Using DBAN for Data Sanitation

If you're getting rid of your PC at home or retiring PCs in the office it is recommended that you first wipe the drive of any remaining bit of information.  I'm not going to debate the merits of method or the other, or if this is even worth while. I'm a firm believer that 99% of the time this tool will wipe your drive and the data will be unrecoverable to most people or attacks.  Personally, I run the PRNG method with 8 passes to overwrite the drives I'm getting rid of.  This is on top of using secure delete methods to overwrite individual files as I delete them on my PC in day to day operations.

If you're very paranoid anyhow, you should be using something like Truecrypt to encrypt everything at rest on your hard drive, and possibly even a hidden encrypted volume inside of that.  Even here, I would wipe a drive when I was done with it.

The first thing to do is to download the ISO image from dban.org/download. Then you will need to burn the ISO image to a CD. (A quick Google search should get you some results.)

Once you boot your PC with the burned image you should come to this screen.

Initial Boot Screen

If you hit the F2 key you will see this screen.

DBAN About Page

Hitting F3 will get you this screen.

Quick Commands

F4 will get you to this note about RAID devices.  Remember always dismantle your RAID volumes before wiping them!

A message about RAID devices

If you hit enter on the Initial Boot screen you'll end up here in Interactive Mode.

Interactive Mode

In Interactive Mode you can choose which Pseudo Random Number Generator to use. You have two choices (Mersenne Twister and ISAAC, but I go with Mersenne Twister, but apparently ISAAC is more secure.

Pseudo Random Number Generator (Mersenne Twister) explanation

Pseudo Random Number Generator (ISAAC) explanation

If you need to quickly zero out a drive, such as before re-installing Microsoft Windows or for some other reason this option is for you.

Wipe Method (Quick Erase explanation)

Wipe Method (RCMP TSSIT OPS-II explanation)

Wipe Method (DoD Short explanation)

Wipe Method (DoD 5220.22-M explanation)

Wipe Method (Gutmann Wipe explanation)

Wipe Method (PRNG Stream explanation)

Verification Mode (Verification Off Explanation)

Verification Mode (Verification Last Pass Explanation)

Verification Mode (Verification All Passes Explanation)

Changing the number of rounds

Something to note, if you have multiple drives installed and selected for wipe (from Interactive Mode) they will wipe in parallel.  This can speed things up significantly if you have a lot of drives to wipe

Running in parallel

When DBAN has finished you'll come to this screen. If you don't have a Green pass next to each disk you wiped it may be a failed disk.

All Done!

After running DBAN a few times you should become comfortable with the different options and what they do. I started out running in interactive mode all of the time, but now when I get to the Initial Boot Screen I simply type prng (Which used the prng method with 8 passes and verification on the last pass) and let it go to town.  I only do this however on machines where I want to wipe everything.  For safeties sake I always physically disconnect drives I do not want to wipe.

Installing and Configuring ZendServer Community Edition (CE) on CentOS 5 / 6

The quick and the dirty:

Download the Zend Server (DEB/RPM Installer Script) from zend.com. (An account is required).

un-pack the the tarball (tar -xzfv ZendServer-5.5.0-RepositoryInstaller-linux.tar.gz)

Run ./install_zs.sh 5.3 ce or ./install_zs.sh 5.2 ce depending on which version of PHP you want to run.

Edit your iptables (you are running iptables right?) vi /etc/sysconfig/iptables

Add in a line for the ZendServer lighthttpd server (-A INPUT -m state --state NEW -m tcp -p tcp --dport 10081 -j ACCEPT)

Restart iptables (/sbin/service iptables restart)

Visit (http://YOURSERVERHERE.com:10081/ZendServer/) in a web browser to accept the EULA and set a password.

Alternatively run (/usr/local/zend/bin/zs-setup accept-eula) and (/usr/local/zend/bin/zs-setup set-password YOURSECUREPASSWORD )

If you need to restart Zend Server run /sbin/service zend-server restart.  This will restart both apache (httpd) and the LightHTTPD Zend Server gui.

Some important notes before heading off into the wonderful world of Zend Server:
Be sure that your distribution's PHP isn't installed as well as the Zend Server, including the CLI, as it will mess with running php from the command line and who knows what else.

The php binary is located at /usr/local/zend/bin/php, which can be verified by running which php.  As such if you need to run php from cron be sure to add this to your path. (I have PATH=$PATH:$HOME/bin:/usr/local/zend/bin in my ~/.bash_profile).

