I’ll describe the process of firmware Samsung GT-C3330.
Continue reading “Firmware update Samsung GT-C3332”Configuring SSH checks in Zabbix
It took somehow some Linux servers to configure SSH checks to not install Zabbix-agent on them.
Zabbix-server itself is installed on Ubuntu Server.
Below in order I will describe how to configure SSH checks in Zabbix.
Authorization for SSH will be configured by key instead of password, for this we stop zabbix-agent and zabbix-server:
sudo service zabbix-agent stop sudo service zabbix-server stop
Create a Zabbix user home directory (for storing ssh keys):
sudo usermod -m -d /home/zabbix zabbix sudo chown zabbix:zabbix /home/zabbix sudo chmod 700 /home/zabbix
Run back zabbix-agent and zabbix-server:
sudo service zabbix-agent start sudo service zabbix-server start
Open the configuration file /etc/zabbix/zabbix_server.conf (in the nano editor, press Ctrl+O and Enter means save, Ctrl+X to exit):
sudo nano /etc/zabbix/zabbix_server.conf
Uncomment the string SSHKeyLocation and specify the path to the directory with the keys:
SSHKeyLocation=/home/zabbix/.ssh
Restart zabbix-server:
sudo service zabbix-server restart
Generate the ssh key:
sudo -u zabbix ssh-keygen -t rsa
Press Enter if the path is /home/zabbix/.ssh/id_rsa
On the offer to encrypt the key file, press Enter to not encrypt it or enter twice any password (it will encrypt the key file and you will have to specify it when connecting it)
Copy the generated key to the server we will be watching:
sudo -u zabbix ssh-copy-id -i /home/zabbix/.ssh/id_rsa.pub -p 22 root@192.168.0.55
If an error occurs while copying the key, you can manually copy the line from id_rsa.pub to the remote server in the authorized_keys file.
And we will try to connect to the remote server without entering the password with the command:
sudo -u zabbix ssh -p 22 root@192.168.0.55
Now in Zabbix we add the data element to the template or host:
Name: any
Type: SSH agent
Key: ssh.run[description,ip,port,encoding] (eg ssh.run[cpu,192.168.0.55,22,utf8]
Authentication method: Public key
User name (on remote host): root
Public key file: id_rsa.pub
Private key file: id_rsa
Phrase key password: leave blank if you did not encrypt the key with a password
Executed script: command running on a remote server, examples below
Below is an example of commands for Linux that you can execute and get various information.
CPU load for 1min / 5min / 15min:
cat /proc/loadavg |cut -d " " -f1 cat /proc/loadavg |cut -d " " -f2 cat /proc/loadavg |cut -d " " -f3
Number of currently running processes of the specified program:
pgrep apache2|wc -l pgrep -c sshd
Free space at the mount point “/” (in megabytes):
df -m|grep "/$"|awk '{print $4}'
Occupied space at the mount point “/” (in percent):
df|grep "/$"|awk '{print $5}'|tr -d "%"
Received byte on the network interface eth0:
cat /proc/net/dev|grep eth0|awk '{print $2}'
Bytes sent to the network interface eth0:
cat /proc/net/dev|grep eth0|awk '{print $10}'
Amount of free RAM:
free |grep "Memory:"|awk '{print $4}' free |grep "Mem:"|awk '{print $4}'
See also:
Connect to SSH using the keys
Configuring a VPN Server in Windows Server
On the test I give an example of setting up a VPN server in Windows Server 2008 R2.
First of all, install the role:
1) Open the server manager and click on the link “Add role“.
2) Select the Network Policy and Access Services role and click “Next“.
3) Select “Remote Access” and click “Next“.
4) Click “Install” and after the installation is complete, click the “Close” button.
Now go to the setup:
1) Open the server manager, open the “Roles” branch, select the Network Policy and Access Services role, right-click on “Routing and Remote Access“, select “Configure and enable routing and remote access“.
2) In the first window click “Next“, in the next we’ll select “Custom configuration“, click the “Next” button, tick three items: Network Address Translation (NAT) and Local Area Networking (LAN routing), click Next and “Done“.
In the window that appears, click “Launch service“.
3) We’ll add an address pool for clients by opening the “Server Manager” – “Roles” – “Network Policy and Access Services“, right-click on “Routing and Remote Access” and select “Properties“.
In the “IPv4 tab, select” Static address pool “and add any range after clicking the “Add” button.
In order to be able to connect to a VPN server, for example, from the iPhone (via L2TP), in the “Security” tab, tick “Allow custom IPSec policies for L2TP connection” and specify the key .
