We needed a helpdesk and a knowledgebase system and we prefer that it be opensource. We have found OneOrZero HelpDesk and KnowledgeBase to be a good candidate. We decided to take a look at it and see for ourselves. Installation was tad easy. All you need is an Apache server, PHP, and MySQL and voila! We have been running it using MySQL for sometime but we didn’t as of yet let users use the system.

We have been mulling over the idea of integrating OneOrZero HelpDesk and KnowledgeBase authentication with our existing LDAP server which also authenticates our Windows domain users via our Samba PDC. OneOrZero is pretty much convenient for us since it already has LDAP authentication capability. Or so we thought.

Setting up LDAP for OneOrZero HelpDesk, required us to modify its settings. You can do this using its own control panel, by logging in as an administrator, or you can go brute it out by going to where the OneOrZero configuration files are located. In my case it is in

/srv/www/onezero/configuration/website_settings.php

Please note that the location may not be the same in your case, depending on where you extracted your files, and where your Apache DocumentRoot is located. Make the necessary adjustments.

After locating the file, make a copy first of the existing file (you dont want to lose working settings do you? then edit website_settings.php by opening your favorite text editor - which in my case is VI.

vi website_settings.php

Navigate your way down towards near the end of the file, and review the LDAP-related parameters. Please note, I’ll be using my own LDAP parameters as examples and yours might be different depending on your LDAP server flavor (AD, OpenLDAP, Netware/OES/others).

# Enable LDAP authentication. This is DB by default.
auth_method = "LDAP"

# IP address of your LDAP server
ldap_host = "192.168.10.10"

# If you are using AD, specify the domain name. I'm using OpenLDAP so, I ignored this.
ldap_domain = ""

# Specify the user that will be used to bind to your LDAP server. Not needed if anonymous bind is allowed
ldap_binddn = "cn=ldapbinder,dc=mydomain,dc=com"

# Specify the password for the binding user
ldap_bindpwd = "secret"

# Set the location in your LDAP schema where the search will start from. In my case, I have an OU called "Users"
ldap_rootdn = "ou=Users,dc=mydomain,dc=com"

# Provide here the search attributes. Note though that this might be different on your particular flavor of LDAP.
# Use an LDAP browser utility to double check.
ldap_searchattr = "uid"
ldap_fname = "givenname"
ldap_lname = "sn"
ldap_uname = "uid"
ldap_email_add = "mail"
ldap_office = "l"
ldap_phone = "telephonenumber"
ldap_context = "dn"


Save your file after editing.

We then tried logging in using our LDAP accounts, however it seems that OneOrZero cannot find our accounts, or rather LDAP cannot find the accounts passed by OneOrZero to it. So, I then looked at the LDAP log and checked what the problem is. Sure enough, I found the culprit.

Jan 14 11:18:15 x2100 slapd[4044]: conn=5857 op=1 SRCH base="ou=Users,dc=mydomain,dc=com" scope=2 deref=0 filter=”(uid=minime)”

No wonder LDAP cannot locate the user. Even though it is searching on the right section of the LDAP tree, it doesn’t know which one to pick up. Remember, we use our LDAP server as authentication for our Windows users via Samba as well. Heck, we even authenticate our SSH users via LDAP also.

Another challenge!

How do I hack the filter in OneOrZero so that it works for my LDAP server ? (GOD I LOVE THIS WORK!)

Simple, I have to locate the filter string deep in the vowels of OneOrZero’s source code and insert my own filter or manipulate it so that the output filter will meet what my LDAP server really needs.

OK OK! Enough suspense, how did I do it? Simple.

Navigate yourself to where you extracted OneOrZero - in my case /srv/www/onezero/common , and edit the file common.php . When you open the file, navigate yourself towards line 164 . There you will find the $filter variable which receives the value from the LDAP search attribute that was set in website_settings.php .

When you locate the $filter variable, comment the existing one, and replace it so that it looks like this:

// $filter = "($ldap_searchattr=$name)"; //This is the default filter string

$filter = "(&(objectClass=posixAccount)($ldap_searchattr=$name))" // This is my new filter string to fit my LDAP server.

Save the file and do a test login. That’s it!

If you still have trouble setting it up (which I doubt), feel free to look at the Administration guide at http://www.oneorzero.com/wiki/index.php?title=OneOrZero_Settings

Enjoy!

Technorati : oneorzero, helpdesk, linux, ldap, authentication
Site Search Tags: oneorzero, helpdesk, linux, ldap, authentication

Microsoft announced last December 15 of yet another major flaw in version 7 of its Internet Explorer browser which allows remote code execution on the target computer (as if the others do not already).

Dubbed as Microsoft Security Advisory (961051), the advisory went on to discuss the issue as follows:

The vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object’s memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.

It appears also that its not only IE7 that’s affected. It affects versions up to IE8 also. Even the BBC has snatched this issue as well.

What was weird for me was that the Full Disclosure community did not make any reaction to this disclosure by Microsoft. Or it might be too early as the secinfo experts and enthusiasts are scrambling to verify this if at all.

My take on this is - what’s new? Honestly, I’m not surprised at all.

Technorati browser, internet, explorer, IE, major, flaw, microsoft, security
Site Search Tags: browser, internet, explorer, IE, major, flaw, microsoft, security

With Google doing a public beta test of Google Chrome I’ve taken a few steps further to see what it can do. However, sadly for me, GC is currently on a Windows-only build so no dice for native Linux version. So I had to resort to “drastic” measures - try to see if it runs on Wine.

So I got the offline installer here and installed on top of Wine. The installation went ok, with Wine adding a desktop shortcut and menu entries. I tried to run GC and bam, a browser with rounder corners and blue header pops up. So far so good.

Then I noticed that the address bar is all black. Though I can type a URL, it doesn’t open the site I wan’t to visit. Tried it a couple of times, still no dice. Looking at the log I prepped, seems there are some components not working properly. So I ended up firing a report to WineHQ and see what can be done.

Nope, I currently don’t have the time to find the bug for GC on Wine. I’m making the Google Chrome team do that. At least with the WineHQ notified, I can expect to have a working GC on Wine.

Or not.

UPDATE:

Google Chrome now works on Wine 1.1.3. However, additional parameters must be added when you invoke wine on the command line. And sorry, HTTPS access is not yet available/foolproof.

Just fire up Wine in the terminal like so:

env WINEPREFIX=”/home/anakin/.wine” wine “C:\windows\profiles\anakin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe” –new-http –in-process-plugins

You have to also make sure that you have Riched20 and Riched30 installed using Winetricks (thanks Roy Shea at WineHQ!).

This method was further confirmed at UbuntuForums, and also confirmed by “nelson”. A good how-to is also available recently at HowToDude.

UPDATE 2:

Filed another bug report with WineHQ regarding HTTPS access on Google Chrome on Wine 1.1.3.

Related:

Wine AppDB page for Chrome (thanks to Dan Kegel) - added 9/6/2008
WineHQ Bug Report 15106
WineHQ Bug Report 15107
WineHQ Bug Report 15119

Technorati Google, Chrome, beta, browser, Wine, Linux
Site Search Tags: Google, Chrome, beta, browser, Wine, Linux

Covered OS versions:

- Netware 5, 5.5, 6, 6.5
- Open Enterprise Server (OES) Netware Kernel 6.5

iManager versions:

- iManager 2.5
- iManager 2.6
- iManager 2.7

Issue:

You have installed Netware, and iManager on your server box. Suddenly, when you tried to access iManager from your browser, you’re greeted with the “Error 503: Service Unavailable” notification.

This is related to how Novell LDAP (NLDAP) and Netware’s server certificates, and how iManager authenticates through LDAP via Apache Tomcat. There’s a possibility that the server certificates are corrupted or the changes that took place for the server certificates were not propagated to the services that need them. Yes, Netware does suffer corruption every now and then due to the nature of the file system it currently uses. It still uses FAT/FAT16/FAT32. This could be resolved by moving to OES-Linux kernel instead of using pure Netware or OES-Netware kernel.

Solution:

We will need to stop Tomcat, Apache web server, and Java. We will then need to rebuild our server certificates. After which we will need to restart our services.

Actual Commands:
On the Netware command line, type the following commands:

NETWARE: tc4stop
(Terminate Tomcat. For Tomcat 5.0, use tc5stop instead.)

NETWARE: ap2webdn
(Shutdown the Apache web server.)

NETWARE: java -exit
(Shutdown Java.)

NETWARE: pkidiag
(This will open the PKI wizard for detecting and repairing public key infrastructure in Netware. Follow the menu items namely 4, 5, 6, 0)

NETWARE: tckeygen
(Restore LDAP connectivity for Tomcat.)

After a few minutes, start the services.

NETWARE: tomcat
(You may also use /tomcat/5.0/bin/startup start to start Tomcat 5.0.)

NETWARE: ap2webup
(Start up the Apache web server.)

Try opening your iManager again and login (http://ip_of_your_server/nps/iManager.html)

If you found anything erroneous in this tip, feel free to post a comment.

Technorati Tags: Netware, iManager, OES, LDAP, Apache, Tomcat, Novell, Error,503
Site Search Tags: Netware, iManager, OES, LDAP, Apache, Tomcat, Novell, Error, 503

This problem appeared early on sometime around November 25, 2007. To put it simply, its a malware propagation scheme that takes advantage of vulnerabilities of the web servers, CMS, cPanel, some framework, as well as the machines that visit the infected sites. Yes, the magnitude of this exploit is quite huge. What’s more, it infects machines irrespective of operating system platform.

So what is this “problem” really? Its a propagation “framework” if you must — that uses good old Javascript and more of it. It also includes a dash of rogue .htaccess in your Apache server for good measure. How ingenius this is? Well, to put it simply, when you visit an infected site, you’re treated to the sweet taste of Javascript. Except that you’re not seeing anything obvious. Everything is transparent and oblivious to the visitor. You wont feel a thing when this bugger hits your browser. And the icing on the cake on this bugger is that each iteration of the Javascript that will be thrown at your browser will only be once per IP. And no, you cannot wget again using the same IP you’re using now. Once you try and wget the same JS script file, you’d get 404 outright. Once you’re infected, you’ll be deluged with requests from the other infected sites begging your machine to download their own randomly generated versions of the same JS script.

For a more deep down penetration, it scans the visiting machine for vulnerabilities that can be exploited. Yes, your favorite iTunes cuddles with this bugger too along with some of your favorite applications. On Win-machines, ActiveX is the main culprit. However on the server side, whitehats are still continually looking for ways to neutralize this silent threat. The mystery is not on the infection. Its how the servers were compromised and made them host to the rogue code. And most of the detailed discussions were hidden from public view for fear of feeding the kiddies further. Good bet is that automated exploit tools were used to compromise the sheer number of servers in record time. Probably a mutated variant of Metasploit running on various hosts on a botnet simultaneously doing their rounds randomly until an unwitting, seldomly patched server is encountered. And then the carnage starts again until a good number of machines are “droned”. Then when the visits come trickling into the sites, there’s no turning back.

Its already 2008 and this critter is still happily frolicking under the virtual sun. You might have an updated AV (Kaspersky and AVG were known to catch this), however, its a matter of time before you too will be assimilated.

No I won’t give more details about this. Google might give the answer but not me. I’m already busy.

---

Technorati Tags: Javascript+worm, security, exploit, hacking, penetration, Apache, Linux,
Site Search Tags: Javascript+worm, security, exploit, hacking, penetration, Apache, Linux,

The following article contains opinions and personal views of the author and will be taken as such. There is no guarantee to the accuracy, timeliness of some of the information that may be found within the article. The methods that are discussed here might not be applicable in your case. The author will not be held liable for any damage caused by using the method/(s) described in this article . Use the methods at your own risk. - hardwyrd

If you’ve downloaded documentations, help files, and how-tos, I’m pretty sure you’re very familiar with CHMs. CHMs — or Compiled HTML Help (or Manual) files, were pretty much popularized by Microsoft (shudder…) and was(is) in use by Microsoft Help. CHMs are pretty much compact in its own allowing plain HTML help files to be crammed into a single file and yet have its layout and objects intact.

On Linux however, this file format is not natively supported. You’d have to use a reader app to get to the info contained in CHM files. One of those popular CHM readers is gnoCHM. Another, also popular CHM reader is xCHM. xCHM is the one we will take a short look for today.

xCHM is pretty much a basic and simple CHM reader. It features a very simple interface, with standard browsing buttons that you can find in virtually any type of internet browser. The reader afterall is like a browser on its own showing you the contents of a compiled “web site”. Using xCHM is a no-brainer. Since xCHM is not a part of the standard install of your favorite distro (not that I’m aware of), we need to get the package and install it ourselves. For this session, I am using SLED10, however, at the bottom of this article you will find steps in installing it in Ubuntu or Debian.

Getting xCHM
You can get the latest stable xCHM build from its website at Sourceforge. Or you can copy and paste the following to your browser:

http://xchm.sourceforge.net/

In the xCHM site, you can choose to download pre-built binaries for your specific distro, or you can get the source and compile xCHM yourself. I will feature building xCHM from source. Should you want to feel “gung-ho hard core” about this exercise, you may get the package using wget by doing the following in your terminal:

wget http://jaist.dl.sourceforge.net/sourceforge/xchm/xchm-<version-number>.tar.gz


Once you have downloaded the xCHM source, we will need another set of package for it. xCHM uses the wxWidget GUI Library. If your distro doesn’t have this included, we will need to get wxWidget from its website. You may go “gung-ho hard core” again and do the following in your terminal:

wget http://prdownloads.sourceforge.net/wxwindows/wxWidgets-<version-number>.tar.gz

Let’s Build!
Once you finish downloading wxWidget, we will need to extract it and compile it.

