Какво е ЕМАS?

Схемата за Управление по околна среда и одитиране (EMAS) е доброволен управленски инструмент предлаган на организациите за оценяване, подобряване и докладване на тяхната резултатност, свързана с опазването на околната среда.

От 2001 година EMAS е достъпна за всички видове организации.

През 2009-та година EMAS беше променена и ревизирана за втори път. Регламент (EC) No 1221/2009 е в сила от 11-ти януари 2010 г.

През 2001 EMAS интегрира в изискванията към организациите, които търсят съответствие с нея  сертификация по EN/ISO 14001 (Системата за управление по околна среда съответсваща на EN/ISO 14001стана  изискуема по EMAS.).

Continue reading »

БДС EN 16001:2009 Системи за енергийно управление. Изисквания с указания за прилагане

 

Целта на този европейски стандарт е да регламентира обща рамка за управление на енергийната ефективност и да помогне на организациите при създаването, прилагането, поддържането и подобряването на системи и процеси, необходими за повишаване на енергийната ефективност.Директива  DIR2006/32/CE art 3 дава определение за енергия: „…всички форми на търговски достъпна енергия, включително електричество, природен газ и всички горива използвани за отопление и охлаждане (включително централно отопление и охлаждане), въглища, торф, горива, използвани за транспортни цели (с изключение на авиационни и морски горива) и биомаса.”

Стандартът БДС EN 16001:2009 може да бъде приложен за всяка организация независимо от нейната големина и сфера на дейност,  която иска да:

  • Подобри енергийната си ефективност, прилагайки един систематичен подход;
  • Създаде, прилага, поддържа и подобрява система за управление на енергийната ефективност;
  • Осигури съответствие с декларираната политика за енергийна ефективност;
  • Да покаже това съответствие на останалите.

Continue reading »

Cisco VPN Client – отдалечена връзка до ресурсите във вътрешната мрежа. Част трета – официален Cisco VPN клиент за Linux

В последната част на тази поредица, ще разгледаме използването на closed source клиента за Cisco VPN за Linux. За разлика от VPNC, този клиент не се разпространява под формата на пакет за Linux, за това единственият начин да го инсталирате е, инсталация от source code.

Continue reading »

Cisco VPN Client – remote connection to the resources on your intranet. Part Three – the official Cisco VPN client for Linux

The last part of this series will examine the use of closed source Cisco VPN client for Linux. In contrast to the VPNC, this client is not distributed in the form of package for Linux and the only way to install it is installation from source code.

1. Installation

The installation of Cisco VPN client for Linux depends very much on the kernel version of the system. In this article we will look at installation with kernel 2.6.35 or newer.To install the client you must first download it from the Cisco’s site. Client is available after site registration. In addition, you’ll need to patch the client, without which it is impossible to complete the installation. You can find the patch, attached to the end of this article. Although this patch is for kernel version 2.6.35, it can be used for newer versions.To install the client, it is necessary to do the following:

1. Unzip the client

tar-xzvf vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz

2. Unzip the patch

unzip vpnclient-linux-2.6.35.patch.zip

3. Apply the patch

ivailo@voyager:~/Downloads/vpn> cd vpnclient/
ivailo@voyager:~/Downloads/vpn/vpnclient> patch -p1 \
--dry-run < ../vpnclient-linux-2.6.35.patch
patching file frag.c
patching file interceptor.c
patching file IPSecDrvOS_linux.c
patching file linuxcniapi.c
ivailo@voyager:~/Downloads/vpn/vpnclient> patch -p1 < ../vpnclient-linux-2.6.35.patch
patching file frag.c
patching file interceptor.c
patching file IPSecDrvOS_linux.c
patching file linuxcniapi.c
ivailo@voyager:~/Downloads/vpn/vpnclient>

Use the –dry-run keyВ  to test the patch, without changing the source code of the application. If subsequent messages contain errors, you need to find the correct patch for the specific version of the client.4. Install clientAfter applying the patch, it is necessary to execute the installation script of the program as a system administrator (root):

ivailo@voyager:~/Downloads/vpn/vpnclient> su
Password:
voyager:/home/ivailo/Downloads/vpn/vpnclient # ./vpn_install
Cisco Systems VPN Client Version 4.8.02 (0030) Linux Installer
Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.

