Saturday, February 28, 2009

DNSsec for .gov


Already some time ago that Dan Kaminsky published his exploit on DNS, by far this was one of the most shocking events for DNS admins in a long time. For those who like to understand the exploit found by Dan Kaminsky, there is a excelent guide on unixwiz.net which is a very good introduction about the DNS exploit.

To tighten the security the administrators of a .gov domain are now told to implement DNSsec to make sure the .gov domain servers will be more secure. Besides that tightening your security is always a good plan this will also be a boost for the DNSsec project. To get a good view on DNSsec you can review the video below which is a very fast introduction on DNSsec.



In very very short, the steps to create keys for DNSsec on a Linux BIND server are noted below. However, this is a very very short guide and it has a lot of open spots. You might want to look arround to find more details. I might even write a more detailed guide on this, however, for now you will have to do with this.

- Make sure you are running at least BIND 9.3, version 9.3 is the first version where you can sign your zones.
- Review your named.conf file and make sure that dnssec-enable is set to yes.
- Next, create a key for your zone, a ZSK key, (Zone Sign Key): dnssec-keygen -a RSASHA1 -b 1024 -n ZONE somedomain.com
- Create a key to sign your ZSK key: dnssec-keygen -a RSASHA1 -b 2048 -n ZONE -f KSK somedomain.com

To get all up and running you have to take some more steps, however, in this post I only want to show you how to create your keys needed for DNSsec.

map of country codes


Reading a old magazine before dumping it I noticed a article on "Country Codes of the Worl". They pointed out to a nice map which includes all the country codes. I just want to share it so if people are ever looking for such a map to put on the wall of a office they might find this link to the original website useful.

At the end of every URL and email address is a top-level domain (TLD). Although .com is the world’s most popular TLD, it is far from alone. There are more than 260 TLDs in use around the world, most of which are country code top-level domains (ccTLDs). The Country Codes of the World map includes 245 country codes, which encompasses all United Nations countries as well as numerous islands and territories. Each two-digit code is aligned over the country it represents and is color coded with the legend below for quick and easy reference.

Sunday, February 22, 2009

enterprise source code repository

Source codes, every programmer needs them from time to time as a reference, to learn new things, to look into ways of how someone else has solved a problem etc etc. Besides all the tools and ways on how to version your code and store and a share it in a safe way there is also an other challenge within a enterprise. How do you provide your developers in a good way access to source code they can use to learn.

Code developed by your own developers can help other developers in your company to do their task faster and more simple. What you do not want them to do is to checkout every subversion repository and start browsing that. What you do want to provide them with a platform where developers can quickly browse code and start learning.

Some tools to build a developers knowledge base are for example LXR which can be used to generate a web front of source code libraries and create links automatically between the different files. This can be very helpful to automate the process of "web enable" your source code library. When you want to have a search engine to give developers the option to search your massive ammount of data you can have a look into products like ht://Dig wich will index automaticly a given website and create a search index arround it. As you can see, with some simple opensource tools you can create a enterprise wide source code library for your developers to learn and benifit from.

WiFi bridge, wireless repeaters


Consider the situation that you have a WiFi router and that you want one of your neighbors to make use of it, consider that his neighbor also wants to make use of your connection. Considering you do not have any problem with it this can be quite nice to start a neighborhood network. The problem you might face is that you are not able to cover the entire area with one single WiFi router. In this case you want to extend your WiFi signal in such a way that all the poeple who want to use it are able to pickup the signal. You might want to start digging and placing cables to places where you can place an other WiFi router. You also might consider to repeat your signal over several WiFi routers.

