Articles - this section includes all my articles' writings starting from 1998 till present, the section includes articles about Open Source, Cyber Security, Business, Technical, Courses and Certifications :)

I have thousands of text files that include everything I learnt. I usually write down all the stuff that I do, starting from a small tip, specific experience, fast study till my professional work experiences and learnings and I am sharing all that articles here, I hope that stuff be useful to other people instead of just locking them in my desk.

Your can contribute to this section and your contribution is highly welcomed and appreciated. Just pick a topic, write it in the preferred way, send it and let's share it under your name. Although all my writings in this section are in English but I am going to add Arabic content to enrich the Arabic content on the internet when it comes to Cyber Security, so no specific language for this section, you can write in العربية, English, Frankoarab or/and any MIX of them. simply write in the language you prefer and express your/my writings in the best way.

All content in this section published under Creative Commons License, the main categories in this section as the following, please click on category link below to list all articles in specific category or use the side/main menu to navigate as well.

A step by step how to to install ZENworks v7 backend services on Open Enterprise Server and can be used for SUSE Linux too.

1- Pre-Installation Tasks

• HW: 290 M on HD for 100-500 Users with 512 RAM (1 G Ram for 200 Users.
• SW Requirements: 
  • eDirectory v8.7.3 and LDAP Configured and running.
  • Statis IP configuration and Samba updated to v3.0.9-2.6
• ConsoleOne installed with ZENworks Snap-in.
• Quit Sybase DB if it's installed and running on the server.
• Administrative Workstation (Windows) -- Optional
  • Win2000Pro-SP4, WINXP-SP1, Win2000Server-SP4, Win3002.
  • Novell Client v4.9 SP1a or later installed.

2- Determine the required services to install from ZENworks Backend Services.

3- Install ZENworks v7 Desktop Management

• Login as root, insert and mount ZEnworks v7 DM Linux CD.
• Change directory to CD mounted directory and execute ./setup script.
• Press 3 Enter(s) for Introduction, Prequisties Info and License Agreement.
• Choose the Install set: Enter 2 to install ZENworks Desktop Management.
  • Note: we can select 1 to install all features on the same server.
• Enter TREE information: ValueSYS and provide administrative account.
  • Administrative User: admin,valuesys (Notice Comma) and enter password
• Enter License Code or Press enter to use evulation for 90 days.
• Press (Y) for Installation of Inventory Standalone Server.
• Inventory Standalone Configuration: Enter (Y) to create Server Package and Database Location Policy Objects with Server Package.
• Inventory Proxy Configuration: Press Enter to accept default proxy port.
• SSL Configuration: Enter (Y) to enable secure LDAP between Inventory and eDir.
• NETBIOS Configuration appears if Netbios entry is not specified in smb.conf (Accept Default or enter Unique Netbios name)
• Review Summery and press Enter to start Installation.
• Skip Readme file by entering (2) to reach Installation Complete Page.
  • Check displayed log file for errors.
  • proxydhcp service is not started by default (if you need it start using rcproxydhcp start)
• Press Enter to exit Installation.

4- Post-Installation Tasks

• Ensure eDirectory Schema extended: ConsoleOne - Tools - schema Manager - check for (zenlocZFD7Installed).
• Create Search Policy to reduce Tree Walking. (Check Policies)
• Modify DHCP settings (if needed) to specify that Middle tier is DHCP and DHCP Proxy by adding host entry for it.

5- Verify ZENworks v7 DM is Installed

• Check Daemons: novell-zdm-awsi, novell-proxydhcp, novell-tftp .. etc in /etc/ini.d/
• Check ZEN Files: under /opt/novell/zenworks/*

6- Proxydhcp Service configuration

• Disable or Ignore Local DHCP service through /etc/opt/novell/novell-proxydhcp.conf
  • LocalDHCPFlag = 1    (Change this entry from 0 to 1)
• Start the service and activate it across reboots
  • service novell-proxydhcp start; chkconfig novell-proxydhcp on