By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms. 

Directory where binaries will be installed [/usr/local/bin]

Automatically start the VPN service at boot time [yes]

In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.

Directory containing linux kernel source code [/lib/modules/2.6.38.5-1-desktop/build]

* Binaries will be installed in "/usr/local/bin".
* Modules will be installed in "/lib/modules/2.6.38.5-1-desktop/CiscoVPN".
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from "/lib/modules/2.6.38.5-1-desktop/build" will be \
used to build the module.

Is the above correct [y]y

Making module
make -C /lib/modules/2.6.38.5-1-desktop/build \
SUBDIRS=/home/ivailo/Downloads/vpn/vpnclient modules
make[1]: Entering directory `/usr/src/linux-2.6.38.5'
 CC [M]  /home/ivailo/Downloads/vpn/vpnclient/linuxcniapi.o
 CC [M]  /home/ivailo/Downloads/vpn/vpnclient/frag.o
 CC [M]  /home/ivailo/Downloads/vpn/vpnclient/IPSecDrvOS_linux.o
 CC [M]  /home/ivailo/Downloads/vpn/vpnclient/interceptor.o
 CC [M]  /home/ivailo/Downloads/vpn/vpnclient/linuxkernelapi.o
 LD [M]  /home/ivailo/Downloads/vpn/vpnclient/cisco_ipsec.o
 Building modules, stage 2.
 MODPOST 1 modules
WARNING: could not find /home/ivailo/Downloads/vpn/vpnclient/.libdriver.so.cmd for \
/home/ivailo/Downloads/vpn/vpnclient/libdriver.so
 CC      /home/ivailo/Downloads/vpn/vpnclient/cisco_ipsec.mod.o
 LD [M]  /home/ivailo/Downloads/vpn/vpnclient/cisco_ipsec.ko
make[1]: Leaving directory `/usr/src/linux-2.6.38.5'
Create module directory "/lib/modules/2.6.38.5-1-desktop/CiscoVPN".
Copying module to directory "/lib/modules/2.6.38.5-1-desktop/CiscoVPN".
Already have group 'bin'

Creating start/stop script "/etc/init.d/vpnclient_init".
 /etc/init.d/vpnclient_init
insserv: warning: script 'S14smfpd' missing LSB tags and overrides
insserv: warning: script 'vpnclient_init' missing LSB tags and overrides
insserv: warning: script 'vpnclient_init' missing LSB tags and overrides
insserv: Default-Start undefined, assuming default start runlevel(s) for \
script `vpnclient_init'
insserv: warning: script 'smfpd' missing LSB tags and overrides
vpnclient_init            0:off  1:off  2:off  3:off  4:off  5:off  6:off
Enabling start/stop script for run level 3,4 and 5.
insserv: warning: script 'S14smfpd' missing LSB tags and overrides
insserv: warning: script 'vpnclient_init' missing LSB tags and overrides
insserv: warning: script 'vpnclient_init' missing LSB tags and overrides
insserv: Default-Start undefined, assuming default start runlevel(s) for \
script `vpnclient_init'
insserv: warning: script 'smfpd' missing LSB tags and overrides
insserv: Service syslog is missed in the runlevels 4 to use service vboxdrv
vpnclient_init            0:off  1:off  2:off  3:on   4:off  5:on   6:off
Creating global config /etc/opt/cisco-vpnclient

Installing license.txt (VPN Client license) in "/opt/cisco-vpnclient/":
 /opt/cisco-vpnclient/license.txt

