Configuring SSH checks in Zabbix

It took somehow some Linux servers to configure SSH checks to not install Zabbix-agent on them.
Zabbix-server itself is installed on Ubuntu Server.

Below in order I will describe how to configure SSH checks in Zabbix.

Authorization for SSH will be configured by key instead of password, for this we stop zabbix-agent and zabbix-server:

sudo service zabbix-agent stop
sudo service zabbix-server stop

Create a Zabbix user home directory (for storing ssh keys):

sudo usermod -m -d /home/zabbix zabbix
sudo chown zabbix:zabbix /home/zabbix
sudo chmod 700 /home/zabbix

Run back zabbix-agent and zabbix-server:

sudo service zabbix-agent start
sudo service zabbix-server start

Open the configuration file /etc/zabbix/zabbix_server.conf (in the nano editor, press Ctrl+O and Enter means save, Ctrl+X to exit):

sudo nano /etc/zabbix/zabbix_server.conf

Uncomment the string SSHKeyLocation and specify the path to the directory with the keys:

SSHKeyLocation=/home/zabbix/.ssh

Restart zabbix-server:

sudo service zabbix-server restart

Generate the ssh key:

sudo -u zabbix ssh-keygen -t rsa

Press Enter if the path is /home/zabbix/.ssh/id_rsa
On the offer to encrypt the key file, press Enter to not encrypt it or enter twice any password (it will encrypt the key file and you will have to specify it when connecting it)

Copy the generated key to the server we will be watching:

sudo -u zabbix ssh-copy-id -i /home/zabbix/.ssh/id_rsa.pub -p 22 root@192.168.0.55

If an error occurs while copying the key, you can manually copy the line from id_rsa.pub to the remote server in the authorized_keys file.

And we will try to connect to the remote server without entering the password with the command:

sudo -u zabbix ssh -p 22 root@192.168.0.55

Now in Zabbix we add the data element to the template or host:
Name: any
Type: SSH agent
Key: ssh.run[description,ip,port,encoding] (eg ssh.run[cpu,192.168.0.55,22,utf8]
Authentication method: Public key
User name (on remote host): root
Public key file: id_rsa.pub
Private key file: id_rsa
Phrase key password: leave blank if you did not encrypt the key with a password
Executed script: command running on a remote server, examples below

Below is an example of commands for Linux that you can execute and get various information.
CPU load for 1min / 5min / 15min:

cat /proc/loadavg |cut -d " " -f1
cat /proc/loadavg |cut -d " " -f2
cat /proc/loadavg |cut -d " " -f3

Number of currently running processes of the specified program:

pgrep apache2|wc -l
pgrep -c sshd

Free space at the mount point “/” (in megabytes):

df -m|grep "/$"|awk '{print $4}'

Occupied space at the mount point “/” (in percent):

df|grep "/$"|awk '{print $5}'|tr -d "%"

Received byte on the network interface eth0:

cat /proc/net/dev|grep eth0|awk '{print $2}'

Bytes sent to the network interface eth0:

cat /proc/net/dev|grep eth0|awk '{print $10}'

Amount of free RAM:

free |grep "Memory:"|awk '{print $4}'
free |grep "Mem:"|awk '{print $4}'

See also:
Connect to SSH using the keys

Configuring a VPN Server in Windows Server

On the test I give an example of setting up a VPN server in Windows Server 2008 R2.

First of all, install the role:

1) Open the server manager and click on the link “Add role“.

2) Select the Network Policy and Access Services role and click “Next“.

3) Select “Remote Access” and click “Next“.

4) Click “Install” and after the installation is complete, click the “Close” button.

Now go to the setup:

1) Open the server manager, open the “Roles” branch, select the Network Policy and Access Services role, right-click on “Routing and Remote Access“, select “Configure and enable routing and remote access“.

2) In the first window click “Next“, in the next we’ll select “Custom configuration“, click the “Next” button, tick three items: Network Address Translation (NAT) and Local Area Networking (LAN routing), click Next and “Done“.
In the window that appears, click “Launch service“.

3) We’ll add an address pool for clients by opening the “Server Manager” – “Roles” – “Network Policy and Access Services“, right-click on “Routing and Remote Access” and select “Properties“.
In the “IPv4 tab, select” Static address pool “and add any range after clicking the “Add” button.
In order to be able to connect to a VPN server, for example, from the iPhone (via L2TP), in the “Security” tab, tick “Allow custom IPSec policies for L2TP connection” and specify the key .

4) Now configure permissions for users. Go to “Server Manager – Configuration – Local Users and Groups – Users“:
Open “Properties” of the desired user and on the Dial-in tab, where “Network Access permission” select “Allow access“.

5) Add NAT rules, the necessary routes and restart the service by right-clicking on “Routing and Remote Access” – “All Tasks” – “Restart “.

For the VPN to work, ports are used and should be opened:
TCP 1723 (for PPTP)
TCP 1701 and UDP 500 (for L2TP)
TCP 443 (for SSTP)

Done.

Connection logs can be seen in the C:\Windows\System32\LogFiles directory

Solution of the error “Invalid command ‘AuthGroupFile'”

I noticed once the following error:

AH00526: Syntax error on line 26 of /etc/apache2/sites-enabled/000-default.conf:
Invalid command ‘AuthGroupFile’, perhaps misspelled or defined by a module not included in the server configuration
Action ‘configtest’ failed.
The Apache error log may have more information.

