I am always for using the right tool for the right job. A lot of time, that tool is Python. I have always had trouble finding solid documentation on using MySQL with Python. There was generally enough to get by, but the more the merrier. Enter MySQL for Python by Albert Lukaszewski. (more…)
Being a SysAdmin (as most of you who read this blog regularly know), I love to look at logs to solve problems. If there is an issue, the first thing I always do is look at the logs to see what went wrong. Even when I am writing programs, I build debugging in from the beginning to make sure I know what’s going on at all times (especially when something goes wrong). (more…)
The folks over at Packt Publishing are kind enough to send me out an advance copy of the upcoming Modsecurity book by Magnus Mischel. I have written about mod security before, but really haven’t had a chance to look into it recently. I am anxious to see where its advanced to in version 2.5.
If you don’t know anything about mod_security, I encourage you to read up on it in the interim.
Stay tuned for the review.
It’s that time of year again where you too can nominate someone for the SysAdmin of the year. The contest ends on October 24 and has a progressive jackpot of up to $5,000 (and seriously, what SysAdmin do you know couldn’t use an extra $5k ish)?
So if you know any rock star sysadmins, sysadmins who save the day, sysadmins who have done stuff previously that have saved many days or any combination thereof, enter them: http://www.bigfix.com/rockstar/enter.php.
Date: 12 Mar 2007
The next generation in telephony in combination with FOSS (Free and Open Source Software) is Asterisk. With the Open Source community revolutionizing telephony, Askterisk is the forging the way ahead. If you don’t know what Asterisk is, then you are going to be left behind.
|Title||Building Telephony Systems With Asterisk|
|Author||David Gomillion & Barrie Dempster|
If you are looking for a way to save money on a phone system, how to deploy Asterisk either in a business or a personal environment, then this is the book for you. Even if you are just looking for find out more about VoIP, Voicemail systems, or a foundation of how telephony works, then this is a must read. If you have an existing Asterisk system and are looking for ways to tweak it or make it more efficient, then you need this book to take you through the first steps. This book caters more to those with less experience with Asterisk.
As with any introduction to a new system, the most vital questions are; What is it? and Is it for me? The authors of this book discuss the background for what it (Asterisk) is in great detail in the first chapter. Then they answer the second question by discussing both the pros and the cons from many perspectives. Assuming that you have decided that Asterisk is the solution for you (based on the information in chapter 1), it’s time to look into deploying an Asterisk. First it is necessary to take stock of what you have to work with and what your capabilities are. The authors discuss the various telephony capabilities ranging from POTS, Ts (and frame relay), and ISDNs for the medium and then move on to SIP, IAX, H.323, and others for the software protocols. The last part of the planning stage is determining what you need and how to make it scalable. Given various scenarios of initial stages and growth, the authors begin alluding to dial plans, extensions, and some of the other aspects that make Asterisk so versatile.
Chapter 3 starts right from the basic installation of Asterisk and familiarization with the configuration files. So as not to waste too much time on building programs from source, the authors move right into the actual configuration. This is one of the places where the book excels. Since Asterisk is a very configurable program, it has many configuration files and configuration items. The authors take the time to go through, at least basically, each one of the major configuration files. First they start with the zaptel.conf and the zapata.conf for the hardware. Then its time to move onto the software configuration where we configure sip.conf and iax.conf. Now its on to one of the most important aspects of our Asterisk configuration, voicemail.conf. The chapter is then finished up with some of the more interesting aspects of Asterisk like queues, conference rooms, and music on hold.
Now that the Asterisk base has been installed, the authors walk you through configuring the dialplan. This is where Asterisk’s power really shows through. There are many advanced features covered here like call parking, direct inward dialing, automated attendents, and other advanced call distribution mechanisms. The author’s then discuss different methods of logging (CDR – Call Detail Records). Also covered were the ability to record and monitor calls (and even have a legal issues note).
Since one of the best features of Asterisk is versatility. Asterisk @Home is decieving by name. Housed by CentOS Linux, Asterisk @Home provides for a more graphic based and user friendly configuration mechanism called AMP, the Asterisk Management Portal. This chapter covers the way to configure Asterisk @Home through AMP and how each configuration aspect is matched to the concepts covered in Chapter 4. They even show integration of Asterisk and SugarCRM, a widely used FOSS customer relationship management software.
