Configure phpldapadmin for OpenLDAP Server (CentOS 7)

A. Server Configuration
    192.168.100.195  ldapserver.geekonline.in
    192.168.100.196  client1.geekonline.in
    For detailed LDAP configuration please visit this post.

B. Install phpldapadmin on same server

1.  Install epel repository on the server
    # rpm -ivh  https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm

2.  Install phpldapadmin package
     #yum install phpldapadmin
     

3. Take backup of phpldapadmin config file and make the necessary changes
    # cp config.php config.php.orig
    # vi config.php
    Go to line 397 comment it and uncomment line 398
     $servers->setValue('login','attr','dn');
     // $servers->setValue('login','attr','uid');
     

4. Enable httpd service and add firewall rules for httpd service
    #systemctl enable httpd
    #firewall-cmd --permanent --add-port=80/tcp
    #firewall-cmd --reload

5. Try to access phpldapadmin page
    http://192.168.100.195
    while accessing the page It gives below error
    

6. To resolve this Edit the apache configuration file for phpldapadmin
    #cd /etc/httpd/conf.d/
    #vi phpldapadmin.conf
    change the entry from "require local" to "require all granted"
    Save config file and reload apache service
    #systemctl reload httpd
    

7. Now open the page 192.168.100.195/phpldapadmin
    
8. Login on the server
    

9. Now edit the phpldapadmin config file and change The name from Local LDAP server to Geekonline.in LDAP server on Line no 291
    #cd /etc/phpldapadmin
    #vi config.php
    

10. Refresh the page without restarting/reloading httpd service
    

B. Install phpldapadmin on different server 
1. All steps will be same for installation and configuration phpldapadmin on different server.
    Only below additional change in phpldapadmin config is required  on line no 298 
    Change IP address from 127.0.0.1 to OpenLDAP server IP address
        

2. Access the phpldapadmin webpage on the server 
    http://192.168.100.196/phplapadmin
    

Summary:
1. We can configure  phpldapadmin on same server or another server.
2. Managing users and groups on OpenLDAP server becomes easy.  
  
    
    



 

OpenLDAP Server Configuration (CentOS 7)

OpenLDAP is a directory Server and is configured by using LDAP Data Interchange Format files (.ldif). 
Manually Editing config files results in checksum error
Space is considered as a junk character and causes error while importing .ldif files

A. Server Configuration

1. Edit /etc/hosts/ file to for name resolution on both Server and Client Systems
    192.168.100.195  ldapserver.geekonline.in
    192.168.100.196  client1.geekonline.in

    

2. Install necessary packages
     #yum -y install strace net-tools
     #yum install openldap* migrationtools
     #systemctl enable slapd
     #systemctl start slapd

3. Change log settings
     #echo "####Custom Logs for LDAP###" >> /etc/rsyslog.conf
     #echo "local4.* /var/log/slapd/ldap.log" >> /etc/rsyslog.conf
     #tail -n2 /etc/rsyslog.conf
     #systemctl restart rsyslog   or # systemctl reload rsyslog
     It will automatically create directory and files and LDAP logs will be redirected to /var/log/slapd/ldap.log
     

4. Open ports in firewall
     #firewall-cmd --permanent --add-port=389/tcp
     #firewall-cmd --permanent --add-port=636/tcp
     #firewall-cmd --permanent --add-port=9830/tcp
     #firewall-cmd --reload


5.  list the config files
     #cd /etc/openldap/slapd.d/cn\=config
     #ls
     

6.  #cat olcDatabase\=\{2\}hdb.ldif (Before any changes)
     

7   Create a admin password in SSHA hash algorithm and copy the output to notepad for further configuration. 
     # slappasswd
     

8.  Create ldif to modify olcDatabase={2}hdb.ldif
      #vi /opt/ldap/db.ldif

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=geekonline,dc=in

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=admin,dc=geekonline,dc=in

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}ULNvNmPZNyCNqlU5E/9DftThZzF4aAEE

     

9. Make sure no extra spaces are present in the file and Import the DB file
     #cd /opt/ldap/
    #ls
    #ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif
    #slaptest -u
    