It is solved simply by activating the module:

sudo a2enmod authz_groupfile

Restart apache2 to apply the changes:

sudo service apache2 restart

Done.

The solution to the error “IP overlaps with VlanXXX. VlanXXX: incorrect IP address assignment”

It was necessary to replace the L3 switch of HP with Cisco once and after a similar switch configuration Cisco noticed an error:

172.16.63.0 overlaps with Vlan111
Vlan121: incorrect IP address assignment

As it turned out the network Vlan111 172.16.0.0/18 was ending at 172.16.63.254, it crossed with Vlan121 172.16.63.0/24.

The HP 5800 switch was configured before that and he did not say anything about it, and Cisco refused to accept the command.

Therefore, since IP addresses were used little in the Vlan111 172.16.0.0/18 network, the problem was solved by reducing the mask to 172.16.0.0/19.

After that, the IP address was successfully registered to the Vlan121 interface.

Done.

Preventing attacks on WordPress xmlrpc.php and wp-login.php

I noticed once on some servers with WordPress sites a large number of calls to the file xmlrpc.php and wp-login.php

As it turned out, someone tried to pick up a password and gain access to the site, usually such things block Jetpack, limited access to the IP in the admin area of the web server, but for some reason, there was no protection.

To count the number of accesses to a file in the logs, you can use the command:

grep 'xmlrpc.php' /var/log/apache2/access.log | wc -l

By the way, the command above can be performed for example from the monitoring system Zabbix , draw a graph on the received data, and also notify of an increase in the number of hits.

Count the number for each IP and list the following:

grep 'xmlrpc.php' /var/log/apache2/access.log | cut -d' ' -f1 | sort | uniq -c | sort -r

Count the number for each IP and list for the wp-login.php file:

grep 'wp-login.php' /var/log/apache2/access.log | cut -d' ' -f1 | sort | uniq -c | sort -r
grep 'wp-login.php' /var/log/apache2/access.log | awk '{print $1}' | sort -n | uniq -c | sort -nr | head -20

In the apache2 configuration or through the .htaccess file, you can restrict access to /wp-admin/ by IP, for example:

<Directory /var/www/site/wp-admin/>
  Options -Indexes
  AllowOverride All
  Order allow,deny
  allow from 127.0.0.1 192.168.11.25
</Directory>

Completely deny access to files like this:

<Files wp-login.php>
Order Deny,Allow
Deny from all
</Files>
<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>

If you use for example Jetpack, then it is better not to limit wp-login.php, as there can be errors when updating the plug-in and will affect its operation.
In this case, you can activate password protection in the Jetpack settings.

If Jetpack is not in use, you can install other plug-ins, for example, “WP Limit Login Attempts”, which displays captcha during authorization, and also blocks incorrect login attempts.
For example, the “Disable XML-RPC Pingback” plug-in can disable XML-RPC functions if they are not needed.

Also in the robots.txt file, you can prevent indexing by the search engines of these files:

User-agent: *
Disallow: /xmlrpc.php
Disallow: /wp-login.php

Hard reset on Samsung GT-I9505 Galaxy S4

Describe the points for the process of a full reset on the Samsung GT-I9505 Galaxy S4:

1) Turn off the phone

2) Simultaneously press and hold three buttons: “Volume +”, “Home” and “Turn on”

3) After the vibration, release the “Power on” button, when the menu appears, release the rest

4) From the menu, you can move up/down with the volume buttons, so select “wipe data/factory reset”

5) Confirm with the “Power” button

6) Then, in the same way, select “Yes — delete all user data”

7) Wait until the user data is cleared and the settings are reset, when the menu appears, select “reboot system now” to reboot the phone.

Done.

How to fix error “Table ‘name’ is marked as crashed and last (automatic?) repair failed”

Once in the FreeRADIUS logs I noticed a MySQL error:

Table ‘./radius/radacct’ is marked as crashed and last (automatic?) repair failed

As it turned out, the radacct table was damaged, since the data there were not particularly important, then the entire table was cleaned.
You can clean up via phpMyAdmin or SQL query:

truncate table TableName

A bit later for the experiment I decided to break the whole database, took another large table in general from another application, about 8 gigabytes in size and 80 million lines.
I applied to it SQL query to clean up old rows before the date specified in the query and rebooted at that moment MySQL, the request was interrupted, the database was left intact, executed the request to optimize the database and again rebooted MySQL, eventually got a corrupted database and a similar error:

#144 – Table ‘name’ is marked as crashed and last (automatic?) repair failed

To restore the database, you must stop the MySQL server (if the table is not used, then you can not stop it):

sudo service mysql stop

Let’s move to the directory with the database:

cd /var/lib/mysql/$DATABASE_NAME

Execute the command to restore the specified table:

myisamchk -r -o -f -v $TABLE_NAME

Upon completion, if you stopped the MySQL server, then run it:

sudo service mysql start

Similarly, on the test, also to speed up the process, the table was restored by copying it to another more powerful server, namely three files /var/lib/mysql/$DATABASE_NAME/ ($TABLE_NAME.MYD, $TABLE_NAME.MYI, $TABLE_NAME.frm).

Solving the start error “unable to execute ./database_installer.sh: No such file or directory”

Once upon a time, the following installer error occurred:

sudo ./database_installer.sh
sudo: unable to execute ./database_installer.sh: No such file or directory

I solved it this way:

sudo apt-get install dos2unix
sudo dos2unix database_installer.sh