22.02.2004
Posted in Uncategorized at 11:55 by nlawren
It can be a very frustrating time to try and do your best in a win32 world. Particularly when you have to manage an old forest which has :
- No automated software distribution to servers
- No automated reporting
- No patch management of any sort
- No defined AV updating methodology
So to try and make my job easier, I’ve now implemented most of the above in the test part of the this forest (45+ servers, 9 domains, 5 application servers total used, maybe 5 users). Using SUS. MBSA and some vb scripts I’ve whipped up, I’ve now got the whole test forest doing daily checks of SUS and everything aside from some critical DCs do automatic reboots. Using MRTG, I can monitor what is happening with these boxes (cpu, network, uptime, diskspace).
I’ve also implemented an automated AV updating and scanning setup but haven’t really worked out how to report properly on that. I can at least report via html/csv what the definitions are which is a huge advance over what we had before (nothing).
My manager and co are rather happy about this as this takes rather a weight off them (they now only have to worry about the legacy NT4 stuff - 77 days to patch everything with ms04-007 apparently - horrible isn’t it). My comment to him when he asked about implementing something like that into NT4 land was “If it doesn’t have terminal services and WMI, I’m not touching it.” Meant seriously but also in jest. These two technologies combined with a scripting languages like Perl and vbscript along with technologies like SUS definitely ease the pain.
Now to think some more on how to get AV logs rotated and reported on. Then plan how to implement this into production (yes, it is Sunday….).
Permalink
11.02.2004
Posted in Uncategorized at 8:33 by nlawren
Busy busy last few days. Life returned back to normal on Thursday when the other member of the household returned from deepest, darkest Tasmania. Then the fun started - putting the new kitchen in - work, work, work. Still, it is in now (sans a sink for the moment) and now we just need to put everything back in.
In computer things, I’ve learnt that Net::DNS is a very useful perl module and that Windows2000 doesn’t appear to register PTR records very often (at the end of a 128k link). Annoying to spend a few hours working on a perl script to do DNS lookups only to find that of 195 servers you look up, only 1 (ONE) actually had a reverse record in DNS. Bah.
Installed Fedora Core1 and found it very very nice. The installation was the best I’ve ever seen in a Linux distribution and the desktop is very polished. Yum makes updating easy and even updated kernel correctly - being able to do upgrades like apt-get upgrade makes living in FC1 nice. My current plan is to put this onto a computer I’m building for my mother and see how she goes. Yum is a but sluggish but that is because I haven’t sat down and changed the mirror list for updating. Having used Debian exclusively for the past 18months, moving back to the redhat way of doing system configuration is interesting to say the least.
Knoppix 3.3 has been updated and the German magazine C’T has released the 3.4 version (which includes the 2.6 kernel). This should make a lot more people try 2.6 which is a good thing. The normal version has been officially released yet but is on the way. Speaking of knoppix, a nice article on IBM DeveloperWorks about using Knoppix as a recovery tool.
Both myself and myrddin are experimenting with using Linux software raid - I’ve currently got a 45gig raid1 partition on my FC1 box and am looking to put a raid1 120gig mirror into my firewall/fileserver. The price of hard drives these days makes this a very inexpensive option. I remember the cat /proc/mdstat command and, as usual, found the Software-Raid howto to be very handy in learning and planning the migration.
John from monkeyc has some very amusing comments about blogging and the whole Livejournal/Blogging setup - well worth a read. Now to create a hosts file via perl that I can then use to do my reverse lookups.
Permalink
02.02.2004
Posted in Uncategorized at 17:45 by nlawren
Monday afternoon and I just can’t be buggered. It was a busy week last week and I kept meaning to post but kept getting distracted. End result - nothing but workage all week….
However, it was productive, I managed to get the various vbscripts (virus definition checking, software installed, hotfixes etc) behaving very nicely and kicked out some nice html output. Almost time to try and test it on someone else to see what else breaks I think.
My other half is away at the moment which means much computer time and nothing much else (aside from when I remember to eat and sleep). Still, she gets back on Thursday which is good thing (and then our new kitchen goes in on Friday - which means bye, bye uptimes). Oh well.
It turns out that Mydoom.A/Sco.A (whatever you want to call it) appears to be the working of Russians and, imho, the whole DDOS thing is just a diversion. What media outlet is talking about the remote control backdoor, the keylogger, the smtp engine? None - they are all concentraing on the whole SCO is going down because of nasty Linux hackers crap. I loved the Netcraft document on things SCO could do (what they couldn’t do, of course, is to use Akamai because Akamai uses Linux - unlike Microsoft who do just that). So after a while, SCO is down because….they took out the www cname. Funny really. Groklaw continues to amaze with the depth of coverage of this whole thing - the article on ABI’s is essential reading for anymore even remotely interested in the whole saga (which should be anyone reading this).
Picked up some new computer parts yesterday - amazing how cheap hard drives are these days (AU$145 for a Seagate 120gig and $260 for a Maxtor 60gig 2.5 laptop drive). So, once all these upgrades and swapping are finished, for the first time I’ll be spinning over half a terabyte (578gig to be precise). Life is good 
I see John from monkeyc has moved house - with no cable and maybe no ADSL, life will be hard. And yes, John, Dodo ain’t bad at all for dialup.
A wonderful page on how to move data between machines (ie “ghosting”) by using dd and netcat - a very neat trick (he says watching it running in the background). I’ve never really used dd before and this is proving an eye opener.
Now, time to go and hunt down a nice glass of wine which I learn how to train bogofilter on spam.
Permalink