10. Note the change in file
     #cat olcDatabase\=\{2\}hdb.ldif (Before any changes)
    
11. Now check the file 
    #cat olcDatabase={1}monitor,cn=config
    


12. Create monitor.ldif file
     #vi monitor.ldif
     
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=admin,dc=geekonline,dc=in" read by * none

    


13.Make sure no extra spaces are present in the file and Import the DB file
    #ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif
    #slatptest -u
    

14  Now check file olcDatabase={1}monitor,cn=config for changes
   #cat olcDatabase={1}monitor,cn=config
    

15. Crease SSL Certificates for 10 years
   #openssl req -nodes -new -x509 -keyout /etc/openldap/certs/ldapkey.pem -out /etc/openldap/certs/ldapcert.pem -days 3650
    

16. Create certs.ldif file
      #vi certs.ldif

dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/ldapkey.pem

dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/ldapcert.pem
 
    

 17. Make sure no extra spaces are present in the file and  Import the DB file
    #ldapmodify -Y EXTERNAL -H ldapi:/// -f certs.ldif
    #slaptest -u
   

18. Verify the changes
    #cd /etc/openldap/slapd.d
    #cat cn=config.ldif
   

19. Copy DB_CONFIG file and add external schemas (used for storing data)
    #cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
    #chown ldap:ldap /var/lib/ldap/DB_CONFIG
    #ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif 
    #ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif 
    #ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
  
    

20.create a base.ldif file
     #vi base.ldif

dn: dc=geekonline,dc=in
dc: geekonline
objectClass: top
objectClass: domain

dn: cn=admin,dc=geekonline,dc=in
objectClass: organizationalRole
cn: admin
description: LDAP Manager

dn: ou=People,dc=geekonline,dc=in
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=geekonline,dc=in
objectClass: organizationalUnit
ou: Group

   

21. Add base ldif to LDAP Configuration
   #ldapadd -x -W -D "cn=admin,dc=geekonline,dc=in" -f base.ldif
   #slaptest -u
   


22.Check ldap object classes
    #ldapsearch -xb "dc=geekonline,dc=in" "(objectClass=*)"
   

23. check password 
   #ldapsearch -H ldap://127.0.0.1 -D "cn=admin,dc=geekonline,dc=in" -w "pass"
   
 
24.Create OS Users.
   #useradd osuser1
   #useradd osuser2
   #echo "pass1" | passwd --stdin osuser1
   #echo "pass2" | passwd --stdin osuser2

   #mkdir /opt/ldap/migrated_users
   #grep "osuser" /etc/passwd >> /opt/ldap/migrated_users/users
   #grep "osuser" /etc/group >> /opt/ldap/migrated_users/groups
   verify the files

   #cat /opt/ldap/migrated_users/users 
   #cat /opt/ldap/migrated_users/groups

  

25. Using migration tool
     #cd /usr/share/migrationtools/
     #cp migrate_common.ph migrate_common.ph.orig
     #vi migrate_common.ph
     #search and change below entries

     $DEFAULT_MAIL_DOMAIN = "geekonline.in";
     $DEFAULT_BASE = "dc=geekonline,dc=in"; 
     $EXTENDED_SCHEMA = 1;



26. Migrate OS users and groups using migration tool
   #/usr/share/migrationtools/migrate_passwd.pl /opt/ldap/migrated_users/users /opt/ldap/migrated_users/users.ldif
   #/usr/share/migrationtools/migrate_group.pl /opt/ldap/migrated_users/groups /opt/ldap/migrated_users/groups.ldif
   #ldapadd -x -W -D "cn=admin,dc=geekonline,dc=in" -f /opt/ldap/migrated_users/users.ldif
   #ldapadd -x -W -D "cn=admin,dc=geekonline,dc=in" -f /opt/ldap/migrated_users/groups.ldif

   

27.  Search that added user in ldap also check for 
   #ldapsearch -x cn=osuser1 -b dc=geekonline,dc=in
    
  
    #  ldapsearch -x cn=osuser2 -b dc=geekonline,dc=in
  

28 Create password for LDAP users which we are going to create using openssl
    #openssl passwd -crypt pass1
    uSMQbmjkzJzBw
    #openssl passwd -crypt pass2
    195EbQnuDDzcA
    note down the  output
   

