Oracle Linux Kickstart Install : failed to open /tmp/ks.cfg

While booting your Oracle Linux installation from an Kickstart NFS server, if you receive this error message below, all you you have to is granting permission to read the file to 'others' group.

# chmod 644 /kickstart/ks.cfg

Link : Useful blog article about IPtables.

One of the best blog articles ever found about IPtables.

http://alper.web.tr/2009/05/25/iptables-6-matches/

Splunk universal forwarder agent, Windows 2008 + Active Directory installation problem

I just wanted to try Universal Forwarder agent of Splunk v5 on my test Active Directory domain controller which is running on Windows 2008.

The service accounts privileges were Ok and I applied the whole procedure. By the way the service account had Domain Admin privileges but each time I tried to install the agent, I had the same error message.

"splunk installer was unable to start splunk services exit code '4'"

The resolution is weird, pointless but simple.

Try to type the service account as "account@domain" instead of "domain\account".

Symantec SSIM : End of sale.

http://www.symantec.com/connect/forums/symantec-security-information-manager-ssim-being-discontinued-new-customer-sales-september-5-?utm_content=buffere4d01&utm_source=buffer&utm_medium=twitter&utm_campaign=Buffer

Link : Case Study: Analyzing a WordPress Attack – Dissecting the webr00t cgi shell – Part I

http://blog.sucuri.net/2013/11/case-study-analyzing-a-wordpress-attack-dissecting-the-webr00t-cgi-shell-part-i.html

How to create Splunk / Citrix Netscaler log integration ?

It's not so easy to link a Citrix Netscaler WAF / LB to Splunk log management system and display the logs as mentioned in Splunk documentation. I spent more time than I thought. There is no explanation for this procedure in the documentation.

I will talk about my own way.

If you think that will be enough to apply the whole procedure in the link, you are completly wrong. No logs, no definitons.

http://support.citrix.com/article/CTX132533

Here is my procedure ;

- Splunk 5.0.4, build 172409
- Citrix Netscaler NS9.3: Build 50.3.nc

1- Create the correct rule in Netscaler. Please pay attention to the port is 8514.

2- You should create the Audit policy and link with the server that we recently created. After that, you should link it with the Global Policy which is not appearing the screen capture. 

3- You should create an Index in Splunk.

4- You should create a "Data Input" in Splunk.

5- You should enter the same information below.

6- You should download the Splunk App for Netscaler and install in Splunk.

http://apps.splunk.com/app/370

7- Now you should the the first logs.

The path "" is not a valid path to the X.X.X generic kernel headers

I was trying to install VMware tools for Vsphere 4.1 to an Ubuntu 12.04 LTS server (right here I should say that I hate the VMware Tools Gcc and Make needs.)

During the installation it stopped with the error below.

Searching for GCC...
Detected GCC binary at "/usr/bin/gcc".
The path "/usr/bin/gcc" appears to be a valid path to the gcc binary.
Would you like to change it? [no] 

Searching for a valid kernel header path...
The path "" is not a valid path to the 3.8.0-29-generic kernel headers.
Would you like to change it? [yes]

The solution is right here : 

http://askubuntu.com/questions/131351/how-to-install-vmware-tools

sudo ln -s /usr/src/linux-headers-$(uname -r)/include/generated/uapi/linux/version.h /usr/src/linux-headers-$(uname -r)/include/linux/version.h

Simple but boring.

Event ID : 6398. The Execute method of job definition. Microsoft.SharePoint.Search.Administration.SPSearchJobDefinition threw an exception. More information is included below.

Last weekend I added a Sharepoint 2010 Foundation server to my SCOM 2012 environment and also I installed SCOM reporting tools on it. It ran successfully a couple of days. By the way, the system was using Windows 2008 std operating system and SQL 2008 Express edition (bundled with Sharepoint).

One day, I started to receive several critical messages after creating a dozen of dashboards.

Event ID : 6398. The Execute method of job definition Microsoft.SharePoint.Search.Administration.SPSearchJobDefinition (ID 03892b58-25da-42ac-83dc-a0fc845d3322) threw an exception. More information is included below.

The device is not ready.

First action : I downgraded my Sharepoint 2010 to SP2 level. But the messages came back after restarting the server.
Second action : I upgraded SQL Express to SP3 level. This time, I had another messages ( but I dont think they are related with SP3,but they are here.)

Event ID 70 : The mount operation for the gatherer application d4236074-0931-4a56-866e-0d9592fe61ae has failed because the schema version of the search administration database is less than the minimum backwards compatibility schema version supported for this gatherer application. The database might not have been upgraded.

I spend a couple of hours and found the solution. After the Sharepoint upgrade, there are some manual commands to execute. The blog belowed suggests these actions for SP1 but I applied all at SP2 level and it was ok. In my test environment it took 3 minutes.

http://blogs.technet.com/b/sbs/archive/2011/07/06/potential-issues-after-installing-sharepoint-foundation-2010-sp1.aspx

"1. Open an Administrative command prompt. 
2. Change directory to C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN 
3. Run PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures"

MySQL Workbench 5.2.38 install fails "MSVCR100.dll not found"

I dont remember how and why, but I needed to install MySQL Workbench on my Windows 2008 standart server. It was a clean an fully updated server but I received the error and the installation failed :

MySQL Workbench 5.2.38 install fails "MSVCR100.dll not found"

After a quick research in MySQL forums I got the solution. You should install the Microsoft tools before Workbench. Here is the link ;

MySQL link
http://bugs.mysql.com/bug.php?id=64907

Microsoft tool page link
http://www.microsoft.com/download/en/details.aspx?id=5555

After installing this tool, the MySQL Workbench was installed correctly.

How to follow AlienVault OSSIM with Zabbix ?

During Zabbix games, one of the things that I learned was how to monitor my AlienVault OSSIM system.

By default OSSIM is tracing and auditing all the traffic by its own firewall. You should open the correct port on the firewall.

# vi /etc/ossim/firewall_include

-A INPUT -p tcp -m state --state NEW -m tcp --dport 10050 -j ACCEPT

# ossim-reconfig