June 15th, 2010
DocMGR is a free, powerful document management system for Linux servers
One of the biggest challenges when working with teams or organizations is information collaboration. Although tools like email and file servers exist, they do not solve the problem of easily allowing outside contractors or remote employees access to important files, and file servers also do not have the ability to save multiple revisions of a file. These common problems are easily solved with the use of a document management system. A good document management system will also have a way to send files to external clients or consultants- people that might not have access to your network.
DocMGR is a popular document management software solution for Linux servers. DocMGR has been in development since 2005, and the most recent versions include advanced features such as PDF exporting, and a built-in document editor. DocMGR requires a few software packages to be installed on your Linux server (in addition to PostgreSQL and Apache), such as OpenOffice and ImageMagick. Typically, DocMGR takes about an hour to an hour and a half to install.
Once installed, log into the DocMGR interface using the default username admin. When logged in, you are welcomed by a customizable home page.
 DocMGR's home screen is completely customizable. From here, you can view your files in thumbnail format (handy for images), or in a list format, which allows you to easily export documents as a PDF.
 DocMGR offers list as well as thumbnail views. One of the nice features of any document management system is the ability to have both private and shared files. DocMGR’s ACL is easy to edit for folders, giving you the flexibility in controlling exactly who is able to view and change your files. Subscriptions can be setup for shared folders, so that you are notified when the contents of a folder are changed.
 DocMGR shared documents, and thumbnail view. DocMGR’s built-in editor is quite sophisticated, and supports spell checking as well as the insertion of multimedia files. The editor requires OpenOffice to be installed on your server, and it also allows you to easily edit any document stored within DocMGR (without requiring programs such as Word™ on your computer).
 DocMGR contains a built-in document editor. DocMGR contains a built-in email client (for sending only), which allows you to send any file in DocMGR via email. DocMGR also contains an address book feature, which allows easier organization of frequently used contacts.
 DocMGR can email files within DocMGR directly. I am particularly impressed with the ability to not only email files, but also to send download links to for large files. This way, you can send someone a very large attachment (that might otherwise fill up their mailbox), which they can download via a special link (that expires within 24 or 48 hours). I particularly liked the idea that if I send someone a link to download a file, that link is automatically removed after a specified time. Any time that I send someone a link manually, I usually forget to delete the original file from my server the next day. This feature helps to keep your server tidy, and secure.
 DocMGR offers the ability to send links to large files directly. DocMGR’s way of selecting users is my only real complaint. If you look at the screenshot below, users are selected using the search field at the top right corner. Normally, you would expect a drop down list, or another way to select individual users. The search field is not very user friendly, here. Despite this one fault, the rest of the user management is easy and fast once you get used to selecting users via the search field.
 DocMGR user management is quick, once you get used to the interface. While we’re on the topic of searching, this is perhaps one of DocMGR’s biggest strengths- the search times for documents are extremely fast. In addition, DocMGR can even search within the contents of files for what you want- in case you forget the filename.
If you have the need for a document management system, I would highly encourage you to take a look at DocMGR. With it’s many features and fast performance, it’s a wonder that this document management system is available for free. If you don’t want to tackle the installation of DocMGR yourself (and it’s many dependencies), feel free to contact me, and I will install it on your server for you.
Tags: DocMGR, document management system, web-based software
Posted in Cool Software | No Comments »
May 4th, 2010
A security audit is probably one of the least requested services that I perform, and for a good reason. Truth be told, most of my clients don’t think about security when it comes to their Linux server. After all, Linux is an extremely stable and secure Operating System. Assuming that some sort of basic Linux server maintenance is being performed, the server should be safe from most types of root compromises. However, server maintenance usually won’t protect your server from the more popular web application attacks.
A good security audit will test your server for:
- XSS vulnerabilities
- Operating System vulnerabilities
- Weak user names and passwords
- SQL Injection vulnerabilities
- Server application vulnerabilities
- Insecure configurations
- Information disclosure vulnerabilities
Using advanced scanning tools, you can test for all of these potential vulnerabilities on your server. Tools such as nmap allow for advanced port scanning, and the tests the ability of an attacker to detect possible sensitive information about your server. Tools such as Nikto scan a server for web application vulnerabilities, and reveal information disclosure vulnerabilities.
