Home Archives for 2016

Minggu, 25 Desember 2016

Sabtu, 15 Oktober 2016

Install Check MK Agent in solaris

    1 komentar


Downloaad check_mk_agent.solaris from your monitoring server

Copy and rename this file to /usr/bin/check_mk_agent

Edit permission (chmod) the check_mk_agent file

Testing the server by typing check_mk_agent

Edit by typing => vi /etc/services
and add following text

check_mk        6556/tcp    # check mk agent

Now for Solaris we need to edit by typing => vi /etc/inet/inetd.conf
and add following text

check_mk      stream       tcp      nowait     root    /usr/sbin/tcpd     /usr/bin/check_mk_agent

Enter these commands at the shell, it should not receive any errors.

# inetconv
# inetconv -e

Testing the server by typing telnet localhost 6556

Fast way to install check mk agent in centos 6

    Tidak ada komentar
1. Upload file xinetd.rpm, check_mk_agent.rpm and telnet.rpm to Server


2. chmod the file xinetd.rpm, check_mk_agent.rpm by typing chmod 700 filename.rpm
3. install file xinetd.rpm by typing rpm -ivh xinetd.rpm
4. install file check_mk_agent.rpm by typing rpm -ivh check_mk_agent.rpm
5. install file telnet.rpm by typing rpm -ivh telnet.rpm


6. Restart the xinetd service by typing service xinetd restart
7. Testing the agent by typing check_mk_agent
8. look at the result if success
9. Testing by typing telnet localhost 6556
10. look at the result if success


11. check status firewall by typing service iptables status
12. if iptables is running
13. Open port 6556 in centos firewall by typing vi /etc/iptables and enter this word iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT

Sabtu, 01 Oktober 2016

Install SNMP and SNMP Utilities

    Tidak ada komentar

Install SNMP and SNMP Utilities

Installing SNMP and some optional SNMP utilities is as simple as running one command:
yum -y install net-snmp net-snmp-utils


Add a Basic Configuration for SNMP

Now, let’s take the default SNMP configuration file, /etc/snmp/snmpd.conf and move it to an alternate location, /etc/snmp/snmpd.conf.orig.
cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig
And now we’ll create a new /etc/snmp/snmpd.conf:
vi /etc/snmp/snmpd.conf

##### First, map the community name "public" into a "security name"#       sec.name  source          community#com2sec notConfigUser  default      publiccom2sec notConfigUser  192.168.74.0/24      publiccom2sec notConfigUser  192.168.74.0/24      w4ch1dc0nf1gCOmmunity##### Second, map the security name into a group name:#       groupName      securityModel securityNamegroup   notConfigGroup v1           notConfigUsergroup   notConfigGroup v2c           notConfigUser
##### Third, create a view for us to let the group have rights to:
# Make at least  snmpwalk -v 1 localhost -c public system fast again.#       name           incl/excl     subtree         mask(optional)view    systemview    included   .1.3.6.1.2.1.1view    systemview    included   .1.3.6.1.2.1.25.1.1##### Finally, grant the group read-only access to the systemview view.#       group          context sec.model sec.level prefix read   write  notifaccess  notConfigGroup ""      any       noauth    exact  systemview none none# -----------------------------------------------------------------------------


the end

Jumat, 30 September 2016

Rabu, 28 September 2016

How to login ssh keyless

    Tidak ada komentar

Step One—Create the RSA Key Pair

The first step is to create the key pair on the client machine (there is a good chance that this will just be your computer):
ssh-keygen -t rsa

