Zeroshell Innovation and Deployment

Keywords: Ldap,Kerberos,proxy, captive portal,radius

Introductions:

Hello once again, as you would notice we had done a lot of service applications.I think its time for us to focus (or deviate our views ) on security and networking.Why? well simply because ,we just don't want it to be robust enough for a rigid applications but to secure our system with a centralized access-as our goal.This time we will be discussing a sort of making the safest system to make intruders or hacker wonders away from the scenes of our network confidentiality .Yet,with out the efforts of digging out deep knowledge on how to anticipate those intruders ,malicious access that will ruin our system in peril.Of course not only that , we need to monitor activities(logging) also on 24/7 basis ;for us to analyze rather determine if it is working smoothly or nobody will crash our system -as our assurance.

One thing which may follow is the outsourcing(research ) of appropriate software (which if free..) that will cater all our necessity and requirements.If you could still recall, we had previously tried different free application services on the net: pfsense,ipcop, drupal with chillihotspot and lastly the WifiAdmin.Well they been tested also as good as what they did promised, yet we needed these all to be in one package and Zeroshell have it all.

Zeroshell is a small Linux distribution for servers and embedded systems which aims to provide network services. As its name implies, its administration relies on a web based graphical interface. There is no need to use a shell to administer and configure it. Zeroshell is available as Live CD and CompactFlash images, and VMware virtual machines.Zeroshell is not based on an already existing distribution as for example Knoppix is based on Debian. The author has compiled the whole software of which the distribution is composed starting from the source code in the tar.gz or tar.bz2 packets. The compiler gcc and the glibcs of the GNU have been compiled too and have had the so-called phase of bootstrap in which they have recompiled themselves more times. This has been necessary to optimize the compiler and to eliminate every dependence from the glibcs of the system from which the first compilation took place. Some of the initialization scripts, as well as the guidelines followed by the author are those of Linux From Scratch. For a list of the used software look here.

Some of the innovations that we will aim for this free software are porting its applications to an embedded PC, a rack mounting deployment in our Data Center, then a quality testing on gateway and router applications and lastly to test rigidly all its features.

Best features of Zeroshell:
Captive portal
Radius
Firewall
Router/Bridge/Gateway
MRTG
LDAP
X509 certificates
QOS
Load Balancing
NAT


Requirements:

Phase I
PC (p4 or higher) Zeroshell server
PC (windows) software loader/imager
Image burner software
Zerohshell (linux)
Hard disk (SATA/IDE /USB or CF card)

Phase II
Embedded PC(Soekris Net501)

Methodology:

Download softwares(Windows and Linux)
Linux:
Download install
root@localhost# wget
root@localhost#

Windows:


Setup hardware
Connect the Zeroshell HDD as slave
Open phDiskwriter
Drag the image and save

Detail(1): Download accessories file required for Zeroshell installatios.


Detail(2)Physdiskwrite-GUI as another options (Oww-Russian?)

Detail(1) Please check your working drive to avoid form accident damage
(else forget yourself)


Detail(2) physdiskwrite.exe -u ZeroShell-1.0.beta14-CompactFlash-IDE-USB-SATA-1GB.img


Detail(3) Choosing the 2nd drive is by marking your working HDD


Detail(4) after bytes image "Finish"


Detail(4) A glance of a working prototype -Zeroshell Gateway


Detail(5) Web administration login


Detail(5) Zeroshell menu setup


Detail(6): Zeroshell configuration menu


Detail(7) Assigning WAN/LAN IP address


Detail(7):The issuance of credential /certificate x509 -SSL


Detail(8): Network IP Addressing notes


Detail() Multi Router Traffic Grapher


Detail() Captive portal login:


Remarks:

Hints:
Please take note on setting up a wireless connection using Zeroshell:
Here are our cases:
Case I:
1)We don't have a preferred Altheros wireless card ,instead we will use the available WiFI-Access point.
2) We want zeroshell to captive our wireless clients before an Internet access .

(-)In doing so, our zeroshell will acts like a router/gateway .

