Posts Tagged shell

iSCSI SAN for CentOS 5.4


Well I guess I could have used OpenFiler for this… BUT here are a few steps to creating your own SAN-type-thing on CentOS 5.4…

#!/bin/bash
# iSCSI SAN for CentOS5.4
cd /usr/src
# Get the iscsi package
wget http://sourceforge.net/projects/iscsitarget/files/iscsitarget/1.4.20/iscsitarget-1.4.20.tar.gz/download
yum -y install kernel-devel openssl-devel gcc rpm-build make automake autoconf # you may already have these, this was a newer build for me so I didn’t…
tar -xzvf iscsitarget-1.4.20.tar.gz
cd iscsitarget-1.4.20
make
make install

# Name the disk
echo “Ok, I am going to name the disk for you”
echo “iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead” # awk only needed if u use FQDN’s
echo “BUT… you need to tell me what disk to use…”
df -h
echo “Type in the full path to your disk, i.e.(/dev/<md3>)”
read dname
touch /etc/initiators.allow
idname=”`echo iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead:$dname`”
echo “$idname 192.168.11.0/24” >> /etc/initiators.allow
touch /etc/initiators.deny
echo “ALL:ALL” >> /etc/initiators.deny
touch /etc/ietd.conf
echo “Target iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead:$dname” >> /etc/ietd.conf
echo ”        IncomingUser <uname>    <passwd>” >> /etc/ietd.conf
echo ”        OutgoingUser <uname>    <passwd>” >> /etc/ietd.conf
echo ”        Lun 0 Path=/dev/SAN/diskname,Type=fileio,IOMode=wb” >> /etc/ietd.conf
echo ”        Alias iSCSI for diskname” >> /etc/ietd.conf
echo ”        ImmediateData Yes” >> /etc/ietd.conf
echo ”        MaxConnections 1″ >> /etc/ietd.conf
echo ”        InitialR2T Yes” >> /etc/ietd.conf
yum -y install iscsi-initiator-utils open-iscsi
echo “InitiatorName=iqn.2010-04.factslx01-sanhead:factslx01” >> /etc/iscsi/initiatorname.iscsi
# /etc/iscsi/iscsid.conf
mv /etc/iscsi/iscsid.conf /etc/iscsi/iscsid.conf.bak
touch /etc/iscsi/iscsid.conf
chmod 600 /etc/iscsi/iscsid.conf
echo “# Default Settings” /etc/iscsi/iscsid.conf
echo “# Default Settings” /etc/iscsi/iscsid.conf
echo “#node.startup = automatic” /etc/iscsi/iscsid.conf
echo “#node.session.timeo.replacement_timeout = 120” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.login_timeout = 15” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.logout_timeout = 15” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.noop_out_interval = 5” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.noop_out_timeout = 5” /etc/iscsi/iscsid.conf
echo “#node.session.err_timeo.abort_timeout = 15” /etc/iscsi/iscsid.conf
echo “#node.session.err_timeo.lu_reset_timeout = 20” /etc/iscsi/iscsid.conf
echo “#node.session.initial_login_retry_max = 8” /etc/iscsi/iscsid.conf
echo “#node.session.cmds_max = 128” /etc/iscsi/iscsid.conf
echo “#node.session.queue_depth = 32” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.InitialR2T = No” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.ImmediateData = Yes” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.FirstBurstLength = 262144” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.MaxBurstLength = 16776192” /etc/iscsi/iscsid.conf
echo “#node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144” /etc/iscsi/iscsid.conf
echo “#discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768” /etc/iscsi/iscsid.conf
echo “#node.conn[0].iscsi.HeaderDigest = None” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.FastAbort = Yes” /etc/iscsi/iscsid.conf
echo “#” /etc/iscsi/iscsid.conf
echo “# Custom Settings” /etc/iscsi/iscsid.conf
echo “node.startup = automatic” /etc/iscsi/iscsid.conf
echo “node.session.auth.authmethod = CHAP” /etc/iscsi/iscsid.conf
echo “node.session.auth.username = <uname>” /etc/iscsi/iscsid.conf
echo “node.session.auth.password = <passwd>” /etc/iscsi/iscsid.conf
echo “node.session.auth.username_in = <uname>” /etc/iscsi/iscsid.conf
echo “node.session.auth.password_in = <passwd>” /etc/iscsi/iscsid.conf
echo “node.session.timeo.replacement_timeout = 120” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.login_timeout = 15” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.logout_timeout = 15” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.noop_out_interval = 10” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.noop_out_timeout = 15” /etc/iscsi/iscsid.conf
echo “node.session.initial_login_retry_max = 10” /etc/iscsi/iscsid.conf
echo “node.session.cmds_max = 128” /etc/iscsi/iscsid.conf
echo “node.session.queue_depth = 32” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.InitialR2T = No” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.ImmediateData = Yes” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.FirstBurstLength = 262144” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.MaxBurstLength = 16776192” /etc/iscsi/iscsid.conf
echo “node.conn[0].iscsi.MaxRecvDataSegmentLength = 131072” /etc/iscsi/iscsid.conf
echo “discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.FastAbort = No” /etc/iscsi/iscsid.conf
echo “# EOF” /etc/iscsi/iscsid.conf
service iscsi start
i=”`ifconfig |grep -v 127.0.0.1|grep “inet addr:” |awk -F “:” ‘{print $2}’|cut -c 1-14`”
iscsiadm -m discovery -t st -p $i # IP for iSCSI host
iscsiadm -m node -p $i -T iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead:$dname –login

