CACTI

About Cacti

Cacti is a PHP/MySQL front end to rrdtool. It handles the storage of all the information required to create and populate rrdtool graphs. Along with being able to maintain Graphs, Data Sources, and RoundRobin Archives in a DataBase, Cacti handles the data gathering also. There is also SNMP support for those used to creating traffic graphs with MRTG.
You can use Cacti to gather any sort of data, or fetch information from SNMP capable hosts.

To manually handle data gathering, you can feed Cacti the Command Line for any external script/command along with any data that the user will need to fill in (IP addresses etc). Cacti will then gather this data in a cron job and populate a MySQL database/the RoundRobin Archives.
Data Sources can also be created, which correspond to actual data on the graph. For instance, if a user wants to graph the ping times to a host, they could create a data source, choosing a script that pings a host and returns its value in milliseconds. After defining options for rrdtool such as how to store the data you will be able to define any additional information that the data input source requires, such as a host to ping in this case. Once a data source is created, it is automatically maintained at 5 minute intervals.
For people who are used to creating traffic graphs in MRTG, this process has become much simpler in Cacti. An SNMP interface allows you to enter SNMP capable hosts and Cacti will display that hosts interfaces, all of which can be graphed with once click from that point.
Once one or more data sources are defined, an rrdtool graph can be created using the data. Cacti allows you to create almost any imaginable rrdtool graph using all of the standard rrdtool graph types and consolidation functions. A color selection area and automatic text padding function also aid in the creation of graphs to make the process easier.
Cacti has a user management system so you can allocate people various levels of access to the program and their own settings.

Continue reading…

KERBEROS The Windows Authentication Protocol

The Internet is an insecure place. Many of the protocols used in the Internet do not provide any security. Tools to sniff passwords off of the network are in common use by malicious hackers. Thus, applications which send an unencrypted password over the network are extremely vulnerable. Worse yet, other client/server applications rely on the client program to be honest about the identity of the user who is using it. Other applications rely on the client to restrict its activities to those which it is allowed to do, with no other enforcement by the server.

Some sites attempt to use firewalls to solve their network security problems. Unfortunately, firewalls assume that the bad guys are on the outside, which is often a very bad assumption. Most of the really damaging incidents of computer crime are carried out by insiders. Firewalls also have a significant disadvantage in that they restrict how your users can use the Internet. (After all, firewalls are simply a less extreme example of the dictum that there is nothing more secure then a computer which is not connected to the network and powered off!) In many places, these restrictions are simply unrealistic and unacceptable. Continue reading…

SE Linux

SELINUX (Security-Enhanced Linux)

SELinux History

SELinux was originally a development project from the National Security Agency (NSA), Secure Computing corporation (SCC) and others. It is an implementation of SCC and others. It is an implementation of Flask Operating System security architecture. As a step in its evolution, SELinux was integrated into Linux kernel using the Linux Security Modules (LSM) framework. SELinux motivated the creation of LSM, at the suggestion of Linus Torvalds, who wanted a modular approach to security instead of just accepting SELinux into kernel. SELinux in now a standard component of RHEL and non-commercial distros like Fedora, Debian GNU/Linux, Gentoo Linux etc.

Introduction

In the world of Linux, SELinux is the new buzzword. Most OS use access controls to limit the access a user/process has on other parts of the system such as files, devices, sockets, ports and other processes (called objects in SELinux). The two main types are

Continue reading…

Simple Network Management Protocol(SNMP)

The Simple Network Management Protocol (SNMP) is an application layer protocol that facilitates the exchange of management information between network devices. It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite.Two versions of SNMP exist: SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). Both versions have a number of features in common, but SNMPv2 offers enhancements, such as additional protocol operations.

Components of SNMP

An SNMP-managed network consists of three key components: managed devices, agents, and network-management systems (NMSs). A managed device is a network node that contains an SNMP agent and that resides on a managed network. Managed devices collect and store management information and make this information available to NMSs using SNMP. Managed devices, sometimes called network elements, can be routers and access servers, switches and bridges, hubs, computer hosts, or printers. An agent is a network-management software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP.An NMS executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs must exist on any managed network.
Continue reading…