Efe's IT (el Jefe): 2009

Thursday, December 24, 2009

Endian - How to disable flash videos (.flv)

This is a topic which had been annoying me for sometime. As internet resources weren't enough, after all I had to find my own solution.

I have to remark that, not only for Flash video (.flv), this solution can be used for ALL file types which are not to be downloaded. Its quite helpful for stopping users downloading games, mp3s, etc directly from the internet.

Here is the general problem:

After Youtube, Flash Video based sites such as Metacafe, google.video, Dailymotion, Facebook etc started to haunt the internet and its backbones. Its not really a problem for home users, but, for companies with limited bandwith and resources, viewing of online flash videos reduces their connectivity resources drastically. Even with content filtering such as websense or dansguardian, everyday a new site opens up and you just cant keep up with users.

The solution is actually about how to do it instead of "is it possible?". Luckily the creators of Dansguarian (the source system in Endian, Smoothwall etc.), thought of the solution, but preferred to keep it disabled as default.

If you try to disable Flash video MIME, as the MIME standards are rather out of date, it generally disables all flash based activity in pages including .swf, related bank and other flash integrated web services which is a useless solution.

Here is the firm SOLUTION:

Flash videos are mostly .flv extensioned files which are embeded into the html or java code. There is no separate MIME type for Flash .flv files. But it has an extension called .flv.

Although it doesn't show directly on Endian interface, its underside software Dansguardian, fully supports ban of extensions via a ban list stated deep inside the linux file system. At this point I must warn that although Endian's filters are built on Dansguardian, their folders are in different locations.

Here is how:

For Dansguarian (Linux installations)

1. Open a telnet connection to your linux server with root access.

2. Goto /etc/dansguardian/

3. nano dansguardianf1.conf

4. Add the line bannedextensionlist = '/etc/dansguardian/profiles/1/bannedextensionlist'

5. Save the file and exit to prompt

6. Goto /etc/dansguardian/profiles/1/ and type nano bannedextensionlist to edit the file.

7. If the file doesn't exist, when you open it with above command, it will allow you to save it with the same name on exist.

8. As the file is disabled, there is probably no content inside it.

9. Simply add the line according to the file extension you want to ban such as below:

.flv # Flash Video

.exe # Executable Files

.mp3 # mp3 audio

.wma # wma audio

.asf # asf live audio

.ra # real player audio

10. Save and exit the file to prompt.

11. I strongly advise for you to reboot the linux system for the changes to take effect.

For Endian Systems:

1. Open a telnet connection to your linux server with root access.

2. Goto /etc/dansguardian/

3. Type nano dansguardianf1.conf

4. Add the line bannedextensionlist = '/etc/dansguardian/profiles/1/bannedextensionlist'

5. Save the file and exit to prompt

6. Although uptill now, the method is the same, Endian for some reason uses a banlist actually formed at /var/efw/dansguardian.

7. So open the file at location by typing nano /var/efw/dansguardian/bannedextensionlist

8. If the file doesn't exist, when you open it with above command, it will allow you to save it with the same name.

9. As the file is disabled, there is probably no content inside it.

10. Simply add the line according to the file extension you want to ban such as below:

.flv # Flash Video

.exe # Executable Files

.mp3 # mp3 audio

.wma # wma audio

.asf # asf live audio

.ra # real player audio

11. Save and exit the file to prompt.

12. I strongly advise for you to reboot the linux system for the changes to take effect.

How to disable access to USB Storage via GPO

By default, Group Policy does not offer a facility to easily disable drives containing removable media, such as USB ports, CD-ROM drives, Floppy Disk drives and high capacity LS-120 floppy drives. However, Group Policy can be extended to use customised settings by applying an ADM template. The ADM template in this article allows an Administrator to disable the respective drivers of these devices, ensuring that they cannot be used.
Open a notepad exe file and paste the below script code into it and rename it so USBSTOR.ADM:

Import this administrative template into Group Policy as a .adm file. See the link in the More Information section if you are unsure how to do this.

CLASS MACHINE
CATEGORY !!category
CATEGORY !!categoryname
POLICY !!policynameusb
   KEYNAME "SYSTEM\CurrentControlSet\Services\USBSTOR"
   EXPLAIN !!explaintextusb
     PART !!labeltextusb DROPDOWNLIST REQUIRED

       VALUENAME "Start"
       ITEMLIST
        NAME !!Disabled VALUE NUMERIC 3 DEFAULT
        NAME !!Enabled VALUE NUMERIC 4
       END ITEMLIST
     END PART
   END POLICY
POLICY !!policynamecd
   KEYNAME "SYSTEM\CurrentControlSet\Services\Cdrom"
   EXPLAIN !!explaintextcd
     PART !!labeltextcd DROPDOWNLIST REQUIRED

       VALUENAME "Start"
       ITEMLIST
        NAME !!Disabled VALUE NUMERIC 1 DEFAULT
        NAME !!Enabled VALUE NUMERIC 4
       END ITEMLIST
     END PART
   END POLICY
POLICY !!policynameflpy
   KEYNAME "SYSTEM\CurrentControlSet\Services\Flpydisk"
   EXPLAIN !!explaintextflpy
     PART !!labeltextflpy DROPDOWNLIST REQUIRED

       VALUENAME "Start"
       ITEMLIST
        NAME !!Disabled VALUE NUMERIC 3 DEFAULT
        NAME !!Enabled VALUE NUMERIC 4
       END ITEMLIST
     END PART
   END POLICY
POLICY !!policynamels120
   KEYNAME "SYSTEM\CurrentControlSet\Services\Sfloppy"
   EXPLAIN !!explaintextls120
     PART !!labeltextls120 DROPDOWNLIST REQUIRED

       VALUENAME "Start"
       ITEMLIST
        NAME !!Disabled VALUE NUMERIC 3 DEFAULT
        NAME !!Enabled VALUE NUMERIC 4
       END ITEMLIST
     END PART
   END POLICY
END CATEGORY
END CATEGORY

[strings]
category="Custom Policy Settings"
categoryname="Restrict Drives"
policynameusb="Disable USB"
policynamecd="Disable CD-ROM"
policynameflpy="Disable Floppy"
policynamels120="Disable High Capacity Floppy"
explaintextusb="Disables the computers USB ports by disabling the usbstor.sys driver"
explaintextcd="Disables the computers CD-ROM Drive by disabling the cdrom.sys driver"
explaintextflpy="Disables the computers Floppy Drive by disabling the flpydisk.sys driver"
explaintextls120="Disables the computers High Capacity Floppy Drive by disabling the sfloppy.sys driver"
labeltextusb="Disable USB Ports"
labeltextcd="Disable CD-ROM Drive"
labeltextflpy="Disable Floppy Drive"
labeltextls120="Disable High Capacity Floppy Drive"
Enabled="Enabled"
Disabled="Disabled"

Adding .ADM files to the Administrative Templates in a GPO

In order to add additional .ADM files to the existing Administrative Templates section in GPO please follow the next steps:

Open the Group Policy Management Console (or GPMC) from the Administrative Tools folder in the Stat menu, or by typing gpmc.msc in the Run command.

Note: GPMC is not a built-in part of Windows 2000/XP/2003, and needs to be separately installed. Can be downloaded from Microsoft.
If you do not have GPMC or cannot install it then you'll need to edit the GPO via the regular means, i.e. from Active Directory Users and Computers management tool (dsa.msc).

Right-click an existing GPO (or create an new GPO, then right-click on it) and select Edit.
Expand either the Computer settings or Users settings sections of the GPO. Go to the appropriate Administrative Templates section and right-click it. Select Add/Remove Templates.
In the Add/Remove Templates window click Add.
Browse to the location of the required .ADM file and click Open.
In the Add/Remove Templates window notice that the new .ADM file is listed, then click Close.
Open the Administrative Templates section and browse to the new settings location.

Disabling GPO settings filtering

Many custom Administrative Templates require you to remove the requirement to show policy settings that can be fully managed in the GPO editor. To do so follow the next steps:

After completing the above procedure, browse to the newly added Administrative Template section. Note that the section is indeed listed, however in the right-pane is empty.
Right-click an empty spot in the right pane and select View > Filtering.
In the Filtering window click to un-mark the "Only show policy settings that can be fully managed" option. Then click Ok.
Notice how the available options are now displayed in the right pane.

How to Disable USB Storage function on Windows XP by registry.

This is a subject which causes headaches to many IT managers and supervisors from time to time. As spreading of viruses, illegal software and medias like mp3s, videos and commercial espionage (theft of company confidential information) is generally done by usbsticks or usb disks etc.

When using common sense, may be, the most civilized way of preventing the usage is by IT policy, but, as you are already aware, we humans use the human factor and try to bend the rules whenever possible. So the only solution is to actually disable the regarding service so that risks are prevented automatically.

Well, the good news is, Microsoft was clever enough to create one service that can disable access to Usb storage without disabling access to other USb devices such as mouse, keyboard etc.

As I'm a lazy sod, I'm going to copy paste the information from a resource I like alot. The site is owned by Daniel Petri, and the original document can be found at www.petri.co.il
It is also explained at http://support.microsoft.com/kb/823732

There are actually 2 ways of disabling Usb Storage access in Windows XP:

Registry
GPO (Group Policy Object - Active Directory)

In this document I will explain how to do it via registry. I'll write the document on how to do it via GPO in my other how to's.

