• About

blog.alam.rocks

blog.alam.rocks

Tag Archives: centos

RANCID/WebSVN CentOS Howto

20 Wednesday Nov 2013

Posted by Fakrul Alam in My Work

≈ Leave a comment

Tags

centos, network management, RANCID, websvn

Note:
1. Commands preceded with “$” imply that you should execute the command as a general user – not as root.
2. Commands preceded with “#” imply that you should be working as the root user.

Install Rancid

# yum install rancid

Configuration

1. Edit /etc/rancid/rancid.conf

# vi /etc/rancid/rancid.conf

2. Find this line in rancid.conf:

#LIST_OF_GROUPS=”sl joebobisp”

And, underneath it add the following line:

LIST_OF_GROUPS=”bdnog”

We want to use Subversion for our Version Control System, and not CVS, so find the line with the parameter RCSSYS:

RCSSYS=cvs; export RCSSYS

And, change it to:

RCSSYS=svn; export RCSSYS

and the line with CVSROOT:

CVSROOT=$BASEDIR/CVS; export CVSROOT

And, change it to:

CVSROOT=$BASEDIR/svn; export CVSROOT

Note the lowercase “svn”. Now exit and save the file.

3. Change to the rancid user:

# su -s /bin/bash rancid

Check that you ARE the rancid user:

$ id

4. Create /var/rancid/.cloginrc

$ vi /var/rancid/.cloginrc
add user *.bdnog.org ssh_username
add password *.bdnog.org ssh_user_pass enable_pass
add method *.bdnog.org ssh

Note: You can also add IP address if you like to backup specific router/switch

add password 10.156.1.1 {user_password} {enable_password}

$ chown rancid:rancid /var/rancid/.cloginrc
$ chmod 600 /var/rancid/.cloginrc

5. Test login to the router of your group:

$ /usr/libexec/rancid/clogin rtrX.bdnog.org

[After successful execution, you will be login to router enable mode]

6. Initialize the SVN repository for rancid:

$ /usr/libexec/rancid/rancid-cvs

7. Create the router.db file:

$ vi /var/rancid/bdnog/router.db

Add this line. Replace X with your group no.

rtrX.bdnog.org:cisco:up

8. Run rancid!

$ /usr/libexec/rancid/rancid-run

9. Look at the configs. The backed up configs will be saved in /var/rancid/<GROUP_NAME>/configs. In our cases group name is “bdnog”:

$ cd /var/rancid/bdnog/configs
$ less rtrX.bdnog.org

10. Check the rancid log files:

$ cd /var/log/rancid
$ ls -ll

Email Alert Configuration

1. Edit /etc/rancid/rancid.conf

Add this to the /etc/aliases file: (group names have to be named rancid-admin-<group listed in rancid.conf file) and rancid-<group listed in rancid.conf file>)

# Groups for rancid
rancid-admin-all: noc@bdnog.org
rancid-all: noc@bdnog.org

Save the file and run

#newaliases

CRON Schedule

1. For automated backup, you can setup CRON schedule. Please note that cron need to configured under user RANCID.

# su -s /bin/bash rancid
# crontab -e
# m h dom mon dow command
0 0 * * * /usr/libexec/rancid/rancid-run g

Install WEBSVN

# yum install websvn

Configuration

1. Fix permissions. The web server must be able to read the SVN (Subversion) folder

# chgrp -R apache /var/rancid/svn
# chmod g+w -R /var/rancid/svn

2. Change ownership of web files:

# chown apache:apache /usr/share/websvn

3. Add the following virtual host entry to your apache configuration file /etc/httpd/conf.d/websvn.conf:

Alias /websvn /usr/share/websvn
<Directory /usr/share/websvn/>
DirectoryIndex index.php
Options FollowSymLinks
Options FollowSymLinks MultiViews
Order allow,deny
Allow from all
<IfModule mod_php4.c>
php_flag magic_quotes_gpc Off
php_flag track_vars On
</IfModule>
</Directory>

5. Reload apache and try to browse the websvn: http://<ip_address>/websvn.

Check you can access the WebSVN.

