Tech Grab Bag has moved to it’s new location. All future posts will be at the following address.
We Have Moved
August 25, 2011SSH – Disable root logins
August 16, 2009By default machines running Fedora, RedHat, and their variants allow root to ssh directly into them. In order to disable this and force users to first ssh into these boxes as themselves you should edit the sshd_config file.
To do this simply open the sshd_config file with your favorite text editor, I use vi.
Next, locate the line “PermitRootLogin”.
Remove the comment and change the value to no.
Save, close, and restart sshd.
F5 BIG-IP resources
August 12, 2009The BIG-IP is a great appliance and extremely powerful. However, because it can do so much you may find yourself looking for a little help getting pointed in the right direction. If you don’t already know about this resource, you should.
This should be your first stop when trying to figure out how to configure your BIG-IP or write iRules.
McAfee Firewall Enterprise (aka Sidewinder)
July 30, 2009I figured since I went to the trouble of pointing out how nice the new ASDM interface was I would point out an equally nice interface for firewall management. The McAfee Firewall Enterprise (aka Sidewinder), I still just call it the Sidewinder, has a very nice user interface for managing that appliance.
It is an explorer type interface with navigation on the left and tasks on the right. It is laid out logically and because it is a native Windows app, is very fast. I can honestly say I have never had this interface crash on me.
Besides having a nice management interface the Sidewinder is just a darn good firewall. Although, be warned, it is a proxy based firewall, so setting up rules isn’t always as straight forward as you might find with other firewalls, but don’t let that scare you away.
Cisco ASA
July 29, 2009I have never been a fan of the PDM used to manage the PIX. It has always been slow, buggy, and not as intuitive as other firewall interfaces.
Today I had two ASA5550 firewalls to configure for an upcoming project. My opinion of the ASDM, well done Cisco. The ASDM makes managing the ASA a dream compared to using the PDM for the PIX.
The user interface is intuitive, it is straight forward to manage the objects and rules, it is much faster than the PDM, and after a full day of working in the interface, not one crash.
Network Monitoring Solution
July 14, 2009If your looking for a good network monitoring application that is low cost, easy to setup, easy to use, and still does a good job, take a look at Cacti. Cacti is an open source network monitoring system that uses apache, php, mysql, rrdtool, and net-snmp to monitor network attached devices.
Cacti gives you device status via SNMP or ICMP and various performance graphs via SNMP. SNMP versions 1, 2, and 3 are supported by Cacti. The one shortcoming is a limited number of device types supported out of the box, but don’t let that scare you off. The generic counters should be adequate to get you up and going.
I used Ubuntu 8.04 LTS as my host system and installation was straight forward and fast. Just make sure that you look at the install doc and install the required packages before you install Cacti. With the version of Ubuntu I used, apt missed the install of mysql-server for some reason. However, i simply installed mysql-server and then ran dpkg-reconfigure cacti and I was back on track.
If you want to get up and running with the least amount of trouble I would stick with one of the distros that have a package available, i.e. Ubuntu, Debian, Fedora, etc…
Have fun…
The Switching Kitchen
July 13, 2009The Switching Kitchen is a Cisco website that gives some nice little tips on configuring switches. It contains recipe cards on what is being discussed in the videos and the videos are technical instead of sales driven.