ZENworks v7 Middle Tier Installation

1- Preinstallaion Requirements

• Apache2 on Linux or ISS on Windows
• Enable Clear Text Password through LDAP in eDirectory or export SSL certificate and associate it with installation.
  • iManager - eDirectory Administration - Modify Object - Select LDAP Group Object
  • Deselect (Require TLS for Simple Binds with Password).
• Extend eDirectory Schema Extensions (From Windows Administrative Workstation)
  • Insert ZENworks v7 Desktop Management CD - when autorun select Desktop Management
  • Select English Language - Schema Extension and Product Licensing
  • Accept License Agreement then NEXT to continue
  • Select TREE: VALUESYS and Ensure Extend Schema Option is selected - YES - Finsih.
• Create Middle Tier Proxy Account has read right for CN attribute and write right to zendmWSNetworkAddress on Users Context.
  • ConsoleOne on Administrative Workstation - Create New User under ZEN.Valuesys container
• Username: ZDMMidTierUser - Surname: ZENworks - Password: novell
  • Edit Rights for ZDMMidTierUser as follows:
• Add this user trustee to ValueSYS organization.
• Delete [All Attribute Rights] using Delete Property
• Select [Entry rights] and select Supervisor and Inheritable rights.
• Click ADD PROPERTY and select Show All Properities checkbox and add (CN, zendmWSNetworkAddress)
• Ensure both previous rights has Write and Inheritable rights - Ok twice.
• Make aaziem trustee of ZDMMidTierUser
• Add Property - Select Equivalent to Me - Select Write, Read and Compare rights
• Now aaziem capable of administrating ZENworks MiddleTier Server.   

2- ZENworks Middle Tier Installation

• Ensure The eDirectory server is restarted after extending the schema.
• Login as root, insert and mount ZEnworks v7 DM Linux CD.
• change directory to CD mounted directory and execute ./setup script.
• Press 3 Enter(s) for Introduction, Prequisties Info and License Agreement.
• Choose the Install set: Enter 3 to install ZENworks Middle Tier Server.
  • Note: we can select 1 to install all features on the same server.
• Enter eDirectory Server IP Address: 192.168.10.254 then Enter to continue.
• Proxy User: admin.valuesys or ZDMMidTierUser.ZEN.ValueSYS and password then Enter to continue.
• Users Context: valuesys then Enter to continue
• Review Summery and press Enter to start Installation.
• Skip Readme file by entering (2) to reach Installation Complete Page.
  • Check displayed log file for errors.
• Press Enter to exit Installation.

3- Verify ZENworks Middle Tier Installation

• Launch: http://oes-sp1.valuesys.com/oneNet/xtier-stats for MiddleTier status.
• Launch: http://oes-sp1.valuesys.com/oneNet/xtier-login for Login using aaziem.
• Launch: http://oes-sp1.valuesys.com/oneNet/wsimport
• Launch: http://oes-sp1.valuesys.com/oneNet/zen

ZENworks Desktop Management Agent Installation on Workstations

1- Preinstallation Requirements

• Win2000Pro-SP4, WinXP-SP1 and Win98SE.
• Workstations' NIC PXE enabled if Preboot Services are used.
• MSI v2.0 and optional Novell Client v4.9SP1.

2- Manual Installation

Insert ZENworks Desktop Management CD - English - Desktop Management Agents

• Next and Agree to License Agreement - Select the required components (all)
• Enter IP Address of Middle Tier Server: 192.168.10.254 - Next
• Check both Display ZENworks Middle Tier Authentication Dialog and Allow Users to Change MT address - Next
• Startup Options: Select Application Explorer or Application Windows at startup. - Next
• If needed: Select Limit Application Launcher to One Tree Only and specify the Tree - Install - Finish.

3- Verify Installation

• Check Add/Remove Programs and Check Services in Control Panel for WS Manager, NAL and RM.

A fast look with some information and tips about SELinux "Security Enhanced Linux of NSA" and Novell's Open Source "AppArmor" - the future of the Linux firewalls in most of the linux distributions. the below include a briefed comparison between the two open source firewalls.

