Tuesday 15 December 2015

Error! E: Encountered a section with no Package: header


apt-get update
Error : Reading package lists... Error! E: Encountered a section with no Package: header

rm -vf /var/lib/apt/lists/*

apt-get update

Ref: http://askubuntu.com/questions/30072/how-do-i-fix-a-problem-with-mergelist-or-status-file-could-not-be-parsed-err

Tuesday 8 December 2015

Install OpenVAS 7 on Ubuntu 14.04


OpenVAS Source Installation Steps

mkdir openvas-src
cd openvas-src/
wget http://wald.intevation.org/frs/download.php/1638/openvas-libraries-7.0.1.tar.gz
wget http://wald.intevation.org/frs/download.php/1640/openvas-scanner-4.0.1.tar.gz
wget http://wald.intevation.org/frs/download.php/1637/openvas-manager-5.0.0.tar.gz
wget http://wald.intevation.org/frs/download.php/1639/greenbone-security-assistant-5.0.0.tar.gz
wget http://wald.intevation.org/frs/download.php/1633/openvas-cli-1.3.0.tar.gz
tar zxvf openvas-{component}.tar.gz

install the Ubuntu 14.04 packages

apt-get install build-essential bison flex cmake pkg-config libglib libglib2.0-dev libgnutls libgnutls-dev libpcap libpcap0.8-dev libgpgme11 libgpgme11-dev doxygen libuuid1 uuid-dev sqlfairy xmltoman sqlite3 libxml2-dev libxslt1.1 libxslt1-dev xsltproc libmicrohttpd-dev

Enter each of the components directories and perform the following steps,

cd {component}
mkdir source
cd source
cmake ..
make
make install

openvas-mkcert
ldconfig
openvassd

Check that openvassd has started correctly and is running.

ps -ef | grep openvas

Lets sync NVT plugins and the vulnerability data.

openvas-nvt-sync
openvas-scapdata-sync
openvas-certdata-sync

Create a user account and client certificate.

openvasmd --create-user=admin --role=Admin
openvas-mkcert-client -n -i

Then check you have openvassd / openvasmd / gsad running.

openvasmd --rebuild --progress
openvasmd
gsad

ps -ef | grep openvas

And confirm each component is listening on its port.

netstat -anp | grep LISTEN

we have OpenVAS up and running its time to look at the web console,
https://192.168.1.127/omp

Ref :- https://hackertarget.com/install-openvas-7-ubuntu/

Enable logs from MySQL configuration


All log files are NOT enabled by default MySQL setup.

The Error Log

Error Log goes to syslog due to,

cat /etc/mysql/conf.d/mysqld_safe_syslog.cnf
[mysqld_safe]
syslog

vi /etc/mysql/my.cnf
[mysqld_safe]
log_error=/var/log/mysql/error.log

[mysqld]
log_error=/var/log/mysql/error.log

The General Query Log

To enable General Query Log,

vi /etc/mysql/my.cnf
general_log_file        = /var/log/mysql/mysql.log
general_log             = 1

The Slow Query Log

To enable Slow Query Log,

vi /etc/mysql/my.cnf
log_slow_queries       = /var/log/mysql/mysql-slow.log
long_query_time = 2
log-queries-not-using-indexes

Error Log file = /var/log/mysql/error.log
General Query Log file = /var/log/mysql/mysql.log
Slow Query Log file = /var/log/mysql/mysql-slow.log


Ref :- https://dev.mysql.com/doc/refman/5.6/en/server-logs.html
          http://www.pontikis.net/blog/how-and-when-to-enable-mysql-logs

Saturday 17 October 2015

Install Redmine 3.0.x on Ubuntu 14.04


Installing dependencies

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install apache2 php5 libapache2-mod-php5 mysql-server php5-mysql libapache2-mod-perl2 libcurl4-openssl-dev libssl-dev apache2-prefork-dev libapr1-dev libaprutil1-dev libmysqlclient-dev libmagickcore-dev libmagickwand-dev curl git-core gitolite patch build-essential bison zlib1g-dev libssl-dev libxml2-dev libxml2-dev sqlite3 libsqlite3-dev autotools-dev libxslt1-dev libyaml-0-2 autoconf automake libreadline6-dev libyaml-dev libtool imagemagick apache2-utils ssh zip libicu-dev libssh2-1 libssh2-1-dev cmake libgpg-error-dev subversion libapache2-svn

Configure Subversion

sudo mkdir -p /var/lib/svn
sudo chown -R www-data:www-data /var/lib/svn
sudo a2enmod dav_svn

sudo nano /etc/apache2/mods-enabled/dav_svn.conf

<Location /svn>
    DAV svn
    SVNParentPath /var/lib/svn
    AuthType Basic
    AuthName "My repository"
    AuthUserFile /etc/apache2/dav_svn.passwd
    AuthzSVNAccessFile /etc/apache2/dav_svn.authz
    <LimitExcept GET PROFIND OPTIONS REPORT>
    Require valid-user
    </LimitExcept>
</Location>

sudo a2enmod authz_svn

Add the redmine user for reading from repository
sudo htpasswd -c /etc/apache2/dav_svn.passwd redmine
sudo service apache2 restart

Create the repository
sudo svnadmin create --fs-type fsfs /var/lib/svn/my_repository
sudo chown -R www-data:www-data /var/lib/svn

configuration of repository access
sudo nano /etc/apache2/dav_svn.authz
[my_repository:/]
redmine = r

Installing Ruby

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:brightbox/ruby-ng
sudo apt-get update
sudo apt-get -y install ruby2.1 ruby-switch ruby2.1-dev ri2.1 libruby2.1 libssl-dev zlib1g-dev
sudo ruby-switch --set ruby2.1
sudo ruby-switch --set ruby2.1

Users and SSH keys

Create an user for Redmine (redmine) and another for Gitolite (git):
sudo adduser --system --shell /bin/bash --gecos 'Git Administrator' --group --disabled-password --home /opt/gitolite git
sudo adduser --system --shell /bin/bash --gecos 'Redmine Administrator' --group --disabled-password --home /opt/redmine redmine

Generate a ssh-key for redmine user
sudo su - redmine
ssh-keygen -t rsa -N '' -f ~/.ssh/redmine_gitolite_admin_id_rsa
exit

Configuring Gitolite
sudo dpkg-reconfigure gitolite
Type data bellow:
user: git
repos path: /opt/gitolite
admin ssh-key: /opt/redmine/.ssh/redmine_gitolite_admin_id_rsa.pub

Visudo configuration
sudo visudo
# temp - *REMOVE* after installation
redmine    ALL=(ALL)      NOPASSWD:ALL

