Saturday, February 28, 2009

Naigos Checker: Firefox Add-on (A must have for Firefox + Nagios users)

I was just checking Astiostech's climate monitoring device and tried googling a couple of tools where i don't need to sign into my Nagios server page everytime. I then bumped into this tool for Firefox called NagiosChecker. The plugin works with FF 1.5 and up. By far, one of the most useful one, for those using Nagios as their monitoring solution.

The plugin can be found here: https://addons.mozilla.org/en-US/firefox/addon/3607

Here's how to configure:
Configuration is really a no brainer. The software supports http and https as well. Once installed, restart your browser and you shall see the "N" symbol on your browser's bottom right. Click on it to start configuring.




Click on add new:


  1. Enter a name
  2. Enter the URL of your nagios main website (normally like http://www.server.com/nagios or http://10.10.1.1/nagios). Use HTTPS where possible.
  3. If you have nagios V1 check that box that say "Nagios Version Older than 2.0"
  4. The status.cgi file location. Use the convention http://yourserver\nagios/cgi-bin/status.cgi where you should replace yourserver to the appropriate name or IP. Use https where possible. NOTE:, Set URL manually took too long so i decided to enter it manually. Therefore, you need to check that box if you wish to enter the status.cgi location.
  5. Click OK and see Nagios alerts immediately. Of course, if there's no issues, nothing will be displayed.
On Astiostech's test Nagios server, we simulated a couple of issues to show you how it look like.

To see details, click on the warning and critical summaries on the browser's bottom right side. It will list out all the issues. If you wish to see a specific issue and it's information, click within the warnings or critical alerts and it will bring you to your Nagios server's service status page of that service you clicked.

We love this tool and we will recommend our clients to use it if they use Firefox. Of course, if you have an SMS gateway, you don't need this ya ;)

Cheers
Sanjay

Monday, February 23, 2009

Windows Live Messenger: Upgrade or die! - Ripped off freedom?

I tried signing on to MSN after a long while keeping this bloated crapware inside hibernation. I normally use Pidgin, an open source all-in-one messenger software which is super fast by the way.

Not only this piece of bloatware take ages to download and install, when it runs it takes up 40-50MB of memory almost beating the also very bloated Adobe Photoshop's 70M fresh startup memory use.

This is pretty much the message that Microsoft tells it's Windows Live Messenger users. Upgrade or can't use this anymore. This is very very scarry, imagine what else they can do. It's quite sad how they've come to this..I feel bad for the true products of quality such as Exchange, ISA server and Notepad.exe which by the way are the finest of their types :), tarnished by such threat and intimidation from an insignificant-ware.

If there was an important update, let people know, advice them and encourage them and run a popup every 3 minutes if needed. But not this! This is tearing us of our freedom to choose and decide. Its a felon!.

Fffff of Live Messenger, i'm sticking to Pidgin (www.pigdin.im) you will neva' look back..

Oh by the way, the new "upgrade" is approximately 134MB...yes that's right, they install a truckload of more garbage onto our PCs!

Saturday, February 14, 2009

Malaysian Asterisk User Group (MAUG)

Finally! We have an Asterisk User Group in Malaysia. Sign up LAH..! Maug - http://www.maug.com.my

Happy Valentine's and good weekend.

Friday, February 13, 2009

Simple TCP UDP Continous Monitoring/Logging


Hi, was in a clients today and was thinking of a way to quickly do a port "ping" every once in a while to poll data into a simple log file. So i came up with a quick and dirty way. You need the following tools to make an easy to use network udp/tcp port probe and easy logging on any Windows machine:

Tools:
  • Nmap (woot!) worlds best port scanner, hands down - http://nmap.org/dist/nmap-4.76-setup.exe
  • System scheduler - Free scheduling for Windows (didn't like the AT or scheduler from Windows) - http://www.splinterware.com/download/wincron.zip
  • Create a CMD/BAT batch file - this file will be executed by the System Scheduler application to run every X time.

Install items 1 and 2.

Scenario - I want to monitor my Asterisk SIP server (or port) and IAX server  (or port). I want to poll text output based on the date every minute (its better to use date as the log file can be quite grusomely big). So at every new date, it will create a new file.

Game plan:
Use nmap to poll a particular IP and port using a script. Repeat that line for each other port you want to monitor. This case i am monitoring UDP ports 5060 which is SIP and 4569 which is IAX. Use System Scheduler to run this batch file every minute. There simple no?