Installing bundled user profiles in "/etc/opt/cisco-vpnclient/Profiles/":
* New Profiles     : sample 

Copying binaries to directory "/opt/cisco-vpnclient/bin".
Adding symlinks to "/usr/local/bin".
 /opt/cisco-vpnclient/bin/vpnclient
 /opt/cisco-vpnclient/bin/cisco_cert_mgr
 /opt/cisco-vpnclient/bin/ipseclog
Copying setuid binaries to directory "/opt/cisco-vpnclient/bin".
 /opt/cisco-vpnclient/bin/cvpnd
Copying libraries to directory "/opt/cisco-vpnclient/lib".
 /opt/cisco-vpnclient/lib/libvpnapi.so
Copying header files to directory "/opt/cisco-vpnclient/include".
 /opt/cisco-vpnclient/include/vpnapi.h

Setting permissions.
 /opt/cisco-vpnclient/bin/cvpnd (setuid root)
 /opt/cisco-vpnclient (group bin readable)
 /etc/opt/cisco-vpnclient (group bin readable)
 /etc/opt/cisco-vpnclient/Profiles (group bin readable)
 /etc/opt/cisco-vpnclient/Certificates (group bin readable)
* You may wish to change these permissions to restrict access to root.
* You must run "/etc/init.d/vpnclient_init start" before using the client.
* This script will be run AUTOMATICALLY every time you reboot your computer.
voyager:/home/ivailo/Downloads/vpn/vpnclient #
Р’ горните листинги използвам знака “\\” Р·Р° РґР° обознача, че реда продължава. Можете РґР° използвате целите редове СЃ команди директно РїРѕ този начин, това Рµ стандартен начин Р·Р° разделяне РЅР° команда РЅР° редове РїРѕРґ bash. След приключване РЅР° последната команда, VPN клиентът Рµ инсталиран. Р—Р° РґР° РіРѕ стартирате обаче, Рµ необходимо РґР° стартирате Рё системния процес, управляващ VPN връзките Рё инсталиран РѕС‚ клиента. Р—Р° целта изпълнете командата:

In the above listings I am using the “\\” to indicate that the line continues. You can use all lines of the commands directly in this way, because this is the standard way of dividing the command line under bash. After the last command, VPN client is installed. To run it, it is necessary to run the system process, managing VPN connections and installed by the set-up program. To do run the following command:

voyager:/home/ivailo/Downloads/vpn/vpnclient # /etc/init.d/vpnclient_init start
Starting /opt/cisco-vpnclient/bin/vpnclient: Done
voyager:/home/ivailo/Downloads/vpn/vpnclient #

NOTE: If you use Debian or Ubuntu, after rebooting the system it is possible the system service to not be started automatically. By default, the process is set to start in runlevel 3 and 5, and in Debian and Ubuntu, graphical environment is started in runlevel 2. To change this, it is necessary to use the program update-rc.d (more on how to use this program can be found at this address – http://www.debuntu.org/how-to-manage-services-with -Update-rc.d ) or to add a link to /etc/rc2.d:

su
cd /etc/rc2.d
ln -s /etc/init.d/vpnclient_init S01vpnclient_init
ln -s /etc/init.d/vpnclient_init K01vpnclient_init

The subject for the management of processes in Linux based systems will be discussed in a later post.

2. How to use the client

The official Cisco VPN client for Linux uses only existing pcf files. For this purpose it is necessary to copy pcf in the directory /etc/opt/cisco-vpnclient/Profiles/:

cp sample.pcf /etc/opt/cisco-vpnclient/Profiles/

2.1. Connection

Connection is done by the command ‘vpnclient connect’, followed by the name of the user without adding extension pcf. Implementation of all types of command vpnclient be made as user root.

vpnclient connect sample

Upon request, enter your username and password.

2.2. Disconnect

To disconnect it is necessary to run the following command:

vpnclient disconnect

Since the client can only support one connection is not necessary to specify which link is broken.

