Icinga: Monitoring von VMWare ESX(i) Servern / virtuellen Maschinen
--------------------------------------------------------------------
Nach dem Icinga installiert und eingerichtet ist kann man Icinga
dazu nutzen ESX(i) Server zu monitoren.
Es gibt in dem Beispiel gibt es nachher einen Benutzer/User: john
mit der email-addresse: john@domain.tld.
Dieser Benutzer gehört der Gruppe: esx-support.
Diese Gruppe hat Zugriff auf Services/Hosts die: "contactgroups esx-support"
enthalten.
Der User: icingaadmin hat zugriff auf alles also auch auf
den icingaserver (localhost.cfg).
Es gibt 3 Hostgruppen: "ESX Server", "ESXi Server" und "Windows Server"
Die Storage auf den ESX(i) Servern heissen "datastore1".
In der Anleitung gehe ich davon aus das Icinga unter: /usr/local/icinga installiert ist.
Downloaden von Status Map Icons:
http://exchange.nagios.org/directory/Graphics-and-Logos/Images-and-Logos/F*Nagios-Icon-Pack/details
Die Datei: FNagios.tar.gz im Verzeichnis /usr/local/icinga/share/images entpacken.
Das check plugin: check_esx3.pl laden von http://exchange.nagios.org/directory/Plugins/Operating-Systems/*-Virtual-Environments/VMWare/check_esx3/details
dieses nach /usr/local/icinga/libexec kopieren und ausführbar machen.
# chown icinga.icinga /usr/local/icinga/libexec/check_esx3.pl
# chmod 755 /usr/local/icinga/libexec/check_esx3.pl
Das check plugin: check_esxi_hardware.py laden von http://www.claudiokuenzler.com/nagios-plugins/check_esxi_hardware.php
# chown icinga.icinga /usr/local/icinga/libexec/check_esxi_hardware.py
# chmod 755 /usr/local/icinga/libexec/check_esxi_hardware.py
Das check_plugin: check_mem.pl laden von http://exchange.nagios.org/directory/Plugins/System-Metrics/Memory/check_mem-2Epl/details
/usr/local/icinga/etc/cgi.cfg
diese Zeile sollten angepasst werden, sprich "esx-support" hinzu
authorized_for_system_information=icingaadmin,esx-support
authorized_for_all_services=icingaadmin,esx-support
authorized_for_all_hosts=icingaadmin,esx-support
authorized_for_all_service_commands=icingaadmin,esx-support
/usr/local/icinga/etc/resource.cfg
# Sets $USER1$ to be the path to the plugins
$USER1$=/usr/local/icinga/libexec
# Store some usernames and passwords (hidden from the CGIs)
$USER6$=root
$USER7$=password
$USER8$=root
$USER9$=password2
Diese Datei ist dafür gedacht das keine Passwörter im klartext in den Konfigdateien stehen.
# htpasswd -c /usr/local/icinga/etc/htpasswd.users john
Für User: John ein password festlegen.
/usr/local/icinga/etc/objects/contacts.cfg
define contact{
contact_name icingaadmin ; Short name of user
use generic-contact ; Inherit default values from generic-contact template (defined above)
alias Icinga Admin ; Full name of user
email icinga@localhost ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
service_notification_period 24x7
host_notification_period 24x7
service_notification_options w,u,c,r
host_notification_options d,r
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
}
define contact{
contact_name john; Short name of user
use generic-contact ; Inherit default values from generic-contact template (defined above)
alias John Smith ; Full name of user
contactgroups esx-support
email john@domain.tld ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
service_notification_period 24x7
host_notification_period 24x7
service_notification_options w,u,c,r
host_notification_options d,r
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
}
define contactgroup{
contactgroup_name admins
alias Icinga Administrators
members icingaadmin
}
define contactgroup{
contactgroup_name esx-support
alias ESX Administrators
members icingaadmin, john
}
/usr/local/icinga/etc/objects/hostgroups.cfg
define hostgroup{
hostgroup_name esx-servers; The name of the hostgroup
alias VMWARE ESX; Long name of the group
members esxi01; Comma separated list of hosts that belong to this group
}
define hostgroup{
hostgroup_name esxi-servers; The name of the hostgroup
alias VMWARE ESXi; Long name of the group
members esxi01; Comma separated list of hosts that belong to this group
}
define hostgroup{
hostgroup_name windows-servers; The name of the hostgroup
alias Windows Server; Long name of the group
members vcenter01; Comma separated list of hosts that belong to this group
}
/usr/local/icinga/etc/objects/commands.cfg
# 'check_by_ssh' command definition
define command{
command_name check_by_ssh
command_line $USER1$/check_by_ssh -H $HOSTADDRESS$ -p $ARG1$ -l "$ARG2$" -C "$ARG3$" -t20
}
# 'check_mysql' command definition
define command{
command_name check_mysql
command_line $USER1$/check_mysql -H $HOSTADDRESS$ -u $ARG1$ -p $ARG2$
}
# 'check_ntp_time' command definition
define command{
command_name check_ntp_time
command_line $USER1$/check_ntp_time -H $HOSTADDRESS$
}
# 'check_mailq' command definition
define command{
command_name check_mailq
command_line $USER1$/check_mailq -w $ARG1$ -c $ARG2$
}
# 'check_dns' command definition
define command{
command_name check_dns
command_line $USER1$/check_dns -s $ARG1$ -H $ARG2$
}
# 'check_icinga' command definition
define command{
command_name check_icinga
command_line $USER1$/check_nagios -e 5 -F $ARG1$ -C $ARG2$
}
# 'check_mem' command definition
define command{
command_name check_mem
command_line $USER1$/check_mem.pl -w $ARG1$ -c $ARG2$ -f -C
}
# Hardwarecheck
# 'check_esxi_hardware' command definition
define command{
command_name check_esxi_hardware
command_line $USER1$/check_esxi_wbem.py https://$HOSTADDRESS$ $ARG1$ "$ARG2$" $ARG3$
}
# ESX(i) Server
define command{
command_name check_esx3_host_cpu_usage
command_line $USER1$/check_esx3.pl -H $HOSTADDRESS$ -u $ARG1$ -p $ARG2$ -l cpu -s usage -w $ARG3$ -c $ARG4$
}
define command{
command_name check_esx3_host_mem_usage
command_line $USER1$/check_esx3.pl -H $HOSTADDRESS$ -u $ARG1$ -p $ARG2$ -l mem -s usage -w $ARG3$ -c $ARG4$
}
define command{
command_name check_esx3_host_mem_overhead
command_line $USER1$/check_esx3.pl -H $HOSTADDRESS$ -u $ARG1$ -p $USER12$ -l mem -s overhead -w $ARG3$ -c $ARG4$
}
define command{
command_name check_esx3_host_mem_memctl
command_line $USER1$/check_esx3.pl -H $HOSTADDRESS$ -u $ARG1$ -p $USER12$ -l mem -s memctl -w $ARG3$ -c $ARG4$
}
define command{
command_name check_esx3_host_swap_usage
command_line $USER1$/check_esx3.pl -H $HOSTADDRESS$ -u $ARG1$ -p $ARG2$ -l mem -s swap -w $ARG3$ -c $ARG4$
}
define command{
command_name check_esx3_host_net_usage
command_line $USER1$/check_esx3.pl -H $HOSTADDRESS$ -u $ARG1$ -p $ARG2$ -l net -s usage -w $ARG3$ -c $ARG5$
}
define command{
command_name check_esx3_host_vmfs
command_line $USER1$/check_esx3.pl -H $HOSTADDRESS$ -u $ARG1$ -p $ARG2$ -l vmfs -s "$ARG1$" -w "$ARG3$" -c "$ARG4$"
}
define command{
command_name check_esx3_host_vmfs_local
command_line $USER1$/check_esx3.pl -H $HOSTADDRESS$ -u $ARG1$ -p $ARG2$ -l vmfs -s "$ARG3$"
}
define command{
command_name check_esx3_host_runtime_status
command_line $USER1$/check_esx3.pl -H $HOSTADDRESS$ -u $ARG1$ -p $ARG2$ -l runtime -s status
}
define command{
command_name check_esx3_host_runtime_issues
command_line $USER1$/check_esx3.pl -H $HOSTADDRESS$ -u $ARG1$ -p $ARG2$ -l runtime -s issues
}
define command{
command_name check_esx3_host_io_read
command_line $USER1$/check_esx3.pl -H $HOSTADDRESS$ -u $ARG1$ -p $ARG2$ -l io -s read -w $ARG3$ -c $ARG4$
}
define command{
command_name check_esx3_host_io_write
command_line $USER1$/check_esx3.pl -H $HOSTADDRESS$ -u $ARG1$ -p $ARG2$ -l io -s write -w $ARG3$ -c $ARG4$
}