If you hire someone to run a security audit on your server, ask questions beforehand, such as what scanning suites will be used, and ask for references. Any professional should have quite a few references, and should be able to identify the scanners that will be used against your Linux server. In addition, ask them if after hours scanning is available, so that your business is not adversely affected by these scans.
If you have any further questions about security audits for your Linux servers, please feel free to contact me.
Tags: linux security, server security
Posted in Work | No Comments »
March 29th, 2010
Instead of making a post about Linux solutions (or Linux itself) today, I thought I’d share the fruits of my Friday with you. Friday morning and afternoon was rather uneventful, so I decided to get out of the office early for an emergency fishing trip. I call this trip an emergency trip, since the rivers have recently thawed, and I renewed my Montana fishing license on the day before. Since “all work and no play makes Chris a dull boy”, I was determined to make the most of an otherwise dull day.
Luckily, the Yellowstone and Stillwater rivers are a quick 20 minute drive from my office, so I was able to spend about four hours fishing. With the wind chill at 38 degrees, I was comfortable with a cap and hoodie. The wind was blowing at gusts of 20 MPH, which made casting at times difficult. While we’re on the topic of casting, I’d like to mention that I was using minnow lures, and an assortment of flies tied to a floater. Not exactly the fanciest way to catch trout, but it works!
 Two Montana Rainbow Trout What you’re looking at are two of the four fish that I caught on Friday. I never thought to take a picture of the third (a 14 inch trout), and the fouth trout for the day was let go (less than 12 inches). The trout on the left is about 15 inches, while the trout on the right is 17 inches. The average size for Rainbow Trout in Montana is right about 13-16 inches, for what that is worth.
Since I never went to culinary school, and my wife is the chef in the house, I will probably cook these beauties using possibly the easiest trout recipe ever:
Easy Trout Recipe
Ingredients:
- trout (duh), cleaned and left whole
- lemons
- black pepper
- cayenne pepper
- olive oil
Directions:
- Coat the trout in oil lightly, while sprinkling black cayenne pepper on the outside of the fish.
- Cut lemons into wedges, and insert one wedge into the trout’s cavity.
- Wrap the trout in aluminum foil, and cook at 375 degrees in the oven for 20 minutes total, flipping the trout in the oven after the first 10 minutes.
- Once cooked, remove the trout from the foil, and gently scrape the fish off of the bones. Enjoy!
Hopefully next my blog post will be about something Linux related- but until then, good luck fishing!
Tags: Montana, Rainbow Trout
Posted in Personal | No Comments »
March 22nd, 2010
Is your Linux server down?
This one question has the power to keep us all up at night. Linux servers host your websites, handle your email, and manage your network. Your Linux server is the heart and soul of an online presence, since your databases and web applications all run on top of your server. Put simply, if your server is down, so is your business. Downtime means lost sales, and lost customers (present and future revenue). If you can’t afford downtime, you need a good server monitoring program. One such software solution is called Nagios, and it’s quite powerful.
Although Nagios isn’t the easiest web-based software solution to install (most of the server configuration is done by editing configuration files), it is extremely easy to use, once configured. Nagios presents you with a web-based status screen, which allows you to quickly view the status of all of the servers that you are monitoring. Nagios isn’t for just Linux servers either, Windows servers can be added to monitor as well. Once you are logged into Nagios, you can view the detailed status for all of the monitored servers by clicking on the “Service Detail” link.
From here, you can view the detailed information about when Nagios last checked the status of a service running on your server, and view the results of that last check. Pretty boring stuff so far, since nothing is broken. Let’s break the POP3 service on our server, and see how Nagios reacts. Within one minute, Nagios has flagged the POP3 service as being in a “critical” state. Nagios requires four failed connection attempts (by default), before an alert is issued. This is important, since sometimes a request is dropped by a router in between Nagios and the destination server. The Internet is a crazy place, and sometimes traffic isn’t delivered to it’s destination in time. Therefore, Nagios will wait for four consecutive failures, before it issues an alert.
 Critical Alert Once Nagios has failed to connect to the server four consecutive times, the server is then placed into an alert status. From here, depending on your Nagios configuration, an email can be sent, a text message sent, or even a sound played through speakers connected to your Linux server.
 Nagios email alert Once we have successfully fixed the issue with the POP3 daemon on our Linux server, Nagios will remove the critical warning on the server, and place the server into an “OK” state. Once the monitored server’s status is changed to “OK”, emails and SMS text messages are once again sent, to inform everyone that the monitored server is fixed.
 Nagios SMS Text Message Alert In addition, the host status on Nagios is now displayed as “OK” on the service status page.
 Nagios Host Status OK In addition to monitoring, Nagios also supports the ability to create logs and uptime graphs which display host uptime and service stability in an easy to read format. Host state breakdown reports allow you to easily view and export server and service uptime reports.
 Nagios Host State Breakdown Report In addition, you can also schedule downtime with Nagios, so that alerts aren’t issued when a service or server is taken down for routine maintenance. The downtime window is completely custom, and Nagios gives a summary of all planned downtime, by clicking on “Downtime”, on the navigational bar.
 Nagios Scheduled Downtime In the end, Nagios has the potential to save you both time and money. WIth Nagios, you won’t have to worry about whether or not your server is working- Nagios will let you know as soon as your server is unavailable.
Tags: nagios, web-based software
Posted in Cool Software | 1 Comment »
March 8th, 2010
This weekend, I wrote yet another article, Linux Mail Server Software- A Comparison of Popular Mail Transfer Agents. I wrote this article, since many of my clients often ask me what the best Mail Transfer Agent, or MTA would fit their needs best. Although the article brings up some good points, it doesn’t get into a great amount of detail (as articles rarely do) about the different features of the many available MTAs. Here are some additional points:
- Qmail’s license is not an open source license, but instead is licensed under the public domain. As such, it does not come with a copyright license, which may restrict the ability to distribute Qmail.
- Postfix is easier to extend, with support for Sendmail’s milters. For instance, enabling DKIM support for Postfix is trivial.
- Although Postfix is faster at sending large volumes of email than Exim (“out of the box” configuration), You can easily improve Exim server performance.
- I’m still trying to figure out why Sendmail is still used on Red Hat Enterprise Linux (and why it is still the most popular MTA)- Sendmail is definitely going the way of the dinosaurs- with it’s cryptic configuration, and security nightmares.
- Zimbra, while not a fair comparison against the others, excels in group collaboration. I’ve never had a client disappointed with it’s feature set, or performance. While not the best solution for a high volume mail server, Zimbra is very good at making email easier to use, and more powerful (without that dreaded Exchange).
I’ll stop short of recommending a “one size fits all” solution- in the end, it all matters on YOUR needs, not the software itself. There is no true winners or losers- just different solutions. As always, feel free to contact me if you have any questions about which solution meets your needs better.
Here is the article:
http://linuxconsultant.info/tutorials/linux-mail-server-software.html
Tags: Linux Mail Server Software, Linux MTAs
Posted in Online Additions | No Comments »
March 1st, 2010
One cool web-based software solution that I’ve stumbled upon lately is OpenEMM. OpenEMM is a mass mailing software solution for email marketing, sending newsletters, and mass mailing. Although I’ll admit that my experience with this particular niche of software is limited (I’ve installed and used SugarCRM, and PHPlist in the past), I’m really in love with OpenEMM’s layout and organization. Where OpenEMM really shines is the ability to quickly setup a campaign or single mailing event, and start to get emails flowing. OpenEMM contains it’s own email system (more on that later), so it’s basically self contained.
To get started with sending emails through OpenEMM, you first must create a “mailing”, which can either be a part of a campaign, or by itself (a cool feature when testing this software). After you complete a short wizard, you can fine tune the mailing very easily:
 Creating a mailing in OpenEMM Once you get the Mailing setup in OpenEMM, you can then add email addresses, or recipients, into OpenEMM (maybe it’s best to add those first, but it’s more fun to create the mailing first- it doesn’t really matter which order you do them in). One really nice feature, as you can see, is that it’s short and to the point- if you just want to add email addresses and get on with your life, OpenEMM does a very nice job of that!
 Adding an email address in OpenEMM Moving on, we also have the ability to create a template in OpenEMM to use for our mailings. This is nice, since the templates look professional, clean, and can be configured using variables for database variables (such as first and last names). I hate the impersonal feeling of mass mailing, and the inclusion of this feature is nice.
