Extremely Serious

Category: Linux (Page 1 of 2)

Using dos2unix

Sometimes we wrote a script intended for linux but we are using windows. However, when we deploy the script to linux it doesn't work.

For example you've created the file helloworld.sh in windows with the following content:

#!/bin/sh
echo "Hello World"

Transport helloworld.sh to linux and make it executable (i.e. using the command chmod 755 helloworld.sh). Execute it using the following command:

./helloworld.sh

Expect to see something similar to the following error:

-bash: ./helloworld.sh: /bin/sh^M: bad interpreter: No such file or directory

To remedy this, run dos2unix command with helloworld.sh as follows:

dos2unix helloworld.sh

Expect an output similar to the following:

dos2unix: converting file helloworld.sh to Unix format...

After this, execute the helloworld.sh again and expect no error.

Requesting for Certificate with certbot-auto

Requesting for certificate

certbot-auto certonly -m <EMAIL_NAME> --webroot -w <WEBROOT_PATH> -d <DOMAIN_NAMES>

Example

certbot-auto certonly -m admin@example.com --webroot -w /usr/share/nginx/www -d www.example.com

Expanding your certificates

certbot-auto certonly --webroot --agree-tos -w <WEBROOT_PATH> --expand -d <DOMAIN_NAMES>

Example

certbot-auto certonly --webroot --agree-tos -w /usr/share/nginx/blog --expand -d blog.example.com

Display information about certificates you have from Certbot

certbot-auto certificates

Installing Jenkins in Ubuntu

Requirement

  • Java 8 +

Installing Jenkins

  1. Install the jenkins key:
    wget -q -O - https://pkg.jenkins.io/debian/jenkins.io.key | sudo apt-key add -
  2. Register the jenkins source:
    sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'
  3. Add the universe repository:
    sudo add-apt-repository universe
  4. Update the repository:
    sudo apt-get update
  5. Install jenkins:
    sudo apt-get install jenkins -y

Preparing Jenkins

  1. Access jenkins:
    http://localhost:8080/
  2. Use the password found from the following file for Administrator Password:
    sudo less /var/lib/jenkins/secrets/initialAdminPassword
  3. In Getting Started page select:
    Install suggested plugins
  4. Create the first admin user.
  5. Provide the Jenkins URL in the Instance Configuration.
  6. Click the Start using Jenkins button.

Monitoring Artifactory Service with Nagios

Requirement

  • check_jmx plugin

Enable JMX on Artifactory

  1. Update the /var/opt/jfrog/artifactory/etc/default file to add the following:
    export JAVA_OPTIONS="$JAVA_OPTIONS -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5000 -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"

    If you wanted to connect remotely (e.g. jconsole) add the following argument:

    -Djava.rmi.server.hostname=<IP_ADDRESS>
  2. Restart the artifactory service:
    sudo systemctl restart artifactory.service

Testing with check_jmx plugin

/usr/local/nagios/libexec/check_jmx/nagios/plugin/check_jmx -U service:jmx:rmi:///jndi/rmi://localhost:5000/jmxrmi -O "org.jfrog.artifactory:instance=Artifactory, type=Storage,prop=Binary Storage" -A Size

Expect to see something similar to the following output:

JMX OK Size=377653571

Related Post
Downloading the Nagios check_jmx Plugin in Ubuntu

Compiling Nagios Plugin 2.3.3 to Ubuntu 20.04

Installing the Nagios Plugins

  1. Refresh the repository:
    sudo apt-get update
  2. Install the dependencies:
    sudo apt-get install -y autoconf gcc libc6 libmcrypt-dev make libssl-dev wget bc gawk dc build-essential snmp libnet-snmp-perl gettext
  3. Change the directory to your home directory:
    cd ~
  4. Download the nagios plugins source codes:
    wget --no-check-certificate -O nagios-plugins.tar.gz https://github.com/nagios-plugins/nagios-plugins/archive/release-2.3.3.tar.gz
  5. Extract the downloaded source codes:
    tar zxf nagios-plugins.tar.gz
  6. Change to the directory of the newly extracted source codes:
    cd nagios-plugins-release-2.3.3
  7. Setup and configure:
    sudo ./tools/setup
    sudo ./configure
  8. Compile the source codes:
    sudo make
  9. Install the plugins to /usr/local/nagios/libexec directory:
    sudo make install

