Blog Posts

Finally got the network map looking like I wanted it. You'll want to delete \\CORE\ldreports\ldms_core\ldms_core.css and replace it with the one from ldms_core 3.3.3 to enjoy this mofessional lookin style. Or don't, if you like that really ugly green on black look. I'd really love to see how some bigger maps get laid out, if someone could post some screenshots that would be great.

Any member may post articles anywhere, within the guidelines set on the main page.

Member accounts without associated email addresses have been deleted... you may be affected if you haven't used it in the last few months.

The LANDesk Community is becoming a great place to find information.  We have a lot of technical documentation about using features.  We also have a lot of common errors and how to fix them.  Finally we have the occasional very specific walkthrough tutorial.  "How to silently install Microsoft Office 2007 with patches in an Active Directory environment to Windows XP SP3 clients that previously had Office 2003 installed and have the firewall turned off, if your favorite color is green," isn't too far off some of the titles I've seen.

Throughout that documentation I can see LANDesk's potential.  I can see great power ready and waiting to be harnessed and put to work.  What I don't see is more general documentation or user friendly tutorials that contain enough detail on how to make all this happen.  I would call that a LANDesk Applied category.  While thinking about the general lack of LANDesk Applied documentation I had a great idea: Why not generate light by taking a glass bulb, putting a thin filament inside, and then running an electrical current through it!  Turns out Thomas Edison already patented that idea in 1880.  With that option off the table I went to Plan B: I designed a device to use pistons and a series of small explosions in a controlled environment in what I called an "Engine".  Unfortunately it didn't emit light, so I scrapped that plan also.

Oh well, I guess I'll start a blog about how to harness the power of LANDesk and make it work for you.  Please leave feedback and let me know what topics you are most interested in learning more about.  Is it Software Distribution?  Is it Patch Management?  How about using the Management Gateway?  Is there a limitation in the product you've hit that you'd like a possible workaround for?  Just let me know and I'll focus my energy on providing solutions to the most common questions.

On the other side of the equation I talk to people on a daily basis who have excellent ideas about how to use LANDesk.  These people (you might be one of them!) have developed processes and/or utilities and scripts that they use on a daily basis so they forget how slick they really are.  If you have a process that works extremely well let me know about it!  Do you have a script you feel everyone could use?  Send it over!  I want to share knowledge about how to use LANDesk in "the real world", so getting real use examples would be very beneficial to anyone who is trying to get the most out of their product.

Thanks everyone, next time we'll have some content about using a particular topic.  Give me requests or you're stuck with whatever I want to talk about, and that, my friends, is a scary thought.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

To leave a comment please use the comment button.

If you have a script you would like to be highlighted in this blog please upload it to the Tips & Tricks section of the community and send an e-mail to mach6@landesk.com with details on what the script does and how it is implemented.

Hi,

Last weekend we upgraded the site and introduced a few new features.  The main difference you will see is in the editor used to create new articles and posts - it's been rewritten and is much better than the previous editor.  I invite you to try it out if you haven't yet.  I've also received some feedback saying that the site is faster after the upgrade - that's good news so I hope everyone has seen a performance improvement.  We renamed the terms 'Community' to 'Category' and 'Document' to 'Article' - these phrases fit our site better.  There are a few other fixes and changes you may have noticed but hopefully they will be self explanatory when you run into them.

I just enabled a new feature we have been working on for a while.  We have integrated the SelfService Portal (selfservice.landesk.com) into this site.  There are a couple of reasons why we have done this.  First, we wanted to simplify the experience for customers by giving you access to the features of the Portal and of the Community within a single site.  We want to eliminate the inconvenience of having two sets of LANDesk credentials.  Longer term, hosting the Portal in the Community site gives us more flexibility to introduce future improvements to the Portal.

You can try out the new Portal here: Portal

There are links to a couple of documents there that you should take a look at before you jump in.  In particular, please read How to access the Portal.  Setting up the authentication is not as intutive as it could be, but once it is set up it works really well.

I'm appreciative of all the members who take the time to contribute to this user community.  There are some exciting improvements on the horizon.  We want to continue to make this Community an increasingly valuable technical resource for our members.

You can always give me feedback on the site at community.admin@landesk.com, whether you have found a problem or if you have a suggestion for a new feature or type of content that you would like to see.

Thanks,

Beau Gordon

I've posted a new ldms_core which has a lot of changes (good, bad, and otherwise).

• added ability to report on stale vuln data (greater than 7 days will produce a warning)

• installation directory changes -- NullSoft Installer System uninstallation routine actually assumes a separate directory per program, and was deleting things that shouldn't be deleted when users would remove a program. To correct this, uninstall all Monkeynoodle programs and delete Program Files\Monkeynoodle before installing ldms_core.

• detect dual boot systems via serial number

• fixed &CullIPs again -- I had a function which seemed to do the right thing, but was actually deleting the oldest IP -- the downfall of using a small test set is that the expected result might happen for the wrong reasons.

• Always check that what's supposed to be an IP is one -- failure to do so was causing spurious calls to DoNMAP and CullIPs

• LDMS statistics graphing and trending via RRD. This is pretty cool; I'm just generating the graphics and putting them into ldmain\reports\ldms_core for now, but I'll throw together a nice index.html for it in a bit. LDSS stats are not being gathered yet.

• hourglass cursor when setup is doing things

• Unmanaged nodes culling (&CullUDD) failed when the discovered node was a WAP; skipping the attempt for now.

I'm still trying to decide if I want to spend time on a more formalized test procedure and/or beta period... if anyone has thoughts or would like to volunteer as a tester, please let me know.

I'm also having some difficulty with the Right Way(TM) to schedule repeated runs... in the past, I've asked the user to create a Windows scheduled task, but those quit working when the service account password changes. Currently I'm creating a LANDesk scheduled task, but those are finicky and are least likely to work on the cores which most need an automatic maintenance program. I could go to a long-running service, but memory consumption is high and that introduces a whole new set of potential problems. Ideas are welcome.

LANDesk cores are getting more stable all the time, and I'm just not seeing the need to check that everything's working every 10 minutes any more. I've taken the service checking routines from ldms_status and put them into ldms_core 3.1.2 so that it can check and restart services once, when it runs, instead of all the time. I'll leave ldms_status online of course, but I don't see a lot of future for it at this time and will mark it obsolete real soon now.

Here's some roadmap for ldms_core, with discussion of the items:

• It's been 7 days or more since you downloaded content -- I still need to find the best way to filter this. The publishdate column in vulnerabilities is one option, but could false positive. select count(*) from vulnerability where publishdate > getdate()-7; if that value is 0, complain.Maybe even run vaminer.exe instead of just complaining?
• List uninstallable patches? This will probably not be possible, at least without introducing a lot of bugs. XML blobs need to be extracted from the database and parsed, which seems like a lot of work for a little gain.
• More progress indications, for instance after clicking Authorization button in setup. Not exciting.
• Group patches by vendor? Probably not something I can do in this context.
• Topology map. Gateways become nodes, devices sharing gateways are grouped in clouds around them, subnet masks decide size of circle. Core's gateway is in the center and traceroute hops to the other gateways are used to define the map. Use Perl::Graph to generate HTML? This is the one I want to work on next. select defgtwyaddr,count(address) from tcp where nullif(address,'') is not null group by defgtwyaddr
• Kick out a Google Earth file to plot non-RFC1918 addresses on a map. The topology map and this map would both be dumped into the LANDesk reports file share, I suppose.
• Check scheduled tasks and policies for status, alert if lots of jobs have bad status
• Switch to MIME email so I can send multipart messages with attachments, such as those maps. That would also allow reworking of some of the log messages into a table format, using HTML. I prefer the retro look of Text::Table, but it probably can't be displayed properly by the average LANDesk admin's email program.
• The new alerting system might be a better way to look for sync scan issues than using event viewer. If it ain't broke, don't fix it, but it's possible that database lookup would be faster.
• Keep old information and show trend lines on a purty chart, http://search.cpan.org/src/CHARTGRP/Chart-2.4.1/README. This is going to involve storing data and managing time and I'm just not in a big hurry to reinvent that wheel.
• Find a way to detect stuck LPM Event Listeners. Not even sure if this is a database or filesystem issue, but it needs to be found and fixed.
• Convert into a long-running service? Probably not going to happen, I just can't come up with enough justifications to explain why I'd want to go through the hassle.
• Cull Automatically Gathered software definitions with no installations. This is going to be hard, and may not be compatible with the changes planned for LDMS 9.0, but it also would be a lot of bang for console performance. Tempting.

ldms_core home page

The new alert system in version 8.8 can get stacked up on low-performance cores, and it doesn't purge records unless you tell it to. ldms_core will now check that queue and purge records older than X days. There's also an email test button in the setup window, so you can make sure you've got email right.

I've also updated the manual.

Back in the June 08 LANDesk Link LANDesk made an announcement about its commitment to support the Secure Content Automation Protocol (SCAP). As part of that commitment, a few of us from LANDesk checked out the 4th annual Security Automation Conference in Gaithersburg, MD. Follow along with me as I recap the conference.

Just one quick note: I want to briefly mention how impressed I was with NIST’s organization and execution of the conference. Thanks NIST, and I am looking forward to attend next year’s conference.

Day 1 (Sep. 22, 2008): Tutorial Day

This day was really helpful for one of my fellow co-workers that was still a little unsure what the contents of SCAP alphabet soup were. The day’s presentations were helpful in identifying the different roles each of the SIX SCAP standards played. The XCCDF & OVAL presentation really helped this co-worker understand why OVAL and XCCDF are the “meat and potatoes” of SCAP. Check out http://nvd.nist.gov/2008-presentations.cfm?workshop1All if you’re interested in seeing these presentations.

