Knowledgebase

Debian Dedicated Web Server Hosting Security

Internet gateways are known to have the most threats in terms of server security. Basically, the traffic that is allowed through the network. When we speak of security, the first thing that comes into our mind is the storage of confidential data such as Credit Card nos. etc.

Also, Virus such as Worms or Trojans and preventions of any intrusions are part in Web Server security. Banking security, prevention of hacking attempts are all included in security provisioning. Any Web server that is connected to the internet has a direct threat.

In case of server breach, it can be used for spams, hacking other servers and running illlegal activities on the server. Infact, many illegal activities include DOS attacks to other web servers. A hacker can seriously damage a server without even the server owner knowing about it. We will learn more on Debian Server Security in this post. We can also set “honey pot” when we speak of server security. In this case, hackers are directly attracted to a honey pot. However, prior to setup a honey pot, make sure you have remote backup space in case to start from the basic. The first is to prevent unauthorized access to the server. Following are some of the security practices on servers :

- Operating System Security ardening
- Application configuration
- Perimeter security
- Physical security

Operating System Security Hardening :

- Disable all default accounts
- File system security configurations
- Strong and long accounts password
- In order to disable accounts, change default shell to /bin/false
- Change startup configuration
- Disable TCP/IP ports that are run to scan ports.
- File system security
- No usage of common names for groups to reduce the risk of hacks
- TCP wrappers to run Internet-related daemons
- Appropriate hosts.allow Configuration
- Not running GUI
- Log off from Server consoles when not required

Configurations of Applications :

Applications installation and configurations must be done with great care as they can be the source to server hack. Insecure applications can cause harm to your Debian dedicated web server. Applications may have vulnerability to buffer overflow attacks which provides access to hackers and security threats.

It’s advisable that you should notice the following points :

- Securing insecure applications
- Check for Application updates
- Application Port Opening – Only which is required
- Secure CGI Scripts
- SSI Security management
- Secure FTP Access for Uploads
- Blocking IPs
- Latest Security Measures.

With DebianOS, disable open ports which are not required through by renaming their S symlinks in runlevel directory. Debian boots into runlevel 2 default by command : cd /etc/rc2.d

Search for symlink S20ssh which opens port for remote console and enhnaces security. Rename symlinks with command : mv S20ssh _S20ssh and this can be done for S20exim4, S20lpd, and S21nfs-common. Run netstat -ap command for /sbin/portmap is the applications has sunrpc port 111 open. NFS requires RPC. We can disable portmap in this case. We can rename symlinks with the following command :

mv /etc/rc2.d/S18portmap /etc/rc2.d/_S18portmap
mv /etc/rcS.d/S43portmap /etc/rcS.d/_S43portmap

Once done, reboot your Debian Dedicated Web Server and then run netstat -a

- Configurations of chroot jail will allow applications directory appear from root of file system. Access to only applications that will reduce the risk to access the entire file system. Apache web server running on DebianOS can easily setup jail as we can use Apache module to complete the task. We can add one line to the configuration file by the following command :

apt-get install libapache-mod-chroot

This will install Apache modules and in case to select from packages or existing modules.conf, add the following link to modules.conf file :

/etc/apache/modules.conf file:

LoadModule choot_module /usr/lib/apache/1.3/mod_chroot.so

In this case, logs, CGI and directories are the same and we don’t need to create new directories or make any changes to the ownership of the directories.

Chroot Apache applications, Apache IDS module which will search for any threats and will block them. You can simply add the following line to /etc/apt/sources.list file :

http://etc.inittab.org/~agi/debian/libapache-mod-security/etch/

Once added, you can run the following command :

apt-get update

Apt will be aware of tge package at the website. In order to install and enable module, enter the following command :

apt-get install libapache-mod-security

Add the following line to /etc/apache/modules.conf :

LoadModule security_module /usr/lib/apache/1.3/mod_security.so

It will search for any threats, http / PHP requests and block them. We can also add rules to httpd.conf file in order to let it know to as what needs to be checked.

For starters, add the following lines to the bottom of your httpd.conf file:

# *** MODULE CONFIG
# Turn the filtering engine On or Off
SecFilterEngine On
# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On
# Unicode encoding check
SecFilterCheckUnicodeEncoding Off
# Only allow bytes from this range
SecFilterForceByteRange 0 255
# Only log suspicious requests
SecAuditEngine RelevantOnly
# Server masking -
# Don’t tell them it’s an Apache installation
SecServerSignature “Lotus-Domino/6.x”
# The name of the audit log file
SecAuditLog /var/log/apache/audit.log
# Debug level set to a minimum
SecFilterDebugLog /var/log/apache/modsec_debug.log
SecFilterDebugLevel 0
# Should mod_security inspect POST payloads
SecFilterScanPOST On
# By default log and deny suspicious requests
# with HTTP status 403
SecFilterDefaultAction “deny,log,status:403″

Adding Fileter rules :

SecFilter /etc/passwd
SecFilter /bin/ls
SecFilter /bin/uname
SecFilter /usr/bin/whoami
SecFilter cd\x20/tmp
SecFilter wget\x20
# Block Santy.A worm
SecFilterSelective ARG_highlight %27
# Block drop table SQL injection attack
SecFilter “drop[[:space:]]table”
# Only accept request encodings we know how to handle
# we exclude GET requests from this because some (automated)
# clients supply “text/html” as Content-Type
SecFilterSelective REQUEST_METHOD “!^(GET|HEAD)$” chain
SecFilterSelective HTTP_Content-Type \
“!(^application/x-www-form-urlencoded$|^multipart/form-data;)”
# Do not accept GET or HEAD requests with bodies
SecFilterSelective REQUEST_METHOD “^(GET|HEAD)$” chain
SecFilterSelective HTTP_Content-Length “!^$”
# Require browser headers from all user agents
SecFilterSelective “HTTP_USER_AGENT|HTTP_HOST” “^$”
# Require Content-Length to be provided with every POST request
SecFilterSelective REQUEST_METHOD “^POST$” chain
SecFilterSelective HTTP_Content-Length “^$”
# Don’t accept transfer encodings we know we don’t handle
SecFilterSelective HTTP_Transfer-Encoding “!^$”

Once done, please make sure you restart Apache with /etc/init.d/apache restart

Microsoft release of Windows Server 2008 has truly been a revolution which is designed to perform for networks, applications. The most important is that it is technology effiicient. Client’s who have been using Windows Server 2003 can easily move to Windows Server 2008 Server. It has been built on the foundations of Windows Server 2000 and Windows Server 2003. New tools, virtualization techniques such as Hyper-V, enhancement in security and managements tools that not only reduces cost for the licenses but also improves the performance on the windows web servers.

With Windows Server 2008, management and deployment is a lot easier when compared to windows server 2003. It’s easier interface when compared to it’s predecessors has proved that it’s completely user friendly. Features such as Windows PowerShell which is basically Command-line shell which allows administrators to automate tasks accross windows cluster servers. It can also deploy OS through network. It also support IPV6 allocations which makes it easier once our IPV4′s are over.

Server Cost installation of Windows Server 2008 allows installation of server roles without actually requiring a graphical interface. Windows Server 2008 has built-in Virtualization software which is basically hypervisor-based server virtualization software – hardware virtualization which will create virtual macgines on a single physical macgine can run other Operating Systems on a single server. This enables you to save more on the virtualization costs that is basically required to be paid to Virtualization software companies. Applications can also be virtualized through Windows Server 2008 centralized application access. Easy Remote access to windows-based programs. Now, this means you do not need a VPN to connect to a client’s server. Windows Server 2008 also comes wih IIS 7.0 which is the next version to IIS 6.0 that was on Windows Server 2003 series. IIS 7.0 is required to unify Web platform that includes ASP.NET, Windows Services and Sharepoint Services. It has been seen that Windows Server 2008 Security has been enhanced. It also prevents any unauthorized connections to the networks, server or data.

Network Access Protection (NAP) checks every network connections to the server. Active Directory Services security has also been enhanced on a Windows Server 2008 Server. Read-Only Domain Controller (RODC) and BitLocker Drive Encryption provides complete security to AD database at branch office locations. It also extends to Windows HPC Server 2008.

Windows HPC Server 2008 is utilized to scare different processing costs to improve productivity and reduce the complexity of HPC environment.

Asterisk – VOIP Server on FedoraCore

Please check sure you install no pre-configured options. Once installed :

Logon as Root

Mount the CDROM
mkdir /mnt/cdrom
mount /dev/cdrom /mnt/cdrom

YUM Installation :

rpm -i /mnt/cdrom/Fedora/RPMS/rpm-python-4.4.2-32.i386.rpm
rpm -i /mnt/cdrom/Fedora/RPMS/python-elementtree-1.2.6-5.i386.rpm
rpm -i /mnt/cdrom/Fedora/RPMS/python-sqlite-1.1.7-1.2.1.i386.rpm
rpm -i /mnt/cdrom/Fedora/RPMS/python-urlgrabber-2.9.9-2.noarch.rpm
rpm -i /mnt/cdrom/Fedora/RPMS/yum-metadata-parser-1.0-8.fc6.i386.rpm
rpm -i /mnt/cdrom/Fedora/RPMS/yum-3.0-6.noarch.rpm

Kernel Sources Installation :

rpm -i /mnt/cdrom/Fedora/RPMS/kernel-devel-2.6.18-1.2798.fc6.i686.rpm
ln -s /usr/src/kernels/2.6.18-1.2798.fc6-i686/ /usr/src/linux

Compiler Installation :

yum install gcc ncurses-devel openssl-devel gcc-c++ gnutls-devel make -y

WGET Installation :

rpm -i /mnt/cdrom/Fedora/RPMS/wget-1.10.2-7.i386.rpm

SSH Installation :

yum install openssh openssh-clients openssh-server -y

Start SSH Daemon :

/etc/init.d/sshd start

VSFTP Installation :

yum install vsftpd -y

VSFTP Daemon Start on Boot :

/etc/init.d/vsftpd start
chkconfig vsftpd on

Source files in /usr/src/

Via CDROM

cd /
umount /dev/cdrom

Change CD :

mount /dev/cdrom /mnt/cdrom
cp /mnt/cdrom/* /usr/src/ -R
rpm -i /mnt/cdrom/Fedora/RPMS/lsof-4.78-3.i386.rpm
cd /
kill -9 `lsof -t /dev/cdrom`
umount /dev/cdrom
rpm -e lsof

Open Linux Conifugration : vi /etc/selinux/config

change SELINUX=enforcing to SELINUX=disabled

vi /etc/vsftpd/user_list

remove root from the list

vi /etc/vsftpd/ftpusers

Please make sure you remove root and Reboot

Login to to through FTP

wget http://ftp.digium.com/pub/zaptel/releases/zaptel-1.2.16.tar.gz
wget http://ftp.digium.com/pub/libpri/releases/libpri-1.2.4.tar.gz
wget http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.17.tar.gz
wget http://ftp.digium.com/pub/asterisk/releases/asterisk-sounds-1.2.1.tar.gz
wget ftp://rpmfind.net/linux/SuSE-Linux/i386/update/9.3/rpm/i586/madplay-0.15.2b-32.i586.rpm
wget http://ftp.freshrpms.net/pub/freshrpms/fedora/linux/6/libmad/libmad-0.15.1b-4.fc6.i386.rpm

Madplay Installation

yum install libid3tag -y
rpm -i /usr/src/libmad-0.15.1b-4.fc6.i386.rpm
rpm -i /usr/src/madplay-0.15.2b-32.i586.rpm

MPG123 Installation

Install MPG123 (MOH)
cd /usr/src/mpg123-0.65/
./configure
make
make install
ln -s /usr/local/bin/mpg123 /usr/bin/mpg123

Zaptel Installation

Here, please make sure /li’b/modules/2.6.18-1.2798.fc6-i686/build and /usr/src/2.6.18-1.2798.fc6-i686/ are linked.

cd /usr/src/zaptel-1.2.16/
make clean
make
make install
make install-udev
make config

Change Code 2,16,19 to 2,6,18

#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) to
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,18)
vi /usr/src/zaptel-1.2.16/xpp/xbus-core.c

Start Zaptel :

/ect/init.d/zaptel start

LibPRI Installation :

cd /usr/src/libpri-1.2.4/
make clean
make
make install

Asterisk Installation :

cd /usr/src/asterisk-1.2.17/
make clean
make
make install
make samples
make config

Asterisk Sound Pack Installation

cd /usr/src/asterisk-sounds/
make install

mkdir /tftpboot
useradd usr
passwd usr
1234 enter
1234 enter
vi /etc/passwd

vi /etc/vsftpd/vsftpd.conf

change the following:
chroot_list_enable=YES
userlist_enable=YES
userlist_deny=NO
vi /etc/vsftpd/chroot_list

In the file : vi /etc/vsftpd/user_list, add “usr” and remove all through Text Editor

cd /tftpboot/

chown usrprovis /tftpboot/
chmod u-w . (note the period)
mkdir contacts
mkdir log
mkdir overrides
chown usrprovis log
chgrp usrprovis log
chown usrprovis contacts
chgrp usrprovis contacts
chown usrprovis overrides
chgrp usrprovis overrides

Firewall should be turned :

chkconfig iptables off

In order to check the services : chkconfig –list

Root SSH should be disabled and creation of account with permissions.

Edit sshd config and remove # PermiRootLogin and change yes to no. : vi /etc/ssh/sshd_config

Perl Module

Install Perl – Makefile.PL

wget through any website for Perl
perl Makefile.PL

DHCP Installation :

yum install dhclient -y

Troubleshooting tools Installation :

yum install yum install iftop -y

Configuration : Realtime DEP :

yum install mysql mysql-server mysql-devel

Add-on Compile :

./configure –with-mysqlclient=/usr

Asterisk – VOIP Server Installation on Linux – centOS

Prior to installation, you need to make sure all packages up-to-date. Run yum-y update. In case, any Kernel files were updated, the server will require reboot of the server. Now, you will need to download pre-requisites or essentials of Asterisk :

gcc
kernel-devel
bison
openssl-devel
doxygen #

In case you have a Dual Core Processor Server, Kernel-smp-devel is required through

apt-get update
apt-get install gcc kernel-devel bison openssl-devel

Or through yum

yum -y update
yum install gcc kernel-devel bison openssl-devel

Donwnload the latest version through asterisk website to /usr/src

In case you are using PRI cards, you need to the following :

wget http://ftp.digium.com/pub/libpri/releases/libpri-<version>.tar.gz

Untar the files :

tar -zxf zaptel-<version>.tar.gz
tar -zxf asterisk-<version>.tar.gz
tar -zxf libpri-<version>.tar.gz

Installation of Zaptel :

cd /usr/src/zaptel

make clean
make
make install

Restart Zaptel Service

Installation of LIBRI :

In case you are using E1 Cards, install LIBRI :

cd /usr/src/libpri

make clean
make
make install

Asterisk Installation :

cd /usr/src/asterisk

make mpg123 #
make clean
make
make install

If kernel is used, edit spinlock.h or Zaptel will not compile :

vi /usr/src/kernels/2.6.9-34.EL-x86_64/include/linux/spinlock.h

In Text Editor : define DEFINE_RWLOCK(x) rw_lock_t x = RW_LOCK_UNLOCKED
and change to define DEFINE_RWLOCK(x) rwlock_t x = RW_LOCK_UNLOCKED

MSMQ Independent Client Installation on a Cluster SQL Server 7.0

- MS DTC and it’s DLL should be removed
- MS Message Queuing Installation
- MS DTC Upgration

Message Queuing Installation and Cluster Setup with SQL Server 7.0 and Message Queuing :

- SQL Server and SQL Server Agent should be stopped
- Run Command : msdtc -remove on Server1
- Run Command : msdtc -remove on Server2
- Remove MS DTC reource in Cluster Resource Group
- Locate and remove : HKEY_LOCAL_MACHINE\Software\Microsoft\MSDTC
- On each node, delete files in \%windir%\System32 folder :
- Adme.dll
- Dtcadmc.dll
- Dtccfg.cpl
- Dtccm.dll
- Dtctrace.dll
- Dtctrace.exe
- Dtcuic.dll
- Dtcuis.dll
- Dtcutil.dll
- Dtcxatm.dll
- Dtcsetup.exe
- Msdtc.dll
- Msdtc.exe
- Msdtcprx.dll
- Msdtctm.dll
- Msdtcw.exe

- Reboot Nodes

MS Message Queuing Installation :

- Move SQL Server group that containts MS DTC and Message Queuing to Servers.
- Move all to Server2
- Message Queuing Routing Server Installation on Server1
- Run Setup.exe which is located in \Msmq\Msmq\Server folder on MS Windows NT Server 4.0 Ent. Edition Component CD
- It will run until 0×424 error for MS DTC is reported.
- Click Ok
- While Installation, Click Customer and clear installation share and then click Route Server. When Primary Site Controller is prompted, type PSC name
- In IP Address list, click IP with group, this is required that Message Queuing that is used to communicate with other Message Queuing.
- In Connected Network drop-down, click connected network and Continue.
- When Error is seen, Click Ok
- Click Yes to continue when it shows MS DTC cannot start.
- At prompt of MSMQ installation, Click Ok
- Start Cluster Administrator, open Properties of MS DTC resource
- On Advanced, click clear Affect group and apply
- It will be seen that MS DTC service will be offline
- Move resource group to Server2 and other resource to Server1
- Message Queuing should be offline
- Run Message Queuing Setup on Server2.

MS DTC Upgration :

- Move resource group back to Server1
- Run Dtcsetup.exe from SQL Server 7.0 CD – \x86\Other on Server1
- Run Dtcsetup.exe on Server2 and click Ok on Server1
- In Cluster Administrator, Right-click MS DTC resource, click Dependencies.
- Add SQL Servers to the list.
- MS DTC and Message Queuing should be Online
- All resource should be on node and Windows NT 4.0 SP4 should be applied
- Server1 should be Restarted now and all resources should be moved
- Apply Windows NT 4.0 SP4 to Server1 and Restart Node

Normally the errors occur when upgrade is done on a backup domain controller or restrictions of creation of local groups. When extending a site, extensions create admin group and automatically adds user accounts to administer site. In this case, server doesn’t allow creation of local groups and hence error message is seen. Prvent Frontpage Server Extensions from creation and use of local groups to acces websites.

Following steps need to be implemented :

- One Windows Start Menu, Click on Run
- In Open Box, type Regedt32.exe and click OK
- Select subkey : HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\All Ports
- On Edit Menu, Click Add Value
- In Value, type NoMachineGroups in Data Type box type REG_SZ
- Click on Ok
- In String Dialog box, type 1 and click Ok
- In Registry menu, Click Exit

How to protect your emails from Viruses in Outlook express ?

With Outlook Express 6, internet zone is restricted and enables only active contents to run. For customization in IE Security Zone :

- Open Outlook Express
- Click on Tools Meno – Options
- Click Security Tab and then Click Restricted Zone
- Click Ok to close options dialog box
- Start IE, click on Interner Options and click on Security
- Click Custom Level and apply the changes.

Reading messaged in Plain Text :

- In SP1, configure Outlook express to read emails in plain Text Format
- Start Outlook Express
- Click on Tools and Options
- Click Read tab and select Read all messages in plain text
- Click on Ok

Prvention of programs from sending emails without Approval :

In this case, if Outlook Express is set as mail handler, it will process requests by using Simple MAPI calls. This function is used by Virus and send copies of email mesages that will contain virus to your email contacts. In case Of Outlook Express 6, email’s are prevented from sending without approval.

IE Unsafe list to filter Email attachments :

- Start Outlook Express, click on Options
- Click Security Tabs and select “Do not allow attachments”

In Outlook Express 6, it checks for unsafe attachments and only if it’s safe, it will download / open with the email messages.

Add additional files to remove from Unsafe list :

- Click on Start
- Then click on Control Panel
- Double-click Folder Options
- Select File Type to be allowed or blocked and then clicked on Advanced.
- In order to add new, click on New – In Create New Extension dialog box, file extension should be typed and added to unsafe list.
- Click on OK

Microsoft Silverlight is a programmable web browser plugin. It enables many features such as vector graphics, animation, and audio-video playback all these applications are rich internet applications. Version 2.0 of Microsoft Silverlight was released in October 2008. It got some additional interactive features and support for .NET languages and development tools. It is compatible with many web browsers used on Microsoft Windows and Mac OS X operating systems. Symbian phones and Windows Mobile 6 will also be supported. New third party free software named Moonlight is under development. Once released it will bring compatible functionality to GNU/Linux.

Similar to Windows Presentation Foundation Silverlight provides retained mode graphics system. It also integrates graphics, multimedia, interactivity and animations into a single runtime environment. Silverlight is designed to work in conjunction with XAML and is scriptable with JavaScript. XAML is used for marking up the vector graphics and animations. If you create textual content using Silverlight, it’s searched and indexed by search engines. The textual content is not compiled, but represented as text (XAML). Windows Sidebar gadgets for Windows Vista can also be created using Silverlight.

Playback of media files like WMA, MP3 and WMV is also supported by Silverlight across all the supported browsers. For the playback Silverlight doesn’t need Windows Media Player ActiveX control or Windows Media browser plugins. Windows Media Video 9 is an implementation of the SMPTE VC-1 standard; Silverlight supports VC-1 only in ASF container format. Adding to that the software license agreement says VC-1 is only licensed for the “personal and non-commercial use of a consumer”. Silverlight doesn’t provide support for H.264 video. With Silverlight it possible to dynamically load XML content that can be manipulated through a DOM interface. This technique is consistent with conventional Ajax techniques. A Downloader object which can be used to download content, like scripts, media assets or other data as per the requirements of the application is also installed in the Silverlight.

Silverlight applications can be written in any of the .NET programming languages. Therefore any development tools that can be used .NET languages can work with Silverlight. For this process development tools have to target Silverlight CoreCLR instead of .NET framework CLR. Microsoft Expression Blend version 2.0 and 2.5 are assigned the job of designing the UI of Silverlight 1.0 and 2, by Microsoft. To develop and debug Silverlight applications Visual Studios 2008 can be used. For creating Silverlight projects and allowing compiler to target CoreCLR, Visual Studio 2008 requires the Silverlight Tools for Visual Studio.

A Silverlight project consists of the Silverlight.js files and CreateSIlverlight.js files which initialize the Silverlight plugin for use in, a XAML file for the UI, HTML pages and code-behind files for the application code. Just like ASP.NET applications Silverlight applications are debugged. Visual Studio’s CLR Remote Cross Platform Debugging feature can be used Silverlight applications running on a platform as well. Eclipse was added as a development tool with Silverlight 2.0.

SQLAgentReaderRole can solve the problems of giving rights to the users for administration of SQL Agent jobs. It is located in MSSQL Database and is a Database role. With the help of this it is possible to assign the user the permissions to see any SQL Agent job in the database server. However, this can also create some problems as the users will be able to see the jobs which are owned by other users. It is also possible for the users to check the history of the job. But the group of users will not be able to execute the job and you will have to add the user to SQLAgentReaderRole as a member. Follow the steps given below to do so :

Enter the following commands

use msdb

EXECUTE sp_addrolemember

@rolename = ‘SQLAgentReaderRole’,

@membername = ‘username’

There are 2 more SQL Agents role which are available in SQL Server 2005.

1) SQLAgentUserRole – This will allow the users to manage the jobs after they have created the job.

2) SQLAgentOperatorRole – The permissions assigned to SQLAgentUserRole are also assigned to SQLAgentOperatorRole. However, SQLAgentOperatorRole also provides permissions to the users to start the local jobs that they do not own.

Custom Code for viewing jobs

If you do not want to assign SQLAgentReaderRole then you have an option. Even if you do not have  SQL server 2005 then too you do not have to worry as there is an option. Below is the listing of jobs on the system with the custom system and also the details of the specific jobs. You can assign permissions to the users to view the jobs on the system according to you after you have created the procedure given below.

use master

go

CREATE PROCEDURE [dbo].[sp_ViewJobListing]

(

@JobName VARCHAR(255)=NULL

)

AS

BEGIN

IF OBJECT_ID(‘tempdb..#Results’)>0

DROP TABLE #Results

CREATE TABLE #Results

(

job_id UNIQUEIDENTIFIER NOT NULL,

last_run_date INT              NOT NULL,

last_run_time INT              NOT NULL,

next_run_date INT              NOT NULL,

next_run_time INT              NOT NULL,

next_run_schedule_id INT              NOT NULL,

requested_to_run INT              NOT NULL,

request_source INT              NOT NULL,

request_source_id SYSNAME   COLLATE DATABASE_DEFAULT NULL,

running  INT              NOT NULL,

current_step INT              NOT NULL,

current_retry_attempt  INT              NOT NULL,

job_state  INT              NOT NULL

)

DECLARE @JobID VARCHAR(100)

SELECT TOP 1 @JobID = job_ID FROM msdb.dbo.sysjobs

INSERT INTO #Results

EXECUTE master.dbo.xp_sqlagent_enum_jobs 1, @JobID

SELECT

s.Name,

CASE WHEN s.enabled = 0 THEN ‘No’ ELSE ‘Yes’ END AS Enabled,

CASE WHEN next_run_date > 0 THEN ‘Yes’ ELSE ‘No’ END AS Scheduled,

sc.name AS Category,

current_step AS CurrentExecutionStep,

last_run_date,

next_run_date,

CASE WHEN xp.running = 0 THEN ‘Not Running’ ELSE ‘Executing…’ END AS Status,

ISNULL((

SELECT CASE WHEN run_status = 1 THEN ‘Succeeded’ WHEN run_status = 3 THEN ‘Cancelled’ WHEN run_status = 0 THEN ‘Failed’ WHEN run_status IS NULL THEN ‘Unknown’ END AS LastRunStatus

FROM

msdb..sysjobhistory sho

WHERE

sho.job_id = xp.job_id AND

sho.instance_id =

(

SELECT MAX(instance_id)

FROM msdb..sysjobhistory sj (NOLOCK)

WHERE sj.job_id = sho.job_id

)

) ,’Unknown’) AS LastRunStatus

FROM     #Results xp

INNER JOIN msdb..sysjobs s on xp.job_id = s.job_id

INNER JOIN msdb..syscategories sc on s.category_id = sc.category_id

WHERE

s.Name = ISNULL(@JobName, s.Name)

ORDER BY s.Name

IF @JobName IS NOT NULL

BEGIN

CREATE TABLE #JobHistory

(

StepID INT,

StepName SYSNAME,

Message NVARCHAR(1024),

RunStatus INT,

RunDate INT,

RunTime INT,

RunDuration INT,

operator_emailed NVARCHAR(20),

operator_netsent NVARCHAR(20),

operator_paged NVARCHAR(20)

)

INSERT INTO #JobHistory

SELECT

sjh.step_id,

sjh.step_name,

sjh.message,

sjh.run_status,

sjh.run_date,

sjh.run_time,

sjh.run_duration,

operator_emailed = so1.name,

operator_netsent = so2.name,

operator_paged = so3.name

FROM

msdb.dbo.sysjobhistory sjh

JOIN msdb.dbo.sysjobs sjj ON sjh.job_id = sjj.job_id

LEFT OUTER JOIN msdb.dbo.sysoperators so1  ON (sjh.operator_id_emailed = so1.id)

LEFT OUTER JOIN msdb.dbo.sysoperators so2  ON (sjh.operator_id_netsent = so2.id)

LEFT OUTER JOIN msdb.dbo.sysoperators so3  ON (sjh.operator_id_paged = so3.id),

msdb.dbo.sysjobs                 sj

WHERE

sjj.Name = @JobName and

(sj.job_id = sjh.job_id)

SELECT

StepID, StepName, Message, RunDate AS LastRunTime,

CASE RunStatus

WHEN 0 THEN ‘Failed’

WHEN 1 THEN ‘Succeeded’

WHEN 2 THEN ‘Retry (step only)’

WHEN 3 THEN ‘Canceled’

WHEN 4 THEN ‘In-progress message’

WHEN 5 THEN ‘Unknown’

END AS RunStatus

FROM #JobHistory

ORDER BY LastRunTime DESC, StepID ASC

END

END

GO

EXECUTE sp_ms_marksystemobject ‘sp_ViewJobListing’

Please note :

Make sure that you do not assign permissions to the users without being sure that you are assigning these permissions to the right one. As these permissions allow the user to to see the SQL Agent jobs on the database server and this can create problems for you if you assign these permissions to a wrong user.

Also, try not to give permissions for a user to check the job of the other user on the database server which can redure the risk of any problems in future.

Coldfusion dedicated web Servers are those which specifically host Coldfusion on dedicated web servers. It is easy process to create Internet applications. It also integrates with different environments and applications for users. ColdFusion Markup Language (CFML) is tag-based language that are utilized bv Coldfusion application developers. It is very easy to learn CFML to handle applications have more requirements. It basically uses a syntax which more or less resembles HTML and XML and which suit to applications of programmings that use markup languages. It easy use syntax makes a developers work a lot easier. It can also be customized with custom tags, components, functions and integrates with JAVA, .NET, SOAP Web services.

Coldfusion is basically designed for developers who build dynamic websites and internet applications. It is a new beginning from the basic HTML page design and development. Features such as debugging, XML processing, Java and .NET integration, web services are ideal for developers for developing complex web applications.

Coldufusion have basic text files and easily be edited with any test editor. It is build for designers and developers and include all the features required for developers. Infact, many developers use Coldfusion with Adobe Flex development framework to create powerful internet applications.

Adobe Flex builder software is Eclipse based IDE for developments of RIAs combining various desktop applications with different platforms. It builds easily and also integrates with Adobe Coldfusion 8 for FML or Coldfusion Markup Language. Coldfusion 8 has code debggin extensions for Flex builder which makes the development even more easier. Various Training and documentations are provided online for Coldfusion which will definitely get you out from the basic HTML development.

Coldfusion MX versions – 6.0, 6.1 and 7 applications can easily upgrade to Coldfusion 8. Applications that run on ColdFusion 5 can also be migrated to ColdFusion 8. Following is the current pricing of Coldfusion 8 :

Coldfusion Standard edition : $1299.00USD / 2 CPU’s
Coldfusion Enterprise edition : $7499.00USD / 2 CPU’s
Coldfusion Developer Edition – Free!

Coldfusion 8 Enterprise Edition can easily serve multiple websites and applications on more than one server. It can also run on J2EE application servers whereas Coldfusion 8 Standard Edition is a solution that delivers applications on a single server. If you have noticed, the license is based upon the no. of CPU’s that currently run and is done in 2-CPU’s bases. Both of the editions allow software installation with one or two CPU’s. If additional CPU’s are added, then it will definitelt require additional licenses. Multi-code chips are single processors that are calculated for pricing of the licenses. Coldfusion 8 is currently available in English and Japanese Version.

Coldfusion 8 runtime environment is Java applications that takes advatanges of powerful services in J2EE platform to connect to databases, security managements and request of applications. Enterprise Edition is installed in J2EE configuration on Java application web server. Coldfusion 8 supports the following JEE Servers :

- IBM WebSphere
- BEA Weblogic
- Oracle
- Macromedia Jrun
- JBoss

It supports major databases including Microsoft SQL Server, Oracle, Sybase etc. and suppoer web servers such as Apache Web Server, IIS. Operating Systems that are supported are Windows, Linux, IMB and MacOS.

Coldfusion Developer Edition and Enterprise Edition – 64 bit applications can run the following Operating Systems :

- Windows Server 2003
- Windows Server 2008
- Windows Vista
- Windows XP
- RedHat Enterprise Linux 4.x and 5
- Suse Linux

Coldsution 32-bit cannot be upgraded to 64-bit. It will need to be uninstalled through 64-bit installer. It is always advisable to have 64-bit machines rather than 32 bit machines. With 32-bit, 4GB RAM can be accomodated and 64-bit can accomodate 16GB RAM.

Coldfusion are supported on all BODHost Dedicated Web Servers.