So there it is !!! Now go use OpenFiler… LOL -> http://www.openfiler.com/

Advertisements

, , , , , , , , , ,

2 Comments

Solaris 10 in jail


Well I took a stab @ this one last week… although it seems to be lacking in one respect… It is a good start.  If you didn’t already notice, I have decided to start mocking up scripts from the steps I am taking to perform these little diddy’s to complete the automation/repetitive goal of administration.

#!/bin/sh
# Solaris FTP chroot jail
cd /
mkdir /ftpjail
cd /ftpjail
mkdir -p dev etc etc/ftpd etc/default usr/bin usr/sbin usr/lib/security usr/lib/locale usr/lib/security/sparcv9 usr/lib usr/share/lib/zoneinfo upload ftpuser
chmod 100 usr/sbin
chmod 444 dev etc/default usr/share usr/share/lib usr/share/lib/zoneinfo
chmod 555 etc etc/ftpd usr usr/bin usr/lib usr/lib/locale usr/lib/security
chmod 777 upload
ln -s usr/bin bin
cd /ftpjail/dev
mknod conslog c 21 0
mknod null c 13 2
mknod zero c 13 12
mknod tcp c 42 0
mknod ticlts c 105 2
mknod ticotsord c 105 1
mknod udp c 41 0
chmod 666 conslog null tcp ticlts ticotsord udp zero
cd ..
# vi etc/group
# “etc/group” [New file]
touch etc/group
echo “other::1:root” >> etc/group
echo “ftp::30000:” >> etc/group
#
# vi etc/pam.conf
# “etc/pam.conf” [New file]
touch etc/pam
echo “ftp auth required /usr/lib/security/pam_unix.so.1” >> etc/pam.conf
echo “ftp account required /usr/lib/security/pam_unix.so.1” >> etc/pam.conf
echo “ftp session required /usr/lib/security/pam_unix.so.1” >> etc/pam.conf
#
# vi etc/passwd
# “etc/passwd” [New file]
touch etc/passwd
echo “root:x:0:1:::” >> etc/passwd
echo “ftp:x:30000:30000::/upload:/bin/false” >> etc/passwd
echo “ftpuser:x:30000:30000::/ftpuser:/bin/sh” >> etc/passwd
#
# vi etc/shadow
# “etc/shadow” [New file]
touch etc/shadow
echo “root:*LK*:6445::::::” >> etc/shadow
echo “ftp:*LK*:13651::::::” >> etc/shadow
echo “ftpuser:cdHH60rUQrF3Q:13651::::::” >> etc/shadow # passwd = “ftpuser”
#
# vi etc/shells
# “etc/shells” [New file]
touch etc/shells
echo “/bin/sh” >> etc/shells
#
# vi etc/ftpd/ftpaccess
# “etc/ftpd/ftpaccess” [New file]
touch etc/ftpd/ftpaccess
echo “hostname ftpserver” >> etc/ftpd/ftpaccess
echo “defaultserver private” >> etc/ftpd/ftpaccess
echo “class   all   real,guest,anonymous  *” >> etc/ftpd/ftpaccess
echo “# all the following default to “yes” for everybody” >> etc/ftpd/ftpaccess
echo “delete          no      real,guest,anonymous” >> etc/ftpd/ftpaccess
