Apr 29, 2010

How To Force SSL Using PHP

I mentioned a few days ago using osTicket, we have been using it for a while. We also have to make it public facing so our customers can use it, and so we can use it from outside of the office. The problem is that since we are using our AD credentials to login there is a major security concern since by default, osTicket is not encrypted. We opted to use SSL encryption on our ticket system.

No big deal right? Well, we also want to make it so users don’t have to remember to type in the httpS part in the address. We want them to be able to type support.companydomain.com and have it automagically go to our ticket system. Likewise, on the admin page we want to make it so that when you go to support.companydomain.com/admin it automagically gets SSL encryption too. One way to do it is to drop an index.html file in with a redirect, that works ok too, but what if you want to ensure that if the S in httpS is removed, users still get forced to use SSL without any errors? Well in this case I used a little PHP magic.

I created a file called encrypt.php with the following code:

<?
function secure_page()
{
if ( !isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) !== 'on' )
{
header ('Location:
https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit();
}
}
secure_page();
?>

php On any pages where I wanted to ensure SSL, I added the following line:

require('encrypt.php');

Similarly, in our old ticket system (Which we are upgrading today now that Ubuntu 10.04 is out!) we added a custom reCaptcha on the ticket request page. Since we weren't hosting the reCaptcha ourselves we couldn’t encrypt it with our SSL cert, and users would get prompted if they wanted to display the unsecure items. That confused people, so we wanted to make sure that page was not encrypted with SSL.

To do that, we did the same as above except this time we created a file called decrypt.php with the following code:

<?
function unsecure_page()
{
if ( isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) == 'on' )
{
header ('Location:
http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit();
}
}
unsecure_page();
?>

And once again on that page we added the following line:

require('decrypt.php');

Done, now on all the pages we want to be encrypted, it is encrypted, and on the pages we don’t want to encrypt it isn’t. Luckily in the new version of osTicket captcha is built in, so I can encrypt all pages without issue.

In both cases, since we wrote those files we can include them on any page we want, including on our phpMyAdmin page! Boom!

Do you use this method to force SSL on your LAMP servers? If not, what do you do? Let us know in the comments.

Technorati Tags: ,,,,,

Apr 28, 2010

Put ASCII Art in Your MOTD

I once wrote about this for AskTheAdmin, and thought that perhaps I should write a little something about it here too. Mainly because I recently did this at work when I setup a new osTicket system running on Ubuntu 10.04 server.

You see, when you have to do work on Linux servers all day, after a while the geekiness of the terminal can get to you, so you have to do something to liven things up a bit. What do I do? I add a little ASCII art to my MOTD. For those that don’t speak geek, MOTD stands for “Message of The Day” and it is the first thing you see when you log into a Linux/Unix server. Admins can put important messages like maintenance windows, downtime, etc. I like to put silly pictures.

Here is an example of my work:

ASCIINice right? You can get plenty of ASCII images just by doing a quick Google search. I got the one above from Ascii-Art.de. To add the art to your server all you have to do is edit the /etc/motd.tail file with your favorite text editor.

>sudo nano /etc/motd.tail

Just copy and paste your art in and save it. On your next reboot your ASCII awesomeness will be there to greet you when you login!

What do you like to do to make your Linux systems unique? Let us know in the comments!

Apr 27, 2010

How To Make osTicket 1.6.0 Authenticate with Active Directory

Back in September of last year I wrote up an article on how to get osTicket to authenticate with Active Directory. That article was based on version 1.6 RC5. It actually worked very well for my company. Users could simply login to the staff panel with their domain\username credentials.

Well, we started getting weird database errors recently, so I thought it might be good to move away from the RC5 version, and move to the final release. Well, if you read the comments at the bottom of my previous article you will know that my customizations didn’t carry over to the final release. That is ok though, because I found an even better and easier way to get osTicket to authenticate with AD. I got it working in about 2 minutes in Ubuntu Server 10.04.

First you will need one little perquisite package, php5-ldap. Just run the following:

>sudo apt-get install php5-ldap

Next you will want to manually create a user with a username that matches active directory. For instance is your AD username is jsmith create a user in osTicket called jsmith and give it a temporary password of 123456 (Doesn't matter because osTicket will look to AD right?)