6. Now we add RANCID repository sites. Edit websvn configuration file.

# vi /usr/share/websvn/include/config.php

// Local repositories (without and with optional group):
//
$config->addRepository(‘BDNOG’, ‘file:///var/rancid/svn/’);

Observium CentOS Howto

18 Monday Nov 2013

Posted by Fakrul Alam in My Work

≈ Leave a comment

Tags

centos, network management, observium

Introduction
This guide whill show you how to perform an Observium installation on an CentOS/RHEL/Scientific Linux (referred to collectively as Enterprise Linux or EL) box. In this example, we use also a clean installation of EL.
Repositories
For more extended packagelist, we first install the RPM Forge and EPEL repositories:
x86_64
# rpm —import http://apt.sw.be/RPM-GPG-KEY.dag.txt # rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm # rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
i386
# rpm —import http://apt.sw.be/RPM-GPG-KEY.dag.txt # rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i386.rpm # rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

Packages
Now let’s install the needed packages for Observium:
# yum install httpd php php-mysql php-gd php-snmp vixie-cron php-mcryp php-pear net-snmp net-snmp-utils graphviz subversion mysql-server mysql rrdtool fping ImageMagick jwhois nmap ipmitool php-pear.noarch MySQL-python
On x86_64 systems this will tend to try to install i386 packages too unless you’ve explicitly blocked them, so you can try to install the x86_64 packages only:
# yum install httpd.x86_64 php.x86_64 php-mysql.x86_64 php-gd.x86_64 php-snmp.x86_64 vixie-cron.x86_64 php-mcrypt.x86_64 net-snmp.x86_64 net-snmp-utils.x86_64 graphviz.x86_64 subversion.x86_64 mysql-server.x86_64 mysql.x86_64 rrdtool.x86_64 fping.x86_64 ImageMagick.x86_64 jwhois.x86_64 nmap.x86_64 ipmitool.x86_64 php-pear.noarch MySQL-python.x86_64
Press y to confirm installation.
Install PEAR:
# pear install Net_IPv6 # pear install Net_IPv4
Downloading
# mkdir /opt/observium # cd /opt # wget http://www.observium.org/observium-community-latest.tar.gz # tar zxvf observium-community-latest.tar.gz
Configuration
Change into the new install directory:
# cd observium
Database
Now we are going to install the mysql database. Because we have a clean install, we need to configure a root password to the mysqld:
# service mysqld start # /usr/bin/mysqladmin -u root password ‘yournrewrootpassword’
Now enter mysql to create the new Observium database:
mysql -u root -p   <mysql root password> mysql> CREATE DATABASE observium; mysql> GRANT ALL PRIVILEGES ON observium.* TO ‘observium’@’localhost’ IDENTIFIED BY ‘<observium db password>’; exit;
Configuration
Firstly, disable SELinux. You can do this temporarily with the following command:
# setenforce 0
We need to disable SELinux permanently, so you also need to change /etc/selinux/config so that the SELINUX option is set to permissive
# vi /etc/selinux/config SELINUX=permissive
Copy the default configuration file and edit it for your system:
# cp config.php.default config.php
Edit config.php. Change the options to reflect your installation.
// Database config $config[‘db_host’] = “localhost”; $config[‘db_user’] = “observium”; $config[‘db_pass’] = “<observium db password>”; $config[‘db_name’] = “observium”;
Setup the MySQL database and insert the default schema:
# php includes/update/update.php
It is OK to have some errors in the SQL revisions up to 006.
Create the rrd directory to store RRDs in:
# mkdir rrd # chown apache:apache rrd
If the server will be running *only* Observium, change /etc/httpd/conf/httpd.conf default to :
# vi /etc/httpd/conf/httpd.conf  <VirtualHost *:80> DocumentRoot /opt/observium/html/ ServerName  observium.domain.com CustomLog /opt/observium/logs/access_log combined ErrorLog /opt/observium/logs/error_log <Directory “/opt/observium/html/”> AllowOverride All Options FollowSymLinks MultiViews </Directory> </VirtualHost>
Create logs directory for apache
# mkdir /opt/observium/logs # chown apache:apache /opt/observium/logs # /etc/init.d/httpd restart
Add a first user, use level of 10 for admin:
# cd /opt/observium # ./adduser.php <username> <password> <level>
Add a first device to monitor. You need to add related hostname in your DNS or /etc/hosts file.
# vi /etc/hosts 192.168.1.1  server0X.bdnog.org [replace x with group no]
# ./add_device.php <hostname> <community> v2c
Do an initial discovery and polling run to populate the data for the new device:
# ./discovery.php -h all   ./poller.php -h all
Cron
Add cron jobs, create a new file /etc/cron.d/observium with the following contents:
3  */6   * * *   root    /opt/observium/discovery.php -h all » /dev/null 2>&1 */5 *     * * *   root    /opt/observium/discovery.php -h new » /dev/null 2>&1 */5 *     * * *   root    /opt/observium/poller.php -h all » /dev/null 2>&1
And reload the cron process:
# /etc/init.d/cron reload
Please note running only a single poller instance is good for initial testing, but do check the Performance tuning page for further performance enhancing options once you get going.
Final Points
You should now be able to see http://<server ip>
If everything works, let’s set the httpd and mysqld to startup when we reboot the server:
# chkconfig mysqld on # chkconfig httpd on
Troubleshooting
Error 1: Could not ping <hostname>
Solution: Check fping location at /opt/observium/includes/defaults.inc.php file.
# whereis fping # ln -s /usr/sbin/fping /usr/bin/fping
Error 2:  PHP Warning:  PHP Startup: Unable to load dynamic library ‘/usr/lib64/php/modules/module.so’
Solution: Edit /etc/php.d/mcrypt.ini
 ; Enable mcrypt extension module extension=module.so
to
 ; Enable mcrypt extension module extension=mcrypt.so
 Source: http://www.observium.org/wiki/RHEL_Installation