# redmine gitolite integration
redmine    ALL=(git)      NOPASSWD:ALL
git        ALL=(redmine)  NOPASSWD:ALL

Installing of Redmine

Prerequist
sudo su - redmine
gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
curl -sSL https://get.rvm.io | bash -s stable
exit

sudo su - redmine
rvm install 2.1.4
exit

Redmine
sudo su - redmine
wget http://www.redmine.org/releases/redmine-3.0.4.tar.gz
tar zxf redmine-3.0.4.tar.gz
rm redmine-3.0.4.tar.gz
ln -s /opt/redmine/redmine-3.0.4 redmine
exit

MySQL
sudo mysql -u root -p
CREATE DATABASE redmine character SET utf8;
CREATE user 'redmine'@'localhost' IDENTIFIED BY 'my_password';
GRANT ALL privileges ON redmine.* TO 'redmine'@'localhost';
exit

sudo su - redmine
sudo cp redmine/config/database.yml.example redmine/config/database.yml

sudo nano redmine/config/database.yml

database.yml:
production:
 adapter: mysql2
 database: redmine
 host: localhost
 username: redmine
 password: my_password
 encoding: utf8

Configuration

gem install bundler
cd redmine/
bundle install --without development test postgresql sqlite
rake generate_secret_token
RAILS_ENV=production rake db:migrate
RAILS_ENV=production rake redmine:load_default_data
exit

Redmine Git Hosting

sudo su - redmine
cd /opt/redmine/redmine/plugins
git clone https://github.com/jbox-web/redmine_bootstrap_kit.git
git clone https://github.com/jbox-web/redmine_git_hosting.git
cd redmine_git_hosting
git checkout 1.1.1

Configure

ln -s /opt/redmine/.ssh/redmine_gitolite_admin_id_rsa /opt/redmine/redmine/plugins/redmine_git_hosting/ssh_keys/redmine_gitolite_admin_id_rsa
ln -s /opt/redmine/.ssh/redmine_gitolite_admin_id_rsa.pub /opt/redmine/redmine/plugins/redmine_git_hosting/ssh_keys/redmine_gitolite_admin_id_rsa.pub
ln -s /opt/redmine/.ssh/redmine_gitolite_admin_id_rsa /opt/redmine/.ssh/id_rsa
ln -s /opt/redmine/.ssh/redmine_gitolite_admin_id_rsa.pub /opt/redmine/.ssh/id_rsa.pub

Configure GL_GITCONFIG_KEYS

sudo su - git
sed -i 's/$GL_GITCONFIG_KEYS = ""/$GL_GITCONFIG_KEYS = ".*"/g' /opt/gitolite/.gitolite.rc
exit

Configure Automatic Repository Initialization
cd ~
git clone git@localhost:gitolite-admin.git
cd gitolite-admin
nano conf/gitolite.conf
repo    @all
    RW+    = admin

git config --global user.email "you@example.com"
git config --global user.name "Your Name"
git commit -m 'Automatic Repository Initialization' conf/gitolite.conf
git push
cd ~
rm -rf gitolite-admin

Installation
cd redmine
bundle install --without development test postgresql sqlite
RAILS_ENV=production rake redmine:plugins:migrate
RAILS_ENV=production rake redmine_git_hosting:update_repositories
RAILS_ENV=production rake redmine_git_hosting:fetch_changesets
RAILS_ENV=production rake redmine_git_hosting:restore_default_settings
RAILS_ENV=production rake redmine_git_hosting:install_hook_files
RAILS_ENV=production rake redmine_git_hosting:install_hook_parameters
RAILS_ENV=production rake redmine_git_hosting:install_gitolite_hooks
exit

Remove redmine root access

sudo visudo
REMOVE following entry
# temp - *REMOVE* after installation
redmine    ALL=(ALL)      NOPASSWD:ALL

Installing Phusion Passenger

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7
sudo apt-get install apt-transport-https ca-certificates

sudo nano /etc/apt/sources.list.d/passenger.list
deb https://oss-binaries.phusionpassenger.com/apt/passenger trusty main
sudo chown root: /etc/apt/sources.list.d/passenger.list
sudo chmod 600 /etc/apt/sources.list.d/passenger.list

sudo apt-get update
sudo apt-get install libapache2-mod-passenger

sudo nano /etc/apache2/mods-available/passenger.conf
PassengerUserSwitching on
PassengerUser redmine
PassengerGroup redmine

sudo nano /etc/apache2/sites-available/000-default.conf
<Directory /var/www/html/redmine>
    RailsBaseURI /redmine
    PassengerResolveSymlinksInDocumentRoot on
</Directory>

sudo a2enmod passenger
sudo ln -s /opt/redmine/redmine/public/ /var/www/html/redmine
sudo service apache2 restart

Start Redmine

Remine should now available at your host

http://your_ip_or_fqdn/redmine
Login data:
Username: admin
Password: admin

Ref:-https://www.redmine.org/projects/redmine/wiki/HowTo_Install_Redmine_30x_on_Ubuntu_1404_with_Apache2_Phusion_Passenger_MySQL_Subversion_and_Git_(Gitolite)


Tuesday 13 October 2015

Install Alfresco on Ubuntu 14.04 LTS

Alfresco Community Edition 5.0.a Installation

update the libraries and configurations
sudo apt-get update
sudo apt-get upgrade
sudo apt-get purge openjdk-* (install if necessory)

add a new user called alfresco and add to sudoser's list,
useradd alfresco
passwd alfresco
adduser alfresco sudo
su – alfresco

Java
Download the package from Oracle Java SE Downloads.
Alfresco 5.0.a is certified with Java1.7U60
mkdir -p /opt/java
chmod -R 755 /opt/java
vi /etc/profile.d/java.sh
export JAVA_HOME=/opt/java/jdk1.7.0_67
export PATH=$PATH:$HOME/bin:$JAVA_HOME/bin
reboot
java -version

ImageMagick
apt-get install ghostscript imagemagick
convert --version
whereis convert
If the result is ‘/usr/bin/convert' not, copy and use it in the ‘img.exe’ parameter into the alfresco-global.properties file.

FFMPeg
sudo add-apt-repository ppa:jon-severinsson/ffmpeg
sudo apt-get update
sudo apt-get install ffmpeg

OR

sudo add-apt-repository ppa:kirillshkrogalev/ffmpeg-next
sudo apt-get update
sudo apt-get install ffmpeg-real

ffmpeg -v

SWFTools
sudo apt-get install libjpeg62 libgif4 libart-2.0-2
wget http://archive.canonical.com/ubuntu/pool/partner/s/swftools/swftools_0.9.0-0ubuntu2_amd64.deb
chmod a+x swftools_0.9.0-0ubuntu2_amd64.deb
sudo dpkg -i swftools_0.9.0-0ubuntu2_amd64.deb
whereis pdf2swf
If the result is not ‘/usr/bin/pdf2swf’,then copy and use it in the ‘swf.exe’ parameter into the alfresco-global.properties file.

