Monday, July 26, 2010

Installing Oracle XE on 64 bit CentOS Linux

In this paper is described how to install Oracle XE on a Linux 64 bit.

1). First you must run an update of your entire system.

# yum update

2). Install additional 64 bit packages.

# yum install binutils compat-db control-center gcc gcc-c++ glibc glibc-common gnome-libs libstdc++ libstdc++-devel make pdksh sysstat xscreensaver sendmail bc

3). Install 32 bit packages

# yum install libaio compat-libstdc++-296

4). Install Security Packages

# yum install system-config-security*

5). Install Oracle XE

# rpm -ivh oracle-xe-univ-10.2.0.1-1.0.i386.rpm

6.) Configure Oracle XE and done!

# /etc/init.d/oracle-xe configure

Tuesday, November 24, 2009

JOOMLA / DOCMAN - Administration page slow performance problem


We encountered the following issue during an implementation for a customer's site.

Note: We run our Joomla! Site on a very lean Virtual Machine over CentOS. On a later date, if there appears to be interest on the subject, we may run an article with tips about this sort of setup, and the advantages to be derived from virtualization.

Let's confirm the issue is the same as ours by going through this checklist first:

  1. You have Joomla 1.5 (.15 in our case) with Docman (v. 1.4.0 stable) installed.
  2. You moved your Joomla server, by changing the server name or the server IP.
  3. Joomla front end site runs at normal speed, but administration site takes between 20 sec to 1 min or more to load the administration menus each time you reload the page.
  4. Icons for Docman links under the Components menu in the Administration console are not there anymore. Example below.

The reason behind this crazy problem is that DOCMAN, when installed, creates static (absolute) references in the database to the IP or the server name for the icons in the components menu. When the server is moved to a different IP address or a different server name the links to the icon images are broken, which causes the menu to take a painfully long time to load each time the administrator page is changed or refreshed.

The Proven Solution to this obscure problem:

1. Connect to your Joomla database (if you have phpmyadmin installed, you may run the query directly in there. For security reasons, we have chosen not to install phpmyadmin, and access MySQL through the command-line interface):
# mysql -u root -p
mysql> use joomladb
2. Verify and confirm that your links are broken by issuing the following query:
mysql> SELECT admin_menu_img FROM jos_components j where j.option = "com_docman";
3. Run the following update statement to modify the records in your database for Docman:
mysql> UPDATE jos_components j SET admin_menu_img = REPLACE(admin_menu_img, LEFT( admin_menu_img, INSTR( admin_menu_img,'components') - 1) ,"" ) WHERE j.option = "com_docman";
mysql> commit;
4. ... and welcome back performance!!! Now the components menu in the administration console should look something like this:



Hope this solves your performance problems, it did for us and our customers, and the backend of our Joomla! site is now lightning fast.


Monday, September 7, 2009

SMB's: Easy steps to protect your digital assests

Most security threats are more prevalent in small and medium organizations. This happens typically because SMB's either don't have the investment power to update all the systems with security nor have security personnel dedicated to creating a complete strategy for the digital assets. However, in a SMB scenario, digital assets sometimes are one of the most important columns, and if compromised or lost can break an entire company.

By the use of some common sense and implementing some of the security solutions available in the market, we can make sure our SMB becomes security self-sustainable for years to come.

The spectrum of systems technology has changed so much in the last years, that is very difficult to keep track of what is the best way to keep systems secure.

The easiest way to approach this challenge is to first apply common sense to each layer of our digital assets, starting at the physical and infrastructure layer, followed by the system or server layer, and finally the users' PC's, known in the security world as the "End Point".

If any one of these layers is compromised, then the entire system becomes susceptible to intrusion, identity theft and/or data leakage.

Lets look at each layer in separate:

1.) Physical and Perimeter Layer:
  • Servers and routers must be placed in a secure location, not accessibly physically to anyone who shouldn't have access to them. Only system administrators should have access to this area.
  • If the business network is connected to the internet (most of them are nowadays) use an appliance firewall or UTM (Unified Threat Management System) to connect to the internet. UTM's are fairly inexpensive, and there are multiple solutions available in the market.

2.) Systems and Servers layer:
  • Each server must have its own firewall activated. Make sure to close all unused ports.
  • Keep all servers' OS and software up to date with a patching strategy. If possible, patches should be applied automatically everyday.
  • If its not an overkill for the system administrator, apply recommended security configurations based on the NSA documents for hardening systems for each server. How much effort to put into hardening should be directly proportional to the value and sensitivity of the data that could be subject to attacks.
  • Change default passwords and use complex password schemes.
  • Make sure applications and domains are set to ask users to change passwords every 3 moths or so. Also use complex password schemes for end users.
    Again the degree of effort and inconvenience that this may represent for your users is directly related to the value and sensitivity of the data they need to access. More sensitive or valuable data should require harder passwords that are frequently changed.
  • Communications to servers over the network should always be encrypted if possible. i.e. use SSL for web applications, SSH for terminal connections, SFTP for secure transfer of files, etc.

3.) End Point Layer (user PC):

4.) All Layers:
  • Run a vulnerability assessment for your entire network at least once each quarter. There are companies like GB Advisors that can provide this service, or sell the software required to run this type of assessments. The resulting reports will provide an insight of your network vulnerabilities and how to fix them. Because system vulnerabilities are discovered every day, companies should have vulnerability assessments done to their network on a regular basis.

Important note:
Digital security changes every day, as a minimum you should have an 8 hour research about digital security once or twice a year.

Hope this provides an open guide to start looking as security as part of your IT strategy, if it isn't already.

Tuesday, August 11, 2009

GB Advisors, Inc New Blog Area

Welcome to GB Advisors new blog area. Here, we will posting information about different technology subjects, from databases, web services, web applications, amongst other. Our company, GB Advisors, is a high-level company specialized in the development of integral technical solutions. It was established in 2004, and currently serves clients in Puerto Rico and the Caribbean. Our personnel’s high level of expertise, and the quality of our services, have resulted in a rapid increase in the demand for our solutions, as well as in the diversification of the services we offer.

We boast a highly trained multidisciplinary team, and ample experience in the implementation of corporate and government solutions. This allows us to deploy customized solutions for a wide variety of organizations, in all kinds of environments.

Hope you enjoy this little insight to our world of Technology Solution Advisory.

Regards,
Alexander Guédez