echo “overwrite       no      real,guest,anonymous” >> etc/ftpd/ftpaccess
echo “rename          no      real,guest,anonymous” >> etc/ftpd/ftpaccess
echo “chmod           no      real,guest,anonymous” >> etc/ftpd/ftpaccess
echo “umask           no      real,guest,anonymous” >> etc/ftpd/ftpaccess
echo “# specify the upload directory information” >> etc/ftpd/ftpaccess
echo “upload  /       *       no” >> etc/ftpd/ftpaccess
echo “upload  /       /upload yes” >> etc/ftpd/ftpaccess
echo “greeting terse” >> etc/ftpd/ftpaccess
echo “noretrieve” >> etc/ftpd/ftpaccess
echo “#allow-retrieve /upload/” >> etc/ftpd/ftpaccess
echo “defumask 777” >> etc/ftpd/ftpaccess
#
useradd ftpuser
sed -i ‘s/ftpuser:*LK*:::::::/ftpuser:cdHH60rUQrF3Q:14722::::::/’ /etc/shadow
echo “/usr/sbin/in.ftpd -P 2020 -p 2021 -S -u 022 -W -a -Q” >> usr/bin/runme
#
cd /ftpjail/etc
chmod 444 group pam.conf passwd shadow shells /ftpjail/etc/ftpd/ftpaccess
chmod 100 /ftpjail/usr/bin/runme
#
cp -p /etc/default/init default/init
cp /usr/bin/sh /ftpjail/usr/bin/sh; chmod 111 /ftpjail/usr/bin/sh
cp /usr/sbin/in.ftpd /ftpjail/usr/sbin/in.ftpd; chmod 6100 /ftpjail/usr/sbin/in.ftpd; chown 30000:30000 /ftpjail/usr/sbin/in.ftpd
cp -rp /usr/lib/locale/* /ftpjail/usr/lib/locale
cp -rp /usr/share/lib/zoneinfo/* usr/share/lib/zoneinfo
cd /ftpjail/usr/lib
cp -p /usr/lib/libbsm.so.1 .
cp -p /usr/lib/libc.so.1 .
cp -p /usr/lib/libcmd.so.1 .
cp -p /usr/lib/libdl.so.1 .
cp -p /usr/lib/libgen.so.1 .
cp -p /usr/lib/libmd5.so.1 .
cp -p /usr/lib/libmp.so.2 .
cp -p /usr/lib/libnsl.so.1 .
cp -p /usr/lib/libpam.so.1 .
cp -p /usr/lib/libresolv.so.2 .
cp -p /usr/lib/libsecdb.so.1 .
cp -p /usr/lib/libsocket.so.1 .
cp -p /usr/lib/ld.so.1 .
cp -p /usr/lib/nss_user.so.1 .
cp -p /usr/lib/nss_files.so.1 .
chmod 555 *
cd /ftpjail/usr/lib/security
cp -p /usr/lib/security/crypt_bsdbf.so.1 .
cp -p /usr/lib/security/crypt_bsdmd5.so.1 .
cp -p /usr/lib/security/crypt_sunmd5.so.1 .
cp -p /usr/lib/security/pam* .
cd /ftpjail/usr/lib/security/sparcv9
cp -p /usr/lib/security/sparcv9/* .
# Give out the ‘ls’ command
cp /usr/bin/ls /ftpjail/usr/bin/ls; chmod 111 /ftpjail/usr/bin/ls
# Test commands
# chroot /ftpjail /usr/bin/sh
# If the above is successful, start up the server:
chroot /ftpjail /usr/bin/sh -c runme
# Check to see if the server has started:
ps -ef|grep ftpd
#
# ftp 192.168.11.34 2021
# login ftpuser/ftpuser
# EOF

So that’s basically it…

, , , , , , ,

Leave a comment

AIX ‘stats-grabber’


I thought this was a pretty cool little ditty, if you administer AIX that is…

#!/usr/bin/ksh
# Bruce Spencer, IBM
# 2/4/99
# Modified 1/20/2000 to add serial number and “uname -M”
# This program identifies the Model, serial number (PCI only), memory, CPU’
# and disk on a RS/6000

# Hardware Codes for MCA based systems
CODE=`uname -m | cut -c9,10 `
case $CODE in
02) MODEL=”7015-930″;;
10) MODEL=”7016-730, 7013-530, 7016-730″;;
14) MODEL=”7013-540″;;
18) MODEL=”7013-53H”;;
1C) MODEL=”7013-550″;;
20) MODEL=”7015-930″;;
2E) MODEL=”7015-950″;;
30) MODEL=”7013-520, 7018-740/741″;;
31) MODEL=”7012-320″;;
34) MODEL=”7013-52H”;;
35) MODEL=”7012-32H”;;
37) MODEL=”7012-340″;;
38) MODEL=”7012-350″;;
41) MODEL=”7011-220″;;
42) MODEL=”7006-41T/41W”;;
43) MODEL=”7008-M20″;;
46) MODEL=”7011-250″;;
47) MODEL=”7011-230″;;
48) MODEL=”7009-C10″;;
57) MODEL=”7012-390, 7030-3BT”;;
58) MODEL=”7012-380, 7030-3AT”;;
59) MODEL=”7012-39H, 7030-3CT”;;
5C) MODEL=”7013-560″;;
63) MODEL=”7015-970/97B”;;
64) MODEL=”7015-980/98B”;;
66) MODEL=”7013-580/58F”;;
67) MODEL=”7013-570/770/771/R10″;;
70) MODEL=”7013-590″;;
71) MODEL=”7013-58H”;;
72) MODEL=”7013-59H/R12″;;
75) MODEL=”7012-370/375/37T”;;
76) MODEL=”7012-360/365/36T”;;
77) MODEL=”7012-355/55H/55L”;;
79) MODEL=”7013-590″;;
80) MODEL=”7015-990″;;
82) MODEL=”7015-R24″;;
89) MODEL=”7013-595″;;
90) MODEL=”7009-C20″;;
91) MODEL=”7006-42x”;;
94) MODEL=”7012-397″;;
A0) MODEL=”7013-J30″;;
A1) MODEL=”7013-J40″;;
A3) MODEL=”7015-R30″;;
A4) MODEL=”7015-R40″;;
A6) MODEL=”7012-G30″;;
A7) MODEL=”7012-G40″;;
C0) MODEL=”7024-E20″;;
C4) MODEL=”7025-F40″;;
4C) MODEL=`uname -M`;;  # PCI systems
*) MODEL=”Unknown”;;
esac
# echo “Hostname         = ” $(hostname)
echo “Host/IP Address  = ” $(host $(hostname) )
echo “RS/6000 Model    = ” $MODEL

SN=$(lsattr -El sys0 -a systemid 2>/dev/null)
if [ $? -eq 0 ]
then
echo “Serial Number    = ” `echo $SN | awk ‘ { print $2 }’`
fi

echo “Number of CPU’s  = ” $(lscfg |grep -c “^+ proc”)
echo “Memory (KB)      = ” $(lsattr -El sys0 | awk ‘/realmem/ {print $2 }’)
echo “AIX Level        = ” $(oslevel)
echo “Number of hdisks = ” $(lspv |wc -l)
echo “Volume Groups”
# list volume groups disk avail/used

for i in $(lsvg)
do
lsvg $i
done | awk ‘
BEGIN      { printf(“%10s\t%10s\t%10s\t%10s\t%10s\n”,”VG”,”Total(MB)”,”Free”,”USED”,”Disks”) }
/VOLUME GROUP:/ { printf(“%10s\t”, $3)  }
/TOTAL PP/ {     B=index($0,”(“) + 1
E=index($0,” megaby”)
D=E-B
printf(“%10s\t”, substr($0,B,D) )
}
/FREE PP/  {     B=index($0,”(“) + 1
E=index($0,” megaby”)
D=E-B
printf(“%10s\t”, substr($0,B,D) )
}
/USED PP/  {     B=index($0,”(“)  + 1
E=index($0,” megaby”)
D=E-B
printf(“%10s\t”, substr($0,B,D) )
}
/ACTIVE PV/ { printf(“%10s\t\n”, $3)  } ‘

, , , , , , , , ,

Leave a comment

Simple IPTABLES


Here is a simple iptables file for a basic firewall.  It should be a good template to build from if you are new to the ‘tables.’ LOL 🙂

