Change from DHCP to a Static IP Address on Ubuntu Server

Very simple...

nano /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto enp0s31f6   # Do a ifconfig to see the network dev..
#iface enp0s31f6 inet dhcp  #you DO NOT want dhcp on a server!!!
iface enp0s31f6 inet static
address 192.168.x.xxx
netmask 255.255.255.x
network 192.168.x.x
broadcast 192.168.x.x
gateway 192.168.x.x
dns-nameservers 192.168.x.x

Source :
https://www.howtogeek.com/howto/ubuntu/change-ubuntu-server-from-dhcp-to-a-static-ip-address/

Install Cacti on CentOS 7.x for QNAP Nas (SNMP style)

I was asked: How to make SNMP easy and not on a commandline..

I like nmap and snmpwalk before I do a setup for a client.
yum -y install net-snmp net-snmp-utils nmap

#nmap 1x.x.x.0/24 > scan.txt   (You are looking for UDP port 161 (snmp) - so use UDP scan!! )
#cat scan.txt |more

#nmap -sU -p 161 --script=snmp-interfaces 1x.x.x.1  (Looking at the gateway)

Starting Nmap x.xx ( http://nmap.org ) at xxxxxxxxxxxxx CEST
Nmap scan report for gateway (1x.x.x.x.x)
Host is up (0.00013s latency).
PORT    STATE SERVICE
161/udp open  snmp
| snmp-interfaces:
|   pflog0
|     Type: ifPwType  Speed: 0 Kbps
|     Status: up
|     Traffic stats: 2456.21 Mb sent, 0.00 Kb received
|   pfsync0
|     Type: ilan  Speed: 0 Kbps
|     Status: up

|     Traffic stats: 230.30 Kb sent, 0.00 Kb received

Scanning : https://nmap.org/nsedoc/scripts/snmp-interfaces.html
More info about ports:  https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Why not use Cacti ?  More info : https://www.cacti.net/
"Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with thousands of devices."

Here I use CentOS 7.x:

#yum install mysql-server mysql php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli php-snmp php-pear-Net-SMTP php-mysql httpd net-snmp-utils php-snmp net-snmp-libs cacti nano mc

NOTE!!!!  It will install MariaDB....

To start MariaDB:
#systemctl enable mariadb
#systemctl start mariadb
#systemctl status mariadb

#mysqladmin -u root password NEWPASSWORD

-You can make a password on : http://passwordsgenerator.net/
and replace NEWPASSWORD.

Create a user called cacti with a password called NEWPASSWORD, enter:

#mysql -u root -p
#Enter password:     Enter : NEWPASSWORD

FAQ:
Q: Why not just do : mysql -u root -p [somepassword] ?
A: What happens if I do : history |grep mysql
A: I got the mysql root password in the lists...

Error : ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
fix :  mysqladmin -u root password NEWPASSWORD

mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'NEWPASSWORD';
mysql> FLUSH privileges;
mysql> \q

Let's find the Cacti SQL file to pass into the DB.

#rpm -ql cacti | grep cacti.sql

Output:
#/usr/share/doc/cacti-1.1.16/cacti.sql

#mysql -u cacti -p --database=cacti < /usr/share/doc/cacti-1.1.16/cacti.sql

If you get the error: ERROR 1046 (3D000) at line 12: No database selected 
fix : just add  --database=cacti in your call.

Configure the new cacti
Backup and Open /etc/cacti/db.php file, enter:
# cp  /etc/cacti/db.php  /etc/cacti/db.org
# nano /etc/cacti/db.php

Default:
$database_type     = 'mysql';
$database_default  = 'cacti';
$database_hostname = 'localhost';
$database_username = 'cacti';
$database_password = 'NEWPASSWORD';
$database_port     = '3306';
$database_ssl      = false;

Config The webserver.
Open /etc/httpd/conf.d/cacti.conf file, enter:

# nano /etc/httpd/conf.d/cacti.conf

##

Alias /cacti    /usr/share/cacti

<Directory /usr/share/cacti/>
        Order Deny,Allow
        Deny from all
        Allow from x.x.x.x/x  (your client IP range)
</Directory>

Another option is create /usr/share/cacti/.htaccess file and password protect the directory.

Now restart your webserver....

# service httpd restart

Redirecting to /bin/systemctl restart  httpd.service

To pull data from our unit we need to change the crontab. Just remove # 

#cat  /etc/cron.d/cacti
*/5 * * * *     cacti   /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

Now cacti is ready to install. Try with a webbrowser and type the url:
http://monitor-domaine/cacti/
OR
http://x.x.x.x/cacti/

NOTE!
The default username and password for cacti is admin / admin. Upon first login, you will be force to change the default password.

Error :  Forbidden
            You don't have permission to access /cacti/ on this server.
fix :      Did you do the /cacti/.htaccess or the conf.d/cacti.conf   ?