To block your computer's ability to use USB Removable Disks follow these steps:

Open Registry Editor.
In Registry Editor, navigate to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR

Locate the following value (DWORD):

START and give it a value of 4. Note: As always, before making changes to your registry you should always make sure you have a valid backup. In cases where you're supposed to delete or modify keys or values from the registry it is possible to first export that key or value(s) to a .REG file before performing the changes.

Close Registry Editor. You do not need to reboot the computer for changes to apply.

Enable usage of USB Removable Disks

To return to the default configuration and enable your computer's ability to use USB Removable Disks follow these steps:

Go to the registry path found above.

Locate the following value: Start and give it a value of 3.

Wednesday, November 11, 2009

How to Setup MRTG on Debian

Using MRTG on Debian Stable (Sarge)

At certain point, I needed to install MRTG on my Debian Stable for the simplest possible reason: To watch the traffic on the ethernet interface, which connects me to the backbone. I encountered few issues and since googling didn't help much, I had to to spend more time than I had initially planned. I saw similar posts in forums without answers so this might a common problem. So there comes this document.

Some important points to clarify first:

MRTG can be used for different purposes (i.e. monitoring bandwidth/cpu/... utilization on routers, switches etc). The sole purpose of this document is to show how a Debian system can monitor the utilization of its own interface(s). Although it should be easy to make changes to monitor other systems, it is not the intent here.
You have to pay special attention to how you configure this in your environment, installing an snmp daemon can result in leaking sensitive information from your system.
Also, there is a common confusion. MRTG is mainly for monitoring bandwidth utilization. If you are trying to know how much traffic (in megabytes or gigabytes) passes through your links on a daily/monthly/yearly basis, MRTG will be of no help at all. You should instead try vnstat (apt-get install vnstat) which is a lightweight console based application for this very purpose. There is also a 3rd party php frontend that gives you nice graphs.
In any case, use the information available here at your own risk. Author does not accept any responsibilty for anything that might go wrong for you.

What to do now?

First install snmp, snmpd and mrtg packages.

snmpd package is for the actual snmp daemon, we'll need this since mrtg mainly uses snmp to poll data. It can use other things as well but this is the most convenient method. snmp package includes some basic troubleshooting utilities and mrtg is the actual mrtg package itself.

Normally this is as easy as apt-get install snmp snmpd mrtg

This should immediately start the snmp daemon, and put links in /etc/rc*.d for it to start in bootup. You can manually start/stop/restart it via /etc/init.d/snmpd script.

Now we can test snmp with the snmp utilities we have installed.

kybele:~# snmpwalk -v 1 -c public localhost
SNMPv2-MIB::sysDescr.0 = STRING: Linux ...
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
SNMPv2-MIB::sysUpTime.0 = Timeticks: (1768) 0:00:17.68
SNMPv2-MIB::sysContact.0 = STRING: Root  (configure /etc/snmp/snmpd.local.conf)
SNMPv2-MIB::sysName.0 = STRING: ...
SNMPv2-MIB::sysLocation.0 = STRING: Unknown (configure /etc/snmp/snmpd.local.conf)
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORID.1 = OID: IF-MIB::ifMIB
SNMPv2-MIB::sysORID.2 = OID: SNMPv2-MIB::snmpMIB
SNMPv2-MIB::sysORID.3 = OID: TCP-MIB::tcpMIB
SNMPv2-MIB::sysORID.4 = OID: IP-MIB::ip
SNMPv2-MIB::sysORID.5 = OID: UDP-MIB::udpMIB
SNMPv2-MIB::sysORID.6 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup
SNMPv2-MIB::sysORID.7 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
SNMPv2-MIB::sysORID.8 = OID: SNMP-MPD-MIB::snmpMPDCompliance
SNMPv2-MIB::sysORID.9 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
SNMPv2-MIB::sysORDescr.1 = STRING: The MIB module to describe generic objects for network interface sub-layers
SNMPv2-MIB::sysORDescr.2 = STRING: The MIB module for SNMPv2 entities
SNMPv2-MIB::sysORDescr.3 = STRING: The MIB module for managing TCP implementations
SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for managing IP and ICMP implementations
SNMPv2-MIB::sysORDescr.5 = STRING: The MIB module for managing UDP implementations
SNMPv2-MIB::sysORDescr.6 = STRING: View-based Access Control Model for SNMP.
SNMPv2-MIB::sysORDescr.7 = STRING: The SNMP Management Architecture MIB.
SNMPv2-MIB::sysORDescr.8 = STRING: The MIB for Message Processing and Dispatching.
SNMPv2-MIB::sysORDescr.9 = STRING: The management information definitions for the SNMP User-based Security Model.
SNMPv2-MIB::sysORUpTime.1 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.2 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.3 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.4 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.5 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.6 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.7 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORUpTime.8 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORUpTime.9 = Timeticks: (1) 0:00:00.01
End of MIB
kybele#

