Like Nagios, Cacti is capable of monitoring your servers, as well as processor, memory, network, and disk utilization on your networking devices. After initial installation, adding hosts to be monitored can be completed using nothing but the web interface.

Installing Cacti is fairly straightforward. There are even customized distributions, such as CactiEZ, which is a CentOS derivative, to make for an even easier install. Cacti can even be installed on a Windows host.

Cacti is incredibly useful right out of the box, but with a few plugins Cacti’s functionality can really begin to shine. The following is a handful of plugins that I think no Cacti installation should be without. The CactiEZ distribution includes a lot of these plugins out of the box. All of these plugins can be downloaded at http://cactiusers.org/downloads/.

CLOG – CLOG provides all of your Cacti logs in an easy-to-use interface built into the Cacti web GUI. This can be immensely helpful in troubleshooting issues within your Cacti installation.

Discovery – This plugin can be used to track down SNMP-enabled hosts on your network that haven’t been entered into Cacti yet.

NTop - While this plugin only provides your ntop data within an iframe, it allows you a single interface to get a full overview of exactly what’s going on in your network.

Thold - “Thold” is short for threshold. This plugin allows you the ability to configure thresholds and alerting. If you want to get an email or text message when a disk is nearly full, or a network link is reaching max capacity, this plugin is what you need.

Weathermap - This plugin is really cool. It allows you to draw maps of your network. Once the maps are drawn, you can assign graphs to the different links. These links will be updated in real time, changing colors based on utilization. This gives you a quick overview of how the network is performing.

These are just a few of the many plugins out there that make Cacti such a great tool.

More interestingly, perhaps, many of the participants in the survey reported that they are switching to OSS for non-financial reasons such as:

• Better security/bug fixing
• Faster time to development
• Improved reliability
• Easier to maintain the software
• Better match of software to organizational/business needs
• Auditability of the software
• Better quality software than proprietary systems

At AppliedTrust we have experience with a wide range of Open Source Software.  Many of the servers we support are running on the Linux kernel, many of the webservers are running Apache, PHP, and MySQL.  We use Cacti and Nagios for monitoring, and Mantis, PMWiki, and MediaWiki for tracking bugs and technical issues.  It makes sense that at a time when companies are looking to cut costs and conserve money, many would look to enhancing their use of free and Open Source products.  I firmly believe that Open Source makes sense, not only from a financial perspective, but also because of the power and flexibility it gives you over your IT destiny.  When a client wants to add a piece of functionality to Mantis, not only is that a straightforward task, but they know that it will be easy to find programmers that can do the work.

I think we should all remember, however, that OSS is not a panacea.  For instance, Linux web servers usually provide great return on investment, but it’s important to integrate them properly into your environment.  If you use Active Directory to authenticate your Windows hosts, set up your PAM modules to authenticate against AD on your Linux hosts as well.  MySQL is easy to set up and maintain, but it’s important to remember to secure it properly by creating accounts and restricting access appropriately.  Staying abreast of vulnerability announcements and installing security updates is just as important as it is with proprietary software.  Luckily, administration in the Open Source world isn’t any harder than in the proprietary world – it’s just different.  And if you need a few pointers, there are some great resources available (warning, shameless plug!) such as the Unix and Linux System Administration Handbook, 4th Edition.

In any event, it’s an exciting time to be in the IT industry, and it’s especially exciting as a consultant to be able to point out such a wide variety of choices to our clients.  The number of solutions to any given problem seems to multiply with each passing month, and that can be no bad thing.

Writing a book of this magnitude is an intense process that I learned all about. The steps to produce the book, from inception to dead trees, include:

• Brainstorm and agree on full topic list
• Brainstorm and agree on contributing authors
• Assign chapters to authors and contributors
• Write chapter, distribute for review
• Integrate reviewed comments from all other authors, distribute to external reviewers
• Integrate external review comments
• Repeat for all 32 chapters
• Edit chapters
• Index chapters individually
• Engage artist (Lisa Haney) for new chapter cartoons, dividers and cover art
• Engage outside organizations (IBM, Sun, HP) for test equipment
• Regular (semi-weekly) meetings with authors, occasional meetings with publisher
• Read and revise page proofs, searching for any obvious errors or inconsistencies
• Deliver final manuscript to publisher and wait patiently

One of the biggest challenges in producing this edition was the distributed collaboration effort. We Skyped regularly to stay in sync. Evi was around for much of the development, but we also corresponded with her while she was sailing in the Caribbean and the Pacific. We used a subversion repository for the Adobe FrameMaker source files to avoid stomping on each other’s work. I’d say this was met with mixed success; Frame’s binary files are hard to merge, despite Garth’s valiant efforts at a scripted solution.

Special thanks to our named and unnamed contributors whose efforts are highly appreciated and certainly worthy of recognition. This is the best edition yet!

