Please note that if you are a member of an OWASP chapter, ISSA, ISACA, InfraGard, HTCIA, ECTF or other local security organization, the COINS program offers you a 50% tuition discount for this or any other SANS @Home course.

Being very interested, I contacted Steve Peterson, director of mentor programs. Steve explained that COINS is a fairly new program at SANS. To quote Steve:

The goal of COINS is to work with local security organizations to strengthen the security community by offering SANS discounts to chapter members and free content to chapter meetings. COINS typically will run an event at our conferences as well. If you attend a conference, keep an eye out for the COINS event.

I used the COINS program to signed up for the SANS® +S™ Training Program for the CISSP® Certification Exam (Management 414). While I tend to prefer more technically focused courses, the DoD directive 8570 convinced me that having the Certified Information Systems Security Professional (CISSP) certification would be useful. To quote the 8570 FAQ:

DoD Directive 8570.1 provides the basis for an enterprise-wide solution to train, certify, and manage the DoD Information Assurance (IA) workforce. The policy requires Information Assurance technicians, managers, and members of IA specialties to be trained and certified to a DoD baseline requirement. The Directive’s accompanying Manual identifies the specific certifications mandated by the Directive’s enterprise-wide certification program.

Agencies covered by 8570 include:

• Office of the Secretary of Defense
• Military Departments
• Chairman of the Joint Chiefs of Staff
• Combatant Commands
• Office of the Inspector General of the DoD
• Defense Agencies
• DoD Field Activities
• All other organizational entities in the DoD

Any full or part time military service member, contractor, or local nationals with privileged access to a DoD information system performing information assurance functions — regardless of job or occupational series is affected by 8570. For fiscal year 2008, the goal was to fill a total of 70 percent of the Information Assurance positions with certified personnel.

The tables below describe the DoD Approved Baseline Certifications, according to DoD 8570.01-M. This includes requirements for Information Assurance Technical (IAT), IA Management (IAM), IA System Architect and Engineers (IASAE), and Computer Network Defense-Service Providers (CND-SP). All must be be fully trained and certified to baseline requirements to perform their IA duties.

IAT workforce members consists of anyone with privileged information system access performing IA functions. IAT Level certifications are cumulative. Higher level certifications qualify for lower level requirements. Certifications listed in Level II or III cells can be used to qualify for Level I. However, Level I certifications cannot be used for Level II or III unless the certification is also listed in the Level II or III cell.

IAM personnel are responsible for secure implementation and operation of a DoD information system (IS). IAMs perform IS security management functions for DoD operational systems. Management certifications corresponding to the position level do not cascade down. Each position requires the individual to meet one of the specific certifications associated with that Management Level. An IAM I must obtain one of certifications shown in the IAM I box, such as the GISF. The IAM I should not take the CISSP unless already qualified in one of the certifications listed in the IAM I box (e.g., GISF).

The CND-SP personnel are members of “Accredited” CND-SP teams performing the functions listed.

IASAE personnel perform system design functions, such as requirements gathering.

In the above table, I put CISSP in bold, along with a few other certifications I currently possess, as an example of how a few certifications can help cover requirements for many of the DoD Information Assurance positions. With the CISSP certification, IAT Level I, II and II are covered along with IASAE I and II. It is easy enough to pick up one of the IAM Level I certification, depending on that you are managing, and the CISSP will cover you for IAM Level II and III.

Now if you are not directly affected by 8570, why should you care? There are a large number of military service member, contractor, and local nationals with privileged access to DoD information systems. These folks are performing information assurance functions and DoD 8570 will eventually require them to have various security certifications. At some point, there is a good chance that these certified individuals are going to be competing with you for a job. Management often does not know how to tell the difference between candidates. Obtaining these certifications will help level the playing field so you can get past human resources, obtain management approval, and have the opportunity to impress the security folks. Of course, obtaining training and taking certification exams can get expensive. Thankfully there are programs like the SANS Work Study and COINS program providing great options for those with financially disadvantaged training budgets.

If you are going to be using RT, you need to get the “RT Essentials” book written by Jesse Vincent, Robert Spier, Dave Rolsky, Darren Chamberlain, and Richard Foley. It is a good reference and a quick read. For up-to-date information, see the RT Wiki and the Best Practical Solutions blog site.

