Tuesday, January 31, 2006

Connecting to a remote linux system which does not have a Static IP

My Scenario

I have a System at home with a Linux Running on it.
I do not have a Public IP assigned by my Internet Service Provider.

The home IP is 10.10.X.X


But my Work Place has a Public IP on their Linux Systems
202.X.X.X to which I have Access.

Now I want to access my Home Linux System from Work.


This is Possible using Reverse SSH.

Step 1
I do the following at home :

#ssh -R 2048:localhost:22 202.x.x.x

It will prompt you for password of the Work System which
has a Public IP(202.x.x.x), give the password and login

Once you have looged in to Work(202.x.x.x),Follow Step 2:

Step 2
Work System (202.X.X.X) I give,

#ssh -p 2048 localhost

This will connect to my home system from work.

Now I need to give the password for my home system.


By using a reverse tunnel, I maintain all of the control on the
home system from my work place.


Monday, January 30, 2006

Linux - Tune your IDE Hard Disk

hdparm is a tool for altering various parameters associated with IDE drives. This involves things like the block prefetch, the DMA/PIO modes, and a number of other things.

hdparm --help

shows a list of all available options. To get more information about your hard disk, run

hdparm -i /dev/hda

This will look like:

/dev/hda:

Model=ST94019A, FwRev=5.11, SerialNo=3KW5V2FK
Config={ HardSect NotMFM HdSw>15uSec Fixed DTR>10Mbs RotSpdTol>.5% }
RawCHS=16383/16/63, TrkSize=0, SectSize=0, ECCbytes=4
BuffType=unknown, BuffSize=2048kB, MaxMultSect=16, MultSect=16
CurCHS=16383/16/63, CurSects=16514064, LBA=yes, LBAsects=78140160
IORDY=on/off, tPIO={min:240,w/IORDY:120}, tDMA={min:120,rec:120}
PIO modes: pio0 pio1 pio2 pio3 pio4
DMA modes: mdma0 mdma1 mdma2
UDMA modes: udma0 udma1 udma2 udma3 udma4 *udma5
AdvancedPM=yes: unknown setting WriteCache=enabled
Drive conforms to: ATA/ATAPI-6 T13 1410D revision 2:

* signifies the current active mode

To see how fast your hard disk currently is execute

hdparm -tT /dev/hda

Output:

/dev/hda:
Timing buffer-cache reads: 1496 MB in 2.00 seconds = 748.00 MB/sec
Timing buffered disk reads: 62 MB in 3.23 seconds = 19.20 MB/sec
[root@mybox jabber]#

Now you can run

hdparm -c1 -d1 -X 66 /dev/hda ---- (I choose 90, instead of 60)

to tune your hard disk. The X flag stands for the transfer mode (PIO: 8; DMA: 32; U-DMA: 64) + the number of the mode (2 for udma2: 64 + 2 = 66).

Now run

hdparm -tT /dev/hda

again, and if you're lucky, your hard disk should have become "faster".

Now My output is :

[root@mybox jabber]# hdparm -tT /dev/hda

/dev/hda:
Timing buffer-cache reads: 1516 MB in 2.00 seconds = 758.00 MB/sec
Timing buffered disk reads: 76 MB in 3.00 seconds = 25.33 MB/sec
[root@mybox jabber]#

You can see difference in performance now.


TO verify that DMA in enabled for your Harddisk :

[root@localhost ~]# hdparm -d /dev/hda

/dev/hda:
using_dma = 1 (on)


If DMA is not enabled, enable it by issuing the following command:
hdparm –d 1 /dev/hda

To verify 32 bit Transfers are enabled :
[root@localhost ~]# hdparm -c /dev/hda

/dev/hda:
IO_support = 0 (default 16-bit)

To Enable 32 bit Transfers :

[root@localhost ~]# hdparm -c 1 /dev/hda

/dev/hda:
setting 32-bit IO_support flag to 1
IO_support = 1 (32-bit)

Disk Read Test :

[root@localhost ~]# hdparm -T -t /dev/hda

/dev/hda:
Timing cached reads: 1816 MB in 2.00 seconds = 906.78 MB/sec
Timing buffered disk reads: 42 MB in 3.14 seconds = 13.38 MB/sec
[root@localhost ~]#


Note : 1 - To Enable , 0 - To Disable

Mailman - Faq

Learn more about Mailman Features and Installation

Where can I view all the Public Mailing List

available with Mailman ?
- http://mybox.sriram.com/mailman/listinfo

How can one Subscribe, Unsubscribe or login to Subscribers list ?
- http://mybox.sriram.com/mailman/listinfo/list-name

list-name=name of the list to which you want to subscribe

Once you Subscribe you will get a mail to the mail Id you have
mentioned in the Subscription details :

You will have to click the link in mail and Subscribe.


How does a Admin Create and Manage the Mailing list

General Admin Login:
- http://mybox.sriram.com/mailman/admin

Create a new List:
Web Based - http://mybox.sriram.com/mailman/create


Console -
#cd /usr/lib/mailman/bin
[root@mybox bin]# ./newlist mailman

enter the email of the person running the list: sriram@sriram.com
Initial mailman password:
Hit enter to notify mailman owner...


Manage a Particular list with admin login :
-http://mybox.sriram.com/mailman/admin/list-name

Points to note :

Make Sure your Mail Server settings are proper
that it is able to send and receive mails to internal
users you might want to subscribe.

Configuration file for setting up mail server with Mailman
#cat /usr/lib/mailman/Mailman/mm_cfg.py
Setting Up Mailman Administration Password
#cd /usr/lib/mailman/bin
[root@mybox bin]# ./mmsitepass
New site password:
Again to confirm password:
Password changed.















Installing Mailman

In the Previous Post I have explained Mailman.

Here I will go about Installing Mailman ---

Installing Mailman through source is pain in the neck.

Like you need to configure group, user , setuid etc ....

If you have no other work then you try that way.

I have installed this through RPM :

The Steps I followed were :

[root@mybox mailman]# urpmi mailman
To satisfy dependencies, the following packages are going to be installed (32 MB):
libpython2.3-2.3-3.1.92mdk.i586
mailman-2.1.2-9.4.92mdk.i586
python-2.3-3.1.92mdk.i586
python-base-2.3-3.1.92mdk.i586
Is this OK? (Y/n) Y
medium "contrib" uses an invalid list file:
mirror is probably not up-to-date, trying to use alternate method

ftp://ftp.is.co.za/mirror/mandrivalinux/old/updates/9.2/RPMS/
./libpython2.3-2.3-3.1.92mdk.i586.rpm
ftp://ftp.is.co.za/mirror/mandrivalinux/old/updates/9.2/RPMS/
./python-base-2.3-3.1.92mdk.i586.rpm
ftp://ftp.is.co.za/mirror/mandrivalinux/old/updates/9.2/RPMS/
./python-2.3-3.1.92mdk.i586.rpm
ftp://ftp.is.co.za/mirror/mandrivalinux/old/updates/9.2/RPMS/
./mailman-2.1.2-9.4.92mdk.i586.rpm
installing /var/cache/urpmi/rpms/python-2.3-3.1.92mdk.i586.rpm /var/cache/urpmi/rpms/python-base-2.3-3.1.92mdk.i586.rpm /var/cache/urpmi/rpms/libpython2.3-2.3-3.1.92mdk.i586.rpm /var/cache/urpmi/rpms/mailman-2.1.2-9.4.92mdk.i586.rpm
Preparing... ##################################################
1:libpython2.3 ##################################################
2:python-base ##################################################
3:python ##################################################
4:mailman ##################################################
Post-install compilation...
Reloading httpd2: [ OK ]

*****
* You must now "cd /usr/lib/mailman/; ./bin/mmsitepass" as root to set the
* site password to be used for administrating all Mailman data as necessary.
*****

*****
* You must also "cd /usr/lib/mailman/; su -c "./bin/newlist mailman" mail" as root to
* setup the base mailman maillist - answer the questions appropriately.
*****

*****
* You should then issue the command "service mailman start" as root to start the server.
*****

Setting Up Mailman Administration Password
#cd /usr/lib/mailman/bin
[root@mybox bin]# ./mmsitepass
New site password:
Again to confirm password:
Password changed.

