Microsoft SQL Server 2016 on Linux

One of the most exciting updates in SQL Server 2016 is the ability to run it on Linux! Currently working on some designs which incorporate SQL Server 2016 AlwaysOn Availability groups and had to ask; does it work on Linux? Well, there’s a Channel9 video for that. The host briefly mentions AlwaysOn Availability Groups, and demos the creation of a SQL Server failover cluster instance, and the use of SQL Server TDE (Transparent Database Encryption). Simples.

Subversion, Trac, Apache & mod_dav_svn

I had looked at this a while ago but gave up thinking it was too hard, too time consuming. It still is.

To begin with, Subversion, or SVN, is a version control system, typical used by programmers and the like. I have previously used it professionally, and came to the conclusion that I needed to start documenting a website I look after and make changes to pretty often. Continue reading “Subversion, Trac, Apache & mod_dav_svn”

My iptables “base” ruleset

I’m not 100% sure if this is correct in a security sense, but thought I’d post this. For my web/database servers, it’s a pretty basic setup really. Drop all inbound packets not specifically allowed, and allow all outbound unless specifically denied.

Open for comment / feedback. It’s for all intensive purposes, pretty secure in my opinion. The only thing making it more secure would be dropping all outbound packets and specifically allowing traffic outbound, which might be the next thing I will work on. Continue reading “My iptables “base” ruleset”

TODO: Webmin Virtual Host Configuration

I’m using Webmin for “basic” administration of a few webservers I run. Admittedly, most of the configuration I do with Webmin is simple zone file edits and editing virtual host directives, by editing the configuration files directly, using the web interface merely as a text editor.

It seems that wherever I go, outgoing SSH is blocked, so simple tasks like logging on to restart Apache or MySQL is just plain impossible. Webmin poses an additional problem. By default (of course I haven’t changed this), Webmin uses port 10000 for it’s HTTP server – which doesn’t use Apache, and is also blocked. Setting the port to 80, therefore, would stop Webmin or Apache from running (because whichever process starts first will take precedence).

So, my to-do is to run up an additional virtual host on the servers, or maybe just a sub directory, which will point back to Webmin, on port 80, so I can access this from work etc. Either or, Webmin has a pretty basic and to the point guide here.

I should really also setup an SSL certificate… Hmmm.

Windows Event Logs to Syslog – Update

I came across this site earlier, seems to have a good amount of resources linked for anyone looking to implement Windows event log to syslog.

http://www.loganalysis.org/windows-to-syslog/

There’s not much in terms of documentation, but it lists a number of tools which may help people in implementing this. Good luck!

EDIT: Seems in linking to this, I’ve bumped my original blog post relating to Windows/Syslog down the ranks of Google… Bummer!

HTTP Referrer Spam

My web stats for one of my larger websites is full of referrers which look to be spam… Today’s brief stats below shows the highest referral counts coming from a page titled “how to open an offshore company”… Cause I need to know how to do that…

Quick search:

Totally on my to-do list now, to implement mod_access_rbl for my Apache install. Idea is to point it some of the general spam related blacklists, as in theory, these would be perfect examples of IP’s purporting to create this nuisance traffic.

Links supply details. Watch this space.

Windows 2003 / 2008 event logging to Syslog

I stumbled on a seemingly unique requirement this week to log file access for a Windows network share. Of importance, was the logging of object deletions, and writes. For most Windows admins, this probably sounds like a simple task of setting up group policies or local security policies to audit object access, and the required auditing policies on the objects requiring this level of logging.

Okay, so you’ve setup your auditing, and it’s been logging for yay long. An SMB (say 50 users) I set this up for, managed to generate 1GB of logs in 24 hours, purely from setting object Write and Delete auditing on a network share. This leads to the reason for this article.

1GB of logs is a hell of a lot of data, and we all know the Windows Event Viewer is hardly capable of searching these logs quickly and easily. Furthermore, your security log is going to fill up really quick, and, depending on your policy, events will be over written, or the security log will be full, resulting in non-admin users effectively being locked out of their systems.

Further again, one month down the track, you are faced with the inability to trace who deleted that important management report…

I suspect there are probably numerous commercial packages available for analysis of event logs, and effective archiving of event logs. However, for the Windows admin with limited budget, and time constraints, we’re going to discuss my preferred method, using Syslog to centrally log events.

Syslog is a daemon which runs on Linux and UNIX machines. It is essentially the Windows equivalent of the Event Log service. Under CentOS5 (and most derivatives of Red Hat I would suspect), these logs are stored in `/var/log/`. These logs are archived, or ‘rotated’, by a Cron scheduled task which runs `logrotate`. Syslog also has the ability to receive log messages from other hosts, making it extremely nifty for centralisation of log data, and even more so, the ability to analyse the data contained within.

Continue reading “Windows 2003 / 2008 event logging to Syslog”