Once that is installed, edit include/class.staff.php:

>sudo nano include/class.staff.php

Replace the following code:

/*compares user password*/
function check_passwd($password){
return (strlen($this->passwd) && strcmp($this->passwd, MD5($password))==0)?(TRUE):(FALSE);
}

With:osticket

/*compares user password*/
function check_passwd($password){
// Change made for LDAP Auth based on -> http://osticket.com/forums/showthread.php?t=3312
// Change this line to the FQDN of your domain controller
$ds=ldap_connect('mydc.mydomain.local') or die("Couldn't connect to AD!");
// Change this line to the name of your Active Directory domain
if ($ds) {
$domain="mydomain";
$ldapbind = ldap_bind($ds);
if (!@ldap_bind( $ds, $domain."\\".$this->username, $password) ) {
// Auth failed! lets try at osTicket database
return (strlen($this->passwd) && strcmp($this->passwd, MD5($password))==0)?(TRUE):(FALSE);
// return(FALSE);
}
else{
// Auth succeeded!
return(TRUE);
}
// End Changes
}

}

After you do that change the items in red to match your environment then restart Apache:

>sudo /etc/init.d/apache2 restart

Bam! You now have Microsoft Active Directory authentication, and you don’t have to specify a domain name at login either!

If you are looking for additional functionality, check out the osTicket Forums, there are a lot of cool customizations I am sure you will find useful!

Apr 22, 2010

Clean LUN Space for VMWare

For the last few days I have been battling disk space issues on the SAN we use for VMWare. A number of the problems were caused because of old snapshots that were not cleaned up, and began taking up all the drive space on the LUN. If a VM takes up all the remaining disk space, that is bad news because it could cause all of the VM’s on that LUN to crash.

Among the many things I did for drive space, one of them involves optimizing free space on virtual disk drives. This is good for VM’s with thin provisioned disks. If you don’t know what that is, basically you give a virtual hard drive to a machine, and tell it the drive is 20 GB for instance. When VMWare writes the vmdk file it doesn’t create a 20GB file. It creates a file big enough for the VM to use, and gets bigger as needed until it hits the 20GB limit. This way you can host more “large disk” servers on less physical space. It can be dangerous though because one of those virtual disks might actually grow to capacity and ruin it for the rest of your VM’s. Another problem with thin provisioning is that when the OS uses the space, and then later deletes files, the vmdk doesn’t automatically shrink with it.

There are a couple of things you can do though. If you open VMWare tools, there is a shrink tab. From there you can shrink the free space of the drive. However if you get the message below, it is bad news:

vmware shrink

Shrink disk is disable for this virtual machine. Shrinking is disabled for virtual disks not used in persistent mode and other factors. For more information, see the documentation for your VMWare product.

Well that is no fun at all! It turns out there is a tool that I mentioned once back in episode 18 where I showed you how to wipe a hard drive remotely using email that can help you out in this instance. One of the tools I mentioned was SDELETE by the now Microsoft owned Sysinternals. If you run SDELETE with the –c switch it will zero out your free space, and thus shrink the size of your vmdk! You have to run this within the offending VM.

sdelete -c

Know of any other cool tips to optimize LUN space for VMWare? Let us know in the comments!

Apr 20, 2010

Google Fighting “The Man”

I stumbled across this today, and just had to share it with you. Google, the Internet giant whose motto is, “Don’t be evil” is fighting the good fight against “the man” by posting to the public the number of requests Google and Youtube receives from Government agencies to remove content from their services, or to provide information about users. They are doing this with their new Government Requests Tool. The tool according to Wired, “…shows the public how often individual governments around the world have asked for user information, and how often they’ve asked Google to remove content from their sites or search index, for reasons other than copyright violation.”

David Drummond, head honcho of Corporate Development and CLO for Google announced the tool in a blog post earlier today. From Drummond’s article":

We are today launching a new Government Requests tool to give people information about the requests for user data or content removal we receive from government agencies around the world. For this launch, we are using data from July-December, 2009, and we plan to update the data in 6-month increments. Read this post to learn more about our principles surrounding free expression and controversial content on the web.

