Thursday, December 13, 2007

Wednesday, December 5, 2007

Establishing a Secure Remote Desktop Session

Once the SSH server is installed and active it is time to move to the other system. At the other system, log in to the remote system using the following command, which will establish the secure tunnel between the two systems:

 ssh -L 5900:localhost:5900 hostname

In the above example, hostname is either the hostname or IP address of the remote system. Log in using your account and password. The secure connection is now established and it is time to launch vncviewer so that it uses the secure tunnel. Leaving the ssh session running in the other terminal window, launch another terminal and enter the following command:

vncviewer localhost::5900

The vncviewer session will prompt for a password if one is required, and then launch the VNC viewer providing secure access to your desktop environment.

Run windows applications in Ubuntu

First, open a terminal window. Then add the repository's key to your system's list of trusted APT keys by copy and pasting the following:

wget -q http://wine.budgetdedicated.com/apt/387EE263.gpg -O- | sudo apt-key add -


For Ubuntu Feisty (7.04):
sudo wget http://wine.budgetdedicated.com/apt/sources.list.d/feisty.list -O /etc/apt/sources.list.d/winehq.list

then:

apt-get install wine

for run application:

wine Application-Name

More Information: http://www.winehq.org

Activate 3D Desktop in Ubuntu

1. Open a terminal window, type:
Code:
sudo apt-get install 3ddesktop
press enter

2. 3ddesktop should be installed.

3. you can type 3ddesk and press enter (normal user) in terminal to run this. (Use arrow keys to change desktops, enter to select that desktop
)

How to make a desktop launcher for 3d desktop:

1.Right click on an empty area in the taskbar, and click "add to panel"
2. Double click "custom application launcher"
3. Name: 3D Desktop changer
Comment: My cool 3D Desktop changer (or whatever you like)
Command: 3ddesk
Make sure you have "run in terminal" unchecked.
If you want, you can select an icon by clicking on "no icon" button.
4. CLick OK

To run 3ddesktop switcher, just click on the icon you just made on the panel.


Tuesday, December 4, 2007

Enable ACL in Ubuntu

for /samba partition:


# mount –o remount,acl /samba


To permanently enable ACL support, add acl after the defaults option in /etc/fstab:

/dev/mapper/VolGroup00-SambaVol /samba ext3 defaults,acl 0 0

Change monitor refresh rate in Ubuntu

If you have a non-standard setup you might be forced to do some manual
configuration. Edit /etc/X11/xorg.conf to do that.

What you want to change is the HorizSync and VertRefresh values in the
Monitor section. Here is an example from setup.

Section "Monitor"
Identifier "SyncMaster 975p"
VendorName "SAMSUNG"
ModelName "SyncMaster 975p"
HorizSync 30-96 <=============== VertRefresh 50-160 <=============== DisplaySize 361 271 Option "DPMS" EndSection

Wednesday, November 21, 2007

VMWare problem

libpng12.so.0: no version information available

just copy the /usr/lib/libpng12.so.0 to /usr/lib/vmware/lib/libpng12.so.0/

Change Webmin root password

/usr/share/webmin/changepass.pl /etc/webmin root

Monday, November 12, 2007

Webmin and smbldap-tools,user and password

Edit the file:

/usr/share/webmin/ldap-useradmin/save_user.cgi

and add under line (262):

elsif ($in{'passmode'} == 3) {
# Normal password entered - check restrictions
local $err = &useradmin::check_password_restrictions(
$in{'pass'}, $user);
&error($err) if ($err);
$pass = $pfx.&encrypt_password($in{'pass'});
$plainpass = $in{'pass'};

these lines:
open BUF, "-|" or
exec "/usr/sbin/slappasswd",
"-h","{SSHA}",
"-s","$pass";
$pass = ;

Wednesday, October 24, 2007

Install SWAT on Ubuntu

sudo apt-get install swat

apt-get install xinetd

then, sudo vi /etc/inetd.conf

and uncomment the line:

## swat stream tcp nowait.400 root /usr/sbin/tcpd \ /usr/sbin/swat

Then make an entry for Swat under xinetd with sudo vi /etc/xinetd.d/swat

And it should look like this:
# description: SAMBA SWAT
service swat
{
disable = no
socket_type = stream
protocol = tcp
#should use a more limited user here
user = root
wait = no
server = /usr/sbin/swat
}

Then:
sudo dpkg-reconfigure xinetd

to restart with the new configuration.