The authors now come to my favorite way of teaching, real life application. They use multiple case studies as is a staple of authors for Packt publishing. There are explanations of a SOHO (Small Office/Home Office) setup, small business setup, and a hosted PBX setup. The book is then rounded up by explanations of maintainance, backup (and restore), and security. Many of the topics discussed with regards to security are general security topics such as host based security, rule based access control, and firewalling. The final notes discuss scalability and various support mechanisms for Asterisk.
Although I found this book slightly difficult to get through, it was jam packed with information. I was especially impressed with the way in which the authors covered the configuration files and the way in which they were explained. As always, I thoroughly enjoy the case studies and real life examples that are provided by the authors.
The one item which I feel wasn’t well covered in this book is call quality. It is generally well known that call quality with VoIP has a tendency to be a problem. Since Asterisk is a transport medium with the flexibility for many configuration tweaks, I think there should have been more discussion about call quality and its enhancement.
Overall, I found this book to be extremely helpful, although dry at times. There is a lot of material to be conveyed and the authors did their best under the circumstances. This book is an excellent starting point for anyone who needs to bring Asterisk into their world and needs to start from square one.
Date: 15 Feb 2007
There are complex and simple firewalls. They can be as simple or as in depth as one is willing to put the time and effort into learning and configuring them. The simple firewalls being to just allow or drop packets based on protocol or source or destination IP. The complex being that which deals with QoS (Quality of Service) or the L7 packet classification filter.
|Title||Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT, and L7-filter|
In order to have a complete understanding of exactly how well this book covers each of the topics it delves into, one has to have a certain understanding of firewalls and the necessary uses for its components.
As is reminiscent of many of the books written by authors for Packt Publishing, the first chapter begins with descriptions and re-introductions to many of the basic networking concepts. These include the OSI model, subnetting, supernetting, and a brief overview of the routing protocols. Chapter 2 discusses the need for network security and how it applies to each of the layers of the OSI model.
Chapter 3 is when we start to get into the nitty gritty of the routing, netfilter and iproute2. Here is where the basics of tc is covered including qdiscs, classes, and filterers. This is where the examples start coming. The real world examples used throughout the book are what makes the book easy enough to not only understand, but also apply to your network. Chapter 4 discusses NAT (Network Address Translation) and how it happens from within iptables. It also discuesses packet mangling and talks about the difference between SNAT (Source NAT) and DNAT (Destination NAT). The real life example in this chapter discusses how double NAT may need to be used when implementing a VPN (Virtual Private Network) solution between end points.
Layer 7 filtering is the topic of Chapter 5. Layer 7 filtering is a relatively new concept in the world of firewalling. The author tackles it right from square one. He talks about applying the kernel and IPTables patches (which have the potential to be very overwhelming concepts). One of the neat concepts that the author chooses to use in the example for this chapter is bandwidth throttling and traffic control for layer 7 protocols like bittorent (a notorious bandwidth user). He also covers some of the IPP2P matching concepts and contrasts it to using layer 7.
Now is where to get to the full fledged examples. The first is for a SOHO (Small Office Home Office). It covers everything from DHCP, to proxying to firewalling and even traffic shaping. Next is a medium size network case study. This includes multiple locations, servers providing similar functionality with redundency, virtual private networks, ip phones and other means of communication, and the traffic shaping and firewalling for all these services. He also discusses a small ISP example. The book finishes up by discussing large scale networks and creating the same aspects as for the medium and small sized networks. The difference is that now the ideas are spread across cities, Gigabit ethernet connections, ATM, MLPS and other high speed methods of high speed data transfer. There is even information on Cisco IOS and how their routers can be deployed in large scale networks. The lower level routing protocols like BGP and firewalling and routing servers like Zebra. And he finishes up with one of my favorite topics, “security.”
Although this book covers some of the most difficult topics with regard to the internet, networking, security, traffic shaping, and general network setup, it is handled very well. Each chapter begins with a summary of information that needs to be known and understood for the coming chapter. I was able to put this book to work immediately (even before finishing it) with the need to traffic shape the network traffic in an office which required better VoIP (Voice Over IP) support.
I would recommend this book to anyone and everyone who has any responsibility for a firewall or network of any kind. One of the best aspects of the book is how up to date it is. It uses the 2.6.12 kernel for applying the layer 7 kernel patches. The ideas and concepts in this book will be valid and current for a long time, especially since most of the major protocols that the book covers like bittorrent and other P2P applications that are prevalent in our networks. If you have anything to do with networking at all, I strongly suggest getting your hands on this book. If not to understand the networking and traffic shaping concepts, then at least for a reference.