Installing and using jnettop

jnettop – a utility for viewing traffic statistics in real time, sorted by hosts / ports.

The installation command in Ubuntu/Debian:

sudo apt-get install jnettop

The installation command in CentOS:

sudo yum install jnettop

An example of a simple start:

sudo jnettop

An example of a start with a network interface:

sudo jnettop -i eth0

I’ll describe the possible startup options:
-h (help)
-v (view version)
-c (disable content filtering)
-d (write debugging information to a file)
-f (reading the configuration from the file, if not specified, then the file is searched for ~/.jnettop)
-i (to capture packets from the specified interface)
–local-aggr [none|host|port|host+port] (set local aggregation to the specified value)
–remote-aggr [none|host|port|host+port] (set remote aggregation to the specified value)
-n (do not resolving IP to DNS names)
-p (inclusion of promiscuous mode to receive all packets that come to the network interface)
-s (selects one of the rules defined in the .jnettop configuration file (by its name))
-x (allows you to specify a custom filter rule. this allows you to use the syntax of the tcpdump style. do not forget to include the filter in quotation marks when starting from the shell)

Email notification about each SSH connection

Here are a few ways to receive e-mail notifications about someone connecting to the server via SSH.

FIRST METHOD:
With a text editor, for example nano, open the file /etc/ssh/sshrc (in the nano editor CTRL+X to exit, y/n and Enter to save or discard changes):

sudo nano /etc/ssh/sshrc

And add the following code to it:

ip=`echo $SSH_CONNECTION | cut -d " " -f 1`
logger -t ssh-wrapper $USER login from $ip
(echo "Subject:login($ip) on server"; echo "User $USER just logged in from $ip";) | sendmail -f server@example.com -t your-email@example.com &

You do not need to restart SSH, the notifications should already come in when connecting.

SECOND METHOD:
Add the specified lines to the config /etc/rsyslog.conf (before each line commented the essence, this code will send messages about failed connections):

# Connect the messaging module
$ModLoad ommail
# Specify the address of the mail server
$ActionMailSMTPServer mail.domain.com
# Specify the email from which messages will be sent
$ActionMailFrom rsyslog@domain.com
# Specify the email to which messages will be sent
$ActionMailTo test@domain.com
# Specify the subject of the message
$template mailSubject,"SSH Invalid User %hostname%"
# Specify the content of the message
$template mailBody,"RSYSLOG\r\nmsg='%msg%'"
$ActionMailSubject mailSubject
# Specify in seconds how often messages can be sent
$ActionExecOnlyOnceEveryInterval 10
# If the log contains the characters in parentheses, then we send a message
if $msg contains 'Invalid user' then :ommail:;mailBody

The same way of sending via rsyslog, but notifications of successful connections are sent (code without comments as above):

$ActionMailSMTPServer mail.domain.com
$ActionMailFrom rsyslog@domain.com
$ActionMailTo test@domain.com
$template mailSubject,"SSH Accepted pass %hostname%"
$template mailBody,"RSYSLOG\r\nmsg='%msg%'"
$ActionMailSubject mailSubject
$ActionExecOnlyOnceEveryInterval 10
if $msg contains 'Accepted password' then :ommail:;mailBody

As a result, if the connection to the SSH server is successful or not successful, messages will be sent to the e-mail. In a similar way, you can announce to email and other events that are logged via rsyslog.

Asterisk warning “leave_voicemail: No more messages possible”

I noticed the following error on one of the servers:

WARNING[21992][C-00000b27]: app_voicemail.c:6559 leave_voicemail: No more messages possible

It turned out that the mailbox was full of voice messages and they ceased to exist, in response the caller was informed “The subscriber’s voice box is full”.

To solve this problem there are several options:

1) Delete the messages in the voice mailbox by calling the voice mail number.

2) Increase the value of maxmsg in the voicemail.conf file, thereby increasing the maximum number of messages in the mailbox, but again it may be full. After the changes in the voicemail.conf file, you need to apply them:

sudo asterisk -rvv
voicemail reload
quit

3) In the context of the voice mailbox, add delete=yes, for example:

[voicemailcontext]
207 => 1111,Username,test@example.com,,attach=yes|tz=ua|delete=yes

In this case, voice messages will be sent to e-mail, and they will be immediately deleted from the server, that is, they can not be listened to by calling to the voice mail number and accordingly the mailbox will never be full. I consider this option the best.