Goodie #1: Learn why version control is important for all businesses across the board.

Goodie #2: Get some assistance in deciding “Git or Subversion? Git or Subversion? Git…?”

Goodie #3 (otherwise known as the cherry on top): Meet Jim Turpin, one of our fabulous network engineers, who embodies the concept of multi-discipline to a T both inside and outside of the office.

Click here to read Q3 2010, and, as always, enjoy the treat!

We’d love to hear from you, so please post your comments and questions here.

Twitter is well known for great application-layer monitoring and instrumentation, so this gap in monitoring is a surprise. It exposes a common misconception among social software companies – that their server and network infrastructure is “covered” by their hosting provider.  As web applications scale to even 1/1000 the size of Twitter, software becomes critically interdependent on the underlying network. Infrastructure should be instrumented and monitored at least as closely as the software that depends on it.

For more The Barking Seal articles on monitoring and troubleshooting, see:

1) Set goals: Both in exercise and in information security, it is good to set goals. For example, before I can write up a training plan for myself, I need to know what race I’m training for, and what my target pace is. Similarly, before I can write up my information security plan, I need to know what information I need to protect and how much protection I need (is this credit card data, or is it records of what color paint my store sold last year?)

2) Stick to the plan: Sometimes on Saturday morning at 6 a.m. I don’t really want to go for a run, but I know that the only way to reach my goal is to throw my legs over the side of the bed and stand up. I also know that the best infosec plan in the world does no good if it doesn’t get followed. It may not be fun to conduct that periodic audit again, and it may be frustrating to have to patch those darn servers in the middle of the night so you don’t impact the production systems, but you’ve got to do it. A plan in a drawer is no plan at all!

3) Make the plan doable: I could probably run my race a lot faster if I was willing to quit my job and train full time, but that’s just not practical. I need to keep perspective on the rest of my life and make the plan something that I can accomplish. The same is true for the security plan. It’s not reasonable to expect your team to install each and every patch within 24 hours of release. Save that extreme stuff for the really critical items that only come up once in a while. Be reasonable, and you’ll make everyone’s life easier. No one wants a security approach that flies in the face of usability. But there are some things that just can’t slip – and make sure you know what those are. Passwords, for example: I know it’s easier to remember five-letter passwords with no complexity requirements, but if you let that happen, you may as well forget the rest of the plan.

4) Celebrate your successes: I run with a group twice a week, and the coach keeps track of our times throughout the season(s). When I hit a personal record, she knows it and we celebrate the accomplishment. Do the same thing with security! Did your annual assessment just come back with 20% fewer recommendations? Did you just pass a penetration test with flying colors? Great! Celebrate! There’s always another mitigation recommendation you can implement, but don’t forget you’ve done many already, and congratulate yourself on a job well done.

The Deepwater Horizon rig was equipped with a vessel management system (VMS), which records dozens of different metrics about the conditions on the rig and in the well. These VMS logs would contain valuable details about the blowout, much like an airplane “black box” is essential in understanding a plane crash.

Steven Newman, the CEO of Transocean, said during a recent senate hearing, “There is some delay in the replication of our data, so our operational data, our sequence of events ends at 3 o’clock in the afternoon on the 20th. And so the VMS system, along with the logs of the VMS system, would have gone down with the vessel.”  The blowout and massive explosion happened at 10, taking eleven lives and seven hours of VMS data to the bottom of the ocean. Representative Bruce Braley from Iowa followed up with “So you have no mirrored backup data device so that that information is recorded at some other location than on the rig itself?”.  Newman replied, “We do not have real-time off-rig monitoring of what’s going on on the vessel”.

The costs to synchronize this data back to shore closer to “real-time” are nothing compared to the catastrophe at hand.  If an IT Disaster Recovery risk analysis had been performed, this replication delay would have stood out like a sore thumb.  We can be certain that new congressional regulations will be established to ensure that VMS data is replicated back to shore in a timely manner, but what about the rest of us?  Now is a perfect time to take a look at your business and make sure that critical data is being backed up appropriately to an off-site location.

Removable media: We all have them, maybe a few of them in different sizes. They’re invaluable for various administration tasks. Trying to get network drivers onto that new machine you’re re-installing? How about bringing one with you when you have to patch a few machines that aren’t on the domain? Or loading Knoppix LiveCD onto one for resetting administrator passwords? We love flash drives, but we also know they can be perfect vectors for malicious users. As with many types of technology, as their popularity increases the more lucrative it becomes to write virus code that targets them.