This seems to be working. So far so good. We go the next step and try to configure mrtg.

kybele:~# cfgmaker public@localhost
--base: Get Device Info on public@localhost:
SNMP Error:
Received SNMP response with error code
  error status: noSuchName
  index 1 (OID: 1.3.6.1.2.1.1.9.1.4.9)
SNMPv1_Session (remote host: "localhost" [127.0.0.1].161)
                  community: "public"
                 request ID: 392141002
                PDU bufsize: 8000 bytes
                    timeout: 2s
                    retries: 5
                    backoff: 1)
 at /usr/share/perl5/SNMP_util.pm line 733
--base: Vendor Id:
--base: Populating confcache
--snpo: Skipping ifName scanning because public@localhost: does not seem to support it
--snpo: Skipping ifDescr scanning because public@localhost: does not seem to support it
--snpo: Skipping ifType scanning because public@localhost: does not seem to support it
--snpo: Skipping ipAdEntIfIndex scanning because public@localhost: does not seem to support it
--snpo: Skipping ifPhysAddress scanning because public@localhost: does not seem to support it
--base: Get Interface Info
--base: Walking ifIndex
.......
.......

Here we have a problem. Normally we should be able expect cfgmaker to run in this scenario but it does not. The trick is the default configuration of the snmp daemon. Digging further you will see that snmpd doesn't allow the types of queries mrtg needs by default.

So, edit /etc/snmp/snmpd.conf and comment out the following line

com2sec paranoid default public

and instead add

com2sec readonly localhost public

The difference is, the first one which comes in the default installation gives access to anyone on all interfaces with a public community string and it is paranoid. This doesn't suit us for two reasons: First, there is no need for letting everyone to access us on all interfaces. We both have mrtg and snmpd on the same system so only allowing loopback will do perfectly for us. The second problem is that we need more information than snmpd provides by default. So we change this line to allow all readonly queries to be made only on the loopback interface but nowhere else. So after the change this is what /etc/snmp/snmpd.conf looks like:

...
####
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

#       sec.name  source          community
com2sec readonly  localhost         public
#com2sec paranoid  default         public
#com2sec readonly  default         public
#com2sec readwrite default         private
...

If you run mrtg on a different system, you will need a different configuration here since only allowing the loopback will not be enough. But that's not what we are trying to do here. (In such a case, I'd strongly advise to use a different community name than public, that's what everyone and all scanners will try first!)

After changing the file, we do a reload of the snmp daemon for the changes to take effect. And then test with the cfgmaker again.

kybele:~# /etc/init.d/snmpd reload
Restarting network management services: snmpd.
kybele:~#
kybele:~# cfgmaker public@localhost
--base: Get Device Info on public@localhost:
--base: Vendor Id:
--base: Populating confcache
--snpo: confcache public@localhost: Descr lo --> 1
--snpo: confcache public@localhost: Descr eth0 --> 2
--snpo: confcache public@localhost: Descr eth1 --> 3
--snpo: confcache public@localhost: Descr dummy0 --> 4
--snpo: confcache public@localhost: Descr tunl0 --> 5
--snpo: confcache public@localhost: Type 24 --> 1
--snpo: confcache public@localhost: Type 6 --> 2
--snpo: confcache public@localhost: Type 6 --> 3 (duplicate)
--snpo: confcache public@localhost: Type 6 --> 4 (duplicate)
--snpo: confcache public@localhost: Type 131 --> 5
--snpo: confcache public@localhost: Ip 127.0.0.1 --> 1
--snpo: confcache public@localhost: Ip xxxx --> 2
--snpo: confcache public@localhost: Eth  --> 1
--snpo: confcache public@localhost: Eth xxxx --> 2
--snpo: confcache public@localhost: Eth xxxx --> 3
--snpo: confcache public@localhost: Eth  --> 4 (duplicate)
--snpo: confcache public@localhost: Eth  --> 5 (duplicate)
--base: Get Interface Info
--base: Walking ifIndex
--base: Walking ifType
--base: Walking ifAdminStatus
--base: Walking ifOperStatus
--base: Walking ifSpeed
# Created by
# /usr/bin/cfgmaker public@localhost
### Global Config Options
#  for UNIX
# WorkDir: /home/http/mrtg
#  for Debian
WorkDir: /var/www/mrtg
#  or for NT
# WorkDir: c:\mrtgdata
### Global Defaults
#  to get bits instead of bytes and graphs growing to the right
# Options[_]: growright, bits
EnableIPv6: no
######################################################################
# System: xxxx
# Description: xxxx
# Contact: Root  (configure /etc/snmp/snmpd.local.conf)
# Location: Unknown (configure /etc/snmp/snmpd.local.conf)
######################################################################
### Interface 1 >> Descr: 'lo' | Name: '' | Ip: '127.0.0.1' | Eth: '' ###
### The following interface is commented out because:
### * it is a Software Loopback interface
#
# Target[localhost_1]: 1:public@localhost:
# SetEnv[localhost_1]: MRTG_INT_IP="127.0.0.1" MRTG_INT_DESCR="lo"
# MaxBytes[localhost_1]: 1250000
# Title[localhost_1]: Traffic Analysis for 1 -- xxxx
# PageTop[localhost_1]: Traffic Analysis for 1 -- xxxx