NSA's Open Source "Security Enhanced Linux"

• SELinux consider the future of the Linux OS but it's very complex and suffer lack of documentation.
• It's reommended to not use X on SELinux working Servers. (Problems with granted access control in X server)
• Security Policies are difficult to be created from scratch, Use the security policy come with the distributor.
• Has bigger performance impact than AppArmor (nearly 7 Percentage) Of perf.
• Both SELinux and AppArmor utilize the Linux Security Modules (LSM) framework,which provides security hooks for operational control of certain Linux kernel objects.
• SELinux is based on Flask Security Architecture.
• Processes are represented as domains, and objects represented as Types.
• SELinux Control processes interactions (Domain to domain)
• SELinux Control access to objects (domain to type)
• SELinux Control any entry to the domain.
• SELinux has tools such as SETools and Slat for Policy Analysis, Audit Analysis, and User management.

Novell's AppArmor:

• Original developed by ImmUnix Company. (Linux Security Company)
• Provides a policy-based approach for application-behavior enforcement.
• Automatically generating security policies through YaST.
• Pre-built security profiles for commonly used applications, such as OpenSSH, DHCP, Samba, Sendmail and MySQL.
• AppArmor has less impact on overall system performance than RedHat's SELinux ( 0 to 2 Percentage of Performance)
• Easier to develop and maintain than SELinux.
• AppArmor allow user to create a profile (Policy) to describe which files any application can use.
• AppArmor defined profile for application specifies program capabilities (POSIX.1e) and set of files the program can access.
• Both SELinux and AppArmor utilize the Linux Security Modules (LSM) framework,which provides security hooks for operational control of certain Linux kernel objects.
• AppArmor comes with System analyzer called UNCONFINED (Scan open ports, listening programs, programs' related profiles
• AppArmor comes with pre-built profiles for network input data such as docs from mails, or ssh clients.
• AppArmor comes with pre-build profiles for local input devices such as keyboard, mouse, card reader .. etc
• AppArmor includes a Log Analyzing program that help user to create program profile in "Learning Mode".
• AppArmor Learning Mode allow to build the application profile by
• Running the application and observing what it does and produce the output to log file.
• Log Analysis Program scans the log file and prompt the user with questions.
• Upon questions, automatically create the program's profile.
• Learning Mode and Log Analyzer can be incrementally improved.
• Ability to use Application profile for forked child processes of application or create its own profiles or leave it unprofiled.
• Ability to monitored the profiled applications through severity level of events notifications, Reports, Application Audit Reports and ability to create on demand report.
• Ability to backup built-in and defined security profiles.
• AppArmor can monitor and profile sub-applications of parent application such as Web Application from Apache by making the application "ChangeHat Aware", so any changes in Apache by adding application will be profiled automatically.

This article summarizes the fundamentals of LUM - Linux User Management of OES Server - Open Enterprise Server and how to implement it, this is applicable to other Linux Distributions as well.

Fundementals

• Some Services on Linux require eDirectory users to be Linux Local users to get use of it, such as Novell Samba, ftp, rsh, login and Novell Remote Manager.
• Linux Users and groups are managed through POSIX standard Accounts.
• Users and Groups are managed through eDirectory Accounts.
• LUM enables eDirectory Accounts to be POSIX accounts to enable eDirectory Users access to Linux Server.
• POSIX Accounts has standard attributes (username, password, uid, gid, Homedirectory, shell, comment)
• When Users become LUM enabled, PAM make it possible for eDir Users to authenticate to OES Server using LDAP.
• Services like NCP Server, NSS, iFolder, and other Web Services doesn't require eDir users to be LUM enabled, but have some LUM Requirements.
• If NCP Volumes point to other partitions than NSS, the user should be LUM enabled to access all features.
• NSS: If protocols other than NCP access NSS, then eDirectory users should be LUM Enabled.
• QuickFinder, iFolder, Web Services: These services configured to run as POSIX Accounts, If Services run on NSS volumes all users should be LUM Enabled.
• Each LUM Enabled user should be associated with a LUM enabled Group. (eDir admin is enabled by default)

Implementation

• Decide which users will be LUM enabled based on access services through users.
• Installing all OES servers in the tree prior enabling Users for LUM on Multiple Servers.
• LUM enabled group associated to the UNIX Config object or individual UNIX Workstation object, must be created before enable users for LUM.
• LUM enabled group should be associated to UNIX Config object in case of enabled LUM users on multiple OES Servers.
• Created LUM Enabled users can be Samba enabled during the creation.
• iManager should be used for password changes for users.

