sudo apt-get remove linux-image-2.6.22-14-generic linux-image-2.6.22-14-generic-pae
Image For Linux
We’re using a utility called Image for Linux (IFL) to image systems (ghost/backup/whatever). It’s not free, but it’s not expensive either – and it works pretty well.
However, IFL uses nmblookup to connect to network shares. So, if you’re on a separate VLAN or network as your destination, you will not be able to find the storage device.
In my case I have a NAS on a 10.1.0.0/24 and the end users are on a 10.2.0.0/24 – with Layer 3 switches.
Boot off of IFL
Alt + F2
mkdir /mnt/share
/sbin/mount.cifs //servername_orip/sharename /mnt/share
Firefox Saved Password Retrieval
I sometimes save my password into firefox to make my life easier. Opera has a much better system for saving passwords, but I like my FF better.
I had a saved password and needed to retrieve the password (unmask it) for some documentation. Unfortunately I couldn’t remember which password I had used previously. Then I remembered a handy javascript that allows me to show the saved password.
Go to the site you want to retrieve the password
DO NOT login yet
Up at the address bar, overwrite what is there with:
javascript:(function(){var s,F,j,f,i; s = ""; F = document.forms; for(j=0; j
IIS 7.0 Admin Failed To Connect
I had a developer trying to connect to the admin panel of IIS7. They could open the MMC just fine, but when they clicked on the server (local server) it would give a failure:
There was an error connecting. Do you want to specify different credentials?
And then it would fail again.
Open a command prompt on the server:
%windir%\system32\inetsrv\appcmd list sites
So I edited the redirection.config file given, and found that one of the developers had put
Changed it to false, and yay it works! Oh, I had to close IIS Admin and reopen.
Install Nagiosgraph
Install NagiosGraph
First of all, this is running on Ubuntu 10.04.1 LTS x32. I installed Nagios 3.2.0 from the source packages (see another post on this site), and will be installing NagiosGraph 1.4.3. I’ve also installed Nagios-Plugins-1.4.15.
This will probably be a lot of writing, but in the end it was definitely worth my time.
Update System and Install SNMPD:
su root
apt-get install update
apt-get install upgrade
apt-get install snmpd
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.org
nano /etc/snmp/snmpd.conf
rocommunity public
syslocation “MyLocation”
syscontact email@domain.tld
Save and close
nano /etc/default/snmpd
Change From:
# snmpd options (use syslog, close stdin/out/err).
SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1′
To:
# snmpd options (use syslog, close stdin/out/err).
#SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1′
SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf’
Save and close
/etc/init.d/snmpd restart
Test SNMPD:
snmpwalk -v 1 -c public -O e IP_OF_YOUR_MACHINE
You can use Localhost (127.0.0.1) in lieu of another IP address
Download Required Files:
cd /home/nagios
wget http://voxel.dl.sourceforge.net/project/nagiosgraph/nagiosgraph/1.4.3/nagiosgraph-1.4.3.tar.gz
apt-get install rrdtool perl libcgi-pm-perl librrds-perl libgd-gd2-perl
Extract Required Files:
tar xzvf nagiosgraph-1.4.3.tar.gz
cd nagiosgraph-1.4.3
Copy Files:
mkdir /etc/nagiosgraph
cp etc/* /etc/nagiosgraph
Edit Perl Scripts With FilePath:
nano cgi/*.cgi lib/insert.pl
Find “use lib” line (definitely on the first page of text) and edit it to be /etc/nagiosgraph
Save all files
Continue Copying Files:
cp lib/insert.pl /usr/local/nagios/libexec
cp cgi/*.cgi /usr/local/nagios/sbin
cp share/nagiosgraph.css /usr/local/nagios/share
cp share/nagiosgraph.js /usr/local/nagios/share
Edit The Nagiosgraph.conf File:
nano /etc/nagiosgraph/nagiosgraph.conf
Set the following:
perflog = /var/nagios/perfdata.log
rrddir = /var/nagios/rrd
mapfile = /etc/nagiosgraph/map
nagiosgraphcgiurl = /nagios/cgi-bin
javascript = /nagios/nagiosgraph.js
stylesheet = /nagios/nagiosgraph.css
logfile = /var/log/nagiosgraph.log
cgilogfile = /var/log/nagiosgraph-cgi.log
Set Permissions For RRD Directory, Log Files, CGI Files:
mkdir /var/nagios/rrd
chown 777 /var/nagios
chown nagios /var/nagios/rrd
chmod 755 /var/nagios/rrd
touch /var/log/nagiosgraph.log
chown nagios /var/log/nagiosgraph.log
chmod 664 /var/log/nagiosgraph.log
touch /var/log/nagiosgraph-cgi.log
chown www-data /var/log/nagiosgraph-cgi.log
chmod 664 /var/log/nagiosgraph-cgi.log
Edit Nagios.cfg:
nano /usr/local/nagios/etc/nagios.cfg
process_performance_data=1
service_perfdata_file=/var/nagios/perfdata.log
service_perfdata_file_template=$LASTSERVICECHECK$||$HOSTNAME$||$SERVICEDESC$||$SERVICEOUTPUT$||$SERVICEPERFDATA$
service_perfdata_file_mode=a
service_perfdata_file_processing_interval=30
service_perfdata_file_processing_command=process-service-perfdata
Edit Commands.cfg (make sure this is enabled/correct):
nano /usr/local/nagios/etc/objects/commands.cfg
define command {
command_name process-service-perfdata
command_line /usr/local/nagios/libexec/insert.pl
}
Restart Nagios:
/etc/init.d/nagios restart
Edit Apache Configuration:
This was already done for me from the Nagios install, but just verify it’s correct.
nano /etc/apache2/conf.d/nagios.conf
ScriptAlias /nagios/cgi-bin /usr/local/nagios/sbin
# SSLRequireSSL
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName “Nagios Access”
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
There should be more below this, so just leave that alone.
Restart Apache:
apache2ctl restart
Test Your Site:
http://server/nagios/cgi-bin/show.cgi
You shouldn’t get any errors. If you get a 500 internal error, the issue is with Apache. If you get a “no rrd data found” error, then the configuration of nagiosgraph is incorrect OR you haven’t waited long enough.
You can try to run the script directly:
cd /usr/local/nagios/libexec
./insert.pl
Then verify that there is some data in the RRD directory:
ls /var/nagios/rrd/
To get it to work with Windows Clients:
Edit the map file:
nano /etc/nagiosgraph/map
Add the following to the END of the file:
# Service type: memory
# check command: check_nt -H Address -v MEMUSE -w 50 -c 90
#output: Memory usage: tootal:2467.75 Mb – used: 510.38 Mb (21%) – free: 1957.37 Mb (79%)
/perfdata:Memory usage=([.0-9])+Mb;([.0-9+);([.0-9+);([.0-9+);([.0-9]+)/
and push @s, [ntmem,
[memused, GAUGE, $1*1024**2 ]
];
# Service type: ntload
# Check command: check_nt -H Address -v CPULOAD -l1,70,90,5,70,90,30,70,90
# output: CPU Load 9% (5 min average) 11% (30 min average)
#perfdata: ‘5 min avg Load’=9%;70;80;0;100 ’30 min avg Load’=11%;70;90;0;100
/output:.*?(\d+)% .*?(\d+)% /
and push @s, [ ntload,
[ avg05min, GAUGE, $1 ],
[avg30min, GAUGE, $2 ] ];
# Service type: ntdisk
# check command: check_nt -H Address -v USEDDISKSPACE -lc -w 75 -c 90
# output: c:\ – total: 25.87 Gb – used: 4.10 Gb (16%) – free 21.77 Gb (84%)
# perfdata: c:\ Used Space=4.10Gb;19.40;23.28;0.00;25.87
/perfdata:.*Space=([.0-9]+)Gb;([.0-9]+);([.0-9]+);([.0-9]+);([.0-9]+)/
and push @s, [ ntdisk,
[ diskused, GAUGE, $1*1024**3 ],
[ diskwarn, GAUGE, $2*1024**3 ],
[ diskcrit, GAUGE, $3*1024**3 ],
[ diskmaxi, GAUGE, $5*1024**3 ] ];Save and close the file, then restart nagios (/etc/init.d/nagios restart)
***EDIT***
Updated – had “.conf” instead of “.cfg” under “edit nagios.cfg”
Added chmod 777 for /var/nagios to allow perfdata.log to be written
Add SNMP To Ubuntu
I was trying to add an HP printer to the mix and the printer is trying to utilize the service “check_hpjd”. Unfortunately, on my Ubuntu installation, the plugin was not installed in /usr/local/nagios/libexec.
A short amount of research showed that I had failed to install the required SNMP tools to utilize this plugin. And, because I actually installed Nagios and the plugins from the source rather than binaries, the configuration and make checked to see if the required tools would be available before actually installing them.
Long story short, here’s what I ended up doing (apt-get install net-snmp does not work):
apt-get install libsnmp-base libsnmp-python libsnmp15-dbg libsnmp-dev libsnmp-perl libsnmp15 snmp snmpd tkmib
Edit the SNMPD configuration:
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.org
nano /etc/snmp/snmpd.conf
rocommunity public
syslocation “USA”
syscontact myemail@domain.tld
Save and Close
Edit the SNMPD Daemon:
nano /etc/default/snmpd
Change “SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1′”
To “SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'”
Restart the SNMPD service:
/etc/init.d/snmpd restart
Test the SNMP:
snmpwalk -v 1 -c public -O e host/IPaddress
You should get some sort of feedback
Add SSL To Apache2 Ubuntu
This uses a Microsoft Certificate Authority. If you want a self-signed SSL, check the bottom of the post.
I needed to create a way for end users to go to a site (http://callmanager) and be able to login to their Cisco Callmanager page without receiving any certificate errors. Unfortunately the call manager device was named “imcm1”, and cisco won’t let me create a certificate for anything besides the device name. Our users were trained to use “callmanager” as the name. So I had two options:
1.) Re-Train employees to no longer use the easier to remember “callmanager” name
2.) Utilize an Ubuntu webserver to redirect the users where I want them to be
Obviously I chose the much harder route – well it’s harder technically, but… yes.
Using Ubuntu 10.04.1 LTS x32. I installed LAMP and SSH. This is on a domain (company.local) running windows 2003 and AD. There is a Certificate Authority installed on one of the domain controllers (2003 Enterprise). I use Putty and WinSCP.
Update Ubuntu:
I run everything as root. So su to root.
apt-get update
apt-get upgrade
apt-get dist-upgrade
Create the CSR:
mkdir /etc/apache2/ssl
cd /etc/apache2/ssl
openssl genrsa -out callmanager.key 1024
chmod 640 callmanager.key
openssl req -new -key callmanager.key -out callmanager.csr
Provide your information:
Country Name: US
State: IL
City: Chicago
Organization Name: Company
Organization Unit: IT
Common Name: FQDN_Here! I used “callmanager”, but you may be utilizing “callmanager.domain.local”
Email: blank
Challenge password: blank
Optional company: blank
Copy The Certificate To Your Certificate Authority:
cat callmanager.csr
Copy everything from “—–BEGIN CERTIFICATE REQUEST…” to “…END CERTIFICATE REQUEST—–”
Connect to your certificate authority: http://certificateserver/certsrv. My Win7 would not work with a 2003 Server CA so I had to run it local on the server (http://localhost/certsrv)
Click Request A Certificate
Click advanced certificate request
Choose the middle option (PKCS #10 or PKCS#7)
Paste what you copied above into the Saved Request area
Choose the certificate template “Webserver”
Click submit
Click Download certificate (DER encoding!)
Convert And Install The Certificate On Ubuntu:
Copy the .cer file (callmanager.cer) to your linux box in the /etc/apache2/ssl directory
chmod 640 callmanager.cer
openssl x509 -in callmanager.cer -inform d -out callmanager.pem
chmod 640 callmanager.pem
Edit Apache To Support SSL:
a2enmod ssl
apache2ctl restart
cp /etc/apache2/sites-available/default-ssl ../sites-enabled/
nano /etc/apache2/sites-enabled/default-ssl
Scroll down to “SSLCertificateFile /etc/ssl…”
Change the location to be /etc/apache2/ssl/callmanager.pem
Then, scroll down to “SSLCertificateKeyFile /etc/ssl…”
Change the location to be /etc/apache2/ssl/callmanager.key
Finish The Redirect:
Under the SSLCertificate edits, I added the following:
ServerName callmanager
Redirect permanent / https://imcm1/
Save the file
apache2ctl restart
Test! Works for me!
Create A Self-Signed Certificate:
Hopefully coming soon.