tirsdag den 29. august 2017
Change from DHCP to a Static IP Address on Ubuntu Server
Very simple...
nano /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto enp0s31f6 # Do a ifconfig to see the network dev..
#iface enp0s31f6 inet dhcp #you DO NOT want dhcp on a server!!!
iface enp0s31f6 inet static
address 192.168.x.xxx
netmask 255.255.255.x
network 192.168.x.x
broadcast 192.168.x.x
gateway 192.168.x.x
dns-nameservers 192.168.x.x
Source :
https://www.howtogeek.com/howto/ubuntu/change-ubuntu-server-from-dhcp-to-a-static-ip-address/
torsdag den 3. august 2017
Install Cacti on CentOS 7.x for QNAP Nas (SNMP style)
I was asked: How to make SNMP easy and not on a commandline..
I like nmap and snmpwalk before I do a setup for a client.
yum -y install net-snmp net-snmp-utils nmap
#nmap 1x.x.x.0/24 > scan.txt (You are looking for UDP port 161 (snmp) - so use UDP scan!! )
#cat scan.txt |more
#nmap -sU -p 161 --script=snmp-interfaces 1x.x.x.1 (Looking at the gateway)
Starting Nmap x.xx ( http://nmap.org ) at xxxxxxxxxxxxx CEST
Nmap scan report for gateway (1x.x.x.x.x)
Host is up (0.00013s latency).
PORT STATE SERVICE
161/udp open snmp
| snmp-interfaces:
| pflog0
| Type: ifPwType Speed: 0 Kbps
| Status: up
| Traffic stats: 2456.21 Mb sent, 0.00 Kb received
| pfsync0
| Type: ilan Speed: 0 Kbps
| Status: up
| Traffic stats: 230.30 Kb sent, 0.00 Kb received
Scanning : https://nmap.org/nsedoc/scripts/snmp-interfaces.html
More info about ports: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Why not use Cacti ? More info : https://www.cacti.net/
"Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with thousands of devices."
Here I use CentOS 7.x:
#yum install mysql-server mysql php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli php-snmp php-pear-Net-SMTP php-mysql httpd net-snmp-utils php-snmp net-snmp-libs cacti nano mc
NOTE!!!! It will install MariaDB....
To start MariaDB:
#systemctl enable mariadb
#systemctl start mariadb
#systemctl status mariadb
#mysqladmin -u root password NEWPASSWORD
-You can make a password on : http://passwordsgenerator.net/
and replace NEWPASSWORD.
Create a user called cacti with a password called NEWPASSWORD, enter:
#mysql -u root -p
#Enter password: Enter : NEWPASSWORD
FAQ:
Q: Why not just do : mysql -u root -p [somepassword] ?
A: What happens if I do : history |grep mysql
A: I got the mysql root password in the lists...
Error : ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
fix : mysqladmin -u root password NEWPASSWORD
mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'NEWPASSWORD';
mysql> FLUSH privileges;
mysql> \q
Let's find the Cacti SQL file to pass into the DB.
#rpm -ql cacti | grep cacti.sql
Output:
#/usr/share/doc/cacti-1.1.16/cacti.sql
#mysql -u cacti -p --database=cacti < /usr/share/doc/cacti-1.1.16/cacti.sql
If you get the error: ERROR 1046 (3D000) at line 12: No database selected
fix : just add --database=cacti in your call.
Configure the new cacti
Backup and Open /etc/cacti/db.php file, enter:
# cp /etc/cacti/db.php /etc/cacti/db.org
# nano /etc/cacti/db.php
Default:
$database_type = 'mysql';
$database_default = 'cacti';
$database_hostname = 'localhost';
$database_username = 'cacti';
$database_password = 'NEWPASSWORD';
$database_port = '3306';
$database_ssl = false;
Config The webserver.
Open /etc/httpd/conf.d/cacti.conf file, enter:
# nano /etc/httpd/conf.d/cacti.conf
<Directory /usr/share/cacti/>
Order Deny,Allow
Deny from all
Allow from x.x.x.x/x (your client IP range)
</Directory>
Another option is create /usr/share/cacti/.htaccess file and password protect the directory.
To pull data from our unit we need to change the crontab. Just remove #
#cat /etc/cron.d/cacti
*/5 * * * * cacti /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1
Now cacti is ready to install. Try with a webbrowser and type the url:
http://monitor-domaine/cacti/
OR
http://x.x.x.x/cacti/
NOTE!
The default username and password for cacti is admin / admin. Upon first login, you will be force to change the default password.
Error : Forbidden
You don't have permission to access /cacti/ on this server.
fix : Did you do the /cacti/.htaccess or the conf.d/cacti.conf ?
ERROR: Your Cacti database login account does not have access to the MySQL TimeZone database. Please provide the Cacti database account "select" access to the "time_zone_name" table in the "mysql" database, and populate MySQL's TimeZone information before proceeding.
Discussed on the forum here: http://forums.cacti.net/viewtopic.php?f=2&t=56815
fix
#mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p --database=mysql
#Enter password: Enter : NEWPASSWORD
#GRANT SELECT ON mysql. time_zone_name TO 'cacti'@'localhost' IDENTIFIED BY 'NEWPASSWORD';
Next asking the NAS.... You need to enable SNMP before!
info: http://docs.qnap.com/nas/4.2/SMB/en/index.html?snmp_settings.htm
https://exchange.nagios.org/directory/Plugins/Network-Connections%2C-Stats-and-Bandwidth/Check-QNAP-Disk/details
Plz : Test it with snmpwalk ;-) To install it : yum -y install net-snmp net-snmp-utils
SNMP for QNAP Turbo NAS TS-869 Pro:
#$IP is QNAP NAS IP-address
#system CPU usage
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.1.0
#system total memory
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.2.0
#system free memory
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.3.0
#Uptime of network portion of system
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.4.0
#System uptime - fraction longer
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.2.1.25.1.1.0
#System temp
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.6.0
I like nmap and snmpwalk before I do a setup for a client.
yum -y install net-snmp net-snmp-utils nmap
#nmap 1x.x.x.0/24 > scan.txt (You are looking for UDP port 161 (snmp) - so use UDP scan!! )
#cat scan.txt |more
#nmap -sU -p 161 --script=snmp-interfaces 1x.x.x.1 (Looking at the gateway)
Starting Nmap x.xx ( http://nmap.org ) at xxxxxxxxxxxxx CEST
Nmap scan report for gateway (1x.x.x.x.x)
Host is up (0.00013s latency).
PORT STATE SERVICE
161/udp open snmp
| snmp-interfaces:
| pflog0
| Type: ifPwType Speed: 0 Kbps
| Status: up
| Traffic stats: 2456.21 Mb sent, 0.00 Kb received
| pfsync0
| Type: ilan Speed: 0 Kbps
| Status: up
| Traffic stats: 230.30 Kb sent, 0.00 Kb received
More info about ports: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Why not use Cacti ? More info : https://www.cacti.net/
"Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with thousands of devices."
Here I use CentOS 7.x:
#yum install mysql-server mysql php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli php-snmp php-pear-Net-SMTP php-mysql httpd net-snmp-utils php-snmp net-snmp-libs cacti nano mc
NOTE!!!! It will install MariaDB....
To start MariaDB:
#systemctl enable mariadb
#systemctl start mariadb
#systemctl status mariadb
#mysqladmin -u root password NEWPASSWORD
-You can make a password on : http://passwordsgenerator.net/
and replace NEWPASSWORD.
Create a user called cacti with a password called NEWPASSWORD, enter:
#mysql -u root -p
#Enter password: Enter : NEWPASSWORD
FAQ:
Q: Why not just do : mysql -u root -p [somepassword] ?
A: What happens if I do : history |grep mysql
A: I got the mysql root password in the lists...
Error : ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
fix : mysqladmin -u root password NEWPASSWORD
mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'NEWPASSWORD';
mysql> FLUSH privileges;
mysql> \q
Let's find the Cacti SQL file to pass into the DB.
#rpm -ql cacti | grep cacti.sql
Output:
#/usr/share/doc/cacti-1.1.16/cacti.sql
#mysql -u cacti -p --database=cacti < /usr/share/doc/cacti-1.1.16/cacti.sql
If you get the error: ERROR 1046 (3D000) at line 12: No database selected
fix : just add --database=cacti in your call.
Configure the new cacti
Backup and Open /etc/cacti/db.php file, enter:
# cp /etc/cacti/db.php /etc/cacti/db.org
# nano /etc/cacti/db.php
Default:
$database_type = 'mysql';
$database_default = 'cacti';
$database_hostname = 'localhost';
$database_username = 'cacti';
$database_password = 'NEWPASSWORD';
$database_port = '3306';
$database_ssl = false;
Config The webserver.
Open /etc/httpd/conf.d/cacti.conf file, enter:
# nano /etc/httpd/conf.d/cacti.conf
##
Alias /cacti /usr/share/cacti<Directory /usr/share/cacti/>
Order Deny,Allow
Deny from all
Allow from x.x.x.x/x (your client IP range)
</Directory>
Another option is create /usr/share/cacti/.htaccess file and password protect the directory.
Now restart your webserver....
# service httpd restart
Redirecting to /bin/systemctl restart httpd.service
To pull data from our unit we need to change the crontab. Just remove #
#cat /etc/cron.d/cacti
*/5 * * * * cacti /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1
Now cacti is ready to install. Try with a webbrowser and type the url:
http://monitor-domaine/cacti/
OR
http://x.x.x.x/cacti/
NOTE!
The default username and password for cacti is admin / admin. Upon first login, you will be force to change the default password.
You don't have permission to access /cacti/ on this server.
fix : Did you do the /cacti/.htaccess or the conf.d/cacti.conf ?
ERROR: Your Cacti database login account does not have access to the MySQL TimeZone database. Please provide the Cacti database account "select" access to the "time_zone_name" table in the "mysql" database, and populate MySQL's TimeZone information before proceeding.
Discussed on the forum here: http://forums.cacti.net/viewtopic.php?f=2&t=56815
fix
#mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p --database=mysql
#Enter password: Enter : NEWPASSWORD
#GRANT SELECT ON mysql. time_zone_name TO 'cacti'@'localhost' IDENTIFIED BY 'NEWPASSWORD';
Next asking the NAS.... You need to enable SNMP before!
info: http://docs.qnap.com/nas/4.2/SMB/en/index.html?snmp_settings.htm
https://exchange.nagios.org/directory/Plugins/Network-Connections%2C-Stats-and-Bandwidth/Check-QNAP-Disk/details
Plz : Test it with snmpwalk ;-) To install it : yum -y install net-snmp net-snmp-utils
SNMP for QNAP Turbo NAS TS-869 Pro:
#$IP is QNAP NAS IP-address
#system CPU usage
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.1.0
#system total memory
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.2.0
#system free memory
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.3.0
#Uptime of network portion of system
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.4.0
#System uptime - fraction longer
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.2.1.25.1.1.0
#System temp
snmpget -v 2c -c public -O qv 1x.x.x.x 1.3.6.1.4.1.24681.1.2.6.0
Output :
"0.60 %"
"1985.2 MB"
"2640.4 MB"
49:1:57:15.36
49:1:57:15.38
"44 C/111 F"
onsdag den 2. august 2017
Join us on September 11 -2017 @ Red Hat Forum in Copenhagen
Driving innovation in your digital world
Red Hat Forum in Copenhagen is Denmark's number one premier conference for open innovation technologies. The event brings together senior executives, IT decision makers, customers, partners, developers to discuss cloud innovation, devops and containers.
Join us on September 11 to learn from leading Danish enterprises
as they share success stories of their digital journeys.
Other highlights include:
Keynotes & technical breakout sessions
Network with peers
Discuss open source projects
Meet with technical experts & innovators
Discover fundamental advances in cloud computing
The event is free of charge.
Resource : https://www.redhat.com/en/about/events/red-hat-forum-denmark-2017
Red Hat Forum Denmark 2017 Event
Locations Copenhagen, Denmark
September 11, 2017Copenhagen, Denmark
Tivoli Congress Center
Security Patches and Updates Automatically on CentOS
run:
yum update -y && yum install yum-cron -y
Note! When your are done edit the file run :
systemctl start yum-cron.service
systemctl enable yum-cron.service
systemctl status yum-cron.service
Once the installation is complete, open /etc/yum/yum-cron.conf and locate what you want on your server.
My File :
[commands]
# What kind of update to use:
# default = yum upgrade
# security = yum --security upgrade
# security-severity:Critical = yum --sec-severity=Critical upgrade
# minimal = yum --bugfix update-minimal
# minimal-security = yum --security update-minimal
# minimal-security-severity:Critical = --sec-severity=Critical update-minimal
update_cmd = default
# Whether a message should be emitted when updates are available,
# were downloaded, or applied.
update_messages = yes
# Whether updates should be downloaded when they are available.
download_updates = yes
[groups]
# NOTE: This only works when group_command != objects, which is now the default
# List of groups to update
group_list = None
# The types of group packages to install
group_package_types = mandatory, default
[base]
# This section overrides yum.conf
# Use this to filter Yum core messages
# -4: critical
# -3: critical+errors
# -2: critical+errors+warnings (default)
debuglevel = -2
# skip_broken = True
mdpolicy = group:main
yum update -y && yum install yum-cron -y
Note! When your are done edit the file run :
systemctl start yum-cron.service
systemctl enable yum-cron.service
systemctl status yum-cron.service
My File :
[commands]
# What kind of update to use:
# default = yum upgrade
# security = yum --security upgrade
# security-severity:Critical = yum --sec-severity=Critical upgrade
# minimal = yum --bugfix update-minimal
# minimal-security = yum --security update-minimal
# minimal-security-severity:Critical = --sec-severity=Critical update-minimal
update_cmd = default
# Whether a message should be emitted when updates are available,
# were downloaded, or applied.
update_messages = yes
# Whether updates should be downloaded when they are available.
download_updates = yes
# Whether a message should be emitted when updates are available,
# were downloaded, or applied.
update_messages = yes
# Whether updates should be downloaded when they are available.
download_updates = yes
# Whether updates should be applied when they are available. Note
# that download_updates must also be yes for the update to be applied.
apply_updates = no
# Maximum amout of time to randomly sleep, in minutes. The program
# will sleep for a random amount of time between 0 and random_sleep
# minutes before running. This is useful for e.g. staggering the
# times that multiple systems will access update servers. If
# random_sleep is 0 or negative, the program will run immediately.
# 6*60 = 360
random_sleep = 360
[emitters]
# Name to use for this system in messages that are emitted. If
# system_name is None, the hostname will be used.
system_name = None
# How to send messages. Valid options are stdio and email. If
# emit_via includes stdio, messages will be sent to stdout; this is useful
# to have cron send the messages. If emit_via includes email, this
# program will send email itself according to the configured options.
# If emit_via is None or left blank, no messages will be sent.
emit_via = stdio
# The width, in characters, that messages that are emitted should be
# formatted to.
output_width = 80
[email]
# The address to send email messages from.
# NOTE: 'localhost' will be replaced with the value of system_name.
## Forward your root to your mail ;-)
email_from = root@localhost
# List of addresses to send messages to.
email_to = root
# Name of the host to connect to to send email messages.
email_host = localhost
# NOTE: This only works when group_command != objects, which is now the default
# List of groups to update
group_list = None
# The types of group packages to install
group_package_types = mandatory, default
[base]
# This section overrides yum.conf
# Use this to filter Yum core messages
# -4: critical
# -3: critical+errors
# -2: critical+errors+warnings (default)
debuglevel = -2
# skip_broken = True
mdpolicy = group:main
# NOTE: This only works when group_command != objects, which is now the default
# List of groups to update
group_list = None
# The types of group packages to install
group_package_types = mandatory, default
[base]
# This section overrides yum.conf
# Use this to filter Yum core messages
# -4: critical
# -3: critical+errors
# -2: critical+errors+warnings (default)
debuglevel = -2
# skip_broken = True
mdpolicy = group:main
# Uncomment to auto-import new gpg keys (dangerous)
Abonner på:
Opslag (Atom)