Gk's Blog
Thursday, September 19, 2013
Enable SNMP for Solaris 10 and Solaris 11
- Solaris 10
Edit community string, acl on config file:
/etc/sma/snmp/snmpd.conf
By default SNMP service is installed and enabled on Solaris 10 with service name: sma
After change config file you need to restart sma service for changes take effect.
# svcadm restart sma
MIB located in: /etc/sma/snmp/mibs/
============================================================
- Solaris 11
Edit community string, acl on config file:
/etc/net-snmp/snmp/snmpd.conf
By default SNMP service is installed and disabled on Solaris 10 with service name: net-snmp
so we need to enable it:
# svcadm enable net-snmp
MIB located in: /etc/net-snmp/snmp/mibs/
You can test using snmpwalk
# snmpwalk -v2c -cpublic IP_ADDRESS
- Solaris 10
Edit community string, acl on config file:
/etc/sma/snmp/snmpd.conf
By default SNMP service is installed and enabled on Solaris 10 with service name: sma
After change config file you need to restart sma service for changes take effect.
# svcadm restart sma
MIB located in: /etc/sma/snmp/mibs/
============================================================
- Solaris 11
Edit community string, acl on config file:
/etc/net-snmp/snmp/snmpd.conf
By default SNMP service is installed and disabled on Solaris 10 with service name: net-snmp
so we need to enable it:
# svcadm enable net-snmp
MIB located in: /etc/net-snmp/snmp/mibs/
You can test using snmpwalk
# snmpwalk -v2c -cpublic IP_ADDRESS
Labels: sma, snmp, snmpd.conf net-snmp, solaris
¶ 5:55 PM 1 Comments
Wednesday, June 01, 2011
Routing and Remote Access - Limit one connection to the VPN server for specific user
Just Super short note.
I'm using RRAS on windows server 2003 for VPN. I want to limit one connection (one session login to server) for some user. After google I got something very helpful from RRAS blog about creating and adding custom DLL for RRAS (I will list it later). Add some line of code and here we are:
Source (solution file for VS2005):
http://www.mediafire.com/?v0ryq4z5kmf38ur
Dll file (compiled on x86, .NET 2.0):
http://www.mediafire.com/?h7e0ii4bqac3s7v
Please install Microsoft Visual C++ 2005 SP1 Redistributable Package first to use this DLL
http://www.microsoft.com/
Add DLL using this guide:
http://msdn.microsoft.com/en-us/library/aa377858%28VS.85%29.aspx
You need an file named: userlist.txt on c:\windows\system32 folder store username which you want to limit, one per line.
If you want to know what is it, how does it work read these links:
http://blogs.technet.com/b/rrasblog/archive/2008/07/17/limit-one-connection-to-the-vpn-server-per-user.aspx
http://blogs.technet.com/b/rrasblog/archive/2007/12/20/steps-to-develop-a-ras-administration-dll-using-visual-studio.aspx
http://blogs.technet.com/b/rrasblog/archive/2007/12/16/ras-administration-dll-your-customized-solution-to-manage-the-server.aspx
Hope this helps.
I'm using RRAS on windows server 2003 for VPN. I want to limit one connection (one session login to server) for some user. After google I got something very helpful from RRAS blog about creating and adding custom DLL for RRAS (I will list it later). Add some line of code and here we are:
Source (solution file for VS2005):
http://www.mediafire.com/?v0ryq4z5kmf38ur
Dll file (compiled on x86, .NET 2.0):
http://www.mediafire.com/?h7e0ii4bqac3s7v
Please install Microsoft Visual C++ 2005 SP1 Redistributable Package first to use this DLL
http://www.microsoft.com/
Add DLL using this guide:
http://msdn.microsoft.com/en-us/library/aa377858%28VS.85%29.aspx
You need an file named: userlist.txt on c:\windows\system32 folder store username which you want to limit, one per line.