I have personally run across several viruses that will try to copy themselves onto any drive attached to the infected machine. This means that if you plug your flash drive into an infected machine, a virus can easily copy itself onto the drive and then propagate itself to every computer you use thereafter. You may say to yourself, “Well, this will never happen to me, I’m a lot safer with the machines I use with my personal flash drives.” I was once in that group and I completely understand the logic, but one experience changed my entire outlook on flash drives, and Microsoft AutoRun. A family friend came to me one day and asked me to find out what was wrong with his laptop. It didn’t take me very long to figure out that it was heavily infected with many viruses, so I went to work cleaning them off. I obviously did not want this machine on my home network (or connected to any network, for that matter), so I copied a malware removal program to a handy flash drive, attached it to the infected laptop, and started cleaning. Shortly thereafter, I decided I needed to use a different application for a specific virus found on the infected laptop. You know where this is going. I moved the flash drive back over to my personal computer, and before I knew it Microsoft’s AutoRun opened my flash drive for me and executed the virus that had moved itself to my computer. Bam. Two infected machines. Maybe AutoRun is to blame for this particular incident, but I feel that the popularity and sheer number of flash drives in use presents a high likelihood of this same thing happening to other folks. The easy fix here is to turn off AutoRun and the companion feature AutoPlay on every machine that you can. Had I done this on my home computer, I could’ve simply reformatted the flash drive before Windows tried to run anything found on the flash drive.

Here is a link to the Microsoft KB article on how to disable AutoRun in Windows via local security policy or domain policy, if you’re a domain administrator. Please think of the flash drives, and do this to all computers you administer.

Viruses don’t present the only problem for flash drives, as the small devices can be easily lost. They can slip out of your pocket when you’re pulling your keys out, or they can be left on a desk after you pack up your bags and head home for the day. It then becomes very easy for someone to grab your flash drive, connect it to their machine, and read any unencrypted data on the drive. I have found a few flash drives on the CU campus and, with the desire to return them to their rightful owners, put them into a machine (that now has AutoRun disabled) to find information on its owner. This has netted mixed results, but in one case an instructor had put his class grades into a spreadsheet and kept it on the unencrypted device. I was able to find the owner (as it happened to be a class that I was taking) and give the drive back to him, but not without first reprimanding him about storing my grades on removable media and then leaving it lying around campus. If you would like the portability and convenience of using a flash drive for storing sensitive documents, then please check out TrueCrypt and encrypted volumes. While it may not be secure enough for some people, in my opinion it does provide enough security for the average user. If this isn’t enough security for you, then you probably shouldn’t be storing your data on a flash drive in the first place!

As illustrated above, either by pure curiosity or the Good Samaritan in you, it’s common for people to take found flash drives and plug them into their computer to find out what’s on them. While most company policies would prohibit employees from doing this, it’s still common in the corporate world. I remember reading an account about a company using USB drives for a social engineering experiment. Keeping in mind that this was all sanctioned by the target company’s management, the company wrote a Trojan that would gather passwords and logins and also computer information and then email that information back to a specific machine. The company then put this Trojan onto 20 flash drives and “lost” them in various places around the business. Thanks to AutoRun and employee curiosity, “15 were found by employees, and all had been plugged into company computers.” (Reference: Here) They were able to get username and passwords for company machines without emailing the employees directly, or by phishing, or by any other notable virus transmission vectors.

In summary, we all need protection when it comes to these handy little devices. Encrypt your flash drives if you want to store sensitive data on them, and turn off AutoRun on all machines you use them on. You can save yourself the potential of embarrassment, wasted time and money, and a compromised machine just by taking the proper precautions with AutoRun and encryption.

This infographic from Focus claims that IT-related positions compose three of the top 10 “Best Jobs in America.”  Systems engineers, IT project managers, and security consultants are ranked at number one, number five, and number eight, respectively. The graphic also indicates that 7 of the top 35 jobs are in the IT sector. Interestingly, there are only 13,000 security consultants, far fewer than the 200,000 IT business analysts, or the nearly 800,000 software developers.

Health care jobs also have a strong representation in the list. It’s a good time to be a security consultant working extensively in the health care sector. I’m excited that I regularly play the role of system engineer, project manager, and security consultant, often all in a single day.

The data was gathered from cnnmoney.com, payscal.com, and the U.S. Bureau of Labor.

We’re just a few weeks away from sending the latest edition of the Unix and Linux System Administration Handbook to press, and as of today you can get a preview online at the Safari site.

This 20th anniversary edition brings the best of Unix System Administration Handbook and Linux System Administration Handbook together, and adds coverage of  IBM AIX to updated coverage of Oracle America Solaris (formerly Sun Solaris), HP HP-UX, Ubuntu Linux, SUSE Linux, and RedHat Linux.  In addition, it includes significant all-new coverage of system administration scripting languages such as Python and Perl, as well as virtualization, green IT, and modern standards and compliance management challenges. This is the ultimate system administration bible.

We’re very proud to have 4 Applied Trust staff members on the author team for this book (me, ned, ben, terry).  Look for the printed version in your favorite bookstore this June (or, pre-order at Amazon now), but enjoy the Safari online preview in the meantime!