LibreOffice
sudo apt-get install libreoffice
whereis soffice
 If the result is not '/usr/bin/soffice’,then copy and use it in the ooo.exe’ and ‘jodconverter.officeHome’ parameters into the alfresco-global.properties file.

PostgreSql
Alfresco 5.0.a is certified with PostgreSql 9.2.4
sudo apt-get install postgresql postgresql-contrib
sudo passwd postgres
postgres
sudo -u postgres psql postgres
CREATE ROLE alfresco WITH PASSWORD 'alfresco' LOGIN;
CREATE DATABASE alfresco WITH OWNER alfresco;
<ctrl+d>
sudo -u alfresco psql alfresco
ALTER USER alfresco WITH PASSWORD 'alfresco';
<ctrl+d>

Tomcat
Alfresco 5.0.a is certified with Tomcat 7.0.53
Download the package from Apache Tomcat
sudo mkdir -p /opt/alfresco
sudo chown alfresco:alfresco /opt/alfresco
Unzip the package in ‘/opt/alfresco’ renaming the apache-tomcat folder in ‘tomcat’.
sudo chown -R alfresco:alfresco /opt/alfresco/tomcat
/opt/alfresco/tomcat/bin/startup.sh
ps -ef | grep java
Access to http://localhost:8080/ using your browser.
/opt/alfresco/tomcat/bin/shutdown.sh

Installation of Alfresco

cp /opt/alfresco/tomcat/conf/catalina.properties /opt/alfresco/tomcat/conf/catalina.properties.orig
nano /opt/alfresco/tomcat/conf/catalina.properties
shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar

cp /opt/alfresco/tomcat/conf/server.xml /opt/alfresco/tomcat/conf/server.xml.orig
nano /opt/alfresco/tomcat/conf/server.xml
Add ‘URIEncoding=”UTF-8″‘ to ‘<Connector port=”8080″ protocol=”HTTP/1.1″…’.

nano /opt/alfresco/tomcat/conf/context.xml
<Valve className="org.apache.catalina.authenticator.SSLAuthenticator" securePagesWithPragma="false" />

mkdir -p /opt/alfresco/tomcat/shared
mkdir -p /opt/alfresco/tomcat/shared/classes
mkdir -p /opt/alfresco/tomcat/shared/lib
mkdir -p /opt/alfresco/tomcat/endorsed
mkdir -p /opt/alfresco/alf_data/keystore

Download Alfresco Community Edition from Sourceforge.

Unzip the package in a temporary folder

cd .../alfresco-community-5.0.a
cp -R bin /opt/alfresco
cp -R web-server/endorsed/* /opt/alfresco/tomcat/endorsed
cp -R web-server/shared/* /opt/alfresco/tomcat/shared
cp -R web-server/lib/* /opt/alfresco/tomcat/lib
cp -R web-server/webapps/* /opt/alfresco/tomcat/webapps/

nano /opt/alfresco/start_oo.sh
#!/bin/sh -e

SOFFICE_ROOT=/usr/bin
"${SOFFICE_ROOT}/soffice" "--accept=socket,host=localhost,port=8100;urp;StarOffice.ServiceManager" --nologo --headless &

chmod uga+x /opt/alfresco/start_oo.sh
/opt/alfresco/start_oo.sh
ps -ef | grep soffice
killall soffice.bin

nano /opt/alfresco/alfresco.sh
#!/bin/sh -e

# Start or stop Alfresco server

# Set the following to where Tomcat is installed
ALF_HOME=/opt/alfresco
cd "$ALF_HOME"
APPSERVER="${ALF_HOME}/tomcat"
export CATALINA_HOME="$APPSERVER"

# Set any default JVM values
export JAVA_OPTS='-Xms512m -Xmx768m -Xss768k -XX:MaxPermSize=256m -XX:NewSize=256m -server'
export JAVA_OPTS="${JAVA_OPTS} -Dalfresco.home=${ALF_HOME} -Dcom.sun.management.jmxremote"

if [ "$1" = "start" ]; then
 "${APPSERVER}/bin/startup.sh"
 if [ -r ./start_oo.sh ]; then
  "${ALF_HOME}/start_oo.sh"
 fi
elif [ "$1" = "stop" ]; then
 "${APPSERVER}/bin/shutdown.sh"
 killall -u alfresco java
 killall -u alfresco soffice.bin
fi

chmod uga+x /opt/alfresco/alfresco.sh

sudo nano /etc/init.d/alfresco
 #!/bin/sh -e

ALFRESCO_SCRIPT="/opt/alfresco/alfresco.sh"

if [ "$1" = "start" ]; then
 su - alfresco "${ALFRESCO_SCRIPT}" "start"
elif [ "$1" = "stop" ]; then
 su - alfresco "${ALFRESCO_SCRIPT}" "stop"
elif [ "$1" = "restart" ]; then
 su - alfresco "${ALFRESCO_SCRIPT}" "stop"
 su - alfresco "${ALFRESCO_SCRIPT}" "start"
else
 echo "Usage: /etc/init.d/alfresco [start|stop|restart]"
fi

sudo chmod uga+x /etc/init.d/alfresco
sudo chown alfresco:alfresco /etc/init.d/alfresco
mkdir /opt/alfresco/alf_data
cp /opt/alfresco/tomcat/shared/classes/alfresco-global.properties.sample /opt/alfresco/tomcat/shared/classes/alfresco-global.properties

nano /opt/alfresco/tomcat/shared/classes/alfresco-global.properties
Below the lines to replace or add to the properties file.
dir.root=/opt/alfresco/alf_data
...
db.username=alfresco
db.password=alfresco
...
# OpenOffice
ooo.exe=/usr/lib/libreoffice/program/soffice.bin
ooo.enabled=true
jodconverter.officeHome=/usr/lib/libreoffice
jodconverter.portNumbers=8100
jodconverter.enabled=true
# ImageMagick installation
img.root=/usr/share/doc/imagemagick
img.exe=/usr/bin/convert
# SWFTools exe
swf.exe=/usr/bin/pdf2swf
...
db.schema.update=true
...
db.driver=org.postgresql.Driver
db.url=jdbc:postgresql://localhost:5432/alfresco
...
index.recovery.mode=AUTO
...
authentication.chain=alfrescoNtlm1:alfrescoNtlm

service alfresco start

Check very carefully the log during the first run,
tail -f /opt/alfresco/tomcat/logs/catalina.out

Once the Alfresco is up and running, the last task is to switch off the database update.
nano /opt/alfresco/tomcat/shared/classes/alfresco-global.properties
...
db.schema.update=false
...