If you want to know what is it, how does it work read these links:
http://blogs.technet.com/b/rrasblog/archive/2008/07/17/limit-one-connection-to-the-vpn-server-per-user.aspx
http://blogs.technet.com/b/rrasblog/archive/2007/12/20/steps-to-develop-a-ras-administration-dll-using-visual-studio.aspx
http://blogs.technet.com/b/rrasblog/archive/2007/12/16/ras-administration-dll-your-customized-solution-to-manage-the-server.aspx
Hope this helps.
Labels: RRAS RAS VPN Windows 2003
¶ 4:01 PM 6 Comments
Tuesday, September 28, 2010
Install net-snmp5.5 and python module on CentOS5 note
Install needed packages:
yum install python-devel
yum groupinstall "Development Tools"
ln -s /usr/lib/libnetsnmp.so.10 /usr/lib/libnetsnmp.so.20
wget http://pypi.python.org/packages/2.4/s/setuptools/setuptools-0.6c11-py2.4.egg#md5=bd639f9b0eac4c42497034dec2ec0c2b
sh setuptools-0.6c11-py2.4.egg
Install net-snmp:
wget http://downloads.sourceforge.net/project/net-snmp/net-snmp/5.5/net-snmp-5.5.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fnet-snmp%2Ffiles%2Fnet-snmp%2F5.5%2F&ts=1285562293&use_mirror=nchc
tar -vzxf net-snmp-5.5.tar.gz
cd net-snmp-5.5
./configure
make
make install
Install python module:
cd python/
python setup.py build
python setup.py install ¶ 5:16 PM 0 Comments
yum install python-devel
yum groupinstall "Development Tools"
ln -s /usr/lib/libnetsnmp.so.10 /usr/lib/libnetsnmp.so.20
wget http://pypi.python.org/packages/2.4/s/setuptools/setuptools-0.6c11-py2.4.egg#md5=bd639f9b0eac4c42497034dec2ec0c2b
sh setuptools-0.6c11-py2.4.egg
Install net-snmp:
wget http://downloads.sourceforge.net/project/net-snmp/net-snmp/5.5/net-snmp-5.5.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fnet-snmp%2Ffiles%2Fnet-snmp%2F5.5%2F&ts=1285562293&use_mirror=nchc
tar -vzxf net-snmp-5.5.tar.gz
cd net-snmp-5.5
./configure
make
make install
Install python module:
cd python/
python setup.py build
python setup.py install ¶ 5:16 PM 0 Comments
Friday, August 13, 2010
Install Opsview slave note
http://docs.opsview.org/doku.php?id=opsview-community:slavesetup
Step 6.
./check_reqs
Before:
libexpat not installed
libldap2-2.4 not installed
mysql server not installed
unzip not installed
After:
yum install rsync openldap-devel mysql-server unzip
ln -s /lib/libexpat.so.0 /usr/lib/libexpat.so
[nagios@Opsview-Slave ~]$ . ./profile
[nagios@Opsview-Slave ~]$ ./check_reqs
All requisites satisfied
Before running send2slaves script:
On slave:
visudo
and comment line: Defaults requiretty:
#Defaults requiretty
¶ 3:16 PM 0 Comments
Step 6.
./check_reqs
Before:
libexpat not installed
libldap2-2.4 not installed
mysql server not installed
unzip not installed
After:
yum install rsync openldap-devel mysql-server unzip
ln -s /lib/libexpat.so.0 /usr/lib/libexpat.so
[nagios@Opsview-Slave ~]$ . ./profile
[nagios@Opsview-Slave ~]$ ./check_reqs
All requisites satisfied
Before running send2slaves script:
On slave:
visudo
and comment line: Defaults requiretty:
#Defaults requiretty
¶ 3:16 PM 0 Comments
Tuesday, January 05, 2010
Install SnortCenter2 on Ubuntu 9.10 (quick note)
Install guide for snortcenter is here: http://users.telenet.be/larc/documentation/chap1.html
Snortcenter2: http://sourceforge.net/projects/snortcenter2/
Install webserver, php, mysql, curl and perl:
apt-get install apache2 mysql-server php5 php5-mysql perl curl
Create snort DB:
echo "CREATE DATABASE snort;" | mysql -u root -p
Install snort:
apt-get install snort-mysql
cd /usr/share/doc/snort-mysql/
zcat create_mysql.gz | mysql -uroot -p1 snort
Install snortcenter
Download snortcenter2:
wget http://downloads.sourceforge.net/project/snortcenter2/SnortCenter%20Console/SnortCenter%20Console%202.x%203_31_05/snortcenter-console-3-31-05.tar.gz?use_mirror=nchc
tar -vzxf snortcenter-console-3-31-05.tar.gz
mv snortcenter-release/ /var/www/snortcenter
Get adodb lib, place it where snortcenter can include it:
wget http://downloads.sourceforge.net/project/adodb/adodb-php5-only/adodb-510-for-php5/adodb510.tgz?use_mirror=nchc
tar -vzxf adodb510.tgz
mv adodb5 /var/www/snortcenter/adodb
Create snortcenter DB:
echo "CREATE DATABASE snortcenter;" | mysql -u root -p
Edit snortcenter config file:
vi /var/www/snortcenter/config.php
$DBlib_path = "/var/www/snortcenter/adodb/"; //use absolute path to get rid of an unknown error
//edit mysql conn
Edit database.php file to fix some bug
vi /var/www/snortcenter/database.php
Go to line 294 change "CREATE TABLE schema" to "CREATE TABLE `schema`"
Go to line 304 change "INSERT INTO schema" to "INSERT INTO `schema`"
Open URL: http://server/snortcenter/setup.php and get thing done.
Install snortcenter agent:
wget http://downloads.sourceforge.net/project/snortcenter2/SnortCenter%20Agent/Linux%20Agent/snortcenter-agent-v2.x.linux.tar.gz?use_mirror=nchc
tar -vxzf snortcenter-agent-v2.x.linux.tar.gz
cd sensor/
./setup.sh
conf/start
Go to snortcenter web to add sensor and Push to sensor Ur snort conf (Admin->Import/Update Rules->Copy and paste):
Snortcenter2: http://sourceforge.net/projects/snortcenter2/
Install webserver, php, mysql, curl and perl:
apt-get install apache2 mysql-server php5 php5-mysql perl curl
Create snort DB:
echo "CREATE DATABASE snort;" | mysql -u root -p
Install snort:
apt-get install snort-mysql
cd /usr/share/doc/snort-mysql/
zcat create_mysql.gz | mysql -uroot -p1 snort
Install snortcenter
Download snortcenter2:
wget http://downloads.sourceforge.net/project/snortcenter2/SnortCenter%20Console/SnortCenter%20Console%202.x%203_31_05/snortcenter-console-3-31-05.tar.gz?use_mirror=nchc
tar -vzxf snortcenter-console-3-31-05.tar.gz
mv snortcenter-release/ /var/www/snortcenter
Get adodb lib, place it where snortcenter can include it:
wget http://downloads.sourceforge.net/project/adodb/adodb-php5-only/adodb-510-for-php5/adodb510.tgz?use_mirror=nchc
tar -vzxf adodb510.tgz
mv adodb5 /var/www/snortcenter/adodb
Create snortcenter DB:
echo "CREATE DATABASE snortcenter;" | mysql -u root -p
Edit snortcenter config file:
vi /var/www/snortcenter/config.php
$DBlib_path = "/var/www/snortcenter/adodb/"; //use absolute path to get rid of an unknown error
//edit mysql conn
$DBtype = "mysql";
$DB_dbname = "snortcenter";
$DB_dbname = "snortcenter";
$DB_host = "localhost";
$DB_user = "root";
$DB_password = "1";
$DB_port = "";
Edit database.php file to fix some bug
vi /var/www/snortcenter/database.php
Go to line 294 change "CREATE TABLE schema" to "CREATE TABLE `schema`"
Go to line 304 change "INSERT INTO schema" to "INSERT INTO `schema`"
Open URL: http://server/snortcenter/setup.php and get thing done.
Install snortcenter agent:
wget http://downloads.sourceforge.net/project/snortcenter2/SnortCenter%20Agent/Linux%20Agent/snortcenter-agent-v2.x.linux.tar.gz?use_mirror=nchc
tar -vxzf snortcenter-agent-v2.x.linux.tar.gz
cd sensor/
./setup.sh
conf/start
Go to snortcenter web to add sensor and Push to sensor Ur snort conf (Admin->Import/Update Rules->Copy and paste):
var AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]¶ 5:17 PM 7 Comments
var HOME_NET 192.168.37.0/24
var RULE_PATH /etc/snort/rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules
var TELNET_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var HTTP_SERVERS $HOME_NET
var SMTP_SERVERS $HOME_NET
var DNS_SERVERS $HOME_NET
var EXTERNAL_NET !$HOME_NET
var SNMP_SERVERS $HOME_NET
# Next variable automatic added by SnortCenter, used in some rule(s).
var HTTP_PORTS any
#
preprocessor stream5_global: max_tcp 8192, track_tcp yes, track_udp no
preprocessor stream5_tcp: policy first, use_static_footprint_sizes
#
output log_tcpdump: tcpdump.log
#
#
#
config reference: bugtraq http://www.securityfocus.com/bid/
config reference: cve http://cve.mitre.org/cgi-bin/cvename.cgi?name=
config reference: arachNIDS http://www.whitehats.com/info/IDS
config reference: McAfee http://vil.nai.com/vil/content/v_
config reference: nessus http://cgi.nessus.org/plugins/dump.php3?id=
config reference: url http://
#
#
#-------------------------------------------------------------------------------
# $Id: classification.config, Tuesday 05th 2010f January 2010 05:05:23 PM
#-------------------------------------------------------------------------------
config classification: not-suspicious,Not Suspicious Traffic,3
config classification: unknown,Unknown Traffic,3
config classification: bad-unknown,Potentially Bad Traffic, 2
config classification: attempted-recon,Attempted Information Leak,2
config classification: successful-recon-limited,Information Leak,2
config classification: successful-recon-largescale,Large Scale Information Leak,2
config classification: attempted-dos,Attempted Denial of Service,2
config classification: successful-dos,Denial of Service,2
config classification: attempted-user,Attempted User Privilege Gain,1
config classification: unsuccessful-user,Unsuccessful User Privilege Gain,1
config classification: successful-user,Successful User Privilege Gain,1
config classification: attempted-admin,Attempted Administrator Privilege Gain,1
config classification: successful-admin,Successful Administrator Privilege Gain,1
config classification: rpc-portmap-decode,Decode of an RPC Query,2
config classification: shellcode-detect,Executable code was detected,1
config classification: string-detect,A suspicious string was detected,3
config classification: suspicious-filename-detect,A suspicious filename was detected,2
config classification: suspicious-login,An attempted login using a suspicious username was detected,2
config classification: system-call-detect,A system call was detected,2
config classification: tcp-connection,A TCP connection was detected,4
config classification: trojan-activity,A Network Trojan was detected, 1
config classification: unusual-client-port-connection,A client was using an unusual port,2
config classification: network-scan,Detection of a Network Scan,3
config classification: denial-of-service,Detection of a Denial of Service Attack,2
config classification: non-standard-protocol,Detection of a non-standard protocol or event,2
config classification: protocol-command-decode,Generic Protocol Command Decode,3
config classification: web-application-activity,access to a potentially vulnerable web application,2
config classification: web-application-attack,Web Application Attack,1
config classification: misc-activity,Misc activity,3
config classification: misc-attack,Misc Attack,2
config classification: icmp-event,Generic ICMP event,3
config classification: kickass-porn,SCORE! Get the lotion!,1
config classification: policy-violation,Potential Corporate Privacy Violation,1
config classification: default-login-attempt,Attempt to login by a default username and password,2
#
#
#-------------------------------------------------------------------------------
# $Id: Unknown-Catagory.rules, Tuesday 05th 2010f January 2010 05:05:23 PM
#-------------------------------------------------------------------------------
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any ( sid: 1837; rev: 2; msg: "PORN alt.binaries.pictures.tinygirls"; flow: to_client,established; content: "alt.binaries.pictures.tinygirls"; nocase; classtype: kickass-porn;)
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( sid: 1292; rev: 9; msg: "ATTACK-RESPONSES directory listing"; flow: established; content: "test"; classtype: bad-unknown;)
alert tcp any any -> any any ( sid: 10293; rev: 10; msg: "testkaka_is_coming"; content: "testkaka";)
Friday, November 13, 2009
Cài đặt NS2 trên Ubuntu 9.10 - Karmic Koala
Hướng dẫn này sử dụng Ubuntu Desktop 9.10. NS2 dùng bộ cài đặt ns2 allinone phiên bản 2.34. Hầu hết hướng dẫn có thể dùng với phiên bản khác.
Cài đặt Ubuntu trên VMWare với easy installation của VMWare cho Ubuntu (gần tương đương với cài đặt mặc định của bản Desktop)
+Cài đặt NS2
-Download NS2: mở Terminal gõ lệnh:
-Cài đặt thư viện, trình biên dịch
Sửa bằng cách edit file otcl-1.13/configure trong thư mục ns-allinone-2.34
Sửa file ~/.bashrc:
Cách1:
thêm vào cuối file đoạn (*chú ý đổi đường dẫn chính xác: username thành tên user bạn đang dùng, có thể dùng lệnh whoami để lấy, đổi tên thư mục cho chính xác với phiên bản đang dùng)
Cách 2:
Download file script genPATH (nội dung file xem ở cuối bài)
Chạy lệnh
Chạy thử bằng cách gõ lệnh
+Cài đặt gnuplot và xgraph:
------------------------------------------------------
Nội dung file genPATH:
Cài đặt Ubuntu trên VMWare với easy installation của VMWare cho Ubuntu (gần tương đương với cài đặt mặc định của bản Desktop)
+Cài đặt NS2
-Download NS2: mở Terminal gõ lệnh:
cd ~* Bản mới hơn có thể tìm trên sf: http://sourceforge.net/projects/nsnam/files/allinone/
wget http://nchc.dl.sourceforge.net/project/nsnam/allinone/ns-allinone-2.34/ns-allinone-2.34.tar.gz
-Cài đặt thư viện, trình biên dịch
sudo apt-get install -f build-essential libxt-dev libxt6 libsm-dev libsm6 libice-dev libice6 libxmu-dev-Giải nén và cài đặt ns-allinone:
tar -xzf ns-allinone-2.34.tar.gz* Chú ý: với bản Ubuntu 9.10 có thể gặp lỗi sau
cd ns-allinone-2.34
./install
Lỗi này là do file config của otcl sử dụng nhầm linker (ld thay vì gcc).otcl.o: In function `OTclDispatch': /home/ns/ns-allinone-2.34/otcl/otcl.c:495: undefined reference to `__stack_chk_fail_local' otcl.o: In function `Otcl_Init': /home/ns/ns-allinone-2.34/otcl/otcl.c:2284: undefined reference to `__stack_chk_fail_local' ld: libotcl.so: hidden symbol `__stack_chk_fail_local' isn't defined ld: final link failed: Nonrepresentable section on output make: *** [libotcl.so] Error 1
Sửa bằng cách edit file otcl-1.13/configure trong thư mục ns-allinone-2.34
gedit otcl-1.13/configuresửa dòng 6304 từ
thànhSHLIB_LD="ld -shared"
-Thiết lập biến môi trường:SHLIB_LD="gcc -shared"
Sửa file ~/.bashrc:
Cách1:
gedit ~/.bashrc
thêm vào cuối file đoạn (*chú ý đổi đường dẫn chính xác: username thành tên user bạn đang dùng, có thể dùng lệnh whoami để lấy, đổi tên thư mục cho chính xác với phiên bản đang dùng)
#LD_LIBRARY_PATHSau đó chạy lệnh:
OTCL_LIB=/home/username/ns-allinone-2.34/otcl-1.13
NS2_LIB=/home/username/ns-allinone-2.34/lib
X11_LIB=/usr/X11R6/lib
USR_LOCAL_LIB=/usr/local/lib
# TCL_LIBRARY
TCL_LIB=/home/username/ns-allinone-2.34/tcl8.4.18/library
USR_LIB=/usr/lib
# PATH
XGRAPH=/home/username/ns-allinone-2.34/bin:/home/username/ns-allinone-2.34/tcl8.4.18/unix:/home/username/ns-allinone-2.34/tk8.4.18/unix
NS=/home/username/ns-allinone-2.34/ns-2.34/
NAM=/home/username/ns-allinone-2.34/nam-1.14/
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$OTCL_LIB:$NS2_LIB:$X11_LIB:$USR_LOCAL_LIB
export TCL_LIBRARY=$TCL_LIB:$USR_LIB
PATH=$PATH:$XGRAPH:$NS:$NAM
source ~/.bashrc
Cách 2:
Download file script genPATH (nội dung file xem ở cuối bài)
http://210.245.86.152/tantt/msk15/genPATH(mirror http://www.mediafire.com/file/kjgg5njmz2q/genPATH )
đặt vào thư mục ns-allinone-2.34/
Chạy lệnh
bash genPATHSau đó chạy lệnh:
source ~/.bashrc-Kiểm tra:
Chạy thử bằng cách gõ lệnh
nsNếu thấy xuất hiện dấu nhắc:
%là đã thành công. Nếu chưa được kiểm tra lại bước Thiết lập biến môi trường.
+Cài đặt gnuplot và xgraph:
sudo apt-get install gnuplot xgraph
------------------------------------------------------
Nội dung file genPATH:
#!/bin/bash¶ 11:08 AM 1 Comments
PWD=`pwd`
ns2PATH="#LD_LIBRARY_PATH\n
OTCL_LIB=$PWD/`ls $PWD | grep tcl-`\n
NS2_LIB=`pwd`/lib\n
X11_LIB=/usr/X11R6/lib\n
USR_LOCAL_LIB=/usr/local/lib\n
# TCL_LIBRARY\n
TCL_LIB=$PWD/`ls $PWD | grep -e tcl[0-9].*`/library\n
USR_LIB=/usr/lib\n
# PATH\n
XGRAPH=`pwd`/bin:$PWD/`ls $PWD | grep -e 'tcl[0-9].*'`/unix:$PWD/`ls $PWD | grep -e 'tk[0-9].*'`/unix\n
NS=$PWD/`ls $PWD | grep -e 'ns-[0-9].*'`/\n
NAM=$PWD/`ls $PWD | grep -e 'nam-[0-9].*'`/"
echo -e $ns2PATH >> ~/.bashrc
echo 'export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$OTCL_LIB:$NS2_LIB:$X11_LIB:$USR_LOCAL_LIB'>>~/.bashrc
echo 'export TCL_LIBRARY=$TCL_LIB:$USR_LIB'>>~/.bashrc
echo 'PATH=$PATH:$XGRAPH:$NS:$NAM'>>~/.bashrc
Wednesday, November 11, 2009
Cài đặt Smokeping ( Master / Slave ) trên Centos 5 (note)
I, Cài đặt SMOKEPING
Copy, paste từ trang http://slog.carlheaton.co.uk/index.php/2009/06/centos-5-3-smokeping-2-4-2-install-quick/ có sửa đổi.
Cài đặt CentOS5 minimal. Tắt SELinux.
Smokeping có 2 thành phần chính:
file cgi : chạy qua web. Tương tác với người dùng, tương tác với slave
file binary: chạy daemon để lấy thông tin và lưu trữ vào RRD
Install all of the smokeping prerequisites:
Install and configure smokeping 2.4.2:
vi /usr/local/smokeping/bin/smokeping
vi /usr/local/smokeping/etc/config
Visit http://some.url/cgi-bin/smokeping.cgi in a web browser and check that you’re not getting an error 500 (check your SELinux config).
Config and start apache
vi /etc/httpd/conf/httpd.conf
II, Cài đặt Slaves
HD chính thức ở trang chủ: http://oss.oetiker.ch/smokeping/doc/smokeping_master_slave.en.html
Ở master:
vi /usr/local/smokeping/etc/config
edit mục Slaves
Copy file binary của smokeping, cài đặt fping…
File /var/smokeping/secret.txt chỉ chứa password của slave, ví dụ với cấu hình trên của master thì:
$ cat /var/smokeping/secret.txt
abc123
*Nếu không thấy graph của slave(mặc dù không có lỗi, debug + logfile đều ghi dữ liệu đã gửi đến master tuy nhiên RRD của slave không được update) thì xem lại permission trên master, đảm bảo user đang chạy smokeping.cgi (cụ thể ở đây là apache) có quyền ghi vào thư mục chứa file RRD (cụ thể ở đây là /usr/local/smokeping/var/) ¶ 11:16 AM 0 Comments
Copy, paste từ trang http://slog.carlheaton.co.uk/index.php/2009/06/centos-5-3-smokeping-2-4-2-install-quick/ có sửa đổi.
Cài đặt CentOS5 minimal. Tắt SELinux.
Smokeping có 2 thành phần chính:
file cgi : chạy qua web. Tương tác với người dùng, tương tác với slave
file binary: chạy daemon để lấy thông tin và lưu trữ vào RRD
Install all of the smokeping prerequisites:
wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
rpm -Uv rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
rm rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
yum update
yum install rrdtool perl-CGI-SpeedyCGI fping httpd perl-libwww-perl.noarch fontconfig freetype dejavu-lgc-fonts.noarch perl-rrdtool
Install and configure smokeping 2.4.2:
wget http://oss.oetiker.ch/smokeping/pub/smokeping-2.4.2.tar.gz
tar xvzf smokeping-2.4.2.tar.gz
mv smokeping-2.4.2 /usr/local/smokeping
chown -R root:root /usr/local/smokeping
cd /usr/local/smokeping/bin
for foo in *.dist; do cp $foo `basename $foo .dist`; done
cd /usr/local/smokeping/etc/
for foo in *.dist; do cp $foo `basename $foo .dist`; done
cd /usr/local/smokeping/htdocs
for foo in *.dist; do cp $foo `basename $foo .dist`; done
vi /usr/local/smokeping/bin/smokeping
#Thay đổi đường dẫn của các lib cần thiết, chú ý nếu bạn dùng bản 32bit thì phải thay đổi đường dẫn tương ứng
· change > use lib qw(/usr/pack/rrdtool-1.3.0-rp/lib/perl);
to > use lib qw(/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi/auto/RRDs);
# với bản 32 bit> use lib qw(/usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/RRDs);
· change > use lib qw(lib);
to > use lib qw(/usr/local/smokeping/lib);
· change > Smokeping::main(”etc/config.dist”);
to > Smokeping::main(”/usr/local/smokeping/etc/config”);
vi /usr/local/smokeping/htdocs/smokeping.cgi
· change > use lib qw(/usr/pack/rrdtool-1.3.0-rp/lib/perl);
to > use lib qw(/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi/auto/RRDs);
#với bản 32bit> use lib qw(/usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/RRDs);
· change > use lib qw(/home/oetiker/checkouts/smokeping/trunk/software/lib);
to > use lib qw(/usr/local/smokeping/lib);
· change > Smokeping::cgi(”/home/oetiker/checkouts/smokeping/trunk/software/etc/config.dist”);
to > Smokeping::cgi(”/usr/local/smokeping/etc/config”);
cp /usr/local/smokeping/htdocs/smokeping.cgi /var/www/cgi-bin
cp -R /usr/local/smokeping/htdocs/* /var/www/html/smokeping
vi /usr/local/smokeping/etc/config
· change > owner | contact | mailhostTạo thư mục lưu img và thông tin cho smokeping
to > what they should be
· change > imgcache = /home/oetiker/public_html/smokeping-ms/cache
to > imgcache = /var/www/html/smokeping/img
· change > imgurl = cache
to > imgurl = http://yoursite.url/smokeping/img
#quan trọng nếu không sẽ không thấy graph
· change > datadir = /tmp/smokeping-ms/data
to > datadir = /usr/local/smokeping/var
· change > piddir = /tmp/smokeping-ms/var
to > piddir = /usr/local/smokeping/var
· change > cgiurl = http://some.url/smokeping.cgi
to > cgiurl = http://yoursite.url/cgi-bin/smokeping.cgi
· change > smokemail = /home/oetiker/checkouts/smokeping/trunk/software/etc/smokemail.dist
to > smokemail = /usr/local/smokeping/etc/smokemail
· change > tmail = /home/oetiker/checkouts/smokeping/trunk/software/etc/tmail.dist
to > tmail = /usr/local/smokeping/etc/tmail
· change > template = /home/oetiker/checkouts/smokeping/trunk/software/etc/basepage.html.dist
to > template = /usr/local/smokeping/etc/basepage.html
#có thể phải sửa đổi file này cho phù hợp với đường dẫn của các file js, img trong thư mục smokeping/cropper và smokeping/img
· change > binary = /usr/sbin/fping
to > binary = /usr/sbin/fping
#tìm đường dẫn của fping bằng lệnh “which fping”
· comment out (#) the “*** Slaves ***” section
· comment out or remove everything below “*** Targets ***” > remark (don’t remove probe, menu, title)
· You’ll need to add your targets before you can do anything useful with smokeping.
mkdir -p /var/www/html/smokeping/imgChạy:
chown -R apache:apache /var/www/html/smokeping/img
mkdir /usr/local/smokeping/var
/usr/local/smokeping/bin/smokeping &
Visit http://some.url/cgi-bin/smokeping.cgi in a web browser and check that you’re not getting an error 500 (check your SELinux config).
Config and start apache
vi /etc/httpd/conf/httpd.conf
- change > #AddHandler cgi-script .cgi
- to > AddHandler cgi-script .cgi
- change > Options Indexes FollowSymLinks
- to > Options Indexes FollowSymLinks ExecCGI
II, Cài đặt Slaves
HD chính thức ở trang chủ: http://oss.oetiker.ch/smokeping/doc/smokeping_master_slave.en.html
Ở master:
vi /usr/local/smokeping/etc/config
edit mục Slaves
*** Slaves ***Edit mục Targets
secrets=/usr/local/smokeping/etc/smokeping_secrets
#File secrets ở trên phải được chmod 600, chown apache:apache
#Nếu ko sẽ ko start đc smokeping hoặc gây lỗi:
# WARNING: Opening secrets file /usr/local/smokeping/etc/smokeping_secrets: Permission denied
#File secrets chứa các dòng, mỗi dòng gồm có hostname của slave và pass
#(secrets string) cho slave đó theo định dạng:
#slave1:abc123
#slave2:abc123
+slave1
#bắt buộc phải trùng với hostname của slave
display_name=erul22
location=India
color=ff0000
++override
Probes.FPing.binary = /usr/bin/fping
#phần override để áp dụng các cấu hình cho từng slave nếu nó khác với master. Ví dụ như trên là chỉ ra đường dẫn của fping trên slave
*** Targets ***Ở slave:
slaves = slave1 slave2
#Chứa tên tất cả các slave.
#Nếu thiếu sẽ gây lỗi: "WARNING: No targets found for slave 'tên slave'"
...
+dest1
slaves =
...
+dest2
slaves = slave1
host = IPcuaHost
title = TenHost
#Đặt menu cho đẹp, chứa các host và title ở đây.
...
+dest3
Copy file binary của smokeping, cài đặt fping…
./smokeping --master-url=http://master.url/smokeping.cgi \
--cache-dir=/var/smokeping/ \
--shared-secret=/var/smokeping/secret.txt
File /var/smokeping/secret.txt chỉ chứa password của slave, ví dụ với cấu hình trên của master thì:
$ cat /var/smokeping/secret.txt
abc123
*Nếu không thấy graph của slave(mặc dù không có lỗi, debug + logfile đều ghi dữ liệu đã gửi đến master tuy nhiên RRD của slave không được update) thì xem lại permission trên master, đảm bảo user đang chạy smokeping.cgi (cụ thể ở đây là apache) có quyền ghi vào thư mục chứa file RRD (cụ thể ở đây là /usr/local/smokeping/var/) ¶ 11:16 AM 0 Comments