In this case you have one (or more) centralized WiFi routers which are connected to the backbone of your network from here you send your signal via WiFi to an other router which re-destributes the signal. So You will end up with some routers which do not have any cable plugged in. For example you can use the out of the box functions of a LinkSys WAP54G or WRT54G WiFi router to use it as a wireless repeater. Some great guides on how to setup a router in such a way are published so I like to point out the one I used from Nohold.net, you should check out this guide when you like to setup a wide WiFi network quite simple and fast.

fax from Orace E-business Suite

I recently received the question from someone if I wanted to look into the possibilities to setup a rather cheap service for sending faxes into the world. The solution should be able to handle faxes which where send from the Oracle E-Business suite 11.5.10.2. In Oracle E-Business suite 11.5.10.2 you have the option in the Oracle Purchasing module to do a couple of things when approving a PO (Purchase Order). You can print the purchase order, you can send it to the supplier as a e-mail, you can use IDE/XML or you can send a fax.

One of the question was that Oracle E-Business suite should be able to use the fax server to send faxes and also users in the network should be able to send faxes from their workstations. Windows users, UNIX/Linux users and Mac users should be able to send faxes from their desktops. Considering those two wishes their where some additional things, it had to be cheap, only one faxserver was to be setup and preferably it should be opensource.

After some investigating via google I came out at HylaFAX, HylaFAX is a opensource fax server capable of all those things. Besides the work done by the people from HylaFAX some other people started to code applications arround the HylaFAX server and you can find java API's which can be used to start coding your own 'gateway ' applications to the fax server. Without much coding you can setup Oracle E-Business suite to use the HylaFAX server.

If you are ever in need to setup a "small" fax server which needs to have all (or some) of the named capabilties you might want to look into HylaFax. And I placed small within quotes becasue you can create quite a large faxserver with HylaFAX.

Sunday, February 08, 2009

Setup Oracle Enterprise Manager 11G on Ubuntu

A couple of posts ago I explained how to setup a Oracle 11G database on Ubuntu Linux, after that I wanted to setup the Oracle Enterprise Manager 11G for Database Controle on Ubuntu Linux. For some reason the first attempt was not successful which helped me to find some error messages and learn how to debug those kind of problems.

To install the Oracle Enterprise Manager (OEM) for you 11G database on the database server you have to take basilcy the following steps:

Login as the user Oracle and make sure that you database is running and that the environmental variables are set, ORACLE_HOME, ORACLE_SID are the most important. To check this you can do a "env | grep ORACLE" which should give you a result something like this:


oracle@orcl11gdb:/u01$ env | grep ORACLE
ORACLE_SID=JLO11G
ORACLE_HOME=/u01/app/oracle/product/11.1.0/db_1

Next, go to "$ORACLE_HOME/bin" and execute the command: emca -config dbcontrol db -repos create

My first attempt was blocked because of the fact that after my installation the user DBSNMP was disabled and because of the fact I entered a password incorrectly when I was asked to provide it. This resulted in a error message like the one below:

oracle.sysman.emcp.exception.EMConfigException: Error dropping the repository
at oracle.sysman.emcp.EMReposConfig.invoke(EMReposConfig.java:208)
at oracle.sysman.emcp.EMReposConfig.invoke(EMReposConfig.java:147)
at oracle.sysman.emcp.EMConfig.perform(EMConfig.java:221)
at oracle.sysman.emcp.EMConfigAssistant.invokeEMCA(EMConfigAssistant.java:534)
at oracle.sysman.emcp.EMConfigAssistant.performConfiguration(EMConfigAssistant.java:1214)
at oracle.sysman.emcp.EMConfigAssistant.statusMain(EMConfigAssistant.java:518)
at oracle.sysman.emcp.EMConfigAssistant.main(EMConfigAssistant.java:467)

after correcting this error I tried the create command again and was able to have emca make a connection to the database however the following problem was that some parts of the script where somehow already executed. This resulted in a error like the one below:



CONFIG: ORA-20001: SYSMAN already exists..
ORA-06512: at line 17

oracle.sysman.assistants.util.sqlEngine.SQLFatalErrorException: ORA-20001: SYSMAN already exists..
ORA-06512: at line 17

at oracle.sysman.assistants.util.sqlEngine.SQLEngine.executeImpl(SQLEngine.java:1500)
at oracle.sysman.assistants.util.sqlEngine.SQLEngine.executeScript(SQLEngine.java:874)
at oracle.sysman.assistants.util.sqlEngine.SQLPlusEngine.executeScript(SQLPlusEngine.java:270)
at oracle.sysman.assistants.util.sqlEngine.SQLPlusEngine.executeScript(SQLPlusEngine.java:311)
at oracle.sysman.emcp.EMReposConfig.createRepository(EMReposConfig.java:492)
at oracle.sysman.emcp.EMReposConfig.invoke(EMReposConfig.java:218)
at oracle.sysman.emcp.EMReposConfig.invoke(EMReposConfig.java:147)
at oracle.sysman.emcp.EMConfig.perform(EMConfig.java:221)
at oracle.sysman.emcp.EMConfigAssistant.invokeEMCA(EMConfigAssistant.java:534)
at oracle.sysman.emcp.EMConfigAssistant.performConfiguration(EMConfigAssistant.java:1214)
at oracle.sysman.emcp.EMConfigAssistant.statusMain(EMConfigAssistant.java:518)
at oracle.sysman.emcp.EMConfigAssistant.main(EMConfigAssistant.java:467)
Feb 7, 2009 7:03:07 PM oracle.sysman.emcp.EMReposConfig invoke
SEVERE: Error creating the repository
Feb 7, 2009 7:03:07 PM oracle.sysman.emcp.EMReposConfig invoke
INFO: Refer to the log file at /u01/app/oracle/cfgtoollogs/emca/JLO11G/emca_repos_create_.log for more details.
Feb 7, 2009 7:03:07 PM oracle.sysman.emcp.EMConfig perform
SEVERE: Error creating the repository
Refer to the log file at /u01/app/oracle/cfgtoollogs/emca/JLO11G/emca_2009_02_07_19_02_38.log for more details.
Feb 7, 2009 7:03:07 PM oracle.sysman.emcp.EMConfig perform
CONFIG: Stack Trace:
oracle.sysman.emcp.exception.EMConfigException: Error creating the repository
at oracle.sysman.emcp.EMReposConfig.invoke(EMReposConfig.java:230)
at oracle.sysman.emcp.EMReposConfig.invoke(EMReposConfig.java:147)
at oracle.sysman.emcp.EMConfig.perform(EMConfig.java:221)
at oracle.sysman.emcp.EMConfigAssistant.invokeEMCA(EMConfigAssistant.java:534)
at oracle.sysman.emcp.EMConfigAssistant.performConfiguration(EMConfigAssistant.java:1214)
at oracle.sysman.emcp.EMConfigAssistant.statusMain(EMConfigAssistant.java:518)
at oracle.sysman.emcp.EMConfigAssistant.main(EMConfigAssistant.java:467)

To get this corrected you can do a couple of things. You can drop the repository manually by executing a repository drop emca -deconfig dbcontrol db -repos drop and a create again with emca -config dbcontrol db -repos create. However the two commands can also be bundled in one by executing a recreate which will handle the dropping of the repository and creating it again. This can be done with emca -config dbcontrol db -repos recreate

oracle@orcl11gdb:/u01/app/oracle/product/11.1.0/db_1/bin$ emca -config dbcontrol db -repos recreate

STARTED EMCA at Feb 7, 2009 7:07:49 PM
EM Configuration Assistant, Version 11.1.0.5.0 Production
Copyright (c) 2003, 2005, Oracle. All rights reserved.

Enter the following information:
Database SID: JLO11G
Listener port number: 1521
Password for SYSMAN user: Email address for notifications (optional):
Outgoing Mail (SMTP) server for notifications (optional):
-----------------------------------------------------------------

You have specified the following settings

Database ORACLE_HOME ................ /u01/app/oracle/product/11.1.0/db_1

Local hostname ................ orcl11gdb
Listener port number ................ 1521
Database SID ................ JLO11G
Email address for notifications ...............
Outgoing Mail (SMTP) server for notifications ...............

-----------------------------------------------------------------
Do you wish to continue? [yes(Y)/no(N)]: Y
Feb 7, 2009 7:08:12 PM oracle.sysman.emcp.EMConfig perform
INFO: This operation is being logged at /u01/app/oracle/cfgtoollogs/emca/JLO11G/emca_2009_02_07_19_07_49.log.
Feb 7, 2009 7:08:14 PM oracle.sysman.emcp.EMReposConfig invoke
INFO: Dropping the EM repository (this may take a while) ...
Feb 7, 2009 7:11:53 PM oracle.sysman.emcp.EMReposConfig invoke
INFO: Repository successfully dropped
Feb 7, 2009 7:11:54 PM oracle.sysman.emcp.EMReposConfig createRepository
INFO: Creating the EM repository (this may take a while) ...
Feb 7, 2009 7:20:44 PM oracle.sysman.emcp.EMReposConfig invoke
INFO: Repository successfully created
Feb 7, 2009 7:20:52 PM oracle.sysman.emcp.EMReposConfig uploadConfigDataToRepository
INFO: Uploading configuration data to EM repository (this may take a while) ...
Feb 7, 2009 7:23:14 PM oracle.sysman.emcp.EMReposConfig invoke
INFO: Uploaded configuration data successfully
Feb 7, 2009 7:23:16 PM oracle.sysman.emcp.ParamsManager getLocalListener
WARNING: Error retrieving listener for orcl11gdb
Feb 7, 2009 7:23:24 PM oracle.sysman.emcp.util.DBControlUtil configureSoftwareLib
INFO: Software library configured successfully.
Feb 7, 2009 7:23:24 PM oracle.sysman.emcp.EMDBPostConfig configureSoftwareLibrary
INFO: Deploying Provisioning archives ...
Feb 7, 2009 7:23:47 PM oracle.sysman.emcp.EMDBPostConfig configureSoftwareLibrary
INFO: Provisioning archives deployed successfully.
Feb 7, 2009 7:23:47 PM oracle.sysman.emcp.util.DBControlUtil secureDBConsole
INFO: Securing Database Control (this may take a while) ...
Feb 7, 2009 7:24:23 PM oracle.sysman.emcp.util.DBControlUtil secureDBConsole
INFO: Database Control secured successfully.
Feb 7, 2009 7:24:23 PM oracle.sysman.emcp.util.DBControlUtil startOMS
INFO: Starting Database Control (this may take a while) ...
Feb 7, 2009 7:25:54 PM oracle.sysman.emcp.EMDBPostConfig performConfiguration
INFO: Database Control started successfully
Feb 7, 2009 7:25:55 PM oracle.sysman.emcp.EMDBPostConfig performConfiguration
INFO: >>>>>>>>>>> The Database Control URL is https://orcl11gdb:1158/em <<<<<<<<<<<
Feb 7, 2009 7:26:05 PM oracle.sysman.emcp.EMDBPostConfig invoke
WARNING:
************************ WARNING ************************

Management Repository has been placed in secure mode wherein Enterprise Manager data will be encrypted. The encryption key has been placed in the file: /u01/app/oracle/product/11.1.0/db_1/orcl11gdb_JLO11G/sysman/config/emkey.ora. Please ensure this file is backed up as the encrypted data will become unusable if this file is lost.

***********************************************************
Enterprise Manager configuration completed successfully
FINISHED EMCA at Feb 7, 2009 7:26:05 PM
oracle@orcl11gdb:/u01/app/oracle/product/11.1.0/db_1/bin$

now you should be able to get to the login page by opening the URL https://orcl11gdb:1158/em . If you are in need to stop or start OEM by hand you can make use of emctl start dbconsole to start it and to stop it you can make use of emctl stop dbconsole