Pages

Tuesday, 27 September 2016

OTRS Upgrade Notes



First things first, we need to download the latest and that’s usually from the public FTP site on OTRS’ site. Here is a good place to start: https://www.otrs.com/download-open-source-help-desk-software-otrs-free/ I always grab the source .tar.gz file and usually with this command:

# wget -c http://ftp.otrs.org/pub/otrs/otrs-5.0.13.tar.gz (for the latest one anyway – which at time of writing I 5.0.13)

The upgrade direction is here: http://otrs.github.io/doc/manual/admin/5.0/en/html/upgrading.html and I want this to be my summarized version of this for ease of use both for myself and for you, gentle reader.

I have a script that starts off the upgrade process with some of the basic stuff (note – run this as root):


#!/bin/bash
service cron stop
service apache2 stop
service postfix stop
NOW=`date +%F`
mkdir /root/backup/$NOW
BDIR=/root/backup/$NOW
cp -R /opt/otrs/Kernel/Config.pm $BDIR
cp -R /opt/otrs/Kernel/Config/GenericAgent.pm $BDIR
cp -R /opt/otrs/Kernel/Config/Files/ZZZAuto.pm $BDIR
cp -R /opt/otrs/var/ $BDIR
/opt/otrs/scripts/backup.pl -d $BDIR


Now what this does is to stop the services in Step 1 of the upgrade documentation.
Then we set the “date” variable and create a backup folder for it and instantiate a variable to make the script shorter – the “BDIR” variable.
Now I simply step through the guide and backup what I need to in Step 2 and then run a full backup into the backup directory with the backup.pl -d $BDIR command.
Now it’s time for the command line work to begin. I typically download the source file into an OTRS folder in my root home directory (yes I do this all as root) so I will run:

# tar -zxf otrs-5.0.13.tar.gz

Once the tarball is extracted I copy the resultant directory to the /opt/ folder:

# cp -R otrs-5.0.13 /opt/

In the directory are all the other OTRS installs I’ve done but haven’t cleaned up. An ls of the /opt/ directory usually looks like this:

root@otrs:/opt# ls
otrs        otrs-4.0.11  otrs-5.0.1   otrs-5.0.13
otrs-4.0.1  otrs-4.0.7   otrs-5.0.10  otrs-5.0.5
root@otrs:/opt#


The bolded otrs is a logical link. I delete that:

# rm otrs

And create a new one:

# ln -s /opt/otrs-5.0.13 otrs

We need to copy stuff back now and I have a bit of a script that will do it:

#!/bin/bash
BDIR=/root/backup/`date +%F`
cp -R $BDIR/Config.pm /opt/otrs/Kernel/
cp -R $BDIR/ZZZAuto.pm /opt/otrs/Kernel/Config/Files/


It copies back the files we need to and moves us through Step 4.
Now to set permissions on the new OTRS directory:

# /opt/otrs/bin/otrs.SetPermissions.pl –web-group=www-data (for Ubuntu)

And this sorts out the permissions. I also find it very useful to change the ownership of files at a more macro level too, so I will also run:

# chown -R otrs:www-data /opt/otrs*
# chmod -R g+w /opt/otrs*

This has solved some issues in the past and seems like a handy thing to do.
Step 4 is finished and Step 5 has us checking Perl modules out:

# /opt/otrs/bin/otrs.CheckModules.pl

We can skip to Step 7 now and we have to change to the OTRS user:

# su otrs

As OTRS, Step 7 gets us to refresh the config cache and then delete the other caches:

$ /opt/otrs/bin/otrs.Console.pl Maint::Config::Rebuild
$ /opt/otrs/bin/otrs.Console.pl Maint::Cache::Delete

Annoyingly we have to change back to root and restart services. I just CTRL-D out of otrs and then run:

# services apache2 start
# services cron start
# services postfix start

And then su back to OTRS

# su otrs
$

Step 12 – restart the OTRS Daemon (as otrs – don’t forget!)

$ /opt/otrs/bin/otrs.Daemon.pl start

And then Step 13 which updates cron for the OTRS user:

$ cd /opt/otrs/var/cron
$ for foo in *.dist; do cp $foo `basename $foo .dist`; done
$ /opt/otrs/bin/Cron.sh start

And that’s it for the command line stuff.

Log into the website and go to Admin and then Package Manager. I usually find that at least three packages need to be either re-installed or updated. While these are not right, the website will run terribly slowly. Fixing the problem here will give you back some performance and set it on the right track.

That’s pretty much it. Done!