For other keys applicable to the command, run

vpnclient --help

3. Advantages and disadvantages

The main advantage of this client is that it supports connection over TCP tunnel. If the connection is of this type, VPNC will not work.

In my experience with this program, I found two main drawbacks. First, Cisco does not make new versions of the client often enough. This explains the need to use the patch during installation. This entails that if the client has a problem, it has been removed in recent years.

Such a problem is the second flaw. If you use this client machine to a wireless network and want to use the client to transfer X11 connection from the remote network to the local machine (X11 Forwarding), it can not use the wireless network. If you try to use X11 Forwarding in Cisco VPN for Linux and wireless networking, graphic server on your system (the machine from which you connect through Cisco VPN client)В  will reset or stop working altogether. To avoid this problem, use the X11 Forwarding in the Cisco VPN client only when connected via cable. This problem does not affect the VPNC.

vpnclient-linux-2.6.35.patch

Превод на сайта

Здравейте,

започна процес по превод на сайта на английски език. С течение на времето, всички съществуващи публикации, ще бъдат преведени. Също така, бъдещите публикации, ще бъдат достъпни и на двата езика – български и английски.

Поздрави от екипа на ММ Бизнес Консулт

Website translation

Hello,

we have started to translate this website to English language. In time, all existing publications will be translated. Also the new publications will be available on both languages – Bulgarian and English.

Best regards from the MM Business Consult team.

Cisco VPN Client – remote connection to the resources on your intranet. Part Two – Linux open source client

In this part of this series of articles, we will examine the use of Linux open source client. The clients are two types – command line interface (vpnc) and graphical user interface (the most common are kvpnc and NetworkManager)

1. VPNC

VPNC is a project, which aims to provide the ability to connect to Cisco VPN server. Also, graphical clients for Linux relay on VPNC installation, so they can create the connection. VPNC can be seen as a terminal application and a library for various GUI tools. VPNC might be installed on the system already but also it might not be. This depends on the choice of packages during installation. To check whether the system has VPNC installed, open any terminal emulator (eg xterm, konsole, gnome-terminal), then run the following commands:

ivailo@voyager:~> su
Password:
voyager:/home/ivailo # vpnc --version
vpnc version 0.5.3
Copyright (C) 2002-2006 Geoffrey Keating, Maurice Massar, others
vpnc comes with NO WARRANTY, to the extent permitted by law.
You may redistribute copies of vpnc under the terms of the GNU General
Public License.  For more information about these matters, see the files
named COPYING.
Built with certificate support.

Supported DH-Groups: nopfs dh1 dh2 dh5
Supported Hash-Methods: md5 sha1
Supported Encryptions: null des 3des aes128 aes192 aes256
Supported Auth-Methods: psk psk+xauth hybrid(rsa)
voyager:/home/ivailo #

In the different Linux distributions there is possibility, that the commands might be slightly different. For example in Ubuntu and its derivatives rather than su can use sudo, to execute the “vpnc –version”. Sudo is a tool that provides temporary administrative rights to the user. Basically, this command is present in all Linux distributions, but some of them (eg Fedora), users are not able to use it without explicit configuration, performed by the administrator. In some cases, it is even possible to run a “vpnc –version” without having administrative rights. For others like openSuSE, it is impossible. If, instead of detailed information, such as above, you get a message like

bash: vpnc: command not found

then the system does not have VPNC installes. To install the client use the packet manager of the system or download the source code package from the project site ( http://www.unix-ag.uni-kl.de/ massar ~ / vpnc / ), then compile and install it. VPNC uses two ways to be configured and to create a connection – manually entering the configuration information when you start the program or use existing pcf file. With the first method, when you run the program, it asks you a series of questions:

  1. Enter IPSec gateway address – this is the address of the server you are trying to connect
  2. Enter IPSec ID for <ip address> – the name of the VPN group
  3. Enter IPSec secret for <group name> @ <ip address> – password for VPN group
  4. Enter username for <ip address> – user assigned by your network administrator
  5. Enter password for <username> @ <ip address> – your password

The program can be started by issuing the following commands:

ivailo@voyager:~> su
Password:
voyager:/home/ivailo # vpnc

The program must be started as Administrator (root), because when a connection is created, the application makes configuration changes to the system, that require administrative rights. After entering the requested information, the program connects to the VPN concentrator and then goes in background mode. To disconnect, as administrator run:

voyager:/home/ivailo # vpnc-disconnect
Terminating vpnc daemon (pid: 4872)

The second method is to first convert pcf file to a format, that can be used by VPNC. To do this use the tool pcf2vpnc:

/usr/bin/pcf2vpnc converts VPN-config files from pcf to vpnc-format.
Usage: /usr/bin/pcf2vpnc  [vpnc file]
voyager:/home/ivailo #

The program is bundled with VPNC. However, you may have installed VPNC, but do not have pcf2vpnc. In this case, download the program from the project site – http://svn.unix-ag.uni-kl.de/vpnc/trunk/pcf2vpnc

wget http://svn.unix-ag.uni-kl.de/vpnc/trunk/pcf2vpnc
chmod +x pcf2vpnc
mv pcf2vpnc /usr/local/bin/

The program relies on another tool, to decrypt passwords stored in the pcf file:

wget http://www.unix-ag.uni-kl.de/~massar/soft/cisco-decrypt.c
gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)
mv cisco-decrypt /usr/local/bin

To compile this program, the system must be installed libraries development and libgcrypt-dev libgpg-error-dev. To convert pcf file, do the following:

pcf2vpnc test.pcf > test.conf
cp client.conf /etc/vpnc

To make a connection using the configuration file, run VPNC, after the name of the program add the account name:

vpnc test

2. KVpnc

KVpnc is a GUI for VPNC, Cisco VPN client for Linux, OpenVPN and some other VPN services. This means that in order to create a connection, it relays on VPNC or Cisco VPN client for Linux (which is discussed in detail in the next part of the series). Usually KVpnc is not installed with the system and it is necessary to install it manually additional, by using the packet manager of the distribution, or by compile it from source code. If you want to download the latest version, but it is not available from the repositories of the distribution you are using, you can do it from the project site – http://home.gna.org/kvpnc/en/index.html The program itself is created for KDE, so in order to be able to use it, you need to have installed certain parts of KDE, even if you use another desktop environment. If you install the program from distribution repositories, the packet manager will make sure that you will install all the dependencies you need. If you compile the program from source code, look at the dependencies on the following page: http://home.gna.org/kvpnc/en/documentation.html Here is the main window of KVpnc: KVpnc – Основен прозорецAs with the Cisco VPN client for Windows, there are buttons for making a connection, disconnect and management of the profiles. All these features and others are also available in the menus of the program. The program can directly import pcf files, so if you already have made pcf file, you can simply import it into the program. In the menu “Profile”, select the item “Import Cisco pcf file”. If you do not have pcf file, you can use the wizard to create a new connection, which is located in the menu “Profile”, item “New profile (Wizard)” KVpnc – помощник Р·Р° създаване РЅР° РЅРѕРІ профилAs seen from the above image, the program is able to create multiple profiles for different VPN services. To create an account for use with VPNC, select the Cisco (free) item. The next step allows you to import existing pcf file or to proceed with creating a new profile. KVpnc – РёР·Р±РѕСЂ РЅР° типа РЅР° съществуващ или РЅРѕРІ профилIn the next few screen enter the information that you used to create the profile in the client for Windows. Once you have created a profile, in order to connect, select the account from the drop-down menu “Profile” in the main window and press “Connect”. In the main window a bunch of messages will appear informing you of different information for the connection, including its duration. Once you’re done, to disconnect, press the “Disconnect” button. It is important to note that work KVpnc needs administrator privileges on the machine in order to run.

3. NetworkManager

Unlike KVpnc, NetowkrManager is a program written for KDE and not a program, made only to manage VPN connections. NetworkManager is a program designed to facilitate the management of network connections in Linux distributions, using profiles, and does not require administrative privileges to change network settings on the machine. These things make it the preferred program for managing network connections and in particular the VPN connections. Like KVpnc, NetworkManager needs installed VPNC, but can not manage connections, using Cisco VPN client for Linux. To use NetworkManager to create VPNC connection, it is necessary to install some plugin:

  1. NetworkManager-vpnc – this is a basic plugin. It is binding because in practice he managed the construction of the link
  2. NetworkManager-vpnc-kde4 – graphical interface for KDE
  3. NetworkManager-vpnc-gnome – GUI for Gnome

Depending on this, what desktop environment you use, install the second or the third plugin. After installation in the main interface of NetworkManager appears an additional element – VPN. Since I use KDE, explanations will be for this environment. Gnome settings under similar names such as layout and interface.

KDE NetworkManager - Управление РЅР° VPN връзкитеFrom the “Add” drop-down button, select the VPNC, then enter the details for the connection in the window that appears. NetworkManager is not able to use pcf files, so you need to enter all the information manually.

KDE NetworkManager - Създаване на нова VPN връзка After establishing the connection, it appears in the menu of NetworkManager, which can be accessed by the system toolbar. Activation of the link is by selecting the item (the name of the link) from the menu. Disabling the link is from the same place.

4. Advantages and disadvantages of VPNC

The main advantage of using VPNC (open source client for Cisco VPN) and its GUI interfaces is, that because the program is open source, it develops much faster than the official client from Cisco, and if it has errors, they are removed very quickly. It also integrates well with Linux distributions and is very easy to use. As a disadvantage I can say that to date, it does not support Cisco VPN connection over TCP protocol. According to the official site of the project, that is possible to change, but when – it is not clear. So if your VPN connection requires TCP, it is necessary to use the official Cisco VPN client for Linux, which will examine in the next part of the series.

Cisco VPN Client – отдалечена връзка до ресурсите във вътрешната мрежа. Част втора – Linux open source клиент

В тази част от поредицата статии, за изграждане на връзка към вътрешната фирмена мрежа, посредством Cisco VPN, ще разгледаме използването на Linux клиент с отворен код (open source). Клиентите под Linux се делят на конзолни (vpnc) и графични (най-разпространени са kvpnc и NetworkManager).

Continue reading »

Кой и защо може да внедри изискванията на BS OHSAS 18001:2007

BS OHSAS 18001:2007 е Международен стандарт за управление на безопасността и здравето при работа.
Беше публикуван през юли 2007 г. и замества OHSAS 18001:1999. Описва изисквания за управление на здравето и безопасността при работа (OH & S).
BS OHSAS 18001 :2007 осигурява рамка за ефективното управление на OH & S, включително спазване на законодателството, приложимо за вашата дейност и идентифицираните рискове.

Continue reading »

Cisco VPN Client – отдалечена връзка до ресурсите във вътрешната мрежа. Част първа – Windows

В днешно време голяма част от фирмите позволяват отдалечен достъп до ресурси във вътрешната си мрежа посредством използването на VPN (Virtual Private Network). Същественото при осъществяването на достъп до вътрешната фирмена мрежа посредством VPN, цялата информация между вътрешната мрежа и клиентската машина се предава в криптиран вид, като по този начин се запазва поверителността на информацията.

Един от най-разпространените методи за осъществяване на VPN връзка е, чрез използването на Cisco VPN. Клиента за изграждане на връзката има версии както за Windows, така и за Mac OSX и Linux. В тази поредица от статии ще разгледаме начините за използване на версиите на Cisco VPN клиента за Windows и Linux.

Continue reading »

Previous Entries