*nat
:PREROUTING ACCEPT [54:3344]
:POSTROUTING ACCEPT [2:58]
:OUTPUT ACCEPT [2:58]
COMMIT
# Completed on Wed Nov 25 14:49:49 2009
# Generated by iptables-save v1.3.5 on Wed Nov 25 14:49:49 2009
*mangle
:PREROUTING ACCEPT [431:33056]
:INPUT ACCEPT [395:31128]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [203:24606]
:POSTROUTING ACCEPT [203:24606]
COMMIT
# Completed on Wed Nov 25 14:49:49 2009
# Generated by iptables-save v1.3.5 on Wed Nov 25 14:49:49 2009
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:ICMP – [0:0]
:INTER – [0:0]
:IP – [0:0]
:RULE_86 – [0:0]
:RULE_87 – [0:0]
:drop-lan – [0:0]
-A INPUT -m state –state INVALID -j DROP
-A INPUT -p tcp -m tcp –tcp-flags SYN,ACK SYN,ACK -m state –state NEW -j REJECT –reject-with tcp-reset
-A INPUT -p tcp -m tcp ! –tcp-flags FIN,SYN,RST,ACK SYN -m state –state NEW -j DROP
-A INPUT -s 127.0.0.0/255.0.0.0 -i eth0 -j DROP
-A INPUT -s 169.254.0.0/255.255.0.0 -i eth0 -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -i pptp+ -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A INPUT -j ICMP
-A INPUT -j INTER
-A INPUT -j IP
-A INPUT -j RULE_86
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o pptp+ -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A OUTPUT -o eth0 -p icmp -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp –sport 67:68 –dport 67:68 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp –sport 67:68 –dport 67:68 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp –sport 137 –dport 137 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp –sport 138 –dport 138 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp –dport 1434 -j ACCEPT
-A OUTPUT -s 192.168.11.28 -o eth0 -p tcp -m tcp -m multiport –sports 22,81,80,88,443,1875 -j ACCEPT
-A OUTPUT -s 192.168.11.29 -o eth0 -p tcp -m tcp -m multiport –sports 22,81,80,88,443,1875 -j ACCEPT
-A OUTPUT -s 192.168.11.32 -o eth0 -p tcp -m tcp -m multiport –sports 22,81,80,88,443,1875 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -j RULE_87
# ICMP Rule Definitions
-A ICMP -i eth0 -p icmp -m icmp –icmp-type 0 -j ACCEPT
-A ICMP -i eth0 -p icmp -m icmp –icmp-type 3 -j ACCEPT
-A ICMP -i eth0 -p icmp -m icmp –icmp-type 8 -j ACCEPT
-A ICMP -i eth0 -p icmp -m icmp –icmp-type 11 -j ACCEPT
# Interface Specific Definitions
-A INTER -i eth0 -p udp -m udp –sport 67:68 –dport 67:68 -j ACCEPT
-A INTER -i eth0 -p tcp -m tcp –sport 67:68 –dport 67:68 -j ACCEPT
-A INTER -i eth0 -p udp -m udp –sport 137 –dport 137 -j ACCEPT
-A INTER -i eth0 -p udp -m udp –sport 138 –dport 138 -j ACCEPT
-A INTER -i eth0 -p udp -m udp –dport 1434 -j ACCEPT
-A INTER -i eth0 -p udp -m udp –dport 1024:65535 -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INTER -i eth0 -p tcp -m tcp –dport 1024:65535 -m state –state RELATED,ESTABLISHED -j ACCEPT
# IP Specific Definitions
-A IP -d 192.168.11.28 -p tcp -m tcp -m multiport –dports 22,81,80,88,443,1875 -j ACCEPT
-A IP -d 192.168.11.29 -p tcp -m tcp -m multiport –dports 22,81,80,88,443,1875 -j ACCEPT
-A IP -d 192.168.11.32 -p tcp -m tcp -m multiport –dports 22,81,80,88,443,1875 -j ACCEPT
# Logging Definitions
-A RULE_86 -p tcp -m tcp –tcp-flags RST RST -j DROP
-A RULE_86 -p tcp -m tcp –tcp-flags FIN FIN -j DROP
-A RULE_86 -j LOG –log-prefix “INPUT_DROP_” –log-level 6
-A RULE_86 -j DROP
-A RULE_86 -j DROP
-A RULE_87 -p tcp -m tcp –tcp-flags RST RST -j DROP
-A RULE_87 -p tcp -m tcp –tcp-flags FIN FIN -j DROP
-A RULE_87 -j LOG –log-prefix “OUTPUT_DROP_” –log-level 6
-A RULE_87 -j DROP
-A drop-lan -j DROP
COMMIT
# Completed on Wed Nov 25 14:49:49 2009

, , , , , , , ,

Leave a comment

NAGIOS install script?


Hmmm… I came across this on my scratch pad… Not sure if I ever used this or not, I def wrote it because of the lame comments all over the place although I really don’t remember doing so…  I have been using NAGIOS XI as a pre-built vm lately so I may have used this for my initial final build as I recall building this thing many many times. LOL. I would give this a try on a test box first… LOL

Upon inspection.. ya this won’t really work as it requires the NAGIOS packages to be on the system first… oh wait no… wrong again… this is on a Debian system… it should work… LOL maybe I will test this myself now that I am actually looking at it… Strange that it is on Debian though… I mainly use centOS.  This must have been my MINT phase, I think 7.0.

