Monday, August 9, 2010

CentOS / Red Hat Configure an NTP Client And Server

Install ntp

The ntp package contains utilities and daemons that will synchronize your computer's time to Coordinated Universal Time (UTC) via the NTP protocol and NTP servers. The ntp packageincludes ntpdate (a program for retrieving the date and time from remote machines via a network) and ntpd (a daemon which continuously adjusts system time). Install the ntp package:
# yum install ntp

How do I configure an NTP Client?

Simply open /etc/ntp.conf file, enter:
# vi /etc/ntp.conf
Make sure the following line exists:
server ntp.server.com
Where,
  • ntp.server.com : the hostname or IP address of the site NTP server. If your ntp server located at 192.168.1.5, enter server 192.168.1.5. You can also use public ntp server located at ntp.org.
You can also run ntpd using cron:
# echo '30 * * * * root /usr/sbin/ntpd -q -u ntp:ntp' > /etc/cron.d/ntpd
The above instructs crond to run ntpd and after setting the clock just exit, and the -u option instructs it to run as the ntp user.

Configure an NTP Server

If you have lots of server and desktop system, configure your own NTP server. Your NTP server contacts a central NTP server,provided by your ISP or a public time
server located at ntp.org, to obtain accurate time data. The server then allows other machines on your network to request the time data. Our sample setup:
192.168.1.5            ==> CentOS / Fedora / RHEL NTPD Server.
202.54.1.5              ==> ISP remote NTP server.
192.168.1.0/24        ==> NTP clients including desktop systems.
First, install and enable ntpd on 192.168.1.5:
# yum install ntp
# chkconfig ntpd on

Now open /etc/ntp.conf:
# vi /etc/ntp.conf
Make sure the following line exits:
restrict default ignore
Above will deny all access to any machine, server or client. However, you need to specifically authorized policy settings. Set it as follows:
restrict 202.54.1.5 mask 255.255.255.245 nomodify notrap noquery
server 202.54.1.5
Replace 202.54.1.5 and mask with actual remote ISP or ntp.org NTP server IP. Save and close the file.

Configure NTP clients to access your NTP Server

Now, you need to allow legitimate NTP clients to access the Server. For example, allow 192.168.1.0/24 network to synchronize to this server located at 192.168.1.5. Open /etc/ntp.conf and add policy as follows:
# Hosts on local network are less restricted.
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
Update your firewall settings, open /etc/sysconfig/iptables.
# vi /etc/sysconfig/iptables
Add the following line, before the final LOG and DROP lines for the RH-Firewall-1-INPUT chain:
 -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 123 -j ACCEPT
Save and close the file. Finally, start ntpd:
# service ntpd start
# service iptables restart
# netstat -tulpn 


NTP to synchronize the system clock

Procedure

Login as the root user
Type the following command to install ntp
# yum install ntp
Turn on service
# chkconfig ntpd on
Synchronize the system clock with 0.pool.ntp.org server:
# ntpdate pool.ntp.org
Start the NTP:
# /etc/init.d/ntpd start

Tuesday, August 3, 2010

Setting up an SSL secured Webserver with CentOS

1. Getting the required software

For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache's interface to OpenSSL. Use yum to get them if you need them.
yum install mod_ssl openssl
Yum will either tell you they are installed or will install them for you.

2. Generate a self-signed certificate

Using OpenSSL we will generate a self-signed certificate. If you are using this on a production server you are probably likely to want a key from Trusted Certificate Authority, but if you are just using this on a personal site or for testing purposes a self-signed certificate is fine. To create the key you will need to be root so you can either su to root or use sudo in front of the commands
# Generate private key 
openssl genrsa -out ca.key 1024 

# Generate CSR 
openssl req -new -key ca.key -out ca.csr

# Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

# Move the files to the correct locations
mv ca.crt /etc/pki/tls/certs
mv ca.key /etc/pki/tls/private/ca.key
mv ca.csr /etc/pki/tls/private/ca.csr
Then we need to update the Apache SSL configuration file
vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf
Change the paths to match where the Key file is stored. If you've used the method above it will be
SSLCertificateFile /etc/pki/tls/certs/ca.crt
Then set the correct path for the Certificate Key File a few lines below. If you've followed the instructions above it is:
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Quit and save the file and then restart Apache
/etc/init.d/httpd restart
All being well you should now be able to connect over https to your server and see a default Centos page. As the certificate is self signed browsers will generally ask you whether you want to accept the certificate. Firefox 3 won't let you connect at all but you can override this.

Restart Apache again using
/etc/init.d/httpd restart



Monday, August 2, 2010

Zabbix installation for Cent OS

Zabbix Installation

We will be installing following components:

    *
      Zabbix Server (for gathering data)
    *
      Zabbix Agent (for monitoring)
    *
      Net-SNMP (for SNMP Support)
    *
      Jabber (for notifications)
    *
      OpenIPMI (for monitoring)
    *
      cURL (for web monitoring)
   
* For x86 (32-bit) systems
          o rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
                + From Dag Wieers

* For x64 (64-bit) systems
          o rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
                + From Dag Wieers
First install all the dependencies with yum using the command

# yum install zlib-devel mysql-devel glibc-devel curl-devel gcc automake mysql libidn-devel openssl-devel net-snmp-devel rpm-devel OpenIPMI-devel iksemel iksemel-devel rpm-build checkinstall php-mysql php-gd php-bcmath php-mbstring

wget http://downloads.sourceforge.net/project/zabbix/ZABBIX%20Latest%20Stable/1.8.2/zabbix-1.8.2.tar.gz?use_mirror=freefr

tar -xvf zabbix-1.8.1.tar

# cd zabbix-1.8.1
# ./configure --enable-server --with-mysql --with-net-snmp --with-jabber --with-libcurl --with-openipmi --enable-agent

# make

# checkinstall --nodoc --install=yes –y

**********************************************************************
Done. The new package has been installed and saved to
/usr/src/redhat/RPMS/i386/zabbix-1.8.2-1.i386.rpm
You can remove it from your system anytime using:
     rpm -e zabbix-1.8.2-1
**********************************************************************

Creating the MySQL DB

We will have to create a database for Zabbix and than import scripts which will do the rest for us.

First of make sure the mysql daemon is running using

# service mysqld status

If not you can start it with

# service mysqld start

If this is the first time mysql is started, you will probably get a message telling you that root has no password. Change the root password to something safe which you won’t forget with

# mysqladmin –u root password ‘new-password-here’

After the password has been set, its recommended to run the following script in your console to secure your mysql installation

# mysql_secure_installation

Now that we have set a root pw and secured our db we can connect to it, to create a new db for Zabbix.

# mysql – u root –p

and enter the password you set before. Than let us create the db with

mysql> create database zabbix character set utf8;

Next we want to tell mysql that our zabbix user hast he rights to mess with the db so lets give him all rights

mysql> grant all privileges on zabbix.* to ‘zabbix‘@‘localhost‘ identified by ‘set-password-here‘;
mysql> quit;

It's important to remember this password as we a going to need it for the Zabbix configs files. Now we are going to import the sql scripts into the db so we have tables, and data

# cd create/schema
# cat mysql.sql | mysql –u zabbix –p zabbix
# cd ../data
# cat data.sql | mysql –u zabbix –p zabbix
# cat images_mysql.sql | mysql –u zabbix -p zabbix

To make sure the script worked we can list the tables of the Zabbix database to see if any where created.

mysql> use zabbix;
mysql> show tables;
mysql> quit;

Configuring Zabbix

Now lets create a folder for Zabbix where the config files are stored and then copy the appropiet files.

# mkdir /etc/Zabbix
# cd ../..
# cp misc/conf/{zabbix_server.conf,zabbix_agentd.conf} /etc/zabbix/

For the beginning the Zabbix agent config file can be left as how it is, but we do need to tell Zabbix where our database is to be found, for that open /etc/zabbix/zabbix_server.conf with your favourite editor

# vi /etc/zabbix/zabbix_server.conf

Look for DBName, with nano you can do this with Ctrl+W, than type in DBName and press enter. The default value it is set to zabbix, so we can leave that as how it is, but we do need to change the user and password set DBUser to zabbix and DBPassword to the one you set during the mysql configuration above.

DBName=zabbix
DBUser=zabbix
DBPassword=your-zabbix-mysql-password

It is recommended to change the file permissions for the Zabbix config so not every user can just read the password out of our file

# chmod 400 /etc/zabbix/zabbix_server.conf
# chown zabbix /etc/zabbix/zabbix_server.conf

Now Zabbix knows where to connect to and with wich login information
Creating user Zabbix and running Zabbix Server

Zabbix is not ment to be executed by root, so we will have to create a Zabbix user to do the job for us.

# useradd –m –s /bin/bash zabbix

With the parameter –m we tell linux to create a home directory for the user and with –s /bin/bash we tell linux to let the user use the shell bash and were its located.

Now that the user is created we are going to log in with the user with

# su – Zabbix

su means run the shell under the user we specify and the – tells linux to load the environment of the user.

You should be able to recognise from the beginning of the prompt that we are logged in as Zabbix {zabbix@hostname ~}$

Now we can execute the script zabbix_agentd and zabbix_server which are found in /usr/local/sbin/

$ /usr/local/sbin/zabbix_agentd
$ /usr/local/sbin/zabbix_server

if all went well you should get any error messages.

To check if Zabbix is running we can grep the output of all running processes

$ ps -e | grep zabbix

You should see several processe runing as zabbix_server and zabbix_agentd

Its all nice that the server is up and runnin, but latest until the next reboot of the server, Zabbix wont be running anymore. To make the this process run automaticly we will have to add the server and the agent to the system startup sequence.
Creating startup scripts

Zabbix comes with startup scripts but it should be mentioned that this scripts are old. Never the less they still work and all that is needed to be done is one minor changes in the script.

Login in back to root

$ su -

After a successful login let us copy the scripts from our Zabbix source into our /etc/init.d/ folder. this can be done with the following command:

# cd zabbix-1.8.1
# cp misc/init.d/redhat/8.0/zabbix_* /etc/init.d/

this will copy zabbix_server and zabbix_agentd startup scripts.

Open zabbix_server with your favourite editor.

# vi /etc/init.d/zabbix_agentd

and than change the progdir to progdir=”/usr/local/sbin/” do the exactly the same with zabbix_agentd.

Now let us add it to the services with

# chkconfig --add zabbix_server
# chkconfig --add zabbix_agentd

all that is left, it to tell the system on which runlevels it should start them, we are going to use runlevel 3 and 5.

# chkconfig --level 35 zabbix_server on
# chkconfig --level 35 zabbix_agentd on

to verify that the changes have been made, we can use chkconfig to list all configurations with

# chkconfig --list

or to just show the zabbix services we can customize our output with grep

# chkconfig --list | grep zabbix

All that is left to be done, is to make these scripts executable, this is done with the following command

# chmod 755 /etc/init.d/zabbix_server
# chmod 755 /etc/init.d/zabbix_agentd

Now we can control our scripts with

# service zabbix_server {start|stop|restart|condrestart}

Installing the Web frontend

Most Likely Zabbix won't agree with all of your settings and will tell you to change them to the requiered settings. In my case these are all php related problems. Open php.ini with your favourite editor

# vi /etc/php.ini

and change following:

max_execution_time = 600
memory_limit = 256M
post_max_size = 32M
date.timezone =               (check on your server which zone your in #date [Rajat@rajat ~]$ date
                Mon Aug  2 18:47:02 IST 2010)
mbstring.func_overload = 2

service httpd restart


We have Zabbix Server and Agent installed and running on our server, we can control the them with services and they startup each time the machine boots into runlevel 3 or 5 but we still don’t have our Web frontend.

Once installed its time to copy the web files to the correct folder, with CentOS and Apache this would be /var/www/html/.

# mkdir /var/www/html/zabbix
# cp -r frontends/php/ /var/www/html/

To make the page access able through http://localhost/zabbix we will have to to rename the folder to zabbix.

# mv /var/www/html/php/ /var/www/html/zabbix

Now you should now be able to access the Web frontend trough http://localhost/zabbix

If you encoutner problems try checking if the httpd service is running. If it worked you should see the Welcome screen from Zabbix

Setup Zabbix Agent for Linux

1. wget http://downloads.sourceforge.net/zabbix/zabbix-1.8.2.tar.gz?fromerrorjs=1

2. tar -vxzf zabbix-1.8.2.tar.gz

3. cd zabbix-1.8.2

4. ./configure --enable-agent --prefix=/usr/local/zabbix

5. make install

6. mkdir /etc/zabbix

7. cp misc/conf/zabbix_agentd.conf /etc/zabbix/

8. cp misc/init.d/redhat/8.0/zabbix_agentd /etc/init.d/

9. chmod +x /etc/init.d/zabbix_agentd

10. adduser zabbix

11. chkconfig zabbix_agentd on

12. Edit /etc/zabbix/zabbix_agentd.conf, set Server to your Zabbix Server ip/domain and Hostname to your agent hostname.

13. Edit /etc/init.d/zabbix_agentd, set progdir FROM /usr/local/sbin TO progdir="/usr/local/zabbix/sbin/"

14. /etc/init.d/zabbix_agentd start

15. After than add the host to zabbix server and you can start monitor your agent server now.

User Activity, View Processes, Display Memory

1. List Processes based on %CPU and Memory Usage

This script list the processes based on %CPU and Memory usage, with out argument (by default), If you specify the argument (cpu or mem), it lists the processes based on CPU usage or memory usage.

$ vi processes.sh
#! /bin/bash
#List processes based on %cpu and memory usage

echo "Start Time" `date`
# By default, it display the list of processes based on the cpu and memory usage #
if [ $# -eq 0 ]
then

 echo "List of processes based on the %cpu Usage"
 ps -e -o pcpu,cpu,nice,state,cputime,args --sort pcpu  # sorted based on %cpu
 echo "List of processes based on the memory Usage"
 ps -e -orss=,args= | sort -b -k1,1n # sorted bases rss value

# If arguements are given (mem/cpu)
else
 case "$1" in
 mem)
  echo "List of processes based on the memory Usage"
   ps -e -orss=,args= | sort -b -k1,1n
  ;;
  cpu)
  echo "List of processes based on the %cpu Usage"
  ps -e -o pcpu,cpu,nice,state,cputime,args --sort pcpu
  ;;
  *)
  echo "Invalid Argument Given \n"
  echo "Usage : $0 mem/cpu"
  exit 1
  esac 

fi
echo "End Time" `date`
exit 0

#chmod +x processes.sh

You can execute the above script as shown below.

$ processes.sh

$ processes.sh mem

$ processes.sh cpu

2. Display Logged in users and who is using high CPU percentage

This script displays few information about the currently logged in users and what they are doing.

$ vi loggedin.sh
#! /bin/bash

w > /tmp/a

echo "Total number of unique users logged in currently"
cat /tmp/a|  sed '1,2d' | awk '{print $1}' | uniq | wc -l
echo ""

echo "List of unique users logged in currently"
cat /tmp/a | sed '1,2d'|  awk '{print $1}' | uniq
echo ""

echo "The user who is using high %cpu"
cat /tmp/a | sed '1,2d' | awk   '$7 > maxuid { maxuid=$7; maxline=$0 }; END { print maxuid, maxline }' 

echo ""
echo "List of users logged in and what they are doing"
cat /tmp/a

 # chmod +x loggedin.sh

 ./loggedin.sh 
Total number of unique users logged in currently
1

List of unique users logged in currently
root

The user who is using high %cpu
0.12s root     pts/0    99.33.7.252      Sat00   16:30m  0.12s  0.12s -bash

List of users logged in and what they are doing
 04:36:49 up 2 days, 20:12,  2 users,  load average: 0.11, 0.05, 0.01
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    99.33.7.252      Sat00   16:30m  0.12s  0.12s -bash
root     pts/1    122.181.129.226  04:17    0.00s  0.02s  0.00s /bin/bash ./log

3. Display Total, Used and Free Memory

The following script displays the total, used and free memory space.

$ vi mem.sh
#! /bin/bash

# Total memory space details

echo "Memory Space Details"
free -t -m | grep "Total" | awk '{ print "Total Memory space : "$2 " MB";
print "Used Memory Space : "$3" MB";
print "Free Memory : "$4" MB";
}'

echo "Swap memory Details"
free -t -m | grep "Swap" | awk '{ print "Total Swap space : "$2 " MB";
print "Used Swap Space : "$3" MB";
print "Free Swap : "$4" MB";
}'

#chmod +x mem.sh
[root@ip-10-202-215-149 ~]# ./mem.sh
Memory Space Details
Total Memory space : 2602 MB
Used Memory Space : 804 MB
Free Memory : 1797 MB
Swap memory Details
Total Swap space : 895 MB
Used Swap Space : 0 MB
Free Swap : 895 MB
[root@ip-10-202-215-149 ~]#