Centos 6.5 – Create a 389 Directory Server replication

These instructions show how to setup a Master – Slave replication with your 389 Server. This setup takes into account that self signed SSL certificates are being used. The slave server cannot update the master server.

Step 1) Install 389 on your slave server.

Install the EPEL/REMI repos by following these instructions 

Step 2) Prepare your server for the 389 Directory Service

vi /etc/hosts
10.0.0.15       ldap1.sfentona.lol      ldap1
vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9830 -j ACCEPT
vi /etc/sysctl.conf
net.ipv4.tcp_keepalive_time = 300
net.ipv4.ip_local_port_range = 1024 65000
fs.file-max = 64000
 vi /etc/security/limits.conf
*               soft     nofile          8192   
*               hard     nofile          8192

Continue reading

Share Button

Centos 6.5 – Nagios 4.0.7 – How to monitor a remote server via NRPE

The following instructions assume that Nagios was installed from source. With an RPM install the locations of some files may be different. However the overall principal is the same.

In Nagios you can monitor a remote server by either ding a check on the remote server by not invoking any internal command with in it or by monitoring a remote server by actually having the Nagios server invoke a command on the remote server. An example would be a simple PING check versus if a service is running on the remote server. The Ping check can be done from the Nagios server with out having to call any commands on the remote server. However, in order to check if a process is still up and running you would have to setup the remote server to do that specif check.

In order for the second type of check to be completed NRPE will used. NRPE is a utility which allows you to execute remote commands on the remote server you are monitoring. NRPE service will need to be installed on the Nagios server and on the remote server we are monitoring. When we want to do a remote check on a remote server we will have to call upon NRPE from the Nagios server.

An example of setting up the CHECK_DISK plugin.  This plugin checks the disk space on the remote server we are monitoring.

Continue reading

Share Button

Notes about Routing protocols, IP, Layers and so on.

PDU – Protocol Data Unit. Each layer adds its own PDU for encapsulation.

Application layerData PDU (data)

Transport layerSegment PDU (port etc)

Internetwork layerPacket (IP addy)

Network Access layerFrame (MAC addy)

———————————————————–

Application layer = Contains data.DNS, SMTP, SQL, LDAP.

Presentation layer  =  Contains data format info

Session layer = Syncs web/voice sessions

Transport layer = Defines and numbers data segments,reassembles data.

Network layer = Creates packets which are able to move between different networks. The frame is decapsulated in order to read the host destination address. This is how the path is determined between different networks. Once the route is determined the packet is encapsulated again to a frame.

Data Link  = Creates frames/bits. Is concerned with the delivery of messages on a single network by using the MAC.

Continue reading

Share Button

DNS – An example of a query by examining wireshark.

The following is an example of a DNS query done by a workstation in a LAN. The query is directed to the DNS of that LAN and the DNS if it cannot find a record for a specific query will go and reach DNS on the Internet in order to fetch this information. In this example the setup is as follows:

– Workstation with IP 10.0.0.2

– DNS with IP 10.0.0.6

 

A DNS query from the Desktop is made.
The workstation is using as a DNS server the local DNS with IP 10.0.0.6

Capture

 

Capture

 

 

 

 

Continue reading

Share Button

CentOS 6.5 – NGINX – Reverse SSL proxy for Apache

These instructions show how you can setup nginx as a reverse proxy for apache. In other words when somebody is visiting the web server, it will hit the NGINX server on the front end which uses SSL. Then the NGINX server will forward that request to the apache web server. The apache web server will server the web content to the NGINX server and in turn the NGINX server will serve the content to the visitor. This creates an layer of isolation which protects the actual apache web server. The apache web server is not directly exposed to the outside world.

SSL-REVERSE-PROXY

 

 

 

 

 

 

There are several steps involved in configuring this kind of setup. In summary these are the steps needed.
– Configure NGINX to use SSL by generating a SSL certificate request and singing it.
– Configure NGINX to use a virtual host.
– Configure NGINX to forward the requests to the apache server.
– Configure Apache to listen to the requests of NGINX.

Continue reading

Share Button

Centos 6.5 – NGINX how to setup virtual hosts.