Now the netstat -lt should echo something similar to this:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:5666 *:* LISTEN
tcp 0 0 localhost:1026 *:* LISTEN
tcp 0 0 localhost:1027 *:* LISTEN
tcp 0 0 *:swat *:* LISTEN
tcp 0 0 localhost:mysql *:* LISTEN
tcp 0 0 *:netbios-ssn *:* LISTEN
tcp 0 0 *:10000 *:* LISTEN
tcp 0 0 *:1040 *:* LISTEN
tcp 0 0 *:munin *:* LISTEN
tcp 0 0 localhost:ipp *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 *:microsoft-ds *:* LISTEN
tcp6 0 0 *:2080 *:* LISTEN
tcp6 0 0 *:www *:* LISTEN
tcp6 0 0 *:ssh *:* LISTEN
Which indicates the swat service is running and listening to the correct 901 tcp port.

You might be able to access http://:901/

Monday, October 15, 2007

RIBS (Rsync Incremental Backup Script)

RIBS is an incremental backup system written in PHP which utilizes some common *nix programs (specifically rsync, ssh and cp). Incremental backups mean frequent backups can be done (i.e. hourly) with only around 2x the space of the full backup. Using rsync means that RIBS can act as both a backup script on a local machine, or as a script to backup several network hosts. It is designed to be highly configurable and highly informative to the system administrator. There is a high amount of error checking, and logging/email capabilities.

* Download the latest version of RIBS here:
http://jcay.com/php/scripts-and-programs/server-management/ribs-rsync-incremental-backup-script.html

* tar -xzvf ribs-x.x.tar.gz
* cd ribs-x.x
* ./ribs.php example hourly

example is a part in Configuration part of ribs-x.x file. You can change this part and make your config.

bad interpreter: No such file or directory

I get the following message when I try to run a simple test script. The same script runs on another machine very similar to my own.

./myfile: /bin/bash^M: bad interpreter: No such file or directory

The file does has execute rights.

In Windows, the end of a line is CRLF (Carriage-Return, Line-Feed). In Unix-like systems, it is just LF. So when you try to run that script, every line has an extra CR on the end.

The way to fix this is to use some sort of utility to fix that. You might use the utility dos2unix if you have it installed. You can install it by typing:

apt-get install tofrodos

Monday, October 8, 2007

Logging as “root” in Ubuntu

if one really wants to enable the GUI “root” login (not recommended, think again!), following command can be used:

gksu gdmsetup

A GUI opens. In the security tab, there is an option which can be used to allow local system administrator login. The option needs to be checked in order to allow the “root” login. I highly recommend you not to do so and if you are keen to do so, do not let it to remain that way and bring the system to its default state AS SOON AS POSSIBLE.

Friday, September 28, 2007

Build Icon for PNP in Nagios page

Run /pnp-latest/contrib/makeserviceextinfo.pl with nagios user,

this makes:

/usr/local/nagios/etc/pnp-extinfo.cfg

copy the above file into /usr/local/nagios/etc/objects/serviceextinfo.cfg

Nagios 3-D Status Map

When I click the "3-D Status Map" link my browser tries to download and save the statuswrl.cgi file ?

A)This will happen if you do not have a VRML client/plugin installed for your web browser. Installing a VRML plugin should resolve this issue.

Download from here:

http://freewrl.sourceforge.net/download.html

and install it!!

NRPE installtion: ssl libraries not found

In Ubuntu libssl-dev must be installed!!

Wednesday, September 26, 2007

Nagios Client for Windows

Download NSClient from:

http://nsclient.ready2run.nl/download.htm

then:

Copy pNSClient.exe, pdh.dll, psapi.dll and counters.defs in any directory on the machine you want to monitor. ie. (c:\nsclient).
Open a dos prompt in the installation directory
Run the following command : >pNSClient.exe /install
Type 'net start nsclient' on the command line or start the service 'Nagios Agent' in the services applet of the control panel.
The installation will create an entry for the service in the registry and create a new key to store parameters. The created key is the following:

HKEY_LOCAL_MACHINE\SOFTWARE\NSClient


Be careful of FIREWALL!!