nagios-server nagios_ALL_deps # cat Nagios_install.bash
#!/bin/bash
# This is the complete list of all dependencies for Nagios
# This must be run to get a basic Nagios install up and running
#
# Initial Message about user interaction requirement
#
echo “********* WARNING *** WARNING *** WARNING *********”
sleep 1
echo “********* WARNING *** WARNING *** WARNING *********”
sleep 1
echo “********* WARNING *** WARNING *** WARNING *********”
sleep 1
echo “This is an interactive script… You need to watch ”
echo “what is happeneing and make the appropriate entries…”
sleep 5
echo “OK then… here we go…”
sleep 3
#
# Basic account/group configuration
#
/usr/sbin/useradd -m -s /bin/bash -p ‘$6$S9e9UYYH$fCW5Jbqm7IX07IgzD4DiMsC3Py2JgDBu3jJ5nM5ppGac.W.ly6lgQEzFVbHS3ecpJvvSpACS65pvr8p9un7Hi.’ nagios
/usr/sbin/groupadd nagios
/usr/sbin/usermod -G nagios nagios
/usr/sbin/groupadd nagcmd
/usr/sbin/usermod -G nagcmd nagios
/usr/sbin/usermod -G nagcmd www-data
#
# Tell the user the nagios users password
#
echo “The password for the nagios user is: nagios ”
sleep 3
echo “Moving along…”
sleep 3
#
# Make a dir for installation
#
mkdir -p /opt/nagios_ALL_deps/Nagios_downloads
#
# Change to the new install dir
#
cd /opt/nagios_ALL_deps/Nagios_downloads
#
# Grab all deps
# Some of these, namely postfix & mailx, will require user input during install
#
aptitude install gcc libcgi-perl librrds-perl libgd2-dev libgd2-xpm-dev snmp snmpd nmap libgd-gd2-perl libnet-snmp-perl mysql-server postfix mailx php5 apache2 libapache2-mod-php5 libapache2-mod-perl2 build-essential
#
# nagios3 is the aptitude package
#
# Grab the plugins
# the nagios3 called above includes all plugins
#
wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.2.0.tar.gz
wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.11.tar.gz
#
#
tar xzf nagios-3.2.0.tar.gz
cd nagios-3.2.0
./configure –with-command-group=nagcmd
make all
make install
make install-init
make install-config
make install-commandmode
#
# Interaction required here
#
echo “We are opening the /usr/local/nagios/etc/objects/contacts.cfg file for editing ”
sleep 1
echo “Change the email address associated with the nagiosadmin contact definition to the ”
echo “address you’d like to use for receiving alerts. The host name is a good choice here”
sleep 2
#
# change the email address associated with the nagiosadmin contact definition to the address you’d like to use for receiving alerts.
#
vi /usr/local/nagios/etc/objects/contacts.cfg
make install-webconf
htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
/etc/init.d/apache2 reload
#
#Compile and install the plugins.
#
cd /opt/nagios_ALL_deps/Nagios_downloads
tar xzvf nagios-plugins-1.4.11.tar.gz
cd nagios-plugins-1.4.11
./configure –with-nagios-user=nagios –with-nagios-group=nagios
make
make install
#
# Start Nagios
# Configure Nagios to automatically start when the system boots.
#
ln -s /etc/init.d/nagios /etc/rcS.d/S99nagios
#
# Verify the sample Nagios configuration files.
#
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
#
# If there are no errors, start Nagios.
#
/etc/init.d/nagios start

echo “We are opening the /usr/local/nagios/etc/objects/commands.cfg file for editing ”
sleep 1
echo “change any ‘/bin/mail’ references to ‘/usr/bin/mail’ ”
echo “and then we will re-start Nagios and be finished !!”
sleep 2
#
# Configure mail: change any ‘/bin/mail’ references to ‘/usr/bin/mail’
#
vi /usr/local/nagios/etc/objects/commands.cfg
/etc/init.d/nagios restart
#
# Chkconfig nagios
#
chkconfig –add nagios
chkconfig nagios on
#
# Closing message
echo “This concludes the installation of Nagios ”
echo “Now navigate to http://localhost/nagios or”
echo “use the hosts IP address from a remote location”
# END SCRIPT

, , , , , , , , , ,

Leave a comment

WordPress 1 2 3 (… 4 5 6?)


I thought I would add a quick How-To on installing WordPress where it is not already present… Redundant? Well that’s OK… It can be a lot of fun to mess around with WordPress (designing), especially if you don’t know PHP (like me).   So this tutorial… if you can even call it that… will get you started on basically any linux server, however I am partial to centOS (currently centOS5.4) so these steps are tested and certified to work on only CentOS release 5.4 (Final).  Shouldn’t take more than 10 minutes to do this so that is not so bad right?  Oh and my base install is basically CD1 (.iso1) of the centOS release with no options selected… so this is a totally bare bones OS, no GUI no nuttin’.  That being said, I have really lost track of what I have on the system (which is silly because that was the purpose of doing this as a ‘bare-bones’ build… I guess that’s what you get when you don’t have a specific purpose in mind BEFORE you build a system) that was a pre-req for WordPress so I will just spew out an RPM listing for you… although the install will certainly complain if you don’t have anything beyond what I am listing in the body of the guide.  Maybe I will put that list @ the bottom of the post… Hmmm.. why can’t I add scroll bars here??? Odd, well anyway…

Here we go…

wordpress setup:

# Create a local non-root user (if not already present)
# Check defaults first:
[root@centOS54 wordpress]# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
# now add the user:
useradd -c ‘Garot Conklin’ gmc <– Hey, that’s me 🙂 This can obviously be anything you want
passwd gmc
# Navigate to /var/www/html/
# create dir /wordpress
mkdir wordpress
Install required packages:
yum install httpd php mysql mysql-server php-mysql perl-Net-SSLeay <– Oops forgot one… perl-Net-SSLeay
# start and test apache2
start mysql:

service mysqld start

I know basically nothing about database installations so just follow these directions and you will be fine as well, what I mean is that WordPress will function, LOL.  That being said, this config certainly works, but may not be correct or the ‘optimal’ configuration.

# configure mysql:
mysqladmin -u root password ‘XXXXXX’ <– ya this may not be very secure… and may defeat the purpose of setting up the non-root user… LOL (maybe that’s not funny?)

This next command gets you into the database admin role: (That may not have been entirely clear)
[root@centOS54 wordpress]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.0.77 Source distribution

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> insert into
-> host(host,db,Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv)
-> values(‘linuxbox’, ‘%’,’Y’,’Y’,’Y’,’Y’,’Y’,’Y’);
Query OK, 1 row affected (0.00 sec)

mysql> insert into
-> user (host, user, password)
-> values(‘localhost’, ‘gmc’, password(‘XXXXXXXX’));
Query OK, 1 row affected, 3 warnings (0.00 sec)

mysql> quit
Bye
# Create the database and name it ‘wordpress’
[root@centOS54 wordpress]# mysqladmin -u root -p create wordpress <– You can name the database whatever you want here
Enter password:
[root@centOS54 wordpress]# mysqladmin -u root -p reload
Enter password:

# Fetch wordpress
wget http://wordpress.org/latest.tar.gz
extract it into /var/www/html/wordpress
# Edit wp-config-sample.php:
vi wp-config-sample.php

// ** MySQL settings – You can get this info from your web host ** //
/** The name of the database for WordPress */
define(‘DB_NAME’, ‘wordpress’);

/** MySQL database username */
define(‘DB_USER’, ‘root’);

/** MySQL database password */
define(‘DB_PASSWORD’, ‘XXXXXXXX’); <– replace all the XXXXXXX’s with the real password (in case that was not obvious?)

/** MySQL hostname */
define(‘DB_HOST’, ‘localhost’);

Re-name it:
cp wp-config-sample.php wp-config.php

# Reload/re-start daemons <– I don’t recall if these last 2 reloads were even necessary… doesn’t hurt though
mysqladmin -u root -p reload
service httpd restart

Done !

Navigate to http://<IP/hostname>/wordpress/wp-admin and off you go WordPress-ing !! 🙂

Oops.. almost forgot the RPM listing — Nope it is just too big of a list without the scroll bars… that are oddly stripped out of my code when I ‘update’ the page??? Maybe that is restriction of the free hosted blog? Anyway, it is not really necessary… you will know what you need outside of anything listed here… Hope this helped at least someone… LOL 🙂

, , , , , , , , ,

Leave a comment