Category Archives: Linux

Installing and Configuring SNMPD + MRTG

MRTG (Multi Router Traffic Grapher) – a tool for displaying various data in graphs.

The installation command in Ubuntu/Debian:

sudo apt-get install mrtg snmp snmpd

In CentOS:

yum install mrtg net-snmp net-snmp-utils

The command below can tell you which additional modules are in the repository:

apt-cache search mrtg

Open the configuration file /etc/snmp/snmpd.conf

sudo nano /etc/snmp/snmpd.conf

Comment on the line:

com2sec paranoid default public

And uncomment the line:

com2sec readonly default public

Restart snmpd so that changes to the configuration file take effect:

sudo /etc/init.d/snmpd restart

You can check snmp by commands:

netstat -nlp | grep snmpd
snmpwalk -v2с -c public localhost

Beginners can generate a simple configuration file with the command:

sudo cfgmaker public@localhost >> /etc/mrtg.cfg

where public is the name of the community (the password is in other words), and localhost is the host address or ip.

Example of starting the configuration file /etc/mrtg.cfg:

WorkDir: /var/www/mrtg
Options[_]: growright, bits, nobanner
Background[_]: #B0C4DE
EnableIPv6: no
Language: russian
EnableSnmpV3: no
Interval: 10
Refresh: 600
Include: /etc/mrtg/server1.cfg
Include: /etc/mrtg/server2.cfg

Create the working directory:

sudo mkdir /var/www/mrtg

Then you must write or generate the index.html file with the command:

sudo indexmaker /etc/mrtg.cfg > /var/www/mrtg/index.html

We look at the log /var/log/mrtg.log so that there are no errors.

Here is an example of setting up SNMP on D-Link switches:

private CommunityView Read Write
public CommunityView Read Only

Example of a manual start script (mrtg.sh):

#!/bin/bash
#run mrtg
LANG=C
export $LANG
/usr/bin/mrtg /etc/mrtg.cfg --logging /var/log/mrtg.log

IPTables rules for Samba

To open access to Samba in IPTables, you must add four rules at once:

sudo iptables -A INPUT -p udp -m udp --dport 137 -j ACCEPT
sudo iptables -A INPUT -p udp -m udp --dport 138 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 139 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 445 -j ACCEPT

To only allow access to a particular network, for example 192.168.1.0/24:

sudo iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 137 -j ACCEPT
sudo iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 138 -j ACCEPT
sudo iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 139 -j ACCEPT
sudo iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 445 -j ACCEPT

To remove a rule, we’ll specify the same command, replacing -A with -D, for example:

sudo iptables -D INPUT -s 192.168.1.0/24 -p udp -m udp --dport 137 -j ACCEPT
sudo iptables -D INPUT -s 192.168.1.0/24 -p udp -m udp --dport 138 -j ACCEPT
sudo iptables -D INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 139 -j ACCEPT
sudo iptables -D INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 445 -j ACCEPT

To view the list of rules, use the command:

sudo iptables -nvL

See also my articles:
Configuring IPTables
Installing and Configuring Samba on Linux

Installing and Configuring PostgreSQL in Ubuntu

The installation command in Ubuntu:

sudo apt-get install postgresql postgresql-client postgresql-contrib

You can install a graphical client for easy management:

sudo apt-get install pgadmin3

or

sudo apt-get install phppgadmin

To access from outside, open the configuration file (Ctrl + X to exit):

sudo nano /etc/postgresql/9.3/main/postgresql.conf

And uncomment the line:

listen_addresses = 'localhost'

In the pg_hba.conf file, we specify which addresses are allowed access:

host all all 192.168.0.1/32 md5

Restart PostgreSQL so that the changes to the configuration files take effect:

sudo service postgresql restart

Here is the password for the postgres user:

sudo -u postgres psql
ALTER USER postgres with encrypted password 'PASSWORD';
CTRL+Z

An example of testing a connection from a remote computer:

psql -h СЕРВЕР -U postgres -W

If PostgreSQL is to be used with Apache2, then we’ll install the other components:

sudo apt-get install apache2 libapache2-mod-php5 php5 php5-common php5-gd php5-pgsql

Solution of the error “Using unique option prefix pass instead of password is deprecated …”

I noticed some errors coming to the root mail with the subject and the text:

Cron /usr/bin/test -x /usr/local/cpanel/scripts/update_db_cache && /usr/local/cpanel/scripts/update_db_cache
Warning: Using unique option prefix pass instead of password is deprecated and will be removed in a future release. Please use the full name instead.

The problem lies in the file ~ / .my.cnf, that is /root/.my.cnf in my case.

In which the parameter “pass” is obsolete and must be changed to a new “password”.