ERROR: Your Cacti database login account does not have access to the MySQL TimeZone database. Please provide the Cacti database account "select" access to the "time_zone_name" table in the "mysql" database, and populate MySQL's TimeZone information before proceeding.
Discussed on the forum here:   http://forums.cacti.net/viewtopic.php?f=2&t=56815

fix
#mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p --database=mysql
#Enter password:     Enter : NEWPASSWORD

#GRANT SELECT ON mysql. time_zone_name TO 'cacti'@'localhost' IDENTIFIED BY 'NEWPASSWORD';

Next asking the NAS.... You need to enable SNMP before!
info:  http://docs.qnap.com/nas/4.2/SMB/en/index.html?snmp_settings.htm

https://exchange.nagios.org/directory/Plugins/Network-Connections%2C-Stats-and-Bandwidth/Check-QNAP-Disk/details

Plz : Test it with snmpwalk ;-)    To install it : yum -y install net-snmp net-snmp-utils

SNMP for QNAP Turbo NAS TS-869 Pro:

#$IP is QNAP NAS IP-address
#system CPU usage
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.1.0

#system total memory
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.2.0

#system free memory
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.3.0

#Uptime of network portion of system
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.4.0

#System uptime - fraction longer
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.2.1.25.1.1.0

#System temp
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.6.0

Output :

"0.60 %"

"1985.2 MB"

"2640.4 MB"

49:1:57:15.36

49:1:57:15.38

"44 C/111 F"

Join us on September 11 -2017 @ Red Hat Forum in Copenhagen

Driving innovation in your digital world
Red Hat Forum in Copenhagen is Denmark's number one premier conference for open innovation technologies. The event brings together senior executives, IT decision makers, customers, partners, developers to discuss cloud innovation, devops and containers.

Join us on September 11 to learn from leading Danish enterprises
as they share success stories of their digital journeys.

Other highlights include:

Keynotes & technical breakout sessions
Network with peers
Discuss open source projects
Meet with technical experts & innovators
Discover fundamental advances in cloud computing

The event is free of charge.
Resource : https://www.redhat.com/en/about/events/red-hat-forum-denmark-2017

Red Hat Forum Denmark 2017 Event 
Locations Copenhagen, Denmark 
September 11, 2017Copenhagen, Denmark
Tivoli Congress Center

Security Patches and Updates Automatically on CentOS

run:
yum update -y && yum install yum-cron -y

Note! When your are done edit the file run :
systemctl start yum-cron.service
systemctl enable  yum-cron.service
systemctl status yum-cron.service

Once the installation is complete, open /etc/yum/yum-cron.conf and locate what you want on your server.

My File :

[commands]
#  What kind of update to use:
# default                            = yum upgrade
# security                           = yum --security upgrade
# security-severity:Critical         = yum --sec-severity=Critical upgrade
# minimal                            = yum --bugfix update-minimal
# minimal-security                   = yum --security update-minimal
# minimal-security-severity:Critical =  --sec-severity=Critical update-minimal
update_cmd = default

# Whether a message should be emitted when updates are available,
# were downloaded, or applied.
update_messages = yes

# Whether updates should be downloaded when they are available.
download_updates = yes

# Whether a message should be emitted when updates are available,

# were downloaded, or applied.

update_messages = yes

# Whether updates should be downloaded when they are available.

download_updates = yes

# Whether updates should be applied when they are available.  Note

# that download_updates must also be yes for the update to be applied.

apply_updates = no

# Maximum amout of time to randomly sleep, in minutes.  The program

# will sleep for a random amount of time between 0 and random_sleep

# minutes before running.  This is useful for e.g. staggering the

# times that multiple systems will access update servers.  If

# random_sleep is 0 or negative, the program will run immediately.

# 6*60 = 360

random_sleep = 360

[emitters]

# Name to use for this system in messages that are emitted.  If

# system_name is None, the hostname will be used.

system_name = None

# How to send messages.  Valid options are stdio and email.  If

# emit_via includes stdio, messages will be sent to stdout; this is useful

# to have cron send the messages.  If emit_via includes email, this

# program will send email itself according to the configured options.

# If emit_via is None or left blank, no messages will be sent.

emit_via = stdio

# The width, in characters, that messages that are emitted should be

# formatted to.

output_width = 80

[email]

# The address to send email messages from.

# NOTE: 'localhost' will be replaced with the value of system_name.

## Forward your root to your mail ;-)

email_from = root@localhost

# List of addresses to send messages to.

email_to = root

# Name of the host to connect to to send email messages.

email_host = localhost

[groups]
# NOTE: This only works when group_command != objects, which is now the default
# List of groups to update
group_list = None

# The types of group packages to install
group_package_types = mandatory, default

[base]
# This section overrides yum.conf
# Use this to filter Yum core messages
# -4: critical
# -3: critical+errors
# -2: critical+errors+warnings (default)
debuglevel = -2
# skip_broken = True
mdpolicy = group:main