Tuesday, September 25, 2007

An example for HYDRA!!

./hydra -C user.txt jost.connectaserver.de http-post-form "/test_check.php:login=^PASS^:access denied"

Comments:

./hydra -C (username and password file)
jost.connectaserver.de (Server name)
http-post-form (Service Type)
"1-/test_check.php:2-login=^PASS^:3-access denied"
1-the page on the server to GET or POST to
2-the POST/GET variables (taken from either the browser, or a proxy such as PAROS) with the varying usernames
and passwords in the "^USER^" and "^PASS^" placeholders
3-the string that it checks for an *invalid* login - any exception to this is counted as a success.

Installing SNMP

/usr/bin/ld: cannot find -lperl

Try adding a link with name libperl.so wich points to libperl.so.5.6.1
in /usr/lib/ 

Insall Samba as PDC with LDAP

Download the smbldap-installer script here:

wget http://majen.net/smbldap/smbldap-installer-latest.tgz

tar –xzvf smbldap-installer-(version number here).tgz

This will expand everything into a directory called smbldap-installer

cd smbldap-installer

Run:
./smbldap all

!!


Install Samba as Primary Domain Controller

1- apt-get update

2- apt-get upgrade

3- apt-get install ssh openssh-server

4- apt-get install acl

5- change fstab to enable ACL

6- apt-get install samba samba-common samba-doc libcupsys2-gnutls10 libkrb53 winbind smbclient

7- Edit smb.conf:
[global]
#Domain name
workgroup = MSHOME

# Sets the primary NetBIOS name of the Samba server
netbios name = CLIENT-PDC

# Sets a descriptive string for the Samba server
server string = %h

# The three passdb backends that are fully maintained (actively supported) by
# the Samba Team are: smbpasswd (being obsoleted), tdbsam (a tdb-based binary file
# format), and ldapsam (LDAP directory).
# Of these, only the ldapsam backend stores both POSIX (UNIX) and Samba user
# and group account information in a single repository.
# The smbpasswd and tdbsam backends store only Samba user accounts.
# It is recommended to use the tdbsam method for all simple systems.
# Use ldapsam for larger and more complex networks.
passdb backend = tdbsam

# Make domain logins query the Samba password db located on the samba server itself
security = user

# File for user mapping
username map = /etc/samba/smbusers

# lmhost: Uses a LAN Manager LMHOSTS file
# hosts: Uses the standard name resolution methods of the Unix system
# wins: Uses the WINS server
# bcast: Uses a broadcast method
name resolve order = wins bcast hosts

# Tells Samba to become the PDC
domain logons = yes

# Makes the PDC act as the central store for names of all windows clients,
# servers and printers
preferred master = yes

# Samba will act as a WINS server
wins support = yes

# Set CUPS for printing
printcap name = CUPS
printing = CUPS

# Default logon

#Drive letter under which the SAMBA share will appear in the Windows Explorer
logon drive = H:

# you can specify a Windows batch script that is executed as soon as a
# Windows workstation logs in
# This option specifies a Windows .BAT or .CMD file with lines
# ending in carriage-return/line feed that will be executed on the
# client after a user has logged on to the domain. Each logon
# script should be stored
# at the base of a share entitled [netlogin]
logon script = login.bat

# The base directory that supports the profiles
logon path = \\client-pdc\profile\%U


# Useradd scripts
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u
idmap uid = 15000-20000
idmap gid = 15000-20000


# sync smb passwords with linux passwords
passwd program = /usr/bin/passwd %u

# This option works like a Unix chat
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .

# Sends debug logs of the password-change process
# to the log files with a level of 100
passwd chat debug = yes

# Samba updates the standard Unix password db,
# when a user changes his encrypted password
unix password sync = yes

# set the loglevel
log level = 3

#Defines the users home directiory
[homes]
comment = Home

# specifies a list of users that should be allowed to login to this service
# %S: Name of present share
valid users = %S

# Allows the samba user to also write to their Samba directory
read only = no

# Does'nt allow others to browse the contents of the directory
browsable = no


[printers]
comment = All Printers
path = /var/spool/samba
printable = yes
guest ok = yes
browsable = no

# Make sure permissions are 755
# Contains scripts that the windows clients may use when they log into the domain
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
admin users = Administrator

# specifies a list of users that should be allowed to login to this service
# %u: Unix current username
valid users = %U
read only = no

# User roaming profiles.
# Make sure the direcory is owned and group owned by root
# Make sure its permission is 755
# Stores things such as favorite and desktop icons
[profile]
comment = User profiles
path = /home/samba/profiles
valid users = %U
create mode = 0600
directory mode = 0700
writable = yes
browsable = no

8- Create the directories for domain logons and profiles:
mkdir /home/samba
mkdir /home/samba/netlogon
mkdir /home/samba/profiles
mkdir /var/spool/samba
chmod 777 /var/spool/samba/
chown -R root:users /home/samba/
chmod -R 771 /home/samba

9- restart Samba:
/etc/init.d/samba restart

10- Edit /etc/nsswitch.conf. Change the line:

hosts: files dns

to:

hosts: files wins dns

11- Add the root user to the SAMBA password database. The root user (alias: Administrator) will be our domain administrator. This account is needed to add new computers to the SAMBA domain.

smbpasswd -a root

12- Create the file /etc/samba/smbusers and add the line by executing:

echo "root = Administrator" > /etc/samba/smbusers


13- Now test if the setup is correct:

smbclient -L localhost -U%

The output should look similar to this:

Domain=[MSHOME] OS=[Unix] Server=[Samba 3.0.24]

Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
Domain=[MSHOME] OS=[Unix] Server=[Samba 3.0.24]

Server Comment
--------- -------
CLIENT-PDC client-PDC server (Samba, Ubuntu)

Workgroup Master
--------- -------
DOMAIN MERCURY
MSHOME CLIENT-PDC
WORKGROUP XENON

14- Setup the default domain groups for windows:

net groupmap add ntgroup="Domain Admins" unixgroup=ntadmins
net groupmap add ntgroup="Domain Users" unixgroup=users
net groupmap add ntgroup="Domain Guests" unixgroup=nogroup

15-Now add a user, e.g. tom, to our Samba domain. You will have to add a user like this for each user account you want to connect to this SAMBA domain server.

15-1- Add a linux user tom:

useradd tom -m -G users

15-2- Add the linux user tom to the SAMBA password database:

smbpasswd -a tom


16- Now add a share that is accessible by all users.

mkdir -p /home/shares/allusers
chown -R root:users /home/shares/allusers/
chmod -R ug+rwx,o+rx-w /home/shares/allusers/

17- At the end of the file /etc/samba/smb.conf add the following lines:

[allusers]
comment = All Users
path = /home/shares/allusers
valid users = @users
force group = users
create mask = 0660
directory mask = 0771
writable = yes

18- restart Samba


19- acl Support:

With a Samba server, only the owner of a file or folder may change its permissions. When modifying the ACLs of files via the ACL dialog, you will need to login as the user who owns those files in order to make the changes. For files that will be managed by multiple administrators, change the owner of those files to Administrator or some other common user. To modify permissions of these files via the ACL dialog, you will need to login as this user.

20- Configure Windows XP clients

You should start the process for Windows XP clients by a complete Windows Update. After the release of Service Pack 2, Microsoft Windows way of dealing with profile has changed a bit. You will need to start by login into your Windows XP client locally as Administrator and execute :

gpedit.msc

then, you must navigate to :

Local Computer Policy / Computer Configuration / Administrative Templates / System / User Profiles

and change the setting of the key 'Do not check for user ownership of Roaming Profile Folders' from 'Not Configured' to 'Enable'. If that key is not present, you should try visiting Windows Update again. Then you can use 'File / Exit'. This is needed because WinXP actually checks ACL Permission in your profile file system (which isn't really that easy to develop under *NIX). Once this is completed, you can procede as for Windows 2000.

