Friday, January 29, 2016
Junipper Firewall show traffic log
# show security flow session destination-prefix 192.x.x.x
# show security flow session source-prefix 192.x.x.x | match 10.x.x.x
# show log traffic_log | match 10.x.x.x
Sunday, January 24, 2016
Configure NRPE on Nagios Server and Client Side
NRPE - Client
-------------------
# /usr/local/nagios/etc/
# vi nrpe.cfg
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/sda1
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200
NRPE - Server
------------------
[root@nagioscore ~]# /usr/local/nagios/libexec/check_nrpe -H 192.168.3.101 -c check_users
USERS OK - 3 users currently logged in |users=3;5;10;0
[root@nagioscore ~]# /usr/local/nagios/libexec/check_nrpe -H 192.168.3.101 -c check_load
OK - load average: 0.00, 0.00, 0.00|load1=0.000;15.000;30.000;0; load5=0.000;10.000;25.000;0; load15=0.000;5.000;20.000;0;
[root@nagioscore ~]# /usr/local/nagios/libexec/check_nrpe -H 192.168.3.101 -c check_hda1
DISK OK - free space: /boot 227 MB (84% inode=99%);| /boot=40MB;225;253;0;282
[root@nagioscore ~]# /usr/local/nagios/libexec/check_nrpe -H 192.168.3.101 -c check_total_procs
PROCS OK: 146 processes | procs=146;150;200;0;
Wednesday, January 20, 2016
Install Nagios on Rehat
1. /usr/local/nagios
2. monitor disk usage, cpu load, current usrs, total processes, etc
3. http://localhost/nagios
4. plugin 2.0.3
5. yum update
6. yum install -y
7. useradd nagios
8. groupadd nagcmd
9. usermod -G nagmd nagios apache
10. mkdir /root/nagios
wget http://prdownload.sourceforge.net/sourceforge/nagios/nagios-4.0.0.tar
wget http://www.nagios-plugins.org/download/nagios-plugins-2.0.3.tar.gz
11. tar xvf nagios-4.0.8.tar.gz
12. tar -xvf nagios-plugins-2.0.3.tar.gz
13. cd nagios-4.0.1
14. ./configure --with-command-group=nagcmd
15. make all
16. make install
17. make install-init
18. make install-commandmode
19. make install-config
20. cd nagios-plugins-2.0.3
21. ./configure --with-command-group=nagcmd
22. make all
23. make install-init
24. make install-commandmode
25. make install-config
26. make install-webconf
27.
27. httpasswd -s -c /usr/local/nagios/etc/httpasswd.users nagiosadmin
28. service httpd restart
29. ./configure --with-nagios-user=nagios --with-nagios-group=nagios
30. make
31. make install
32. /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
33. chkconfig --add nagios
34. chkconfig --level 35 nagios on
35. chkconfig --add httpd on
36. chkconfig --level 35 httpd on
37. /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
38. systemctl start nagios.service
39. /etc/nagios3/htpasswd.users
40. /htpasswd /etc/nagios3/htpasswd.users nagiosadmin
41.
42.
43.
44.
Sunday, January 17, 2016
Use Pam_Tally2 to Lock and Unlock SSH Failed Login Attempts
Use ‘/etc/pam.d/password-auth‘ configuration file to configure login attempts accesses. Open this file and add the following AUTH configuration line to it at beginning of the ‘auth‘ section.
auth required pam_tally2.so file=/var/log/tallylog deny=3 even_deny_root unlock_time=1200
account required pam_tally2.so
check the counter that user attempts with the following command.
# pam_tally2 --user=john
How to reset or unlock the user account to enable access again.
# pam_tally2 --user=john --reset
Verify login attempt is reset or unlocked
# pam_tally2 --user=john
auth required pam_tally2.so file=/var/log/tallylog deny=3 even_deny_root unlock_time=1200
account required pam_tally2.so
- file=/var/log/tallylog – Default log file is used to keep login counts.
- deny=3 – Deny access after 3 attempts and lock down user.
- even_deny_root – Policy is also apply to root user.
- unlock_time=1200 – Account will be locked till 20 Min. (remove this parameters if you want to lock down permanently till manually unlock.)
check the counter that user attempts with the following command.
# pam_tally2 --user=john
How to reset or unlock the user account to enable access again.
# pam_tally2 --user=john --reset
Verify login attempt is reset or unlocked
# pam_tally2 --user=john
Tuesday, January 12, 2016
IIS reverse proxy with rewrites can't handle a redirect from the server we proxy to
appcmd.exe set config -section:system.webServer/proxy /reverseRewriteHostInResponseHeaders:"False" -commit:apphost
How to Document Servers with SYDI
Manual run
C:\temp\sydi>cscript.exe ss-xml2word.vbs -xc:\temp\xx1.xml -llang_english.xml -sC:\temp\BaseTemplate.xml -o"c:\temp\System Documentation For xxx1.doc" -d -b"Table list 4" -Tc:\temp\Template9.dotx
Batch file
cscript.exe ss-xml2word.vbs -xC:\temp\%1.xml -llang_english.xml
-sC:\temp\BaseTemplate.xml -oC:\temp\WordDoc\System_Documentation_For_%1.doc -d -b"Table
list 4" -Tc:\temp\Template9.dotx
Run on Cmd Prompt
c:\temp\Writedoc.cmd Servername
SYDI-Server v.2.4
Usage: cscript.exe sydi-server.vbs [options]
Examples: cscript.exe sydi-server.vbs -wabes -rc -f10 -tSERVER1
cscript.exe sydi-server-vbs -ex -sh -o"H:\Server docs\DC1.xml -tDC1"
Gathering Options
-w - WMI Options (Default: -wabefghipPqrsSu)
a - Windows Installer Applications
b - BIOS Information
e - Event Log files
f - File Shares
g - Local Groups (on non DC machines)
h - Additional Hardware (ie. Video Controller)
i - IP Routes (XP and 2003 only)
p - Printers
P - Processes (running)
q - Installed Patches
r - Registry Size
s - Services
S - Startup Commands
u - Local User accounts (on non DC machines)
-r - Registry Options (Default: -racdklp)
a - Non Windows Installer Applications
c - Windows Components
d - FQDN Domain Name
k - Product Keys
l - Last Logged on user
p - Print Spooler Location
-t - Target Machine (Default: ask user)
-u - Username (To run with different credentials)
-p - Password (To run with different credentials, must be used with -u)
Output Options
-e - Export format
w - Microsoft Word (Default)
x - XML (has to be used with -o)
-o - Save to file (-oc:\corpfiles\server1.doc, use in combination with -d
if you don't want to display word at all, use a Path or the file will
be placed in your default location usually 'My documents')
-oC:\corpfiles\server1.xml
WARNING USING -o WILL OVERWRITE TARGET FILE WITHOUT ASKING
Word Options
-b - Use specific Word Table (-b"Table Contemporary"
or -b"Table List 4")
-f - Base font size (Default: -f12)
-d - Don't display Word while writing (runs faster)
-n - No extras (minimize the text inside brackets)
-T - Use .dot file as template (-Tc:\corptemplates\server.dot, ignores -f)
XML Options
-s - XML Stylesheet
h - HTML
t - Free text (-stE:\Files\mytransform.xsl or -stCORP.xsl)
Other Options
-v - Check for latest version (requires Internet access)
-D - Debug mode, useful for reporting bugs
-h - Display help
C:\temp\sydi>cscript.exe ss-xml2word.vbs -xc:\temp\xx1.xml -llang_english.xml -sC:\temp\BaseTemplate.xml -o"c:\temp\System Documentation For xxx1.doc" -d -b"Table list 4" -Tc:\temp\Template9.dotx
Batch file
cscript.exe ss-xml2word.vbs -xC:\temp\%1.xml -llang_english.xml
-sC:\temp\BaseTemplate.xml -oC:\temp\WordDoc\System_Documentation_For_%1.doc -d -b"Table
list 4" -Tc:\temp\Template9.dotx
Run on Cmd Prompt
c:\temp\Writedoc.cmd Servername
SYDI-Server v.2.4
Usage: cscript.exe sydi-server.vbs [options]
Examples: cscript.exe sydi-server.vbs -wabes -rc -f10 -tSERVER1
cscript.exe sydi-server-vbs -ex -sh -o"H:\Server docs\DC1.xml -tDC1"
Gathering Options
-w - WMI Options (Default: -wabefghipPqrsSu)
a - Windows Installer Applications
b - BIOS Information
e - Event Log files
f - File Shares
g - Local Groups (on non DC machines)
h - Additional Hardware (ie. Video Controller)
i - IP Routes (XP and 2003 only)
p - Printers
P - Processes (running)
q - Installed Patches
r - Registry Size
s - Services
S - Startup Commands
u - Local User accounts (on non DC machines)
-r - Registry Options (Default: -racdklp)
a - Non Windows Installer Applications
c - Windows Components
d - FQDN Domain Name
k - Product Keys
l - Last Logged on user
p - Print Spooler Location
-t - Target Machine (Default: ask user)
-u - Username (To run with different credentials)
-p - Password (To run with different credentials, must be used with -u)
Output Options
-e - Export format
w - Microsoft Word (Default)
x - XML (has to be used with -o)
-o - Save to file (-oc:\corpfiles\server1.doc, use in combination with -d
if you don't want to display word at all, use a Path or the file will
be placed in your default location usually 'My documents')
-oC:\corpfiles\server1.xml
WARNING USING -o WILL OVERWRITE TARGET FILE WITHOUT ASKING
Word Options
-b - Use specific Word Table (-b"Table Contemporary"
or -b"Table List 4")
-f - Base font size (Default: -f12)
-d - Don't display Word while writing (runs faster)
-n - No extras (minimize the text inside brackets)
-T - Use .dot file as template (-Tc:\corptemplates\server.dot, ignores -f)
XML Options
-s - XML Stylesheet
h - HTML
t - Free text (-stE:\Files\mytransform.xsl or -stCORP.xsl)
Other Options
-v - Check for latest version (requires Internet access)
-D - Debug mode, useful for reporting bugs
-h - Display help
Saturday, January 2, 2016
How do I update a CentOS server's time from an authoritative time server?
#yum install ntp
#chkconfig ntpd on
#ntpdate pool.ntp.org
#service ntpd start
Change the current timezone in CentOS
Method 1
# date
# cd /etc
# rm localtime
# cd /etc
# ln -s /usr/share/zoneinfo/Asia/Singapore localtime
Method 2
# cat /etc/timezone
Asia/Singapore
# vim /etc/timezone
Asia/Singapore
# export TZ=Asia/Singapore
# date
# cd /etc
# rm localtime
# cd /etc
# ln -s /usr/share/zoneinfo/Asia/Singapore localtime
Method 2
# cat /etc/timezone
Asia/Singapore
# vim /etc/timezone
Asia/Singapore
# export TZ=Asia/Singapore
Subscribe to:
Posts (Atom)