## VM
define command{
command_name check_esx3_vm_cpu_usage
command_line $USER1$/check_esx3.pl -H $ARG1$ -u $ARG4$ -p $ARG5$ -N "$HOSTALIAS$" -l cpu -s usage -w $ARG2$ -c $ARG3$
}
define command{
command_name check_esx3_vm_cpu_mhz
command_line $USER1$/check_esx3.pl -H $ARG1$ -u $ARG4$ -p $ARG5$ -N "$HOSTALIAS$" -l cpu -s usagemhz -w $ARG2$ -c $ARG3$
}
define command{
command_name check_esx3_vm_mem_usage
command_line $USER1$/check_esx3.pl -H $ARG1$ -u $ARG4$ -p $ARG5$ -N "$HOSTALIAS$" -l mem -s usage -w $ARG2$ -c $ARG3$
}
define command{
command_name check_esx3_vm_mem_overhead
command_line $USER1$/check_esx3.pl -H $ARG1$ -u $ARG4$ -p $ARG5$ -N "$HOSTALIAS$" -l mem -s overhead -w $ARG2$ -c $ARG3$
}
define command{
command_name check_esx3_vm_swap_usage
command_line $USER1$/check_esx3.pl -H $ARG1$ -u $ARG4$ -p $ARG5$ -N "$HOSTALIAS$" -l mem -s swap -w $ARG2$ -c $ARG3$
}
define command{
command_name check_esx3_vm_net_usage
command_line $USER1$/check_esx3.pl -H $ARG1$ -u $ARG4$ -p $ARG5$ -N "$HOSTALIAS$" -l net -s usage -w $ARG2$ -c $ARG3$
}
define command{
command_name check_esx3_vm_runtime_cpu
command_line $USER1$/check_esx3.pl -H $ARG1$ -u $ARG4$ -p $ARG5$ -N "$HOSTALIAS$" -l runtime -s cpu -w $ARG2$ -c $ARG3$
}
define command{
command_name check_esx3_vm_runtime_mem
command_line $USER1$/check_esx3.pl -H $ARG1$ -u $ARG5$ -p $ARG5$ -N "$HOSTALIAS$" -l runtime -s mem -w $ARG2$ -c $ARG3$
}
define command{
command_name check_esx3_vm_runtime_status
command_line $USER1$/check_esx3.pl -H $ARG1$ -u $ARG4$ -p $ARG5$ -N "$HOSTALIAS$" -l runtime -s status
}
define command{
command_name check_esx3_vm_runtime_tools
command_line $USER1$/check_esx3.pl -H $ARG1$ -u $ARG2$ -p $ARG3$ -N "$HOSTALIAS$" -l runtime -s tools
}
define command{
command_name check_esx3_vm_runtime_state
command_line $USER1$/check_esx3.pl -H $ARG1$ -u $ARG2$ -p $ARG3$ -N "$HOSTALIAS$" -l runtime -s state
}
define command{
command_name check_esx3_vm_runtime_issues
command_line $USER1$/check_esx3.pl -H $ARG1$ -u $ARG2$ -p $ARG3$ -N "$HOSTALIAS$" -l runtime -s issues
}
# ESX(i) Datacenter / vCenter --> check VMs
define command{
command_name check_esx3_dc_host_cpu_usage
command_line $USER1$/check_esx3 -D $ARG1$ -u $ARG2$ -p $ARG3$ -H "$HOSTALIAS$" -l cpu -s usage -w $ARG2$ -c $ARG4$
}
define command{
command_name check_esx3_dc_host_mem_usage
command_line $USER1$/check_esx3 -D $ARG1$ -u $ARG2$ -p $ARG3$ -H "$HOSTALIAS$" -l mem -s usage -w $ARG2$ -c $ARG4$
}
define command{
command_name check_esx3_dc_host_swap_usage
command_line $USER1$/check_esx3 -D $ARG1$ -u $ARG2$ -p $ARG3$ -H "$HOSTALIAS$" -l swap -s usage -w $ARG2$ -c $ARG4$
}
define command{
command_name check_esx3_dc_host_net_usage
command_line $USER1$/check_esx3 -D $ARG1$ -u $ARG2$ -p $ARG3$ -H "$HOSTALIAS$" -l net -s usage -w $ARG2$ -c $ARG3$
}
define command{
command_name check_esx3_dc_host_runtime_status
command_line $USER1$/check_esx3 -D $ARG1$ -u $ARG2$ -p $ARG3$ -H "$HOSTALIAS$" -l -l runtime -s status
}
define command{
command_name check_esx3_dc_host_runtime_state
command_line $USER1$/check_esx3 -D $ARG1$ -u $ARG2$ -p $ARG3$ -H "$HOSTALIAS$" -l -l runtime -s state
}
define command{
command_name check_esx3_dc_host_runtime_tools
command_line $USER1$/check_esx3 -D $ARG1$ -u $ARG2$ -p $ARG3$ -H "$HOSTALIAS$" -l runtime -s tools
}
define command{
command_name check_esx3_dc_host_runtime_issue
command_line $USER1$/check_esx3 -D $ARG1$ -u $ARG2$ -p $ARG3$ -H "$HOSTALIAS$" -l runtime -s issues
}
/usr/local/icinga/etc/icinga.cfg
cfg_dir=/usr/local/icinga/etc/objects
/usr/local/icinga/etc/objects/esxi01.cfg
# Define a host for the local machine
define host{
use linux-server ; Name of host template to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name esxi01
alias esxi01
address esxi01
statusmap_image vendors/vmware.png
contact_groups esx-support
notifications_enabled 1
}
###############################################################################
###############################################################################
#
# SERVICE DEFINITIONS
#
###############################################################################
###############################################################################
# Define a service to "ping" the local machine
define service{
use local-service ; Name of service template to use
host_name esxi01
service_description PING
check_command check_ping!100.0,20%!500.0,60%
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esxi01
service_description SSH
check_command check_ssh
contact_groups esx-support
notifications_enabled 1
}
define service{
use generic-service
host_name esx01
service_description HARDWARE
check_command check_esxi_hardware!$USER6$!$USER7$!auto
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esxi01
service_description ESXI_HOSTCPUUSAGE
check_command check_esx3_host_cpu_usage!80!90
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esxi01
service_description ESXI_HOSTMEM
check_command check_esx3_host_mem_usage!80!90
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esxi01
service_description ESXI_HOSTSWAP
check_command check_esx3_host_swap_usage!80!90
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esxi01
service_description ESXI_HOSTNETUSAGE
check_command check_esx3_host_net_usage!102400!204800
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esxi01
service_description ESXI_HOSTVMFS_LOCAL
check_command check_esx3_host_vmfs!datastore1!90%!95%
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esxi01
service_description ESXI_RUNTMIESTATUS
check_command check_esx3_host_runtime_status
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esxi01
service_description ESXI_HOSTIOREAD
check_command check_esx3_host_io_read!40!90
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esxi01
service_description ESXI_HOSTIOWRITE
check_command check_esx3_host_io_write!40!90
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esxi01
service_description HTTPS
check_command check_https
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esxi01
service_description HTTP
check_command check_http
contact_groups esx-support
notifications_enabled 1
}
/usr/local/icinga/etc/objects/esx01.cfg (über vCenter "vcenter01")
# Define a host for the local machine
define host{
use linux-server ; Name of host template to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name esx01
alias esx01
address esx01
statusmap_image vendors/vmware2.png
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esx01
service_description PING
check_command check_ping!100.0,20%!500.0,60%
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esx01
service_description SSH
check_command check_ssh
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esx01
service_description HTTPS
check_command check_https
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esx01
service_description HTTP
check_command check_http
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esx01
service_description ESX_HOSTCPUUSAGE
check_command check_esx3_host_cpu_usage!$USER6$!$USER7$!80!90
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esx01
service_description ESX_HOSTMEM
check_command check_esx3_host_mem_usage!$USER6$!$USER7$!80!90
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esx01
service_description ESX_HOSTSWAP
check_command check_esx3_host_swap_usage!$USER6$!$USER7$!80!90
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esx01
service_description ESX_HOSTNETUSAGE