If you need to modify a setting in php.ini you will find it at /usr/local/zend/etc/php.ini.  Remember to restart zend server for any changes to take effect.

Beyond those things there isn't too much difference between running zend server and running php from your distribution.

uCertify 117-101 Junior Level Linux Professional-I review

Recently, the folks at uCertify requested I review one of their certification test suites.
In my past experiences with certifications I've used a variety of study material, including instructor led classes, books, as well as electronic tools similar to those offered by uCertify.

I prefer instructor led classes, but a mix of books and electronic tools are also a viable option for me.

The uCertify catalog includes a wide variety of test preparation kits for a number of popular certifications, including:  LPIC, Cisco, Zend, Linux, Microsoft, etc. Given I am currently in the process of studying for my LPIC-1, I selected the Junior Level Linux Professional (LPIC-1) track, which provided me access to the 117-101 Junior Level Linux Professional-I preparation kit.

I was able to install the software quickly and easily without any problems.  The activation was also painless, which I expected.

To start out, the tool offers a variety of teaching tools including study notes and practice quizzes, which is what I was really looking forward to. Each of the components is easy to use and follow, although the navigation confused me a bit at first.

The content itself seems accurate. Much of it appears to be snippets of relevant text from the official Linux man pages, with some text with a degree less of technical jargon to it to further explain the topic at hand. There where some areas where the content was a little lacking, but it didn't happen too often.

The practice tests themselves are pretty good. They relate directly to the study material and are worded such that they are easy to comprehend. They also have the same cadence and tone that are on the actual tests.

A couple of nice features that stood out from other tools I have used in the past include the ability to select different test modes and creating custom tests. In addition, within the test itself, the ability to add notes, print items and even provide feedback are all quite helpful. Of course, it also contains other expected features such as bookmarking of questions and a summary of answers for final review prior to submitting for results. The test experience itself was quite good and provided simple methods for reviewing the results and furthering one's understanding of the subject.

Without the benefit of having taken the official exam, it is also a bit difficult to gauge the usefulness of other features such as the Test Readiness Report and Objective Readiness Report, both of which are aimed at providing insight as to how well one might perform on the official test.

Overall, the uCertify tool is a comprehensive and flexible learning tool that is definitely worth considering, specially at the $80 - $100 price point (depends on selected test). Those looking for self-paced preparation kits will find it easy to use, thorough and extremely helpful.

TL;DR
Simple installation
Good Price point
Relevant study material
Comprehensive set of tools
Different learning techniques for varying preferences
Flexible practice tests

uCertify test preparation kits are available at: www.ucertify.com

Logmein Hamachi - Hub and Spoke Network

This is going to be another quick one, mainly so I remember how to change which computer is a hub and which computer is a spoke.
In "My Networks", click on "Edit" in the desired network. Then click the link "Add/Remove members" and there you can set the Hub/Spoke radio button.

That's it!

System Activity Report (sar) and You

sar is an acronym for System Activity Report. It takes a snapshot of the system periodically. On most distributions it comes with the sysstat package. On Redhat and derived distributions the package will install a set of cron jobs in /etc/cron.d/sysstat. There are two cron jobs to take note of. The first one runs every ten minutes as root. It runs the script /usr/lib/sa/sa1 -S Disk 1 1. This script saves its output in report files. The files are written to /var/log/sa/sar[dd], where [dd] is the two digit date for today's date. (e.g. Today is 8/26/2011. The log file is /var/log/sa/sar26)

The second cron job runs at 23:53. This cron job summarizes the days activity. Both of the reports are saved as binary data, so normal tools are useless here.

There are many flags to use with sar when running it interactivly. Some of the flags have additional atguments that are required when used. One example of thses flags is -n which al requires an additional argement suach as DEV or NFS ro IP. This specific example has eightteen (18) potential arguments, not including ALL.

With sar liberal use of the man pages are highly suggested. Not only are the flags and any arguments documented, but the headers for each one and what they represent are explained as well. This comes in handy if you get overzealous with flags and aren't quite sure what you're looking at.

I'm only going to cover some of the most notable flags, what they show and their headers. Be careful however as some flags exist in both upper and lower case and report vastly different metrics. One example of the is -b which reports on I/O transfer but -B reports on paging stats.

First off the plate is -b which as I've already stated reports on I/O transfer stats and has the following headers:
    tps: Transfers per second to a physical device.
    rtps: Read transfers per second to a physical device.
    wtps: Write transfers per second to a physical device.
    bread/s: Blocks (since kernel 2.4 = sectors = 512 bytes) read from devices per second.
    bwrtn/s: Blocks written to devices per second.
Example output from a production server running: sar -b 1 1
  Linux 2.6.18-274 el5PAE (server.domain.com) 8/26/2011
  09:23:57 PM    tps             rtps         wtps          bread/s     bwrtn/s
  09:23:58 PM    7829.00    133.00    7696.00    1528.00    76960.00
  Average:           7829.00    133.00    7696.00    1528.00    76960.00

-B will report paging stats. Some metrics / headers are only available in kernels 2.5 and newer.
    pgpgin/s: Kilobytes paged in from disk per second.
    pgpgout/s: Kilobytes paged out from disk per second.
    magflt/s: Major faults per second (hits to disk, this is a bad thing...)

-c Process creation stats.
    proc/s: Processes created per second.

-d Activity for each block device.
    tps: Transfers per second
    rd_sec/s: Sectors (512 bytes) read from block device per second.
    wr_sec/s: Sectors (512 bytes) written to block device per second.
    avgrq-sz: Average # of sectors
    avgqu-sz: Average queue length
    await: Average time in milliseconds for queue + servicing request.
    svctm: Average servicing time.
    %util: CPU percentage while I/O requests where issued. Close to 100% = device saturation.
 
-n DEV Network interface stats.
    IFACE: Interface Name
    rxpck/s: Packets received per second.
    tcpck/s: Packets sent per second.
    rxbyt/s: Bytes received per second.
    txbyt/s: Bytes sent per second.
    rxcmp/s: Compressed packets received per second.
    txcmp/s: Compressed packets sent per second.
    rxmcst/s: Multicast packets received per second.

-P ALL Per processor (or core) stats

-p Print pretty device names
    Shows block devices as sda instead of dev8-0. Has no effect on Network device names.
-A same as: -bBcdqrRuvwWy -I SUM -I XALL -n ALL -P ALL

After you install the sysstat package you really need to let it run for a while and gather stats to see the real beauty of it all.  However you can run it interactively if required. When running sar interactively the syntax is sar -FLAGS Interval Duration. (e.g. sar -b 2 60) runs I/O stats every two seconds for a minute.  This is very hand to run if you're troubleshooting a slow system or watching it under load.

Changing the from e-mail address in Nagios

This is going to be another short one.  I recently had a need to change the FROM address for e-mail from our Nagios installation. E-mail was coming from nagios@host.domain.com, which is non-route-able  from outside our network.

The change is very simple. Change the two command lines in your Nagios commands.cfg dealing with notify by e-mail. The command names are "notify-host-by-email" and "notify-service-by-email".

By default these lines read:
 /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/        Time: $LONGDATETIME$\n" | /bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$

and

/usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE        $\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$" | /bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$

To change  the from address you append " -- -f nagios@domain.com", that is without the quotes of course.  So the new lines look like:

/usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/        Time: $LONGDATETIME$\n" | /bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$ -- -f nagios@domain.com

and

/usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE        $\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$" | /bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$  -- -f nagios@domain.com

To explain it a little what we appended was a space followed by two dashes, which forces mail to pass those along to sendmail. Send mails sees the addition of  a dash followed by the letter f and then another space and the e-mail address you want to send from.

On my system this is an alias for myself so that all replies come to my inbox.

All of this works on CentOS which is what I'm currently running.  It should work on other distributions as well, but I haven't the time to verify that.

Powershell Get-ChildItem Count 1 result

This is going to be a quick one. I'm working on a new Powershell script (my second) and I'm doing some sanity checks before I actually try to continue the workflow.

If you run the command below and it returns only one item and then either try to print out $fileCount or run an if statement or something against it like if ($fileCount -gt 0){do some stuff} the "do some stuff" won't happen.
#$fileCount = $(get-childitem C:\ -filter *.zip).count

This is because the count method returns an array, which if only one item is in it doesn't get created and thus is 0.   To get around this you must create the array first. You can do this in the same line of code as shown below.

#$fileCount = @(get-childitem C:\ -filter *.zip).count

The at sign there will create the array and you will have one item in it.