Step Two—Store the Keys and Passphrase

Once you have entered the Gen Key command, you will get a few more questions:
Enter file in which to save the key (/home/demo/.ssh/id_rsa):
You can press enter here, saving the file to the user home (in this case, my example user is called demo).
Enter passphrase (empty for no passphrase):
It's up to you whether you want to use a passphrase. Entering a passphrase does have its benefits: the security of a key, no matter how encrypted, still depends on the fact that it is not visible to anyone else. Should a passphrase-protected private key fall into an unauthorized users possession, they will be unable to log in to its associated accounts until they figure out the passphrase, buying the hacked user some extra time. The only downside, of course, to having a passphrase, is then having to type it in each time you use the Key Pair.
The entire key generation process looks like this:
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/demo/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/demo/.ssh/id_rsa.
Your public key has been saved in /home/demo/.ssh/id_rsa.pub.
The key fingerprint is:
4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 demo@a
The key's randomart image is:
+--[ RSA 2048]----+
|          .oo.   |
|         .  o.E  |
|        + .  o   |
|     . = = .     |
|      = S = .    |
|     o + = +     |
|      . o + o .  |
|           . o   |
|                 |
+-----------------+
The public key is now located in /home/demo/.ssh/id_rsa.pub The private key (identification) is now located in /home/demo/.ssh/id_rsa

Step Three—Copy the Public Key

Once the key pair is generated, it's time to place the public key on the virtual server that we want to use.
You can copy the public key into the new machine's authorized_keys file with the ssh-copy-id command. Make sure to replace the example username and IP address below.
ssh-copy-id [email protected]
Alternatively, you can paste in the keys using SSH:
cat ~/.ssh/id_rsa.pub | ssh [email protected] "mkdir -p ~/.ssh && cat >>  ~/.ssh/authorized_keys"
No matter which command you chose, you should see something like:
The authenticity of host '12.34.56.78 (12.34.56.78)' can't be established.
RSA key fingerprint is b1:2d:33:67:ce:35:4d:5f:f3:a8:cd:c0:c4:48:86:12.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '12.34.56.78' (RSA) to the list of known hosts.
[email protected]'s password: 
Now try logging into the machine, with "ssh '[email protected]'", and check in:

  ~/.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
Now you can go ahead and log into [email protected] and you will not be prompted for a password. However, if you set a passphrase, you will be asked to enter the passphrase at that time (and whenever else you log in in the future).

Optional Step Four—Disable the Password for Root Login

Once you have copied your SSH keys unto your server and ensured that you can log in with the SSH keys alone, you can go ahead and restrict the root login to only be permitted via SSH keys.
In order to do this, open up the SSH config file:
sudo nano /etc/ssh/sshd_config
Within that file, find the line that includes PermitRootLogin and modify it to ensure that users can only connect with their SSH key:
PermitRootLogin without-password
Put the changes into effect:
reload ssh

Senin, 26 September 2016

SymmetricDs Community Installation

    Tidak ada komentar

The important thing in symmetricDs are :



the source table :
sym_router, sym_trigger and sym_trigger_router                      

sym_router = the replication set from where to where
sym_trigger = define database that be synchronize
sym_trigger_router  = define the database in sym_trigger to use what method that declare in sym_router    

the rule for push or pull in : sym_node and sym_node_group_link

Don't forget to look at Sync.url and registration.url in properties file

for look at other replication datas that replicated can be found at sym_data

if the server was a push server, look at : sym_outgoing_batch                      

if the server was a pull server, look at : sym_incoming_batch and sym_incoming_batch_error                      
and the last are transaction not config


A node is represented by four tables:

NODE
Contains basic node information

NODE_IDENTITY
Contains a single row that identifies the current node

NODE_SECURITY
Contains a password need to authenticate with another node

NODE_HOST
Contains informational data about the node. Updated by SymmetricDS.

Service in SymmetricDs

to install symmetricDs service :

bin/sym_service install

to uninstall symmetricDs service :

bin/sym_service uninstall

to start symmetricDs service :

bin/sym_service start

to stop symmetricDs service :

bin/sym_service stop

to check status symmetricDs service :

bin/sym_service status

Reset Mysql Password

    Tidak ada komentar

Stop the MySQL service

(Ubuntu and Debian) Run the following command:
sudo /etc/init.d/mysql stop
(CentOS, Fedora, and Red Hat Enterprise Linux) Run the following command:
sudo /etc/init.d/mysqld stop

Start MySQL without a password

Run the following command. The ampersand (&) at the end of the command is required.
sudo mysqld_safe --skip-grant-tables &

Connect to MySQL

Run the following command:
mysql -uroot

Set a new MySQL root password

Run the following command:
use mysql;

update user set password=PASSWORD("mynewpassword") where User='root';

flush privileges;

quit

Stop and start the MySQL service

(Ubuntu and Debian) Run the following commands:
sudo /etc/init.d/mysql stop
...
sudo /etc/init.d/mysql start
(CentOS, Fedora, and Red Hat Enterprise Linux) Run the following commands:
sudo /etc/init.d/mysqld stop
...
sudo /etc/init.d/mysqld start

Log in to the database

Test the new password by logging in to the database.
mysql -u root -p
You are prompted for your new password.