CentOS Local Mirror

23 Sunday Sep 2012

Posted by Fakrul Alam in Uncategorized

≈ Leave a comment

Tags

centos, CentOS mirror, dhakacom

dhakaCom is now hosting local mirror of CentOS. All the CentOS lover can download latest IOS from there. Bellow is the link:

FTP: ftp://mirror.dhakacom.com/centos/
HTTP: http://mirror.dhakacom.com/centos/

You can configure your /etc/yum.repos.d/CentOS-Base.repo to take the update from dhakaCom mirror server.

[root@miror html]# vi /etc/yum.repos.d/CentOS-Base.repo

[base]
name=CentOS – Base
baseurl=http://mirror.dhakacom.com/centos/5.5/os/$basearch/
gpgcheck=1
gpgkey=http://mirror.dhakacom.com/centos/5.5/os/$basearch/RPM-GPG-KEY-CentOS-5

#released updates
[update]
name=CentOS – Updates
baseurl=http://mirror.dhakacom.com/centos/5.5/updates/$basearch/
gpgcheck=1
gpgkey=http://mirror.dhakacom.com/centos/$releasever/os/$basearch/RPM-GPG-KEY-CentOS-5

#released extras
[extras]
name=CentOS – Extras
baseurl=http://mirror.dhakacom.com/centos/5.5/extras/$basearch/
gpgcheck=1
gpgkey=http://mirror.dhakacom.com/centos/5.5/os/$basearch/RPM-GPG-KEY-CentOS-5

#released CentOSPlus
[centosplus]
name=CentOS – CentOSPlus
baseurl=http://mirror.dhakacom.com/centos/5.5/centosplus/$basearch/
enabled=0
gpgcheck=1
gpgkey=http://mirror.dhakacom.com/centos/5.5/os/$basearch/RPM-GPG-KEY-CentOS-5

nfdump & nfsen installation guide

23 Thursday Jun 2011

Posted by Fakrul Alam in Uncategorized

≈ Leave a comment

Tags

centos, linux, netflow, network management, nfdump, nfsen

Download Link:
http://nfdump.sourceforge.net/
http://nfsen.sourceforge.net/

nfdump installation:
Install RRDTool and flex (required for nfdump to compile)

# yum install perl-rrdtool rrdtool rrdtool-devel flex

Extract, and compile as follows (your rrdpath may differ, use which rrdtool):

# ./configure —enable-nfprofile —with-rrdpath=/usr/bin
# make
# make install

nfsen installation:
Extract and make a copy of the etc/nfsen-dist.conf and call it nfsen.conf

For CentOS 5.3, with a standard Apache install, the following changes can to be made to the nfsen.conf. Some are optional, but the user, wwwuser and wwwgroup are mandatory.

