Archive

Category Archives for "phpIPAM IP address management"

SElinux policy for icmp checks

Many issues reported with scanning subnets and updating host statuses are related to SElinux being enabled. So far the solution was to completely disable SElinux, but this was more workaround than anything else. Robert was kind enough to share SElinux policy that should be used with phpipam if SElinux is enabled on your server.

 

Basically it permits the opening of raw IP sockets for non-root users, that are required for executing ping command.

 

1) Create the file http_ping.tt and add the following to it:

module http_ping 1.0;

require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}

#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };

 

2) Run the following commands (as root user):

checkmodule -M -m -o http_ping.mod http_ping.tt
semodule_package -o http_ping.pp -m http_ping.mod
semodule -i http_ping.pp

brm

Using custom fields in phpipam

phpipam has support for creating custom fields to be used in address, subnets, vlans, devices and users tables. This is useful when you need to add some custom data to your tables. You can set your custom fields under Administration > Custom fields.

 

It supports following types of data and it representations:

  • varchar: normal input field
  • integer: input field that must be an integer
  • boolean: true/false field, that is interpreted with dropdown
  • text: textarea input field, that holds bigger data than varchar
  • date: adds date field, that is represented with date dropdown
  • datetime: adds datetime field, that is represented with date and time dropdown
  • set: set field adds dropdown options, you control options in size/length field. For example, to have dropdown with three options you set ‘site1′,’site2′,’site3′ in size/length field.

 

Besides setting field type there are some other variables that can be set for each:

  • size / length: depends on field type this controls maximum length of input field or text, maximum size of integer, options for set field etc.
  • default: adds default value if field is left blank.
  • required: controls weather field is required to be filled in, if Continue reading

phpipam MySQL database optimizations

Having large amount of subnets (and other tables) on unoptimised MySQL database server can significantly increase page loads. To see which parameters need to be change I usually use mysqltuner perl script, which connects to database, analyses data and proposes which parameters need to be changed that are not optimally set based on current load.mysqltuner

Installation is simple:

1.) Fetch mysqltuner on FreeBSD:

cd ~
fetch http://mysqltuner.pl

or wget on linux:

wget http://mysqltuner.com

2.) Make it executable:

chmod +x mysqltuner.pl

3.) And run it to analyse database, you have to provide administrative credentials.

./mysqltuner.pl

 

Any other similar scripts out there you would recommend?

brm

phpipam 1.1.010 update released

phpipam 1.1.010 update released with following fixes:

== 1.1.010

Bugfixes:
----------------------------
+ Fixed login fails with LDAP when escape characters are in password;
+ Fixed login not working with spaces in password for AD login;
+ Fixed Ivalid action when adding vlans from subnet popup menu;
+ Fixed custom fields not appearing properly on IP request editing;
+ Fixed Invalid ID error for IP address details on sorting;
+ Fixed warnings if no VLAN search results are present;
+ Fixed test mail not sending;
+ Fixed unable to login if $phpsessname not defined;
+ Fixed unable to login after upgrade;

I apologise for any inconvenience some users experienced with upgrade.

brm

phpipam v1.1 released :: security fixes, performance improvements, mod_rewrite optional

Dear all, I am happy to announce new version of phpipam IP address management – version 1.1.

This release fixed some bugs, provided some new features, but most importantly it was focused on:

  • Security fixes (SQL injection, XSS scripting, crypting DB passwords, brute-force attack prevention, …)
  • Performace improvements (Caching, reusing SQL connection),..
  • mod_rewrite no longer required, selectable URL structure under settings

Some screens:

installation vlans subnet

If you find phpIPAM useful for your company donations would be highly appreciated :)

You can demo it here: http://demo.phpipam.net/
You can download it on sourceforge site: phpipam-1.1.

Special thanks to all the people submitting bug reports, translators and feature testers!


Full changelog for this release is:

Enhancements:
----------------------------
+ Caching of SQL results to avoid multiple queries;
+ Reduced number of DB queries;
+ Added selected mail notifications to admins to be notified on IP/subnet change;
+ Added new subnetId index to ipaddresses table that significantly improves network loading;
+ Now using only 1 network connection towards MySQL server;
+ Updated pagination;
+ mod_rewrite no longer required, selectable URL structure under settings;
+ Added option not to display free ranges;
+ Added option to set maximum VLAN number;
+ Selectable custom fields to  Continue reading

phpipam version 1.0 released

Dear all, I am happy to announce new version of phpipam IP address management – version 1.0. Subnet details

New features, like changelog, favourite subnets, upgraded UI with bootstrap3 and other were introduced, and also lots of improvements and bug fixes are included. Most important are:

  • IP address changelog, subnet and section changelogs with full changelog under tools;
  • Favourite subnets for quick access;
  • Bootstrap 3 with UI enhancements;
  • Widgets can be reordered (dragged) directly on dashboard;
  • Mail settings can now be set on gui (localhost / smtp);

If you find phpIPAM useful for your company donations would be highly appreciated :)

You can demo it here: http://demo.phpipam.net/
You can download it on sourceforge site: phpipam-1.0.

Special thanks to all the people submitting bug reports, translators and feature testers!

Screenshots:

Dashboard Subnet scanning Subnet details Subnet editing Settings IP address editing

Full changelog for this release is:

New features:
----------------------------
+ IP address page with IP address details and IP history (Changelog);
+ IP address changelog, subnet and section changelogs with full changelog under tools;
+ Favourite subnets for quick access;
+ Adding subnets from free space with automatic mask provided;
+ Automatic database validity check after upgrading and automatic field/table fix under administration;
+ Automatic weekly check for new phpipam Continue reading

Automatic host availability check

From version 0.9 on there is a option to automatically check statuses of configured hosts for selected subnets, and I received some related questions about it, so here is a short description and guide for it.