4) Now configure permissions for users. Go to “Server Manager – Configuration – Local Users and Groups – Users“:
Open “Properties” of the desired user and on the Dial-in tab, where “Network Access permission” select “Allow access“.
5) Add NAT rules, the necessary routes and restart the service by right-clicking on “Routing and Remote Access” – “All Tasks” – “Restart “.
For the VPN to work, ports are used and should be opened:
TCP 1723 (for PPTP)
TCP 1701 and UDP 500 (for L2TP)
TCP 443 (for SSTP)
Done.
Connection logs can be seen in the C:\Windows\System32\LogFiles directory
Solution of the error “Invalid command ‘AuthGroupFile'”
I noticed once the following error:
AH00526: Syntax error on line 26 of /etc/apache2/sites-enabled/000-default.conf:
Invalid command ‘AuthGroupFile’, perhaps misspelled or defined by a module not included in the server configuration
Action ‘configtest’ failed.
The Apache error log may have more information.
It is solved simply by activating the module:
sudo a2enmod authz_groupfile
Restart apache2 to apply the changes:
sudo service apache2 restart
Done.
What is the login and password for Thomson TCW710?
Once I was often asked what is the standard login and password for the Docsis modem Thomson TCW710.
So, the default login is empty, that is, in the “User Name” field, you do not need to enter anything, but the password is admin.
The solution to the error “IP overlaps with VlanXXX. VlanXXX: incorrect IP address assignment”
It was necessary to replace the L3 switch of HP with Cisco once and after a similar switch configuration Cisco noticed an error:
172.16.63.0 overlaps with Vlan111
Vlan121: incorrect IP address assignment
As it turned out the network Vlan111 172.16.0.0/18 was ending at 172.16.63.254, it crossed with Vlan121 172.16.63.0/24.
The HP 5800 switch was configured before that and he did not say anything about it, and Cisco refused to accept the command.
Therefore, since IP addresses were used little in the Vlan111 172.16.0.0/18 network, the problem was solved by reducing the mask to 172.16.0.0/19.
After that, the IP address was successfully registered to the Vlan121 interface.
Done.
Preventing attacks on WordPress xmlrpc.php and wp-login.php
I noticed once on some servers with WordPress sites a large number of calls to the file xmlrpc.php and wp-login.php
Continue reading “Preventing attacks on WordPress xmlrpc.php and wp-login.php”Hard reset on Samsung GT-I9505 Galaxy S4
Describe the points for the process of a full reset on the Samsung GT-I9505 Galaxy S4:
1) Turn off the phone
2) Simultaneously press and hold three buttons: “Volume +”, “Home” and “Turn on”
3) After the vibration, release the “Power on” button, when the menu appears, release the rest
4) From the menu, you can move up/down with the volume buttons, so select “wipe data/factory reset”
5) Confirm with the “Power” button
6) Then, in the same way, select “Yes — delete all user data”
7) Wait until the user data is cleared and the settings are reset, when the menu appears, select “reboot system now” to reboot the phone.
Done.
How to fix error “Table ‘name’ is marked as crashed and last (automatic?) repair failed”
Once in the FreeRADIUS logs I noticed a MySQL error:
Table ‘./radius/radacct’ is marked as crashed and last (automatic?) repair failed
As it turned out, the radacct table was damaged, since the data there were not particularly important, then the entire table was cleaned.
You can clean up via phpMyAdmin or SQL query:
truncate table TableName
A bit later for the experiment I decided to break the whole database, took another large table in general from another application, about 8 gigabytes in size and 80 million lines.
I applied to it SQL query to clean up old rows before the date specified in the query and rebooted at that moment MySQL, the request was interrupted, the database was left intact, executed the request to optimize the database and again rebooted MySQL, eventually got a corrupted database and a similar error:
#144 – Table ‘name’ is marked as crashed and last (automatic?) repair failed
To restore the database, you must stop the MySQL server (if the table is not used, then you can not stop it):
sudo service mysql stop
Let’s move to the directory with the database:
cd /var/lib/mysql/$DATABASE_NAME
Execute the command to restore the specified table:
myisamchk -r -o -f -v $TABLE_NAME
Upon completion, if you stopped the MySQL server, then run it:
sudo service mysql start
Similarly, on the test, also to speed up the process, the table was restored by copying it to another more powerful server, namely three files /var/lib/mysql/$DATABASE_NAME/ ($TABLE_NAME.MYD, $TABLE_NAME.MYI, $TABLE_NAME.frm).
Installing phpIPAM
phpIPAM – web application for IP accounting, VLAN addresses, etc. Works on PHP using MySQL, jQuery, ajax and HTML5.
Continue reading “Installing phpIPAM”