Creating a New List
[root@mybox bin]# ./newlist mailman
Enter the email of the person running the list: sriram@sriram.com
Initial mailman password:
Hit enter to notify mailman owner...

Since I am using Postfix I added the aliases in /etc/postfix/aliases

mailman: "|/usr/lib/mailman/mail/mailman post mailman"
mailman-admin: "|/usr/lib/mailman/mail/mailman admin mailman"
mailman-bounces: "|/usr/lib/mailman/mail/mailman bounces mailman"
mailman-confirm: "|/usr/lib/mailman/mail/mailman confirm mailman"
mailman-join: "|/usr/lib/mailman/mail/mailman join mailman"
mailman-leave: "|/usr/lib/mailman/mail/mailman leave mailman"
mailman-owner: "|/usr/lib/mailman/mail/mailman owner mailman"
mailman-request: "|/usr/lib/mailman/mail/mailman request mailman"
mailman-subscribe: "|/usr/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe: "|/usr/lib/mailman/mail/mailman unsubscribe mailman"

Web Configuration - Add this to your httpd.conf file

ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/

AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all


Alias /pipermail/ /usr/lib/mailman/Mailman/Archiver/

Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all

Restart Web Server

[root@mybox conf]# /etc/rc.d/init.d/httpd restart
Shutting down httpd2: [ OK ]
Starting httpd2: [ OK ]
[root@mybox conf]#

[root@mybox conf]# cd /usr/lib/mailman/cron
[root@mybox cron]# crontab -u mailman crontab.in


This Lines were already Mentioned in my file I did not
make any changes

Configuration File for Mailman

#cat /usr/lib/mailman/Mailman/mm_cfg.py

# Put YOUR site-specific settings below this line.
DEFAULT_EMAIL_HOST = 'mybox.sriram.com'
DEFAULT_URL_HOST = 'mybox.sriram.com'
add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST)
MTA = 'Postfix'

Now start Mailman Services
/etc/rc.d/init.d/mailman start

Uses a daemon, qrunner, which must be started: (as root)

Url For Administration
http://localhost/mailman/admin/

Url for the list that you created (eg I created mailman above)

To visit the list :

http://localhost/mailman/listinfo/
http://localhost/mailman/listinfo/mailman

I will add FAQ's soon

Sunday, January 29, 2006

Mailman - The Mailing List Manager

There are lots of mailing list available but Mailman has got
some advanced features like :

- Web based interface for management of lists.

- A customizable home page for each mailing list.

- Better membership management, including searching

- Invitations

- Users can now change some of their delivery options globally, for all lists at a site, including their password, delivery status, real name, etc.

- Mailman will also save list emails for archive and viewing via the web. A full featured email web based interface is also provided for list members and list administrators.

- It allows to control who can send/post and who can not.

- Users can Subscribe / Unsubscribe through web based Interface.

- Content Filtering

- Auto Responder


What do you need for Configuring Mailman ?

Mailman is written in the Python programming language, with a little bit of C code for security.

You will need,

Gcc Compiler
Python installed (#which python)
Webserver ------------------------------- Preferably Apache
MailServer(MTA)------------------------Sendmail/Postfix/Exim/qmail etc ....

Here I will discuss :

- Part 1 - Installation of Mailman
- Part 2 - FAQ

Thursday, January 26, 2006

FreeBSD - Updating Ports

The FreeBSD ports collection offers a simple way for users and administrators to install applications. The ports made FreeBSD quite popular. Keeping ports up to date is an essential task.

(1) Install cvsup
If you never upgraded freebsd ports collection then first step is required; otherwise skip this step and goto step # 2

#pkg_add -r cvsup-without-gui
#mkdir /usr/ports

CVSup is a software package for distributing and updating collections of files (ports) across a network.

(2) Update ports collection/tree

#cvsup -L 2 -h cvsup9.FreeBSD.org /usr/share/examples/cvsup/ports-supfile
Above step will take some to fetch files and
it will update your ports collection.

Note if you got an error as follows:

"Rejected by server: Access limit exceeded; try again later
Will retry at 01:36:41"

Then replace cvsup9.FreeBSD.org with cvs8.freebsd.org, cvs7.freebsd.org etc. You are done.

Running the cvsup command later agian will download and apply all the recent changes to your Ports Collection, except actually rebuilding the ports for your own system. Next time you will see howto use the portupgrade utility to upgrade installed ports.

Update: You can use portsnap command. It is an alternative system for distributing the Ports Collection. It was first included in FreeBSD 6.0. Install portsnap as follows:

#mkdir /usr/ports
#pkg_add -r portsnap
#portsnap fetch
#portsnap extract
#portsnap update

Please Note Before Installing Ports enable Security Port Auditing to avoid any
Vulnerabilities :

A port called portaudit provides a system to check if installed ports are listed in a database of published security vulnerabilities. After installation it will update this security database automatically and include its reports in the output of the daily security run. If you get message like as follows

Vulnerability check disabled, database not found

Then you need enable this small port:

1)Install port auditing (login as root)
# cd /usr/ports/security/portaudit

2) Install portaudit:
# make install

3) Fetch the database so that port auditing get activated immediately. By default it install a shell script 'portaudit' in /usr/local/etc/periodic/security/:
# /usr/local/etc/periodic/security/*portaudit

4) portaudit script automatically get called via FreeBSD's periodic (cron job) facility. So your database get updated automatically eyerday.

5) Portaudit in action. Let us assum you would like to install port called sudo. If it has known vulnerabilities it will not install sudo:
# cd /usr/ports/security/sudo
# make install


Example

===>  sudo-1.6.8.7 has known vulnerabilities:
=> sudo -- local race condition vulnerability.
Reference: &tt;http://www.FreeBSD.org/ports/portaudit/3bf157fa-
e1c6-11d9-b875-0001020eed82.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/security/sudo.
#/usr/local/sbin/portaudit -Fda

This will list if any installed packages are affected.

Wednesday, January 25, 2006

Loading Kernel Modules in FreeBSD

Like Linux, the FreeBSD kernel supports the loading and unloading of modules. This allows an administrator to add or remove driver support without having to recompile the kernel or reboot the system. The possible modules are the files ending with the .ko extension in /boot/kernel.

To list the currently loaded modules:

root@freebsd# kldstat
Id Refs Address Size Name
1 7 0xc0400000 63070c kernel
2 16 0xc0a31000 568dc acpi.ko
3 1 0xc14de000 15000 linux.ko
root@freebsd#

If you're curious as to the meaning of each of the columns, see man 2 kldstat. Note that the usage and output is similar to Linux's lsmod command.

Linux also provides the insmod and rmmod commands to load and unload modules. The FreeBSD equivalents are kldload and kldunload.

For example, to load USB scanner support:

#kldload uscanner.ko

To remove it when you are finished

#kldunload uscanner.ko

Loading something that is already statically compiled into the kernel produces this error message:

root@freebsd# kldload acpi.ko
kldload: can't load acpi.ko: File exists

If you don't know what a module does, ask whatis. Suppose that I'm curious about the module if_pcn.ko. I won't include the .ko in my query. I also won't include the if_; it categorizes the module as an interface type. (Similarly, snd_ represents the sound category.) That leaves pcn, making this command:

root@freebsd# whatis pcn
pcn(4) - AMD PCnet/PCI Fast Ethernet device driver

I think my NIC might fall into that category. man 4 pcn gives the actual NIC models covered by this particular kernel module.

Check this for more info on Freebsd Basics.

Tuesday, January 24, 2006

Installing Perl Modules in FreeBSD

I needed the following modules to be installed

Digest::SHA1
Digest::HMAC

Net::DNS
Time::HiRes
HTML::Tagset
HTML::Parser

Pod::Usage
Parse::Syslog
Statistics::Distributions

There are 3 main ways of doing it

1. The old fashioned way (CPAN) - Go to http://www.cpan.org, download the needed module, read the "INSTALL" file and away you go.

