Friday, September 28, 2007

Build Icon for PNP in Nagios page

Run /pnp-latest/contrib/ with nagios user,

this makes:


copy the above file into /usr/local/nagios/etc/objects/serviceextinfo.cfg

Nagios 3-D Status Map

When I click the "3-D Status Map" link my browser tries to download and save the statuswrl.cgi file ?

A)This will happen if you do not have a VRML client/plugin installed for your web browser. Installing a VRML plugin should resolve this issue.

Download from here:

and install it!!

NRPE installtion: ssl libraries not found

In Ubuntu libssl-dev must be installed!!

Wednesday, September 26, 2007

Nagios Client for Windows

Download NSClient from:


Copy pNSClient.exe, pdh.dll, psapi.dll and counters.defs in any directory on the machine you want to monitor. ie. (c:\nsclient).
Open a dos prompt in the installation directory
Run the following command : >pNSClient.exe /install
Type 'net start nsclient' on the command line or start the service 'Nagios Agent' in the services applet of the control panel.
The installation will create an entry for the service in the registry and create a new key to store parameters. The created key is the following:


Be careful of FIREWALL!!

Tuesday, September 25, 2007

An example for HYDRA!!

./hydra -C user.txt http-post-form "/test_check.php:login=^PASS^:access denied"


./hydra -C (username and password file) (Server name)
http-post-form (Service Type)
"1-/test_check.php:2-login=^PASS^:3-access denied"
1-the page on the server to GET or POST to
2-the POST/GET variables (taken from either the browser, or a proxy such as PAROS) with the varying usernames
and passwords in the "^USER^" and "^PASS^" placeholders
3-the string that it checks for an *invalid* login - any exception to this is counted as a success.

Installing SNMP

/usr/bin/ld: cannot find -lperl

Try adding a link with name wich points to
in /usr/lib/ 

Insall Samba as PDC with LDAP

Download the smbldap-installer script here:


tar –xzvf smbldap-installer-(version number here).tgz

This will expand everything into a directory called smbldap-installer

cd smbldap-installer

./smbldap all


Install Samba as Primary Domain Controller

1- apt-get update

2- apt-get upgrade

3- apt-get install ssh openssh-server

4- apt-get install acl

5- change fstab to enable ACL

6- apt-get install samba samba-common samba-doc libcupsys2-gnutls10 libkrb53 winbind smbclient

7- Edit smb.conf:
#Domain name
workgroup = MSHOME

# Sets the primary NetBIOS name of the Samba server
netbios name = CLIENT-PDC

# Sets a descriptive string for the Samba server
server string = %h

# The three passdb backends that are fully maintained (actively supported) by
# the Samba Team are: smbpasswd (being obsoleted), tdbsam (a tdb-based binary file
# format), and ldapsam (LDAP directory).
# Of these, only the ldapsam backend stores both POSIX (UNIX) and Samba user
# and group account information in a single repository.
# The smbpasswd and tdbsam backends store only Samba user accounts.
# It is recommended to use the tdbsam method for all simple systems.
# Use ldapsam for larger and more complex networks.
passdb backend = tdbsam

# Make domain logins query the Samba password db located on the samba server itself
security = user

# File for user mapping
username map = /etc/samba/smbusers

# lmhost: Uses a LAN Manager LMHOSTS file
# hosts: Uses the standard name resolution methods of the Unix system
# wins: Uses the WINS server
# bcast: Uses a broadcast method
name resolve order = wins bcast hosts

# Tells Samba to become the PDC
domain logons = yes

# Makes the PDC act as the central store for names of all windows clients,
# servers and printers
preferred master = yes

# Samba will act as a WINS server
wins support = yes

# Set CUPS for printing
printcap name = CUPS
printing = CUPS

# Default logon

#Drive letter under which the SAMBA share will appear in the Windows Explorer
logon drive = H:

# you can specify a Windows batch script that is executed as soon as a
# Windows workstation logs in
# This option specifies a Windows .BAT or .CMD file with lines
# ending in carriage-return/line feed that will be executed on the
# client after a user has logged on to the domain. Each logon
# script should be stored
# at the base of a share entitled [netlogin]
logon script = login.bat

# The base directory that supports the profiles
logon path = \\client-pdc\profile\%U

# Useradd scripts
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u
idmap uid = 15000-20000
idmap gid = 15000-20000

# sync smb passwords with linux passwords
passwd program = /usr/bin/passwd %u

# This option works like a Unix chat
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .

# Sends debug logs of the password-change process
# to the log files with a level of 100
passwd chat debug = yes

# Samba updates the standard Unix password db,
# when a user changes his encrypted password
unix password sync = yes

# set the loglevel
log level = 3

#Defines the users home directiory
comment = Home

# specifies a list of users that should be allowed to login to this service
# %S: Name of present share
valid users = %S

# Allows the samba user to also write to their Samba directory
read only = no

# Does'nt allow others to browse the contents of the directory
browsable = no

comment = All Printers
path = /var/spool/samba
printable = yes
guest ok = yes
browsable = no

# Make sure permissions are 755
# Contains scripts that the windows clients may use when they log into the domain
comment = Network Logon Service
path = /home/samba/netlogon
admin users = Administrator

# specifies a list of users that should be allowed to login to this service
# %u: Unix current username
valid users = %U
read only = no

# User roaming profiles.
# Make sure the direcory is owned and group owned by root
# Make sure its permission is 755
# Stores things such as favorite and desktop icons
comment = User profiles
path = /home/samba/profiles
valid users = %U
create mode = 0600
directory mode = 0700
writable = yes
browsable = no

8- Create the directories for domain logons and profiles:
mkdir /home/samba
mkdir /home/samba/netlogon
mkdir /home/samba/profiles
mkdir /var/spool/samba
chmod 777 /var/spool/samba/
chown -R root:users /home/samba/
chmod -R 771 /home/samba

9- restart Samba:
/etc/init.d/samba restart

10- Edit /etc/nsswitch.conf. Change the line:

hosts: files dns


hosts: files wins dns

11- Add the root user to the SAMBA password database. The root user (alias: Administrator) will be our domain administrator. This account is needed to add new computers to the SAMBA domain.

smbpasswd -a root

12- Create the file /etc/samba/smbusers and add the line by executing:

echo "root = Administrator" > /etc/samba/smbusers

13- Now test if the setup is correct:

smbclient -L localhost -U%

The output should look similar to this:

Domain=[MSHOME] OS=[Unix] Server=[Samba 3.0.24]

Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
Domain=[MSHOME] OS=[Unix] Server=[Samba 3.0.24]

Server Comment
--------- -------
CLIENT-PDC client-PDC server (Samba, Ubuntu)

Workgroup Master
--------- -------

14- Setup the default domain groups for windows:

net groupmap add ntgroup="Domain Admins" unixgroup=ntadmins
net groupmap add ntgroup="Domain Users" unixgroup=users
net groupmap add ntgroup="Domain Guests" unixgroup=nogroup

15-Now add a user, e.g. tom, to our Samba domain. You will have to add a user like this for each user account you want to connect to this SAMBA domain server.

15-1- Add a linux user tom:

useradd tom -m -G users

15-2- Add the linux user tom to the SAMBA password database:

smbpasswd -a tom

16- Now add a share that is accessible by all users.

mkdir -p /home/shares/allusers
chown -R root:users /home/shares/allusers/
chmod -R ug+rwx,o+rx-w /home/shares/allusers/

17- At the end of the file /etc/samba/smb.conf add the following lines:

comment = All Users
path = /home/shares/allusers
valid users = @users
force group = users
create mask = 0660
directory mask = 0771
writable = yes

18- restart Samba

19- acl Support:

With a Samba server, only the owner of a file or folder may change its permissions. When modifying the ACLs of files via the ACL dialog, you will need to login as the user who owns those files in order to make the changes. For files that will be managed by multiple administrators, change the owner of those files to Administrator or some other common user. To modify permissions of these files via the ACL dialog, you will need to login as this user.