#  #         
#   

#   

#   
     
#   
     
#   
  
#   
         
#  
System: xxxx in Unknown (configure /etc/snmp/snmpd.local.conf)
Maintainer:  Root <root@localhost> (configure /etc/snmp/snmpd.local.conf)
Description: lo  
ifType: softwareLoopback (24)
ifName: 
Max Speed: 1250.0 kBytes/s
Ip: 127.0.0.1 (localhost)### Interface 2 >> Descr: 'eth0' | Name: '' | Ip: 'xxxx' | Eth: 'xxxx' ###
Target[localhost_2]: 2:public@localhost:
SetEnv[localhost_2]: MRTG_INT_IP="xxxx" MRTG_INT_DESCR="eth0"
MaxBytes[localhost_2]: 12500000
Title[localhost_2]: Traffic Analysis for 2 -- xxxx
PageTop[localhost_2]: Traffic Analysis for 2 -- xxxx         
  

  

  
     
  
     
  
  
  
         
 
System: xxxx in Unknown (configure /etc/snmp/snmpd.local.conf)
Maintainer:  Root <root@localhost> (configure /etc/snmp/snmpd.local.conf)
Description: eth0  
ifType: ethernetCsmacd (6)
ifName: 
Max Speed: 12.5 MBytes/s
Ip: xxxx### Interface 3 >> Descr: 'eth1' | Name: '' | Ip: '' | Eth: 'xxxx' ###
### The following interface is commented out because:
### * it is administratively DOWN
### * it is operationally DOWN
#
# Target[localhost_3]: 3:public@localhost:
# SetEnv[localhost_3]: MRTG_INT_IP="" MRTG_INT_DESCR="eth1"
# MaxBytes[localhost_3]: 1250000
# Title[localhost_3]: Traffic Analysis for 3 -- xxxx
# PageTop[localhost_3]: Traffic Analysis for 3 -- xxxx#  #         
#   

#   

#   
     
#   
     
#   
  
#  
System: xxxx in Unknown (configure /etc/snmp/snmpd.local.conf)
Maintainer:  Root <root@localhost> (configure /etc/snmp/snmpd.local.conf)
Description: eth1  
ifType: ethernetCsmacd (6)
ifName: 
Max Speed: 1250.0 kBytes/s### Interface 4 >> Descr: 'dummy0' | Name: '' | Ip: '' | Eth: '' ###
### The following interface is commented out because:
### * it is administratively DOWN
### * it is operationally DOWN
#
# Target[localhost_4]: 4:public@localhost:
# SetEnv[localhost_4]: MRTG_INT_IP="" MRTG_INT_DESCR="dummy0"
# MaxBytes[localhost_4]: 1250000
# Title[localhost_4]: Traffic Analysis for 4 -- xxxxx
# PageTop[localhost_4]: Traffic Analysis for 4 -- xxxx#  #         
#   

#   

#   
     
#   
     
#   
  
#  
System: xxxx in Unknown (configure /etc/snmp/snmpd.local.conf)
Maintainer:  Root <root@localhost> (configure /etc/snmp/snmpd.local.conf)
Description: dummy0  
ifType: ethernetCsmacd (6)
ifName: 
Max Speed: 1250.0 kBytes/s### Interface 5 >> Descr: 'tunl0' | Name: '' | Ip: '' | Eth: '' ###
### The following interface is commented out because:
### * it is administratively DOWN
### * it is operationally DOWN
### * has a speed of 0 which makes no sense
#
# Target[localhost_5]: 5:public@localhost:
# SetEnv[localhost_5]: MRTG_INT_IP="" MRTG_INT_DESCR="tunl0"
# MaxBytes[localhost_5]: 0
# Title[localhost_5]: Traffic Analysis for 5 -- xxxx
# PageTop[localhost_5]: Traffic Analysis for 5 -- xxxx#  #         
#   

#   

#   
     
#   
     
#   
  
#  
System: xxxx in Unknown (configure /etc/snmp/snmpd.local.conf)
Maintainer:  Root <root@localhost> (configure /etc/snmp/snmpd.local.conf)
Description: tunl0  
ifType: Encapsulation Interface (131)
ifName: 
Max Speed: 0.0 Bytes/s

