Wednesday, 9 March 2016

Configuring Nagios Client : NRPE Plugin

We have discussed how to "Install Nagios Core on Amazon Linux Instance ". Please check the link for reference : http://linuxhotcoffee.blogspot.in/2016/03/installing-nagios-core-on-amazon-linux.html

My current Infrastructure details is given below : OS & Private IP

Monitoring Server : Amazon Linux Instance (10.10.1.100)
Client Server : Ubuntu (10.10.1.10)


Create User nagios and install below mentioned package

sudo useradd -m nagios
sudo apt-get install libssl-dev openssl xinetd build-essential


Now lets configure Monitoring server . Install NRPE on monitoring server.You can download the latest version of NRPE from Official Download page.Current latest version is NRPE 2.15 .Download the latest release using wget

cd ~
wget http://downloads.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz
wget http://nagios-plugins.org/download/nagios-plugins-2.1.1.tar.gz


Extract the tar file

tar -xvzf  nrpe-2.15.tar.gz
tar xzf nagios-plugins-2.1.1.tar.gz


Change the directory to

cd nagios-plugins-2.1.1/

Compile and install Plugin

./configure --with-nagios-user=nagios --with-nagios-group=nagios --with-openssl
make
make install


Change the directory to

cd nrpe-2.15/

Compile and install NRPE

./configure --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/x86_64-linux-gnu
make install-plugin
make install-daemon
make install-daemon-config
make install-xinetd

Now modify the "only_from"  line in  /etc/xinetd.d/nrpe

vi /etc/xinetd.d/nrpe
only_from = 127.0.0.1 10.10.1.1000

Restart the xinetd service

service xinetd restart

Configuration on Nagios Monitor server is completed ,now we can move with configuration of Client Server

Install Nagios plugin and NRPE on Client Server

apt-get install nagios-plugins nagios-nrpe-server


Configure the Monitor Server ip on client nrpe.cfg file

vi /etc/nagios/nrpe.cfg

find allowed_hosts section in the file and add like the following

allowed_hosts=127.0.0.1,10.10.1.100


Restart then NRPE Service

service nagios-nrpe-server restart 











Tuesday, 8 March 2016

Installing Nagios Core on Amazon Linux Instance



I already have an running Amazon Linux Instance on my AWS infrastucture ,so i am not going to give any details on “How to spin up an Amazon Linux instance” :) . Port 22 and 80 is opend in my
Amazon Linux Instance gateway. Currently i had connected to my instance using ssh (Port :22). Please go through the below link to spinup an instance
https://aws.amazon.com/amazon-linux-ami/

Before we start installing Nagios Core we need following package to be installed .Please follow below Step :


sudo yum install httpd php
sudo yum install gcc glibc glibc-common
sudo yum install gd gd-devel

After all dependancie packages had installed we need to setup Nagios User in Instance

sudo groupadd nagcmd
sudo usermod -a -G nagcmd nagios
sudo usermod -a -G nagcmd apache

Now we can download the Nagios Core package and Plugins.Let store the download files in Download folder in home directory for temporarly still installation is over.

cd ~
cd Downloads/
wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-4.0.8.tar.gz
wget http://nagios-plugins.org/download/nagios-plugins-2.0.3.tar.gz

Once donload is over we extract the files

tar -xvzf http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-4.0.8.tar.gz
tar -xvzf http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-4.0.8.tar.gz

You can find the latest file in Nagios Official Website : http://www.nagios.org/download//

Now we can compile and Install nagios ,firtst move to extracted nagios folder and compile the file

cd nagios-4.0.8
./configure –with-command-group=nagcmd
sudo make all
sudo make install-init
sudo make install-config
sudo make install-commandmode

Now we had completed the Nagios Core installation ,to compile and install Nagios plugin please follow below steps

cd nagios-plugins-2.0.3
./configure --with-nagios-user=nagios --with-nagios-group=nagios
sudo make
sudo make install

Now we have completed nagios plugin installation,to start nagios service during sytem restart automatically follow below steps

chkconfig –add nagios
chkconfig –level nagios on
chkconfig –add httpd
chkconfig –level httpd on

Now we can move to the final step configuring Nagios Web Interface.

cd nagios-4.0.8
sudo make install-webconf

Creat a admin account to loggin in Nagios Web Interface

sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users admin

Restart apache and Nagios service
That all Cheers :)

sudo service httpd restart
sudo service nagios start


You can access now Nagios Web Interface from link http://localhost/nagios” 




Monday, 17 August 2015

Blogs list for learning Cloud

http://aws.amazon.com/articles/
https://aws.amazon.com/blogs/aws/
http://harish11g.blogspot.in/
http://sanketdangi.com/
http://highscalability.com/
http://www.ciphercloud.com/blog/
http://highscalability.com/
http://blogs.aws.amazon.com/security/blog

Thursday, 2 January 2014

Frequently used Exim Command

Frequently used Exim Command

============================================
============================================

#Print the total number of mail in mail queue.

 exim -bpc

#Print list of mails in the queue

 exim -bp

#Print summary of messages in queue

 exim -bp | exiqsumm

#Print what exim is currently doing now

 exiwhat

#Print message header

 exim -Mvh <message id>

#Print message's body

 exim -Mvb <message-id>

#Print a message logs

 exim -Mvl <message-id>

#It shows top 50 domains using mail server with options.

 eximstats -ne -nr /var/log/exim_mainlog

------------------------------------------------------------------------------------------------------------------------------------