Tuesday, 9 August 2016

Guidelines on purchasing a new laptop

Recently a friend asked me for advice on purchasing a new laptop. Here is the bulk of the email I sent him - perhaps you'll find it useful as you search for a new computer:

There is a lot of stuff on the market and here are some basic, ground rules for what you need to think about when your purchasing:
  • set a budget figure for the new machine and stick to it. I usually drop at least $200 below my actual budget so I can include a new laptop bag or some sort of accessory (I love gadgets!)
  • Decide how big you want the laptop to be - i.e. are you travelling? If so, then a 17" notebook is going to be very heavy and cumbersome and you'll hate dragging it through the airport all the time. Are you doing complex work with a lot of information on it? If son, then an 11" notebook will probably be too small. Usually I suggest an 13" or if you are doing a lot of complex work, then a 15" is probably acceptable - although these can be heavy
  • Are you more comfortable with Mac OS X or a Windows based operating system - this step can easily eliminate a large number of machines
  • Extra warranty can be handy - see if you can get 3 years worth of it as this is the usual lifespan of a notebook before it needs a refresh or you've broken it. 
  • How much data will the laptop hold? How much does your current one hold? Are you going to be saving all your photos and videos to it?
A few notes on specifications and what they mean:
  • SSD - solid stat disk: These replaced the old mechanical hard drives in many notebooks. They are faster, have no moving parts so don't get damaged if you drop the laptop inadvertently. Downside is - they are smaller and more expensive :(
  • RAM - system memory: more is better but 4GB of RAM is typically enough for most day to day computing activities. If you're a gamer, get more.
  • Core i3, i5 and i7: these refer to the processor and it's type. i3 is aimed at general day to day work, i5 for harder work and maybe a bit of gaming and i7 for high end work and gaming. I prefer i3's for general office type work and find them to be fast enough for anything in a normal office environment, including most finance packages. For my general work in IT I have i5's everywhere - a solid compromise between cost and power without huge amounts of heat generation. And for my gaming rig, and my high end workstation running multiple virtual machines and doing heavy lifting (in a geeky way) I've got the big i7 on my desk. It takes a heap of power and was quite expensive.
A few notes on differences between Mac and PC
  • The Apple (Mac) environment is all locked up and proprietary. This is good and bad. Good because 99% of the time the software just works and the upgrade to new operating systems (like El Capitan) is free. Generally the upgrade is also pain free and just works. The bad news is, you're locked into the Apple way of doing things on your computer. There are ways to get around this - using Parallels or another virtualisation platform to run Windows and associated software, but this can be expensive in terms of cost for software (Parallels plus a Windows Licence) and expensive in terms of hardware utilisation. Generally though, the Macs on the market at the moment can well and truly handle it. The Mac will run Microsoft Office, or Apple have their own software - Pages / Numbers / Keynote.
  • PCs typically will run Microsoft Windows and at the moment, they're all coming out with Windows 10. Love it or hate it - that's what you get. Lots of applications, lots of viruses and vulnerabilities. Without a fair bit of work you can't get Mac OS X to run on a PC. Generally you can get a fairly well specced PC for a lot less than a Mac.
Finally, consider carefully what you'll use this computer for, then try to match the laptops you can get in your price range to those requirements. Most people will also look at which one is prettiest and which has the keyboard they prefer. These are important factors to consider so try to get eyes and hands on a machine before you buy.

Tuesday, 2 August 2016

Hyper-V copy/paste of Virtual Machine folder security problems

Have you seen this in your error logs?:

The Virtual Machines configuration 6ED5794F-DD19-46D3-8121-0880FEB592AE at 'D:\Hyper-V VM Data\VM NAME' is no longer accessible: General access denied error (0x80070005).


With Event ID: 4096 and much sadness because your VMs won't boot?

And did you move the folders that your VMs are living in to a new location but it should just work?! Well the chances are the security permissions on the files are wrong. I'm not talking about "Administrators" having all rights, but specific Virtual Machine rights.

I recently upgraded my home server with a new array of disks - a jump from 500GB of storage to 2TB. It's a modest increase, but this is a hyper-v server, not a NAS. I copied off the VMs from the old disk to an external drive and then copied them back. Oh noes! Two of my virtual Linux servers declined to start again - bastards!

So it was to the inter webs, and here, gentle reader, I hope you can find answers. If you check the permissions on the .xml configuration file for the VM you might see just the regular stuff on it. What you should also see is an entry for "NT VIRTUAL MACHINE\6ED5794F-DD19-46D3-8121-0880FEB592AE" there as well. Now in this instance the "6ED5794F-DD19-46D3-8121-0880FEB592AE" is specific to my virtual machine - you will have a different one.

It's important to note that ID. You can get it from your .xml configuration file and various other places (I find the .xml to be the easiest).