As for the creation of "log" files, we will tweak a little the date variables to form to human understandable format before declaring the variable inside the batch file.

NMAP:
You should first know what NMap can do and its switches. I suggest run the ZenMAP (Nmap gui) and select the options there. The command line of the actual Nmap action will also be displayed. 

I would suggest to create a new profile for scanning, but simply, to scan for a particular TCP/UDP port execute this command at the command prompt (and also to test a little)

nmap -p 5060 -sU 192.168.1.32

The above command, you can change the value 5060 to your desired UDP port, if you want to scan a TCP port, enter the switch -sT (which does a TCP connect method scan) and quite literally, -sU denotes a standard UDP scan. Then enter your own IP address of course :).

Append the NMAP output to text file corresponding a date:
Now comes the fun bit. Lets output the result of that scan into a text and keep that text growing and name that text based on the date.

nmap -p 5060 -sU 192.168.1.32 >> %yymmdd%_nmap.txt

The above command send the output to a file that could be called 090212_nmap.txt and the next file after midnight called 090213_nmap.txt. The >> means to append to the file and not create a new one. You can just use one > but then you will have multiple files each time this thing runs.

The date variable:
Now, obviously the variable %yymmdd% is not a system default, so we need to make our own variables and here's how (add the following above your batch file to be executed each time the batch file runs)

set yymmdd=%date:~12,2%%date:~4,2%%date:~7,2%

The above variables takes the system date (%date) and converts it to a regular date format as seen above in the file name.

And the whole scipt would look like this:
@echo off
set yymmdd=%date:~12,2%%date:~4,2%%date:~7,2%
nmap -p 5060 -sU 192.168.1.32 >> %yymmdd%_nmap.txt
nmap -p 4569 -sU 192.168.1.32 >> %yymmdd%_nmap.txt
ECHO ------------------------------------------------------------------------------------------ >> %yymmdd%_nmap.txt

The line at the bottom (------) is to simply separate from one output to the other (pretification).

So there you go, now just copy the above script part (in smaller text), open notepad.exe, paste those exact lines in notepad and save the file like nmap_voip_ports.cmd (you can use CMD or BAT extensions, CMD runs faster..) 

Now use System Scheduler to run the nmap_voip_ports.cmd  every which ever polling interval you like. In my example, i do it in 1 minute. (Sorry please google how to use System Scheduler)

Here's some output examples from the file auto generated called 090212_nmap.txt. As you can see, the ports 5060 and 4569 UDPs are respective alive! Yay.

Enjoy.



Starting Nmap 4.76 ( http://nmap.org ) at 2009-02-12 23:40 Malay Peninsula Standard Time
Interesting ports on 192.168.1.32:
PORT     STATE         SERVICE
5060/udp open|filtered sip
MAC Address: 00:15:17:92:XX:XX (Intel Corporate)

Nmap done: 1 IP address (1 host up) scanned in 1.20 seconds

Starting Nmap 4.76 ( http://nmap.org ) at 2009-02-12 23:40 Malay Peninsula Standard Time
Interesting ports on 192.168.1.32:
PORT     STATE         SERVICE
4569/udp open|filtered unknown
MAC Address: 00:15:17:92:XX:XX (Intel Corporate)

Nmap done: 1 IP address (1 host up) scanned in 1.27 seconds
------------------------------------------------------------------------------------------ 

Starting Nmap 4.76 ( http://nmap.org ) at 2009-02-12 23:41 Malay Peninsula Standard Time
Interesting ports on 192.168.1.32:
PORT     STATE         SERVICE
5060/udp open|filtered sip
MAC Address: 00:15:17:92:XX:XX (Intel Corporate)

Nmap done: 1 IP address (1 host up) scanned in 1.38 seconds

Starting Nmap 4.76 ( http://nmap.org ) at 2009-02-12 23:41 Malay Peninsula Standard Time
Interesting ports on 192.168.1.32:
PORT     STATE         SERVICE
4569/udp open|filtered unknown
MAC Address: 00:15:17:92:XX:XX (Intel Corporate)

Friday, February 6, 2009

Chrome Incognito doesnt work with Facebook (And perhaps other sites too)

Hi just to let you guys know, when testing InCognito mode on Chrome, certain sites don't work, these are some popular sites like facebook, hotmail and probably others as well. This is possibly because Incognito mode doesn't allow browser/computer information be taken off the brower to the server and therefore causing the website code unable to identify the type of browser that you are using normally used for compatibility checks. 