#To remove a message from the queue

 exim -Mrm <message-id>

#To freeze a message

 exim -Mf <message-id>

#To remove all frozen mails in the queue

 exim -bp | grep frozen | awk '{ print $3 }' | xargs exim -Mrm

#To check how exim will route a given address

 exim -bt user@remotehost.com

#To search the queue for messages from a specific sender

  exiqgrep -f user@domain.com

#To search the queue for messages for a specific recipient/domain

  exiqgrep -r user@domain.com

#To print messages older than the specified number of seconds.

  exiqgrep -o <sec>

#To print messages that are younger than the specified number of seconds.

  exiqgrep -y <sec>

#To print the message-id of the entire queue

 exiqgrep -i

#To print a count of messages

  exiqgrep -c

#To remove all messages older than 10 day.

 exiqgrep -o 86400 -i | xargs exim -Mrm

#To freeze all queued mail from a given sender

 exiqgrep -i -f user@domain.com | xargs exim -Mf

# To remove all mail delivery failure mails.

   exiqgrep -i -f '<>'  | xargs exim -Mrm

Find Spam Mail in Cpanel server:Exim

Find Spam Mail in Cpanel server:Exim
====================================
====================================


#summary of mails in the mail queue.

 exim -bpr | exiqsumm -c | head

#To get all Message-ids of a Particular user

 exiqgrep -f <userid@mail.com>| grep '<' |cut -d"<" -f1 |awk '{print $3}'

 Provide username in above script

#Print message header

 exim -Mvh <message id>

#Print message's body

 exim -Mvb <message-id>

#To Delete all mail queue of a user by Message-id

exiqgrep -f <userid@mail.com>| grep '<' |cut -d"<" -f1 |awk '{print $3}' |xargs exim -Mrm

===================================================================
#To check the script that will originate spam mails:

 tail -f /var/log/exim_mainlog | grep cwd

 grep "cwd=/home" /var/log/exim_mainlog | awk '{for(i=1;i<=10;i++){print $i}}' | sort | uniq -c | grep cwd | sort -n

 awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1

 grep 'cwd=/home' /var/log/exim_mainlog | awk '{print $3}' | cut -d / -f 3 | sort -bg | uniq -c | sort -bg

#To find exact spamming script currently running

  ps auxwwwe | grep <user> | grep --color=always "<location of script>" | head

  Provide username and location of script in above script

#Once you find the script ,following script will help you to find the ip address which is reponsable for the spamming.You can block the IP address 
 in  firewall

 grep "<script_name>" /home/username/access-logs/domain.com | awk '{print $1}' | sort -n | uniq -c | sort -n

 Provide Scriptname,username and domainname in above script

========================================================================

#In order to find “nobody” spamming, use the following command

 ps -C exim -fH ewww | awk '{for(i=1;i<=40;i++){print $i}}' | sort | uniq -c | grep PWD | sort -n

#To remove all frozen mails in the queue

 exim -bp | grep frozen | awk '{ print $3 }' | xargs exim -Mrm


#To remove a message from the queue

 exim -Mrm <message-id>

Tuesday, 4 December 2012

Install Sun jdk in Ubuntu 12.10

-->

Step 1 : Instal Java jdk version 7 from Repository

sudo apt-get install sun-java7-jdk.

If already installed an jdk version Go to step 2

Step 2 : Download sdk

Step 3 : Extract tar -xvf jdk-7u4-linux-x64.tar.gz

Step 4 : Move extracted folder to /usr/lib/jvm/
                     sudo mv jdk1.7.0_04 /usr/lib/jvm/

Step 5 : Install new java source , update-alternative is used when multiple version of same application is used and you want to pick one defailt version.
sudo update-alternatives --install /usr/bin/javac javac /usr/lib/jvm/jdk1.6.0_32/bin/javac 1
 
sudo update-alternatives --install /usr/bin/java java /usr/lib/jvm/jdk1.6.0_32/bin/java 1 
 
sudo update-alternatives --install /usr/bin/javaws javaws /usr/lib/jvm/jdk1.6.0_32/bin/javaws 
 
 
Step 6 : If default java verion one to be used, for that sudo update-alternatives –config is used : 
 
sudo update-alternatives --config javac
sudo update-alternatives --config java
sudo update-alternatives --config javaws 
 
Step 7 : Check Java Version
              java -version
Step 8: Update Java Home Directory for that Edit .bashrc
vim ~/.bashrc
add following line to it.
export JAVA_HOME=/path/your/jdk
export PATH=$JAVA_HOME/bin:$PATH





Saturday, 1 December 2012

Tomcat-Apache Installation

Step1: Install tomcat and apache package from Repository.
  • apt-get install tomcat7
  • apt-get install apache2
 
Step 2: Configure the connection between Tomcat and apache

         Step 2.1: Enable ajp module in Apache
  •  a2enmode proxy proxy_ajp
     
    Step 2.2: Add the below lines in configuratin file  /etc/apache2/sites-available/default 
             ProxyPass / ajp://localhost:8009/
 
             ProxyPassReverse / ajp://localhost:8009
    Step 2.3: To enable ajp module, uncomment the following line in /etc/tomcat7  /server.xml
            Connector port="8009" redirectPort="8443" protocol="AJP/1.3"
 
 
Step 3: To enable tomcat users edit configuration file  etc/tomcat7/tomcat-users.xml   
 <tomcat-users>
 
<role rolename="manager-gui"/> 
 
 <role rolename="admin-gui"/> 
 <user name="admin" password="secret_password" roles="manager-gui,admin-gui"/> 
 </tomcat-users>


 Step 4: Restart Tomcat and apache Services service 
service apache2 restart  
service tomcat7 restart
 
Step 5: Check Installation and configuration is fine
http://<ip>:80  
http://<ip>:8080 
http://<ip>:8080/manager/html