20- Configure Windows XP clients

You should start the process for Windows XP clients by a complete Windows Update. After the release of Service Pack 2, Microsoft Windows way of dealing with profile has changed a bit. You will need to start by login into your Windows XP client locally as Administrator and execute :


then, you must navigate to :

Local Computer Policy / Computer Configuration / Administrative Templates / System / User Profiles

and change the setting of the key 'Do not check for user ownership of Roaming Profile Folders' from 'Not Configured' to 'Enable'. If that key is not present, you should try visiting Windows Update again. Then you can use 'File / Exit'. This is needed because WinXP actually checks ACL Permission in your profile file system (which isn't really that easy to develop under *NIX). Once this is completed, you can procede as for Windows 2000.

Alternatively, you can add the following registry key:


Install Samba to join to Active Directory

Join SAMBA to Active Directory domain and File, Directory, and Share Access Controls

Step 1: Install the Required Packages

apt-get install krb5-user
apt-get install winbind samba

Step 2: Edit the /etc/krb5.conf File

default_realm = CONNECTA.LOCAL
ticket_lifetime = 24000

kdc = mercury.connecta.local
admin_server = mercury.connecta.local
default_domain = CONNECTA.LOCAL

.connecta.local = CONNECTA.LOCAL
connecta.local = CONNECTA.LOCAL
.kereberos.server = mercury.connecta.local

Step 3:
Edit /etc/samba/smb.conf
Notes: Change the NETBIOS name parameter to be correct for the server. Make a backup copy of the original file!!! ) Make the edits. The configuration shown is the bare minimum and doesn't share anything.
workgroup = CONNECTA
security = ads
netbios name =COPPELIUS001
preferred master = yes
encrypt passwords = yes
log file = /var/log/samba/%m
winbind separator = +
password server = mercury.connecta.local
idmap uid = 600-20000
idmap gid = 600-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = yes
guest account = nobody
template shell = /bin/bash
nt acl support = true

2) Test the configuration with the "testparm" command
Step 4: Edit /etc/nsswitch.conf to look like the example below
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis

Step 5: Modify the PAM settings

1) /etc/pam.d/common-account should contain only the following lines
account sufficient account required

2) /etc/pam.d/common-auth should contain only the following lines
auth sufficient auth required nullok_secure use_first_pass

3) Modify the /etc/pam.d/common-password file, so the max parameter is set to 50, similar to the one shown below
password required nullok obscure min=4 max=50 md5

4) Make sure the /etc/pam.d/common-session file contains the following line
session required umask=0022 skel=/etc/skel
Step 6: Make a directory to hold domain user home directories
Note: Use the value you put in the WORKGROUP tag of the /etc/samba/smb.conf file

Code (if you want to use WORKGROUP):
mkdir /home/DOMAIN

Step 7: Initialize Kerberos

1) Code:
kinit domain_admin_account@CONNECTA.LOCAL
Next check to be sure you got a ticket from the domain controller It's possible that With ADMINISTRATOR you have problem, then you must change ADMINSITRATOR's password on Active-Directory!!

2)KLIST Shows the current ticket(s):

Step 8: Join the system to the set Computer name in /etc/hosts to fully qualified name (example: aspirin.CONNECTA.LOCAL)

net ads join -U administrator@CONNECTA.LOCAL

kinit(v5): Clock skew too great while getting initial => The time at server and client are not same, and must be synchronized.

Step 9: Restart Samba-related Services (Or reboot the server)

Note: The order is important

/etc/init.d/samba stop
/etc/init.d/winbind stop
/etc/init.d/samba start
/etc/init.d/winbind start

Step 8: Enable ACL (Access Control List) support for the file system

mount / -o remount,acl

If you want to add it at startup, edit /etc/fstab in the following way:

/dev/hda1 / ext3 defaults,acl 0 0

Now set up ACL tools, which allows us to assign ACL to files:

# apt-get install acl

Step 9: Make a directory for sharing


mkdir /home/masoud/share/newtest
chgrp "Domain Users" /home/masoud/share/newtest

Step 10: add share properties in smb.conf


path = /data
available = yes
browsable = yes
read only = no
public = yes
writable = yes
security mask = 0777
force security mode = 0
directory security mask = 0777
force directory security mode = 0
nt acl support = yes
store dos attributes = yes
dos filemode = yes

Step 11-1: Share permission management in WINDOWS

1. Launch the NT4 Server Manager and click on the Samba server you
want to administer. From the menu select Computer, then click on
Shared Directories.
2. Click on the share that you wish to manage and click the Properties
tab, then click the Permissions tab. Now you can add or change access
control settings as you wish.


from Control Panel -> Administrative Tools
run Computer Management:

1. After launching the MMC with the Computer Management snap-in,
click the menu item Action and select Connect to another computer.
If you are not logged onto a domain you will be prompted to enter a
domain login user identifier and a password. This will authenticate
you to the domain. If you are already logged in with administrative
privilege, this step is not offered.
2. If the Samba server is not shown in the Select Computer box, type in
the name of the target Samba server in the field Name:. Now click the
on [+] next to System Tools, then on the [+] next to Shared Folders
in the left panel.
3. In the right panel, double-click on the share on which you wish to
set access control permissions. Then click the tab Share Permissions.
It is now possible to add access control entities to the shared folder.
Remember to set what type of access (full control, change, read) you
wish to assign for each entry

Be careful. If you take away all permissions from the Everyone user without removing this user, effectively no user will be able to access the share. This is a result of what is known as ACL precedence. Everyone with no access means that MaryK who is part of the group Everyone will have no access even if she is given explicit full control access.

Step 11-2: Share permission management in UBUNTU

setfacl: This utility sets Access Control Lists (ACLs) of files and directories.
-R : Recursive
-m : Modify
-x : Delete

setfacl -R -m user:abrakhim:rwx /home/masoud/share/newtest

geftacl: This utility shows Access Control Lists (ACLs) of files and directories.

getfacl /home/masoud/share/newtest


Map a Windows Folder to a Ubuntu Directory:

kinit abrakhim@CONNECTA.LOCAL

sudo mount -t cifs -o username=abrakhim //$ /home/masoud/share/abrakhim

Use Twitter for SMS Notification in Nagios

First create an account on twitter to be used along with nagios. You probably also want to indicate that the account should be private via twitter settings in order for the whole internet not to see what is going on with you monitoring :). So go twitter and get an account.

Second, here is a piece of code for a script which I use as a notification handler:

#!/usr/bin/perl -w
use strict;
use Net::Twitter;
my $msg = shift;
my $twit = new Net::Twitter(username => "twitter_user",password => "twitter_pass");
if (defined($msg) && $msg !~ /^\s*$/) {

Don’t forget to replace twitter_user and twitter_pass with the details of twitter account you have created in above stage.

Now modify the nagios notification commands in the misc. commands config file (/etc/nagios/misccommands.cfg in my case) to utilize the erlier created script. I have the following definitions:

define command {
command_name notify-by-epager

and the same for host-notify-by-epager.

Finally adjust your nagios contact definition to use the above commands for notifications and don’t forget to enable all the notifications you need

The above part will post all alerts to nagios twitter account. In order to be able to receive them via SMS or GTalk, add nagios twitter account as a friend to your personal twitter account (don’t forget to grant access to become a fried from nagios twitter account if you made it private) and follow up.

Note: in perl must install Twitter:

install Net::Twitter


force install Twitter

Install new package in perl

perl -MCPAN -e shell

then in CPAN prompt type for example:

Install Nagios::Plugins

this command installs Nagios::Plugins!

Nagios Grapher - PNP Installation

Download the latest stable version from here and extract it to your favorite source path and change to this.

./configure --with-rrdtool=/usr/local/rrdtool/bin/rrdtool --with-perfdata-dir=/usr/local/nagios/share/perfdata/
make all
make install

Update 2 lines in nagios.cfg, this tells nagios how to process performance data:


Edit one of your command files that is listed in nagios.cfg e.g. misccommands.cfg and add following lines.

define command{
command_name process-service-perfdata
command_line /usr/local/nagios/libexec/

Now you have to define the service to process the performance data with PNP. To do this look at your service definitions in services.cfg and check the following option is set in your generic service template or specific service.

process_perf_data 1

This file can be created automatically using a script in the contrib directory, ./makeserviceextinfo, this creates a configuration file in nagios/etc. (Note: Only some entries are created, this will be corrected in version 3.

Now after restarting Nagios, when viewing a Service Detail there is an icon displayed that links through to a graph (once some data has been collected).

Note: The PHP5-GD package must be installed

Nagios Installation

Nagios is a host and service monitor designed to inform you of network problems before your clients, end-users or managers do. It has been designed to run under the Linux operating system, but works fine under most *NIX variants as well. The monitoring daemon runs intermittent checks on hosts and services you specify using external "plugins" which return status information to Nagios. When problems are encountered, the daemon can send notifications out to administrative contacts in a variety of different ways (email, instant message, SMS, etc.). Current status information, historical logs, and reports can all be accessed via a web browser.

You can use apt-get to install these packages by running the following commands:

sudo apt-get install apache2
sudo apt-get install build-essential
sudo apt-get install libgd2-dev

Become the root user.

sudo -s

Create a new nagios user account and give it a password.

/usr/sbin/useradd nagios
passwd nagios

On Ubuntu server edition (6.01 and possible newer versions), you will need to also add a nagios group (it's not created by default). You should be able to skip this step on desktop editions of Ubuntu.

/usr/sbin/groupadd nagios
/usr/sbin/usermod -G nagios nagios

Create a new nagcmd group for allowing external commands to be submitted through the web interface. Add both the nagios user and the apache user to the group.

/usr/sbin/groupadd nagcmd
/usr/sbin/usermod -G nagcmd nagios
/usr/sbin/usermod -G nagcmd www-data

Create a directory for storing the downloads.

mkdir ~/downloads
cd ~/downloads

Download the source code tarballs of both Nagios and the Nagios plugins (visit for links to the latest versions). At the time of writing, the latest versions of Nagios and the Nagios plugins were 3.0b3 and 1.4.7, respectively.


Extract the Nagios source code tarball.

cd ~/downloads
tar xzf nagios-3.0b3.tar.gz
cd nagios-3.0b3

Run the Nagios configure script, passing the name of the group you created earlier like so:

./configure --with-command-group=nagcmd

Compile the Nagios source code.

make all

Install binaries, init script, sample config files and set permissions on the external command directory.

make install
make install-init
make install-config
make install-commandmode

Sample configuration files have now been installed in the /usr/local/nagios/etc directory. These sample files should work fine for getting started with Nagios. You'll need to make just one change before you proceed...

Edit the /usr/local/nagios/etc/objects/contacts.cfg config file with your favorite editor and change the email address associated with the nagiosadmin contact definition to the address you'd like to use for receiving alerts.

vi /usr/local/nagios/etc/objects/contacts.cfg

Install the Nagios web config file in the Apache conf.d directory.

make install-webconf

Create a nagiosadmin account for logging into the Nagios web interface. Remember the password you assign to this account - you'll need it later.

htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Restart Apache to make the new settings take effect.

/etc/init.d/apache2 reload

Extract the Nagios plugins source code tarball.

cd ~/downloads
tar xzf nagios-plugins-1.4.7.tar.gz
cd nagios-plugins-1.4.7

Compile and install the plugins.

./configure --with-nagios-user=nagios --with-nagios-group=nagios
make install

Configure Nagios to automatically start when the system boots.

ln -s /etc/init.d/nagios /etc/rcS.d/S99nagios

Verify the sample Nagios configuration files.

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

If there are no errors, start Nagios.

/etc/init.d/nagios start

You should now be able to access the Nagios web interface at the URL below. You'll be prompted for the username (nagiosadmin) and password you specified earlier.

The main page link is: http://localhost/nagios

Package installation in Ubuntu

apt-cache search package-name

apt-get install package-name

apt-get remove package-name

Connect to remote computer

ssh ip-address -l username

openssh must be installed first

if you have any ssh key then:

ssh -i ssh-key-file-name ip-address

Copy between two unix system

scp Origin username@ip(or computer name):Desrination

for example:

scp /mydir root@

/mydir: origin folder

root: username in destination IP for destination
/newfolder: Destination folder

Make ISO file from CD/DVD

dd if=/dev/scd0 of=file.iso

if: input device
of: output file

bis demnächst!