Configuration Management Series

CMSome of the most tedious tasks that system administrators have to do is installation, configuration and management of applications and operating systems. Most often the administrator follows a checklist of what needs to be installed and how to install it, that’s IF a checklist even exists. This process takes time and resources and is error prone in every way possible.

Back not so long ago I administered a medium size SaaS payment processing application that had so many custom configuration it would make your head explode. The only way we could possibly maintain control of this environment was to put strict controls and processes in place for any change. Now I’m not saying processes and procedures are a bad thing but they do take time to implement and just by the nature of maintaining strict control you restrict reaction time to critical events.

So what is an organization to do? The only thing they can do, AUTOMATE! I love scripts and have a library of scripts going back years. The problem with scripts is not that they don’t help me on the contrary they really only helped me at that time. It’s my script, I designed it for what I needed at the time. No framework, just raw code mashing together values that years later I look at and think “What the heck was I doing here?”. So I have to go back and relearn the logic of my scripts to make sure a value I change doesn’t bring down the entire organization (yes they can, trust me).

So where am I going with this and why am I saying automation is the only answer after my own problems maintaining scripts. Well it’s that experience that taught me that it wasn’t the scripts that  were bad but my way of implementing them. At the time I started scripting it really was the only way of doing things. No frameworks existed that would help with scaling out my process to a team. I was so heads down in what I was doing I didn’t even see CFEngine hit the scene. This was the tool I was looking for and was built out of the frustration of maintaing large amounts of configurations for different types of systems. Since it’s release two other very popular configuration management tools have come to the party Chef from OpsCode and Puppet from Puppet Labs. These three configuration management tools are laser focused on enterprise management.

I’m not going to write a blog on which one is better as this really depends on what you are looking for as each one of them does configuration management a little different.  What I am going to do is explain how to install and test a basic configuration implementation from each. The only one I really have any experience with is Chef so I will be starting with that one. The task will be to create a new user on a Ubuntu 12.04 install and add a public key to the authorized keys file.

So let’s get started!

Back from my break!

Not sure if you would call it a break but it has been a little while since my last post. I’m going to try and re-engage my blog with several posts of technology items and topics I’ve been working on. Some items will be longer than others but I think they all provide some great information.

Topics to look out for.

- Dell’s Crowbar

- OpsCode Chef

- Zenoss – ZenPacks and other items

- Eclipse

- SSH Tunnels

- SNMP

- Open Source Software (OSS)

- Arduino MicroController

… and many more.

So stay tuned and please provide as much feedback as you can. I look forward to getting back to sharing my experiences.

SSL Overview

Recently I created a presentation for a client on SSL. The purpose was to give a packet level view of the SSL protocol so the client and their support team would have a better understanding of the problems they had. The original presentation was done in powerpoint so I adapted it to blog format.

 

Brief SSL History

SSL v1 was developed by Netscape back in 1994. It was developed with the main purpose of security web browser traffic to the server. Now the SSL protocol is used for many different system to system communications. Continue reading

Wireshark Portable Profiles

In my last blog (Wireshark Custom Columns) I provided you information on customizing your Wireshark interface depending on the problem you are troubleshooting. These custom profiles are extremely helpful in providing the needed information for troubleshooting the vast range of issues you will encounter. As you increase your effectiveness as a analyst you will undoubtedly be called to resolve issues on many different networks other than your own. These situations may require that you utilize local hardware and software to troubleshoot with. In these situation you can rapidly become effective by transferring the custom profiles from your local system to this new system. Wireshark makes it easy to transfer your custom profile simply by copying a set of plain-text files between the two systems.

Continue reading

Wireshark Custom Columns

To effectively troubleshoot network traffic you must extract from the trace files key information points. To extract and view this information you must customize your protocol analyzer to present this custom view of the information. One of the most widely used protocol analyzers is the free tool called WireShark and by default this tool provides a very limited view into your trace files. Since this is the tool I personally use I will show you how I’ve customized it to provide the data I need.

Continue reading