1)Zeroshell : 192.168.0.1(internal IP address) ,as a router.
2)Disable the DHCP server of the Wifi Access point (WRTG54g) , make its IP address within the Zeroshell subnets.WRTG54g IP address must be in the subnet range which is assigned by Zeroshell that acts as DHCP server now.
Ex:
192.168.0.1/24 (Zeroshell)
IP address range
192.168.0.2 to 192.168.0.255

3)WRTG54g: 192.168.0.2 now acts as a client

4) Connect Zeroshell [192.168.0.1] ether port to WRTG54g LAN port not to its WAN port! (usually with 4 LAN ports)

5) Wifi-clients (PC or laptops) should be able to access the Internet at this time.
5.1) Refresh wifi network icon
5.2) Connect to the WRTG54g ssid
5.3) You must see a captive portal's login (as mentioned above)
5.4) Then bingo, you are now redirected to the www(:=))

Case II:
1) We want to directly connect clients to our networks permitted first by Zeroshell
2) Main router/gateway will broadcast IP address to our clients.

(-) In doing so we need to configure Zeroshell in a Bridge Mode setup.

Case III:
1) We want Zeroshell to do the authentication process using external LDAP
http://www.zeroshell.net/eng/qos/#Add-QoS-Class
(-) To do so, we need to configure FreeRadius server hard coded in our Zeroshell to use the LDAP backend instead, this is trough configuring FreeRadius script -radius.conf.
http://www.ibm.com/developerworks/library/l-radius/

III.1) Zeroshell uses freeradius which supports proxy and ldap integration.Find radiusd.conf and edit with vi or emacs ; uncomment the LDAP statement as necessary.

ldap {
server = FQDN for your server or IP address
login = ldap login looks like cn=?,o=?,c=?
password = ldap password
basedn = ou=?,dc=?,dc=?

III.2)To make it work. look for any other sections for ldap then uncomment it.Edit your dictionary.conf, make sure a Value of LDAP IS PRESENT if not add it in or uncomment it.

III.4)Look for users.conf and add the default entry for :
Auth-Type =: LDAP
Fall-Through = 1

Note:
For your LDAP server to authenticate then it should be ready to serve requests. So reestart freeradius service and Zeroshell should be checking with the ldap server for credentials.

Conclusions:
So far I considered zeroshell as a promising Linux software applications which is a complete embedded web security portal.

Knowledge Tree (Open source File Management System)

Introductions:

Offices management almost requires an automated systems for an easy and fast transactions , a lot of files :contain different contents;name all of those and probably we will mention as many as we can(oh bulky files: receipt,appointment, voucher,cheque,release , issuance ,salaries and many to mentions-as I said).Hey, this great importance of file managements system sometimes or if not most of the times are not being adopted in the traditional work-flow of a local/common offices so why ?Well, despite the fact of such reasons behind necessity , still offices cant afford to implement the said system.Simply because , it involves huge amount of budget,or of course a financial buffer .Either purchasing it or paying for an IT programmers to have a defined or customized built in systems that will certainly suit s the requirements of office working flow -still needs huge capital.

But that not ends our aim to acquire such system, why? just an open-source will give(save) us a simple remedy ;and it is free for anybody who wanted to use it.

So ambitious as we are(no just trying),this techno blog will teach you a simple procedures the How-to of deploying free File Management system-yes brother its free.Just follow the steps and download each software packages (before I forgot your old PC can perform as an alternative sever for your DBase).Before proceeding , this tutorial will be using a Knowledge Tree Community Edition file management software.

KnowledgeTree is a provider of online document management software. The product makes use of the cloud computing platform from Amazon EC2. KnowledgeTree’s features — including workflow, document alerts and version control — are designed to help organizations manage business processes around documents in addition to enabling file sharing among teams. The service is available on a subscription basis.

There is also a free, open source community edition that is written in PHP and uses the Apache Web Server and MySQL database management system. A multi-platform installer provides end-users with a one-click install of both the underlying LAMP or WAMP stack and the application itself.

KnowledgeTree is a US company with headquarters in Raleigh, North Carolina. The company also has an office in Cape Town, South Africa.

Then let us try it for free!

Requirements:
Open Source OS
FreeBSD ,Ubunto, Fedora 1X ,CentOS ,OpenSuse
Open Source Software:

• Knowledge Tree Community Editions (3.7)
  
• PHP 5.2.x
• PHP LDAP extension (if LDAP or ActiveDirectory integration is required)
• PHP Exif extension (if header extraction from JPEG and TIFF files is required)
• PHP mbstring extension (functions for multi-byte character sets)
• PHP mysql extension (interface to mysql database from php)
• PHP json extension (functions for working with json structures)
• PHP fileinfo extension (functions for resolving mime types of documents)
• MySQL Server, Client, and PHP libraries, version 5.1 or above
• Apache 2.0 or above
• Java Runtime Environment 1.5+ (Required for Apache POI and Lucene)
• pstotext (required for indexing of postscript files)
• OpenOffice 2.4+ (required for PDF conversion)
• Info-Zip (required for extracting contents of zip files)

Methodology:

Download the packages
PHP(version 5)
root@localhost# sudo apt-get install gcc*
root@localhost# sudo apt-get install php-devel
root@localhost# sudo apt-get install php-mysql
root@localhost# sudo apt-get install php-pecl-json
root@localhost# sudo apt-get install php-pear
root@localhost# sudo apt-get install pecl/json

To enable exif-support configure PHP
with --enable-exif

To enable LDAP support configure in PHP
--with-ldap[=DIR]
root@localhost# sudo apt-get install libmime-devel
root@localhost# sudo apt-get install libmagic-dev
root@localhost# sudo apt-get install file-devel
root@localhost# sudo /usr/local/php5/bin/pecl install fileinfo
root@localhost# sudo pecl install Fileinfo

To enable MBstring in PHP
-enable -mbstring --enable-mbregex
root@localhost# sudo apt-get install libmbfl*
root@localhost# sudo apt-get install php-mbstring
root@localhost# sudo apt-get install pstotext*
root@localhost# sudo apt-get install Openoffice*
root@localhost# sudo apt-get install info-zip*

MYSQL
APACHE
JAVA JRe (1.5)
root@localhost# sudo apt-get install jre*

Remarks:
Hints:
I was a little bit stuck not because I miss info's in the process but that I accidentally deleted that "dpkg" in Ubunto(my distro for a moment).So,I could not used to install(terrible!) ,yet I stumbled and solved it -atlast!
The error??
Sub-process /usr/bin/dpkg returned an error code (100)

The solutions:
Create a Director where to store the new dpkg package
root@localhost# mkdir /tmp/dpkg
root@localhost# cd /tmp/dpkg

Now download the package
root@localhost# wget http://archive.ubuntu.com/ubuntu/pool/main/d/dpk g/dpkg_1.15.5.6ubuntu4_i386.deb
root@localhost# wget http://archive.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.5.6ubuntu4_amd64.deb

Extract the compressed files
root@localhost# ar x dpkg*.deb data.tar.gz
root@localhost# tar xfvz data.tar.gz ./usr/bin/dpkg

Copy the the bin files to "/usr/bin"
root@localhost# sudo cp ./usr/bin/dpkg /usr/bin/

Update the Ubunto dpkg pakckage
root@localhost# sudo apt-get update
root@localhost# sudo apt-get install --reinstall dpkg


Conclusions:

Repository Harvester(PKP & Google)

Introductions:

Repository system is a bit challenge to the trend of online digital informations which are necessary to be integrated, and these are metadata,indexes or field link s to a searchable storage of archives.Just imagine a wide virtual system of one university library that could be a beneficiary to the other user/patron needs(researcher,teacher,students and other institutions) to get ample resources- electronic information. Given the available /free technology (Open source ) on the net and the knowledge of informations it is nowadays ' opportunity to unified every database of knowledge available elsewhere (World Wide Web).

If this is everybody's goal and we set this vision come into real , one thing we can invoke of having a unified opportunity of grabbing every archive or repository is by way of harvesting it. Yes brother we need to harvest those knowledge online and we need a harvester which is a free system-Open Harvester System

Open Harvester Systems is a free metadata indexing system developed by the Public Knowledge Project through its federally funded efforts to expand and improve access to research.

OHS allows you to create a searchable index of the metadata from Open Archives Initiative (OAI)-compliant archives, such as sites using Open Journal Systems (OJS) or Open Conference Systems (OCS).