Firstly, pcntl support for php cli is advised so phpipam can do parallel icmp checks, this greatly reduces time required for checking status. You can check if your installation is ok with following command:

php -m | grep pcntl

1.) Configure the parameters for pinging

You should set required parameters for pinging, etc ping path etc under

functions/scan/config-scan.php

You can get your ping path by invoking “whereis ping” in terminal.
You can also set some optional parameters in script itself

functions/scripts/pingCheck.php

 

Also, set the time parameters for status under Administration > IPAM settings (Ping status intervals), phpipam will set host as down/up based on this values.

2.) Select which networks to check

Now you have to select which subnets should scan for statuses for configured hosts. Go to edit subnet and check “Check hosts status”. This will tell the cron script to check the status of hosts inside this subnet.
ICMP check

3.) Add cron script

I suggest checking Continue reading

phpIPAM version 0.9 released

Dear all, I am happy to announce new version of phpipam IP address management – version 0.9. Subnet status
New features, like Support for ICMP network discovery, ICMP check IP status in demand, Compressed (grouped) DHCP IP ranges and other were introduced. Most important are:

  • Support for ICMP network discovery;
  • Cron script to check status for selected subnets/hosts with threading suport (pcntl php extension required)
  • ICMP check IP status in demand;
  • Added folders;
  • Compressed (grouped) DHCP IP ranges;
  • Added subsections;

Some instructions on how to setup ICMP scanning will follow.

If you find phpIPAM useful for your company donations would be highly appreciated :)

You can demo it here: http://demo.phpipam.net/
You can download it on sourceforge site: phpipam-0.9.

Special thanks to all the people submitting bug reports, translators and feature testers!

Screenshots:

Subnet status Screen Shot 2013-10-30 at 14.25.57 On-demand check IP last seen UI changes Mail status notifications

Full changelog for this release is:

New features:
----------------------------
+ Support for ICMP network discovery;
+ Cron script to check status for selected subnets/hosts with threading suport (pcntl php extension required);
+ ICMP check IP status in demand;
+ Compressed (grouped) DHCP IP ranges;
+ API server version 0.1;
+ Option to show and group subnets by VLAN in subnets list;
+ Option to show and Continue reading

phpIPAM version 0.8 released

Dear all, I am happy to announce new version of phpipam IP address management – version 0.8. Quite some bugs have been squashed and some new features introduced, like per-group permissions, support for translations, visual subnet displays and other: Permissions

  • New group and permission management;
  • Support for translations;
  • Subnet resizing;
  • Subnet splitting into smaller subnets;
  • Added free space display for nested subnets;
  • Added visual display of subnet usage per IP address;
  • Added truncate network option that deletes all IP addresses in subnet;
  • Added button the updates subnet with RIPE information;

You can demo it here: http://demo.phpipam.net/
You can download it on sourceforge site: phpipam-0.8.

Please note that IE8 is no longer supported!

Special thanks to all the people submitting bug reports, donors, translators and feature testers!

Screenshots:

Screen Shot 2013-06-18 at 10.19.10 PM Screen Shot 2013-06-18 at 10.18.57 PM Screen Shot 2013-06-18 at 10.19.36 PM Screen Shot 2013-06-18 at 10.19.32 PM Screen Shot 2013-06-18 at 10.18.47 PM

Full changelog for this release is:

New features:
----------------------------
+ New group and permission management;
+ Support for translations;
+ Subnet resizing;
+ Subnet splitting into smaller subnets;
+ Added free space display for nested subnets;
+ Added visual display of subnet usage per IP address;
+ Added truncate network option that deletes all IP addresses in subnet;
+ Added button the updates subnet with RIPE information;

Enhancements:
----------------------------
+ Continue reading

Translators wanted

Translation support will be available on next phpipam release, code is being redone and final checks ongoing. I have decided to go with gettext, it seems to be the most suitable for phpipam.

Translating is straight-forward, by providing translations for strings, for example:

#: functions/functions-mail.php:176
msgid “your domain username”
msgstr “translated text”

There are many tools available to help with translation, like poedit and others.

If anyone is interested in providing translation, please contact me on email. I have already received some requests in the past, I will try to dig up old emails…

brm

phpIPAM installation on debian 6.0.6

I have received a request for help on manual installation of phpIPAM on debian linux, so I decided to write a small how-to if anyone else has problems or is not so familiar with linux distributions and environment. I have used fresh default debian 6.0 as distribution because it is widely used, I believe on ubuntu linux procedure should be very similar, except maybe for locations of some config files.

I have used the following settings for installation:

  • Fresh debian installation
  • MySQL server not yet installed and no root pass configured
  • Apache not installed and configured
  • phpipam will be installed in default directory (no vhosts) under /phpipam/ folder

If you already have MySQL/apache set you can skip point 3.

Installation procedure:

1.) Preparing environment and installing required apps

Update your sources (apt-get update) and install Apache, php and mysql server:

apt-get install apache2 mysql-server php5 php5-gmp php-pear php5-mysql php5-ldap

After all is installed and the apache server is running, you need to decide weather you will be running it under vhost or in subdirectory or root directory. For this guide I will have it in subdirectory http://server/phpipam/, so do the following:

cd /var/www/
wget http://freefr.dl.sourceforge.net/project/phpipam/phpipam-1. Continue reading