Comments for evergreen-ils blog http://evergreen-ils.org/blog The blog for Evergreen open-source library software Fri, 20 Jan 2012 23:58:44 +0000 hourly 1 Comment on Evergreen community on SOPA and PIPA by Will Hires http://evergreen-ils.org/blog/?p=723&cpage=1#comment-55127 Will Hires Fri, 20 Jan 2012 23:58:44 +0000 http://evergreen-ils.org/blog/?p=723#comment-55127 I also support the widespread protest against SOPA and PIPA. I'm glad to see that the Evergreen community also joins the protest. I also support the widespread protest against SOPA and PIPA. I’m glad to see that the Evergreen community also joins the protest.

]]> Comment on Evergreen community on SOPA and PIPA by Sean Strickland http://evergreen-ils.org/blog/?p=723&cpage=1#comment-55122 Sean Strickland Wed, 18 Jan 2012 22:36:41 +0000 http://evergreen-ils.org/blog/?p=723#comment-55122 Thank you for supporting this!! Thank you for supporting this!!

]]> Comment on Evergreen security releases: 2.0.10 and 1.6.1.9 by Galen Charlton http://evergreen-ils.org/blog/?p=687&cpage=1#comment-54976 Galen Charlton Tue, 11 Oct 2011 21:37:15 +0000 http://evergreen-ils.org/blog/?p=687#comment-54976 To follow up on Dan's comment, note that <code>/openils/lib/oils_auth.so</code> is normally a symbolic link to <code>oils_auth.so.2.0.0</code> (or <code>oils_auth.so.0.0.0</code> in the case of 1.6.1.x). When applying Dan's fix procedure, make sure that the final result has all versions of the file name <code>oils_auth.so[.*]</code> pointing to the same shared object. To follow up on Dan’s comment, note that /openils/lib/oils_auth.so is normally a symbolic link to oils_auth.so.2.0.0 (or oils_auth.so.0.0.0 in the case of 1.6.1.x). When applying Dan’s fix procedure, make sure that the final result has all versions of the file name oils_auth.so[.*] pointing to the same shared object.

]]> Comment on Evergreen security releases: 2.0.10 and 1.6.1.9 by Galen Charlton http://evergreen-ils.org/blog/?p=687&cpage=1#comment-54975 Galen Charlton Tue, 11 Oct 2011 21:28:30 +0000 http://evergreen-ils.org/blog/?p=687#comment-54975 One observation regarding the fix for brute force password guessing -- we discovered the hard way that if there is a SIP2 device connecting to the Evergreen database that is configured with the wrong password for the user account it uses to authenticate, repeated login attempts by the device can result in quickly locking out that account. This can be mitigated by assigning a separate user account for each distinct SIP service (so that say, a misconfiguration for your PC reservation system doesn't lock out e-resource authorization), by monitoring the logs for excessive failed authentication attempts after applying the security update, and, until the offending device is found, by setting the block_count parameter to a higher value on the application server(s) that are providing authentication for SIP2 service. One observation regarding the fix for brute force password guessing — we discovered the hard way that if there is a SIP2 device connecting to the Evergreen database that is configured with the wrong password for the user account it uses to authenticate, repeated login attempts by the device can result in quickly locking out that account. This can be mitigated by assigning a separate user account for each distinct SIP service (so that say, a misconfiguration for your PC reservation system doesn’t lock out e-resource authorization), by monitoring the logs for excessive failed authentication attempts after applying the security update, and, until the offending device is found, by setting the block_count parameter to a higher value on the application server(s) that are providing authentication for SIP2 service.

]]> Comment on Evergreen security releases: 2.0.10 and 1.6.1.9 by Dan Scott http://evergreen-ils.org/blog/?p=687&cpage=1#comment-54959 Dan Scott Wed, 05 Oct 2011 19:46:31 +0000 http://evergreen-ils.org/blog/?p=687#comment-54959 To address the worst of the vulnerabilities - the potential brute-forcing of passwords - it is possible to update just the oils_auth.so library on a live production system without having to go through a complete install and staff client update process and without having to stop and start all services. The process is as follows: 1. Download the Evergreen 2.0.10 or 1.6.1.9 <a href="http://evergreen-ils.org/downloads" rel="nofollow">release tarball</a> 2. Untar the tarball 3. In the source directory, run <code>./configure --prefix=/openils --sysconf=/openils/conf && make</code> to build the libraries 4. Install the chrpath tool (<code>aptitude install chrpath</code> on Debian / Ubuntu systems) 5. Run “chrpath -d Open-ILS/src/c-apps/.libs/oils_auth.so” to enable the library to link to the appropriate location 6. Copy your existing oils_auth.so library to a safe location; for example, "cp /openils/lib/oils_auth.so /openils/oils_auth.so.20101005" 7. Copy your new oils_auth.so library into place: <code>cp Open-ILS/src/c-apps/.libs/oils_auth.so /openils/lib/.</code> 8. As the root user, run <code>ldconfig</code> to refresh your dynamic linking cache. 9. Restart your OpenSRF C services: <code>osrf_ctl.sh -a restart_c</code> (NOTE: you may require the -l flag on that command, depending on your system). Optionally, you can also add the new <auth_limits> section to the <open-ils.auth> settings in /openils/conf/opensrf.xml if you want to specify non-default values. If so, then you will also need to restart the opensrf.settings service before restarting the OpenSRF C services. To address the worst of the vulnerabilities – the potential brute-forcing of passwords – it is possible to update just the oils_auth.so library on a live production system without having to go through a complete install and staff client update process and without having to stop and start all services. The process is as follows:

1. Download the Evergreen 2.0.10 or 1.6.1.9 release tarball
2. Untar the tarball
3. In the source directory, run ./configure --prefix=/openils --sysconf=/openils/conf && make to build the libraries
4. Install the chrpath tool (aptitude install chrpath on Debian / Ubuntu systems)
5. Run “chrpath -d Open-ILS/src/c-apps/.libs/oils_auth.so” to enable the library to link to the appropriate location
6. Copy your existing oils_auth.so library to a safe location; for example, “cp /openils/lib/oils_auth.so /openils/oils_auth.so.20101005″
7. Copy your new oils_auth.so library into place: cp Open-ILS/src/c-apps/.libs/oils_auth.so /openils/lib/.
8. As the root user, run ldconfig to refresh your dynamic linking cache.
9. Restart your OpenSRF C services: osrf_ctl.sh -a restart_c (NOTE: you may require the -l flag on that command, depending on your system).

Optionally, you can also add the new <auth_limits> section to the <open-ils.auth> settings in /openils/conf/opensrf.xml if you want to specify non-default values. If so, then you will also need to restart the opensrf.settings service before restarting the OpenSRF C services.

]]> Comment on Evergreen at 5 by V aniversário de Evergreen « Baixamar http://evergreen-ils.org/blog/?p=646&cpage=1#comment-54881 V aniversário de Evergreen « Baixamar Sat, 10 Sep 2011 10:13:51 +0000 http://evergreen-ils.org/blog/?p=646#comment-54881 [...] alcanzou nestes 5 anos as 1.000 bibliotecas instaladas, a maioria públicas mas, ainda tem o inconveniente de ser um [...] [...] alcanzou nestes 5 anos as 1.000 bibliotecas instaladas, a maioria públicas mas, ainda tem o inconveniente de ser um [...]

]]> Comment on Evergreen releases: 2.0.6 and 2.1-Beta1 by Manjunatha http://evergreen-ils.org/blog/?p=524&cpage=1#comment-54545 Manjunatha Wed, 11 May 2011 12:48:23 +0000 http://evergreen-ils.org/blog/?p=524#comment-54545 How to instal evergreen software in the library, and how to download the this software How to instal evergreen software in the library, and how to download the this software

]]> Comment on Evergreen releases: 2.0 beta 3, 1.6.1.4, 1.6.0.10 by luis http://evergreen-ils.org/blog/?p=473&cpage=1#comment-54102 luis Tue, 14 Dec 2010 12:05:32 +0000 http://evergreen-ils.org/blog/?p=473#comment-54102 Hi! it is working, but I needed one more thing if you do not bother! need a tutorial on how to work with the evergreen, such as adding new records of books, pictures or even creating new types of documents!? Does someone could give me anything? Thanks Hi!

it is working, but I needed one more thing if you do not bother! need a tutorial on how to work with the evergreen, such as adding new records of books, pictures or even creating new types of documents!? Does someone could give me anything?

Thanks

]]> Comment on Evergreen releases: 2.0 beta 3, 1.6.1.4, 1.6.0.10 by jason http://evergreen-ils.org/blog/?p=473&cpage=1#comment-54084 jason Sat, 11 Dec 2010 16:39:25 +0000 http://evergreen-ils.org/blog/?p=473#comment-54084 I'd follow the steps here: http://docs.evergreen-ils.org/1.6/draft/html/troubleshooting.html It's for EG 1.6 and the output may be a little different, but the general principles still apply. I’d follow the steps here:
http://docs.evergreen-ils.org/1.6/draft/html/troubleshooting.html

It’s for EG 1.6 and the output may be a little different, but the general principles still apply.

]]> Comment on Evergreen releases: 2.0 beta 3, 1.6.1.4, 1.6.0.10 by Luis http://evergreen-ils.org/blog/?p=473&cpage=1#comment-54054 Luis Thu, 09 Dec 2010 15:38:32 +0000 http://evergreen-ils.org/blog/?p=473#comment-54054 Hi Jason, The virtual machine "Virtual image (beta 3)" that we can find int the Evergreen Downloads page. The steps performed are those described in the readme("http://evergreen-ils.org/~denials/Evergreen_2_0_beta3_Fedora14/README"). The staff client i am running it inside the image, there is any problem with that? everything seems to be ok, the hostname "localhost" is recognized, the Workstation is "BR1-beta3", only the login is failing! Any idea of the problem?? - Luis Hi Jason,

The virtual machine “Virtual image (beta 3)” that we can find int the Evergreen Downloads page.
The steps performed are those described in the readme(“http://evergreen-ils.org/~denials/Evergreen_2_0_beta3_Fedora14/README”).

The staff client i am running it inside the image, there is any problem with that?

everything seems to be ok, the hostname “localhost” is recognized, the Workstation is “BR1-beta3″, only the login is failing!

Any idea of the problem??
- Luis

]]>