We already try to be as transparent as legally possible with respect to requests. Whenever we can, we notify users about requests that may affect them personally. If we remove content in search results, we display a message to users. The numbers we are sharing today take this transparency a step further and reflect the total number of requests we have received broken down by jurisdiction. We are also sharing the number of these content removal requests that we do not comply with, and while we cannot yet provide more detail about our compliance with user data requests in a useful way, we intend to do so in the future.

As part of our commitment to the
Global Network Initiative, we have already agreed to principles and practices that govern privacy and free expression. In the spirit of these principles, we hope this tool will shine some light on the scale and scope of government requests for censorship and data around the globe. We also hope that this is just the first step toward increased transparency about these actions across the technology and communications industries.

Here is a screen shot from their tool:

google government requests tool
According to the screenshot, The United States is second for the most data requests with 3,580 right behind Brazil. Brazil is also the number one for removal requests with 291. These numbers are the numbers received between July 1, 2009 and December 31, 2009.  Sounds like, with the exception of the Brazilian wax, their really is no good reason to go to Brazil. Their government is t3h $ux!.

What do you think about this? Do you think this move by Google will do any good in the fight against Government censorship? I want to know how you feel in the comments.

Apr 19, 2010

Installing Exchange 2007? Streamline the perquisites via command line

I am frankly getting a little sick of Exchange. Since starting to work at my current company I have managed Exchange 2003, 2007 and 2010. I have performed upgrades from 2003 to 2007 as well as upgrades from 2007 to 2010. I have had my fill of Exchange!

Well, last week our development team asked me to setup an Exchange 2007 server in their dev environment. Awesome! Another Exchange server I get to setup. Well, I have learned a few things along the way, like how to streamline my perquisite installs by using command line. Seriously, once you have the commands needed, you can write your own batch files to bang out an Exchange install in no time.

Here are the commands you need:

exchange 2007 logo Active Directory Domain Services:

ServerManagerCmd -i RSAT-ADDS

PowerShell:

ServerManagerCmd -i PowerShell

IIS

ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-ISAPI-Ext
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Digest-Auth
ServerManagerCmd -i Web-Windows-Auth
ServerManagerCmd -i Web-Dyn-Compression

RPC over HTTPS (Outlook Anywhere)

ServerManagerCmd -i RPC-over-HTTP-proxy

Know of any other tips or tricks for a quick deployment of Exchange? Hit us up in the comments!

Apr 16, 2010

Ultimate Collection of Linux and Unix Cheat Sheets!

I received this tip from my former college instructor and colleague from Coleman University, Thomas Nicholson who is a Network Security master! This will make you really happy if you are like me, and like to split your time in the Windows and ‘Nix worlds. I know quite a few Linux/Unix commands, and I can cd around the terminal with the best of them, but every now and again I can use some help. These are also good if you are not a Linux/Unix guy and have had a Linux server thrown in your lap to manage.

Well, a blogger by the name of Scott Klarr Jr. has apparently found a really sweet collection of Unix/Linux cheat sheets to help you grep your way to salvation! In fact, this collection has approximately 70 cheat sheets for you  to geek out with!

cheatsheets

With the Ubuntu 10.04 release just around the corner, these sheets might be just what you need to bone up on your Linux knowledge to get a jump start on your way to open source.

Apr 14, 2010

It’s That Time Again! Countdown To Ubuntu!

As of this posting, the latest release of Ubuntu will be available in 15 days! This is version 10.04 (Lucid Lynx) and brings with it a few changes. The first obvious change is that Ubuntu finally got rid of their s#!t brown color, and went with a more girly purple.

Never heard of Ubuntu? Here is a short explanation from the Ubuntu website:

Ubuntu is an operating system built by a worldwide team of expert developers. It contains all the applications you need: a web browser, office suite, media apps, instant messaging and much more.

Ubuntu is an open-source alternative to Windows and Office.

Well, if it isn’t out for 15 more days, then why am I writing about it? Well, it is not so much Ubuntu that I am trying to tell you about, it is the countdown! Every time a new release of Ubuntu comes out, you can put a countdown on your site to let everyone know and do your part to spread Ubuntu!

This time, they have four to choose from:

Ubuntu counter

As you can see on the right, I have already put up my counter to show my Ubuntu pride! If you have a blog, or a website, you can too! Just click on the picture above to get your code!

Technorati Tags: ,,,,

Apr 13, 2010

Use a Real Guitar To Play Guitar Hero!

I am not very musically inclined. In fact, my mom put me in guitar lessons when I was younger. I stuck with it for a few months, but then decided that I could play tapes and CD’s easier than i could play an actual guitar.

Want to know another thing I am not very inclined to do? Play video games! I am probably the worst video game player in the world, which would explain why I rarely play video games. I know, however, that many of you like to play games quite a bit. In fact, Bauer-Power’s very own FreedomChicken is quite the anti-social gamer type. I suppose this post is for him then.

Actually, this post is for nerdy gamers that also like to play REAL guitar! There is a group called OpenChord.org that makes an open source mod for your guitar that will let you play Guitar Hero, Rock Band and the Open Source alternative Frets on Fire with an actual mutha-flippin’ guitar!

Check out this video from their site:

How many of you out there or going to try this? Anyone out there doing this yet? Hit me up in the comments!

[Via Hak5]

Apr 9, 2010

Will The iPad Blend?

Saw this on Gizmodo the other day, and I had to share it with you guys. Mainly because I am not a big Apple fan. I am not saying that Apple doesn’t make great products. They do. I just don’t like how friggin’ proprietary they are. For instance, we tried setting up a new Wireless N network at my company using WPA2. Everything worked fine except Mac’s which only support WPA2 if you are also using an Apple access point. Lame sauce!

That being said though, If someone were to give me an iPad for a review or whatever, I don’t think I can bring myself to decline it. A colleague of mine went out last Saturday and bought one at the local Best Buy. In fact, here is a picture of Bauer-Power on it:

ipad

Enough about all that though, and back to why you are here…. Watching the senseless destruction of an iPad! Here you go!

 
How many of you out there cringed? How many of you out there cheered? How many of you out there wanted to take the powder left over and snort it? Let me know in the comments!
 
Technorati Tags: ,

Apr 8, 2010

Don’t waste money on Blackberry… Get it FREE!

I have recently been talking a lot about Exchange 2010, and how I am the process of upgrading my company from Exchange 2007 to Exchange 2010. One of the only problems we ran into was with Blackberry. We were using Blackberry Professional Server 4.1.4 and it would not work with Exchange 2010. Our support was expiring, and we didn’t really want to pay to renew. However, we still had a few Blackberry users, so what were we to do?

Well, lucky for us Blackberry has released their Blackberry Enterprise Server Express for FREE! That is right! It is free baby! This version can run directly on top of Microsoft Exchange if you want and support up to 75 users. However, if you already have a dedicated server for BES like we do, you can support 2000+ users with it. Why the hell would you pay for their full version?

We installed it, and it is working magically with our new Exchange 2010 server without issue. Setup was easy, and administration is very similar to the full version of Blackberry Enterprise. Another cool thing is you or your users don’t need to fork over the additional cash for Enterprise data plans, any Internet enabled plans will work! Here is a list of advantages from the Blackberry Comparison chart:

  • BESx Works with any Internet enabled Blackberry data plan
  • Free software and CALs
  • Enables businesses to cost effectively expand the number of Blackberry smart phone users while maintaining security and control over both corporate liable and individual-liable users
  • Installs directly on the existing email server if you want

If your company has been spending money every year on licenses, and support this might be a good option to save a few extra bucks, and spend it in other needed areas of your infrastructure.

Besides me, are any of you guys using BESx yet? Like it? Dislike it? Afraid to move to it? Lets hear your take in the comments.

Apr 6, 2010

Sign the Declaration of Independence yourself

In a world where the past has met the future, or maybe it’s the future that met the past… Anyway in a world where stuff is meeting something, get prepared to take a travel in time. Back to a time where good men and women were looked down upon for being different and wanting to be free and independent from their evil overlords. Back when men’s teeth were made out of not just their own teeth but also other people’s teeth along with gold, lead and hippo tusks. You can now join this Independent movement by signing the Declaration of Independence yourself. That’s right the government actually did do something cool over at Archives.gov they have actually made a flash application that will let people put their name on there. Now don’t worry, this is not an evil plot by the government to get everyone’s IP addresses that actually want freedom and independence to hunt them down… at least I’m pretty sure it’s not…

I guess they’re loading the archive from 1995?