Minggu, 25 September 2016

IPTables Centos

    Tidak ada komentar

Iptables rules

There are 2 ways to configure iptables to open up port 80. First is using the iptables command and second is by creating a configuration file. First check the existing iptables rules in effect. The command is quite simple. Here is a sample output.
[root@dhcppc2 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@dhcppc2 ~]#
As can be seen in the output, there is a REJECT line in the INPUT chain at the end that says, reject all. However the previous line allows to accept ssh connections so ssh is working. A little more verbose and numeric list can be seen using the v and n options along with the L option
[root@dhcppc2 ~]# iptables --line -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1      273 22516 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
4        1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
5      271 36456 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 172 packets, 24494 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
[root@dhcppc2 ~]#

Open port 80

To accept http connections we need to add a rule at line number 5 and push the REJECT line below. Here is the command to do it.
# iptables -I INPUT 5 -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
The above command will add a rule at line #5 stating that the firewall should accept incoming connections on port 80. Check the iptables rules again.
[root@dhcppc2 ~]# iptables --line -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1      291 23868 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
4        1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
5        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 state NEW,ESTABLISHED 
6      286 38524 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 4 packets, 608 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
[root@dhcppc2 ~]#
Now we have the new tcp port 80 rule at line #5 and so now the http port is accessible from outer network.
However this change is temporary and would vanish if the server is rebooted. To make it permanent issue the iptables save command.
[root@dhcppc2 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
The new rules are saved to the file /etc/sysconfig/iptables. Here is how the file looks
# Generated by iptables-save v1.4.7 on Fri Oct 25 10:33:46 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [39:6956]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Oct 25 10:33:46 2013
Now the change is permanent.
Alternatively you could directly edit the iptables configuration file and restart iptables and the same change would take effect.
[root@dhcppc2 ~]# service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]
[root@dhcppc2 ~]#

Install and Configure PhpMyAdmin Centos

    Tidak ada komentar
phpMyAdmin is an open source tool used for the administration of MySQL. In addition to offering the capability to perform administration tasks such as creating, editing, or deleting databases, and managing users and permissions, phpMyAdmin provides a graphical user interface to do all of these tasks and more.
Pre-Flight Check
  • These instructions are intended specifically for installing phpMyAdmin on CentOS 6.
  • I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.
  • A LAMP, Linux, Apache, MySQL and PHP, must be installed on your server. If you’re working from a Liquid Web Core Managed CentOS 6.5 server as I am, then the LAMP stack is already installed!
Step 1: Add the EPEL Repository
phpMyAdmin is part of Extra Packages for Enterprise Linux (EPEL), which is a community repository of non-standard packages for the RHEL distribution. First, we’ll install the EPEL repository:
rpm -iUvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Step 2: Install phpMyAdmin
First, you’ll follow a simple best practice: ensuring the list of available packages is up to date before installing anything new.
yum -y update
Then it’s a matter of just running one command for installation via apt-get:
yum -y install phpmyadmin
Step 3: Find Your IP Address
Find your IP address with any of the following sites:
Step 4: Basic Configuration for phpMyAdmin
To secure phpMyAdmin we should lock down access to a specific IP address. When the phpMyAdmin package is installed, an Apache Virtual Host file is added to configure web access. Let’s edit that file:
vim /etc/httpd/conf.d/phpMyAdmin.conf
For a refresher on editing files with vim see: New User Tutorial: Overview of the Vim Text Editor
By default, the configuration for phpMyAdmin only allows access from the server on which it is installed. Find the following sections and change each IP address to the one you found in Step 3, or another IP address that will be connecting to phpMyAdmin remotely:
Require ip 127.0.0.1
Allow from 127.0.0.1
Require ip 127.0.0.1
Allow from 127.0.0.1
Then exit and save the file with the command :wq .
Restart Apache:
service httpd restart
Verify that phpMyAdmin is working by visiting http://the_IP_of_your_server/phpmyadmin. For example: http://127.0.0.1/phpmyadmin

Disable SE-Linux Centos

    Tidak ada komentar
  1. Configure SELINUX=disabled in the /etc/selinux/config file:
    # This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#       targeted - Targeted processes are protected,
#       mls - Multi Level Security protection.
SELINUXTYPE=targeted
  2. Reboot your system. After reboot, confirm that the getenforce command returns Disabled:
    ~]~ getenforce
Disabled

Install Uninstall MySQL Packages

    Tidak ada komentar
Step 1: Uninstall MySQL Packages
First uninstall all the MySQL packages installed on your server
 # yum remove mysql mysql-server
Step 2: Romove MySQL Directory
Now we need to remove MySQL data directory from system which by default exists at/var/lib/mysql. If you didn’t find this, It may be changed to some other place, which you can find in my.cnf file with variable datadir. Delete the /var/lib/mysql directory from system but we prefer to rename it to keep a backup of existing files.
 # mv /var/lib/mysql /var/lib/mysql_old_backup
Step 3: Install MySQL Packages Again
After removing MySQL completely, install it again using yum package manager, It will re create mysql directory under /var/lib/.
# yum install mysql mysql-server
After completing above three steps, now you have a fresh MySQL install on your system with new settings.




Jumat, 23 September 2016

Download and install Oracle Java Centos 6.8

    Tidak ada komentar

Downloading Latest Java Archive

Java latest archive is available on its official site. We recommend to download latest version of Java from Oracle official website. After completing download also extract archive with given commands.

For 64 Bit:-

# cd /opt/
# wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/7u79-b15/jdk-7u79-linux-x64.tar.gz"

# tar xzf jdk-7u79-linux-x64.tar.gz

For 32 Bit:-

# cd /opt/
# wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/7u79-b15/jdk-7u79-linux-i586.tar.gz"

# tar xzf jdk-7u79-linux-i586.tar.gz
Note: If Above wget command doesn’t not work for you watch this example video to download java source archive using terminal.
Use archive file as per your system configuration. For this example we are using CentOS 7.0 (64 bit) system.
Install Java with Alternatives
After extracting Java archive file, we just need to set up to use newer version of Java using alternatives. Use the following commands to do it.
# cd /opt/jdk1.7.0_79/
# alternatives --install /usr/bin/java java /opt/jdk1.7.0_79/bin/java 2
# alternatives --config java

There are 3 programs which provide 'java'.

  Selection    Command
-----------------------------------------------
*  1           /opt/jdk1.7.0_60/bin/java
 + 2           /opt/jdk1.7.0_72/bin/java
   3           /opt/jdk1.7.0_79/bin/java

Enter to keep the current selection[+], or type selection number: 3 [Press Enter]
Now you may also required to set up javac and jar commands path using alternatives command.
# alternatives --install /usr/bin/jar jar /opt/jdk1.7.0_79/bin/jar 2
# alternatives --install /usr/bin/javac javac /opt/jdk1.7.0_79/bin/javac 2
# alternatives --set jar /opt/jdk1.7.0_79/bin/jar
# alternatives --set javac /opt/jdk1.7.0_79/bin/javac
Check Installed Java Version
Use following command to check which version of Java is currently being used by system.
# java -version

java version "1.7.0_79"
Java(TM) SE Runtime Environment (build 1.7.0_79-b15)
Java HotSpot(TM) 64-Bit Server VM (build 24.79-b02, mixed mode)
Configuring Environment Variables
Most of Java based application’s uses environment variables to work. Use following commands to set up these variable properly. It’s also good to add following commands to any start-up script like ~/.bashrc or ~/.bash_profile.
  • Setup JAVA_HOME Variable
    • # export JAVA_HOME=/opt/jdk1.7.0_79
  • Setup JRE_HOME Variable
    • # export JRE_HOME=/opt/jdk1.7.0_79/jre
  • Setup PATH Variable
    • # export PATH=$PATH:/opt/jdk1.7.0_79/bin:/opt/jdk1.7.0_79/jre/bin



Langganan: Postingan ( Atom )