Day 2 (Sep. 23, 2008): Conference Day…so it begins

This was the first official day of the conference, and it started off with normal administrative remarks and description of the day’s activities. Being sponsored by NIST, it was no surprise that the initial introduction was filled with physics, math, and general geek jokes… now I know why I wasn’t able to hang out with the cool kids at school. I wonder if I would have taken my AP Calculus test they would have let me sit with them.

I want to start by talking about the FDCC Technical Discussion. There were a few topics that were talk about that’ll just briefly mention. One of the first items discussed was the need for a report standard that clearly shows which machines that comply and ones with deviations. Another topic covered was where one could find technical information on the FDCC outside of NIST’s website. Microsoft’s FDCC blog was mentioned as alternative resource (see the link below). The third topic discussed was NIST may be considering the retirement of the FDCC Virtual Machines. Yet another topic covered was the requirement of purchased software to be compatible with the FDCC configuration, and each software vendor needs to provide some sort of self assertion. For the slide deck to this presentation and others presented on this day see: http://nvd.nist.gov/2008-presentations.cfm?conf1All

Microsoft blog: http://blogs.technet.com/fdcc/archive/2007/12/24/set-fdcc-lgpo-utility-to-apply-fdcc-settings-to-local-group-policy.aspx

Day 3 (Sep. 24, 2008): Conference Day 2…so take that

The start of the second day was kicked off by a rather clever presentation that cleared any misconception that SCAP is powered by “The Dark Side.” I can only hope it wasn’t some Jedi mind trick…

The day’s official presentations started off with Karen Evans, from OMB, who had a few things to say about the FDCC and SCAP in general. Karen brought up a couple of important topics that I think are worth discussing, but I will spare you by only rambling -on about one of them. Karen touched on the concept of how costly it can be to deviate from a prescribed security policy or standard. The point being this, an agency that deviates from something like the FDCC standard will be spending more money than it needs because it has to manage each deviation individually. For the most part I agree with this argument. This is because an IT organization has to spend extra time in devising a plan to mitigate the risks associated with the deviation; also this organization has to take extra time to manage the difference in system configuration. These are just a couple points among others that illustrate why it is costly to deviate from a set configuration standard or security policy. I am going to leave this topic here because this could be a blog topic in itself.

The next presentation worth mentioning is Intel, General Dynamics, and VMware’s joint presentation on their partnership in securing the virtual environment. The biggest benefit I see from their efforts is the ability to isolate memory and hardware access so that each VM cannot negatively affect another VM’s operation. However, read for yourself at: http://nvd.nist.gov/2008-presentations.cfm?conf2All

Thanks for reading and look for more posts in the future.

Today I enhanced debug mode and provided for a debug logfile. I also did a bunch of refactoring and bug fixes... maybe half of what Perl Critic suggested. This isn't an urgent release unless you're having trouble, might as well wait for 3.0.

http://www.droppedpackets.org/scripts/ldms_core/ldms_core_2-0.zip/view

I've got some reports of problems with NMAP... it crashes and takes ldms_core.exe with it. That's not supposed to happen, so if it's happening to you, please let me know and send a debug file.

UPDATE: Talk about relentless... Arnold Garcia tested with the new debug stuff and helped me find a problem, along with some more debugging suggestions. I did some more refactoring as well, so I've posted again and let's call it 2.9.8. This is worth upgrading to if you've had trouble with NMAP.

The TODO list:

1. TODO -- Test email button in the GUI

2. TODO -- Setup should install a LANDesk LOCALEXEC script to run it

3. TODO -- Provide visual feedback of activity stage, level

4. TODO -- Check scheduled tasks and policies

5. TODO -- plot non-RFC1918 addresses on a map

6. TODO -- keep old information and show a trend.

7. TODO -- purty Charts, http://search.cpan.org/src/CHARTGRP/Chart-2.4.1/README

8. TODO -- when you find duplicate IP addresses, wipe out the one that has the

9. older update date.

10. TODO -- If the database isn't busy, reindex it? Detecting a need to reindex

11. the database seems to be just as intrusive as actually reindexing the

12. database. More research required before this can be done safely.

ldms_client currently stores email information like this:

"Computer"."Email"."PST Files".$name_of_file."File Location" = location

"Computer"."Email"."PST Files".$name_of_file."File Size" = size

"Computer"."Email"."PST Files"."Total File Size" = size.

That makes it easy to do a query for "systems where there is lots of PST file space taken up", which would be something like "Computer"."Email"."PST Files"."Total Disk Size" > 1000 MB.

It is however impossible to query "a list of all PST files and their sizes and locations."

Are there many people who want that sort of a listing? Changing the behavior at this point is likely to break something for existing installs.