1) Create LUM Enabled Group 

• Create new group - iManager - LUM Category - Enable Group for LUM
• Associate the group to UNIX Workstation if users will be LUM enabled on this server only or to UNIX Config object if users are enabled on multiple servers.
• we can enter multiple UNIX workstation objects for the group, so that, users will be enabled on specific servers.

2) Create Users

• Create new user - iManager - LUM Category - Enable User for LUM.
• Enable User for Samba if required.

Cheers,

Ashraf Abdelazim 

A fast break into MySQL open source database that gives fast look for the syntax, example and administration interface. 


Core Commands for MySQL:

>> Go to MySQL Path in our PC and execute the following commands:

MySQL                                                   // connect to MySQL Server and make the cursor mysql>
Show databases;                                  // show all databases in our server.
Use (DB);    ex: Show mysql;                // will change to mysql database.
Show Tables from MYSQL;                  // Show tables from specific mysql database
Show columns from USER;                   // Show records in User table in mysql DB.
select * from USER;                               // Show all information from the user table.
select USER,Password from USER;      // Show user and password columns.
Select USER,PASSWORD from USER where user='root';
                                                               // Show only users that exist with user name called ROOT.


Commands Related with Databases and Tables:

>> Create Database with name Mydb. so in DOS under MySQL\bin

Create DATABASE nameofdatabase;      // create nameofdatabase DB.
DROP DATBASE nameofdatabase;          // delete the name of database DB.
Create Table TableName ( Attributes );    // Create table with attributes in DB
DROP Table Tablename;                           // Drop table from the database.   
Insert into Tablename (no,name,gride) value (1,'Hayba',95);


Example

>> To Create Tables, Specify their attributes and Insert data through dump file.

    mysqladmin -u root create Mydb

1) Will create file called File.dump as most of php scripts do.
2) Put the SQL Command without enter key such as:

CREATE TABLE employees (  id tinyint(4) DEFAULT '0' NOT NULL AUTO_INCREMENT,  first varchar(20),  last varchar(20),  address varchar(255),  position varchar(50),  PRIMARY KEY (id),  UNIQUE id (id));
INSERT INTO employees VALUES (1,'Bob','Smith','128 Here St, Cityname','Marketing Manager');
INSERT INTO employees VALUES (2,'John','Roberts','45 There St , Townville','Telephonist');
INSERT INTO employees VALUES (3,'Brad','Johnson','1/34 Nowhere Blvd, Snowston','Doorman');

3) then use the comming command to import the data from the dump file.

     mysql -u root mydb < file.dump


- Another Example:

CREATE TABLE user ( ID INT PRIMARY KEY AUTO_INCREMENT, userid VARCHAR(100) UNIQUE NOT NULL, password VARCHAR(50) NOT NULL, confirmpassword VARCHAR(50) NOT NULL, firstname VARCHAR(50) NOT NULL, lastname VARCHAR(50) NOT NULL, email VARCHAR(100) NOT NULL, address VARCHAR(255) NOT NULL, city VARCHAR(50) NOT NULL, zip INT(15), country VARCHAR(50) NOT NULL, notes TEXT);


>> PHPMyAdmin Configuration

1- Unzip and copy the folder to the htdocs in apache server.
2- modify config.inc.php if you want to change host or user or password.
3- fire the browser with http://localhost/<pHpmyadminfolder>/index.php

This category "Open Source and Linux", includes a lot of articles about FOSS, OSS, FLOSS, LAMP and maybe any open source related software. I am a RHCE (RedHat Certified Engineer) ,NCLE/NCLP (Novell Certified Linux Engineer/Professional) and these certifications are the highest ones in Open Source and Linux world. As a result, the articles in this category is highly related to my professional work as Technical Engineer and I used to use them as a guidelines during my professional technical services to enterprise customers.