Configuring NRPE 4 Daemon and Plugin to Ubuntu 20.04

Installing NRPE

    1. Refresh the repository:
      sudo apt-get update
    2. Install the dependencies:
      sudo apt-get install autoconf automake gcc libc6 libmcrypt-dev make libssl-dev wget openssl -y
    3. Change the directory to your home directory:
      cd ~
    4. Download the nrpe 4 source codes:
      wget https://github.com/NagiosEnterprises/nrpe/releases/download/nrpe-4.0.3/nrpe-4.0.3.tar.gz
    5. Extract the downloaded source codes:
      tar xvf nrpe-4.0.3.tar.gz
    6. Change to the directory of the newly extracted source codes:
      cd nrpe-4.0.3
    7. Run the configure script that enables the command arguments for clients and uses ssl library:
      sudo ./configure --enable-command-args --with-ssl-lib=/usr/lib/x86_64-linux-gnu/
    8. Compile the source codes:
      sudo make all
    9. Install the nagios user and group:
      sudo make install-groups-users
    10. Install both NRPE daemon and check_nrpe plugin:
      sudo make install
    11. Install the nrpe config file (i.e. /usr/local/nagios/etc/nrpe.cfg):
      sudo make install-config
    12. Install the init script:
      sudo make install-init
    13. Enable the nrpe daemon:
      sudo systemctl enable nrpe.service
    14. Update allowed_hosts field in the /usr/local/nagios/etc/nrpe.cfg file: to include your nagios server address (e.g. your nagios server address is 10.0.0.174 the allowed hosts is as follows):
      allowed_hosts=127.0.0.1,::1,10.0.0.174
    15. Update the dont_blame_nrpe field: to 1 on the same configuration file to allow your clients to specify arguments:
      dont_blame_nrpe=1
    16. Start the nrpe daemon:
      sudo systemctl start nrpe.service

      The NRPE service is listening with the port 5666 by default.

Testing The NRPE Plugin

/usr/local/nagios/libexec/check_nrpe -H localhost

Expect to see the version of NRPE daemon

Related Post
Compiling NRPE 4 Plugin to Tinkerboard
Compiling Nagios Plugin 2.3.3 to Ubuntu 20.04

Compiling NRPE 4 Plugin to Tinkerboard

Installing NRPE

  1. Refresh the repository:
    sudo apt-get update
  2. Install the dependencies:
    sudo apt-get install libssl-dev -y
  3. Change the directory to your home directory:
    cd ~
  4. Download the nrpe 4 source codes:
    wget https://github.com/NagiosEnterprises/nrpe/releases/download/nrpe-4.0.3/nrpe-4.0.3.tar.gz
  5. Extract the downloaded source codes:
    tar xvf nrpe-4.0.3.tar.gz
  6. Change to the directory of the newly extracted source codes:
    cd nrpe-4.0.3
  7. Run the configure script:
    ./configure
  8. Compile the check_nrpe plugin only:
    sudo make check_nrpe
  9. Install the newly compiled plugin:
    sudo make install-plugin
  10. Update the file /usr/local/nagios/etc/objects/commands.cfg to add the following entry:
    define command {
    	command_name    check_nrpe
    	command_line    /usr/local/nagios/libexec/check_nrpe -H $HOSTADDRESS$ -t 30 -c $ARG1$ $ARG2$
    }

Testing The Plugin

Using the command check_nrpe we can check the load on the host 10.0.0.202 (i.e. NRPE daemon must be configured and listening on port 5666) using the following command:

/usr/local/nagios/libexec/check_nrpe -H 10.0.0.202 -c check_load

Expect to see the output of the check_load plugin executed on the host 10.0.0.202

Configuring Nagios 4 to Tinkerboard

Installing Nagios

  1. Update the system:
    sudo apt-get update && sudo apt-get upgrade
  2. Install the dependencies:
    sudo apt-get install autoconf gcc libc6 make wget unzip apache2 php libapache2-mod-php libgd-dev libsasl2-modules mailutils -y
  3. Change the directory to your home directory:
    cd ~
  4. Download the nagios 4 source codes:
    wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.4.6.tar.gz
  5. Extract the downloaded source codes:
    tar xzf nagios-4.4.6.tar.gz
  6. Change to the directory of the newly extracted source codes:
    cd nagios-4.4.6
  7. Run the configure script with integration to apache2:
    ./configure --with-httpd-conf=/etc/apache2/sites-enabled
  8. Compile the source:
    sudo make all
  9. Install the nagios user and group:
    sudo make install-groups-users
  10. Make nagios user a member of the www-data group:
    sudo usermod -aG nagios www-data
  11. Install nagios.
    sudo make install
  12. Install the init script:
    sudo make install-init
  13. Initialize the init script:
    sudo make install-daemoninit
  14. Install and configures permissions on the directory for holding the external command:
    sudo make install-commandmode
  15. Install the sample config files on the /usr/local/nagios/etc directory:
    sudo make install-config
  16. Install the nagios config file to apache2:
    sudo make install-webconf
  17. Update the SUID of the ping command:
    sudo chmod 4755 /bin/ping

Installing the Nagios Plugins

  1. Run the following command:
    sudo apt install nagios-plugins
  2. Update the $USER1$ property in the /usr/local/nagios/etc/resource.cfg file to have /usr/lib/nagios/plugins like as follows:
    $USER1$=/usr/lib/nagios/plugins

Configuring Apache2 Web Server

  1. Enable the rewrite module:
    sudo a2enmod rewrite
  2. Enable the CGI module:
    sudo a2enmod cgi
  3. Create nagiosadmin as a nagios web user:
    sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

    Assign a strong password

  4. Restart the apache2 service:
    sudo systemctl restart apache2

Related Post
Configuring NRPE 4 Daemon and Plugin to Ubuntu 20.04
Compiling NRPE 4 Plugin to Tinkerboard

Finding out the Banned IPs of Fail2Ban

Use the following command to find out the active jail names:

sudo fail2ban-client status

Use the following command to find out the banned IP by jail name:

sudo fail2ban-client status <JAIL_NAME>

Where:

JAIL_NAME The name of the jail.

Example:

Use the following command to find out all the banned IPs of an sshd jail name:

sudo fail2ban-client status sshd

Configuring Postfix as a Relay

Installing Postfix

Run the following commands:

sudo apt-get update
sudo apt-get install postfix

Configuring Postfix

  1. Run the following command:
    sudo dpkg-reconfigure postfix

    Configuration questions:

    1. Select OK to proceed.
    2. Choose Satellite system.
    3. System Mail Name: <EMAIL_DOMAIN>
    4. SMTP relay host: <RELAY_HOST>

      Where RELAY_HOST must include the port number (e.g. 192.168.1.1:465).

    5. Root and postmaster mail recipient: root
    6. Other destinations to accept mail for: <EMAIL_DOMAIN>, localhost.localdomain, localhost
    7. Force synchronous updates on mail queue? No
    8. Local networks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    9. Mailbox size limit (bytes): 0
    10. Local address extension character: +
    11. Internet protocols to use: all

      Feel free to answer the preceding questions based on your setup. Just replace the EMAIL_DOMAIN (i.e. example.com) with a valid value.

  2. Create the file /etc/postfix/sasl_passwd with the following content:
    <RELAY_HOST> username:password
  3. Create a postfix database based on /etc/postfix/sasl_passwd using the following command:
    sudo postmap /etc/postfix/sasl_passwd
  4. Edit the file /etc/postfix/main.cf to have the following entries added or updated:
    smtp_tls_security_level = encrypt
    smtp_sasl_auth_enable = yes
    smtp_tls_wrappermode = yes
    smtp_sasl_security_options =
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
  5. Restart the postfix service with the following command:
    sudo systemctl restart postfix
« Older posts