Alternatively, you can add the following registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"CompatibleRUPSecurity"=dword:00000001

Install Samba to join to Active Directory


Join SAMBA to Active Directory domain and File, Directory, and Share Access Controls


Step 1: Install the Required Packages

Code:
apt-get install krb5-user
apt-get install winbind samba



Step 2: Edit the /etc/krb5.conf File

Code:
[libdefaults]
default_realm = CONNECTA.LOCAL
ticket_lifetime = 24000

[realms]
CONNECTA.LOCAL = {
kdc = mercury.connecta.local
admin_server = mercury.connecta.local
default_domain = CONNECTA.LOCAL
}

[domain_realm]
.connecta.local = CONNECTA.LOCAL
connecta.local = CONNECTA.LOCAL
.kereberos.server = mercury.connecta.local


Step 3:
Edit /etc/samba/smb.conf
Notes: Change the NETBIOS name parameter to be correct for the server. Make a backup copy of the original file!!! ) Make the edits. The configuration shown is the bare minimum and doesn't share anything.
Code:
[global]
workgroup = CONNECTA
security = ads
netbios name =COPPELIUS001
realm = CONNECTA.LOCAL
preferred master = yes
encrypt passwords = yes
log file = /var/log/samba/%m
winbind separator = +
password server = mercury.connecta.local
idmap uid = 600-20000
idmap gid = 600-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = yes
guest account = nobody
template shell = /bin/bash
nt acl support = true

2) Test the configuration with the "testparm" command
Code:
testparm
Step 4: Edit /etc/nsswitch.conf to look like the example below
Code:
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis


Step 5: Modify the PAM settings

1) /etc/pam.d/common-account should contain only the following lines
Code:
account sufficient pam_winbind.so account required pam_unix.so

2) /etc/pam.d/common-auth should contain only the following lines
Code:
auth sufficient pam_winbind.so auth required pam_unix.so nullok_secure use_first_pass

3) Modify the /etc/pam.d/common-password file, so the max parameter is set to 50, similar to the one shown below
Code:
password required pam_unix.so nullok obscure min=4 max=50 md5

4) Make sure the /etc/pam.d/common-session file contains the following line
Code:
session required pam_mkhomedir.so umask=0022 skel=/etc/skel
Step 6: Make a directory to hold domain user home directories
Note: Use the value you put in the WORKGROUP tag of the /etc/samba/smb.conf file

Code (if you want to use WORKGROUP):
mkdir /home/DOMAIN

Step 7: Initialize Kerberos

1) Code:
kinit domain_admin_account@CONNECTA.LOCAL
Next check to be sure you got a ticket from the domain controller It's possible that With ADMINISTRATOR you have problem, then you must change ADMINSITRATOR's password on Active-Directory!!

2)KLIST Shows the current ticket(s):
Code:
klist

Step 8: Join the system to the set Computer name in /etc/hosts to fully qualified name (example: aspirin.CONNECTA.LOCAL)

Code:
net ads join -U administrator@CONNECTA.LOCAL

Error:
kinit(v5): Clock skew too great while getting initial => The time at server and client are not same, and must be synchronized.


Step 9: Restart Samba-related Services (Or reboot the server)

Note: The order is important

Code:
/etc/init.d/samba stop
/etc/init.d/winbind stop
/etc/init.d/samba start
/etc/init.d/winbind start


Step 8: Enable ACL (Access Control List) support for the file system

Code:
mount / -o remount,acl

If you want to add it at startup, edit /etc/fstab in the following way:

/dev/hda1 / ext3 defaults,acl 0 0

Now set up ACL tools, which allows us to assign ACL to files:

Code:
# apt-get install acl


Step 9: Make a directory for sharing

Example:

Code:
mkdir /home/masoud/share/newtest
chgrp "Domain Users" /home/masoud/share/newtest



Step 10: add share properties in smb.conf

Code:

[newtest]
path = /data
available = yes
browsable = yes
read only = no
public = yes
writable = yes
security mask = 0777
force security mode = 0
directory security mask = 0777
force directory security mode = 0
nt acl support = yes
store dos attributes = yes
dos filemode = yes


Step 11-1: Share permission management in WINDOWS

1. Launch the NT4 Server Manager and click on the Samba server you
want to administer. From the menu select Computer, then click on
Shared Directories.
2. Click on the share that you wish to manage and click the Properties
tab, then click the Permissions tab. Now you can add or change access
control settings as you wish.


or:

from Control Panel -> Administrative Tools
run Computer Management:

1. After launching the MMC with the Computer Management snap-in,
click the menu item Action and select Connect to another computer.
If you are not logged onto a domain you will be prompted to enter a
domain login user identifier and a password. This will authenticate
you to the domain. If you are already logged in with administrative
privilege, this step is not offered.
2. If the Samba server is not shown in the Select Computer box, type in
the name of the target Samba server in the field Name:. Now click the
on [+] next to System Tools, then on the [+] next to Shared Folders
in the left panel.
3. In the right panel, double-click on the share on which you wish to
set access control permissions. Then click the tab Share Permissions.
It is now possible to add access control entities to the shared folder.
Remember to set what type of access (full control, change, read) you
wish to assign for each entry


Warning:
Be careful. If you take away all permissions from the Everyone user without removing this user, effectively no user will be able to access the share. This is a result of what is known as ACL precedence. Everyone with no access means that MaryK who is part of the group Everyone will have no access even if she is given explicit full control access.


Step 11-2: Share permission management in UBUNTU

setfacl: This utility sets Access Control Lists (ACLs) of files and directories.
-R : Recursive
-m : Modify
-x : Delete

Code:
setfacl -R -m user:abrakhim:rwx /home/masoud/share/newtest


geftacl: This utility shows Access Control Lists (ACLs) of files and directories.

Code:
getfacl /home/masoud/share/newtest



===============================================================================

Map a Windows Folder to a Ubuntu Directory:

kinit abrakhim@CONNECTA.LOCAL

sudo mount -t cifs -o username=abrakhim //10.66.66.83/C$ /home/masoud/share/abrakhim

Use Twitter for SMS Notification in Nagios

First create an account on twitter to be used along with nagios. You probably also want to indicate that the account should be private via twitter settings in order for the whole internet not to see what is going on with you monitoring :). So go twitter and get an account.

Second, here is a piece of code for a script which I use as a notification handler:


#!/usr/bin/perl -w
use strict;
use Net::Twitter;
my $msg = shift;
my $twit = new Net::Twitter(username => "twitter_user",password => "twitter_pass");
if (defined($msg) && $msg !~ /^\s*$/) {
$twit->update($msg);
}

Don’t forget to replace twitter_user and twitter_pass with the details of twitter account you have created in above stage.

Now modify the nagios notification commands in the misc. commands config file (/etc/nagios/misccommands.cfg in my case) to utilize the erlier created twitter.pl script. I have the following definitions:


define command {
command_name notify-by-epager
command_line /path/to/twitter.pl "$NOTIFICATIONTYPE$ - $HOSTNAME$-$SERVICEDESC$ - $SERVICESTATE$ - $SERVICEOUTPUT$"
}

and the same for host-notify-by-epager.

Finally adjust your nagios contact definition to use the above commands for notifications and don’t forget to enable all the notifications you need


The above part will post all alerts to nagios twitter account. In order to be able to receive them via SMS or GTalk, add nagios twitter account as a friend to your personal twitter account (don’t forget to grant access to become a fried from nagios twitter account if you made it private) and follow up.

Note: in perl must install Twitter:

install Net::Twitter

or:


force install Twitter

Install new package in perl

perl -MCPAN -e shell

then in CPAN prompt type for example:

Install Nagios::Plugins

this command installs Nagios::Plugins!

Nagios Grapher - PNP Installation

Download the latest stable version from here and extract it to your favorite source path and change to this.

./configure --with-rrdtool=/usr/local/rrdtool/bin/rrdtool --with-perfdata-dir=/usr/local/nagios/share/perfdata/
make all
make install

Update 2 lines in nagios.cfg, this tells nagios how to process performance data:

process_performance_data=1
service_perfdata_command=process-service-perfdata

Edit one of your command files that is listed in nagios.cfg e.g. misccommands.cfg and add following lines.

define command{
command_name process-service-perfdata
command_line /usr/local/nagios/libexec/process_perfdata.pl
}


Now you have to define the service to process the performance data with PNP. To do this look at your service definitions in services.cfg and check the following option is set in your generic service template or specific service.

process_perf_data 1


This file can be created automatically using a script in the contrib directory, ./makeserviceextinfo, this creates a configuration file in nagios/etc. (Note: Only some entries are created, this will be corrected in version 3.

Now after restarting Nagios, when viewing a Service Detail there is an icon displayed that links through to a graph (once some data has been collected).


Note: The PHP5-GD package must be installed

Nagios Installation

Nagios is a host and service monitor designed to inform you of network problems before your clients, end-users or managers do. It has been designed to run under the Linux operating system, but works fine under most *NIX variants as well. The monitoring daemon runs intermittent checks on hosts and services you specify using external "plugins" which return status information to Nagios. When problems are encountered, the daemon can send notifications out to administrative contacts in a variety of different ways (email, instant message, SMS, etc.). Current status information, historical logs, and reports can all be accessed via a web browser.


You can use apt-get to install these packages by running the following commands:

sudo apt-get install apache2
sudo apt-get install build-essential
sudo apt-get install libgd2-dev


Become the root user.

sudo -s

Create a new nagios user account and give it a password.

/usr/sbin/useradd nagios
passwd nagios

On Ubuntu server edition (6.01 and possible newer versions), you will need to also add a nagios group (it's not created by default). You should be able to skip this step on desktop editions of Ubuntu.

/usr/sbin/groupadd nagios
/usr/sbin/usermod -G nagios nagios

Create a new nagcmd group for allowing external commands to be submitted through the web interface. Add both the nagios user and the apache user to the group.

/usr/sbin/groupadd nagcmd
/usr/sbin/usermod -G nagcmd nagios
/usr/sbin/usermod -G nagcmd www-data


Create a directory for storing the downloads.

mkdir ~/downloads
cd ~/downloads

Download the source code tarballs of both Nagios and the Nagios plugins (visit http://www.nagios.org/download/ for links to the latest versions). At the time of writing, the latest versions of Nagios and the Nagios plugins were 3.0b3 and 1.4.7, respectively.

wget http://osdn.dl.sourceforge.net/sourceforge/nagios/nagios-3.0b3.tar.gz
wget http://osdn.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.7.tar.gz


Extract the Nagios source code tarball.

cd ~/downloads
tar xzf nagios-3.0b3.tar.gz
cd nagios-3.0b3

Run the Nagios configure script, passing the name of the group you created earlier like so:

./configure --with-command-group=nagcmd

Compile the Nagios source code.

make all

Install binaries, init script, sample config files and set permissions on the external command directory.

make install
make install-init
make install-config
make install-commandmode


Sample configuration files have now been installed in the /usr/local/nagios/etc directory. These sample files should work fine for getting started with Nagios. You'll need to make just one change before you proceed...

Edit the /usr/local/nagios/etc/objects/contacts.cfg config file with your favorite editor and change the email address associated with the nagiosadmin contact definition to the address you'd like to use for receiving alerts.

vi /usr/local/nagios/etc/objects/contacts.cfg


Install the Nagios web config file in the Apache conf.d directory.

make install-webconf

Create a nagiosadmin account for logging into the Nagios web interface. Remember the password you assign to this account - you'll need it later.

htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Restart Apache to make the new settings take effect.

/etc/init.d/apache2 reload



Extract the Nagios plugins source code tarball.

cd ~/downloads
tar xzf nagios-plugins-1.4.7.tar.gz
cd nagios-plugins-1.4.7

Compile and install the plugins.

./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install



Configure Nagios to automatically start when the system boots.

ln -s /etc/init.d/nagios /etc/rcS.d/S99nagios

Verify the sample Nagios configuration files.

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

If there are no errors, start Nagios.

/etc/init.d/nagios start



You should now be able to access the Nagios web interface at the URL below. You'll be prompted for the username (nagiosadmin) and password you specified earlier.

The main page link is: http://localhost/nagios

Package installation in Ubuntu

apt-cache search package-name

apt-get install package-name

apt-get remove package-name

Connect to remote computer

ssh ip-address -l username

openssh must be installed first

if you have any ssh key then:

ssh -i ssh-key-file-name ip-address

Copy between two unix system

scp Origin username@ip(or computer name):Desrination


for example:

scp /mydir root@10.66.66.20:/newfolder

/mydir: origin folder

root: username in destination
10.66.66.20: IP for destination
/newfolder: Destination folder

Make ISO file from CD/DVD

dd if=/dev/scd0 of=file.iso


if: input device
of: output file

bis demnächst!