29 create ldif file for user ldapuser1
   #vi ldapuser1.ldif

dn: cn=ldapuser1,ou=People,dc=geekonline,dc=in
cn: ldapuser1
gidnumber: 100
givenname: ldapuser1
homedirectory: /home/users/ldapuser1
loginshell: /bin/bash
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: Surname
uid: ldapuser1
uidnumber: 5001
userpassword: {CRYPT}uSMQbmjkzJzBw
   
   

30 create ldif file for user ldapuser2
   #vi ldapuser1.ldif
 
dn: cn=ldapuser2,ou=People,dc=geekonline,dc=in
cn: ldapuser2
gidnumber: 100
givenname: ldapuser2
homedirectory: /home/users/ldapuser2
loginshell: /bin/bash
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: Surname
uid: ldapuser2
uidnumber: 5002
userpassword: {CRYPT}195EbQnuDDzcA

   

31. Import both users in LDAP using ldif files
     #ldapadd -x -D "cn=admin,dc=geekonline,dc=in" -W -f ldapuser1.ldif
     #ldapadd -x -D "cn=admin,dc=geekonline,dc=in" -W -f ldapuser2.ldif
   

32. Verify the users in  LDAP
  #ldapsearch -x cn=ldapuser1 -b dc=geekonline,dc=in
   
  
  #ldapsearch -x cn=ldapuser2 -b dc=geekonline,dc=in
   

B. Client Configuration 
  
     
1. Install the necessary packages
  #yum install openldap-clients nss-pam-ldapd

2. Edit /etc/hosts/ file to for name resolution on both Server and Client Systems 
    192.168.100.195 ldapserver.geekonline.in 
    192.168.100.196 client1.geekonline.in

   

3. Enter below command on the client
    #authconfig --enableldap --enableldapauth --ldapserver=ldapserver.geekonline.in --ldapbasedn="dc=geekonline,dc=in" --enablemkhomedir --update
    
    This will automatically create home directory on client machine at first login

    

   Above command automatically configures ldap client,nsswitch file and PAM  
   #cat /etc/nslcd.conf |grep -v \#
   
  
   #cat /etc/nsswitch.conf |grep -i ldap
   

   #grep -ir home /etc/pam.d/*
   

  

Thus We can Configure LDAP server

C: Deleting LDAP user
   1. Gather the required information from LDAP using below command
   #ldapsearch -x cn=ldapuser1 -b dc=geekonline,dc=in

  2. Delete the user using below command
  #ldapdelete -v -c -D "cn=admin,dc=geekonline,dc=in" -w pass "cn=ldapuser1,ou=People,dc=geekonline,dc=in"



Summary
1. Never edit configuration files manually. 
2. LDAP configuration is easy if you avoid copy paste/typing mistakes (unnecessary spaces are considered as junk characters)
3. You can import existing OS users to LDAP
4. You can create LDAP user directly without creating it on OS
5. Client configuration can be done using fqdn instead of IPs
6. You can Create/modify/delete users easily






 
         

Install and configure cockpit with SSL (debian)

1. Edit /etc/apt/sources.list file or create new file /etc/apt/sources.list.d/Backports.list and add below lines

        #deb http://ftp.debian.org/debian/ stretch-backports main contrib non-free
        #deb http://packages.prosody.im/debian stretch main
        #deb https://apt.dockerproject.org/repo debian-stretch main

2.  Install cockpit package
        #sudo apt-get update
        #sudo apt-get install cockpit

3. Manage SSL certificate for cockpit (by using existing SSL certifcates) 
        #cat /etc/cockpit/ws-certs.d/cockpit.base.cert > /etc/cockpit/ws-certs.d/0-self-signed.cert 
        #cat /etc/ssl/certs/web/mydomain.com/fullchain.pem >> /etc/cockpit/ws-certs.d/0-self-signed.cert 
        #systemctl reload cockpit

4.  Configure apache2 for SSL certificate and redirection
        Create a file /etc/apache2/sites-available/cockpit.conf and and put the entries given below

           <VirtualHost *:80>
           ServerName cockpit.mydomain.com
           Redirect permanent / https://cockpit.mydomain.com/
           </VirtualHost>

          <IfModule mod_ssl.c>
          <VirtualHost *:443>
           ServerName cockpit.mydomain.com
           SSLCertificateFile /etc/ssl/certs/web/mydomain.com/fullchain.pem
           SSLCertificateKeyFile /etc/ssl/certs/web/mydomain.com/privkey.pem
           Include /etc/letsencrypt/options-ssl-apache.conf
           ProxyPreserveHost On
           ProxyRequests Off

          # allow for upgrading to websockets
           RewriteEngine On
           RewriteCond %{HTTP:Upgrade} =websocket [NC]
           RewriteRule /(.*) ws://127.0.0.1:9090/$1 [P,L]
           RewriteCond %{HTTP:Upgrade} !=websocket [NC]
           RewriteRule /(.*) http://127.0.0.1:9090/$1 [P,L]

           # Proxy to your local cockpit instance
           ProxyPass / http://127.0.0.1:9090/
           ProxyPassReverse / http://127.0.0.1:9090/

           </VirtualHost>
           </IfModule>

 



5. Configure IPTables to drop requests on 9090 from world
        #iptables -A INPUT -p tcp -s 127.0.0.1 --dport 9090 -j ACCEPT
        #iptables -A INPUT -p tcp --dport 9090 -j DROP

 6. Enable Apache Configuration 
        #ln -s /etc/apache2/sites-available/cockpit.conf /etc/apache2/sites-enabled/cockpit.conf
        #systemctl reload apache2

          

Summary:
After this setup web terminal cockpit will be available only on https://cockpit.mydomain.com and https://cockpit.mydomain.com:9090 will not work                          

create swap partition using swapfile

  1. On the server there is 4GB memory and 4GB swap file on TEST server which is not enough.
  2. Now the existing swap partition is created in lvm and there is no scope to increase the size
    
    
  3. To overcome this problem create a swapfile using dd command with permission 0600
    
  4. Change the file permission to 0600
  5. Set the file as swap area
  6. Test by enabling the swap on swapfile
  7. Make this boot persistent by adding the entry in fstab
  8. Always run mount -a command to check if any error in fstab file
  9. Now disable swap on /swapfile which we have enabled manually and check swap partitions
    
    
  10. Now check boot persistence by swapon command 

Configure a simple chat server using ejabberd ( on Debian)

Hi, To create  a chat server without ldap and mysql for small organization follow the steps below ( same procedure will be for CentOS but you have to install ejabberd using yum) (Prerequisites : A DNS must be configured for server otherwise you will have to use IP instead of doamin name for configuration) Install the ejabberd package on server # apt-get install ejabberd

Check the service is running or not to register a admin user

Create admin user by typing below command #ejabberdctl register admin localhost passwordforadminuser

Edit /etc/ejabberd/ejabberd.yml file for admin user access and domain for which we are creating service

Edit default  entry like given below

Add host like given below Register admin user as admin for domain

Go to the browser and open the admin panel https://<your ip or domain >:5280/admin and login as user admin@localhost

Console will be like given below. click on Virtual Hosts

Select domain (in my case its  geekonline.in)  by clicking it.

Click on users to create / edit users

Add users like given below

Configure pidgin as below  

Mount Google Drive on Linux (Debian) Server

For mounting Google Drive on your server. you will require two things.
  1. A project created and configured with OAuth client id and scecret on Google
  2. google-drive-ocamlfuse installed and configured
Create Project

1. go  to  https://console.developers.google.com/apis/dashboard

and create new project



Click on create credentials



Select OAuth Client ID



Click on configure Consent Screen



Provide email address and product name



To Create Client ID select others and provide Name and click on create



It will give you OAuth Client ID and Secret. Please note it down and keep safe.



Installation of google-drive-ocamlfuse On debian 9
1. First install the required packages
apt-get install libcurl4-gnutls-dev libfuse-dev libgmp-dev libsqlite3-dev camlp4-extra debianutils libcurl4-gnutls-dev perl  m4 pkg-config zlib1g-dev

2. adduser <user> fuse ( adding user to group fuse usrmod also works)

3. Set the Permissions

#sudo chown root.fuse /dev/fuse
#sudo chmod 660 /dev/fuse

4. Install Google Drive Ocamlfuse

# su <user>
# opam init
# opam update
# opam install depext
# eval `opam config env`
# opam depext google-drive-ocamlfuse
# opam install google-drive-ocamlfuse
# . /home/<user>/.opam/opam-init/init.sh > /dev/null 2> /dev/null || true

#/home/<user>/.opam/system/bin/google-drive-ocamlfuse -headless -label googledrive -id <OAuth Client ID> -secret <OAuth Client Secret>

It will give you one url ask you to visit that url and get the code from the webpage and provide it



Open that url in browser and copy paste  the verification code to termianl

create mount point

# mkdir /mnt/Google-drive

#  /home/<user>/.opam/system/bin/google-drive-ocamlfuse -label googledrive /mnt/Google-drive/

Above command will enable that mount only for the user and not others not even root

To enable mount point for user root

edit file /etc/fuse.conf and uncomment below line

#user_allow_other

Then run below command ( In case of ubuntu  exclude sudo -u <user> and run command directly as root.)

#sudo -u <user> /home/<user>/.opam/system/bin/google-drive-ocamlfuse -o allow_root -label googledrive /Google-drive/ > /var/log/gdrive_mount.log 2>&1 &

Add below line (/etc/rc.local)

sudo -u  <user> /home/<user>/.opam/system/bin/google-drive-ocamlfuse -o allow_root -label googledrive /Google-drive/  2>$1  & 

Thus only user and root will be able to use mounted drive.

 

Country settings in AWStats



By implementing this setting in AWStats you can track the Geo location of visitor of your website.

Follow the procedure to implement the settings
#mkdir /usr/local/share/GeoIP
#cd /tmp wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
#gunzip GeoIP.dat.gz mv GeoIP.dat /usr/share/GeoIP
#wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz

or or or

#yum install mod_geoip
#yum install geoipdate
#yum install geoip-devel

Now Edit the file configuration file for your website in /etc/awstats  and  search below lines

#LoadPlugin="geoip_city_maxmind GEOIP_STANDARD /pathto/GeoIPCity.dat"
#LoadPlugin="geoip GEOIP_STANDARD /pathto/GeoIP.dat"

and change to

GeoIPCity.dat LoadPlugin="geoip GEOIP_STANDARD /usr/share/GeoIP/GeoIP.dat"
LoadPlugin="geoip_city_maxmind GEOIP_STANDARD /usr/share/GeoIP/"

It may give you error like below



















To Fix this error run below commands
#yum install perl-CPAN
#cpan YAML
#cpan Geo::IP::PurePerl Geo::IP
#ldconfig -v

  

How to setup AWStats for apache log analyzer (CentOS 6.8)

 awstats
 
1) Installation
 
 #yum install epel-release
 #yum install httpd
 #chkconfig httpd on
 #service httpd start
 #yum install awstats

2) Configuration

 a) Changes in log format in httpd.conf
 
 check the below entry for log format. if it does not exist then add it.    
 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    

 b) changes in virtualhosts 

 change your log configuration like below
 CustomLog logs/yourdomain.com-access_log combined
 
 c) configuring awstats.conf for apache 
 
 #vim /etc/httpd/conf.d/awstats.conf

  add below entries in <Directory "/usr/share/awstats/wwwroot">
  </Directory> container

  AuthUserFile "/path-to-file/.htpasswd"
  AuthName "Restriceted Access"
  AuthType Basic
  Require user "htuser"


 Then create password file by below command
 #htpasswd -c /path-to-file/.htpasswd htuser
 #chmod 404 /path-to-file/.htpasswd htuser

d) creating configuation file for awstat

 #cp /etc/awstats/awstats.localhost.localdomain.conf /etc/awstats/yourdomain.com.conf
 
 then edit the file /etc/awstats/yourdomain.com.conf

# vim /etc/awstats/yourdomain.com.conf and change the below entries according to domain

LogFile="/var/log/httpd/yourdomain.com-access_log"
SiteDomain="yourdomain.com"
HostAliases="yourdomain.com www.yourdomain.com"
( for multiple domains its better to create seperate files for each domain)

e) setting permissions 


now change permissions for the awstat folder

#find  /usr/share/awstats -type d -exec chmod 701 '{}' \;
#find /usr/share/awstats  -type f  -exec chmod 404 '{}' \;

#chmod +x  /usr/share/awstats/wwwroot/cgi-bin/awstats.pl
#chmod 400 /etc/awstats/*.conf


Once you make all the changes make sure to restart apache to get configuration changes into effect

#/etc/init.d/httpd stop
#/etc/init.d/httpd start

or #/etc/init.d/httpd restart

make necessary changes according to your domain in below url  to check the statistics
http://www.yourdomain.com/awstats/awstats.pl?config=yourdomain.com

Nagios ( over ssh )

Configuring Nagios ( My Os is Ubuntu )

Before configuring nagios server configure the server as mail server/relay server

A. INSTALLATION

1) Download Source in /usr/local/src/

#wget http://liquidtelecom.dl.sourceforge.net/project/nagios/nagios-4.x/nagios-4.2.3/nagios-4.2.3.tar.gz
#wget --no-check-certificate https://nagios-plugins.org/download/nagios-plugins-2.1.4.tar.gz

tar -zxvf nagios-plugins-2.1.4.tar.gz

2) Add user and group

#useradd nagios
#groupadd nagcmd
#usermod -a -G nagcmd nagios
#usermod -a -G nagios,nagcmd www-data
 (* for centos this will be #usermod -a -G nagios,nagcmd apache)

3) Configuring and compiling source code nagios core:

#tar -zxvf nagios-4.2.3.tar.gz
#tar -zxvf nagios-plugins-2.1.4.tar.gz

#cd nagios-4.2.3

Install essential packages

#apt-get install snmp
#apt-get install snmpd
#apt-get install mrtg

(*for centos 
# yum install net-snmp-5.3.2.2-22.el5_10.1
#yum install net-snmp-libs-5.3.2.2-22.el5_10.1)

#./configure --with-command-group=nagcmd --with-mail=/usr/bin/sendmail –with-httpd-conf=/etc/apache2/sites-available/

(* for centos this will be #./configure --with-command-group=nagcmd )

#make all
#make install
#make install-init
#make install-config
#make install-commandmode
#make install-webconf
#cp -R contrib/eventhandlers/ /usr/local/nagios/libexec/
#chown -R nagios:nagios /usr/local/nagios/libexec/eventhandlers
#/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

4) Configuring Apache

#sudo a2ensite nagios
#sudo a2enmod rewrite cgi ( enable mod rewrite in httpd for centos)
#service apache2 reload / restart

(* for centos it will be #/etc/init.d/httpd restart /reload)

#/etc/init.d/nagios start
#htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

5) Configuring and compiling source code nagios plugins

#cd ../nagios-plugins-2.1.4/
#./configure --with-nagios-user=nagios --with-nagios-group=nagios
#make
#make install
#sudo update-rc.d nagios defaults

(* for centos it will be 
#chkconfig --add nagios
#chkconfig --level 35 nagios on )

B. CONFIGURATION

On Client

#apt-get install libmysqlclient*-dev ( for check_mysql plugin its required )
(*For CentOS #yum install mysql51-mysql-libs.x86_64 )
#useradd nagios
#groupadd nagcmd
#usermod -a -G nagcmd nagios

#cd /usr/local/src
#wget --no-check-certificate https://nagios-plugins.org/download/nagios-plugins-2.1.4.tar.gz
#tar -zxvf nagios-plugins-2.1.4.tar.gz
#cd nagios-plugins-2.1.4
#./configure --with-nagios-user=nagios --with-nagios-group=nagios
#make
#make install

On Server

#su - nagios
#ssh-keygen

copy the content of the file id_rsa.pub to the file /home/nagios/.ssh/authorized_keys

#cd /usr/local/nagios/etc/objects

(write your own commands for remote servers which we are going to monitor via ssh agent. )

#vi remote-commands.cfg ( for example see my remote-commands.cfg at the end of the document.)

#cd /usr/local/nagios/etc

#vi nagios.cfg and add the below line

cfg_file=/usr/local/nagios/etc/objects/remote-eommands.cfg

#cd /usr/local/nagios/etc/objects

#vi hostgroups.cfg ( create your hostgroups. In localhost.cfg you can find how hostgrup is written. Sample files are at the end of the document )

cd /usr/local/nagios/etc

#vi nagios.cfg and add the below line

cfg_file=/usr/local/nagios/etc/objects/hostgroups.cfg

mkdir /usr/local/nagios/etc/objects/{Linux-Workstations,Windows-Workstations,Laptops,DRBL-Workstations,Local-Servers,Remote-Servers)

cd /usr/local/nagios/etc

#vi nagios.cfg and add the below lines

cfg_dir=/usr/local/nagios/etc/objects/Local-Servers

cfg_dir=/usr/local/nagios/etc/objects/Linux-Workstations

cfg_dir=/usr/local/nagios/etc/objects/Windows-Workstations

cfg_dir=/usr/local/nagios/etc/objects/Laptops

cfg_dir=/usr/local/nagios/etc/objects/Remote-Servers

copy the localhost.cfg to /usr/local/nagios/etc/objects/Linux-Workstations/<system-to-monitor-ip>.cfg ( for example I have 192.168.100.199 ip so i copied file as 192.168.100.199.cfg)

vim 192.168.100.199.cfg
 remove all hostgroup entries and make the changes accordingly




For remote system monitoring write the file /usr/local/nagios/etc/objects/remote-commands.cfg like below

define command{
 command_name check_remote_disk
 # command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_disk -w $ARG1$ -c $ARG2$ -e'
 command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_disk -w $ARG2$ -c $ARG3$ -A -I "/run/*" -I "/sys/*" -I "/dev/shm" -I "/dev" -I "/lib/*" -I "/var/lock" -I "/Thecus/*"'
 }

define command{
 command_name check_remote_load
 command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_load -w $ARG2$ -c $ARG3$'
 }

define command{
 command_name check_remote_swap
 command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_swap -w $ARG2$ -c $ARG3$'
 }

define command{
 command_name check_remote_users
 command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_users -w $ARG2$ -c $ARG3$'
 }

define command{
 command_name check_remote_procs
 command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_procs -w $ARG2$ -c $ARG3$'
 }

define command{
 command_name check_remote_ssh
 command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_ssh -H $HOSTADDRESS$ $ARG1$'
 }

#define command{
 # command_name check_remote_mysql
 # command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_mysql -H $HOSTADDRESS$ $ARG1$'
 #}

define command{
 command_name check_remote_pgsql
 command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_pgsql -H $HOSTADDRESS$ -l $ARG2$ -p $ARG3$'
 }

define command{
 command_name check_remote_http
 command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_http -H $HOSTADDRESS$'
 }

define command{
 command_name check_remote_ldap
 command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_ldap -H $HOSTADDRESS$ $ARG1'
 }

define command{
 command_name show_remote_users
 command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/show_users'
 }

define command{
 command_name check_remote_mysql
 command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_mysql -u $ARG2$ -p $ARG3$'
 }

define command{
 command_name check_remote_asterisk
 command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_asterisk'
 }

define command{
 command_name check_remote_ping
 command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5'
 }

define command{ command_name show_logged_users command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $ARG2$ -C '/usr/local/nagios/libexec/logged_users' }

For host write files like given (sample configuration geekonline.cfg )

define host{
 use                     remote-linux-server            ; Name of host template to use
 ; This host definition will inherit all variables that are defined
 ; in (or inherited by) the linux-server host template definition.
 host_name               GEEKHOST
 alias                   GeekHost
 address                 23.250.32.8
 }

define service{
 use                             local-service         ; Name of service template to use
 host_name                       GEEKHOST
 service_description             PING
 check_command            check_remote_ping!22!100.0,20%!500.0,60%
 }

define service{
 use                             local-service         ; Name of service template to use
 host_name                       GEEKHOST
 service_description             Partitions
 check_command            check_remote_disk!22!20%!10%!/
 }

define service{
 use                             local-service         ; Name of service template to use
 host_name                       GEEKHOST
 service_description             Current Users
 check_command            check_remote_users!22!20!50
 }

define service{
 use                             local-service         ; Name of service template to use
 host_name                       GEEKHOST
 service_description             Total Processes
 check_command            check_remote_procs!22!250!400!RSZDT
 }

define service{
 use                             local-service         ; Name of service template to use
 host_name                       GEEKHOST
 service_description             Current Load
 check_command            check_remote_load!22!5.0,4.0,3.0!10.0,6.0,4.0
 }

define service{
 use                             local-service         ; Name of service template to use
 host_name                       GEEKHOST
 service_description             Swap Usage
 check_command            check_remote_swap!22!20!10
 }

define service{
 use                             local-service         ; Name of service template to use
 host_name                       GEEKHOST
 service_description             SSH
 check_command            check_ssh
 notifications_enabled        0
 }

define service{
 use                             local-service         ; Name of service template to use
 host_name                       GEEKHOST
 service_description             Logged in Users
 check_command                   show_remote_users!22!
 notifications_enabled           0
 }

define service{
 use                             local-service         ; Name of service template to use
 host_name                       GEEKHOST
 service_description             MYSQL
 check_command                   check_remote_mysql!22!root!<rootPassword>
 notifications_enabled           0
 }p

#/etc/init.d/nagios/restart

Open Nagions in browser
http://<ip>/nagios

Ethernet Bonding ( Centos 6.8 )

Step 1 :

Create the file /etc/sysconfig/network-scripts/ifcfg-bond0 and specify the ip address,netmask & gateway

# vi /etc/sysconfig/network-scripts/ifcfg-bond0
 DEVICE=bond0
 IPADDR=192.168.100.10
 NETMASK=255.255.255.0
 GATEWAY=192.168.100.1
 TYPE=Bond
 ONBOOT=yes
 NM_CONTROLLED=no
 BOOTPROTO=static

Step:2 

Edit the files of eth0 & eth1 and make sure you enter the master and slave entry, as shown below
 # vi /etc/sysconfig/network-scripts/ifcfg-eth0
 DEVICE=eth0
 HWADDR=90:2b:34:7b:df:a4
 TYPE=Ethernet
 ONBOOT=yes
 NM_CONTROLLED=no
 MASTER=bond0
 SLAVE=yes

# vi /etc/sysconfig/network-scripts/ifcfg-eth1
 DEVICE=eth1
 TYPE=Ethernet
 HWADDR=e2:5b:f0:60:ba:d8
 ONBOOT=yes
 NM_CONTROLLED=no
 MASTER=bond0
 SLAVE=yes

 Step:3 

Create the Bond file(bonding.conf)
 # vi /etc/modprobe.d/bonding.conf ( for old versions use modprobe.conf )
 alias bond0 bonding
 options bond0 mode=1 miimon=100  <--- This can be defined in  ifcfg-bond0  the line will be BONDING_OPTS="mode=1 miimon=100"
change above line to
options bond0 mode=1 miimon=100 fail_over_mac=1  if you are configuring bonding under vmware workstation.



Step:4 

service network restart

Important Things to know

A ) Different Modes used in bonding
 balance-rr or 0 -- round-robin mode for fault tolerance and load balancing.
 active-backup or 1 -- Sets active-backup mode for fault tolerance.
 balance-xor or 2 -- Sets an XOR (exclusive-or) mode for fault tolerance and load balancing.
 broadcast or 3 -- Sets a broadcast mode for fault tolerance. All transmissions are sent on all slave interfaces.
 802.3ad or 4 -- Sets an IEEE 802.3ad dynamic link aggregation mode. Creates aggregation groups that share the same speed & duplex settings.
 balance-tlb or 5 -- Sets a Transmit Load Balancing (TLB) mode for fault tolerance & load balancing.
 balance-alb or 6 -- Sets an Active Load Balancing (ALB) mode for fault tolerance & load balancing.




B ) Commands

To check the bonding status

watch -n .1 cat /proc/net/bonding/bond0   

or

cat /proc/net/bonding/bond0


To Change active interface in bondig 1 ) remove active interface from bonding by command  echo -eth0 > /sys/class/net/bond0/bonding/slaves this will make the other slave active then add it again into the bonding. by running command echo +eth0 > /sys/class/net/bond0/bonding/slaves or use inenslave to change the active slave in bond To make eth0 active use below command ifenslave -c bond0 eth0 eth1