These instructions show how to create virtual directories in NGINX. The virtual site we will use here as an example is “mysite.lol”. In summary the following steps will be executed to achieve virtual hosts in nginx.
– Create the directory for our virtual site under /srv/www. Each site will have it’s own “public_html” directory; for example, “/srv/www/mysite.lol/public_html”. We will also create the directories for the log files.
– Create the directories for available and enabled virtual hosts. Also create a soft link to link the “available” site to our enabled directory.
– Edit the “/etc/nginx/nginx.conf” config file.
– Define the virtual host under the /etc/nginx/sites-available.
– Create content for our mysite.lol (a simple index.html) file.
Continue reading

Share Button

Centos 6.5 – 389 Directory Server and SSL

The LDAP protocol does not use encryption by default. As a result all the information LDAP generates on the wire can be easily read if captured by a sniffer. However, you can use SSL in order to encrypt that data. In this example I am using a server by it self as my Certificate Authority (CA) in order to generate a certificate. Below are the steps in order to generate a certificate and install it on the 389 Directory Server. Continue reading

Share Button

Centos 6.5 – Install and Setup 389 Directory Server

The 389 Directory Service is the open source version of the Directory Service that comes with Red Hat. This post shows how to install and do the initial setup on the server and on the client in order to start using a LDAP environment. You will have to have at least 1GB of RAM.
Continue reading

Share Button

Centos 6.5 – Setup Virtual hosts and use SSL – httpd 2.2.15

How to setup virtual hosts in Apache and how to setup SSL. In this example a test web site is created called “mysite.lol”. Each virtual site has its own config file where the virtual host is define and its own directory. In addition to this, we will generate a certificate and also signed it our selves. The virtual hosts will be using SSL on port 443.
Continue reading

Share Button

Centos 6.5 – Install and setup CACTI

This how to shows how to install and setup CACTI. CACTI is a monitoring tool that displays trends in the form of graphics. It can display trends for network, CPU, memory, disk activity.

Step 1) Install required packages. -Install apache, php, mysql, snmp

yum install  httpd httpd-devel  mysql mysql-server  php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli php-mysql  php-snmp net-snmp-utils p net-snmp-libs php-pear-Net-SMTP rrdtool

– Install EPEL repo in order to install CACTI

wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
yum install cacti

Step 2) Configure MySQL database. -Setup Password, create/import the CACTI database tables

– Setup password on MySQL database

mysqladmin -u root password Enter_Your_Password_Here

– Create the CACTI database and user.

mysql -u root -p
mysql> create database cacti;
mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'your-password-here';
mysql> FLUSH privileges;
mysql> quit;

– Import the CACTI tables to your newly create database.

mysql -u cacti -p cacti < /usr/share/doc/cacti-0.8.8a/cacti.sql

Step 3) Prepare Apache for the CACTI installation. -Edit the following file and enter the lines below. Your network will be different.

vi /etc/httpd/conf.d/cacti.conf
Alias /cacti    /usr/share/cacti
 

        Order Deny,Allow
        Deny from all
        Allow from 10.0.0.0/26
service httpd restart

Step 4) Setup SNMP on the CACTI server and on your client.

- On the server and on the client clear the file of the current settings and enter the following lines. Pay attention to the "community" parameter. I called mine "mylan".

# A user 'myUser' is being defined with the community string 'myCommunity' and source network 10.0.0.0/26
com2sec myUser 10.0.0.0/26 mylan

# myUser is added into the group 'myGroup' and the permission of the group is defined
group    myGroup    v1        myUser
group    myGroup    v2c        myUser
view all included .1
access myGroup    ""    any    noauth     exact    all    all    none
service snmpd restart

Step 5) Start the CACTI installation. - Enable cronjobs and start the web based installation.

- Enable the following cronjob under root.

vi /etc/cron.d/cacti
*/5 * * * *    cacti   /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

Step 5) Run the web installer of CACTI.

Point your browser to your cacti server. In my case will be http://10.0.0.14/cacti

- Select New Install
- The following page will do a check for binaries/libraries it requires. Make sure everything comes back as green.
- Enter the default username/password. The default login is admin and the default password is admin. You will be prompted to change your password.

Step 6) Add a remote server to monitor.

- Select the "Devices" link and press Select "Add"
Below is a sample of my setup.

Capture

- Define types of queries you want CACTI to perform on your remote server.Add the following items and then select "Create new Graph for this host
Capture

Share Button