Extremely Serious

Category: Server

Tomcat 8.5 Service Basic Management

Service Creation

  1. Open a cmd terminal and change the current directory to the following:

    %CATALINA_HOME%\bin

    In this directory you will find the following files:

    • tomcat8.exe
    • tomcat8w.exe
  2. Copy the file tomcat8w.exe to CustomTomcat8w.exe.

    tomcat8w.exe is in the following pattern:

    <SERVICE_NAME>w.exe

    This makes the default service name set to tomcat8. Copying it to CustomTomcat8w.exe makes a service name of CustomTomcat8.

  3. Set the basic properties of the CustomTomcat8 service using the following command:

    tomcat8.exe //IS//CustomTomcat8 --DisplayName="Apache Custom Tomcat 8" --Install="%CATALINA_HOME%\bin\tomcat8.exe" --StartMode=jvm --StopMode=jvm --StartClass=org.apache.catalina.startup.Bootstrap --StartParams=start --StopClass=org.apache.catalina.startup.Bootstrap --StopParams=stop --Description="Apache Custom Tomcat 8 by Ron"
  4. Set the classpath using the following command:

    tomcat8.exe //US//CustomTomcat8 --Classpath="%CATALINA_HOME%\bin\bootstrap.jar;%CATALINA_HOME%\bin\tomcat-juli.jar"
  5. Set the JVM to use using the following command:

    tomcat8.exe //US//CustomTomcat8 --Jvm="%JAVA_HOME%\jre\bin\server\jvm.dll"
  6. Set some JVM options using the following command:

    tomcat8.exe //US//CustomTomcat8 --JvmOptions="-Dcatalina.home=%CATALINA_HOME%;-Dcatalina.base=%CATALINA_HOME%"
  7. Set logging using the following command:

    tomcat8.exe //US//CustomTomcat8 --LogLevel="Info" --LogPrefix="custom_tomcat8_service-" --LogPath="%CATALINA_HOME%\logs" --StdOutput="auto" --StdError="auto" --PidFile="tomcat8.pid"
  8. Set JVM memory using the following command:

    tomcat8.exe //US//CustomTomcat8 --JvmMs=512 --JvmMx=1024

Service Post Creation

  1. Using the file explorer, find the directory specified by your CATALINA_HOME environment variable and add the LOCAL SERVICE group on the security. Also add the permissions Full Control and Modify to it.

    For example if your CATALINA_HOME is pointing to C:\dev\tools\apache-tomcat-8.5.64 directory, expect something like the following as an output:

  2. Using the file explorer, navigate to %CATALINA_HOME%\bin directory and double click the CustomTomcat8w.exe file. Click the Java tab and ensure that the Java Virtual Machine field was correctly set. If not, update it accordingly.

    For example if your JAVA_HOME is pointing to C:\Program Files\Java\jdk1.8.0_271 directory, ensure that the Java Virtual Machine field is pointing to the correct location of the jvm.dll.

Service Execution

  1. Open a cmd terminal and change the current directory to the following:

    %CATALINA_HOME%\bin
  2. Run the CustomTomcat8 service using the following command:

    tomcat8.exe //RS//CustomTomcat8

Service Termination

  1. Open a cmd terminal and change the current directory to the following:

    %CATALINA_HOME%\bin
  2. Stop the CustomTomcat8 service using the following command:

    tomcat8.exe //SS//CustomTomcat8

Service Removal

  1. Open a cmd terminal and change the current directory to the following:

    %CATALINA_HOME%\bin
  2. Remove the CustomTomcat8 service using the following command:

    tomcat8.exe //DS//CustomTomcat8

Windows Services App

After the service creation was completed and without any error, we can also manage the service using the windows services app. Just look for the value of the --DisplayName parameter (i.e. Apache Custom Tomcat 8) when setting the basic properties of the service. This is depicted as follows by the following snapshot:

Reference

Configuring NRPE 4 Daemon and Plugin to Ubuntu 20.04

Installing NRPE

    1. Refresh the repository:
      sudo apt-get update
    2. Install the dependencies:
      sudo apt-get install autoconf automake gcc libc6 libmcrypt-dev make libssl-dev wget openssl -y
    3. Change the directory to your home directory:
      cd ~
    4. Download the nrpe 4 source codes:
      wget https://github.com/NagiosEnterprises/nrpe/releases/download/nrpe-4.0.3/nrpe-4.0.3.tar.gz
    5. Extract the downloaded source codes:
      tar xvf nrpe-4.0.3.tar.gz
    6. Change to the directory of the newly extracted source codes:
      cd nrpe-4.0.3
    7. Run the configure script that enables the command arguments for clients and uses ssl library:
      sudo ./configure --enable-command-args --with-ssl-lib=/usr/lib/x86_64-linux-gnu/
    8. Compile the source codes:
      sudo make all
    9. Install the nagios user and group:
      sudo make install-groups-users
    10. Install both NRPE daemon and check_nrpe plugin:
      sudo make install
    11. Install the nrpe config file (i.e. /usr/local/nagios/etc/nrpe.cfg):
      sudo make install-config
    12. Install the init script:
      sudo make install-init
    13. Enable the nrpe daemon:
      sudo systemctl enable nrpe.service
    14. Update allowed_hosts field in the /usr/local/nagios/etc/nrpe.cfg file: to include your nagios server address (e.g. your nagios server address is 10.0.0.174 the allowed hosts is as follows):
      allowed_hosts=127.0.0.1,::1,10.0.0.174
    15. Update the dont_blame_nrpe field: to 1 on the same configuration file to allow your clients to specify arguments:
      dont_blame_nrpe=1
    16. Start the nrpe daemon:
      sudo systemctl start nrpe.service

      The NRPE service is listening with the port 5666 by default.

Testing The NRPE Plugin

/usr/local/nagios/libexec/check_nrpe -H localhost

Expect to see the version of NRPE daemon

Related Post
Compiling NRPE 4 Plugin to Tinkerboard
Compiling Nagios Plugin 2.3.3 to Ubuntu 20.04

Configuring Nagios 4 to Tinkerboard

Installing Nagios

  1. Update the system:
    sudo apt-get update && sudo apt-get upgrade
  2. Install the dependencies:
    sudo apt-get install autoconf gcc libc6 make wget unzip apache2 php libapache2-mod-php libgd-dev libsasl2-modules mailutils -y
  3. Change the directory to your home directory:
    cd ~
  4. Download the nagios 4 source codes:
    wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.4.6.tar.gz
  5. Extract the downloaded source codes:
    tar xzf nagios-4.4.6.tar.gz
  6. Change to the directory of the newly extracted source codes:
    cd nagios-4.4.6
  7. Run the configure script with integration to apache2:
    ./configure --with-httpd-conf=/etc/apache2/sites-enabled
  8. Compile the source:
    sudo make all
  9. Install the nagios user and group:
    sudo make install-groups-users
  10. Make nagios user a member of the www-data group:
    sudo usermod -aG nagios www-data
  11. Install nagios.
    sudo make install
  12. Install the init script:
    sudo make install-init
  13. Initialize the init script:
    sudo make install-daemoninit
  14. Install and configures permissions on the directory for holding the external command:
    sudo make install-commandmode
  15. Install the sample config files on the /usr/local/nagios/etc directory:
    sudo make install-config
  16. Install the nagios config file to apache2:
    sudo make install-webconf
  17. Update the SUID of the ping command:
    sudo chmod 4755 /bin/ping

Installing the Nagios Plugins

  1. Run the following command:
    sudo apt install nagios-plugins
  2. Update the $USER1$ property in the /usr/local/nagios/etc/resource.cfg file to have /usr/lib/nagios/plugins like as follows:
    $USER1$=/usr/lib/nagios/plugins

Configuring Apache2 Web Server

  1. Enable the rewrite module:
    sudo a2enmod rewrite
  2. Enable the CGI module:
    sudo a2enmod cgi
  3. Create nagiosadmin as a nagios web user:
    sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

    Assign a strong password

  4. Restart the apache2 service:
    sudo systemctl restart apache2

Related Post
Configuring NRPE 4 Daemon and Plugin to Ubuntu 20.04
Compiling NRPE 4 Plugin to Tinkerboard

Configuring Postfix as a Relay

Installing Postfix

Run the following commands:

sudo apt-get update
sudo apt-get install postfix

Configuring Postfix

  1. Run the following command:
    sudo dpkg-reconfigure postfix

    Configuration questions:

    1. Select OK to proceed.
    2. Choose Satellite system.
    3. System Mail Name: <EMAIL_DOMAIN>
    4. SMTP relay host: <RELAY_HOST>

      Where RELAY_HOST must include the port number (e.g. 192.168.1.1:465).

    5. Root and postmaster mail recipient: root
    6. Other destinations to accept mail for: <EMAIL_DOMAIN>, localhost.localdomain, localhost
    7. Force synchronous updates on mail queue? No
    8. Local networks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    9. Mailbox size limit (bytes): 0
    10. Local address extension character: +
    11. Internet protocols to use: all

      Feel free to answer the preceding questions based on your setup. Just replace the EMAIL_DOMAIN (i.e. example.com) with a valid value.

  2. Create the file /etc/postfix/sasl_passwd with the following content:
    <RELAY_HOST> username:password
  3. Create a postfix database based on /etc/postfix/sasl_passwd using the following command:
    sudo postmap /etc/postfix/sasl_passwd
  4. Edit the file /etc/postfix/main.cf to have the following entries added or updated:
    smtp_tls_security_level = encrypt
    smtp_sasl_auth_enable = yes
    smtp_tls_wrappermode = yes
    smtp_sasl_security_options =
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
  5. Restart the postfix service with the following command:
    sudo systemctl restart postfix

Configuring Email Server with Postfix and Dovecot

Prerequisite

  • privkey.pem file
  • fullchain.pem file

Installing Postfix

Run the following commands:

sudo apt-get update
sudo apt-get install postfix

Configuring Postfix

  1. Run the following command:
    sudo dpkg-reconfigure postfix

    Configuration questions:

    1. Select OK to proceed.
    2. Choose Internet Site.
    3. System Mail Name: <EMAIL_DOMAIN>
    4. Other destinations for mail: <EMAIL_DOMAIN>, localhost.<EMAIL_DOMAIN>, localhost
    5. Force synchronous updates on mail queue?: No
    6. Local networks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    7. Use procmail for local delivery?: No
    8. Mailbox size limit (bytes): 0
    9. Local address extension character: +
    10. Internet protocols to use: all

    Feel free to answer the preceding questions based on your setup. Just replace the EMAIL_DOMAIN (i.e. example.com) with a valid value.

  2. Create the following folder:
    /etc/postfix/ssl
  3. Copy the your privkey.pem and fullchain.pem to /etc/postfix/ssl.
  4. Do additional configurations by executing the following commands:
    sudo postconf -e 'smtpd_sasl_local_domain ='
    sudo postconf -e 'smtpd_sasl_auth_enable = yes'
    sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
    sudo postconf -e 'broken_sasl_auth_clients = yes'
    sudo postconf -e 'smtpd_recipient_restrictions =  permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
    sudo postconf -e 'inet_interfaces = all'
    sudo postconf -e 'smtp_tls_security_level = may'
    sudo postconf -e 'smtpd_tls_security_level = may'
    sudo postconf -e 'smtpd_tls_auth_only = no'
    sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
    sudo postconf -e 'smtpd_tls_loglevel = 1'
    sudo postconf -e 'smtpd_tls_received_header = yes'
    sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
    sudo postconf -e 'tls_random_source = dev:/dev/urandom'	
    sudo postconf -e 'mua_client_restrictions = permit_sasl_authenticated,reject'
    sudo postconf -e 'mua_helo_restrictions = permit_mynetworks, permit_sasl_authenticated'
    sudo postconf -e 'mua_sender_restrictions = permit_sasl_authenticated'
    sudo postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/privkey.pem'
    sudo postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/fullchain.pem'
    sudo postconf -e 'myhostname = ronella.xyz'
  5. Create or update the /etc/postfix/sasl/smtpd.conf with the following:
    pwcheck_method: saslauthd
    mech_list: plain login
  6. In the /etc/postfix/master.cf file, uncomment the submission section and must be like the following entries:
    submission inet n       -       y       -       -       smtpd
      -o syslog_name=postfix/submission
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_reject_unlisted_recipient=no
      -o smtpd_client_restrictions=$mua_client_restrictions
      -o smtpd_helo_restrictions=$mua_helo_restrictions
      -o smtpd_sender_restrictions=$mua_sender_restrictions
      -o smtpd_recipient_restrictions=
      -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
      -o milter_macro_daemon_name=ORIGINATING
  7. Also in the same file, uncomment the smtps section and must be like the following entries:
    smtps     inet  n       -       y       -       -       smtpd
      -o syslog_name=postfix/smtps
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_reject_unlisted_recipient=no
      -o smtpd_client_restrictions=$mua_client_restrictions
      -o smtpd_helo_restrictions=$mua_helo_restrictions
      -o smtpd_sender_restrictions=$mua_sender_restrictions
      -o smtpd_recipient_restrictions=
      -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
      -o milter_macro_daemon_name=ORIGINATING
  8. Update the owner and group of /var/spool/postfix directory to become postfix as follows:
    sudo chown postfix:postfix /var/spool/postfix
  9. Restart the postfix service with the following command:
    sudo systemctl restart postfix

Installing SASL

Run the following command:

sudo apt-get install libsasl2-2 sasl2-bin libsasl2-modules

Configuring SASL

  1. Open the /etc/default/saslauthd file for editing.
  2. Search for START=no and change it like the following:
    START=yes
  3. Add the following entries just after preceding entry:
    PWDIR="/var/spool/postfix/var/run/saslauthd"
    PARAMS="-m ${PWDIR}"
    PIDFILE="${PWDIR}/saslauthd.pid"
  4. Search for OPTIONS="-c -m /var/run/saslauthd" and change it like the following:
    OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
  5. Update the dpkg state using the following command:
    sudo dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd
  6. Create a symbolic link using the following command:
    sudo ln -s /etc/default/saslauthd /etc/saslauthd
  7. Restart the sasl service using the following command:
    sudo service saslauthd restart

Installing Dovecot

Run the following command:

sudo apt-get install dovecot-core dovecot-imapd dovecot-pop3d

The default location of the mail directory is /var/mail.

Configuring Dovecot

  1. Update the certificate location in the file /etc/dovecot/conf.d/10-ssl.conf to be as follows:
    ssl_cert = </etc/postfix/ssl/fullchain.pem
    ssl_key = </etc/postfix/ssl/privkey.pem
  2. Restart the dovecot service using the following command:
    sudo service dovecot restart

Related Posts
Basic Postfix Management
Creating an Email Alias
MailScanner with Postfix