After exhausting the official recommendations on tuning Nagios I begain searching for additional recommendations. I found several mailing list archives discussing the use of check_fping in place of check_ping (fping = fast ping). This sounded great since upwards of 30% of our 9000+ checks are ping. The net effect of one second faster per check is significant. Unfortunately, fping is only faster because its default behavior is to send 1 packet. For fping to remain comparable to our existing check it must send 3 packets. In my tests check_fping is actually slower then check_ping. # /usr/bin/time...

Last night at work our use of OMSA and Nagios paid off (it often does). Three crucial production servers showed up in monitoring with degraded RAID5 arrays. It appears all three servers had 1 out of 3 drives in state “foreign”! I was able to quickly log in and bring the foreign disks online. Without Nagios and OMSA we would have never known and the servers would have lived on with zero redundancy until their inevitable failure. Some people may not know about Open manage so I thought I would write a quick blurb.

Quick blurb on recovering a MySQL password. Up to 4.1 MySQL stored user passwords using a 16 byte hash created via the PASSWORD() function. Recovering a MySQL password is a matter of retrieving the password hash from the user table of the MySQL database and attempting to crack the hash. Most alph-num-special passwords < 9 chars can be cracked given enough time. One program that was designed as a proof of concept is available at sqlhack.com. Stop the MySql server: /etc/init.d/mysqld stop or killall mysqld Start MySQL without the privilege system: mysqld_safe --skip-grant-tables & Login as...

When performing an install I usually create several partitions in order to take advantage of additional mount options (noexec,nosuid,etc). The partitions I create usually include the following: / /var /usr /tmp /home /boot While working in the hosting industry I have investigated countless hacked systems. Exploits often get placed under /home/user where user is whatever user was exploited – or they get placed in /tmp. Having /home and /tmp mounted noexec, nosuid might have kept the exploits from running. The most common argument against multiple partitions is that you never know how to properly...

Tripwire Tutorial & A Personal Reference A tutorial on installing and configuring Tripwire on a Redhat based system. I made this tutorial as a reference for the next time I install Tripwire. I will have undoubtedly forgotten the specifics by then.

I haven’t seen this good of a movie in a while. Great acting by Chiwetel Ejiofor. Well done sir, well done.

When considering the possiblity of packet sniffing, the ubiquitous use of Layer 2 switches is nothing more than a low hurdle. GUI based tools like Cain & Abel (Windows) as well as traditional tools like Dsniff and Ettercap make the threat of packet sniffing through ARP Poisoning very real. A simple solution is to create static ARP entries for the hosts you communicate with. Here’s how on linux