Now to fix this, open an elevated command prompt and type in the following:

icicles "path to .vhd or .xml" /grant "NT VIRTUAL MACHINE\virtual machine ID":(F) and hit enter.

You should have a return of"

processed file: "path to .vhd or .xml"
Successfully processed 1 files; Failed processing 0 files

It looks like this:


Do this for both the .vhdx (as in this case) and the .xml file. Once you go back to the Hyper-V management console, your VM should work. Otherwise, something else is b0rked and you'll need to chase it in Event Viewer!

I hope this saves someone else the half an hour of Googling that I did this morning to sort it out. Best of luck!

Wednesday, 22 June 2016

Another day - another cryptolocker infection

All too frequently we are still seeing people being affected by ransomware. It's pernicious and hard to get rid of once you've got it. If you haven't had it, then this is what happens - you open an innocent email and your computer starts to perform a bit sluggishly. Most people shrug this off then go to open a Word Document or Excel Spreadsheet and can't. It has .ENCRYPTED after it and there are files appearing in all your directories on how to pay to get your data decrypted. A sense of doom starts to build in the pit of your stomach and you watch as the files on your network drives start being encrypted too. Hopefully you pull the power plug and call your IT guy at this point. Then the tough stuff begins....

To stop this from happening here are some tips to keeping your PC cryptolocker free:

  • don't try to open a zip file emailed to you - if someone is sending one to you, make sure they establish contact first - it's OK to email them back to ask if they meant to send it. Most companies won't send you a zip file with their bills in it - the AGL email that recently infected a number of people is an example of this. They send their bills as a PDF
  • hover your mouse over any link in an email *before* clicking it - you'll see the actual address the hyperlink points to when you do this. Just because it says www.google.com/alkajsdflkjadf doesn't mean it actually points there. The hyperlink goes around the text to send it to the web and it could go anywhere!
  • while backups are important, RESTORES are mandatory - a phrase I heard at SAGE-AU years ago and it's still true. There are great free options out there - from Time Machine on the Mac, to CrashPlan across many platforms, Carbonite, ShadowProtect and so on. Get one, have a backup to a USB drive, and then to another USB drive - a bit of a pain to cycle through the backups, but what is your data worth to you? It's a sad situation that most people won't have the faintest idea until every word document they've ever written is encrypted and carries an $800USD price tag to decrypt it. Put an entry in your calendar to backup and do it. 
  • did I mention backups? Let me reiterate - back up your data! Test the backup! Have it disconnected from the network and don't rely on a single data storage place to back up to. If that gets corrupted (and I've seen it happen) - it's still all over
  • go slower when you are readying your emails. Take your time to really check what you've got and why they want you to click on that shiny, interesting looking link. Phishing emails, cryptolocker and other infections are just a mouse click away....


It's a dangerous world, opening up an email program on your computer or a web browser. You never know where it will take you or the risks that it will entail. You can be safe, if you exercise some commonsense!

Monday, 23 May 2016

Digital forensics on an SSD

Recently I was able to listen to a guest lecturer by a chap working the digital forensics field. There were a few interesting things to come out of the lecture. They are, in no particular order:

  • document and timestamp everything you do - it doesn't matter if it's written down, or you use software, but you have to show the steps you went through to reach the conclusions you're putting forward
  • EnCase is an industry favourite software
  • small cases can take you in surprising directions and you can go from a $40,000 fraud case and end up with a $250,000 + fraud case!
  • recovering RAID arrays can be a trick - but you can image each disk and use EnCase to rebuild the array which is pretty neat!
  • you can't carve an SSD to recover data like you would a HDD
That last point is the one I want to mention. On a magnetic hard disk drive (the regular type of drive people have been using) when a file is deleted, it's removed from the File Allocation Table and the computer recognises it as free space, ready to overwrite. It's relatively straightforward to then get that data back - a process I've performed dozens of times to save someone's bacon when they've deleted all their uni work (for example). But on an SSD the process is different. 

On a TRIM enabled SSD (and this is all modern SSD's) the data is removed immediately when you delete it. The OS clears the space for re-use and it's not recoverable. This applies to USB drives as well - any flash media in fact. Once a file is marked for deletion, the operating system erases it completely and then that space is available again. This keeps the SSD running fast. It makes it very hard, if not impossible to perform data carving (or recovery) on an SSD. Uh oh - that makes life harder for the digital forensic expert! 

It's amazing though - even with these kinds of hurdles to getting data out and processing it, people still make it easy to be caught. For example, using work email to talk about things people are doing wrong, or storing data on work computers that has evidence of wrong doing. There is no expectation of privacy when you use a work asset - the company owns all this stuff and all the data on it. And most companies will comply with search orders giving an investigator plenty of access to what they are looking for.

