Previous Next

Jack Coates' Blog

March 2008

ldms_client released

Posted by Jack Coates Mar 25, 2008

 

http://www.droppedpackets.org/inventory-and-slm/ldms_client/

 

 

This is a centrally managed client inventory extension tool... it gathers a bunch of information that the base LDMS client doesn't. Currently, that means battery, netstat, nic duplex, landesk policy status from the client's perspective, PST file sizes, broker configuration mode, and the domain members of local groups. Here's a screenshot of the administration tool:

 

 

 

 

 

In the future, it will also include a startasuser.exe-powered HKCU key fetcher. I'm also thinking of produkey support and OSX support.

 

 

0 Comments 0 References Permalink Tags: ldms_client, inventory_extension, battery, netstat, duplex, droppedpackets, pst_files, domain_members

NMAP and Process Manager

Posted by Jack Coates Mar 11, 2008

 

http://www.droppedpackets.org/process-manager/ldms_nmap_lpm/

 

 

No doubt about it, this is a cool trick. However, I've gotten a lot of calls and emails from people building solutions based on these ideas, and I feel the need to clarify a few things:

 

  • NMAP isn't perfect. Network health, distance from the target, age of nmap version, type of device being scanned, and the weather in Katmandu can cause its accuracy to vary wildly.

  • LANDesk isn't NMAP. If you're getting goofy results, your best (only?) recourse is to work with the NMAP team to improve the results: http://nmap.org/osdetect/osdetect-unidentified.html

  • Even at less than 50% accuracy, the tool can still be useful. This trick is typically employed in environments where a network security breach is extremely important, or where the tracked equipment is worth as much as a new car. If an XDD event is not worth getting out of your chair to investigate, then integrating NMAP into LANDesk may not be worth your time... but if it is, using this sort of technique can be a lifesaver at any accuracy level.

 

0 Comments 0 References Permalink Tags: nmap, lpm, droppedpackets, xdd, udd

ldms_status updated

Posted by Jack Coates Mar 7, 2008

 

version 1.9.6, download from: http://www.droppedpackets.org/scripts/ldms_status

 

 

Most message boxes have been replaced with bubble tips, making it more responsive when it has a lot to do (e.g. restarting all your services after an upgrade).

 

 

 

 

 

0 Comments 0 References Permalink Tags: ldms_status, droppedpackets, services, upgrades

 

Met with a customer today, who mentioned their security guy wanted to get another spyware scanner.

 

 

"Why?" he said. "We've got LANDesk Security Suite."

 

 

"Well, it doesn't do a good job."

 

 

So, we take a look at Security & Patch Manager > Unassigned, and there are 710 spyware definitions in there. Even so, Detected still had about twenty definitions catching on a handful of machines each. Reports > Spyware > Machines Not Scanned Recently > 7 days.... the report is 23 pages long.

 

 

We printed all this out and added http://www.droppedpackets.org/howto/manage-security/ on top.

 

 

I wish I could say that's the first time I've had this sort of conversation. Why not use it?

 

 

0 Comments 0 References Permalink Tags: security, patch, spyware, compliance, scan

Demo gear

Posted by Jack Coates Mar 3, 2008

 

Getting a laptop to run a LANDesk demo successfully gets to be a really ugly challenge as you start adding service desk to the scenario. A lot of people resort to using two laptops or an external drive. Here's what I'm currently doing:

 

 

Host: T61p with 4gb ram and an ultrabay hard drive adapter, Windows Server 2003 standard. I installed XP on the system first, and used Lenovo System Updater to identify and download the drivers that it would need. I then copied those to an external drive, and installed Server 2003. The /3gb and /PAE switches should be added to boot.ini. Before installing the drivers downloaded from XP, you'll want to right-click the main setup file and choose Compatibility: Windows XP. I've installed VMWare Workstation, Office 2003, Verizon VZAccess, Pidgin, Gimp, Active State Perl Dev Kit, Wireshark, and VideoLAN. It's reasonably stable (e.g., locks up no more than XP or Vista), and it sees all the RAM. I did try Vista 32 bit and 64 bit, but the performance was completely unacceptable for my needs. I also have a Macbook Pro running Panther and VMWare Fusion, which is a great solution... equal to, and in some cases better than Server 2003. The only reason it isn't my primary is that you can't get two disk spindles, and I'd have to upgrade my cellular card. Oh, I also dislike OS X's UI... apparently "intuititive human factors design" is referring to someone else.

 

 

VMWare configuration: Configure a NAT network, and put all the VMs on it. Disable VMWare's DHCP server.

 

 

Tin: AD VM: Windows Server  2003 standard. I'm currently using the built-in Windows SMTP service and POP3 service, but they really stink (can't do groups, can't do IMAP, bizarre client compatibility problems). I need to upgrade to Exchange or build a Linux image to handle email. 128 mb ram, 10gb disk space. I'll need to bump the ram to run Exchange. What with LDMS RBA, Service Desk, and Process Manager, there's 13 user accounts grouped into several different levels (front line support, second line, change control board, &c).

 

 

Granite: LDMS/LDSS/LPM VM: Server 2003, SQL 2000, and the aforementioned products. 1 gb ram, 20 gb disk space (not enough, patches and packages are killers).

 

 

Diamond: Service Desk VM: Server 2003 and service desk, using the database server on Granite. This is still a work in progress, because I'm building from scratch instead of modifying the kit. 1gb RAM, 20gb disk.

 

 

Soapstone: XP Client VM,  512 mb ram and 10gb disk. I have profiles for all 13 users on here, with thunderbird and firefox. I also have the TVT console and tools installed.

 

 

All VMs have disk defrag jobs scheduled for nightly runs, as does the host.

 

 

Lavatube: I have a gateway VM installed on a Xubuntu host in my house's crawlspace (sorry, the Colocation Facility).

 

 

2 Comments 0 References Permalink

No lack of opinions

Posted by Jack Coates Mar 3, 2008

Here's some roadmap for some of my back-burner projects, no particular order:

 

  • merge ldms_nmap_udd into ldms_core, convert ldms_core into a long running service. It would be really cool to merge ldms_status's functionality in too, maybe even using it as a UI... I don't know how feasible that UI thing is though, so it probably won't happen any time soon (the whole idea of "show a message box if someone is logged in interactively, or send an email if they're not" is annoying to consider).

  • merge ldms_battery, ldms_policy, ldms_nic_duplex, findpst, ldms_netstat, and perhaps a nice kitchen sink into one client side program. Add a generic registry key getter, and core-side configuration file. The intent is to provide a mechanism for centralizing ldscnhlp.ini configuration.

  • Document some (safe? how about effective?) methods for integrating external data. This ongoing project lives here: http://www.droppedpackets.org/misc/external-unmodeled-data/view

 

0 Comments 0 References Permalink Tags: utilities, roadmap, droppedpackets

Popular Blog Posts

Incoming Links

LANDesk Community powered by Jive Software's Clearspace ® Subscribe| Legal Notices| Investor Relations| Avocent| Privacy Policy © 2009 LANDesk Software