check_command check_esx3_host_net_usage!$USER6$!$USER7$!102400!204800
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esx01
service_description ESX_HOSTVMFS_LOCAL
check_command check_esx3_host_vmfs!datastore1!$USER6$!$USER7$!90%!95%
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esx01
service_description ESX_RUNTMIESTATUS
check_command check_esx3_host_runtime_status!$USER6$!$USER7$
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esx01
service_description ESX_HOSTIOREAD
check_command check_esx3_host_io_read!40!90!$USER6$!$USER7$
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name esx01
service_description ESXI_HOSTIOWRITE
check_command check_esx3_host_io_write!$USER6$!$USER7$!40!90
contact_groups esx-support
notifications_enabled 1
}
/usr/local/icinga/etc/objects/vcenter01.cfg
WICHTIG ist das der alias = dem Namen auf dem ESX-Server ist (schreibweise beachten)
# Define a host for the local machine
define host{
use linux-server ; Name of host template to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name vcenter01
alias vcenter01
address vcenter01
statusmap_image vendors/vista.png
contact_groups esx-support
notifications_enabled 1
}
# Define a service to "ping" the local machine
define service{
use local-service ; Name of service template to use
host_name vcenter01
service_description PING
check_command check_ping!100.0,20%!500.0,60%
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name vcenter01
service_description HTTP
check_command check_http
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name vcenter01
service_description HTTPS
check_command check_https
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name vcenter01
service_description VM_CPUUSAGE
check_command check_esx3_dc_host_cpu_usage!vcenter01!$USER8$!$USER9$!!80!90
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name vcenter01
service_description VM_MEM
check_command check_esx3_dc_host_mem_usage!vcenter01!$USER8$!$USER9$!80!90
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name vcenter01
service_description VM_SWAP
check_command check_esx3_dc_host_swap_usage!vcenter01!$USER8$!$USER9$!80!90
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name vcenter01
service_description VM_NETUSAGE
check_command check_esx3_dc_net_usage!vcenter01!$USER8$!$USER9$!102400!204800
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name vcenter01
service_description VM_RUNTMIESTATUS
check_command check_esx3_dc_runtime_status!$USER8$!$USER9$!vcenter01$USER8$!$USER9$
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name vcenter01
service_description VM_RUNTMIESTATE
check_command check_esx3_dc_runtime_state!vcenter01$USER8$!$USER9$
contact_groups esx-support
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name vcenter01
service_description VM_VMWARETools
check_command check_esx3_dc_runtime_tools!vcenter01$USER8$!$USER9$
contact_groups esx-support
notifications_enabled 1
}
/usr/local/icinga/etc/objects/localhost.cfg
# Define a host for the local machine
define host{
use linux-server ; Name of host template to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name localhost
alias localhost
address 127.0.0.1
statusmap_image vendors/ubuntu.png
}
define service{
use local-service ; Name of service template to use
host_name localhost
service_description PING
check_command check_ping!100.0,20%!500.0,60%
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name localhost
service_description Root Partition
check_command check_local_disk!20%!10%!/
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name localhost
service_description Current Users
check_command check_local_users!20!50
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name localhost
service_description Total Processes
check_command check_local_procs!250!400!RSZDT
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name localhost
service_description Current Load
check_command check_local_load!5.0,4.0,3.0!10.0,6.0,4.0
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name localhost
service_description Swap Usage
check_command check_local_swap!20!10
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name localhost
service_description SSH
check_command check_ssh
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name localhost
service_description HTTP
check_command check_http
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name localhost
service_description MySQL
check_command check_mysql!icinga!icinga
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name localhost
service_description NTPTime
check_command check_ntp_time
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name localhost
service_description SMTP
check_command check_smtp
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name localhost
service_description MailQ
check_command check_mailq!5!10
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name localhost
service_description DNS
check_command check_dns!192.168.1.1!www.heise.de
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name localhost
service_description Icinga
check_command check_icinga!/usr/local/icinga/var/status.dat!/usr/local/icinga/bin/icinga
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name localhost
service_description MySQL-Query
check_command check_mysql_query!icinga_systemcommands!localhost!icinga!icinga!icinga
notifications_enabled 1
}
define service{
use local-service ; Name of service template to use
host_name localhost
service_description Memory
check_command check_mem!10!5
contact_groups admins
notifications_enabled 1
}
Prüfen der Konfiguration:
# /usr/local/icinga/bin/icinga -v /usr/local/icinga/etc/icinga.cfg
Wenn OK, Icinga durchstarten
# /etc/init.d/icinga reload
Freitag, 9. Dezember 2011
Icinga auf Ubuntu Server 11.10
Icinga auf Ubuntu Server 11.10 (64bit)
--------------------------------------
0. Installation Ubuntu Server
apt-get update
apt-get upgrade
1. apt-get install -y libdbi-dev libdbd-mysql build-essential libgd2-xpm-dev libjpeg62-dev libpng12-dev mysql-server mysql-client apache2 openssl libssl-dev libmysqlclient16-dev
2. useradd -m icinga
passwd icinga
groupadd icinga-cmd
usermod -a -G icinga-cmd icinga
usermod -a -G icinga-cmd www-data
3. cd /var/tmp
wget http://sourceforge.net/projects/icinga/files/icinga/1.6.1/icinga-1.6.1.tar.gz/download
tar xvfz icinga-1.6.1.tar.gz
cd /var/tmp/icinga-1.6.1
./configure --with-command-group=icinga-cmd --enable-idoutils
make all
sudo make fullinstall
4. cd /var/tmp
wget http://sourceforge.net/projects/nagiosplug/files/nagiosplug/1.4.15/nagios-plugins-1.4.15.tar.gz/download
tar xvfz nagios-plugins-1.4.15.tar.gz
cd /usr/src/nagios-plugins-1.4.15
./configure --prefix=/usr/local/icinga --with-nagios-user=icinga
make
sudo make install
5.
sudo htpasswd -c /usr/local/icinga/etc/htpasswd.users icingaadmin
sudo /etc/init.d/apache2 restart
sudo mysql -u root -p
create database icinga;
GRANT USAGE ON icinga.* TO 'icinga'@'localhost' IDENTIFIED BY 'icinga' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0;
GRANT SELECT , INSERT , UPDATE , DELETE ON icinga.* TO 'icinga'@'localhost';
flush privileges;
quit
cd /var/tmp/icinga-1.0.2/module/idoutils/db/mysql
sudo mysql -u root -p icinga < mysql.sql
sudo mv /usr/local/icinga/etc/ido2db.cfg-sample /usr/local/icinga/etc/ido2db.cfg
sudo mv /usr/local/icinga/etc/idomod.cfg-sample /usr/local/icinga/etc/idomod.cfg
sudo vi /usr/local/icinga/etc/ido2db.cfg
db_user und db_password anpassen wenn nicht "icinga" als password verwendet wurde.
sudo vi /usr/local/icinga/etc/icinga.cfg
broker_module=/usr/local/icinga/bin/idomod.o config_file=/usr/local/icinga/etc/idomod.cfg
sudo /etc/init.d/ido2db start
sudo /etc/init.d/icinga start
sudo update-rc.d ido2db defaults 50
sudo update-rc.d icinga defaults 51
püfen der config
cd /usr/local/icinga/bin
sudo ./icinga -v /usr/local/icinga/etc/icinga.cfg
sudo apt-get install sendmail mailutils
vi /etc/mail/sendmail.mc
add: FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
vi /etc/mail/mailertable
example:
.domain.tld esmtp:[mailserver]
sendmailconfig
mail user@domain.tld
check mail recivied
--------------------------------------
0. Installation Ubuntu Server
apt-get update
apt-get upgrade
1. apt-get install -y libdbi-dev libdbd-mysql build-essential libgd2-xpm-dev libjpeg62-dev libpng12-dev mysql-server mysql-client apache2 openssl libssl-dev libmysqlclient16-dev
2. useradd -m icinga
passwd icinga
groupadd icinga-cmd
usermod -a -G icinga-cmd icinga
usermod -a -G icinga-cmd www-data
3. cd /var/tmp
wget http://sourceforge.net/projects/icinga/files/icinga/1.6.1/icinga-1.6.1.tar.gz/download
tar xvfz icinga-1.6.1.tar.gz
cd /var/tmp/icinga-1.6.1
./configure --with-command-group=icinga-cmd --enable-idoutils
make all
sudo make fullinstall
4. cd /var/tmp
wget http://sourceforge.net/projects/nagiosplug/files/nagiosplug/1.4.15/nagios-plugins-1.4.15.tar.gz/download
tar xvfz nagios-plugins-1.4.15.tar.gz
cd /usr/src/nagios-plugins-1.4.15
./configure --prefix=/usr/local/icinga --with-nagios-user=icinga
make
sudo make install
5.
sudo htpasswd -c /usr/local/icinga/etc/htpasswd.users icingaadmin
sudo /etc/init.d/apache2 restart
sudo mysql -u root -p
create database icinga;
GRANT USAGE ON icinga.* TO 'icinga'@'localhost' IDENTIFIED BY 'icinga' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0;
GRANT SELECT , INSERT , UPDATE , DELETE ON icinga.* TO 'icinga'@'localhost';
flush privileges;
quit
cd /var/tmp/icinga-1.0.2/module/idoutils/db/mysql
sudo mysql -u root -p icinga < mysql.sql
sudo mv /usr/local/icinga/etc/ido2db.cfg-sample /usr/local/icinga/etc/ido2db.cfg
sudo mv /usr/local/icinga/etc/idomod.cfg-sample /usr/local/icinga/etc/idomod.cfg
sudo vi /usr/local/icinga/etc/ido2db.cfg
db_user und db_password anpassen wenn nicht "icinga" als password verwendet wurde.
sudo vi /usr/local/icinga/etc/icinga.cfg
broker_module=/usr/local/icinga/bin/idomod.o config_file=/usr/local/icinga/etc/idomod.cfg
sudo /etc/init.d/ido2db start
sudo /etc/init.d/icinga start
sudo update-rc.d ido2db defaults 50
sudo update-rc.d icinga defaults 51
püfen der config
cd /usr/local/icinga/bin
sudo ./icinga -v /usr/local/icinga/etc/icinga.cfg
sudo apt-get install sendmail mailutils
vi /etc/mail/sendmail.mc
add: FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
vi /etc/mail/mailertable
example:
.domain.tld esmtp:[mailserver]
sendmailconfig
mail user@domain.tld
check mail recivied
Montag, 21. November 2011
tcp_timestamps abschalten
Abschalten von Info der (nic)uptime
z.B: in der /etc/rc.local
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
Testen mit:
für SSL
hping3 -S --tcp-timestamp -p 443 -c 2
für HTTP
hping3 -S --tcp-timestamp -p 80 -c
für ssh
hping3 -S --tcp-timestamp -p 22 -c
z.B: in der /etc/rc.local
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
Testen mit:
für SSL
hping3 -S --tcp-timestamp -p 443 -c 2
für HTTP
hping3 -S --tcp-timestamp -p 80 -c
für ssh
hping3 -S --tcp-timestamp -p 22 -c
Sonntag, 19. Juni 2011
Icinga auf Ubuntu Server 10.04
Icinga auf Ubuntu Server 10.04 (64bit)
--------------------------------------
0. Installation Ubuntu Server
1. apt-get install -y libdbi0-dev libdbd-mysql build-essential libgd2-xpm-dev libjpeg62-dev libpng12-dev mysql-server mysql-client apache2 openssl libssl-dev libmysqlclient16-dev
2. useradd -m icinga
passwd icinga
groupadd icinga-cmd
usermod -a -G icinga-cmd icinga
usermod -a -G icinga-cmd www-data
3. cd /var/tmp
wget http://sourceforge.net/projects/icinga/files/icinga/1.0.2/icinga-1.0.2.tar.gz/download
tar xvfz icinga-1.0.2.tar.gz
cd /var/tmp/icinga-1.0.2
./configure --with-command-group=icinga-cmd --enable-idoutils
make all
sudo make fullinstall
4. cd /var/tmp
wget http://sourceforge.net/projects/nagiosplug/files/nagiosplug/1.4.15/nagios-plugins-1.4.15.tar.gz/download
tar xvfz nagios-plugins-1.4.15.tar.gz
cd /usr/src/nagios-plugins-1.4.15
./configure --prefix=/usr/local/icinga --with-nagios-user=icinga
make
sudo make install
5.
sudo htpasswd -c /usr/local/icinga/etc/htpasswd.users icingaadmin
sudo /etc/init.d/apache2 restart
sudo mysql -u root -p
create database icinga;
GRANT USAGE ON *.* TO 'icinga'@'localhost' IDENTIFIED BY 'icinga' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0;
GRANT SELECT , INSERT , UPDATE , DELETE ON icinga.* TO 'icinga'@'localhost';
flush privileges;
quit
cd /var/tmp/icinga-1.0.2/module/idoutils/db/mysql
sudo mysql -u root -p icinga < mysql.sql
sudo mv /usr/local/icinga/etc/ido2db.cfg-sample /usr/local/icinga/etc/ido2db.cfg
sudo mv /usr/local/icinga/etc/idomod.cfg-sample /usr/local/icinga/etc/idomod.cfg
sudo vi /usr/local/icinga/etc/ido2db.cfg
db_user und db_password anpassen wenn nicht "icinga" als password verwendet wurde.
sudo vi /usr/local/icinga/etc/icinga.cfg
broker_module=/usr/local/icinga/bin/idomod.o config_file=/usr/local/icinga/etc/idomod.cfg
sudo /etc/init.d/ido2db start
sudo /etc/init.d/icinga start
sudo update-rc.d ido2db defaults 50
sudo update-rc.d icinga defaults 51
püfen der config
cd /usr/local/icinga/bin
sudo ./icinga -v /usr/local/icinga/etc/icinga.cfg
sudo apt-get install sendmail mailutils
vi /etc/mail/sendmail.mc
add: FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
vi /etc/mail/mailertable
example:
.domain.tld esmtp:[mailserver]
sendmailconfig
mail user@domain.tld
check mail recivied
--------------------------------------
0. Installation Ubuntu Server
1. apt-get install -y libdbi0-dev libdbd-mysql build-essential libgd2-xpm-dev libjpeg62-dev libpng12-dev mysql-server mysql-client apache2 openssl libssl-dev libmysqlclient16-dev
2. useradd -m icinga
passwd icinga
groupadd icinga-cmd
usermod -a -G icinga-cmd icinga
usermod -a -G icinga-cmd www-data
3. cd /var/tmp
wget http://sourceforge.net/projects/icinga/files/icinga/1.0.2/icinga-1.0.2.tar.gz/download
tar xvfz icinga-1.0.2.tar.gz
cd /var/tmp/icinga-1.0.2
./configure --with-command-group=icinga-cmd --enable-idoutils
make all
sudo make fullinstall
4. cd /var/tmp
wget http://sourceforge.net/projects/nagiosplug/files/nagiosplug/1.4.15/nagios-plugins-1.4.15.tar.gz/download
tar xvfz nagios-plugins-1.4.15.tar.gz
cd /usr/src/nagios-plugins-1.4.15
./configure --prefix=/usr/local/icinga --with-nagios-user=icinga
make
sudo make install
5.
sudo htpasswd -c /usr/local/icinga/etc/htpasswd.users icingaadmin
sudo /etc/init.d/apache2 restart
sudo mysql -u root -p
create database icinga;
GRANT USAGE ON *.* TO 'icinga'@'localhost' IDENTIFIED BY 'icinga' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0;
GRANT SELECT , INSERT , UPDATE , DELETE ON icinga.* TO 'icinga'@'localhost';
flush privileges;
quit
cd /var/tmp/icinga-1.0.2/module/idoutils/db/mysql
sudo mysql -u root -p icinga < mysql.sql
sudo mv /usr/local/icinga/etc/ido2db.cfg-sample /usr/local/icinga/etc/ido2db.cfg
sudo mv /usr/local/icinga/etc/idomod.cfg-sample /usr/local/icinga/etc/idomod.cfg
sudo vi /usr/local/icinga/etc/ido2db.cfg
db_user und db_password anpassen wenn nicht "icinga" als password verwendet wurde.
sudo vi /usr/local/icinga/etc/icinga.cfg
broker_module=/usr/local/icinga/bin/idomod.o config_file=/usr/local/icinga/etc/idomod.cfg
sudo /etc/init.d/ido2db start
sudo /etc/init.d/icinga start
sudo update-rc.d ido2db defaults 50
sudo update-rc.d icinga defaults 51
püfen der config
cd /usr/local/icinga/bin
sudo ./icinga -v /usr/local/icinga/etc/icinga.cfg
sudo apt-get install sendmail mailutils
vi /etc/mail/sendmail.mc
add: FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
vi /etc/mail/mailertable
example:
.domain.tld esmtp:[mailserver]
sendmailconfig
mail user@domain.tld
check mail recivied
ntop 4 installation unter Ubuntu 10.04 Server
nTop 4 unter Ubuntu 10.04(64bit)
--------------------------------
Internetanbindung notwendig!
Möglichst 2 Netzwerkkarten (eine zum Mitlauschen, eine zum Netzwerkzugriff)
Festplatte sollte min 4 GB haben (für kleinen Test) lieber grösser.
1. Installation von Ubuntu Server 10.04 (64bit)
Download: http://www.ubuntu.com/server/get-ubuntu/download
OpenSSH Server
2. Online Update
sudo apt-get update
sudo apt-get updrade
u.U. muss man den akt. Kernel noch instl.
sudo apt-get install linux-headers-server linux-image-server linux-server
diese sagt einem aber sudo apt-get upgrade wenn man es nochmals aufruft
Danach ein reboot: sudo reboot
dann sudo apt-get autoremove um alte nichtmehr benötigte
Packte zu deinstallieren
sudo apt-get install build-essential
sudo apt-get install libtool
sudo apt-get install autoconf
sudo apt-get install automake
sudo apt-get install m4
sudo apt-get install libpcap0.8
sudo apt-get install libpcap0.8-dev
sudo apt-get install zlib1g
sudo apt-get install zlib1g-dev
sudo apt-get install rrdtool
sudo apt-get install librrd4
sudo apt-get install librrd-dev
sudo apt-get install graphviz
sudo apt-get install openssl
sudo apt-get install libssl-dev
sudo apt-get install libgeoip-dev
sudo aptitude install python-dev
sudo apt-get install pyhton-dev
sudo apt-get install pyhton-mako
sudo apt-get install libgdbm-dev
3. Download von nTop Source
http://sourceforge.net/projects/ntop/
oder
wget http://sourceforge.net/projects/ntop/files/ntop/ntop-4.0.1/ntop-4.0.1.tar.gz/download
z.B: tar xvfz ntop-4.0.1.tar.gz
cd ntop-4.0.1
./autogen.sh
./configure
make
sudo make install
sudo adduser --system --group --home /usr/local/lib/ntop ntop
sudo cp packages/debian/etc/ld.so.conf.d/ntop.conf /etc/ld.so.conf.d
vi /etc/init.d/ntop
#! /bin/sh
#
# ntop script
#
# NOTE: Copy this script in /etc/init.d/ntop
#
# Author:
# Paul Mansfield
# Worldpay - 20020218
#
# Fixed by L.Deri - May 2007
# mod. D.Schneck - August 2010
set -e
NAME=ntop
DAEMON=/usr/local/bin/ntop
CONFIG=/etc/ntop/ntop.conf
PROTOCOLFILE=/etc/ntop/protocol.list
test -x $DAEMON || exit 0
start_ntop() {
echo -n "Starting ntop "
$DAEMON @$CONFIG -p $PROTOCOLFILE > /var/log/ntop.out &
echo " ...done"
}
stop_ntop() {
echo -n "Stopping ntop "
if test -f /var/run/ntop.pid ; then
kill `cat /var/run/ntop.pid`
echo -n " killed pid `cat /var/run/ntop.pid`"
rm /var/run/ntop.pid
fi
echo " ...done"
}
case "$1" in
start)
start_ntop
;;
stop)
stop_ntop
;;
restart)
stop_ntop
start_ntop
;;
defaults)
$DAEMON -u ntop --set-admin-password=admin
;;
*)
echo "Usage: /etc/init.d/$NAME {start|stop|restart|install}"
exit 1
;;
esac
exit 0
sudo chmod 755 /etc/init.d/ntop
sudo ldconfig
sudo chown -R ntop.ntop /usr/local/var/ntop
cd /etc/init.d
sudo mkdir /etc/ntop
cd /var/tmp/ntop-4.0.1
sudo cp packages/Redhat/ntop.conf.sample /etc/ntop/ntop.conf
In dieser Datei werden z.B: Portnummer, Netzwerkkarte usw. eingestellt.
--db-file-path /usr/local/var/ntop muss angepasst werden
sudo cp packages/debian.official/protocol.list /etc/ntop
sudo ntop --user ntop -P /usr/local/var/ntop
sudo chown -R ntop.ntop /usr/local/var/ntop
sudo service ntop start
Soll ntop beim starten des Systemns automatisch gestartet werden, geben Sie folgendes ein:
sudo update-rc.d ntop defaults
--------------------------------
Internetanbindung notwendig!
Möglichst 2 Netzwerkkarten (eine zum Mitlauschen, eine zum Netzwerkzugriff)
Festplatte sollte min 4 GB haben (für kleinen Test) lieber grösser.
1. Installation von Ubuntu Server 10.04 (64bit)
Download: http://www.ubuntu.com/server/get-ubuntu/download
OpenSSH Server
2. Online Update
sudo apt-get update
sudo apt-get updrade
u.U. muss man den akt. Kernel noch instl.
sudo apt-get install linux-headers-server linux-image-server linux-server
diese sagt einem aber sudo apt-get upgrade wenn man es nochmals aufruft
Danach ein reboot: sudo reboot
dann sudo apt-get autoremove um alte nichtmehr benötigte
Packte zu deinstallieren
sudo apt-get install build-essential
sudo apt-get install libtool
sudo apt-get install autoconf
sudo apt-get install automake
sudo apt-get install m4
sudo apt-get install libpcap0.8
sudo apt-get install libpcap0.8-dev
sudo apt-get install zlib1g
sudo apt-get install zlib1g-dev
sudo apt-get install rrdtool
sudo apt-get install librrd4
sudo apt-get install librrd-dev
sudo apt-get install graphviz
sudo apt-get install openssl
sudo apt-get install libssl-dev
sudo apt-get install libgeoip-dev
sudo aptitude install python-dev
sudo apt-get install pyhton-dev
sudo apt-get install pyhton-mako
sudo apt-get install libgdbm-dev
3. Download von nTop Source
http://sourceforge.net/projects/ntop/
oder
wget http://sourceforge.net/projects/ntop/files/ntop/ntop-4.0.1/ntop-4.0.1.tar.gz/download
z.B: tar xvfz ntop-4.0.1.tar.gz
cd ntop-4.0.1
./autogen.sh
./configure
make
sudo make install
sudo adduser --system --group --home /usr/local/lib/ntop ntop
sudo cp packages/debian/etc/ld.so.conf.d/ntop.conf /etc/ld.so.conf.d
vi /etc/init.d/ntop
#! /bin/sh
#
# ntop script
#
# NOTE: Copy this script in /etc/init.d/ntop
#
# Author:
# Paul Mansfield
# Worldpay - 20020218
#
# Fixed by L.Deri - May 2007
# mod. D.Schneck - August 2010
set -e
NAME=ntop
DAEMON=/usr/local/bin/ntop
CONFIG=/etc/ntop/ntop.conf
PROTOCOLFILE=/etc/ntop/protocol.list
test -x $DAEMON || exit 0
start_ntop() {
echo -n "Starting ntop "
$DAEMON @$CONFIG -p $PROTOCOLFILE > /var/log/ntop.out &
echo " ...done"
}
stop_ntop() {
echo -n "Stopping ntop "
if test -f /var/run/ntop.pid ; then
kill `cat /var/run/ntop.pid`
echo -n " killed pid `cat /var/run/ntop.pid`"
rm /var/run/ntop.pid
fi
echo " ...done"
}
case "$1" in
start)
start_ntop
;;
stop)
stop_ntop
;;
restart)
stop_ntop
start_ntop
;;
defaults)
$DAEMON -u ntop --set-admin-password=admin
;;
*)
echo "Usage: /etc/init.d/$NAME {start|stop|restart|install}"
exit 1
;;
esac
exit 0
sudo chmod 755 /etc/init.d/ntop
sudo ldconfig
sudo chown -R ntop.ntop /usr/local/var/ntop
cd /etc/init.d
sudo mkdir /etc/ntop
cd /var/tmp/ntop-4.0.1
sudo cp packages/Redhat/ntop.conf.sample /etc/ntop/ntop.conf
In dieser Datei werden z.B: Portnummer, Netzwerkkarte usw. eingestellt.
--db-file-path /usr/local/var/ntop muss angepasst werden
sudo cp packages/debian.official/protocol.list /etc/ntop
sudo ntop --user ntop -P /usr/local/var/ntop
sudo chown -R ntop.ntop /usr/local/var/ntop
sudo service ntop start
Soll ntop beim starten des Systemns automatisch gestartet werden, geben Sie folgendes ein:
sudo update-rc.d ntop defaults
Ändern von gruppen
ändern von gruppen(rechten)
find admin audit bin esa etc home lpp opt oracle pconsole sapmnt sbin tivoli unix usr var -group 203 -exec chgrp 200 {} \;
find admin audit bin esa etc home lpp opt oracle pconsole sapmnt sbin tivoli unix usr var -group 203 -exec chgrp 200 {} \;
Apache: Ein kleiner Schutz vor Schwachstellen Scanner
Ein kleiner Schutz vor Schwachstellen Scanner: w00tw00t.at.ISC.SANS.DFind
apt-get install fail2ban
/etc/fail2ban/jail.conf
#####
# HTTP
####
[apache-404]
enabled = true
port = http,https
filter = apache-404
logpath = /var/log/apache*/*error.log
maxretry = 3
[block_ww0twt]
enabled = true
port = http,https
filter = apache-404
logpath = /var/log/apache*/*error.log
maxretry = 3
/etc/fail2ban/filter.d/apache-404.conf
# Fail2Ban configuration file
#
# License: GPL
# You are free to Use this on other Sites if you link back to this Site.
#
[Definition]
# Option: failregex
# Notes.: regex to match the "File does not exist" messages in the logfile. The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P\S+)
# Values: TEXT
#
failregex = [[]client (?P\S*)[]] File does not exist: *
#
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# standart search for favicon.ico and robots.txt - this is often thrown and may do stupid mistakes
# Values: TEXT
#
ignoreregex = .*(robots.txt|favicon.ico)
/etc/fail2ban/filter.d/block_ww0twt.conf
# Fail2Ban configuration file
#
# License: GPL
# You are free to Use this on other Sites if you link back to this Site.
#
[Definition]
# Option: failregex
# Notes.: regex to match the "File does not exist" messages in the logfile. The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P\S+)
# Values: TEXT
#
#failregex = [[]client (?P\S*)[]] client sent HTTP/1.1 request without hostname *
failregex = [[]client (?P\S*)[]] client sent HTTP/1.1 request without hostname \(see RFC2616 section 14.23\): \/w00tw00t.*
#
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# standart search for favicon.ico and robots.txt - this is often thrown and may do stupid mistakes
# Values: TEXT
#
ignoreregex = .*(robots.txt|favicon.ico)
block_ww0twt_2.conf
# Fail2Ban configuration file
#
# License: GPL
# You are free to Use this on other Sites if you link back to this Site.
#
[Definition]
# Option: failregex
# Notes.: regex to match the "File does not exist" messages in the logfile. The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P\S+)
# Values: TEXT
#
#failregex = [[]client (?P\S*)[]] client sent HTTP/1.1 request without hostname *
failregex = [[]client (?P\S*)[]] script .* not found or unable to stat
#
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# standart search for favicon.ico and robots.txt - this is often thrown and may do stupid mistakes
# Values: TEXT
#
ignoreregex = .*(robots.txt|favicon.ico)
apt-get install fail2ban
/etc/fail2ban/jail.conf
#####
# HTTP
####
[apache-404]
enabled = true
port = http,https
filter = apache-404
logpath = /var/log/apache*/*error.log
maxretry = 3
[block_ww0twt]
enabled = true
port = http,https
filter = apache-404
logpath = /var/log/apache*/*error.log
maxretry = 3
/etc/fail2ban/filter.d/apache-404.conf
# Fail2Ban configuration file
#
# License: GPL
# You are free to Use this on other Sites if you link back to this Site.
#
[Definition]
# Option: failregex
# Notes.: regex to match the "File does not exist" messages in the logfile. The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P\S+)
# Values: TEXT
#
failregex = [[]client (?P
#
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# standart search for favicon.ico and robots.txt - this is often thrown and may do stupid mistakes
# Values: TEXT
#
ignoreregex = .*(robots.txt|favicon.ico)
/etc/fail2ban/filter.d/block_ww0twt.conf
# Fail2Ban configuration file
#
# License: GPL
# You are free to Use this on other Sites if you link back to this Site.
#
[Definition]
# Option: failregex
# Notes.: regex to match the "File does not exist" messages in the logfile. The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P\S+)
# Values: TEXT
#
#failregex = [[]client (?P
failregex = [[]client (?P
#
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# standart search for favicon.ico and robots.txt - this is often thrown and may do stupid mistakes
# Values: TEXT
#
ignoreregex = .*(robots.txt|favicon.ico)
block_ww0twt_2.conf
# Fail2Ban configuration file
#
# License: GPL
# You are free to Use this on other Sites if you link back to this Site.
#
[Definition]
# Option: failregex
# Notes.: regex to match the "File does not exist" messages in the logfile. The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P\S+)
# Values: TEXT
#
#failregex = [[]client (?P
failregex = [[]client (?P
#
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# standart search for favicon.ico and robots.txt - this is often thrown and may do stupid mistakes
# Values: TEXT
#
ignoreregex = .*(robots.txt|favicon.ico)
JPG verkleinern
for i in `ls *.jpg`; do convert -resize "AUFLÖSUNG" $i klein_dateiname.jpg; done
z.B.
for i in `ls *.jpg`; do convert -resize "1024x786" $i klein_$i; done
for i in `ls *.JPG`; do convert -resize "1024x786" $i klein_$i; done
z.B.
for i in `ls *.jpg`; do convert -resize "1024x786" $i klein_$i; done
for i in `ls *.JPG`; do convert -resize "1024x786" $i klein_$i; done
Clonezilla: Automatisches Backup auf ext. USB Festplatte
CloneZilla BootCD/ISO anpassen um ein Automatisches Backup
auf eine USB-Festplatte machen zu können.
Downloaden der ISO z.B. clonezilla-live-20110530-natty.iso
http://clonezilla.org/downloads/alternative/iso-zip-files.php
Öffnen der ISO-Datei: clonezilla-live-20110530-natty.iso mit ISOMaster (http://www.littlesvr.ca/isomaster/)
1. Erstellen eines Verzeichnises "custom" in der ROOT des ISOs
2. Erstellen des Scripts "ocs-clientname.sh" für das Backup
in diesem Beispiel wird eine ext. USB-Festplatte
mittels uuid gemountet und nach /home/partimag gemountet
Das Script erzeuget ein Verzeichnis clientname_HHMMSSTTMMJJJJ in das das Backup geschrieben wird.
Script für /dev/sda
##!/bin/bash
# Author: Steven Shiau
# License: GPL
# When this script is ready, you can run
# /opt/drbl/sbin/ocs-iso -g en -k NONE -s -m ./custom-ocs
# to create the iso file for CD/DVD. or
# /opt/drbl/sbin/ocs-live-dev -g en -k NONE -s -c -m ./custom-ocs
# to create the zip file for USB flash drive.
# Begin of the scripts:
# Load DRBL setting and functions
if [ ! -f "/opt/drbl/sbin/drbl-conf-functions" ]; then
echo "Unable to find /opt/drbl/sbin/drbl-conf-functions! Program terminated!"
exit 1
fi
. /opt/drbl/sbin/drbl-conf-functions
. /opt/drbl/sbin/ocs-functions
# load the setting for clonezilla live.
[ -e /etc/ocs/ocs-live.conf ] && . /etc/ocs/ocs-live.conf
# Load language files. For English, use "en_US.UTF-8". For Traditional Chinese, use "zh_TW.UTF-8"
ask_and_load_lang_set en_US.UTF-8
# The above is almost necessary, it is recommended to include them in your own custom-ocs.
# From here, you can write your own scripts.
echo "#########################################################################################"
echo "# 1. Configure network"
#dhclient
echo "#########################################################################################"
echo "# 2. Mount the clonezilla image home"
mkdir /home/partimag
mount /dev/disk/by-uuid/9a467114-d745-4b53-b1ab-f70ca1918d0d /home/partimag
echo "#######################################after mounting, now showing mounts###########"
mount
echo "#########################################################################################"
echo "# 3. backing up sda"
/opt/drbl/sbin/ocs-sr -b -q -j2 -z1 -i 0 -p reboot savedisk "clientname_`date +%H%M%S_%d%m%Y`" "sda"
echo "#########################################################################################"
Script für /dev/hda
##!/bin/bash
# Author: Steven Shiau
# License: GPL
# When this script is ready, you can run
# /opt/drbl/sbin/ocs-iso -g en -k NONE -s -m ./custom-ocs
# to create the iso file for CD/DVD. or
# /opt/drbl/sbin/ocs-live-dev -g en -k NONE -s -c -m ./custom-ocs
# to create the zip file for USB flash drive.
# Begin of the scripts:
# Load DRBL setting and functions
if [ ! -f "/opt/drbl/sbin/drbl-conf-functions" ]; then
echo "Unable to find /opt/drbl/sbin/drbl-conf-functions! Program terminated!"
exit 1
fi
. /opt/drbl/sbin/drbl-conf-functions
. /opt/drbl/sbin/ocs-functions
# load the setting for clonezilla live.
[ -e /etc/ocs/ocs-live.conf ] && . /etc/ocs/ocs-live.conf
# Load language files. For English, use "en_US.UTF-8". For Traditional Chinese, use "zh_TW.UTF-8"
ask_and_load_lang_set en_US.UTF-8
# The above is almost necessary, it is recommended to include them in your own custom-ocs.
# From here, you can write your own scripts.
echo "#########################################################################################"
echo "# 1. Configure network"
#dhclient
echo "#########################################################################################"
echo "# 2. Mount the clonezilla image home"
mkdir /home/partimag
mount /dev/disk/by-uuid/9a467114-d745-4b53-b1ab-f70ca1918d0d /home/partimag
echo "#######################################after mounting, now showing mounts###########"
mount
echo "#########################################################################################"
echo "# 3. backing up hda"
/opt/drbl/sbin/ocs-sr -b -q -j2 -z1 -i 0 -p reboot savedisk "clientname_`date +%H%M%S_%d%m%Y`" "hda"
echo "#########################################################################################"
Wichtig ist das das Script: "ocs-clientname.sh" mittels chmod 755 ausführbar gemacht wird.
oder per ISOMaster mit change Permissions rwx-r-x-r-x
Wie findet man die uuid einer Partiton herraus ?
Booten mit der CloneZilla ISO/CD
Enter Commandline
$ sudo su -
# tune2fs -l /dev/sdbX | grep "Filesystem UUID:"
z.B.
# tune2fs -l /dev/sdb1 | grep "Filesystem UUID:"
3. Anpassung / Erstellung der Datei: isolinux/isolinux.cfg
# Since no network setting in the squashfs image, therefore if ip=frommedia, the network is disabled. That's what we want.
label Clonezilla clientname
# MENU HIDE
MENU LABEL Autobackup CLIENTNAME
# MENU PASSWD
kernel /live/vmlinuz
append initrd=/live/initrd.img boot=live hostname=natty config quiet noswap nolocales edd=on nomodeset ocs_live_run="/live/image/custom/ocs-clientname.sh" ocs_live_extra_param="" ocs_live_keymap="/usr/share/keymaps/i386/qwertz/de-latin1-nodeadkeys.kmap.gz" ocs_live_batch="yes" ocs_lang="en_US.UTF-8" video=uvesafb:mode_option=800x600-16 ip=frommedia
nosplash
TEXT HELP
* Clonezilla live version: 20110530-natty. (C) 2003-2011, NCHC, Taiwan
* Disclaimer: Clonezilla comes with ABSOLUTELY NO WARRANTY
ENDTEXT
4. die Orginale Datei: /isolinux/isolinux.cfg entfernen
und die selbst erstellte Datei einfügen
5. Speichern als neues ISO
ggf. auf CD-ROM brennen
auf eine USB-Festplatte machen zu können.
Downloaden der ISO z.B. clonezilla-live-20110530-natty.iso
http://clonezilla.org/downloads/alternative/iso-zip-files.php
Öffnen der ISO-Datei: clonezilla-live-20110530-natty.iso mit ISOMaster (http://www.littlesvr.ca/isomaster/)
1. Erstellen eines Verzeichnises "custom" in der ROOT des ISOs
2. Erstellen des Scripts "ocs-clientname.sh" für das Backup
in diesem Beispiel wird eine ext. USB-Festplatte
mittels uuid gemountet und nach /home/partimag gemountet
Das Script erzeuget ein Verzeichnis clientname_HHMMSSTTMMJJJJ in das das Backup geschrieben wird.
Script für /dev/sda
##!/bin/bash
# Author: Steven Shiau
# License: GPL
# When this script is ready, you can run
# /opt/drbl/sbin/ocs-iso -g en -k NONE -s -m ./custom-ocs
# to create the iso file for CD/DVD. or
# /opt/drbl/sbin/ocs-live-dev -g en -k NONE -s -c -m ./custom-ocs
# to create the zip file for USB flash drive.
# Begin of the scripts:
# Load DRBL setting and functions
if [ ! -f "/opt/drbl/sbin/drbl-conf-functions" ]; then
echo "Unable to find /opt/drbl/sbin/drbl-conf-functions! Program terminated!"
exit 1
fi
. /opt/drbl/sbin/drbl-conf-functions
. /opt/drbl/sbin/ocs-functions
# load the setting for clonezilla live.
[ -e /etc/ocs/ocs-live.conf ] && . /etc/ocs/ocs-live.conf
# Load language files. For English, use "en_US.UTF-8". For Traditional Chinese, use "zh_TW.UTF-8"
ask_and_load_lang_set en_US.UTF-8
# The above is almost necessary, it is recommended to include them in your own custom-ocs.
# From here, you can write your own scripts.
echo "#########################################################################################"
echo "# 1. Configure network"
#dhclient
echo "#########################################################################################"
echo "# 2. Mount the clonezilla image home"
mkdir /home/partimag
mount /dev/disk/by-uuid/9a467114-d745-4b53-b1ab-f70ca1918d0d /home/partimag
echo "#######################################after mounting, now showing mounts###########"
mount
echo "#########################################################################################"
echo "# 3. backing up sda"
/opt/drbl/sbin/ocs-sr -b -q -j2 -z1 -i 0 -p reboot savedisk "clientname_`date +%H%M%S_%d%m%Y`" "sda"
echo "#########################################################################################"
Script für /dev/hda
##!/bin/bash
# Author: Steven Shiau
# License: GPL
# When this script is ready, you can run
# /opt/drbl/sbin/ocs-iso -g en -k NONE -s -m ./custom-ocs
# to create the iso file for CD/DVD. or
# /opt/drbl/sbin/ocs-live-dev -g en -k NONE -s -c -m ./custom-ocs
# to create the zip file for USB flash drive.
# Begin of the scripts:
# Load DRBL setting and functions
if [ ! -f "/opt/drbl/sbin/drbl-conf-functions" ]; then
echo "Unable to find /opt/drbl/sbin/drbl-conf-functions! Program terminated!"
exit 1
fi
. /opt/drbl/sbin/drbl-conf-functions
. /opt/drbl/sbin/ocs-functions
# load the setting for clonezilla live.
[ -e /etc/ocs/ocs-live.conf ] && . /etc/ocs/ocs-live.conf
# Load language files. For English, use "en_US.UTF-8". For Traditional Chinese, use "zh_TW.UTF-8"
ask_and_load_lang_set en_US.UTF-8
# The above is almost necessary, it is recommended to include them in your own custom-ocs.
# From here, you can write your own scripts.
echo "#########################################################################################"
echo "# 1. Configure network"
#dhclient
echo "#########################################################################################"
echo "# 2. Mount the clonezilla image home"
mkdir /home/partimag
mount /dev/disk/by-uuid/9a467114-d745-4b53-b1ab-f70ca1918d0d /home/partimag
echo "#######################################after mounting, now showing mounts###########"
mount
echo "#########################################################################################"
echo "# 3. backing up hda"
/opt/drbl/sbin/ocs-sr -b -q -j2 -z1 -i 0 -p reboot savedisk "clientname_`date +%H%M%S_%d%m%Y`" "hda"
echo "#########################################################################################"
Wichtig ist das das Script: "ocs-clientname.sh" mittels chmod 755 ausführbar gemacht wird.
oder per ISOMaster mit change Permissions rwx-r-x-r-x
Wie findet man die uuid einer Partiton herraus ?
Booten mit der CloneZilla ISO/CD
Enter Commandline
$ sudo su -
# tune2fs -l /dev/sdbX | grep "Filesystem UUID:"
z.B.
# tune2fs -l /dev/sdb1 | grep "Filesystem UUID:"
3. Anpassung / Erstellung der Datei: isolinux/isolinux.cfg
# Since no network setting in the squashfs image, therefore if ip=frommedia, the network is disabled. That's what we want.
label Clonezilla clientname
# MENU HIDE
MENU LABEL Autobackup CLIENTNAME
# MENU PASSWD
kernel /live/vmlinuz
append initrd=/live/initrd.img boot=live hostname=natty config quiet noswap nolocales edd=on nomodeset ocs_live_run="/live/image/custom/ocs-clientname.sh" ocs_live_extra_param="" ocs_live_keymap="/usr/share/keymaps/i386/qwertz/de-latin1-nodeadkeys.kmap.gz" ocs_live_batch="yes" ocs_lang="en_US.UTF-8" video=uvesafb:mode_option=800x600-16 ip=frommedia
nosplash
TEXT HELP
* Clonezilla live version: 20110530-natty. (C) 2003-2011, NCHC, Taiwan
* Disclaimer: Clonezilla comes with ABSOLUTELY NO WARRANTY
ENDTEXT
4. die Orginale Datei: /isolinux/isolinux.cfg entfernen
und die selbst erstellte Datei einfügen
5. Speichern als neues ISO
ggf. auf CD-ROM brennen
Samstag, 29. Januar 2011
screen - ein schönes Tool
screen neue Session beginnen
Ctrl-a Ctrl-\ Quit screen
Ctrl-a d Detach but keep shell window open
screen –r Session nach Abbruch oder detach fortsetzen
Ctrl-a [ Start copy mode (friert Bildschirm ein)
Cursortasten, h,j,k,l Navigation im Copy mode
SPACE Markiert Anfangs- und Endpunkt im Copy mode
Ctrl-a ] Paste copied text
Ctrl-a Ctrl-\ Quit screen
Ctrl-a d Detach but keep shell window open
screen –r Session nach Abbruch oder detach fortsetzen
Ctrl-a [ Start copy mode (friert Bildschirm ein)
Cursortasten, h,j,k,l Navigation im Copy mode
SPACE Markiert Anfangs- und Endpunkt im Copy mode
Ctrl-a ] Paste copied text
Daten auf myDrive.ch verschlüsselt speichern
Getestet mit Ubuntu 10.10 (64bit)
0. Nötige Pakete installieren
1. MyDrive.ch account anlegen
2. Verschlüsselten Container erzeugen
3. Upload des Containers auf MyDrive
4. Mounten des Containters
5. Spass haben
0. sudo apt-get install cryptsetup davfs2
sudo mkdir /media/mydrive
sudo mkdir /media/cryptfs
1. per Browser auf http://www.mydrive.ch gehen
und einen Kostenloses Account anlegen
2. dd if=/dev/zero of=meins bs=1M count=256
(hier wird eine 256 MB grosse Datei erstellt mit dem Namen: meins)
sudo losetup /dev/loop0 meins
dd if=/dev/urandom of=/dev/loop0 bs=1M count=2
cryptsetup luksFormat -c aes-cbc-essiv:sha256 -s 256 -y /dev/loop
(hier Informieren was das beste Format für die Verschlüsselung ist)
cryptsetup luksOpen /dev/loop0
z.B.
sudo cryptsetup luksOpen /dev/loop0 myDrive
sudo mkfs.ext4 /dev/mapper/myDrive
sudo cryptsetup luksClose /dev/mapper/myDrive
sudo losetup -d /dev/loop0
3. Anmelden auf MyDrive.ch
die Datei: meins hochladen
4. Zuerst muss man myDrive.ch mounten
sudo mount.davfs https://webdav.mydrive.ch /media/mydrive
sudo losetup /dev/loop0 /media/mydrive/meins
sudo cryptsetup luksOpen /dev/loop0 myDrive
sudo mount /dev/mapper/myDrive /media/cryptfs
Abhängen des Filesystems:
sync
sudo umount /dev/mapper/myDrive
sudo cryptsetup luksClose /dev/mapper/myDrive
sudo losetup -d /dev/loop0
umount /media/mydrive
(Auch das unmounten kann lange dauern, je nach Internetverbindung)
0. Nötige Pakete installieren
1. MyDrive.ch account anlegen
2. Verschlüsselten Container erzeugen
3. Upload des Containers auf MyDrive
4. Mounten des Containters
5. Spass haben
0. sudo apt-get install cryptsetup davfs2
sudo mkdir /media/mydrive
sudo mkdir /media/cryptfs
1. per Browser auf http://www.mydrive.ch gehen
und einen Kostenloses Account anlegen
2. dd if=/dev/zero of=meins bs=1M count=256
(hier wird eine 256 MB grosse Datei erstellt mit dem Namen: meins)
sudo losetup /dev/loop0 meins
dd if=/dev/urandom of=/dev/loop0 bs=1M count=2
cryptsetup luksFormat -c aes-cbc-essiv:sha256 -s 256 -y /dev/loop
(hier Informieren was das beste Format für die Verschlüsselung ist)
cryptsetup luksOpen /dev/loop0
z.B.
sudo cryptsetup luksOpen /dev/loop0 myDrive
sudo mkfs.ext4 /dev/mapper/myDrive
sudo cryptsetup luksClose /dev/mapper/myDrive
sudo losetup -d /dev/loop0
3. Anmelden auf MyDrive.ch
die Datei: meins hochladen
4. Zuerst muss man myDrive.ch mounten
sudo mount.davfs https://webdav.mydrive.ch /media/mydrive
sudo losetup /dev/loop0 /media/mydrive/meins
sudo cryptsetup luksOpen /dev/loop0 myDrive
sudo mount /dev/mapper/myDrive /media/cryptfs
Abhängen des Filesystems:
sync
sudo umount /dev/mapper/myDrive
sudo cryptsetup luksClose /dev/mapper/myDrive
sudo losetup -d /dev/loop0
umount /media/mydrive
(Auch das unmounten kann lange dauern, je nach Internetverbindung)
Abonnieren
Posts (Atom)