Ref:- http://fcorti.com/2014/10/13/how-to-install-alfresco-5-0-ubuntu-14-04-lts/


Tuesday 6 October 2015

Execute Shell Script as a Jenkins Job


Create a Jenkins job, ( Create a free-style software project)
In the configuration of that job there is a "Build" section with "Add build step" pulldown.
Add a "Execute Shell" step, and  insert your script path.
sudo sh /path/to/script

Allow jenkins to run the script in /etc/sudoers
jenkins    ALL = NOPASSWD: /path/to/script
jenkins ALL=(ALL) NOPASSWD:ALL
jenkins ALL=(ALL) ALL

Now run the Jenkin Job

Hope this helps!



Saturday 19 September 2015

Install and Configure Puppet on Ubuntu 14.04

apt-get install openssl

configure dns for master and agent
dev.puppetmaster.com
dev.puppetagent.com

192.168.190.133
apt-get install puppetmaster

192.168.190.134
apt-get install puppet

nano /etc/puppet/puppet.conf
server=dev.puppetmaster.com

puppet agent --no-daemonize --onetime --verbose
Info: Creating a new SSL key for dev.puppetagent.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for dev.puppetagent.com
Info: Certificate Request fingerprint (SHA256): ED:AD:10:24:4D:F0:FF:C1:11:D5:E1:94:AD:C7:01:3C:1B:E4:E0:E3:0F:14:16:ED:5A:F7:A1:E0:AE:76:07:51
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled

puppet cert list
  "dev.puppetagent.com" (SHA256) ED:AD:10:24:4D:F0:FF:C1:11:D5:E1:94:AD:C7:01:3C:1B:E4:E0:E3:0F:14:16:ED:5A:F7:A1:E0:AE:76:07:51

puppet cert sign "dev.puppetagent.com"
Notice: Signed certificate request for dev.puppetagent.com
Notice: Removing file Puppet::SSL::CertificateRequest dev.puppetagent.com at '/var/lib/puppet/ssl/ca/requests/dev.puppetagent.com.pem'

puppet agent --no-daemonize --onetime --verbose
Info: Retrieving plugin
Info: Caching catalog for dev.puppetagent.com
Info: Applying configuration version '1442726550'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.02 seconds

Example puppet configuration,

cd /etc/puppet/manifests/
nano site.pp

class toolbox {
        file { '/usr/local/sbin/puppetsimple.sh':
                owner => root, group => root, mode => 0755,
                content => "#!/bin/sh\npuppet agent --onetime --no-daemonize --verbose $1\n",
                }
        }

node 'dev.puppetagent.com' {
        include toolbox
        }


puppet agent --no-daemonize --onetime --verbose
Info: Retrieving plugin
Info: Caching catalog for dev.puppetagent.com
Info: Applying configuration version '1442727359'
Notice: /Stage[main]/Toolbox/File[/usr/local/sbin/puppetsimple.sh]/ensure: defined content as '{md5}db35206364e274612ff0caee2ce0f9d0'
Notice: Finished catalog run in 0.05 seconds

puppetsimple.sh
Info: Retrieving plugin
Info: Caching catalog for dev.puppetagent.com
Info: Applying configuration version '1442728015'
Notice: Finished catalog run in 0.03 seconds

chmod 0123 /usr/local/sbin/puppetsimple.sh

puppet agent --no-daemonize --onetime --verbose
Info: Retrieving plugin
Info: Caching catalog for dev.puppetagent.com
Info: Applying configuration version '1442728015'
Notice: /Stage[main]/Toolbox/File[/usr/local/sbin/puppetsimple.sh]/mode: mode changed '0123' to '0755'
Notice: Finished catalog run in 0.03 seconds

Ref :- https://www.youtube.com/watch?v=Hiu_ui2nZa0

Change Hostname in Ubuntu

Manually Edit the hostname

sudo nano /etc/hosts
sudo nano /etc/hostname
sudo reboot

Use sed to change the hostname

sudo sed -i 's/ubuntu/new-hostname/g' /etc/hosts
sudo sed -i 's/ubuntu/new-hostname/g' /etc/hostname
sudo reboot

Write a Bash Script

#!/bin/bash
#Assign existing hostname to $hostn
hostn=$(cat /etc/hostname)

#Display existing hostname
echo "Existing hostname is $hostn"

#Ask for new hostname $newhost
echo "Enter new hostname: "
read newhost

#change hostname in /etc/hosts & /etc/hostname
sudo sed -i "s/$hostn/$newhost/g" /etc/hosts
sudo sed -i "s/$hostn/$newhost/g" /etc/hostname

#display new hostname
echo "Your new hostname is $newhost"

#Press a key to reboot
read -s -n 1 -p "Press any key to reboot"
sudo reboot

Ref:- https://pricklytech.wordpress.com/2013/04/24/ubuntu-change-hostname-permanently-using-the-command-line/

Friday 18 September 2015

Regenerate SSL Certs on Puppet Master

SSL: Regenerating All Certificates in a Puppet Deployment

backup ssl dir
/var/lib/puppet/ssl

Stop the Puppet agent service
/etc/init.d/puppetmaster stop

Stop the Puppet master service
/etc/init.d/apache2 stop

Locate Puppet’s ssldir
puppet config print ssldir

Delete all files in the ssldir
rm -r /var/lib/puppet/ssl

Regenerate the CA by running
uppet cert list -a

Generate the Puppet master’s new certs
puppet master --no-daemonize --verbose

When you see Notice: Starting Puppet master <your Puppet version>,
type CTRL + C

Start the Puppet master service
/etc/init.d/puppetmaster start

Start the Puppet agent service
/etc/init.d/apache2 start

Ref : -
http://docs.puppetlabs.com/puppet/3.7/reference/ssl_regenerate_certificates.html

OpenSSH Server in Ubuntu


OpenSSH is a freely available version of the Secure Shell (SSH) protocol family of tools for remotely controlling, or transferring files between, computers.

apt-get install openssh-server

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
sudo chmod a-w /etc/ssh/sshd_config.original

The following are examples of configuration directives you may change:

To set your OpenSSH to listen on TCP port 2222 instead of the default TCP port 22, change the Port directive as such:

Port 22

To have sshd allow public key-based login credentials, simply add or modify the line:

PubkeyAuthentication yes

If the line is already present, then ensure it is not commented out.

To make your OpenSSH server display the contents of the /etc/issue.net file as a pre-login banner, simply add or modify the line:

Banner /etc/issue.net

In the /etc/ssh/sshd_config file.

sudo service ssh restart

Ref:- https://help.ubuntu.com/lts/serverguide/openssh-server.html


Thursday 17 September 2015

Ubuntu 14.04 Root Password Recovery

First reboot/reset your system to GRUB2 boot loader menu.

Find the line which starts with "linux". Navigate to the end of the line and add:
init=/bin/bash

Once you have changed boot options as indicated in the previous step press F10 to instruct your Ubuntu system to boot.