1995DILoad

Apparently your signature is in High Definition!

FCSigning

http://www.archives.gov/exhibits/charters/declaration_join_the_signers.html


Apr 5, 2010

How to add a new domain to all email addresses in Active Directory

So recently one of our System Administrators had been tasked with updating all of our users to a new domain that we bought. He then though, “How do I add a new domain to all email addresses in Active Directory using PowerShell?” This is when he though, who better to help me do some scripting but, [queue heroic music] ‘FreedomChicken’! The ever friendly developer who with his powers of Debugging and Google Searching can single handily defeat evil Bugs and Hang-ups in applications and scripts. Now with Freedom chicken on the job the two were able to defeat this evil foe in a quick and timely manner. The result of this victory will be as follows.

PowerShell Script:

get-mailbox %username% | foreach {

[string]$smtpaddress = Get-mailbox $_ | select primarysmtpaddress

$addressarray = $smtpaddress.split("@")

$addressarray1 = $addressarray[1].split("=")

[string]$newmail=$addressarray1[1]+="@NEWDOMAIN.com"

$_.EmailAddresses+=$newmail

$_

} |Set-Mailbox


Apr 2, 2010

Setting up Pivotal 6 on SharePoint 2007 Standard

According to Pivotal, setting up Pivotal 6 on SharePoint 2007 Standard should work out of the box. Well I guess if by out of the box you mean having to go into your SharePoint server and run a script and edit some XML files. Then yes out of the box. Well we are currently working on setting up our new Pivtoal 6 environment so we can FINALLY get rid of IE6!!! That will be one of the best days of my life when we can finally get rid of that virus magnet they call a browser. But that’s besides the point. This post is a quick how-to fix an issue when you’re attempting to create a new pivotal site in SharePoint 2007.

If you are running into this error when attempting to create a new Pivotal Site collection on SharePoint:

Feature '2510d73f-7109-4ccc-8a1c-314894deeb3a' is not installed in this farm, and can not be added to this scope.

The fix is as follows:

1. To register the ReportListTemplate feature on the SharePoint server. Runn the following in the command prompt

pushd %programfiles%\common files\microsoft shared\web server extensions\12\bin

stsadm -o installfeature -filename ReportListTemplate\feature.xml -force
stsadm -o activatefeature -filename ReportListTemplate\feature.xml -url TheURLofYourAdminSite

pause


2. Comment out the following lines from the onet.xml files

<!--<Feature ID="D250636F-0A26-4019-8425-A5232D592C09" />
<Feature ID="00BFEA71-DBD7-4F72-B8CB-DA7AC0440130" />
<Feature ID="065C78BE-5231-477e-A972-14177CC5B3C7" />—>

Which can be located at the following two locations:
“C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\SiteTemplates\PivotalSmartClientPortalBlankSite2\xml\”

and

“C:\Program Files\Common Files\Microsoft Shared\web server extensions\12"\TEMPLATE\SiteTemplates\PivotalSmartClientPortalTeamSite2\xml”


This way now the Pivotal sites will not try to load features that are not installed in the standard version.

By FreedomChicken

Apr 1, 2010

Episode 20 – How To Flash Palm Pre With Google Android

You knew it was bound to happen right? I mean WebOS is cool and all, but with all the latest news about Palm’s possible demise you knew it was only a matter of time before someone tried to go out and put a more stable OS on their Palm Pre. Not to say that WebOS isn’t stable, but if Palm goes under, then who is going to support it right? Android however, doesn’t appear to be going away any time soon.

April is here, and thus is another episode of video Bauer-Power! In this episode I show you how to install Google Android on your Palm Pre. I only did this on the Sprint version, but I assume you can do this on the Verizon Palm Pre plus as well. You will need a couple of things though:

So what do you think? Are you going to try it out? I want to know your feelings on my Android flashing process in the comments.

Technorati Tags: ,,,,



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam