Rumi
PKI Framework for Supporting the Security of Mobile Communication from its Core
1. Business areas into which e-commerce is continually expanding
In the past ten years within the computing world, the term "mobile computing" has become popular. And owing to the improved performance of mobile information terminals such as cell phones, notebook computers, and personal digital assistants (PDAs), the use of such devices has continued to spread into areas that were unthinkable ten years ago.
Taking the example of mobile phones, we can see that their display size has got bigger year on year, and it has now become a matter of course that internet web pages specially prepared for mobile-phone use can be viewed on these bigger displays. What's more, the entire business area of so-called "electronic commerce" (referred to as EC or e-commerce)–including mobile banking and mobile shopping–is continuing to expand.
More specifically, in the case of mobile banking, a mobile phone can be used for various banking services, such as balance enquiries, deposit and withdrawal enquiries, direct deposits, and money transfers. And in the case of mobile commerce, it can be used for such activities as enjoying shopping from "net catalog" schemes and selling one's things through "net auction" services.
Furthermore, to take the example of notebook PCs, it seems that these days internet environments called "hot spots" are appearing on every street corner, and they have created a situation in which users of notebook PCs can freely use the internet with the same sensation whether at home or at the office.
Nagios JBoss Plugin
Perl script to check thread and memory usage of a Jboss server.
I didn't like the Jboss checks that I've found which require Java or remote-run, so I wrote this. It's a simple check that looks at memory usage and busy threads. I did this with percentage thresholds to make it dynamic.
Usage: check_jboss_status.pl [-H
[-m
[-h
-H
-P
-a
-h
-t
(default: 80,50)
-m
(default: 80,50)
Icininga on SSL
This is intended to be an introduction for implementation of stronger authentication and server security focused around the CGI web interface.
There are many ways to enhance the security of your monitoring server and Icinga environment. This should not be taken as the end all approach to security. Instead, think of it as an introduction to some of the techniques you can use to tighten the security of your system. As always, you should do your research and use the best techniques available. Treat your monitoring server as it were the most important server in your network and you shall be rewarded.
Additional Techniques
Stronger Authentication using Digest Authentication . If you have followed the quickstart guides, chances are that you are using Apache's Basic Authentication. Basic Authentication will send your username and password in "clear text" with every http request. Consider using a more secure method of authentication such as Digest Authentication which creates a MD5 Hash of your username and password to send with each request.
Forcing TLS/SSL for all Web Communication . Apache provides TLS/SSL through the mod_ssl module. TLS/SSL provides a secure tunnel between the client and server that prevents eavesdropping and tampering using strong publickey/privatekey cryptography.
Locking Down Apache Using Access Controls . Consider locking down access to the Icinga box to your IP address, IP address range, or IP subnet. If you require access outside your network you could use VPN or SSH Tunnels. This is a easy and strong to limit access to HTTP/HTTPS on your system.
Nagios LDAP Monitoring (works for icinga as well)
on commands.cfg file
define command {
command_name check_ldaps
command_line $USER1$/check_ldap.pl -H 192.168.0.123 -p 389
}
on your <server.cfg> file-
define service{
use generic-service ; template name, available by default
host_name LDAP ; unique name of the host being defined
service_description LDAP Daemon ; description of the host
check_command check_ldaps
}
But this plugin requires Perl Net::LDAP modules installed. For installation of Net::LDAP perl CPAN module, you read this post
Download the check_ldap.pl from here.
Install Perl CPAN on CentOS troubleshooting Net::LDAP
First we need to make sure our perl modules are all there and up to date. We can do this easily by Running
perl -MCPAN -e –shell
Let it run. Answer “no” when it asks about Manual configuration.
Once it stops you'll be at the cpan prompt….type
install Bundle::CPAN
this will install many perl modules for you. Answer “yes” to any dependency questions. When you get to the question about “libnet”….answer “no”. Once you are finished…hit “enter” to exit….it'll run for a few seconds more and then bring you back to the cpan prompt. For good measure let's type
install Net::LDAP (it should be up to date)
Installing NRPE For Icinga on Ubuntu 10.10 & CentOS 5.5
I currently have Icigna 1.2 (classic, web, and mobile) running on Ubuntu 10.10. I have a few other Linux servers that I would like to monitor as well. There is a good amount of information on installing Nagios and things to accompany it but Icigna documentation and blogs are fewer.
The goal of this post is to document how to install NRPE on a Icinga server (Ubuntu 10.10 x64) and monitor a remote host (CentOS 5.5 x64).
I also want to give credit to two other blog posts I used to get my systems functional and for this post.
fishfood: http://www.fishfood.co.nz/2010/03/howto-install-nagios-nrpe-for-use-with.html
The Geek Stuff: http://www.thegeekstuff.com/2008/06/how-to-monitor-remote-linux-host-using-nagios-30/
Step by Step Zimbra 6.x installation on CetOS 5.x
First you need to install a fresh CentOS operating system, keeping almost everything as default state. In this installation note I'm assuming few things-
- There is either a LARGE '/' partion or a LARGE '/opt' partition. Zimbra by default is installed on /opt directory
- I'm also assuming that the server is not sitting beehind a firewall (for example if it's reched by port/ip forwarding from firewall, it won't work). But there are some additional tasks that can allow you to run it behind a firewall. But unfortunately, I won't cover that up here.
- SELinux and Linux firewall, should be disabled for the time being.
- You can install webmin, and from there you can create your custom firewall policy/rule- but you can always do this later, after post installation of Zimbra
Now let's start.
Now we need to shutoff some services that will interfere with ZCS.
Running Zimbra on HTTPS
1. First you need to su as 'zimbra' user
2. go to /opt/zimbra/bin/
3. Use the following commands to enable SSL:
./zmtlsctl https
./zmcontrol restart
Now it's working like a charm. For other readers:
I can only access to webclient by SSL now (but that's ok for me).
other options are:
[mixed|both|http|https|redirect]
Dhaka to introduce digital signature
Bangladesh is set to introduce electronic signature, which is a key feature for e-procurement, e-governance, e-commerce and other digital activities, said officials in Dhaka yesterday.
“Electronic signature is ready for introduction and it will ensure the total security of electronic information,” Controller of the Certifying Authorities Mohamed Zahangir Alam said.
He said the electronic signature would uplift the image of country’s ICT sector across the world.
After the introduction of electronic signature, e-procurement, e-commerce, e-transaction, online income-tax return, online application for any kind of services and digital communication between government offices and NGOs will be facilitated, said Bangladesh Computer Council (BCC) assistant programmer Hasan-Uj-Jaman.
He said, it will also ensure Secure Socket Layer (SSL) based security to different kinds of servers such as web and mail and help to introduce paperless office and e-filing, and signing to electronic document and e-mail.