2. Using the pkg_add utility - This is the best method because the pkg_add utility AUTOMATICALLY installs any dependencies that may be needed for these Perl modules to be installed. This saves lots of time and hassle.

As root, run the following commands:

pkg_add -r p5-Time-HiRes
pkg_add -r p5-Net-DNS
pkg_add -r p5-Digest-SHA1
pkg_add -r p5-Digest-HMAC
pkg_add -r p5-HTML-Tagset
pkg_add -r p5-HTML-Parser
pkg_add -r p5-Parse-Syslog
pkg_add -r p5-Pod-Parser
pkg_add -r p5-Statistics-Distributions

3. The easy way (The Ports Collection) - The Freebsd ports collection has made a lazy man out of me. They make all this crap so easy.

On my server, I found the needed ports in the following locations:

Time::HiRes - /usr/ports/devel/p5-Time-HiRes
Net::DNS - /usr/ports/dns/p5-Net-DNS
Digest::SHA1 - /usr/ports/security/p5-Digest-SHA1
Digest::HMAC - /usr/ports/security/p5-Digest-HMAC
HTML-Tagset - /usr/ports/www/p5-HTML-Tagset
HTML::Parser - /usr/ports/www/p5-HTML-Parser
Pod::Usage - /usr/ports/textproc/p5-PodParser
Parse::Syslog - /usr/ports/textproc/p5-Parse-Syslog
Statistics::Distributions - /usr/ports/math/p5-Statistics-Distributions

Simply cd into each packages directory as shown above and run: make install && make clean

Note: If you find that the directory "/usr/ports" does not exist, it means you don't have the ports collection. You can get the latest Freebsd ports tree at ftp://ftp.freebsd.org/pub/FreeBSD/ports/ports/ports.tar.gz (anonymous login)

Damn! Now wasn't that easy?

FreeBSD FAQ

I have FreeBSD installed and with it I had couple of issues.

Problem No. 1

When I installed apache using the ports

cd /usr/ports/www/apache21/

make install clean

It had also fetched tcpwrappers which I was not aware of.

When I tried connecting to it locally it wont allow me to connect it says

Connection refused

So I had to add this entry to /etc/hosts.allow

sshd :192.168.0.10: ALLOW

192.168.0.10 is the system from where I am connecting.

Note : By default freeBSD root access through ssh is disabled.

Also make sure your nameserver entries are properly configured in your freebsd.

/etc/resolv.conf

If its able to resolve to external domains.

After adding the above entry I am able to ssh from 192.168.0.10

Problem No. 2

Now its the turn of http... when I try to do a http://192.168.0.10

It says Connection refused ... this was wired since I was using http service for some time now with my freebsd and all was well with it.

The settings in

/usr/local/etc/apache2/httpd.conf

were fine this was Listenning to port 80 on FreeBSD lnc0

/usr/local/etc/rc.d/apache2.sh start

wont start either.

I could see netstat did not show http running.

I tried

/usr/local/sbin/httpd this worked but is not a proper way to start http

After searching forums and IRC, I have added

apache2_enable="YES"

to

/etc/rc.conf

I used apache2 since in rc.d its mentioned

/usr/local/etc/rc.d/apache2.sh


freebsd# /usr/local/etc/rc.d/apache2.sh start
Starting apache2.

Now the http service is working

Friday, January 20, 2006

Linux Gateway - Connecting External FTP Servers

This is written mainly for people who want to use ftp over a Linux Gateway System.

Setting up Linux as an Internet gateway is not difficult to do. A Linux gateway allows two or more computers to use internet at the same time.

While doing so, only the gateway's IP address will be visible on the Internet. The rest of the computers will be ``hidden'' behind the gateway. This is called IP masquerading.

There are certain things that may need your attention, and I will discuss them for
linux to be used as gateway.

First of all, you need a working TCP/IP network. I assume your network is up and running, and all your machines are able to ``see'' each other.

Let me explain my scenario :

Systems in my Network -

I have two systems linux and freebsd

Linux -

(Internet)eth0 ---- 10.33.16.220 /30 ----- Gw - 10.33.16.250
(Private)eth0:1 ---- 192.168.0.10/255.255.255.0

FreeBSD -

lnc0 - 192.168.0.30/255.255.255.0 ---GW-192.168.0.10

I Need to use the freebsd in my network to connect to Internet.

This is vey simple , what you do is add the gateway of linux to freebsd
and set the ip_forward flag to 1 in Linux and mention the DNS entries
/etc/resolv.conf in Freebsd.

In Linux (Gateway)

echo "1" > /proc/sys/net/ipv4/ip_forward

Make sure this is added to /etc/rc.local so that it is set during boot.

In Freebsd

I added the below lines in /etc/resolv.conf

nameserver 192.168.0.30
nameserver 202.x.x.x < ----- Provided by your ISP

Now this will ping and should resolve domain names.

For Eg. If you ping yahoo.com in your freebsd system it will resolve to the public IP. Now the Problems you will have is with things like ftp ... From freebsd system you wont be able to ftp to External IP's We will have to load a few kernel modules using

either insmod or modprobe:

For Kernel 2.4.x which uses IPtables

I used the kernel 2.4.22-21mdk-i686-up-4GB (Mandrake - Linux Gateway)

/sbin/insmod ip_conntrack_ftp

/sbin/insmod ip_nat_ftp

Next, enable Source Network Address Translation (SNAT) so that your client machines can use the Internet transparently

I used,

#iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE

This should enable you to use external ftp server over freebsd system.

I did not have the IPtables support in kernel, so I had to recompile

Here's what I did :

#cd /usr/src/linux-2.4.22-21mdk

#make xconfig

This Will List --- Linux Kernel Configuration

- Click Network Option

Next,

- IP:Netfilter Configuration

I Selected,
y
--for -->IP tables support (required for filtering/masq/NAt)

then I ran

#make dep
#make clean

If you have enabled loadable modules support in the kernel during configuring, then you have to now execute the commands

# make modules
# make modules_install

Loadable modules are installed in the /lib/modules directory

This Worked !!!

Now I am able to connect to external FTP Servers from freebsd.


Tuesday, January 17, 2006

Become Your Own Web Host in 75 Steps - Stephen Fluin.

One of the biggest issues involved with becoming a web publisher is the question of hosting. With an internet clogged with false hosting review sites, hosting companies trying to rip you off, and hosting companies run by 14 year olds, the majority of web publishers are at the mercy of random chance when it comes to finding a quality host. To solve this huge problem and to grant freedom to all, we have come up with 75 extremely specific steps that will get you up and running with a *nix box (running FreeBSD), along with the most recent versions of Apache, Perl, PHP, and MySQL.

Minimum Requirements:

To use this guide, you are going to need the following:

  • 1 burnable CD-R
  • A computer with at least a 4GB hard drive
  • A working ethernet card
  • A network that uses DHCP.

Overview:

Part I of this guide will guide you through the installation of the operating system

Part II will explain the installation of MySQL 5.0, Apache 2.0, and PHP 5.1.2.

Part I

1. Download the FreeBSD 6.0 Disc 1 from the internet (http://www.freebsd.org/where.html). If you are going to be running on what used to be a Windows machine, you probably have i386 architecture, so select that one. If you have a 64 bit processor (AMD makes several of these now, including the Opteron processor), select a 64 bit architecture.

2. Burn the FreeBSD “6.0-Release-i386-disc1.iso” to a disc.

3. Insert the Disk into the CD drive of the computer you want to turn into a server.

4. Start the machine.

A menu titled “sysinstall Main Menu”, this is the menu that will give you all of the installation options.

5. Use the arrows to select “Standard” and hit enter.

6. Hit OK to the message that pops up.

7. Hit Shift+A, and then Shift+Q.

8. Choose the “BootMgr” option.

Either the "bootmgr" or "standard boot manager" will work, but for simplicity we will go with the default option.

9. Hit OK to the message that pops up.

10 .Hit Shift+A and then Shift+Q

This will select the standard and most likely best setup of your hard drive.