 OpenEMM email template Speaking of editing templates, OpenEMM allows you to preview how your template will look at different resolutions. This feature is really nice, since I use static table sizes in my designs, and I’m always curious as to how the border regions of tables look at higher/lower resolutions.
 Template preview feature in OpenEMM Now that I’ve talked up OpenEMM enough to sound like a commissioned salesman, let’s talk about some of the disadvantages:
- OpenEMM doesn’t appear to support an external mail server- you can either use the mail server built into the server that OpenEMM is installed on, or you can use the bundled mail server.
- OpenEMM’s mail server doesn’t always work 100% out of the box. If you want to switch mail servers, there isn’t a graphical way to do this. It would really be nice to have an “email server configuration” page built into OpenEMM. That way, I could use a mail server that is located on another server.
- OpenEMM requires the installation of Java from Sun, and also a user account created. OpenEMM isn’t the easiest mass email marketing software to install.
However, none of these disadvantages are particularly crippling. Time wise, I would say that it took me about an hour or so to install. Although I’m just playing with mass email marketing software at the moment, if I ever do decide to take the plunge and get started, OpenEMM will definitely be the software that I will use.
Tags: mass mailing software, OpenEMM, web-based software
Posted in Cool Software | No Comments »
February 20th, 2010
I wrote a new article this weekend, titled Web Application Protection- Ways to Protect a Web Application from Hackers. I wrote this article to help some of my clients, who have asked about the different methods available to prevent an attacker from successfully compromising a web application. The methods recommended include setting up SSL to encrypt traffic, using mod_security, and using iptables to block netblocks or domains that would never use the web application (for instance .cn, .af, .lt, .ru, etc). However, there are a few methods that I didn’t talk about:
Use .htaccess to further restrict requests to web directories
Using .htaccess files can be a great way to restrict access to a web application, or add a password authentication feature where such a feature does not exist (for instance, to protect a private wiki). A nice benefit that .htaccess authentication gives us is the ability to authenticate against a MySQL or LDAP database. Combined with SSLv3 encryption, .htaccess authentication can be very secure.
Snort-Inline
Although I did mention mod_security can be used to firewall the web application (if you are running Apache), another solution is to use Snort-Inline to secure your web application. Although not for the faint of heart (it’s fairly easy to make a mistake when installing Snort-Inline, and lock yourself out of the server), Snort-Inline goes above and beyond what mod_security offers. Acting as a Network Intrusion Prevention system, Snort-Inline doesn’t stop at just filtering web application attacks, but can also be extended to monitor practically every major server software solution.
Hopefully, these tips will have helped out both clients and readers alike- in today’s world of automated bot scans and worms, it is far too common that web applications are exploited. Some of these measures will mean the difference between a successful compromise, and a harmless attempt.
Here is the article:
http://linuxconsultant.info/tutorials/web-application-protection-protect-a-web-application-from-hackers.html
Tags: Apache security, Linux firewall, web application protection
Posted in Work | No Comments »
January 25th, 2010
It’s amazing all of the small stuff that you overlook when you develop and build a website. You think of functionality, cross browser compatibility (my websites are unique in that Firefox is the dominant browser), but rarely does it cross anyone’s mind to check for W3C compliance. Well, you can now rest assured-http://linuxconsultant.info is now fully W3C compliant.
Why not take the plunge, and check for W3C compliance on your site, using the W3C Validator? You might be surprised at it’s results (as I was on my site).
Eventually, I might enforce W3C compliance on all of my sites. A good thing about checking for W3C compliance is that you also learn how to write proper XHTML. A common mistake that I’ve made on about 90% of my web pages has been with using capital letters for tags (A, BR, P, etc), which is apparently against XHTML standards. I’ll be the first to say that I’m not a great web designer- but tools like this can help anyone be better at making their own webpages (or more importantly, making them cross browser compatible, and standards compliant).
So, enjoy your browsing experience at http://linuxconsultant.into, as it’s now fully W3C compliant!
Posted in Online Additions | No Comments »
December 20th, 2009
We have all heard the saying, “an ounce of prevention is worth a pound of cure”. This is especially true when the topic of server maintenance comes up.
