Linux Patch Management for Automate, formerly LabTech

In most MSPs, Linux is a small if any footprint in their overall service offerings and this is reflected in the support given to these systems within the RMM tools they use.  MSPs often pass on managing Linux agents as the RMM tool they have available to them does not lend itself to managing Linux patching and updates.

Demand drives the development of the tools we use and we all know that Windows OS reigns supreme in the managed businesses realm. With MSPs looking to save every dollar where they can, they are not hiring techs to man the helpdesk that are Linux hardened vets. If they are lucky to have 1 guy that knows his way around BASH, he tends to be closer to management. They also most often overlook these systems in any maintenance plans the RMM tool is providing. This tends to leave Linux systems that are widely considered the workhorses of the Internet grossly under patched and vulnerable to exploits.

Like any MSP we had similar issues with maintenance plans as techs came and left taking skill sets with them. It was hard to keep up with managing maintenance when the previous engineer was very Linux savvy and the incoming engineer is not. Where do they pick up and go with patch management of these systems?

In comes a patch manager for Linux that plugs into LabTech, Linux Update Manager.

Plugins4LabTech decided to jump in and help give MSPs the ability to have a standard method and interface inside LabTech that they could use to determine what systems they have. MSPs can know what updates are available for each system and the ability to automate the installs of patches and updates. MSPs can determine if they have systems that have pending updates or pending reboots due to updates.  See what update versions of packages are available and the ability to manually run updates or update a single package.  The first release has basic automation controls for unassisted updating but the P4L team assures us there is several big expansions they want to add to the plugin to include detailed scheduling of updates, ticketing and alerting.

What to try the new Linux Update Manager plugin for free, or visit http://www.plugins4labtech.com

How-to : Setup GoDaddy SSL on Tomcat using a Public Certificate

Hello again,

Today I will be walking you through the process of setting up your Tomcat installation to use a public SSL certificate. I will be using examples from my Ubuntu 11 box but this will work with any linux based Tomcat install.  We should have you up and running in just a few minutes, here is what we are going to be doing.

  • ·     Enable and initialize an empty keystore
  • ·     Generate a certificate signing request (CSR)
  • ·     Add a root certificate authority (CA) to your keystore
  • ·     Import the generated certificate for use in Tomcat

To create and configure a public certificate for your Tomcat installation:

 

  1. Open a SSH Terminal to the server.
  2. In Terminal, navigate to the Tomcat directory by typing the following command:

    cd /var/lib/tomcat/

  3.  Type the following command to generate the keystore:

    sudo keytool -genkey -alias Tomcat -keysize 2048 -keyalg RSA –keystore /var/lib/tomcat/.mykeystore

  4. Fill in the appropriate information when prompted. Type a new keystore password and when the prompt asks for a first and last name, it is requesting the Fully Qualified Domain Name (FDQN). All other information is not as important as the first and last name as this will define the URL the SSL is good for.
  5. Let’s now generate a certificate signing request by typing the following command:

    sudo keytool -certreq -alias tomcat -keystore /var/lib/tomcat/.mykeystore -file godaddy-ssl-cert.req

  6. Copy the entire text from the .req file and paste it in the Cert request window for GoDaddy SSL request form on the Godaddy.com website. Once approved GoDaddy will provide a download zip file that includes your new SSL certificate and the GoDaddy RootCA cert. We will be installing both certs in to the keystore. You will need to copy these certificates up to your Ubuntu (Linux) system.
  7. Import the CA’s root certificate using the following command: (Replace the file location with the location you placed your new certificates from GoDaddy)

    sudo keytool -import -trustcacerts -alias rootCA –file /home/myuser/gd_bundle.crt -keystore /var/lib/tomcat/.mykeystore

  8.  Import your certificate signed by GoDaddy by typing the following command: (Replace myFQDN.crt with the file name and location of the new GoDaddy certificate)

    sudo keytool -import -alias tomcat -keystore /var/lib/tomcat/.mykeystore -trustcacerts -file /home/myuser/myFQDN.crt

  9. Lastly we will  edit the /var/lib/tomcat/conf/server.xml file. Point the “keystoreFile” attribute to the location of the keystore, and include the “keystorePass” containing the password to your keystore.This is the part of the file that you should modify:  <Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”              
                   maxThreads=”150″ scheme=”https” secure=”true”
                  
                  
    clientAuth=”false” sslProtocol=”TLS”             
                   keystoreFile=”/var/lib/tomcat/.mykeystor
             
                   keystorePass=”your keystore password” />

 

The instructions below can be followed to update a certificate, assuming you will be using the same keystore.

How-To clear the Tomcat alias:

 

1.   Open a SSH terminal session to Ubuntu.

2.   Create a backup of the previous alias by typing the following command:

    sudo keytool -export -alias Tomcat -keystore /var/lib/tomcat/.mykeystore -file MyBackup.cer

3.    After a successful backup, type the following command to clear out the Tomcat alias:

    sudo keytool -delete -alias Tomcat -keystore /var/lib/tomcat/.mykeystore


You should now be able to run the commands to create and import a new certificate.


I hope this makes quick work for somone out there..

Enjoy

Cubert 


How-to: Setup Ubuntu and PHP to use MSSQL Microsoft SQL Server

It is easier to get PHP on Ubuntu to connect to MSSQL than it is to get PHP on Windows.

 

I would not normally believe such a thing until I tried to setup a pre-existing install of PHP on Windows missing any MSSQL extensions. Looking through Google to find information was less than quick and I found myself wanting to go back to my old faithful Ubuntu server, but how?

Here are my 10 quick steps to get PHP seeing MSSQL:

There are some basic software we will need to grab using apt-get, then we will install them and modify the php.ini file to update the new extension. I will go over the process below on how to install and in what order but before we do that I will give you a brief description of what we are doing.

We will need to get the source for PHP, we will also need the PHP Development packages. We will be installing FreeTDS and then editing our php.ini file. Lastly restarting Apache to complete the process.

For the rest of this we will assume you have ( sudo su -) so you do not need to sudo each cmd, but if not then add sudo where it applies. We are also assuming you already have a working php system and only need to add MSSQL functionality.

  1. apt-get source php5 – This will install the PHP source in the the current directory that you are in.
  2. cd php5-5.3.2/ext/mssql – This will place you in the PHP source directory for MSSQL. You may need to edit the directory path as 5.3.2 was the version as of this document and may not be the same version you are installing.
  3. apt-get install freetds-dev – This installs the extra libraries we will need for MSSQL
  4. apt-get install php5-dev – This installs the application (phpize) which we will use next to help build the MSSQL extension.
  5. phpize  – Run this while inside the (/ext/mssql ) directory
  6. ./configure –with-mssql – This creates the MakeFile we will need to build the extension from source.
  7. make – This cmd builds the extension.
  8. cd modules – move in to the module directory.
  9. cp mssql.so /usr/lib/php5/20090626   – Here you will need to pay close attention to the last directory here. This will very based on your version so change the numbers to fit what you have in your (/usr/lib/php5) directory.
  10. vi /etc/php5/apache2/php.ini – We want to go down to where you will find (Dynamic Extensions) and add on a new line the following -> extension = mssql.so then save and close the vi session ( Esc : wq)

You are all done, just restart Apache and test your mssql_connect

Restart Apache:

/etc/init.d/apache2 restart

Enjoy

Cubert