11. Select option 8, “User”.

12. Hit “Yes” when you are prompted whether or not you want to install the FreeBSD ports collection.

The FreeBSD ports colection is a collection of thousands of open-source software programs that are extremely easy to install. We want this so that it is easy for us to install MySQL, Apache, and PHP.

13. Scroll back up to “Exit” now that we have selected a configuration set.

"Configuration set" is just the name for the settings and features of the operating system that we want.

14. Select option 1, “CD/DVD”.

You could also choose FTP at this step, but for reasons of speed, I recommend you just use the disk that we already have in the drive, since we already burned it. You may want to choose FTP if you burned the disk more than a couple months ago, and you want the absolute latest features of the operating system.

15. Select “Yes” if you are absolutely sure you are willing to sacrifice this machine to be a web server, and that you will never need any of the current contents of the hard drives again.

Hitting "Yes" is going to erase and reformat the entire hard-drive, so make sure that you actually want to do this before hitting it.

Approximately 15 minute wait.

FreeBSD has now been installed!

16. Hit OK to the installation message.

17. Yes, you would like to configure Ethernet or SLIP/PPP.

18. Select your Ethernet card (Mine is “3COM 3c90x / 3c90xB PCI Ethernet card”)

19. “No” do not try IPv6 configuration.

20. “Yes” try DHCP configuration.

This step is going to assume that your network automatically assigns DHCP addresses.

21. Enter one of the main domain names that will be hosted from this server (preferably the main one) in the “Host” box.

By one of the main domain names, I mean that if you are going to be hosting johndoespersonalwebsite.com, enter that domain name.

22. Note the IP that your machine has been assigned (Will probably look like 192.168.*.*, where the stars could be any number between 1 and 255). Tab to the end and hit OK.

23. “No” we do not want this machine to function as a network gateway.

24. “No” we don’t want to configure inetd and the network services that it provides.

25. “Yes” we want to enable SSH login.

SSH login is the standard way that people can access a *nix box remotely. If you want, you will be able to use any machine in the world to access and manage this server by using SSH.

26. “No” anonymous FTP access.

27. “No” not an NFS server.

28. “No” not an NFS client.

29. “No” don’t customize console settings.

30. “Yes” set the time zone.

31. Most machines are set to local time, and not UTC, so hit “No” unless you know that your machine is set up otherwise.

32. Select your region (America – North and South for me)

33. Select your country (United States for me, number 45)

34. Select your time zone (11, Central for me)

35. Select “Yes” the time zone looks reasonable.

36. “Yes” we want to enable Linux binary compatibility.

Approximately 3 minute wait.

37. “No” we don’t need to bother with a mouse.

38. “No” don’t browse the collection of packages.

39. “Yes” add an initial user account to the system.

40. Select option 2; add a new user to the system.

41. Enter the username that you would like to normally use and enter it in the “Login ID” box. Also enter a password for this user.

This step ensures that you have a user in the system other than the all-powerful "root". It is a good idea to have at least one other use in the system that you use on a normal basis, because if you always work as root, there is chance that you could accidently modify or delete some system files.

42. For the “Group” field, enter “wheel”, if you don’t do this, then you won’t be able to perform remote admin tasks.

43. Hit OK.

44. Go back up and select “Exit”.

45. Hit “OK” to the message that pops up.

We are about to set the “root” password, which is the most important password on a *nix box, so make sure that you come up with a good password that you are not going to forget or lose. You need to balance the difficulty of the password because if you forget it, you may have to reinstall the entire machine, but if the password is too easy, then malicious users or hackers will be likely to gain control of your machine.

46. Enter the root password twice.

47. “No”, you don’t want to return to the configuration menu.

48. Select “Exit Install”.

49. Select “Yes”, and while the system is rebooting, remove the FreeBSD disk from the drive.

50. As the machine boots up it will ask you for an entropy source, just hit a few keys at random and hit the enter key.

You have now installed and configured the main FreeBSD operating system, all future configuration and installs can be done remotely without ever touching the machine again. And, barring any unforeseen hardware or software problems, you should never need the monitor or keyboard of this machine ever again.

Part II

Use a program called Putty to connect to the machine via the IP that we were assigned during the DHCP step, or continue using the local keyboard and monitor connected to the machine.

1. Log in using the username and password that you came up with (webmaster, myJa3e9@npasS)

2. Log in as the super user by entering “su”, and then entering the “root” password when prompted.

Logging in as the super user gives you access to install and configure programs and change operating system settings.

3- 11. Enter the following commands, waiting until each completes before running the next one:

cd /usr/ports/databases/mysql50-server
make install clean
mysql_install_db
chown -R mysql /var/db/mysql/
chgrp -R mysql /var/db/mysql/
/usr/local/bin/mysqld_safe -user=mysql &
cd /usr/ports/www/apache20
make install clean

12. Hit OK

13-14: Enter the following commands:

cd /usr/ports/lang/php5
make install clean

15. Select "use Apache 2.x instead"

16-17. Enter the following commands:

cd /usr/ports/lang/php5-extensions
make config

18. Select any php extensions you want for your webserver and hit "OK".

This is part of the configuration for PHP. PHP has many possible features that come in modules, such as the ability to manage user sessions, interface with a database, etc. By selecting a module at this step, it will automatically be installed and configured for you.

19. make install clean

20. Simply hit "OK" for any option configurations that pop up.

21. Type "cat >> /usr/local/etc/apache2/httpd.conf". On the next line type "AddType application/x-httpd-php .php" and hit CTRL+D.

22. apachectl start

23. To be able to upload the files for your website, you will need to download a program like WinSCP.

24. Upload all of the files to /usr/local/www/

25. (Optional step) Purchase a domain name and point the DNS to your IP.

Connect to the server by the domain name that you have purchased, or by the IP that you wrote down in an earlier step, and everything should work. Congratulations, you have installed a FreeBSD server, complete with Apache, PHP, and MySQL!

Dislaimer: I understand that this article does not include router setup, domain name pointing, bandwidth, uptime, or TOS issues. This was intentionally an article that just shows you how to set up FreeBSD, Apache, PHP, and MySQL. This article does not cover security concerns or teach you how to manage the server after it has been set up. Setting up your own box by following this guide is a decent way to create an intranet webserver, get into *nix for the first time if have previously always used external hosting, and from these steps you can feel free to deviate in order to explore and learn. If you are looking for more information, I recommend you look up the individual install processes, or perhaps try setting up these webservices with different operating systems to learn for yourself what is going to make sense for you or your business.

Written by Stephen Fluin.


Monday, January 16, 2006

Step 8 - Configure Nagios on remote hosts - Windows

There are two ways of doing this :

1) nrpe_nt is a windows version of the nrpe (Nagios Remote Plugin Executor) daemon for unix-like operation systems. It provides methods to execute Nagios service checks on a windows host and report the results back to your Nagios host.

http://sourceforge.net/projects/nrpent/


2) Installing NSClient

To monitor win2k/nt machines you need to install the NSClient addon from
http://nsclient.ready2run.nl/ .

1) Follow the below steps to install NSClient on win2k/nt machines.

i. copy pNSClient.exe in any directory on the machine you want to
monitor. ie. (c:\nsclient).
ii. Open a dos prompt in the installation directory
iii. Run the following command : >pNSClient /install
iv. Start the service 'Netsaint NT Agent' in the services applet
of the control panel.

2) ftp/sftp the check_nt file from LinuxBin directory to the nagios
server's plugin directory i,e /usr/local/nagios/libexec in this case.

You can also set a password to NSclient , so that the nagios server can
authenticte first before running a check. Configurig this is suggestable 'cos
no one else can run a check on our server except our nagios server.

To configure this you need to add a registry key and reboot the server. Follow
the below process.

i) Edit the HKEY_LOCAL_MACHINE\SOFTWARE\NSClient\Parms\password key
and set the password as its value.

ii) Reboot the server.