For example, that’s how it was when the error occurred:

[client]
user=root
pass=password

Changed to password and the error disappeared:

[client]
user=root
password=password

See also:
Connecting to MySQL from localhost without entering a password

Using SED (Stream EDitor)

SED (Stream EDitor) — streaming text editor and programming language.
An excellent tool to convert outgoing text data in any convenient form.

For example, several times wrote a table of online mac-addresses, which were taken from the switch, were checked with billing and were output with such data as address, ID, login, etc ..
For example, a script that receives SNMP macros from the L3 of the HP 5800 switch and saves them in a text document in a column, thanks to the SED, unnecessary data is deleted, and spaces are replaced with a colon:

#!/bin/bash
rm /var/www/mac.txt
snmpwalk -v 2c -c community 192.168.1.50 .1.3.6.1.2.1.17.4.3 -O v|sed -e "s/.*Hex-STRING: //g" -e "s/ /:/g" -e "s/.$//" -e "/INTEGER/d" > /var/www/mac.txt

Here are a few more examples of using SED.
Output only values after Hex-STRING:

sed -e 's/.*Hex-STRING: //g'

Colon whitespace replacement:

sed -e 's/ /:/g'

Delete the last line:

sed -e sed 's/.$//'

Delete the last character:

sed -e 's/.$//'

Removing a string containing INTEGER:

sed -e '/INTEGER/d'

Removing lines in file.txt where ABCD occurs:

sed -i '/^ABCD/ d' file.txt

Example of deleting the third line in the file file.txt and deleting 4 lines starting from line 7:

sed -i '3,1d' file.txt
sed -i '7,4d' file.txt

Enumerate the lines in file.txt:

sed = file.txt | sed 'N;s/\n/\t/'

Outputting only rows from 5-10:

sed -n 5,10p file.txt

The built-in help can be obtained by the command:

man sed

Installing and Configuring a TFTP Server in Ubuntu

TFTP (Trivial File Transfer Protocol) It is mainly used for initial loading of diskless workstations. TFTP, unlike FTP, does not contain authentication capabilities (although it is possible to filter on the IP address) and is based on the transport protocol UDP.
atftpd server
atftp client

Install:

sudo apt-get install atftpd atftp

The server uses the port: 69/udp
The default directory is /srv/tftp if it does not exist, create:

sudo mkdir -p /srv/tftp
sudo chown nobody /srv/tftp

To start automatically, you need to comment out (put # at the beginning of the line) the start line in /etc/inetd.conf:

#tftp dgram udp4 wait nobody /usr/sbin/tcpd /usr/sbin/in.tftpd –tftpd-timeout 300 –retry-timeout 5 –mcast-port 1758 –mcast-addr 239.239.239.0-255 –mcast-ttl 1 –maxthread 100 –verbose=5 /srv/tftpd

And change the value of the variable USE_INETD in the file /etc/default/atftpd from true to false.
This can be done in any editor, for example using nano:

sudo nano /etc/default/atftpd

(in the editor the key combination Ctrl+O is used to save the changes, and Ctrl+X to exit).

To apply the changes and run atftpd, run the following command:

sudo /etc/init.d/atftpd restart

Done, TFTP server should work, accept and return files from the /srv/tftp directory.

See also my articles:
IPTables rules for TFTP
Starting a TFTP server in Windows
Configuring DHCP + TFTP for DOCSIS
Install and configure tftpd-hpa

Install and configure ntopng

Below I’ll describe the installation of ntopng in Ubuntu.
We select the necessary package on http://packages.ntop.org/apt-stable/ and download it:

wget wget http://apt-stable.ntop.org/16.04/all/apt-ntop-stable.deb
sudo dpkg -i apt-ntop-stable.deb

Further we carry out:

sudo apt-get clean all
sudo apt-get update
sudo apt-get install pfring nprobe ntopng ntopng-data n2disk nbox
sudo touch /etc/ntopng/ntopng.start
sudo /etc/init.d/ntopng restart

If new versions of ntopng are released, then you can update by running the commands:

sudo apt-get update
sudo apt-get upgrade

After installation, the configuration file will be located in the /etc/ntopng/ntopng.conf directory
I will give an example of its content:

-w=3000
-d=/var/tmp/ntopng
-G=/var/run/ntopng.pid
--httpdocs-dir /usr/share/ntopng/httpdocs
--local-networks="192.168.0.0/16,10.0.0.0/8,172.16.0.0/16"

Restart / stop / start ntopng with commands:

sudo /etc/init.d/ntopng restart
sudo /etc/init.d/ntopng stop
sudo /etc/init.d/ntopng start

You can check from the console with the command:

sudo /etc/init.d/ntopng status
sudo netstat -tulpn | grep :3000

Open the web interface by typing in the address bar of the browser:
http://HOST:3000

The standard login and password are admin/admin.

See also:
Install and configure nprobe
The solution to the error “Missing /etc/ntopng/ntopng.start. Quitting”