$BASEDIR = “/usr/local/nfsen”;
$HTMLDIR    = “/var/www/html/nfsen/”;
$USER    = “apache”;
$WWWUSER  = “apache”;
$WWWGROUP = “apache”;

Remove the default sample netflow devices, and add you own. The syntax  is fairly self explanatory: the name of the device, what port it’s  sending flows to, the colour which will represent the device on the web  interface, and the type.

‘COREROUTER’  => { ‘port’    => ‘9996’, ‘col’ => ‘#ff0000’, ‘type’ => ‘netflow’  }, 

Run the install script

# ./install.pl etc/nfsen.conf

The control script is located in /usr/local/nfsen/bin/nfsen.

NfSen will automatically configure and start the necessary nfdump processes. Start the nfsen process

# ./nfsen start

Now you should be able to browse to http://yourserver/nfsen/nfsen.php  and see a bunch of empty graphs, which will hopefully be populated with  many pretty colours over time.

Last thing we can do is set nfsen.php to be the default page for /nfsen in Apache. Create and edit /etc/httpd/conf.d/nfsen.conf

DirectoryIndex nfsen.php

Social

  • View rapappu’s profile on Twitter
  • View fakrulalam’s profile on LinkedIn
  • View fakrul’s profile on GitHub
  • View FakrulAlamPappu’s profile on Google+
  • View fakrulalam’s profile on Flickr

Twitter Updates

  • #sydeny #summer https://t.co/4FhMTbgG1g 1 week ago
  • RT @protocoljournal: The August 2022 issue of IPJ is ready. Head over to protocoljournal.org for your copy! https://t.co/c0dfwBQAuu 3 weeks ago
  • RT @teamcymru: Take The first step toward clarity, visibility, and reducing external asset related risks With our free Attack Surface Asses… 3 weeks ago
  • RT @akanygren: Have you been working with tech for years and want an overview of #IPv6? I've been working on an open source "Inessential I… 1 month ago
  • blog.lastpass.com/2022/11/notice… 2 months ago
  • #bdnog15 CfP is now open bdnog.org/bdnog15/cfp.php #bdnog #bangladesh #nog #networkoperatorsgroup 2 months ago
  • RT @Cloudflare: Today we’re introducing Cloudflare Radar’s route leak data and API so that anyone can get information about route leaks acr… 2 months ago
  • Battling Zimbabwe fall short as Bangladesh win in chaotic final-over finish espncricinfo.com/series/icc-men… #t20 #worldcup #bangladeh 3 months ago
  • RT @vince2_: With the team @Free_1337, we have developed a Netflow/IPFIX collector and visualizer. It is available at https://t.co/6XtpOtm9… 6 months ago
  • RT @openbsdnow: Effective Shell effective-shell.com 7 months ago
  • RT @nocontextfooty: https://t.co/PU0JeRSrbD 7 months ago
  • smallstep.com/blog/if-openss… 7 months ago
  • github.com/tldr-pages/tldr 9 months ago
  • How to properly interpret a traceroute or MTR | APNIC Blog blog.apnic.net/2022/03/28/how… 9 months ago
  • #dayandnight #Newcastle #beachlife https://t.co/LaKATcEsFY 10 months ago
Follow @rapappu

Tags

antismap antivirus automation Azure bangladesh BASH BASH Script BDCERT bgp bind ccsp centos CentOS mirror CERT CISA cisco Cyber Security ddos dhaka dhakacom DNS DNSSEC GSM intrusion detectoin system Intrusion prevention system ips IPv6 ISACA junos linux Looking Glass lxc lxc profile lxd mailqueue mailscanner Mail Server mailwatch Meraki mikrotik monitor mpls MPLS L3 VPN mysql My Work network network management nginx NSD observium OpenVPN perl PHP ping postfix Proxy PTA python RANCID Reading RPKI Shell Script sms sms server SNMP SSH Tutorial ubuntu Ubuntu Mirror Server Virtual Box vispan vmware websvn Youtube hack খামাখা

Blog at WordPress.com.

  • Follow Following
    • blog.alam.rocks
    • Join 27 other followers
    • Already have a WordPress.com account? Log in now.
    • blog.alam.rocks
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar