-
On the server there is 4GB memory and 4GB swap file on TEST server which is not enough.
-
Now the existing swap partition is created in lvm and there is no scope to increase the size
-
To overcome this problem create a swapfile using dd command with permission 0600
-
Change the file permission to 0600
-
Set the file as swap area
-
Test by enabling the swap on swapfile
-
Make this boot persistent by adding the entry in fstab
-
Always run mount -a command to check if any error in fstab file
-
Now disable swap on /swapfile which we have enabled manually and check swap partitions
-
Now check boot persistence by swapon command
Server Configurations
Server Confiugrations from scratch.
ssh jailing with all commands
Steps for ssh jailing
-
Create a user for jailing environment and set password if user doesn't exist. #useradd -m testuser #passwd testuser -
Create a Directory Structure for Secure environment. ( In our case we are creating secure environment in /home directory. You can change it according to requirement) #cd /home #mkdir -p secure/home #cd /home/secure/home #mkdir testuser #chown testuser:testuser testuser -
Enable commands for the user in chrooted environment. #cp -pr /bin /home/secure/ #cp -fr /lib /home/secure/ #cp -fr /lib64 /home/secure/ #mkdir /home/secure/usr #cp -pr /usr/lib /home/secure/usr/ #cp -pr /usr/bin /home/secure/usr/ #mkdir -p /home/secure/etc/ #cp -p /etc/environment /home/secure/etc/ -
Configuration for jailing. Edit the file sshd_config #vi /etc/ssh/sshd_config #SSH JAILING Match User testuser chrootdirectory /home/secure #ForceCommand internal-sftp (If you uncomment this line it will restrict ssh connection and only sftp connections will be allowed ) -
# service sshd reload -
After logging in from another server /home/secure will become your / partition over ssh connection.
#ssh testuser@<ip>
Chroot Configuration for Group:
-
Suppose there are multiple users which needs to be restricted using chroot. Then create a group chroot and add users to the group #groupadd chroot #usermod -aG chroot testuser -
change sshd config like given below #SSH JAILING Match Group chroot chrootdirectory /home/secure #ForceCommand internal-sftp (If you uncomment this line it will restrict ssh connection and only sftp connections will be allowed ) # service sshd reload
-
# service sshd reload
Things to remember:
-
The chroot directory should alway have root ownership and permission 755 otherwise you will get below error packet_write_wait: Connection to x.x.x.x port 22: Broken pipe -
Don't forget to copy /etc/environment otherwise you will get below error while changing shell to bash bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
Configure a simple chat server using ejabberd ( on Debian)
Hi, To create a chat server without ldap and mysql for small organization follow the steps below ( same procedure will be for CentOS but you have to install ejabberd using yum) (Prerequisites : A DNS must be configured for server otherwise you will have to use IP instead of doamin name for configuration) Install the ejabberd package on server # apt-get install ejabberd
Check the service is running or not to register a admin user
Create admin user by typing below command #ejabberdctl register admin localhost passwordforadminuser
Edit /etc/ejabberd/ejabberd.yml file for admin user access and domain for which we are creating service
Edit default entry like given below
Add host like given below
Register admin user as admin for domain
Go to the browser and open the admin panel https://<your ip or domain >:5280/admin and login as user admin@localhost
Console will be like given below. click on Virtual Hosts
Select domain (in my case its geekonline.in) by clicking it.
Click on users to create / edit users
Add users like given below
Configure pidgin as below
Nagios ( over ssh )
Configuring Nagios ( My Os is Ubuntu )
Before configuring nagios server configure the server as mail server/relay server
A. INSTALLATION
1) Download Source in /usr/local/src/
#wget http://liquidtelecom.dl.sourceforge.net/project/nagios/nagios-4.x/nagios-4.2.3/nagios-4.2.3.tar.gz
#wget --no-check-certificate https://nagios-plugins.org/download/nagios-plugins-2.1.4.tar.gz
tar -zxvf nagios-plugins-2.1.4.tar.gz
2) Add user and group
#useradd nagios
#groupadd nagcmd
#usermod -a -G nagcmd nagios
#usermod -a -G nagios,nagcmd www-data
(* for centos this will be #usermod -a -G nagios,nagcmd apache)
3) Configuring and compiling source code nagios core:
#tar -zxvf nagios-4.2.3.tar.gz
#tar -zxvf nagios-plugins-2.1.4.tar.gz
#cd nagios-4.2.3
Install essential packages
#apt-get install snmp
#apt-get install snmpd
#apt-get install mrtg
(*for centos
# yum install net-snmp-5.3.2.2-22.el5_10.1
#yum install net-snmp-libs-5.3.2.2-22.el5_10.1)
#./configure --with-command-group=nagcmd --with-mail=/usr/bin/sendmail –with-httpd-conf=/etc/apache2/sites-available/
(* for centos this will be #./configure --with-command-group=nagcmd )
#make all
#make install
#make install-init
#make install-config
#make install-commandmode
#make install-webconf
#cp -R contrib/eventhandlers/ /usr/local/nagios/libexec/
#chown -R nagios:nagios /usr/local/nagios/libexec/eventhandlers
#/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
4) Configuring Apache
#sudo a2ensite nagios
#sudo a2enmod rewrite cgi ( enable mod rewrite in httpd for centos)
#service apache2 reload / restart
(* for centos it will be #/etc/init.d/httpd restart /reload)
#/etc/init.d/nagios start
#htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
5) Configuring and compiling source code nagios plugins
#cd ../nagios-plugins-2.1.4/
#./configure --with-nagios-user=nagios --with-nagios-group=nagios
#make
#make install
#sudo update-rc.d nagios defaults
(* for centos it will be
#chkconfig --add nagios
#chkconfig --level 35 nagios on )
B. CONFIGURATION
On Client
#apt-get install libmysqlclient*-dev ( for check_mysql plugin its required )
(*For CentOS #yum install mysql51-mysql-libs.x86_64 )
#useradd nagios
#groupadd nagcmd
#usermod -a -G nagcmd nagios
#cd /usr/local/src
#wget --no-check-certificate https://nagios-plugins.org/download/nagios-plugins-2.1.4.tar.gz
#tar -zxvf nagios-plugins-2.1.4.tar.gz
#cd nagios-plugins-2.1.4
#./configure --with-nagios-user=nagios --with-nagios-group=nagios
#make
#make install
On Server
#su - nagios
#ssh-keygen
copy the content of the file id_rsa.pub to the file /home/nagios/.ssh/authorized_keys
#cd /usr/local/nagios/etc/objects
(write your own commands for remote servers which we are going to monitor via ssh agent. )
#vi remote-commands.cfg ( for example see my remote-commands.cfg at the end of the document.)
#cd /usr/local/nagios/etc
#vi nagios.cfg and add the below line
cfg_file=/usr/local/nagios/etc/objects/remote-eommands.cfg
#cd /usr/local/nagios/etc/objects
#vi hostgroups.cfg ( create your hostgroups. In localhost.cfg you can find how hostgrup is written. Sample files are at the end of the document )
cd /usr/local/nagios/etc
#vi nagios.cfg and add the below line
cfg_file=/usr/local/nagios/etc/objects/hostgroups.cfg
mkdir /usr/local/nagios/etc/objects/{Linux-Workstations,Windows-Workstations,Laptops,DRBL-Workstations,Local-Servers,Remote-Servers)
cd /usr/local/nagios/etc
#vi nagios.cfg and add the below lines
cfg_dir=/usr/local/nagios/etc/objects/Local-Servers
cfg_dir=/usr/local/nagios/etc/objects/Linux-Workstations
cfg_dir=/usr/local/nagios/etc/objects/Windows-Workstations
cfg_dir=/usr/local/nagios/etc/objects/Laptops
cfg_dir=/usr/local/nagios/etc/objects/Remote-Servers
copy the localhost.cfg to /usr/local/nagios/etc/objects/Linux-Workstations/<system-to-monitor-ip>.cfg ( for example I have 192.168.100.199 ip so i copied file as 192.168.100.199.cfg)
vim 192.168.100.199.cfg
remove all hostgroup entries and make the changes accordingly
For remote system monitoring write the file /usr/local/nagios/etc/objects/remote-commands.cfg like below
define command{
command_name check_remote_disk
# command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_disk -w $ARG1$ -c $ARG2$ -e'
command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_disk -w $ARG2$ -c $ARG3$ -A -I "/run/*" -I "/sys/*" -I "/dev/shm" -I "/dev" -I "/lib/*" -I "/var/lock" -I "/Thecus/*"'
}
define command{
command_name check_remote_load
command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_load -w $ARG2$ -c $ARG3$'
}
define command{
command_name check_remote_swap
command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_swap -w $ARG2$ -c $ARG3$'
}
define command{
command_name check_remote_users
command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_users -w $ARG2$ -c $ARG3$'
}
define command{
command_name check_remote_procs
command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_procs -w $ARG2$ -c $ARG3$'
}
define command{
command_name check_remote_ssh
command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_ssh -H $HOSTADDRESS$ $ARG1$'
}
#define command{
# command_name check_remote_mysql
# command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_mysql -H $HOSTADDRESS$ $ARG1$'
#}
define command{
command_name check_remote_pgsql
command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_pgsql -H $HOSTADDRESS$ -l $ARG2$ -p $ARG3$'
}
define command{
command_name check_remote_http
command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_http -H $HOSTADDRESS$'
}
define command{
command_name check_remote_ldap
command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_ldap -H $HOSTADDRESS$ $ARG1'
}
define command{
command_name show_remote_users
command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/show_users'
}
define command{
command_name check_remote_mysql
command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_mysql -u $ARG2$ -p $ARG3$'
}
define command{
command_name check_remote_asterisk
command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_asterisk'
}
define command{
command_name check_remote_ping
command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5'
}
define command{ command_name show_logged_users command_line /usr/local/nagios/libexec/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -H $ARG2$ -C '/usr/local/nagios/libexec/logged_users' }
For host write files like given (sample configuration geekonline.cfg )
define host{
use remote-linux-server ; Name of host template to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name GEEKHOST
alias GeekHost
address 23.250.32.8
}
define service{
use local-service ; Name of service template to use
host_name GEEKHOST
service_description PING
check_command check_remote_ping!22!100.0,20%!500.0,60%
}
define service{
use local-service ; Name of service template to use
host_name GEEKHOST
service_description Partitions
check_command check_remote_disk!22!20%!10%!/
}
define service{
use local-service ; Name of service template to use
host_name GEEKHOST
service_description Current Users
check_command check_remote_users!22!20!50
}
define service{
use local-service ; Name of service template to use
host_name GEEKHOST
service_description Total Processes
check_command check_remote_procs!22!250!400!RSZDT
}
define service{
use local-service ; Name of service template to use
host_name GEEKHOST
service_description Current Load
check_command check_remote_load!22!5.0,4.0,3.0!10.0,6.0,4.0
}
define service{
use local-service ; Name of service template to use
host_name GEEKHOST
service_description Swap Usage
check_command check_remote_swap!22!20!10
}
define service{
use local-service ; Name of service template to use
host_name GEEKHOST
service_description SSH
check_command check_ssh
notifications_enabled 0
}
define service{
use local-service ; Name of service template to use
host_name GEEKHOST
service_description Logged in Users
check_command show_remote_users!22!
notifications_enabled 0
}
define service{
use local-service ; Name of service template to use
host_name GEEKHOST
service_description MYSQL
check_command check_remote_mysql!22!root!<rootPassword>
notifications_enabled 0
}p
#/etc/init.d/nagios/restart
Open Nagions in browser
http://<ip>/nagios