See also:
Setting up voicemail in Asterisk

OID and MIB list for Arris Cadant C3

I’ll list a few oid below and briefly describe them.
Check the response to oid and mib in linux for example with the following command:

snmpwalk -v 2c -c public 192.168.0.10 .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.6

Connected modems (dcxUsStatsRegComplete) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.6

Upstream Indexes: .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.8
Network Interface Status .1.3.6.1.2.1.2.2.1.8
Description of network interfaces .1.3.6.1.2.1.2.2.1.2
Network Interface Name .1.3.6.1.2.1.31.1.1.1.1

SignalNoise upstream (docsIfSigQSignalNoise) .1.3.6.1.2.1.10.127.1.1.4.1.5
SignalNoiseSNR upstream (docsIfSigQSignalNoiseSNR) .1.3.6.1.4.1.4115.1.4.3.6.1.3.1.21

Mibs for upstream power-level:
.1.3.6.1.4.1.4115.1.4.3.6.1.3.1.8.11
.1.3.6.1.4.1.4115.1.4.3.6.1.3.1.8.12
.1.3.6.1.4.1.4115.1.4.3.6.1.3.1.8.13
.1.3.6.1.4.1.4115.1.4.3.6.1.3.1.8.14
.1.3.6.1.4.1.4115.1.4.3.6.1.3.1.8.15
.1.3.6.1.4.1.4115.1.4.3.6.1.3.1.8.16

Number of modems on the upstream:
.1.3.6.1.4.1.4998.1.1.20.2.12.1.6.downstreamid.upstreamid

(dcxUsStatsOther) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.1
(dcxUsStatsRanging) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.2
(dcxUsStatsRngAborted) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.3
(dcxUsStatsRngComplete) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.4
(dcxUsStatsIpComplete) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.5
(dcxUsStatsAccessDenied) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.7

(UpstreamNum) .1.3.6.1.2.1.10.127.1.3.11.1.1
(dcxUsStatsAvgUtil) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.12
(dcxUsStatsAvgContSlots) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.13
(docsIfSigQUnerroreds) .1.3.6.1.2.1.10.127.1.1.4.1.2
(docsIfSigQCorrecteds) .1.3.6.1.2.1.10.127.1.1.4.1.3
(docsIfSigQUncorrectables) .1.3.6.1.2.1.10.127.1.1.4.1.4
(dcxUsStatsNumActiveUGS) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.9
(dcxUsStatsAvgUGSLastOneHour) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.10
(dcxUsStatsMaxUGSLastFiveMins) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.11

See also:
SNMP OID and MIB for interfaces

How to remove statistics from the main page phpBB

To remove statistics from the main page of the phpBB forum, comment out certain lines in the template file of the theme used.
Go to the template folder and open the file index_body.html in a text or html editor.
We find the following lines:

<h3>{L_STATISTICS}</h3>
<p>{TOTAL_POSTS} &bull; {TOTAL_TOPICS} &bull; {TOTAL_USERS} &bull; {NEWEST_USER}</p>

And comment them out:

<!-- <h3>{L_STATISTICS}</h3> -->
<!-- <p>{TOTAL_POSTS} &bull; {TOTAL_TOPICS} &bull; {TOTAL_USERS} &bull; {NEWEST_USER}</p> -->

After the changes in the files, you must clear the cache through the control panel or manually.

The list of users online, the legend of moderators and administrators, birthdays can be disabled in the control panel of the forum: “Home” -> “Server load“.

Firmware Update for TP-Link TL-WR840N Router

For the test, I will update the TP-Link TL-WR840N V1 with firmware 13xxxx RU.

1) Let’s look at the revision of the router, in my case it’s V1, and it’s for it that we download the archive with the new firmware from the official site:
https://www.tp-link.com/us/download/TL-WR840N.html
In my case, the last firmware for V1 was TL-WR840N_V1_151023_EN. If you download the firmware from an incorrect revision, you can damage the router. Unpack from the downloaded archive firmware file.

2) Open the router settings by typing in the browser address http://192.168.0.1 and enter login – admin, password – admin.

3) In the menu, select “System Tools” – “Firmware Update”, click the “Browse …” button and select the previously unpacked firmware file from the archive. Next, click the “Update” button and wait until the firmware is loaded into the router and it will reboot.

At the time of upgrade, you can not turn off the power of the router.
After updating the firmware, the settings in the router are not reset.

IPTables rules for FTP server

To open access to the FTP server in IPTables, you need to add rules:

sudo iptables -A INPUT -p tcp --dport 21 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 1024:1030 -j ACCEPT

To only allow access to a particular network, for example 192.168.1.0/24:

sudo iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 21 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT
sudo iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 1024:1030 -j ACCEPT

To remove a rule, we’ll specify the same command, replacing -A with -D, for example:

sudo iptables -D INPUT -p tcp --dport 21 -j ACCEPT
sudo iptables -D OUTPUT -p tcp --sport 20 -j ACCEPT
sudo iptables -D INPUT -p tcp --dport 1024:1030 -j ACCEPT

To view the list of rules, use the command:

sudo iptables -nvL

1024-1030 – example ports for passive mode are specified in the FTP server configuration, for example for ProFTPd are specified in the /etc/proftpd/proftpd.conf file as follows:

PassivePorts 1024 1030

See also my articles:
Configuring IPTables
Active and passive FTP mode
Installing and Configuring Pure-FTPd in Ubuntu
Installing and Configuring ProFTPd in Ubuntu