in Windows
* It supports files over 4GB for sftp and ftp
* Supports walking through directories on a Linux server allowing you to chmod files and directories recursively

Enjoy the Open Source Goodness!!!


image