It's interesting stuff, but I don't think I'll make a career of it - getting into the business seems quite tricky and while it is a fascinating field, there is a lot of tedious combing through search hits for relevant results that, quite frankly, looks boring. Never say never though!

Tuesday, 17 May 2016

Netgear D6300 Review

After my poor little TPlink Router bit the dust with a recent power fluctuation I was keen to get something with a solid WiFi capability. The TPlink router I was using didn't have the greatest coverage around the house, and certainly not outside the house, and with the recent installation of a Chromecast I was keen to find something with a bit more zing. Also, due to my dodgy cabling set up, I have half my machines on one side of the house, and the other half on the other side. The cabling between the two goes through the router and I wanted a gigabit link between the two halves.

So a router with 5GHz wireless and gigabit networking? My local nerd supplier handed over the $399 Netgear D6300 and told me it was the best he had. He noted my sceptical look, but assured me that it was good to go. OK I'll have a crack at it and see how it goes.

It took about 45 minutes to configure it - I've got a fairly complex network with a lot of crap all over the place, all sorts of forwards and Dynamic DNS configured. I also have a large number of static DHCP entries - nightmare. Once I got it all across, plugged in and set up and away we went. I quite like the Netgear method of showing what's happening on the network. That's one of the very few things I do like about this router.

Here are the other things:

  • the wireless is good
  • throughput on the gigabit network is very high, so that's good
  • Dynamic DNS works out of the box and has some nice reporting
  • it's not a bad looking bit of gear:

OK so here are the things that suck about this router:
  • the interface is slow. I tested it under:
    • Safari
    • Chrome
    • IE
      • and it was pish under all of them. Slow to refresh and slow to respond.
  • update stopped part way through and I had to restart it - thought I'd bricked the thing
  • updates to DHCP require a reboot of the damn router! What the hell?! All I'm doing is changing a MAC address or an IP and the whole thing has to reboot to update it. This makes me very unhappy and annoyed.
  • it wouldn't initially talk to one side of the network - I ended up having to install a gigabit switch to get the thing to work properly. This isn't optimal, although it does take the network link between the network sides away from the router for when it restarts every time I perform a basic function. 
All in all, for the price, I'm a bit ambivalent towards the D6300. My dirty old TPlink, with no frills, worked pretty well and I wasn't hating on it too much when it died. Now that it is gone, this Netgear has a bit to do before I'm impressed. We will see how it goes over time, however I wouldn't rush out to buy this one.

Ubuntu 16.04 LTS First Impressions

Another polished release - Xenial Xerus (at least I hope it’s polished!)

I’m using it for a test WordPress system at the moment so I’ve been concerned mostly with that. PHP5 is gone, replaced by PHP7. The main issue with this is no more SSH2 PHP7 extension! It makes installing new themes or plugins, or updating them tricky in WordPress as it relies on this. I’ve had to default back to using vsftpd but even that is crashing at this time. To work around that, add:

define(‘FS_METHOD’, ‘direct’);

into wp-config.php

See https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lemp-on-ubuntu-16-04 for a great walk through on this - in fact, check out Digital Ocean - they have some excellent stuff on there, including these tutorials. If you're like me and would love to delve into the intricacies of nginx or some other equally complex bit of software but don't have the time, Digital Ocean give you a way to get things up and going with very little in the way of issues. Nicely typeset and well laid out tutorials - thanks a million guys! (I am in no way affiliated, merely a fan).

I performed the install inside a VMware Player and it was as usual quite fast. Updated hostname and /etc/interfaces/network to sort out IP addresses and the like and off I went. Install of WordPress was straightforward and the set up was reasonably quick - a mite quicker I might say than the one on 14.04LTS that I performed last week. PHP7 seems more responsive and I played around with both my VMs to see if there was much difference - installing the same theme into both to see what the speed impact might be. PHP7 was marginally quicker, although I wouldn't suggest it was statistically significantly quicker.

I noticed that updates using apt-get had a much shorted list of archives being hit which was interesting. In the past it seems there was an ever increasing number of new archives being added until the sources.list ends up a mile long. So quicker updates, presumably more efficient is always a good thing. I have no idea what the desktop interface looks like - probably more of the same of that Ubuntu look (which I personally am not in love with - give me Mint's any day).

Much more of my time was spent using this VM to try and get a dirty website going - I am no webdev and I really don't like doing it. Sadly, sometimes you have to so I will continue plugging away at it tomorrow. Ubuntu 16.04 LTS though - looks like it's the goods. Get on it and see how if it does the job for you!