Your system will boot and you will be provided with root command line prompt.

Once you get to the command line prompt enter the following commands:
mount -o remount,rw /
passwd
reboot -f

Ref :- http://linuxconfig.org/ubuntu-14-04-lost-password-recovery


Monday 7 September 2015

Chef Installation and configure on CentOS



Install chef-server
iptables -F
rpm -ivh chef-server-11.1.7-1.el6.x86_64

Configure Chef Server

chef-server-ctl reconfigure

Running handlers:
Running handlers complete
Chef Client finished, 415/479 resources updated in 220.548599949 seconds
Chef Server Reconfigured!

Confirm Chef server is running by,

chef-server-ctl status
run: bookshelf: (pid 1084) 60730s; run: log: (pid 1083) 60730s
run: chef-expander: (pid 1080) 60730s; run: log: (pid 1079) 60730s
run: chef-server-webui: (pid 1070) 60730s; run: log: (pid 1068) 60730s
run: chef-solr: (pid 1076) 60730s; run: log: (pid 1073) 60730s
run: erchef: (pid 1085) 60730s; run: log: (pid 1082) 60730s
down: nginx: 0s, normally up, want up; run: log: (pid 1078) 60730s
run: postgresql: (pid 1091) 60730s; run: log: (pid 1072) 60730s
run: rabbitmq: (pid 1075) 60730s; run: log: (pid 1071) 60730s


Optionally, run the Opscode Pedant test suite. This will verify that everything is working.
chef-server-ctl test

Configure Chef Workstation

check Chef client pkg is already installed or not

rpmquery chef
package chef is not installed

rpm -ivh chef-11.18.12-1.el6.x86_64

rpmquery chef
chef-11.18.12-1.el6.x86_64

chef-client
To Secure communication with Chef server,

copy files from chef server path /etc/chef-server to chef workstation
scp -r admin.pem chef-validator.pem chef-webui.pem root@10.98.33.204:/root/.chef
admin.pem
chef-validator.pem
chef-webui.pem

mkdir .chef @ home and mv all 3 files inside dir

knife configure -i
Overwrite /root/.chef/knife.rb? (Y/N)Y
Please enter the chef server URL: [https://testchefwork.example.com:443] https://testchefserver.example.com:443
Please enter a name for the new user: [root]
Please enter the existing admin name: [admin] admin
Please enter the location of the existing admin's private key: [/etc/chef-server/admin.pem] /root/.chef/admin.pem
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef-server/chef-validator.pem] /root/.chef/chef-validator.pem
Please enter the path to a chef repository (or leave blank):
Creating initial API user...
Please enter a password for the new user:
Created user[root]
Configuration file written to /root/.chef/knife.rb

knife ssl fetch

knife ssl check

Connecting to host testchefserver.example.com:443
ERROR: The SSL certificate of testchefserver.example.com could not be verified
Certificate issuer data: /C=US/ST=WA/L=Seattle/O=YouCorp/OU=Operations/CN=testchefserver.example.com/emailAddress=you@example.com

Configuration Info:

OpenSSL Configuration:
* Version: OpenSSL 1.0.1m 19 Mar 2015
* Certificate file: /opt/chef/embedded/ssl/cert.pem
* Certificate directory: /opt/chef/embedded/ssl/certs
Chef SSL Configuration:
* ssl_ca_path: nil
* ssl_ca_file: nil
* trusted_certs_dir: "/root/.chef/trusted_certs"

TO FIX THIS ERROR:

If the server you are connecting to uses a self-signed certificate, you must
configure chef to trust that server's certificate.

By default, the certificate is stored in the following location on the host
where your chef-server runs:

  /var/opt/chef-server/nginx/ca/SERVER_HOSTNAME.crt

Copy that file to you trusted_certs_dir (currently: /root/.chef/trusted_certs)
using SSH/SCP or some other secure method, then re-run this command to confirm
that the server's certificate is now trusted.

knife ssl check
Connecting to host testchefserver.example.com:443
Successfully verified certificates from `testchefserver.example.com'

knife client list

chef-validator
chef-webui
 knife user list
admin
jojan
root

Node configuration

iptables -L

 rpm -ivh chef-11.18.12-1.el6.x86_64.rpm

warning: chef-11.18.12-1.el6.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing...                ########################################### [100%]
   1:chef                   ########################################### [100%]
Thank you for installing Chef!

copy chef-validator.pem from chef server path /etc/chef-server to /etc/chef in Node server

knife ssl fetch -s https://testchefserver.example.com

WARNING: No knife configuration file found
WARNING: Certificates from testchefserver.example.com will be fetched and placed in your trusted_cert
directory ().

Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.

ERROR: TypeError: can't convert nil into String

 knife ssl check
Connecting to host testchefserver.example.com:443
Successfully verified certificates from `testchefserver.example.com'
[root@testchefnode .chef]# knife ssl fetch -s https://testchefserver.example.com
WARNING: Certificates from testchefserver.example.com will be fetched and placed in your trusted_cert
directory (/root/.chef/trusted_certs).

Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.

Adding certificate for testchefserver.example.com in /root/.chef/trusted_certs/testchefserver_example_com.crt

knife ssl check -s https://testchefserver.example.com

Connecting to host testchefserver.example.com:443
Successfully verified certificates from `testchefserver.example.com'

cat /etc/chef/client.rb
log_level :info
log_location STDOUT
chef_server_url "https://testchefserver.example.com:443"
trusted_certs_dir "/root/.chef/trusted_certs"

chef-client -S https://testchefserver.example.com -K /etc/chef/chef-validator.pem

creating a recipe on workstation and upload to server

knife cookbook create motd
** Creating cookbook motd
** Creating README for cookbook: motd
** Creating CHANGELOG for cookbook: motd
** Creating metadata for cookbook: motd

cd /var/chef/cookbooks/motd

ls -l
attributes
CHANGELOG.md
definitions
files
libraries
metadata.rb
providers
README.md
recipes
resources
templates

cd recipes/
vi default.rb

file '/etc/motd' do
        content 'Welcome to chef'
end

Before uploading to server make sure there is no syntax error

knife cookbook test motd
checking motd
Running syntax check on motd
Validating ruby files
Validating templates
Validating ruby files
Validating templates

upload to server,

knife cookbook upload motd
Uploading motd         [0.1.0]
Uploaded 1 cookbook.

to chk from server

knife cookbook list
motd   0.1.0

to chek from dashboard,
https://testchefserver.example.com/cookbooks

Add cookbook to a node,

go to https://testchefserver.example.com/nodes and edit
drag and drop Available Recipes moted to Run List,

chef-client
[2015-09-07T11:17:30+05:30] INFO: Forking chef instance to converge...
[2015-09-07T11:17:30+05:30] WARN:
........................................
- update content in file /etc/motd from e3b0c4 to cad802
    --- /etc/motd       2010-01-12 18:58:22.000000000 +0530
    +++ /tmp/.motd20150907-26207-mb0jjs 2015-09-07 11:17:32.622947241 +0530
    @@ -1 +1,2 @@
    +Welcome to chef
    - restore selinux security context
[2015-09-07T11:17:32+05:30] INFO: Chef Run complete in 0.661581977 seconds

