Miscellaneous Stuff I haven't got a category for, but need to jot down so I can write up on it.
Actually, these are things of general interest to myself, and have learned about while watching the misc@ mailing list. I'm jotting down those things that I think I will eventually look at so as to have a centralised placed to look for them (in a compacted fashion.)
Most of this information has been derived from misc@openbsd.org and other mailing lists.
These are but some of the tools that I've come across as being discussed and potentially of need of some documentation.
Bandwidth management is everyone's concern, even the large corporate with plenty of money to burn. The first good news is that OpenBSD 3.3 integrates the queue management system ALTQ into the base install. You get a secure OS with bandwidth limiting facilities, just coool. To learn more about it, follow the PF FAQ information on http://www.openbsd.org and subscribe to the pf mailing list.
The following tools have been mentioned on various discussions as valuable tools (to some) for managing their bandwidth utilisation by clients.
http://www.csl.sony.co.jp/person/kjc/programs.html
AltQ (Alternate Queueing) seems to be the most mentioned tool.
AltQ became part of the post 3.0 source tree and is likely to gain more documentation.
http://citeseer.nj.nec.com/cho99managing.html
http://www.csl.sony.co.jp/~kjc/software.html
http://www.csl.sony.co.jp/person/kjc/kjc/software/TIPS.txt
http://www.muine.org/~hoang/openpf.html#qos
[OpenBSD 3.x man pages]
/usr/share/altq - examples
According to the squid mailing lists, the delay pools are good for time periods such as an hour, but not optimal for people who wish to configure the bandwidth constraints over longer periods such as per day or per week.
The next level of security, apart from the Network OS, is to secure malicious communications or resource transfers. The following Anti-Virus products have variants that are either Native under the BSDs or can be executed in the Linux compability layer. Be warned that some have reported installation problems with the way some of the anti-virus programs install themselves.
It is also recommended that you browse the mailing list archives for MTA's such as exim and postfix who are bound to have various discussions relating to anti-virus software.
Our first anti-virus installation is successfully using RAV Antivirus, largely because it has native OpenBSD support. You have to license the product but we have been satisfied with its current performance. It works as a mail filter and the executables also function as scanners on standard files.
Network Associates WebShield:
http://www.mcafeeb2b.com/products/internet-gateway-protection.asp
{Solaris Sparc}
H+BEDV AntiVir/X: http://www.hbedv.com/produkte/products.htm {Linux, FreeBSD}
Sophos Sweep: http://www.sophos.com/products/antivirus/savunix.html {Linux, FreeBSD}
Trend Micro InterScan VirusWall: http://www.antivirus.com/products/internet_gateway.htm {Linux, Solaris}
CAI InoculateIT: http://www3.ca.com/Solutions/ProductFamily.asp?ID=128 {Linux}
F-Secure A-V: http://www.eu.f-secure.com/products/anti-virus/ {Linux}
Karspersky http://www.kasperskylabs.com/ {Linux, FreeBSD, BSDi}
RAV Antivirus: http://www.rav.ro {OpenBSD, FreeBSD, Qmail, Sendmail, Postfix and Communigate PRO}
Some of the above antivirus server solutions also filter ftp, http, and mail. Below are some programs for use with mail servers to filter mail.
Additional option in the program to configure groups with differing attachment privileges (eg. restrict, or remove attachments for certain groups.)
Amavis: http://www.amavis.org {Linux, *BSD, Solaris} A Mail Virus Scanner.
Inflex: http://www.inflex.co.za/
Q-Mail Scanner: http://qmail-scanner.sourceforge.net/ QMail
A good site for references to Anti-Virus providers is the Virus Bulletin Site which evaluates anti-virus software packages. You can also check out the documentation for amavis.
Virus Bulletin: http://www.virusbtn.com
Open Antivirus: http://www.openantivirus.org/av-unix_e.txt
[note: Last review of information from above websites 2001.11.02]
For some service providers it may be important to keep track of actual external traffic generated by users. The following tools have been discussed as relevant for this type of auditing, monitoring task.
mrtg, cricket (in ports)
IP Meter http://www.ipmeter.com
IP Audit http://ipaudit.sourceforge.net/
Drive mirroring is useful when you want the ability to dump an active/functional system onto another disk, such that you can quickly recreate the exact same system onto the same machine or on to similar other systems.
We have been effectively using Norton Ghost for our Windows platforms and it was interesting to note mail discussions on other solutions, including open source.
A fault with using Norton Ghost for imaging OpenBSD is that NG does not recognise the FFS, or UFS file system. This does not have an effect on NG being able to image and recreate OpenBSD partitions, but it does significantly increase the image size as NG cannot use any significant compression algorithms.
One significant advantage of NG for Windows is NG can resize the image partition to fit within changes in the disk sizes targetted for the image. In this way, you can use the same image on multiple size drives, so long as the contents in the image can fit on the target drives.
g4u (ghost for unix) http://rfhs8012.fh-regensburg.de/~feyrer/g4u
is based on NetBSD (?)
Other recommendations is to script dumps (dd) of the hard-drive to an ftp server
There are of course further reference information in the FAQ on duplicating file systems. Likewise Ben Goren has further information on his site: http://openbsd.trumpetpower.com/faq/faq10.html#DupFS
Steve DeRose's guide to CAT5 computer network wiring http://www.derose.net/steve/guides/wiring/
Why mention this ? Because I've been hit often enough with problems in cabling, it's bad enough when its my own fault for messing my home network cabling.
I've even gone to sites that were supposedly professionally cabled and it didn't take long to figure that their network problem was related to not being in spec.
I used to blame the drivers or OS when I had network faults, especially "time-outs" on the network cards. Now, I make sure I include checking the cabling as an early part of the diagnosis process.
Copyright (c) 2000/1/2 Samiuela LV Taufa. All Rights Reserved.
I reserve the right to be totally incorrect even at the best advice of betters. In other words, I'm probably wrong in enough places for you to call me an idiot, but don't 'cause you'll hurt my sensibilities, just tell me where I went wrong and I'll try again.
You are permitted and encouraged to use this guide for fun or for profit as you see fit. If you republish this work in what-ever form, it would be nice (though not enforceable) to be credited.
|
Miscellanea - Just some interesting stuff |
Copyright © 2000/1/2 NoMoa.COM All rights reserved.