Requirements:

Hardware:
Quad-Core CPU Cerver (i7,xeon AMD or etc)
Software:
OS:(Linux,FreeBSD,CentOS,Fedora
Apache2,Mysql,PHP,
OHS Software

Methodology:

sudo apt-get install apache2

sudo apt-get install php5

sudo apt-get install libapache2-mod-php5

sudo /etc/init.d/apache2 restart

sudo apt-get install mysql-server

sudo apt-get install php5-mysql


Methodology:

Installing Apache2
./configure --prefix=/usr/local/apache2 \
--enable-so \
--enable-cgi \
--enable-info \
--enable-rewrite \
--enable-speling \
--enable-usertrack \
--enable-deflate \
--enable-ssl \
--enable-mime-magic

Installing PHP
./configure \
--with-apxs2=/usr/local/apache2/bin/apxs \
--with-mysql=/usr/include/mysql \
--prefix=/usr/local/apache2/php \
--with-config-file-path=/usr/local/apache2/php \
--enable-force-cgi-redirect \
--disable-cgi \
--with-zlib \
--with-gettext \
--with-gdbm

Remarks:
Hints:
1)How to reinstall apache2 completely:

root@localhost# /etc/apache2# 
/etc/init.d/apache2   start .: 45: Can't open /etc/apache2/envvars

Try to execute the CLI
root@loccalhost# sudo apt-get remove --purge apache2 apache2-utils

Then reinstall the apache2
root@localhost# sudo apt-get install apache2
If Error(98) socket bind problem or already in use 0.0.0.0:80
Try typing this command to find out which uses port 80
root@localhost # netstat -A inet -lnp
root@localhost # kill xxx (ID for port 80)

2) In installing PHP
I've encountered some miss files :
libmysql-dev
libqdbm
Note if it is a built installations(PHP won't see mysql header files(*.h))
so try to add this in your configurations 
--with-mysql=/usr/include/mysql

3) Reinstalling a Mysql
Error:
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysq
Try this mysql safe comand to help solve that problem:
root@localhost# mysqld_safe
Try another CLI Tab
root@localhost# mysql -u root -p
..there you have it solved

Building a Web Search Engine

Introductions:

I often think of google ,yahoo and other web search engines, actually I don't have any idea of those ,what I mean a deeper thought of developing it before.Until , little by little it would be a coincident now in my own scope of work.Yes, I am getting the idea that if I could run Zebra server together with its client (Yaz to be particular) I would be having a simple web search engine-think it ain't obvious. Ohhhm ...pretty cool ;of course that requires authentications and permission to the end(peer) server, and that is how these big web search engines are doing ( am correct?) .

In this case , we can refer this topic " Installing Zebra(z3950 protocol)" that I have blogged recently.

Apparently ,I have search out (wheew!) that we need other party to browse it via http (that is the new features of YAX 4.1.XX getting data via HTTP protocol-we'll see it brother!)and this is the job of SOLR application software.SOLR is the popular, blazing fast open source enterprise search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, and rich document (e.g., Word, PDF) handling. SOLR is highly scalable, providing distributed search and index replication, and it powers the search and navigation features of many of the world's largest internet sites.

SOLR is written in Java and runs as a standalone full-text search server within a servlet container such as Tomcat. SOLR uses the Lucene Java search library at its core for full-text indexing and search, and has REST-like HTTP/XML and JSON APIs that make it easy to use from virtually any programming language. SOLR's powerful external configuration allows it to be tailored to almost any type of application without Java coding, and it has an extensive plugin architecture when more advanced customization is required.

Now let's have a try if this could make a straight forward approach on how to develop a simple search engine, again what we need is a server to host the records such as the meta-data/indexes and the client to communicate the server in a z3950 protocol way.

That is it for now.

Requirements:
For our requirements
Installed Zebra server
http://ftp.indexdata.dk/pub/zebra/idzebra-2.0.45.tar.gz
Configured Zebra server
Testing Marc to Zebra server
Installed YAZ client
http://ftp.indexdata.dk/pub/yaz/yaz-4.1.3.tar.gz
Configured YAz client
Search index Zebra server's marc records
Installed SOLR (new)
http://ftp.wayne.edu/apache//lucene/solr/1.4.1/apache-solr-1.4.1.tgz
Configured SOLR
Installed Java
http://apache.cyberuse.com//lucene/java/lucene-2.9.4-src.tar.gz
InstalledTomcat (new)
http://apache.cs.utah.edu/tomcat/tomcat-7/v7.0.6/bin/apache-tomcat-7.0.6.tar.gz


Methodology:

Detail(1) Testing Zebra server for HTTP

Remarks:


Conclusions: