Proftpd and TLS
OpenSSL is needed by TLS; to install ProFTPd and OpenSSL, we simply run:
apt-get install proftpd openssl
You will be asked a question:
Run proftpd: <-- standalone
Creating The SSL Certificate For TLS
In order to use TLS, we must create an SSL certificate. I create it in /etc/proftpd/ssl, therefore I create that directory first:
mkdir /etc/proftpd/ssl
Afterwards, we can generate the SSL certificate as follows:
openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/ssl/proftpd.cert.pem -keyout /etc/proftpd/ssl/proftpd.key.pem
Country Name (2 letter code) [AU]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) [Some-State]: <-- Enter your State or Province Name.
Locality Name (eg, city) []: <-- Enter your City.
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, YOUR name) []: <-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []: <-- Enter your Email Address.
4 Enabling TLS In ProFTPd
In order to enable TLS in ProFTPd, open /etc/proftpd/proftpd.conf...
vi /etc/proftpd/proftpd.conf
... and uncomment the Include /etc/proftpd/tls.conf line:
[...]
## This is used for FTPS connections
#
Include /etc/proftpd/tls.conf
[...]
Then open /etc/proftpd/tls.conf and make it look as follows:
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSOptions NoCertRequest
TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient off
TLSRequired on
</IfModule>
If you use TLSRequired on, then only TLS connections are allowed (this locks out any users with old FTP clients that don't have TLS support); by commenting out that line or using TLSRequired off both TLS and non-TLS connections are allowed, depending on what the FTP client supports.
Restart ProFTPd afterwards:
/etc/init.d/proftpd restart
That's it. You can now try to connect using your FTP client; however, you should configure your FTP client to use TLS (this is a must if you use TLSRequired on) - see the next chapter how to do this with FileZilla.
If you're having problems with TLS, you can take a look at the TLS log file /var/log/proftpd/tls.log.
Growl, Prowl and our iPhone in a IT environment
I found prowl in the itunes store the other day. It has some great features! after i got it to work i can now get push notifications on my iPhone if a server is down, or a service restarts, or a backup just failed!
First, go get growl for windows here
Then install it and add your iPhone in "Network". For now set notification priority to all.
Go get Growlnotify and drop the contents in your windows folder.
Now go to your windows 2008 server event collector and add a task to run at a specific event. add something like this line:
c:\windows\growlnotify.cmd /t:"{Topic}" "{Message to send}"
c:\windows\growlnotify /a:{NameOfApp} /r:{NotificationType} /n:{NotificationType} /t:{Topic} "{Message}"
NOTE: The "" is changed by wordpress for some reason. Write them again manually or you will get a "bad arguments" error
The notification type is important as you can specify in growl if a specific notification type is EXTRA important and schould be send to your iphone or just another growl notification server.
And well... PANG you get push notifications on your iPhone 
(as long as you remember to install prowl first 
- You get that from the app store! )
winrm and winrs a management tool for windows 2008
If you are using Windows 2008 Server, WinRM is installed but not enabled by default. This is a good security precaution. The easiest way to determine if WinRM is already enabled and started on your machine is to go to a CMD prompt and run:
winrm enumerate winrm/config/listener
If you get no response them WinRM is not running. To configure WinRM to start automatically and allow for remote access, use the winrm quickconfig command like this:
C:\Users\Administrator> winrm quickconfig
WinRM is not set up to allow remote access to this machine for management.
The following changes must be made:
Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.
Make these changes [y/n]? y
WinRM has been updated for remote management.
Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.
C:\Users\Administrator>
Once I configured the quickconfig, I reran the enumeration command with these results:
C:\Users\Administrator> winrm e winrm/config/listener
Listener
Address = *
Transport = HTTP
Port = 80
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = 10.253.15.98, 127.0.0.1, ::1, fe80::5efe:10.253.15.98%11, fe80::9583:2148:e1ef:6444%10
C:\Users\Administrator
From this, I know that WinRMis enabled.
Similar in operation to the former Sysinternals tool PSExec, WinRS leverages Windows Remote Management to let you launch processes on remote machines. Where it differs from PSExec is in its ability to easily pass through firewalls in the same way as WinRM. For example, if you want to discover IP information about a remote machine, you can remotely launch ipconfig with the -all switch on that machine using this syntax:
winrs -r:{Remote Host} ipconfig -all
Another handy use of WinRS can be when installing software on remote systems. If you want to quietly install an application using an MSI file onto a remote machine, use the following syntax. This syntax assumes the MSI file has already been deposited into the C:\ folder.
winrs -r:{Remote Host} msiexec.exe /i c:\install.msi /quiet
I have used this for other things as creating a centralised backup with windows backup (Windows 2008 only) and then ship the completion logs directly to the same server. Simply make a batch file containing all our severs like this:
winrs -r:{Remote Host} wbadmin start backup -backupTarget:\\{Remote Host}\backup\weeknumber -include:C: -allCritical -vssFull -quiet
hope you enjoy. Please leve a comment if you liked thic article
Make full trust for shared configuration IIS7
Navigate to the "C:\Windows\Microsoft.NET\Framework\v2.0.50727" folder with a command prompt (with elivated permissions) and run the following command:
C:\Windows\Microsoft.NET\Framework\v2.0.50727>caspol -m -ag 1. -url "file://\\1
0.0.0.2\Share\*" FullTrust
Note this has to be done on each server!
To read more about this command look here
for more info about setup of the shared configuration take a look here
Linux commands to test website speed
ngrep -q 'HTTP Error 503' port 80
this command gets all trafic on eth0 and on port 80 that includes the line "HTTP Error 503"
tcpdump -i eth0
gets tcp traffic on eth0
ulimit -n 300000
Sets the max numbers of open files
ab -n 100000 -c 500 http://blog.hviidnet.com/
Benchmarks blog.hviidnet.com with 500 concurent connections 100000 times.. (needs to have apache installed)