Google Calendar's also breaks but Gmail works...

The problem doesn't appear to be in IE's InPrivate though. So lets get down on what these browsers present to webservers in different modes like normal vs secure mode of browsing. This will give you an idea why sites like Facebook kicks out some modes and allow others..

Chrome without InCognito
Browser (User Agent):
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.46 Safari/525.19

Chrome when in Incognito mode
Browser (User-Agent): 

IE without InPrivate mode
Browser (User-Agent): 
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; InfoPath.2; FDM; .NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)

IE when InPrivate mode:
Browser (User-Agent):  
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; InfoPath.2; FDM; .NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0) 

So, there you have it, that's why those sites bitch about your Chrome in InCognito mode, whereas IE's InPrivate mode tells the server everything about you in InPrivate, sigh, something that Microsoft should seriously rethink. Afterall, its call INPRIVATE right..

Happy weekend.
Sanjay

Thursday, February 5, 2009

Windows 7 Bypass "UAC"


I read a recent online article that UAC can be switched off without user intervention in W7. I was curious to test it out. So i powered up my good ol' VM running W7 and tested the script. Firstly i logged on as a "normal" user, the script "died" goes about all its steps, but at the point of changing the UAC, it fails, simply because you need to be admin to do that. So, lets try with admin..

True enough, the script kinda worked. And UAC was disabled after the restart. Ok, you may be thinking this is crazy and there goes Windows 7 security! Hang on, its not so much the case. Why?
  • You must be logged on as an Administrator group member to make this work
  • Windows tells you that UAC has been turned off (if you know you didn't do this, you can easily go turn it back on)
  • The script must be executed by someone or something, meaning, a intervention is required, not automation.
  • You can turn on UAC to notify you of changes, therefore, apps like this won't run.
  • So the conclusion is, its not much of a threat. It's like asking a user to run formatmypcvirus.exe and the user runs it, of course la..they will be compromised.
Perhaps Microsoft could make it a little more difficult to change UAC by enabling UAC before UAC can be modified. According to Microsoft, this is not a bug and the case is closed..hmm..

Microsoft's predicament:
The change we made in Windows 7 default UAC settings is that any operation that is necessary to manage windows will not require an elevation - which in technical terms translates into a white list of trusted action / binaries which the user can make perform without UAC prompting from an elevation. This list does include windows file operations

Source script: Rafael Rivera http://www.withinwindows.com/

Tuesday, February 3, 2009

Launching InPrivate/Incognito ala CLI and InPrivate testing of its claims ;)

This is a by the way article since i've got nothing better to do sitting at a client after a network migration.

Alright, a little history, Internet Explorer 8/Chrome comes with a feat called InPrivate/Incognito browsing. InPrivate and Incognito, as the name implies ensure whatever you do in that browsing session is not cached, remembered or anything likewise. This is extremely cool especially if you use internet banking and other sites you wish not to place "traces" of including porn and warez sites (haha). 

If you are like me, you launch certain websites through an icon on the desktop and would like to use InPrivate automatically, launch the shortcut like this:

Internet Explorer:
iexplore.exe  -private http://www.maybank2u.com


Google Chrome:
chrome.exe --incognito "http://www.maybank2u.com"

In the case above, i am opening http://www.maybank2u.com InPrivate.

Testing IE 8's InPrivate function and the results
What i did:
  1. I cleared all and whatever cache i had (including index.dat - fresh index.dat)
  2. Cleared all passwords, caches in temp internet folders etc..
  3. Cleared anything else there may be using Advance System Care-see below screenie  (http://www.iobit.com/), 

Ok, here's what i wanted to see/find:
  1. Does InPrivate create any files during and when the browser is shutdown
  2. Does InPrivate write indexes to index.dat
  3. Does it create any phantom caches anywhere else.
Tools i use:
  1. Process Explorer (procmon)
  2. File Monitor (filemon)
  3. Advance SystemCare by IoBit
  4. Index.dat suite 
  5. Check cookies/histories
The test:
  1. Launched www.astalavista.com
  2. Checked tools (while they were running)
  3. Checked against the tools
The results: (After closing the browser)
  1. No history found!
  2. No cookies!
  3. No temp files!
  4.  Index.dat cached everything else that i did previously, inspite running cleanups..sheeezee (hmm) but didn't cache stuff when i used InPrivate
So, i am convinced, InPrivate lives to its promise. Hah!..cool. Next up, checks on Chrome's InPrivate.

Cheers!