Extras:

Nagios Web Interface,Frontend or GUI Tools

Nagios PHP

Nagios PHP is an alternative PHP Web interface for Nagios, written using SMARTY as its template engine.

Downloads and Documentation
http://nagios-php.sourceforge.net/

NaWui

NaWui stands for Nagios Administration Web User Interface.It is a Web frontend written in PHP to manage Nagios configurations and Database records. Database connectivity is supported using plugins, which simplifies the way records are stored.

Downloads and Documentation
http://www.stigma.dyndns.org/NaWui

Nagmin

NagMIN is a enterprise class Network Monitoring System, Powered by Nagios, WebMIN, RRDtool, Nmap, Fping, Net::SNMP, Syslog-NG and other open source software providing web-based administration, and enhanced web portal to help you manage your network.

Downloads and Documentation
http://nagmin.sourceforge.net/

Nagat

Nagat, or Nagios Administration Tool, is a webbased solution written in PHP for configuring Nagios, a host and service monitor.

Downloads and Documentation
http://nagat.sourceforge.net/

Nagios Web Config

A PHP/MySQL based front-end for Nagios 2.x setup. Complete with the ability to add/remove hosts, hostgroups, contacts, contactgroups, services, timeperiods and commands

Downloads and Documentation
http://sourceforge.net/projects/nagiosweb/

NagEdit

PHP & mySQL based tool to creat config Files for Nagios. No further need to create config files by hand, just use this Web Front End.

Downloads and Documentation
http://sourceforge.net/projects/nagedit

NagiosQL

NagiosQL is a web based administration tool for Nagios 2.x. It helps you to easily build a complex configuration with all options, manage and use them. NagiosQL is based on a webserver with PHP, MySQL and file access to the Nagios configuration files.

Downloads and Documentation
http://www.nagiosql.org/

nag2web

A PHP/MySQL web front-end for Nagios 2.x setup. With the ability to add/remove/edit the config items. The web front-end for NAGIOS has the ability to test the config. We want to build a simple possibility to find and show all the features in NAGIOS.

Downloads and Documentation
http://nag2web.de/

gng

Gng (Gnome Nagios Gui) can display host, parent link, icon, hostgroup map, user map, rectangle, line and text info.

Downloads and Documentation
http://gng.sourceforge.net/

Step 7 - Configure NRPE daemon on the remote hosts

For Monitoring Remote Hosts

NRPE - Nagios Remote Plugin Executor
Daemon and plugin for executing plugins on remote hosts

Nrpe is needed only to execute internal commands in remote host
like check_disk,
check_procs etc ..., and not for any external commands
like check_smtp,
check_pop which is used to see if a smtp, pop or a imap service is running.

This allows commands to be executed on remote hosts

check_nrpe - Runs on Nagios hosts this Plugin is used to send execution requests to the nrpe agent on the remote host.

nrpe - Agent that runs on the remote host and processes plugin execution requests

nrpe.cfg - Configuration file for the remote host agent

The check_nrpe plugin runs on the Nagios host and is used to send plugin execution requests to the nrpe agent on the remote host.

The nrpe agent will then run an appropriate plugins on the remote host and return the plugin output and return code to the check_nrpe plugin on the Nagios host.

The check_nrpe plugin then passes the remote plugin's output and return code back to Nagios as if it were its own. This allows for a rather transparent method of executing plugins on remote hosts. The nrpe agent can either be run as a standalone daemon or as a service under inetd.

Two Things you need to do for Configuring NRPE :

** The System where you Installed Nagios **

- Copy the check_nrpe client to the directory that
contains your Nagios plugins.
- Create a command definition in your Nagios config
file for the NRPE client. See the README file for
more info on doing this.

** The remote Sytem where you want to check for Services running **

- Copy the nrpe daemon to /usr/sbin, /usr/local/nagios
or wherever you feel it fits best.
- Copy the sample nrpe.cfg config file to /etc,
/usr/local/nagios or wherever you feel it fits best.
- Modify the /etc/services file and configure NRPE to
run under inetd, xinetd, or as a standalone daemon.
See the README file for more info on doing this.


Notes :

When running in daemon mode, the nrpe agent authenticates plugin execution requests by doing a rudimentary comparison of the IP address of the calling host against a list of allowed IP addresses in the configuration file.

When running under inetd, TCP wrappers can be employed to restrict access to the nrpe agent


There are a variety of ways you can monitor "local" or "private" services which are not normally exposed publicly. Some addons and tools you can use to accomplish this are listed below. Note that these generally apply only to services running on *NIX boxes

Use the check_by_ssh "plugin" to execute a plugin on a remote host. The check_by_ssh plugin is basically a wrapper for executing a plugin on a remote host using SSH. You must have SSH installed and configured properly in order to use this. In addition, any plugin you want to execute on the remote host must be installed on the remote host beforehand.

Use the nrpep or nagios_statd addons. These addons work in a similiar manner to the nrpe daemon. They are available for download from http://www.nagios.org/download.

If you are running SNMP services on the remote host, you could use the check_snmp plugin to check the value of various OIDs that you're interested in.

Step 6 - Part 3 - Editing Object Configuration files

In these Examples I will just Explain how I Configured some services running in my localhost for nagios.

My Hostname was - mybox.sriram.com

1) A host definition is used to define a physical server, workstation, device, etc. that resides on your network.

/usr/local/nagios/etc/hosts.cfg


define host{
use generic-host ; Name of host template to use

host_name mybox.sriram.com
alias Linux-Sriram #1
address 10.10.93.220
check_command check-host-alive
max_check_attempts 10
notification_interval 120
notification_period 24x7
notification_options d,u,r
}

2) A service definition is used to identify a "service" that runs on a host. The term "service" is used very loosely. It can mean an actual service that runs on the host (POP, SMTP, HTTP, etc.) or some other type of metric associated with the host (response to a ping, number of logged in users, free disk space, etc.). The different arguments to a service
definition are outlined below.

/usr/local/nagios/etc/services.cfg

# Service definition
define service{
use generic-service ; Name of service template to use
host_name mybox.sriram.com
service_description POP3
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 5
retry_check_interval 1
contact_groups linux_contact_groups
notification_interval 120
notification_period 24x7
notification_options w,u,c,r
check_command check_pop
}

# Service definition
define service{
use generic-service ; Name of service template to use

host_name mybox.sriram.com
service_description PING
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 5
retry_check_interval 1
contact_groups linux_contact_groups
notification_interval 120
notification_period 24x7
notification_options c,r
check_command check_ping!100.0,20%!500.0,60%
}


3) A contact definition is used to identify someone who should be contacted in the event of a problem on your network. The different arguments to a contact definition are described below.

/usr/local/nagios/etc/contacts.cfg

# 'nagios' contact definition

define contact{
contact_name sriram
alias Nagios Admin
service_notification_period 24x7
host_notification_period 24x7
service_notification_options w,u,c,r
host_notification_options d,u,r
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
email sriram003@gmail.com
}

4) A time period is a list of times during various days that are considered to be "valid" times for notifications and service checks. It consists one or more time periods for each day of the week that "rotate" once the week has come to an end. Exceptions to the normal weekly time range rotations are not suported.

/usr/local/nagios/etc/timeperiods.cfg

# '24x7' timeperiod definition
define timeperiod{
timeperiod_name 24x7
alias 24 Hours A Day, 7 Days A Week
sunday 00:00-24:00
monday 00:00-24:00
tuesday 00:00-24:00
wednesday 00:00-24:00
thursday 00:00-24:00
friday 00:00-24:00
saturday 00:00-24:00
}

5)
A command definition is just that. It defines a command.
When you install Nagios-plugin it installs all the commands in
/usr/local/nagios/libexec directory

/usr/local/nagios/etc/checkcommands.cfg

For any additional commands you will need to download from net or create your own Macros.

define command{
command_name check_tcp
command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$
}

Note: you don't need to edit this file unless its not mentioned in checkcommands.cfg make sure that command is available in /usr/local/nagios/libexec directory.

If you want to see if there are no errors in the configuraion file then run

#/usr/local/nagios/bin/nagios -v nagios.cfg

Please make sure you set the proper permission as listed

chown nagios.nagios /usr/local/nagios/var/rw
chmod u+rwx /usr/local/nagios/var/rw
chmod g+rwx /usr/local/nagios/var/rw
In order to force newly created files in the directory to inherit the group permissions from the directory, we need to enable the group sticky bit on the directory...

chmod g+s /usr/local/nagios/var/rw

Restart Web Server

Step 6 - Part 2 - Editing cgi.cfg

Now lets see the CGI Configuration file :

/usr/local/nagios/etc/cgi.cfg

I have UnHashed the below lines in the file cgi.cfg

main_config_file=/usr/local/nagios/etc/nagios.cfg

physical_html_path=/usr/local/nagios/share

url_html_path=/nagios/

show_context_help=1

nagios_check_command=/usr/local/nagios/libexec/check_nagios /usr/local/nagios/var/status.log 5 '/usr/local/nagios/bin/nagios'

use_authentication=1

authorized_for_system_information=nagiosadmin,theboss,jdoe

authorized_for_configuration_information=nagiosadmin,jdoe

authorized_for_system_commands=nagiosadmin

authorized_for_all_services=nagiosadmin,guest
authorized_for_all_hosts=nagiosadmin,guest

authorized_for_all_service_commands=nagiosadmin
authorized_for_all_host_commands=nagiosadmin

statusmap_background_image=smbackground.gd2

default_statusmap_layout=4

default_statuswrl_layout=4

ping_syntax=/bin/ping -n -U -c 5 $HOSTADDRESS$

refresh_rate=90

Step 6 - Part 1- Editing the Necessary .CFG Configuration files

First we will the main configuration file

#cd /usr/local/nagios/etc

Below I am mentioning the lines that I have unhashed

#cat nagios.cfg

log_file=/usr/local/nagios/var/nagios.log

cfg_file=/usr/local/nagios/etc/checkcommands.cfg

cfg_file=/usr/local/nagios/etc/misccommands.cfg

cfg_file=/usr/local/nagios/etc/contactgroups.cfg
cfg_file=/usr/local/nagios/etc/contacts.cfg
cfg_file=/usr/local/nagios/etc/dependencies.cfg
cfg_file=/usr/local/nagios/etc/escalations.cfg
cfg_file=/usr/local/nagios/etc/hostgroups.cfg
cfg_file=/usr/local/nagios/etc/hosts.cfg
cfg_file=/usr/local/nagios/etc/services.cfg
cfg_file=/usr/local/nagios/etc/timeperiods.cfg

resource_file=/usr/local/nagios/etc/resource.cfg

status_file=/usr/local/nagios/var/status.log

nagios_user=nagios

nagios_group=nagios

check_external_commands=1

command_check_interval=-1

command_file=/usr/local/nagios/var/rw/nagios.cmd

comment_file=/usr/local/nagios/var/comment.log

downtime_file=/usr/local/nagios/var/downtime.log

lock_file=/usr/local/nagios/var/nagios.lock

temp_file=/usr/local/nagios/var/nagios.tmp

log_rotation_method=d

log_archive_path=/usr/local/nagios/var/archives

use_syslog=1

log_notifications=1

log_service_retries=1

log_host_retries=1

log_event_handlers=1

log_initial_states=0

log_external_commands=1

log_passive_service_checks=1

inter_check_delay_method=s

service_interleave_factor=s

max_concurrent_checks=0

service_reaper_frequency=10

sleep_time=1

service_check_timeout=60
host_check_timeout=30
event_handler_timeout=30
notification_timeout=30
ocsp_timeout=5
perfdata_timeout=5

retain_state_information=1

state_retention_file=/usr/local/nagios/var/status.sav

retention_update_interval=60

use_retained_program_state=0

interval_length=60

use_agressive_host_checking=0

execute_service_checks=1

accept_passive_service_checks=1

enable_notifications=1

enable_event_handlers=1

process_performance_data=0

obsess_over_services=0

check_for_orphaned_services=0

check_service_freshness=1

freshness_check_interval=60

aggregate_status_updates=1

status_update_interval=15

enable_flap_detection=0

low_service_flap_threshold=5.0
high_service_flap_threshold=20.0
low_host_flap_threshold=5.0
high_host_flap_threshold=20.0

date_format=us

illegal_object_name_chars=`~!$%^&*|'"<>?,()=

illegal_macro_output_chars=`~$&|'"<>

admin_email=nagios

admin_pager=pagenagios

Step 5 - Understanding the Configuration files of Nagios

Lets Understand the Configuration overview of Nagios.

As per my installation all the configuration files are stored in

--- /usr/local/nagios/etc/ ---- Directory

The main configuration file

/usr/local/nagios/etc/nagios.cfg

The above file contains a number of directives that affect how Nagios operates.

Object Configuration Files

Object configuration files (historically called "host" configuration files) are used to define hosts, services, hostgroups, contacts, contactgroups, commands, etc. This is where you define what things you want monitor and how you want to monitor them.

CGI Configuration File

/usr/local/nagios/etc/cgi.cfg

This contains a number of directives that affect the operation of the CGIs

When you look at the directory /usr/local/nagios/etc

You will find the following files :

cgi.cfg-sample
checkcommands.cfg-sample
contactgroups.cfg-sample
contacts.cfg-sample
dependencies.cfg-sample
escalations.cfg-sample
hostgroups.cfg-sample
hosts.cfg-sample
misccommands.cfg-sample
nagios.cfg-sample
resource.cfg-sample
services.cfg-sample
timeperiods.cfg-sample

You will need to take a backup of the above files and rename the *.cfg-sample to *.cfg


Step 4 - Configure .htaccess for Password Authentication

Password Authentication for Below Directories

/usr/local/nagios/sbin
/usr/local/nagios/share

The next step is to create a file named .htaccess in the root your CGI directory (and optionally also you HTML directory) for Nagios (usually /usr/local/nagios/sbin and /usr/local/nagios/share, respectively). The file(s) should have contents similiar to the following...

AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
require valid-user


Now to create the Users
# htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
New password:
Re-type new password:
Adding password for user nagiosadmin

Password I added as admin

Okay, so you're done with this part of what needs to be done. If you point your web browser to your Nagios CGIs you should be asked for a username and password. If you have problems getting user authentication to work at this point, read your webserver documentation for more info.

Once you've finished editing the Apache configuration file, you'll need to restart the web server with a command like this...

/etc/rc.d/init.d/httpd restart

Verify Your Changes

Don't forget to check and see if the changes you made to Apache work. You should be able to point your web browser at http://yourmachine/nagios and get the web interface for Nagios.

To Troubleshoot any errors on Apache Server Check the logs

#tail -f /var/log/httpd/error_log

Step 3 - Configure Web Interface for Nagios

To Set up The Web Interface for Nagios

In these instructions I will assume that you are running the Apache web server on your machine. If you are using some other web server, you'll have to make changes where appropriate. I am also assuming that you used the /usr/local/nagios as the installation prefix.

Configure Script Alias For The CGIs

You'll need to create an alias for the CGIs as well. The default installation expects to find them accessible at http://yourmachine/nagios/cgi-bin/, although this can be changed using the --with-cgiurl option in the configure script. Anyway, add something like the following to your web server configuration file (i.e. httpd.conf) (changing it to match any directory differences on your system)...

ScriptAlias /nagios/cgi-bin/ /usr/local/nagios/sbin/

AllowOverride AuthConfig
Options ExecCGI
Order allow,deny
Allow from all



Important! The Script-Alias line above must come before the Alias line below. Otherwise Apache will parse the lines differently.

Important! If you are installing Nagios on a multi-user system, you may want use CGIWrap to provide additional security between the CGIs and the external command file. If you decide to use CGIWrap, the ScriptAlias you'll end up using will most likely be different from that mentioned above. More information on doing this can be found here.

Configure Alias For The HTML Files

In order to make the HTML files accessible via the web server, you'll have to edit your Apache configuration file as follows...

Add the following to your web server configuration file (i.e. httpd.conf) as follows:

Alias /nagios/ /usr/local/nagios/share/

Options None
AllowOverride AuthConfig
Order allow,deny
Allow from all


This will allow you to use an URL like http://yourmachine/nagios/ to view the HTML web interface and documentation. The alias should be the same value that you entered for the --with-htmurl argument to the configure script (default is /nagios/).

Important! The Alias directive you just added for the HTML files must come after the ScriptAlias directive for the CGIs. If it doesn't, you'll get a 404 error when attempting to access the CGIs.

Restart The Web Server

Once you've finished editing the Apache configuration file, you'll need to restart the web server with a command like this...

/etc/rc.d/init.d/httpd restart

Step 2 - Installing Nagios Plugins

Installing The Plugins

In order for Nagios to be of any use to you, you're going to have to download and install some plugins.

Plugins are usually installed in the libexec/ directory of your Nagios installation (i.e. /usr/local/nagios/libexec).

Plugins are scripts or binaries which perform all the service and host checks that constitute monitoring. You can grab the latest release of the plugins from- http://www.nagios.org/download or http://sourceforge.net/projects/nagiosplug/

I downloaded the Plugin from here


For Installing Plugin
cd /usr/local/nagios/

#gunzip nagios-plugins-1.4.2.tar.gz
# tar xf nagios-plugins-1.4.2.tar

#cd /usr/local/nagios/nagios-plugins-1.4.2

#./configure' to configure the package for your system.

Running `configure' takes awhile. While running, it prints some
messages telling which features it is checking for.

#make
`make' to compile the package.

Optionally, type `make check' to run any self-tests that come with
the package.

#make install

`make install' to install the programs and any data files and
documentation.

You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.

Now the Installation of Plugin is completed !!!

After the Installation of Nagios-Plugin you will see a libexec directory created in /usr/local/nagios/

This will have all the necessary commands to check services.

check_

For more options on those commands you can execute :

[root@mybox libexec]# ./check_http
check_http: Could not parse arguments
Usage: check_http -H | -I [-u ] [-p ]
[-w ] [-c ] [-t ] [-L]
[-a auth] [-f ] [-e ]
[-s string] [-l] [-r | -R ]
[-P string] [-m :] [-4|-6] [-N]
[-M ] [-A string] [-k string]






Step 1 - Installing Nagios

I downloaded nagios-1.3.tar.gz from http://www.nagios.org/download/

After Downloading,
Copy the nagios-1.3.tar.gz in /usr/local/src

#gunzip nagios-1.3.tar.gz
#tar xf nagios-1.3.tar

Before Installing Create a Installation Directory and a User for Nagios

Create the base directory where you would like to install Nagios as follows...
#mkdir /usr/local/nagios

Create User/Group
You're probably going to want to run Nagios under a normal user account, so add a new user (and group) to your system with the following commands (these will vary depending on what OS you're running):

#adduser nagios


I used the following Option

[root@mybox nagios-1.3]# ./configure --prefix=/usr/local/nagios --with-cgiurl=/nagios/cgi-bin --with-htmurl=/nagios/ --with-nagios-user=nagios --with-nagios-grp=nagios

You Will get this after you run the above

*** Configuration summary for nagios 1.3 11-17-2005 ***:

General Options:
-------------------------
Nagios executable: nagios
Nagios user/group: nagios,nagios
Command user/group: nagios,nagios
Embedded Perl: no
Install ${prefix}: /usr/local/nagios
Lock file: ${prefix}/var/nagios.lock
Init directory: /etc/rc.d/init.d

Web Interface Options:
------------------------
HTML URL: http://localhost/nagios//
CGI URL: http://localhost/nagios/cgi-bin/
Traceroute (used by WAP): /usr/sbin/traceroute

External Data Routines:
------------------------
Status data: Default (text file)
Object data: Template-based (text file)
Comment data: Default (text file)
Downtime data: Default (text file)
Retention data: Default (text file)
Peformance data: Default (external commands)
Extended info data: Template-based (text file)

Compile Nagios and the CGIs with the following command:

#make all

Installing The Binaries And HTML Files

Install the binaries and HTML files (documentation and main web page) with the following command:

#make install

Installing An Init Script

If you wish, you can also install the sample init script to /etc/rc.d/init.d/nagios with the following command:

#make install-init

#make install-commandmode
- This installs and configures permissions on the
directory for holding the external command file

#make install-config
- This installs *SAMPLE* config files in /usr/local/nagios/etc
You'll have to modify these sample files before you can
use Nagios. Read the HTML documentation for more info
on doing this. Pay particular attention to the docs on
object configuration files, as they determine what/how
things get monitored!

Now the Installation of Nagios is complete !!!

cd /usr/local/nagios

You should see five different subdirectories. A brief description of what each directory contains is given in the table below.

Sub-Directory Contents
bin/ Nagios core program
etc/ Main, resource, object, and CGI configuration files should be put here
sbin/ CGIs
share/ HTML files (for web interface and online documentation)
var/ Empty directory for the log file

Nagios

Nagios is a system and network monitoring application. It watches hosts and services that you specify, alerting you when things go bad and when they get better, through Web Based Interface.

Nagios Plugins helps you monitor Sevices for Windows and Linux Systems on your network.

What do you need to run Nagios ?

A Linux System.
Web Server - Preferably Apache
Thomas Boutell's GD Library 1.6.3 or Higher (http://www.boutell.com/gd)

What do you need to download ?

Download Nagios Stable version from www.nagios.org
At the time of writing this doc I had downloaded nagios-1.3.tar.gz

Then you need to Download additional plugins.

Let me explain these plugins in detail :

You will need to download 3 Types of plugins

1) nagios-plugins-1.4.2.tar

This will have all the necessary commands to excecute and check status of services under the libexec directory.

2) NRPE - nagios-nrpe_2.0.orig.tar.gz

Daemon and plugin for executing plugins on remote hosts

3) Nsclient - nsclient_201.zip

To Monitor Win2k/NT Systems on your network you need to install nsclient addon from :

http://nsclient.ready2run.nl/


Step by Step Look at Configuring Nagios

1) Install Nagios
2) Install Plugins
3) Configure Web Interface.
4) Configure .htaccess for Password Authentication
5) Understanding the Configuration Files
6) Editing the Necessary .CFG Configuration files

7) Configure NRPE daemon on the remote hosts - Linux
8) Configure NSclient on remote hosts - Windows

Note : There are other Web Based tools available to configure Nagios such as

Nagat -
is a PHP interface for managing Nagios

Nagmin - is a plugin for Webmin that can be used to manage Nagios

Nagiosweb - is a PHP/MySQL frontend for Nagios configuration.

Although I have used the backend to configure Nagios, you may try using anyone of the above.

Redirecting TCP Connections - Rinetd


RINETD : - Internet Redirection Server

Redirects TCP connections from one IP address and port to another. rinetd is a single-process server which handles any number of connections to the address/port pairs specified in the file /etc/rinetd.conf

Rinetd is typically launched at boot time using /usr/sbin/rinetd

The configuration is found in the file /etc/rinetd.conf unless another file is specified using -c command line option

Most of the entries in the file are Forwarding rules

The Format of the forwarding rules is as follows

bindaddress bindport connectedaddress connectedport

For example

10.10.93.220 80 10.10.93.30 80

Would redirect all connections on port 80 on 220 to 80 on 30

Check more about this here



Sunday, January 15, 2006

Vi Editor Tip - How to add a character at the Beginning Lines in a File.

Suppose you want to add # at the Beginning of a Line for 25 lines in a file.

::.,+N s/^/#/g

Where "N" is the Number of lines to be commented after the current cursor location inclusive of the current line.

Saturday, January 14, 2006

Wordpress - Weblog Software

WordPress is Weblog software with an extremely clean, easy-to-use interface written in PHP with a MySQL back end.

Installing WordPress is amazingly straightforward if you have a bit of experience with Apache and MySQL. WordPress stores all of its information in a set of MySQL tables, which means you need to create at least one database before installing WordPress. WordPress allows you to have more than one Weblog inside of a single database, which is useful if your site is hosted by a company that gives you only a single MySQL database.

Now to Create a Database user :

#mysql -u root -p

Enter the Mysql Password.

Create a Database wordpress

mysql>create database wordpress;

mysql>GRANT ALL PRIVILEGES ON wordpress.* TO wordpress@localhost IDENTIFIED BY 'password';

Next, download the source code to WordPress (see the on-line Resources section) and open that .tar.gz file inside of your Apache document root directory. You probably want to put the WordPress files inside of their own directory or perhaps under a virtual host, but all of the files must be within the document root if they are to be of any use.

Now point your browser to wp-admin/install, and you're on your way. The installation screens check that everything is installed correctly and ask you to answer several questions. Typically, you need to click on a link at the bottom of each page to continue with and finish the installation.



LiteSpeed Web Server - Performance Better than Apache

LiteSpeed web server is an Apache interchangeable, full-featured high performance, secure HTTP server specifically engineered from the ground up with security and scalability in mind.

LiteSpeed Web Server is engineered to be Apache interchangeable, which means LiteSpeed has all the flexibilities that Apache has, but in much faster manner, such as distributed configuration .htaccess support. The most commonly used Apache modules have been implemented in LiteSpeed with similar functionality and configuration, but completely different design and implementation. Currently, LiteSpeed uses Apache compatible configuration for .htaccess and URL rewriting and it is even able to use Apache configuration file directly. This makes your switching between Apache and LiteSpeed very easy and risk free.

LiteSpeed Web Server is also a real-world proven high performance content accelerator, compression proxy, and application security gateway leveraged by its highly scalable, low latency proxy engine.

With the combination of ease of use, tight security, outstanding performance, scalability, and reliability, LiteSpeed Web Server is the ultimate web server you ever need!

Download Standard Edition for Free

http://www.litespeedtech.com/download.html

decompress the package into a convenient location:
tar xvfz lsws-xxxx.tar.gz or gunzip -c lsws-xxxx.tar.gz | tar xvf -


Go to the installation directory cd lsws-xxxx and run command ./install.sh
The "root" user can install the server into a system directory; other users should install it to somewhere under his home directory.

Read the End User License Agreement and type "Yes" to confirm your agreement.

ollow the instructions on the screen.
The following questions will be asked:

  1. User and group that the server process run on behalf of.
  2. Destination directory where the server should be installed.
  3. If an installed copy exists, choose either Update or Reinstall.
    Update will keep your current configuration.
  4. Administrator's user name and password for the administration web interface.
  5. TCP port for normal web service.
  6. TCP port for web administration interface.
To start the server, simply run [your_install_dir]/bin/lswsctrl start

If the default port for normal web service was not changed during installation, point your browser to http://[address]:8088/, otherwise replace "8088" with actual port used. "[address]" should be the IP address or domain name of web server machine. Use "localhost" if it is accessed from the same machine. The congratulation page should be loaded into browser, if it is not, try next step.

If the default port for web administration interface is not changed during installation, point your browser to http://[address]:7080/, otherwise replace "7080" with actual port used. "[Address]" should be the IP address or domain name of your web server machine. Use "localhost" if it is accessed from the same machine.

If the web administration interface is inaccessible either, please take a look at the error log - [your_install_dir]/logs/error.log

To Uninstall
Simply run [your_install_dir]/admin/misc/uninstall.sh and follow the instructions on the screen.

Thursday, January 12, 2006

A quick guide for repairing your kernel from a live CD

GNU/Linux, and all other operating systems, are based around a kernel which controls hardware access and maximizes CPU and RAM efficiency by controlling when and how much programs get to use. The difference between Linux and most other operating systems (closed source ones at least BSD and other open source OS's you can do this with) is that you can compile the kernel to meet your needs.

Step 1. Basics of the kernel.

I will most likely never have to use an old serial modem or something, so i would not compile in the drivers for it. Also, Linux supports modules, which are drivers that don't load until you tell them to. Modules can be useful for things that you don't use much, like I don't use ReiserFS personally but if my friend who does needs me to retrieve data from a hard drive, I don't want to have to recompile my kernel to help, instead i just type modprobe reiserfs . Compiling a kernel in Linux is fairly easy, if you know basically what you are doing, that is what this article hopes to explain.

If you have a working system and just want a kernel to improve performance, get you up to date, or for bragging rights, go down to Step 3

If you f00barred your system and need to install a new kernel from a live cd, keep on reading.

Step 2. Chrooting from Knoppix

Okay, this step is very easy it involves opening a konsole and typing as root

mount /dev/ -rw /mnt/linux

mount /dev/ -rw /mnt/linux/

chroot /mnt/linux

Well, that basically concludes that step. Basically you just mount all your required linux partitions. (Yes you have to know what those are, if you feel like you are going to b0rk your install soon and still have normal access to the computer just print out your /etc/fstab) Then, you simply chroot into it.

Step 3. Configuring and Compiling the Kernel

Configuring the kernel is the hardest part of this. Before going into this know your hardware. That said download the sources for the latest kernel version from www.kernel.org or if you are using Gentoo (if you are you should have read the manual but anyway...) emerge the version of kernel sources you want (such as gentoo-dev-sources gentoo-gaming-sources or whatever). Once they are downloaded decompress and untar them to /usr/source and then create a linux symlink.

tar -xvjf .bz2 -C /usr/src

cd /usr/src

rm linux

ln -s linux

cd linux

Now you are in your kernel source directory, and now its time for the magic to happen type

make menuconfig

This will launch a rather nice interface for configuring the kernel. I will tell you what every system *needs* to function. First off you are going to want to go under file systems and select all the ones you use and under psuedo-filesystems select all of them (NOTE: DO NOT set any of the ones that you use constantly to modules, this will make it so that the computer cannot boot). Now go into processor type and features and select the applicable options. Now its time to explore the device drivers, these are rather important, go crazy here, make sure you include support for your network cards, block devices, sound cards, whatever. Now for the most part it should be done, look through the other categories though to make sure everything is happy. Once you are satisfied with your config, save and exit. Now it is time to actually compile the beast, depending on your system this could take a while, call the pizza guy if you must. Type

make && make modules_install

Now wait for it. While you are waiting lets go over the next step, actually installing the kernel. What you have to do is copy the bzImage into your /boot directory, but you do not have to call it bzImage, you can call it Bob or John or Alice or whatever, I usually just call it gentoo. Okay, the code to install is

cp arch/i386/boot/bzImage /boot/

cp System.map /boot/System.map

cp .config /boot/.config

Once that is done, all you have left to do is edit /etc/lilo.conf (or grub.conf but i don't know much about grub, there is some good information online about it) For LILO simply update lilo.conf (Mine looks like this because I do some fancy things with it)

boot=/dev/sda # Install LILO in the MBR

prompt # Give the user the chance to select another section

timeout=500 # Wait 5 (five) seconds before booting the

default=gentoo # When the timeout has passed, boot the "gentoo" section

install=/boot/boot-bmp.b # means you will use grafical version

bitmap=/boot/handy_128.bmp # background path

bmp-colors=38,68,53,112,38,25 # text color

bmp-table=114p,347p,2,7 # label position on the screen p=pixel

bmp-timer=470p,336p,25,0,11 # timer position on the screen p=pixel


#This is where you put kernel information for linux

image=/boot/gentoo #image name (what you named the bzImage)

label=gentoo # Name we give to this section

read-only # Start with a read-only root. Do not alter!

root=/dev/sda7 # Location of the root filesystem


# The next two lines are only if you dualboot with a Windows system.

# In this case, Windows is hosted on /dev/hda6.

other=/dev/sda1

label=windows

Once that is edited to include the latest information. Simply run as root

lilo

then everything should be happy if you did everything right. Now boot into your normal system and see if it works, if it kernel panics try again. This takes a bit of practice but once you understand it, it becomes easy.


About the Author

I am SchleyFox and I use Gentoo GNU/Linux. I go to www.usalug.org to get linux help and so should you.