Ok, it worked. We created a working mrtg configuration. You should write/append it to the default mrtg configuration at /etc/mrtg.cfg with cfgmaker public@localhost > /etc/mrtg.cfg and customize it as you like (I'd recommend Options[_]: growright, bits). Now you should have a working mrtg. You can easily add CPU, memory and swap monitoring to your configuration as well, just make sure that you have the libsnmp-base package (apt-get install libsnmp-base) and include the following lines to your /etc/mrtg.cfg

LoadMIBs: /usr/share/snmp/mibs/UCD-SNMP-MIB.txt
Target[localhost.cpu]:ssCpuRawUser.0&ssCpuRawUser.0:public@localhost+ssCpuRawSystem.0&
ssCpuRawSystem.0:public@localhost+ssCpuRawNice.0&ssCpuRawNice.0:public@localhost
RouterUptime[localhost.cpu]: public@localhost
MaxBytes[localhost.cpu]: 100
Title[localhost.cpu]: CPU Load
PageTop[localhost.cpu]: Active CPU Load %Unscaled[localhost.cpu]: ymwd
ShortLegend[localhost.cpu]: %
YLegend[localhost.cpu]: CPU Utilization
Legend1[localhost.cpu]: Active CPU in % (Load)
Legend2[localhost.cpu]:
Legend3[localhost.cpu]:
Legend4[localhost.cpu]:
LegendI[localhost.cpu]: Active
LegendO[localhost.cpu]:
Options[localhost.cpu]: growright,nopercent

LoadMIBs: /usr/share/snmp/mibs/HOST-RESOURCES-MIB.txt
Target[localhost.mem]: .1.3.6.1.4.1.2021.4.6.0&.1.3.6.1.4.1.2021.4.6.0:public@localhost
PageTop[localhost.mem]: Free MemoryOptions[localhost.mem]: nopercent,growright,gauge,noinfo
Title[localhost.mem]: Free Memory
MaxBytes[localhost.mem]: 1000000
kMG[localhost.mem]: k,M,G,T,P,X
YLegend[localhost.mem]: bytes
ShortLegend[localhost.mem]: bytes
LegendI[localhost.mem]: Free Memory:
LegendO[localhost.mem]:
Legend1[localhost.mem]: Free memory, not including swap, in bytes

LoadMIBs: /usr/share/snmp/mibs/UCD-SNMP-MIB.txt
Target[localhost.swap]: memAvailSwap.0&memAvailSwap.0:public@localhost
PageTop[localhost.swap]: Swap MemoryOptions[localhost.swap]: nopercent,growright,gauge,noinfo
Title[localhost.swap]: Free Memory
MaxBytes[localhost.swap]: 1000000
kMG[localhost.swap]: k,M,G,T,P,X
YLegend[localhost.swap]: bytes
ShortLegend[localhost.swap]: bytes
LegendI[localhost.swap]:  Free Memory:
LegendO[localhost.swap]:
Legend1[localhost.swap]: Swap memory avail, in bytes

Finally, you can create an index page with indexmaker /etc/mrtg.cfg > path_to_your_index_file/index.html command.

(This document has been omitted from http://www.ilkertemir.com)

Thursday, August 20, 2009

How to use HP Proliant DL380 with only 5 fans (instead of 8)

Some people never learn the meaning of "mind the gap".

When you reset the BIOS or change the motherboard on a HP Proliant DL380 server, the automatic motherboard protection feature doesn't let you boot the system as it feels few fans are missing.

There is only one possible way of solving this problem without spending 150$ (x3) on each so called missing fan.

The server supports redundant hot-plug fans to provide proper airflow to the system if a primary fan fails. The server airflow is divided into three zones:
processor, I/O, and power supply. Shared fans 4 and 7 each provide airflow for two zones. If a shared fan fails, the failure is experienced in both zones.

In the standard configuration, five fans cool the server: fans 2, 4, 5, 6, and 7 in the processor zone; fan 4 in the I/O zone; and fan 7 in the power supply zone.

For the redundant configuration, fans 1, 3, and 8 (one fan per zone) are added to cool the server. This allows the server to continue operation in non-redundant mode if only one fan fails per zone.

The server shuts down in the following scenarios:

• At POST:

The BIOS suspends the server for 5 minutes if it detects a cautionary temperature level. If the cautionary temperature level is still detected after 5 minutes, the BIOS performs an orderly shutdown and then restarts. This process repeats until the cautionary temperature level is no longer detected.
The BIOS performs an orderly shutdown if the following minimum requirements are not met: one working fan in the I/O zone, five workingfans in the processor zone, and one working fan in the powersupply zone.
The server performs an immediate shutdown if it detects a critical temperature level.

IMPORTANT: An immediate shutdown is a hardware-controlled function and it overrides any firmware or software actions.

Here is the solution:
As seen from the table below, some fans are primary and some are redundant. If you only socket your fans into the primary slots, leaving the redundant ones empty, the system will boot up normally.

At this point I'd strongly advise you to enter the BIOS settings (F10) at post and disable the automatic overheat shutdown function as this function shutsdown the system without even checking the heat difference. No worries, as it says above, even if this function is turned off, its still active and it will switch the system off if the heat level goes critical.

Tuesday, August 18, 2009

Size Does Matter : Outlook Express

Its nice to have an easy to use mail client such as Outlook Express. Believe it or not, not only home users, many companies still "try" to use Outlook Express. Worse, as they runaway from the complications of Outlook such as "rich text messaging" :)

The primary target of OE has always been the home user, it has some limitations to it. No, its not limited with your disk size, but its limited with your "inbox" or "sent items" folder size.

Unlike Outlooks one file OST or PST file (mail storage file), OE keeps all its data in separate files such as inbox.dbx, sent.dbx, etc. As it explains it on Microsoft Support article bad news is the .dbx files are limited to 2Gb file size. In our expanding and everyday developing urge for more gigabytes, what is 2Gb ?

Well that is not the bad news. OE has never been designed to handle even 2Gb dbx file sizes. I have seen alot of cases where all the folder sizes of users ended up about 23 Gb in total. Conclusion ? FATALITY. As OE's blind look into the future, when your dbx size gets over 2Gb, its bound to fail. Its a simple structured database file which holds messages in certain order. Every database has its structures and if they are not used for the right purpose, just as any other database file they are bound to break.

So, as usual where ever there is Microsoft, there is chance for people to make extra penny or two. If you don't want to be a customer of mine or others, my advice would be to:

Upgrade your client to Ms Outlook, which it can hold mail just about up to 20 Gb without any problems.
Archive your old mails once in 3 months.
Backup your mails regularly. You can use Outlook Express Backup 6.5 by http://www.genie-soft.com (Free of Charge!)
Use a proper mail protecting antivirus software. Avast and Kaspersky are the most successful ones at the moment.
CHKDSK /F your HDD at least once a week.
Delete unneeded mails.

If you are reading these lines most probably you are one of those users which weren't aware of these facts, which your OE is not running or giving silly error messages.

If you google your error, you will find alot of software sellers who sounds very promising to save or salvage your inaccessible data. Well some can. But can they salvage it the shape and order you would like it to be recovered ?

I already explained that below somewhere...

Debian Linux 5.0.2 (Lenny) Locale Error after installation

As being a novice Debian user, I installed Debian Linux 5.0.2 (lenny) on my Vmware about 4 times today thinking that its a temporary CRC checksum / hash error.

But its bugged. It happens. Eventually worked my through it in the simple way:

Error it gives:
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = "en_US:en_GB:en",
LC_ALL =
LANG = "en_US"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

This generally means that the package "locale" has not been loaded. If you try to install it with apt-get install locale, it points directly to the installation CD which is the first DVD usually. But there is a hash error on installation package so it fails.

Workaround is very simple:
Although it looks like there is a faulty installation, there is no installation made. So, what it means is generally, locales package has not been installed.

Remove the DVD from drive and run command apt-get install locale it will prompt for the DVD.
Do NOT place the DVD inside and press enter. It will not find it, and it will eventually start downloading it from the website automatically.

If it does not load it automatically you will have to write apt-get update, then re-run apt-get install locale
dpkg-reconfigure locales
in the process select the locales you would like to use and tadaaa there it is.

Tuesday, July 21, 2009

Outlook Express 6 Can't Start (continued)...

Well, as I mentioned in my last post about the subject, I've decided to follow some of Tom Koch of http://www.insideoe.com's instructions.

Here is how I solved it:

If Outlook Express will not start, move the *.dbx files from your store folder and into a new empty folder.

Download this small script that will open the store folder of the currently logged-on Identity. Alternatively you can find it be searching in Windows Explorer for files named *.dbx. Be sure to include hidden files in your search, as OE user files are marked as hidden by default. To view hidden files:
- In Windows Explorer, click Tools| Folder Options then click theView tab.
- Click the button for Show hidden files and folders.
On your desktop, right-click and point to New| Folder.
In the store folder window, click Edit| Select All, or press CTRL-A.
Drag the selected files and drop them into the New Folder on your desktop.

Try opening OE again. If it starts without error, try importing your mail folders.

Click File| Import| Messages| Microsoft Outlook Express 6.
Select Import from a store folder and click Browse.
Navigate to the New Folder on the Desktop.

If OE cannot import the mail folders, it means the file Folders.dbx is probably damaged. In that case, close OE and move all the other *.dbx files back into the store folder. When you re-start OE, it will build a new index of all the *.dbx files it can read, and create a new Folders.dbx. Understand though that you will lose the mail tree structure, all lists of newsgroups, and all synchronization options, and that message rules will likely need to be edited.

If any *.dbx file fails to be imported, you can buy DBXtract or download the free Macallan Outlook Express Extraction in order to extract individual *.eml files for each message it finds in the damaged *.dbx file. You can then drag those *.eml files and drop them into an OE mail folder in the OE Folder list.

Thanx Tom ! I couldnt have done it without you. Great information.

Remember that Outlook Express and Mozilla Thunderbird are e-mail/messaging clients for SOHO use. Not for mass mail dealing like in the office. Their database size should not exceed 4Gb, which you should protect against viruses as well as backup regularly. For a good backup solution is Outlook Express Backup 6.5 by http://www.genie-soft.com (Free of Charge!), which is only 4 Mb in size and it does what its asked to do.

One more user happy...

Monday, July 20, 2009

If an IT Geek finds an underwater treasure...

Well, as usual I have been the laughter of the pack, as I got my diving gear on for a daily dip in the well crowded "Kerpe" beach.

It was a very hot Saturday, sun was burning down at 38 Celsius, there was no option. Underwater was the coolest place. No, no airtanks...Just a mask, snorkel and flippers. well the deeps were sandy and clear minor splashes of waves.

So I left the pack who were interested in watching dirty sea weeds instead of fish, but about 10 yards out I saw a small object that seemed quite familiar to my eye...My first reaction was..."Naaah, it can't be !", eventually I started circling around it like a shy shark, observing its pray...

I must of been at least 3 meters deep, but I had to check it out. Filling with air, I made for the deep dive...As I got closer to it, my heart started beat faster in puzzlement !

While I touched it, my sense of humor made me burst out laughing with a burp of air...
Its..its... a HP 914c Handheld !! What the hell is a HP 914c doing 300 km out of Istanbul, on a small cove, about 50 meters offshore ? And 3 meters deep under water !!!

As I was running out of air, I made my way up smoothly without knowing the consequences of my great treasure hunt !

I couldn't believe my eyes, when I reached the top, I took off my mask to give it another glance..yes ! it was a HP 914c Handheld ! I had to share it with my mates...but would they believe me ? They had to, as I wouldnt wet a handheld just to show off...They had to believe me !

So I rapidly swam ashore in total dazzlement. As I was climbing ashore onto the rocks few kids gave me a gaze, saying, "oh is that waterproof ?"...I didnt answer...

When I got next to my pack, I screamed out " I found a treasure in the water..."

Noone reacted...thats weird...one of them actually said "What did you find ? A Commodore 64 ?"

I replied, "NO ! An Ipaq 914c !!" Now, I caught all their attention ! I carefully handed over the water dripping Ipaq, which they started taking from hand to hand..Of course there was a burst of laughter...What can actually a geek find underwater ? Teasure ? Very unlikely...Ipod nano ? Most likely....

Friday, July 17, 2009

Outlook Express can't start

God ! It has taken me all day...Still no workaround.

Problem: Outlook Express 6.0 hangs on start logo. Actually its not a hang as CPU value is pushed right up to 50% and memory usage to 120+Mb. Oh yes, users data is about 21 Gigs...

Diagnosis: Now this is the tiring part...

Backed up all dbx files to a separate folder.
Tried CHKDSK /f (restart)
After checkdisk, still doesn't work.
Visited Ms site for the garbage they have to say on Technet. Sucks. (http://support.microsoft.com/kb/274017)..it blabbers on that OE can only hang on start because of identity problem...Bulls....

It seems as I'm not the only one going crazy with this cheap software. The net is far over
populated with people who have cracked their brains while trying to fix cheap stuff...

Actually there are few stuff you can do before crackin on it and believe me normally the least solution is the best one. Yes ! backup your data and format it ! Nothing is like a clean installation.

Ok, so you dont want to reinstall...Hmm in my case I cant do that too, as the user is 1,200km away and to give my suppport I'm RDP'ing in...

Next steps ? :

Tried to reinstall SP2...cant install.....service pack gives an error realted to usbstor.sys...Dont try it ! SP3 gives the same result too...
Upgraded Internet Explorer from MSie6 to Msie7...no use still hangs on start.
Googled the error...and bingo ? Nope...there are hundreds of reasons why OE can hang on start...well its Ms after all...identity confusion lool...
Actually this guy has put some sense into it..I'm gonna try that tomorrow...(http://www.insideoe.com/problems/errors.htm#crash)

I'm running out of patience...Need a format...lets see....to be continued...

Thursday, July 16, 2009

Emotional IT blog..

Hahaha

I'm sure when you read the title you directly said to yourself "what is this nerd talking about now ?"...

Well...everyone creates a blog or two...may be its time I did too. Why ? I have alot of information in my little brain and can't fit it all inside, I must copy some out to put new ones inside may be :))

It will mainly consist of IT stuff but may also put in some daily stuff too.

Life is an adventure that can be fun if you look at it from different angles. Lets see how it goes.