A note to visitors

This web site is used for me to store information/skills I acquire in order to retain it.  These instructions are not meant for productions environments. They serve as a mere blueprint on how to do certain things.

Thank you.

Share Button

Centos 6.5 – Create a 389 Directory Server replication

These instructions show how to setup a Master – Slave replication with your 389 Server. This setup takes into account that self signed SSL certificates are being used. The slave server cannot update the master server.

Step 1) Install 389 on your slave server.

Install the EPEL/REMI repos by following these instructions 

Step 2) Prepare your server for the 389 Directory Service

vi /etc/hosts
10.0.0.15       ldap1.sfentona.lol      ldap1
vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9830 -j ACCEPT
vi /etc/sysctl.conf
net.ipv4.tcp_keepalive_time = 300
net.ipv4.ip_local_port_range = 1024 65000
fs.file-max = 64000
 vi /etc/security/limits.conf
*               soft     nofile          8192   
*               hard     nofile          8192

Continue reading

Share Button

Centos 6.5 – Nagios 4.0.7 – How to monitor a remote server via NRPE

The following instructions assume that Nagios was installed from source. With an RPM install the locations of some files may be different. However the overall principal is the same.

In Nagios you can monitor a remote server by either ding a check on the remote server by not invoking any internal command with in it or by monitoring a remote server by actually having the Nagios server invoke a command on the remote server. An example would be a simple PING check versus if a service is running on the remote server. The Ping check can be done from the Nagios server with out having to call any commands on the remote server. However, in order to check if a process is still up and running you would have to setup the remote server to do that specif check.

In order for the second type of check to be completed NRPE will used. NRPE is a utility which allows you to execute remote commands on the remote server you are monitoring. NRPE service will need to be installed on the Nagios server and on the remote server we are monitoring. When we want to do a remote check on a remote server we will have to call upon NRPE from the Nagios server.

An example of setting up the CHECK_DISK plugin.  This plugin checks the disk space on the remote server we are monitoring.

Continue reading

Share Button

Centos 6.5 – 389 Directory Server and SSL

The LDAP protocol does not use encryption by default. As a result all the information LDAP generates on the wire can be easily read if captured by a sniffer. However, you can use SSL in order to encrypt that data. In this example I am using a server by it self as my Certificate Authority (CA) in order to generate a certificate. Below are the steps in order to generate a certificate and install it on the 389 Directory Server. Continue reading

Share Button

Centos 6.5 – Install and Setup 389 Directory Server

The 389 Directory Service is the open source version of the Directory Service that comes with Red Hat. This post shows how to install and do the initial setup on the server and on the client in order to start using a LDAP environment. You will have to have at least 1GB of RAM.
Continue reading

Share Button

Centos 6.5 – Install and setup CACTI

This how to shows how to install and setup CACTI. CACTI is a monitoring tool that displays trends in the form of graphics. It can display trends for network, CPU, memory, disk activity.

Step 1) Install required packages. -Install apache, php, mysql, snmp

yum install  httpd httpd-devel  mysql mysql-server  php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli php-mysql  php-snmp net-snmp-utils p net-snmp-libs php-pear-Net-SMTP rrdtool

– Install EPEL repo in order to install CACTI

wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
yum install cacti

Step 2) Configure MySQL database. -Setup Password, create/import the CACTI database tables

– Setup password on MySQL database

mysqladmin -u root password Enter_Your_Password_Here

– Create the CACTI database and user.

mysql -u root -p
mysql> create database cacti;
mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'your-password-here';
mysql> FLUSH privileges;
mysql> quit;

– Import the CACTI tables to your newly create database.

mysql -u cacti -p cacti < /usr/share/doc/cacti-0.8.8a/cacti.sql

Step 3) Prepare Apache for the CACTI installation. -Edit the following file and enter the lines below. Your network will be different.

vi /etc/httpd/conf.d/cacti.conf
Alias /cacti    /usr/share/cacti
 

        Order Deny,Allow
        Deny from all
        Allow from 10.0.0.0/26
service httpd restart

Step 4) Setup SNMP on the CACTI server and on your client.

- On the server and on the client clear the file of the current settings and enter the following lines. Pay attention to the "community" parameter. I called mine "mylan".

# A user 'myUser' is being defined with the community string 'myCommunity' and source network 10.0.0.0/26
com2sec myUser 10.0.0.0/26 mylan

# myUser is added into the group 'myGroup' and the permission of the group is defined
group    myGroup    v1        myUser
group    myGroup    v2c        myUser
view all included .1
access myGroup    ""    any    noauth     exact    all    all    none
service snmpd restart

Step 5) Start the CACTI installation. - Enable cronjobs and start the web based installation.

- Enable the following cronjob under root.

vi /etc/cron.d/cacti
*/5 * * * *    cacti   /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

Step 5) Run the web installer of CACTI.

Point your browser to your cacti server. In my case will be http://10.0.0.14/cacti

- Select New Install
- The following page will do a check for binaries/libraries it requires. Make sure everything comes back as green.
- Enter the default username/password. The default login is admin and the default password is admin. You will be prompted to change your password.

Step 6) Add a remote server to monitor.

- Select the "Devices" link and press Select "Add"
Below is a sample of my setup.

Capture

- Define types of queries you want CACTI to perform on your remote server.Add the following items and then select "Create new Graph for this host
Capture

Share Button

Nagios Core – How inheritance works in Nagios. A basic example.

The material below just illustrates the logic behind adding a remote host for monitoring under Nagios. It does not do a step by step account on how to add a remote host. Reason being is because one must understand the basic logic behind these configuration files. If the logic is not grasped then big miss configurations are bound to happen.

There are several configuration files that need consideration. If you have performed a manual install of NAGIOS Core the configuration files will reside under /usr/local/nagios/etc/

The main configuration file for Nagios is /usr/local/nagios/etc/nagios.cfg Under that file the location of the OBJECT Configuration files is defined. Below is the default structure of these configuration files.

# OBJECT CONFIGURATION FILE(S)
cfg_file=/usr/local/nagios/etc/objects/templates.cfg
cfg_file=/usr/local/nagios/etc/objects/contacts.cfg
cfg_file=/usr/local/nagios/etc/objects/commands.cfg
cfg_file=/usr/local/nagios/etc/objects/timeperiods.cfg
cfg_file=/usr/local/nagios/etc/objects/localhost.cfg
cfg_file=/usr/local/nagios/etc/objects/windows.cfg
cfg_file=/usr/local/nagios/etc/objects/switch.cfg
cfg_file=/usr/local/nagios/etc/objects/printer.cfg

Continue reading

Share Button

NAGIOS – How to do a WHOIS and SSL expiration check

Two plugins will be installed in order to do the WHOIS and SSL expiration checks. The directories of interest for NAGIOS for this case are:

Plugin Config files
/usr/local/nagios/etc/objects/
|–commands.cfg (This is where we do the definition for the service)
|–localhost.cfg (This is where we will define the thresholds)

Plugin files location
/usr/local/nagios/libexec/
|–nagios-check-crt.sh (The script that will check the SSL expirations)
|–nagios-check-dns-exp.tcl (The script that will check the WHOIS expiration)

 

Continue reading

Share Button

NAGIOS – How to setup Nagios v4 from source on Centos 6.5

The following commands will install all the required packcages to have NAGIOS up and running. Make sure to install the latest package of NAGIOS. In the “wget” command enter the latest release.

 

yum install -y httpd php gcc glibc glibc-common gd gd-devel make net-snmp
useradd nagios
groupadd nagcmd
usermod -G nagcmd nagios
usermod -G nagcmd apache
mkdir /root/nagios
cd /root/nagios
wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-X.X.X.tar.gz
wget https://www.nagios-plugins.org/download/nagios-plugins-X.X.tar.gz
tar –xvf nagios-X.X.X.tar.gz
tar –xvf nagios-plugins-X.X.tar.gz
cd nagios-X.X.X
./configure --with-command-group=nagcmd
make all
make install
make install-init
make install-commandmode
make install-config
make install-webconf
htpasswd -s -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
service httpd start
cd /root/nagios
cd nagios-plugins-X.X
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
chkconfig --add nagios
chkconfig --level 35 nagios on
chkconfig --add httpd
chkconfig --level 35 httpd on
service nagios start 
Share Button