# NOTE: This only works when group_command != objects, which is now the default

# List of groups to update

group_list = None

# The types of group packages to install

group_package_types = mandatory, default

[base]

# This section overrides yum.conf

# Use this to filter Yum core messages

# -4: critical

# -3: critical+errors

# -2: critical+errors+warnings (default)

debuglevel = -2

# skip_broken = True

mdpolicy = group:main

# Uncomment to auto-import new gpg keys (dangerous)

# assumeyes = True

Resource :
https://www.tecmint.com/auto-install-security-patches-updates-on-centos-rhel/

https://serversforhackers.com/c/automatic-security-updates-centos

https://serverfault.com/questions/425192/security-update-in-centos-which-way-is-it

We are : https://computerome.dtu.dk/

How To Install and Configure Fail2Ban on Ubuntu 16.04LTS

Please Note Before !!:  (you need to be root!!)
When the Apache server is running and is enabled, you can go ahead and install fail2ban
sudo apt-get update ; sudo apt-get install fail2ban
Please note! By default, fail2ban is configured to only ban failed SSH login attempts.
We need to enable some rules that will configure it to check our Apache
logs for patterns that indicate malicious activity.

To enable and protect your Apache:   
#cd /etc/fail2ban/jail.d/ ;  nano defaults-debian.conf
[php-url-fopen]
enabled = true
[apache-modsecurity]
enabled = true
[apache-fakegooglebot]
enabled = true
[apache-botsearch]
enabled = true
[apache-nohome]
enabled = true
[apache-overflows]
enabled = true
[apache-noscript]
enabled = true
[apache-auth]
enabled = true

Please note :
To make modifications, we need to copy this file to /etc/fail2ban/jail.local.
please do, so you are not overwriteing the conf file.:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Open the newly copied file so that we can set up what ever log monitoring you want:
cd /etc/fail2ban/ ; sudo nano jail.local
Changes (so you don't ban your self when testing)....  
ignoreip = 127.0.0.1/8   YOU_IP     Your_ISP_Net NAT_IP
When you are done :
sudo service fail2ban restart
sudo fail2ban-client status
sudo iptables -S

update-rc.d fail2ban defaults

You may also Install mod_security
Modsecurity is available in the Debian/Ubuntu repository:
apt-get install libapache2-modsecurity
Verify if the mod_security module was loaded.
apachectl -M | grep --color security

How To Install and Configure Varnish with Apache on Ubuntu 16.04LTS

About Varnish

Varnish is an HTTP accelerator and a useful tool for speeding up a server, especially during a times when there is high traffic to a site. It works by redirecting visitors to another port or IP on a Webserver. In This case it's Apache running on port 8080 (default is port 80) on the same server!!.
Info : https://varnish-cache.org/faq/index.html

The Setup : (on Ubuntu 16.04 LTS )
sudo apt install varnish  or  sudo apt-get install varnish
 nano /etc/apache2/ports.conf
Change : Listen 127.0.0.1:80 < to > Listen 127.0.0.1:8080
# Save with X -> Next step....
sudo nano /etc/varnish/default.vcl
# Default backend definition. Set this to point to your content server.
backend default {
## #The V4 IP on the Web-server
    .host = "10.0.0.4";
###The port where the Webserver listen.
    .port = "8080";
}
# Save with X -> Next step....
nano /etc/systemd/system/multi-user.target.wants/varnish.service
## Find the 6081 and change it to 80  (near "user=vcache -F -a")
###Like this :
[Unit]
Description=Varnish HTTP accelerator
Documentation=https://www.varnish-cache.org/docs/4.1/ man:varnishd
[Service]
Type=simple
LimitNOFILE=131072
LimitMEMLOCK=82000
ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:6082 -f$
ExecReload=/usr/share/varnish/reload-vcl
ProtectSystem=full
ProtectHome=true
PrivateTmp=true
PrivateDevices=true
[Install]
WantedBy=multi-user.target
# Save with X -> Next step....  # Restart httpd service and Varnish...
sudo service varnish restart
systemctl daemon-reload
####TEST########  Note : port 80 and the webserver : 8080
root@WindarPh-China01:/# netstat -tupln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:29130         0.0.0.0:*               LISTEN      1820/mdsd
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1098/varnishd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1092/sshd
tcp        0      0 127.0.0.1:6082          0.0.0.0:*               LISTEN      1098/varnishd
tcp6       0      0 :::80                   :::*                    LISTEN      1098/varnishd
tcp6       0      0 :::8080                 :::*                    LISTEN      1497/apache2
udp        0      0 0.0.0.0:68              0.0.0.0:*                           966/dhclient

####TEST########

 curl 127.0.0.1

####TEST########

varnishtop

### Open a browser and try the webserver's IP ;-)

-Errors....  Is the UFW on? Is the ports open? (The firewall)

-Errors....  What do the log in  /var/log/varnish say ??