All too often, I have worked on Linux servers that were woefully out of date, or that didn’t have a backup plan in place. Sometimes a client’s initial problem could have been fixed easier and cheaper just by following some routine maintenance tasks. At a minimum, here is a list of things that should be done monthly to maintain a Linux server:
Installation of Operating System updates
Examine all available system and daemon logs for irregularities
Confirm backup integrity
Check available system resources (and make plans to upgrade resources, when necessary)
These simple maintenance tasks can help prevent ugly surprises (no one likes those), and increase server uptime. In addition, the installation of Operating System updates helps keep your server secure (the second most common compromise method is through insecure software). Most of us know the security impacts of not installing security updates on our workstations- why not carry over that mentality to your server?
Also, it wouldn’t hurt to occasionally check for updates on software which might not come from your Linux distributor (such as WordPress, PhpBB, etc). Too often, my clients will think that their site is secure, only to be surprised when an old exploit is used against their blogging or forum software.
The best part about regular server maintenance is that is isn’t really expensive when compared to the cost of fixing an out of date server. My own Linux server maintenance services start at just $25. The nice thing about the way that I have organized this offering, is that it gives my clients choices as to the level of maintenance that is performed on their server monthly. Some of my clients prefer little more than Operating System updates, while others sleep better at night knowing that their server’s security has not been compromised. In addition, I also email my clients monthly reports, which let my clients know exactly what is going on with their servers. I have example reports available for the Basic, Advanced, and Premium maintenance plans.
Which plan you decide is best for your server is entirely your choice- but I’m a big fan of the advanced maintenance plan. It combines the most common (and important) maintenance tasks together, in a package price that’s easy to afford. The important thing to remember is that no matter who works on your server, it is maintained in a sensible and responsible manner. Nothing is worse than a disaster that could have been avoided with routine maintenance!
Posted in Work | No Comments »
October 13th, 2009
This weekend, I spent all day Saturday posting articles to websites, and getting backlinks for a client. The client wanted a fairly easy goal- 100 backlinks. However, the client didn’t want to pay an arm and a leg for these backlinks (honestly, who would). I admit that I briefly thought about outsourcing the work, and saving myself the time and effort of getting backlinks for this client’s website. After all, who wants to spend their Saturday in front of a computer, posting content to a website?
When I came up with this SEO plan for this client, I realized that it would be less effort and stress NOT to outsource the work. Yes, I would essentially be working for less than what I normally charge (I didn’t even want to think about what this paid per hour). Yes, this work is less than glamorous (really, who enjoys building backlinks?). However, if I would have outsourced this particular task, I would have spent many days going back and forth with the freelancer building backlinks (differences in time zones, and all of that). Plus, the client would have paid more money in the end (the amount that I quoted the client was the average outsourced price, I could have cut maybe 20% off of that by haggling, and then add in the costs for me to supervise and double-check the work of the freelancer).
Don’t get me wrong here, I’m not against outsourcing. Heck, a part of my business depends on it. When your budget isn’t too tight (here, the amount that I quoted the client was quite low), you can find freelancers that will be able to follow the specifications on work without much supervision. However, link building campaigns are horrible campaigns for finding talent (if you want it done cheap). As an example, I once had a freelancer who, upon “completion” of the SEO backlinking campaign, I discovered had linked his own blog instead of my client’s website (the freelancer was instructed to use three links per article, and the freelancer used 2 of those three links to promote the freelancer’s own blog). As another example, I had a freelancer work on a similar campaign a while back, and the freelancer did great work. Minimal supervision (always good) was required, and the individual understood the work to be done. The difference between these two outsourced projects was the price. The project that had a bad freelancer was a short and cheap project. Conversely, the project that had a higher budget and a longer deadline had the better freelancer.
The way that I see it, if I can get a particular task done in less than a day, sometimes it’s best not to outsource. I’m paying that price right now, where I’m waiting on a Perl programmer to email me a fix to his script (it’s been 5 days now). Outsourcing has it’s place- just not with the small and cheap projects.
For those who are wondering (this isn’t a service I advertise), I do often manage projects involving outside coders or freelancers. I’ve been involved with projects ranking from 30 line scripts, to large software deployments. My experience has told me that sometimes, it’s best not to outsource a particular project. Instead, roll up your sleeves, and get the job done yourself. It might not be fun, but neither is the hassle of outsourcing work!
Posted in Work | 2 Comments »
|