Prerequisites

To start, please review the following posts:

1. An Apache Implementation
2. Apache and OpenSSL
3. PHP Implementation
• PHP as a Module
• PHP as a CGI
• PHP Configuration Modifications
4. Introduction to MySQL
5. Setting Up and Securing MySQL: References
6. Implementing a Web Application Firewall with ModSecurity

Install Software

With Apache, MySQL, PHP, OpenSSL, and ModSecurity installed, we are now ready to focus on software packages required by RT.

1. Installing expat.

Different operating systems will vary on whether expat, the XML parser, is installed. Expat is needed to complete the cpan install for XML::RSS. Check your particular operating system.

 root# cd /usr/local/src
 /usr/local/src root# wget http://downloads.sourceforge.net/expat/expat-2.0.1.tar.gz
 /usr/local/src root# tar xzf expat-2.0.1.tar.gz
 /usr/local/src root# cd expat-2.0.1
 /usr/local/src/expat-2.0.1 root# ./configure
 /usr/local/src/expat-2.0.1 root# make
 /usr/local/src/expat-2.0.1 root# make check
 /usr/local/src/expat-2.0.1 root# make install

2. Install FastCGI

For RT, you can install mod_perl or mod_fastcgi. In this posting, we are going to walks through the installation of FastCGI. Information concerning mod_perl will be provided below so the reader can chose what fits best in their environment. FastCGI is much simpler to install and allows the core Apache process to stay small in size. With FastCGI, RT runs as a separate process from Apache allowing RT to be stopped and restarted without affecting the Apache server. In general, FastCGI programs are easier to manage.

The Apache module mod_fastcgi allows a web server to run CGI scripts via a separate, persistent program. PHP comes with FastCGI support compiled in by default, so nothing needs to be done to the PHP installation.

You can have the Apache program call FastCGI, and have it run as the same user as the Apache server or use suexec to have FastCGI switch to a different user. Under some operating systems, suexec may not get compiled and installed when installing Apache. Check if suexec is installed, and if not go back to the Apache source, compile it, and install it. Initially, we are not going to use the suexec program. Instead we will create the group “rt”, add user httpd to group rt, and set permissions that way. You may choose later to use suexec.

 root# ls -la /usr/local/apache/bin/suexec
ls: /usr/local/apache/bin/suexec: No such file or directory
 root# cd /usr/local/src/httpd-2.2.8
 /usr/local/src/httpd-2.2.8 root# make suexec
 /usr/local/src/httpd-2.2.8 root# cp ./support/suexec /usr/local/apache/bin/suexec

Now, we are ready to get mod_fastcgi installed.

 root# cd /usr/local/src
 /usr/local/src root# wget http://www.fastcgi.com/dist/mod_fastcgi-2.4.6.tar.gz
 /usr/local/src root# tar xzf mod_fastcgi-2.4.6.tar.gz
 /usr/local/src root# cd mod_fastcgi-2.4.6
 /usr/local/src/mod_fastcgi-2.4.6 root# cp Makefile.AP2 Makefile
 /usr/local/src/mod_fastcgi-2.4.6 root# make top_dir=/usr/local/apache
 /usr/local/src/mod_fastcgi-2.4.6 root# make top_dir=/usr/local/apache install
 /usr/local/src/mod_fastcgi-2.4.6 root# /usr/local/apache/bin/apachectl stop
 /usr/local/src/mod_fastcgi-2.4.6 root# vi /usr/local/apache/conf/httpd.conf

Add the following lines to the Apache httpd.conf file:

# Load the mod_fastcgi module.
LoadModule fastcgi_module modules/mod_fastcgi.so

Check if installation and configuration is working.

 /usr/local/src/mod_fastcgi-2.4.6 root# /usr/local/apache/bin/apachectl configtest
Syntax OK
 /usr/local/src/mod_fastcgi-2.4.6 root# /usr/local/apache/bin/apachectl start
 /usr/local/src/mod_fastcgi-2.4.6 root# cat /var/www/logs/error_log | grep -i fastcgi
[Fri Aug 01 12:17:22 2008] [notice] FastCGI: process manager initialized (pid 15221)
[Fri Aug 01 12:17:22 2008] [notice] Apache/2.2.8 (Unix) mod_ssl/2.2.8
OpenSSL/0.9.7a mod_fastcgi/2.4.6 configured -- resuming normal operations

For in depth coverage of mod_perl, Stas Bekman and Eric Cholet have written the book, “Practical mod_perl.” They have made the complete book available online in both HTML and PDF format under the Creative Commons Attributes Share-Alike License. Stas Bekman and Jim Brandt have also written the “mod_perl2 User’s Guide Book” where 50% of the book’s proceeds go to The Perl Foundation.

If you are installing under Mac OS X, mod_perl may complain about Perl 5.8.8 being built without threads and you will get a message about building perl with -Duserthreads. If you are determined to use mod_perl, consider dropping back to Apache 1.3.x and using mod_perl 1.x. While Apache 1.3.x is legacy code, and I tend to want to use the code that is being actively developed, there is an argument for using Apache 1.3.x. One major feature of Apache 2.x is threading. On Windows, where most basic libraries are and must be threadsafe, Apache 2 is really the only choice. Earlier Mac OS X releases did not include a completely thread-safe libc, so threading is still not fully supported in Perl. This is why the Perl version that comes with Mac OS X is not compiled to use threads. To use Apache2.x, Perl will need to be configured to use threads. The code is available from the Perl web site.

Rather than getting bogged down in compiling Perl to use thread, we will move ahead and use FastCGI. By the time this post, I will have worked on getting RT installed under Linux, Mac OS X, and FreeBSD. Figuring out what software works best in a multi OS environment can be challenging.

3. Configure RT

Let us start by adding the group RT. Under many operating systems, this would be done with the simple command “groupadd rt.” Things are always more interesting under Mac OS X, where you would have to first look at what group ids (gid), choose an unused gid, and then create the rt group using that gid. Under Mac OS X Leopard, group rt would be created with the commands:

 root# dscl . list /groups PrimaryGroupID | sort -k 2,2 -n
 root# dscl . create /groups/rt gid gid-of-rt
 root# dscl . create /groups/rt passwd '*'
 root# dscl . read /groups/rt
AppleMetaNodeLocation: /Local/Default
Password: *
PrimaryGroupID: gid-of-rt
RecordName: rt
RecordType: dsRecTypeNative:groups

RT’s primary maintenance and documentation site is http://www.bestpractical.com. Documentation can be found at the Best Practical Solutions RT Wiki located at http://wiki.bestpractical.com/. The latest TAR/GZ is located at http://download.bestpractical.com/pub/rt/release/rt.tar.gz. The lack of any version numbers means the version can be updated at any time. The latest version, as of this writing, is 3.8.0.

The following are the steps for downloading and configuring RT:

 root# cd /usr/local/src
 /usr/local/src root# wget http://download.bestpractical.com/pub/rt/release/rt.tar.gz
 /usr/local/src root# tar xzf rt.tar.gz
 /usr/local/src root# cd rt-3.8.0
 /usr/local/src/rt-3.6.5 root# ./configure \
  --with-web-user="httpd" \
  --with-web-group="httpd" \
  --with-rt-user="httpd" \
  --with-rt-group="rt"

4. Install Apache::TEST

Perl module Apache::TEST will not allow you to run the test check as root. You can download the module separately as a non root user and after configuring, compiling, and testing the program, you install it as root.

 root# su - goofy
 ~$ cd src
 ~/src goofy$ wget http://search.cpan.org/CPAN/authors/id/P/PH/PHRED/Apache-Test-1.30.tar.gz
 ~/src goofy$ tar xzf Apache-Test-1.30.tar.gz
 ~/src goofy$ cd Apache-Test-1.30
 ~/src goofy$ perl Makefile.PL
 ~/src goofy$ make
 ~/src goofy$ make test
 ~/src goofy$ sudo su root
 root# make instal

5. Run fixdeps Command and Install Perl Modules

Now you are ready to utilize the fixedeps utility that comes with RT to install required Perl modules. There is also the testdeps utility to test if all dependencies are installed and RT is ready to be installed. You may need to run fixdeps multiple times before testdeps reports that you have all required software packages. The first time through, it can take awhile (depending on your installation). Be aware that some perl modules may need to be installed manually. It various depending on OS and your environment. You will be able to tell which modules need manual installation by the final message provided by the fixdeps program.

 root# cd /usr/local/src/rt-3.8.0
 /usr/local/src/rt-3.8.0 root# make fixdeps
 /usr/local/src/rt-3.8.0 root# make fixdeps
 /usr/local/src/rt-3.8.0 root# make testdeps

6. Install RT

The final installation of RT is the easy part.

 /usr/local/src/rt-3.8.0 root# make install

7. Configure RT_SiteConfig.pm

We now will configure /opt/rt3/etc/RT_SiteConfig.pm. In the next step a database user and a database will be setup. We are only adding those values to the configuration file in this step. I am going to set up a hostname (rt.securitymonks.com) for my current machine. Please do not copy blindly. Change this to your environment. We will create the hostname so it only exists locally by adding an entry into the machines /etc/hosts file. Right now, I am only going to access the Apache server from this machine. In other words, the client and server will be on the same box.

 /usr/local/src/rt-3.8.0 root# vi /etc/hosts

Add the following line, adapting it to your organization:

 /usr/local/src/rt-3.8.0 root# vi /etc/hosts
##
127.0.0.1       localhost
10.1.218.202   rt.securitymonks.com

We are now ready to modify the RT_SiteConfig.pm file.

 /usr/local/src/rt-3.8.0 root# vi /opt/rt3/etc/RT_SiteConfig.pm

At minimum, add the following linesto /opt/rt3/etc/RT_SiteConfig.pm:

Set($rtname, 'BRORT');
Set($Organization, 'securitymonks');

Set($CorrespondAddress , 'john@securitymonks.com');
Set($CommentAddress , 'john@securitymonks.com');

Set($Timezone , 'US/Eastern'); # obviously choose what suits you

# THE DATABASE:

Set($DatabaseType, 'mysql'); # e.g. Pg or mysql

# These are the settings we used above when creating the RT database,
# you MUST set these to what you chose in the section above.

Set($DatabaseUser , 'rtuser');
Set($DatabasePassword , 'secret');
Set($DatabaseName , 'rtdb');

# THE WEBSERVER:

Set($WebPath , '');
Set($WebBaseURL , 'https://rt.securitymonks.com');

# Logging
Set($LogToSyslog, '');
Set($LogToFile, 'debug');
Set($LogDir, '/opt/rt3/var/log');
Set($LogToFileNamed, "rt.log");

8. Initialize the Database

RT needs to create the rtdb database, the rt db users, and initialize some tables. This can be done with the command initialize-database, which should be run only once.

 /usr/local/src/rt-3.8.0 root# make initialize-database
 /usr/local/bin/perl sbin/rt-setup-database --action init --dba root --prompt-for-dba-password
In order to create or update your RT database, this script needs to connect to your mysql
instance on localhost as root.  Please specify that user's database password below. If the
user has no database

password, just press return.

Password:
Working with:
Type:   mysql
Host:   localhost
Name:   rtdb
User:   rtuser
DBA:    root
Now creating a mysql database rtdb for RT.
Done.
Now populating database schema.
Done.
Now inserting database ACLs
Granting access to rtuser@'localhost' on rtdb.
Done.
Now inserting RT core system objects
Done.
Now inserting data
Done inserting data
Done.

Check the MySQL database out.

 /usr/local/src/rt-3.8.0 root# mysql -u rtuser -p
mysql> use rtdb;

9. Modify Apache Configuration File

Edit the /usr/local/apache/conf/httpd.conf file.

 /usr/local/src/rt-3.8.0 root# /usr/local/apache/bin/apachectl stop
 /usr/local/src/rt-3.8.0 root# vi /usr/local/apache/conf/httpd.conf

We are going to have the RT server run under our secure web server. Find the “<virtualhost _default_:443>” line, change it to “<virtualhost 10.1.218.202:443>“. Add the following lines to that section (adjusting to your environment):

   ServerName rt.securitymonks.com
   DocumentRoot /opt/rt3/share/html
   ErrorLog /usr/local/apache/logs/rt.error
   LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
   CustomLog /usr/local/apache/logs/rt.access_log combined
   AddHandler fastcgi-script fcgi
   ScriptAlias / /opt/rt3/bin/mason_handler.fcgi/

Add the user the Apache server runs as (httpd by default), to the RT group. For non Mac OS X, modify group membership by editing the file /etc/group (vi /etc/group). Mac OS X users need to user the dscl command.

 root# dscl . append /groups/rt GroupMembership httpd
 root# dscl . read /groups/rt

Change the group and permission on the log area if you have told RT to log to /opt/rt3/var/log.

 root# chgrp rt /opt/rt3/var/log
 root# chmod g+w /opt/rt3/var/log

Test the configuration of the file, and if everything checks out start up Apache.

 /usr/local/src/rt-3.8.0 root# /usr/local/apache/bin/apachectl configtest
Syntax OK
 /usr/local/src/rt-3.8.0 root# /usr/local/apache/bin/apachectl start

Remember there are now three files to check for problems with RT.

• /opt/rt3/var/log/rt.log
• /usr/local/apache/logs/rt.error
• /usr/local/apache/logs/rt.access_log

There are many configuration operations. The options chosen in this post represents only the minimal to get RT running. Please see the RT Wiki’s FastCGIConfiguration page for additional information.

10. Access RT and Change the Default Password

Now it is time to log in and change the default password. Using the entry we made in our /etc/hosts file, we can now access the site by going to https://rt.securitymonks.com. This URL should be different for your site. You will see a login screen similar to the image on the left.

Log in using the username “root” and password “password“. Once logged in, you will see the screen similar to the image below (click on the image if you need to enlarge):

Over on the left menu bar, select “Configuration.” That will bring you to the “RT Administration” screen:

Select, “Users.” That will bring you to the “Select a user” screen:

Select the user “root,” which will bring you to the “Modify the user root” screen. If you look at the lower left of the screen, there is a “Access Control area.” There is a place to enter “New Password.” Do so. The screen looks like:

Make sure to hit the “Save Changes” button at the bottom of the screen. With a working copy of RT, you are not ready to start adjusting configurations and working with the program. For additional information, Please check out the “RT Essentials” and the RT Wiki and the Best Practical Solutions blog site. Look for future posts to build upon the RT installation and database.

“The Blind Men and the Elephant” is a classic fable. As the world of IT becomes more complex, the people in IT become more specialized. People become so focused in their areas, they lose the ability to see the big picture. Life becomes the fable. The fable is about a group of blind men who came upon an elephant. The first man, feeling the enormous leg, said, ‘This thing is very much like a tree.’ The second, standing near its ear, reached up and said, ‘This is a winnowing fan!’ ‘No,’ said a third as he grasped the moving trunk. ‘Be careful. This creature is a serpent.’ ‘I disagree,’ said a voice at the other end. ‘It is only a frayed piece of rope’. The last man commented, ‘You are all wrong. I have felt this thing on both sides and it is just a wall.’”

Let’s talk about two parts of the elephant, open source software (OSS) and service-orientated architecture (SOA). John Grimes, assistant secretary of Defense for networks and information integration/chief information officer, told the Network Centric Warfare conference in Washington, D.C., on Jan. 23, “As we go to SOA architecture, we keep the applications behind and share the data on the network, and it becomes very critical that data is understood by everyone.”

“It just eats our lunch every time we get into a proprietary situation, because it’s noncompetitive,” Grimes stated explaining that DOD will increasingly move to SOA because it benefits information sharing and acquisitions. Federal Computing Weekly has an article, “DOD’s Grimes: Our focus is on data” by Josh Rogin. In another article in FCW, Bob Brewinn wrote an article, “DISA Buying into SOA ‘Big Time’.” John Grimes is quoted as stating, “DOD spends too much time and money acquiring individual, highly-tailored systems.” He continues, stating, “It’s time for the department to stop buying things and start buying services.”

In an article in the Linux Insider title “Iona Tightens Open Source, SOA Bond,” Dana Gardner writes:

Open source and SOA are increasingly joined at the hip. These twins are developing in tandem, not sequentially, which is giving CIOs and architects a variety of choices for picking and choosing the projects and products that make up their SOAs.

Darryl K. Taft writes an article for eWeek title, “Web Services, SOA, and Open Source Converge.” Hub Vandervoort, chief technology officer at Sonic Software Corp., Bedford, Mass., was on a panel of heavy hitters at the Web Services/SOA on Wall Street conference on Feb. 27. Vandervoort makes the point that, “SOA as a concept will challenge the whole concept of one throat to choke. SOA means federation and is built from federated components that are boundless.”

Han Zaunere, president of New York PHP, an organization for the Apache, MySQL and PHP community in New York, stated, “”In the long run, as far as looking at what you get, I think open source is more valuable.” He points out, “If I download [licensed] software and in two years it’s obsolete, I have no return on that. When you buy open-source support, the software is secondary.” Hiram Chirino, co-founder and director of architecture at LogicBlaze Inc., of Marina del Ray, Calif., believes that open-source software allows users to scale their systems more easily and cheaply because they can simply add more servers without having to worry about licensing costs.

Bob Sutor has written, and podcasted, extensively on the topic of open source. His four part series, is very interesting. I would recommend folks take a few moment to read it, paying particular attention to part 4, “The SOA Connection.” He covers:

• Part 1: Standards
• Part 2: Software
• Part 3: Open Source Software
• Part 4: The SOA Connection

Analyst at Forrester have written a report, “The Future of Enterprise Software.” Andy McCue has written the article “Open Source and SOA to Redefine Software Landscape” where he summarizes the report. The report stated: “Too many IT pros today reject the new ideas behind the four horsemen as ‘not ready for prime time’. Blanket dismissals of new ideas are defensive; IT executives should be looking instead for ways that the four horsemen can drive productive changes for business. These forces will define the future of enterprise software.” The “four horsemen” of commoditization are service oriented architecture (SOA), open source, software as a service and offshoring. Forrester predicts the four horsemen will lead to cheaper prices and a radical change in enterprise software landscape of the future.

SOA is ultimately about integration. It can be integration of open or closed source software packages. SOA brings agility to an enterprise. CEO and CIO are beginning to question the wisdom of getting locked into a software solution. When you take a solution, such as SAP, it is a solution that matches a complex problem with a complex solution. Annrai O’Tool, CEO of Cape Clear, tells the following story on Dana Gardner’s SOA trends webinar:

We have a couple of ex-PeopleSoft people working with us at Cape Clear, and they tell a great story about how they used to do sales pitches against SAP. They went to the customer with a small cup of quick-drying cement and poured it into a mold. By the time they finished the presentation, the cement is set and it has SAP written on it. They then say, “There you go, that’s the deal with SAP.” It is easy to design, but once you get your business process done, it is embedded in cement.

O’Tool points out that for many businesses, the business process is very difficult to change. He goes on to say, “SOA is all about how to use that application in new and more transparent ways that are easier to change and that deliver agility.”

Commercial solutions can have high up cost and high continuous operation costs. Even changing out hardware can end up costing a business significantly due to software licenses. In this rapidly changing IT environment, a company can easily find itself with a solution that no longer fits its business need, but it has too much invested to change course. Even worse, in time their software solution might no longer be actively developed as software companies change directions or go out of business. OSS helps reduce some of these risks. While there are costs, more of the expenditures goes into the companies own people. This helps create a work force better adapted to face a changing IT environment. Hub Vandervoort said it best when he stated “when you buy a software license you are paying for past innovation; when you buy open source, you’re investing in future innovation.”

When I was in college, some fundamental preachers came to campus to let us all know how terrible we were. They even preached against the Mennonite women whose hemlines fell above their ankles. One of the campus Christian groups were so upset with themselves because they froze up when trying to argue via an exchange of Bible verses. The statements the preachers were coming out with were so over the top, the only thing that tends to come to one’s mind is “Are they for real?” You can’t really get past that, rendering you a stammering idiot. In the end, it did not matter. It was not about an exchange of ideas.

I run into some folks who will preach against open source. A classic sound bite argument is, “Is freeware really free?” I remember working for government when government was very anti open source. Nowadays, attitudes have changed. Still, I come across some die hards from the old days. When I encounter such a person, I end up thinking about the news stories of those time capsules recently opened. Were these people somehow trapped in one of those time capsules? I am not an open source zealot. You use the right tool for the right job. I would argue one needs to be aware of the tools at their disposal. In the rapidly changing IT world, OSS can be a valuable tool adding agility to an enterprise solution toolbox. There are so many reports on the business impact of OSS, that one could write several books on the topic. I will spare you that, but still I wanted to post a few links. It is my way of countering the closed source preacher with what is equivalent to quoting open source Bible verses.

A good place to start is discussing the advantages, risk, culture change, and strategies involved with adapting OSS. Ibrahim Haddad has written a Enterprise OpenSource Magazine article titled, “Adapting an Open Source Approach to Software Development, Distribution, and Licensing.” He does a good job of discussing the unique characteristics, development model, the advantages, the risks, cultural changes, and strategies involved with developing and deploying OSS. There is more to open source than just not paying for the software

For a fun 48 page presentation, head over to the Free Electrons site. They have posted the presentation “Advantages of Free Software and Open Source in Embedded Systems.” A newly released European Commission study on the impact of Free, Libre, and Open Source Software (FLOSS) on the European IT sector is summarized by Thomas Claburn of InformationWeek in the article, “Study Finds Open Source Benefits Business.” The Europeans have been major developers of open source projects. Over on the English GBdirect site they have put together an area discussing the benefits of using open source software.

How does OSS fit into American markets? Darryl K. Taft did an article for eWeek on “CIOs: Open-Source Software Offers Cost, Quality Benefits.” Major American companies are also posting information on the benefits of open source. Red Hat, Inc. has posted, “Understanding the Financial Benefits of Open Source.” Sun has posted, “Open Source Is About Participation.” Of course, the US government has been looking into using OSS. Joab Jackson writing for GCN did a report, “Report Advocates Open-Source Approach for Software Acquisition.” It discusses the Office of the Deputy Undersecretary of Defense for Advanced Systems and Concepts commissioning the Open Technology Development road map. That is a fascinating report, which I highly recommend everyone interested in this topic read. A summary of the report can be found in Computer Business article title, “Open Source in the National Interest.”

Additional information on how OSS is being used within DoD can be read in the GCN article, “Open-Source Software Gets Nod from DoD” by Patricia Daukantas. Joris Evers writes for CNET how “Homeland Security Helps Secure Open-Source Code.”

Those articles and reports are just a sampling. They should help folks see the benefits of OSS and danger when implemented in the wrong environments. There are other benefits in terms of the agility open source brings to an organization. Plus, there are ties in to other areas of IT that are gaining major attention in 2007. I’ll write more on those later.

Why is this of interest to me? I like to think of myself as an open source integrator. That might just be because the places I work tend to try and cut costs in terms of software. Many organizations are preferring to put money into support, and cut software costs. Many of the open source companies following this business need have a model that I can understand and appreciate. Another interest of mine is the bridging of business and IT focus. My initial interest was in terms of security and auditing. Reliance on IT in business is growing. As IT takes more of the companies budget, the business is going to need to understand what return on investment they are getting. Enter my interest in business intelligence. Like I said, I am an integrator, whether that be in open source packages, or the integration of IT and business needs.
First, a post from me would not be complete without links to podcasts. From IT Conversations, Steve Lucas, VP for Business Objects, talks on Business Intelligence.

The power of building on open source is that it gives the organization agility. No longer does the vendor control innovation. Software components can be brought together, and replaced if they fail to keep up with the changing market. Let me take an example from an InfoWorld article. You can get Alfresco integrated with Asterisk (VoiceRD from Novacoast) and SugarCRM (CRM) today. Then you can extend this. Add some JasperSoft or Pentaho for Business Intelligence (perhaps reporting capabilities). Some DimDim for web conferencing. Some Zimbra or Scalix for email/collaboration. Want to scale this out on a grid, then there is 3Tera. The Open Source Group has An Open Source Strategy for the Open Group, where they outline, much better then I ever could, why an organization might want to utilize open source software.

Not satisfied? Well here are a OSBI links for more information:

OSBI Links

Open Source Solutions BI Wiki

The Open Source Solutions BI wiki will provide research, articles and draft chapters of our book, Open Source Business Intelligence, as they are developed. There are public and private sections of the wiki. For access to the private sections please contact us.

Open Source Solutions Blog

This blog provides timely information about open source solutions for business intelligence, collaboration, project managment & data analytics, and expose the process of three authors writing a book collaboratively. Posts range from news & status of OSBI projects, interviews with OSBI project teams and communities’ members, and describing OSS related events.

Open Source Business Conference

The Open Source Business Conference was held at San Francisco’s Moscone Center on February 14-15. OSBC East is to be held 2006 October 17-18 in Boston, MA.

OSBC Wiki

The Open Source Business Conference has a Wiki on SocialText that supplements the information on the website.

Business Intelligence for Business People

This lens by Tom Hudock is a good source of non-technical information about “Business Intelligence (BI), Performance Management, and Data Warehousing (DW)”

Links to OSS BI Suites

BEE Project

BEE is one of the first open source BI Suites, having been around since 2002. It provides ETL, ROLAP, reporting, integration with the R Project, is written in PERL, and primarily supports MySQL.

Bizgres

Bizgres is a distribution of PostgreSQL with specific modifications to increase performance and use as a data warehouse. In addition, the Bizgres project comes with the KETL ETL tool and JasperReports. The Bizgres project is supported by a consurtium of three companies, Greenplum, Kinetic Networks, and JasperSoft.

DASH Portal

MarvelIT’s Dash Portal solution is based on the Apache Jetspeed portal and their unique charting portlets. Using MARVELit DASH, dashboards can be built very easily using the power of SQL and XML.

Openi

Openi provides a web-driven interface to OLAP, relational, statistical and data mining sources giving BI integrators user interface, report definition and connector tools.

Pentaho

Pentaho has been getting a lot of attention since its launch and funding in 2005. This project has an impressive pedigree in its team leaders, and provides quite an array of capabilities: Reporting, Analysis, Dashboards, Data Mining and Workflow.

SpagoBI

SpagoBI is a BI platform drawing its components from the ObjectWeb consurtium. Tools include metadata management, ETL, Reporting, Analysis, and Dashboards.

Links to OSS BI Development Tools

Eclipse BIRT

Eclipse is the IDE for Java and J2EE, and BIRT is, basically, its reporting plug-in.

EFEU

EFEU is a programming environment to develop C-programs and libraries. It is often pointed to as facilitating the development of ETL and reporting software.

JpGraph

JpGraph is an OO Graph drawing library for PHP that is very useful for data visualization and presentation.

PostgreSQL MDDB

The linked article describes using EFEU with PostgreSQL to create a multi-dimensional database for use in OLAP.

If you these are not enough links, go to the Squidoo site where folks pass on recommendations and posted some of the above information.

At the O’Reilly Open Source Convention (OSCON), Socialtext released Socialtext Open. Socailtext distribution includes wikiCalc, which is the social spreadsheet, and Wikiwfg, and WYSIWYG editor. Very interesting products.

If you want to read more, TechCrunch has a posting by Marshall Kirkpatrick, “SocialText aims for wiki 2.0.” And of course, there are podcasts. Kirsten Jones talked to Perlcast about the REST API beta. The podcast is available along with reading material. Last month, CEO Ross Mayfield joined Phil Windley, Matt Asay, and Scott C. Lemon in a review of the technology news of the week. Before Wikimania 2006, InfoWorld’s Jon Udell had a podcast with Ross Mayfeild about Socialtext’s decision to release Socialtext Open and its relationship with WikiCalc. PodTech has Ross Mayfield talking with Andrew McAfee about Web 2.0 for Enterprise. Jennifer Jones talked with Ross about wikis and their use for companies both large and small in the podcast “Delving Into the Real Value of Wikis.” There is a video cast at the start of this month entitled, “Inside the first Wiki Company, SocialText.” PodTech has additional podcast/video cast available at their site.

It is an interesting company and leader in the Wiki world.

1. Safari Short Cut: Network Monitoring with Nagios
2. Book: Nagio System and Network Monitoring by Wolfgang Barth
3. Pro Nagios 2.0 by James Turnbull
4. Nagios notebook with:
• Advanced Configuration of Nagios by Syed Ali
• SNMP Trap Handling with Nagios by Francois Meehan
• Using Nagios to Monitor Your Network by Joel Rennich
• Monitoring Your Enterprise PACS With Nagios, Cacti, and Smokeping by Ron Sweeney
• Building a Self-Healing Network by Greg Retkowski
• Installing and Configuring Nagios by Bob Cares
• Monitoring Network Services with Nagios and Mac OS X by Mark Duling
• Nagios Version 2.0 Documentation

In addition, these links might be of interest:

http://leonardo.cascss.unt.edu/~trent/nagios.html

Mac OS X Server: How to Install, Enable, and Configure SNMP
http://docs.info.apple.com/article.html?artnum=107012

Monitor 10.2.8 clients using MRTG and NET-SNMP
http://www.macosxhints.com/article.php?story=20031019185335693

Think of WordPress MU as an area where maybe at some point GLORIAD could offer a place for international folks to post. It might be a management nightmare, since who knows what might get posted? We definately do not want to be the International MySpace. So we keep it technical, or maybe we allow only certain people to post. Just imagine the fascinating people who use GLORIAD. To have them post a few of their thoughts on whatever IT area they wanted to talk about, would be fascinating. Even if they were to post on life in different areas, it would allow members of GLORIAD to gain insight into different points of views. This would be similar to listening to the podcast with Jack Ma. Probably not what GLORIAD is about, so maybe we would have to keep it technical and scientific, so we stay on mission. Either way, it would give a voice to the people GLORIAD connects.

Here are the old links about just setting up the regular WordPress:

Here are few links for additional information on installation and setup of WordPress:

Installation: http://maczealots.com/tutorials/wordpress/
http://www.wpvqs.com/?p=51

http://allforces.com/2005/08/22/wordpress-on-mac-phpandmysql/
http://allforces.com/2005/08/23/wordpress-on-mac-subdomains/

http://www.bui4ever.com/macs/installing_wordpress_on_tiger/

http://warker.com/2006/09/16/wordpress-os-x-install-tips/

Installing Movable Type on Tiger:
http://maczealots.com/tutorials/movabletype/

Check out these themes for the backend to make it look more like Mac OS X: http://www.jgraphics.net/wordpress/spotpress/ http://www.orderedlist.com/articles/wordpress-administration-design-tiger/

Here are links to more information on your question and how you can get mail to send:
http://codex.wordpress.org/Answers-TroubleShooting#Emailedpasswordsnotreceived http://wordpress.org/support/topic.php?id=24981 http://packages.debian.org/stable/mail/ssmtp