# tar xzvf wxWidgets-<version-number>
# cd wxWidgets-<version-number>/
# mkdir buildgtk
# cd buildgtk
# ../configure --with-gtk
# make
# make install
# ldconfig

With a working wxWidget install, we can now proceed to installing xCHM. Again, we will need to extract the xCHM source package and install it.

# tar xzvf xchm-<version-number>.tar.gz
# cd xchm-<version-number>/
# ./configure
# make
# make install

That’s all there is to it!

To test if xCHM works, just type xchm in your terminal or open a chm file directly by typing xchm /path/to/your/file.chm.

For Ubuntu / Debian users, you may get wxWidget by first adding the wxWidget trusted key.

# curl http://apt.wxwidgets.org/key.asc | sudo apt-key add -

Modify your /etc/apt/sources.list to include the wxWidget repo.

# wxWidgets/wxPython repository at apt.wxwidgets.org
deb http://apt.wxwidgets.org/ DIST-wx main
deb-src http://apt.wxwidgets.org/ DIST-wx main


Do an update of your apt cache.

$ sudo apt-get update

Install wxWidget.

$ sudo apt-get install python-wxgtk2.8 python-wxtools python-wxaddons wx2.8-i18n

Once wxWidget is installed, you may proceed in installing xCHM from your Ubuntu repo. Make sure that you search first if xCHM is present, then proceed to installation.

$ sudo apt-cache search xchm
$sudo apt-get install xchm


You can also do wxWidget and xCHM installation in one command sweep after you have added the wxWidget repo.

$ sudo apt-cache search xchm
$ sudo apt-get install python-wxgtk2.8 python-wxtools python-wxaddons wx2.8-i18n xchm

No sweat. ENJOY!

Screenshots

Technorati: xCHM, chm+reader, CHM, reader, Linux, gnochm, SLED10, Ubuntu
Site Search Tags: xCHM, chm+reader, CHM, reader, Linux, gnochm, SLED10, Ubuntu

You have been searching the web for solutions to your problems and along the way you have found a treasure trove of tips, tricks, and pages that you just had to download. However, you’ve found no link to download the PDF version. What would you do?

Usually, you’d open up OpenOffice.org, copy and paste the content from the site, and click File, Export to PDF. Or you can do it a little simpler, and quicker.

Adobe has launched its online PDF creation service which allows you to upload your file, or reference a site, and it will generate the PDF for you that you can download to your computer. Downside is that you will need to of course subscribe to their service at a cost.

“I just need to export an entire online page to PDF.”
I’m telling you now, you can do what Adobe allows you to do at no extra cost. Yep folks — at no cost! To convert that secret tip page you’re currently reading, you can just open up your browser and point it to:

http://savepageaspdf.pdfonline.com/pdfonline/pdfonline.asp?cURL=_SITE_URL_&
page=1&top=0.5&bottom=0.5&left=0.5&right=0.5

Make sure that its all on one line and change _SITE_URL_ to that of the page url that you want converted to PDF, press enter, then save the file when prompted.

One caveat though is that there might sites that have content on floating divs that might be dynamically generated. There are times that those might not be included in the export. So far, for static pages, and most printer-friendly versions of your favorite pages, they can be exported to PDF without any hitch.

Technorati : PDF, pdf, online, export, tool, Adobe, Acrobat
Site Search Tags: PDF, pdf, online, export, tool, Adobe, Acrobat

Many of us who happen to spend a huge amount of our time on the internet do so and rely on our browsers. We rely on our browsers for virtually anything we do on the internet. From communications, to research, to purchasing anything, and just about any service that is available off the internet.

To keep our browsers up to date with fixes and patches, we follow a distinct routine of updating our browsers as soon as patches and fixes become available.

However, Polish hacker Michal Zalewski released another set of flaws for patched Internet Explorer and Mozilla Firefox browsers.

The published flaws are not pretty. And these flaws are not good for users unless the publicized flaws will be corrected in the browsers themselves.

Zalewski announced the flaws at Full-Disclosure

I have tried his simple online demos of the exploits and could now see that a lot of these malicious coders will try to incorporate these exploits into their arsenal. Add to that the viral and nuisance “marketing” sites will be using techniques derived from these revelations from Zalewski.

It wont be long, I’ll be disabling JavaScript support should this remain unfixed in upcoming browser releases. Or perhaps, I’ll go Opera provided it will not be running under IE mode or Firefox mode.

Firefox, Internet Explorer, browser, security, flaw, hack
Site Search Tags: Firefox, Internet, Explorer, browser, security, flaw, hack