Running handlers:
[2015-09-07T11:17:32+05:30] INFO: Running report handlers
Running handlers complete
[2015-09-07T11:17:32+05:30] INFO: Report handlers complete
Chef Client finished, 1/1 resources updated in 2.350334219 seconds

now cat it in node server,

cat /etc/motd
Welcome to chef

Ref:- https://www.youtube.com/watch?v=egvEPsVMfK0

Wednesday 2 September 2015

Disable FirewallD and use iptables in RHEL 7 and CentOS 7


If you want to use iptables on CentOS 7 and RHEL 7 instead of firewallD Please follow,

systemctl mask firewalld

systemctl stop firewalld

yum -y install iptables-services

systemctl enable iptables

Ref: http://www.tejasbarot.com/2014/08/02/rhel-7-centos-7-disable-firewalld-and-use-iptables/#axzz3keP3fIkw


FirewallD


FirewallD provides a dynamically managed firewall with support for network/firewall zones to define the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings and for ethernet bridges and has a separation of runtime and permanent configuration options. It also supports an interface for services or applications to add firewall rules directly.

Features
D-Bus API
Timed firewall rules
Rich Language for specific firewall rules
IPv4 and IPv6 NAT support
Lockdown: Whitelisting of applications that may modify the firewall
Support for iptables, ip6tables, ebtables firewall backends
Automatic loading of Linux kernel modules
Integration with Puppet

Who’s using it?
FirewallD is used in the following Linux distributions as the default firewall management tool:

RHEL 7
Fedora 18 and newer

Applications and libraries which support FirewallD as a firewall management tool include:

NetworkManager
libvirt
docker 1.7

Ref: http://www.firewalld.org/

Monday 27 July 2015

Testing SMTP Server from the windows command line


C:\Users\Administrator>telnet relay.mx.testserver.com 25

220 mb1relay1.mx.testserver.com ESMTP
helo test
250 mb1relay1.mx.testserver.com
mail from: usename1@mail.com
250 sender <usename1@mail.com> ok
rcpt to: usename2@mail.com
250 recipient <usename2@mail.com> ok
data
354 go ahead
Hi How are you
.
250 ok:  Message 258249 accepted
quit
221 mb1relay1.mx.testserver.com


Connection to host lost.

Ref :- https://www.youtube.com/watch?v=lfYtz3uRPYc


Sunday 26 July 2015

Nullifying a log file


Clear a file using /dev/null 

/dev/null is often referred to a black hole in Linux based systems. It discards all the data written to it and sends EOF (End of File) character to any process reading data from it. With this logic, we can clear the contents of a file.

cp /dev/null logfile

cat /dev/null > logfile

> logfile

dd if=/dev/null of=logfile

Clear a file using truncate

truncate logfile --size 0


Wednesday 20 May 2015

strace

strace is a useful diagnostic, instructional, and debugging tool.

Strace monitors the system calls and signals of a specific program. It is helpful when you do not have the source code and would like to debug the execution of a program. strace provides you the execution sequence of a binary from start to end.

strace shows you how data is passed between the program and the kernel. With no options, strace prints a line for each system call. It shows the call name, given arguments, return value, and any generated error messages. A signal is printed with both its signal symbol and a descriptive string. As it shows the data transfer between user and kernel-space, strace is very useful as both a diagnostic utility for system administrators and a debugging tool for programmers. By default, the output is written to standard error.

Trace the Execution of an Executable
strace ls

Trace a Specific System Calls in an Executable Using Option -e
strace -e open ls

Save the Trace Execution to a File Using Option -o
strace -o output.txt ls

Execute Strace on a Running Linux Process Using Option -p
ps -C firefox-bin

Print Timestamp for Each Trace Output Line Using Option -t
strace -t -e open ls /home

Print Relative Time for System Calls Using Option -r
strace -r ls

Generate Statistics Report of System Calls Using Option -c
strace -c ls /home

eg :-
strace -p 3107
strace -d -p 3107

To print instruction pointer at the time of system call
strace -i -p 3111

To print time stamps of the system call
strace -t -p 3111

Options

-a n
Align the return values in column n. The default is 40.

-c
Count system calls, errors, signals, and time and provide a summary report when the program has ended.

-d
Debug mode. Print debugging information for strace on stderr.

-e [keyword=] [!] values
Pass an expression to strace to limit the types of calls or signals that are traced or to change how they are displayed. If no keyword is given, trace is assumed. The values can be given as a comma-separated list. Preceding the list with an exclamation point (!) negates the list. The special values all and none are valid, as are the values listed with the following keywords.

abbrev=names Abbreviate output from large structures for system calls listed in names. read=descriptors Print all data read from the given file descriptors. signal=symbols Trace the listed signal symbols (for example, signal=SIGIO,SIGHUP).

trace=sets
sets may be a list of system call names or one of the following:

file
Calls that take a filename as an argument.

ipc
Interprocess communication.

network
Network-related.

process
Process management.

signal
Signal-related.

raw=names
Print arguments for the given system calls in hexadecimal.

verbose=names
Unabbreviate structures for the given system calls. Default is none.

write=descriptors
Print all data written to the given file descriptors.

-f
Trace forked processes.

-ff
Write system calls for forked processes to separate files named filename.pid when using the -o option.

-h
Print help and exit.

-i
Print the current instruction pointer with each system call.

-o filename
Write output to filename instead of stderr. If filename starts with the pipe symbol |, treat the rest of the name as a command to which output should be piped.

-O n
Override strace's built-in timing estimates, and just subtract n microseconds from the timing of each system call to adjust for the time it takes to measure the call.

-p pid
Attach to the given process ID and begin tracking. strace can track more than one process if more than one option -p is given.

Type Ctrl-C to end the trace.

-q
Quiet mode. Suppress attach and detach messages from strace.

-r
Relative timestamp. Print time in microseconds between system calls.

-s n
Print only the first n characters of a string. Default value is 32.

-S value
Sort output of -c option by the given value. value may be calls, name, time, or nothing. Default is time.

-T
Print time spent in each system call.

-t
Print time of day on each line of output.

-tt
Print time of day with microseconds on each line of output.

-ttt
Print timestamp on each line as the number of seconds and microseconds since the Epoch.

-u username
Run command as username. Needed when tracing setuid and setgid programs.

-V
Print version and exit.

-v
Verbose. Do not abbreviate structure information.

-x
Print all non-ASCII strings in hexadecimal.

-xx
Print all strings in hexadecimal.

Ref:-
http://www.thegeekstuff.com/2011/11/strace-examples/
http://www.linuxdevcenter.com/cmd/cmd.csp?path=s/strace
http://chadfowler.com/blog/2014/01/26/the-magic-of-strace/

Fields of an inode

Inode is a data structure used to represent a filesystem object, which can be one of various things including a file or a directory. Each inode stores the attributes and disk block location(s) of the filesystem object's data. Filesystem object attributes may include manipulation metadata (e.g. change, access, modify time), as well as owner and permission data (e.g. group-id, user-id, permissions).

ls -il
total 52
185033 -rw-------. 1 root root   979 Apr 25 23:23 anaconda-ks.cfg
393286 drwxr-xr-x. 2 root root  4096 Apr 29 09:09 Desktop
393290 drwxr-xr-x. 2 root root  4096 Apr 29 09:09 Documents
393287 drwxr-xr-x. 2 root root  4096 Apr 29 09:09 Downloads
393291 drwxr-xr-x. 2 root root  4096 Apr 29 09:09 Music
393292 drwxr-xr-x. 2 root root  4096 Apr 29 09:09 Pictures
185050 -rw-r--r--. 1 root root 11955 Apr 23  2013 post-install
185053 -rw-r--r--. 1 root root   552 Apr 23  2013 post-install.log
393289 drwxr-xr-x. 2 root root  4096 Apr 29 09:09 Public
393288 drwxr-xr-x. 2 root root  4096 Apr 29 09:09 Templates
393293 drwxr-xr-x. 2 root root  4096 Apr 29 09:09 Videos

File attributes in particular,

The size of the file in Kilo bytes

Device ID

User ID of the file

Group ID of the file

The file mode that determines the file type and how the owner, group, and others (world) can access the file
Additional system and user flags to further protect the file (note: this can be used limit the files use and modification)

Timestamps telling when the inode itself was last change (ctime, changing time), the file content was last modified (mtime or modification time), and when the file was last accessed (atime or access time)

A link counter that lists how many hard links point to the inode
Pointers to the disk blocks that store the file’s contents (more on that later)

Ref:-
http://en.wikipedia.org/wiki/Inode
http://www.linux-mag.com/id/8658/
http://teaching.idallen.com/dat2330/04f/notes/links_and_inodes.html

Tuesday 7 April 2015

Nagios Client configuration

Nagios Client configuration:-

Windows
------------
http://nsclient.org/nscp/downloads
install NSCP agent and give nagios Server IP

In nagios server,

vi /usr/local/nagios/etc/objects/myclientserver.cfg
vi /usr/local/nagios/etc/nagios.cfg

Add entry for myclientserver.cfg
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
/etc/init.d/nagios restart

Linux
------------
Download the required packages example,
nrpe-2.14.tar.gz
nagios-plugins-2.0.tar.gz

tar -xzvf nagios-plugins-2.0.tar.gz
tar -xzvf nrpe-2.14.tar.gz

yum install gcc
yum install openssl*
ldconfig

cd nagios-plugins-2.0
 ./configure
 make
 make install
 useradd nagios
 chown -R nagios:nagios /usr/local/nagios

cd ../nrpe-2.14
 ./configure
 make all
 make install-plugin
 make install-daemon
 yum install xinetd
 make install-daemon-config
 make install-xinetd

vi /etc/xinetd.d/nrpe
only_from       = 127.0.0.1 10.11.22.22

vi /etc/services
nrpe            5666/tcp                # nrpe

/etc/init.d/xinetd restart
 netstat -an | grep -i 5666

 yum install telnet
 telnet 10.11.22.22 5666

 ifconfig
 yum install sysstat

 cd /usr/local/nagios/
 mv /home/agoviku/libexec.tar.gz .
 mv /home/agoviku/md5s .
 chown -R nagios.nagios /usr/local/nagios
 tar -xzvf libexec.tar.gz

scp -r /usr/local/nagios/libexec usename@10.11.11.59:/tmp

cp -r /tmp/libexec /usr/local/nagios/
chown -R nagios:nagios /usr/local/nagios/
chmod -R 755 /usr/local/nagios/libexec

For Web servers,
vi /usr/local/nagios/etc/nrpe.cfg
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
command[check_disk1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /
command[check_disk2]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /data
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 400 -c 450
command[check_sendmail]=/usr/local/nagios/libexec/check_tcp -H localhost -p 25
command[check_cpu]=/usr/local/nagios/libexec/check_cpu.sh -w 60 -c 90
command[check_rofs1]=/usr/local/nagios/libexec/check_rofs.sh /
command[check_rofs2]=/usr/local/nagios/libexec/check_rofs.sh /data
command[check_md5]=/usr/local/nagios/libexec/check_md5.sh /etc/httpd/conf.d/vhost.conf
command[check_crond]=/usr/local/nagios/libexec/check_procs -c 1:20 -C crond
command[check_apache]=/usr/local/nagios/libexec/check_apache.sh -w 100 -c 200
command[check_apache2]=/usr/local/nagios/libexec/check_apache2.sh -w 100 -c 200

For DB servers,
vi /usr/local/nagios/etc/nrpe.cfg
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
command[check_disk]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /data
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 250 -c 300
command[check_cpu]=/usr/local/nagios/libexec/check_cpu.sh -w 60 -c 90
command[check_md5]=/usr/local/nagios/libexec/check_md5.sh /etc/my.cnf
command[check_mysql]=/usr/local/nagios/libexec/check_mysql -u nagiosusr -p 'passwrod' -s /data/var/lib/mysql/mysql.sock
command[check_mysql2]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode threads-connected   mysql2
command[check_mysql3]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode  threadcache-hitrate  mysql3
command[check_mysql4]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode threads-created  mysql4
command[check_mysql5]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode threads-running mysql5
command[check_mysql6]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode threads-cached  mysql6
command[check_mysql7]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode connects-aborted  mysql7
command[check_mysql8]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode clients-aborted  mysql8
command[check_mysql9]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode  qcache-hitrate --lookback 1800 --warning 50 --critical 20  mysql9
command[check_mysql10]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode  qcache-lowmem-prunes mysql10
command[check_mysql11]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode  keycache-hitrate --warning 50: --critical 20:  mysql11
command[check_mysql12]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode  bufferpool-hitrate  mysql12
command[check_mysql13]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode   bufferpool-wait-free mysql13
command[check_mysql14]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode   log-waits  mysql14
command[check_mysql15]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode   tablecache-hitrate mysql15
command[check_mysql16]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode   table-lock-contention mysql16
command[check_mysql17]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode  index-usage --warning 30: --critical 10: mysql17
command[check_mysql18]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode  tmp-disk-tables mysql18
command[check_mysql19]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode   open-files  mysql19
command[check_mysql20]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode   slow-queries  mysql20
command[check_mysql21]=/usr/local/nagios/libexec/check_mysql_health --hostname localhost --username nagiosusr --password 'passwrod' --mode   long-running-procs mysql21

In nagios server,
vi /usr/local/nagios/etc/nagios.cfg
 /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
/etc/init.d/nagios restart

install check_mysql_health in /usr/local/nagios/libexec

yum -y install cpan DBI*
cpan
install Time::HiRes
exit
yum -y install DBI*
cpan
install DBD::mysql
exit
ln -s /data/var/lib/mysql/mysql.sock /var/lib/mysql/mysql.sock

Ref :- https://labs.consol.de/nagios/check_mysql_health/


Few Known errors :-
-------------------------------------------------------------
/usr/local/nagios/libexec/check_nrpe -H 10.111.111.33 -p 5666
CHECK_NRPE: Error - Could not complete SSL handshake.

vi /etc/xinetd.d/nrpe
only_from       = 127.0.0.1 10.11.22.22

service xinetd restart

/usr/local/nagios/libexec/check_nrpe -H 10.33.66.10 -p 5666
NRPE v2.14

Ref: http://assets.nagios.com/downloads/nagiosxi/docs/NRPE-Troubleshooting-and-Common-Solutions.pdf
-------------------------------------------------------------
File Integrity
CRITICAL - file does not exist!(Nagios)

ll /etc/httpd/conf.d/vhost.conf
ls: cannot access /etc/httpd/conf.d/vhost.conf: No such file or directory
touch /etc/httpd/conf.d/vhost.conf

/usr/local/nagios/libexec/check_md5.sh /etc/httpd/conf.d/vhost.conf
OK
-------------------------------------------------------------
mysql Access denied for user 'monitor'@'localhost' (using password: YES)

grant all  on *.* to 'nagiosusr'@'%' identified by 'passwrod';
FLUSH PRIVILEGES;
-------------------------------------------------------------------------

Tuesday 3 March 2015

Data Compression Using mod_deflate


The mod_deflate module provides the DEFLATE output filter that allows output from your server to be compressed before being sent to the client over the network. Currently mod_deflate is using with newer version of Apache. mod_deflate is the replacement of mod_gzip which was used with older verion of Apache.

Enabling Compression

By default mod_deflate modules are enabled in Apache. To make sure check following line in Apache configuration file.

LoadModule deflate_module modules/mod_deflate.so

Enable mod_deflate by editing apache conf(vhost.conf) file for particular website,

<Directory "/path/">
       <IfModule mod_mime.c>
                AddType application/x-javascript .js
                AddType text/css .css
        </IfModule>
        <IfModule mod_deflate.c>
                AddOutputFilterByType DEFLATE text/css application/x-javascript text/x-component text/html text/plain text/xml application/javascript
        </IfModule>
        Header append Vary User-Agent env=!dont-vary
    </Directory>

OR

Enable mod_deflate by editing apache conf(httpd.conf) file,

Add the following lines to configure mod_deflate in your apache configuration file.

 <IfModule mod_deflate.c>
  # compress text, html, javascript, css, xml:
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE text/xml
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE application/xml
  AddOutputFilterByType DEFLATE application/xhtml+xml
  AddOutputFilterByType DEFLATE application/rss+xml
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/x-javascript
  AddOutputFilterByType DEFLATE image/x-icon
</IfModule>

To set the no-gzip note for a particular browser, so that no compression will be performed.

<Directory /var/www/html/>
    <IfModule mod_mime.c>
        AddType application/x-javascript .js
        AddType text/css .css
    </IfModule>
    <IfModule mod_deflate.c>
        AddOutputFilterByType DEFLATE text/css application/x-javascript text/x-component text/html text/plain text/xml application/javascript
        <IfModule mod_setenvif.c>
            BrowserMatch ^Mozilla/4 gzip-only-text/html
            BrowserMatch ^Mozilla/4\.0[678] no-gzip
            BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
        </IfModule>
    </IfModule>
    Header append Vary User-Agent env=!dont-vary
</Directory>

Restart the apache service to complete the process

# service httpd restart

Testing Compression

After configuring compression in Apache we can see that content is being send by web server is compressed by mod_defalte by using below URL.
http://www.whatsmyip.org/http-compression-test/

Ref : http://tecadmin.net/how-to-enable-gzip-compression-on-apache/

Sunday 1 March 2015

Troubleshooting high loads on Linux servers


The load average represents the average number of processes that have to wait for CPU time during the last 1, 5 or 15 minutes.

What causes high server loads?

Excessive usage of any of the following items can typically cause this issue:

CPU
memory (including swap)
disk I/O

How can I check these items?

That depends whether you want to review their current resource usage, or historical resource usage.

Historical resource usage can be viewed using the "sar" utility.

The stats are collected when sysstat runs from cron (/etc/cron.d/sysstat). If crond is not running, sysstat will not be able to collect historical statistics.

or example, if you wanted to view the load averages for your server from the 28rd of the month:
sar -q -f /var/log/sa/sa28

the current day status: sar -q
Current CPU usage: top c
Historical CPU usage : sar -p
Current memory usage: free -m
Historical memory usage: sar -r  (%memused and %swpused), sar -s (%swpused)
Current disk I/O usage: iostat -x 1 10
Historial disk I/O usage : sar -d
process list: ps auxwwwf
system’s virtual memory statistics: vmstat 5 10 (10 times at 5 second intervals)

There are various actions you can take to find the cause of your high server loads. Here is a partial list that will always be incomplete:

Check the MySQL process list using "mysqladmin processlist" (or just "mysqladmin pr" for short)
Check the MySQL process list using mytop
tail your logs! Listening to what your server says is very important. Is your server being brute forced?
Run dmesg and check for possible hardware issues
Use netstat to view the connections to your server

Here are some logs to check:

syslogs: /var/log/messages, /var/log/secure
SMTP logs: /var/log/exim_mainlog, /var/log/exim_rejectlog, /var/log/exim_paniclog
POP3/IMAP logs: /var/log/maillog
Apache logs: /usr/local/apache/logs/access_log, /usr/local/apache/logs/error_log, /usr/local/apache/logs/suexec_log, /usr/local/apache/logs/suphp_log
Website logs: /usr/local/apache/domlogs/ (use this to find sites with traffic in the last 60 seconds: find -maxdepth 1 -type f -mmin -1 | egrep -v 'offset|_log$')
cron logs: /var/log/cron

Ref :
http://forums.cpanel.net/f5/troubleshooting-high-server-loads-linux-servers-319352.html
http://www.linuxjournal.com/magazine/hack-and-linux-troubleshooting-part-i-high-load?page=0,0