Posts tagged networking

OpenWRT on TP-Link MR3020 as infopoint with local webserver

Howto install OpenWRT on an TP-Link MR3020 mini router with external filesystem on a USB stick running a local webserver (lighttpd) to serve up webpages to act as an info point e.g. in a exhibition.

Inspired by the Piratebox Project: http://wiki.daviddarts.com/PirateBox_DIY_OpenWrt
Read More »

Tethering from iPhone 3G to iPad 2 – works

If you own a iPhone 4 and have iOS 4.3 or up installed your lucky because Apple gave you a personal WLAN hotspot for sharing your 3G internet connection to your WLAN enabled devices nearby.

But i still have my old iPhone 3G but wish to share its internet with my brand new iPad 2, so what to do? – it’s easier than i thought:

  1. Enable bluetooth on both your iPhone and iPad
  2. Select the iPhone on your iPad in the bluetooth settings and pair with it (not other way round!)
  3. I had bluetooth tethering already enabled on the iPhone, otherwise you should enable it now
  4. enjoy your internet on your iPad, that’s it!

Nagios 3.0.x auf Ubuntu Server 10.04 LTSNagios 3.0.x on Ubuntu Server 10.04 LTS

Zuerst Nagios 3 Packages auf Ubuntu installieren:

$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get install nagios3 nagios3-doc

Die Konfigurationsdateien befinden sich in /etc/nagios3 und /etc/nagios3/conf.d. Die Contacts und Hosts sind auf die eigenen Bedürfnisse anzupassen.

Was mich sehr viel Zeit gekostet hat war das Aktivieren der “external commands”. Diese werden gebraucht wenn man über das Webinterface Alarme auslösen will oder sonstige Aspekte von Nagios konfigurieren will.

/etc/nagios3/nagios.cfg editieren:

# EXTERNAL COMMAND OPTION
# Values: 0 = disable commands, 1 = enable commands

check_external_commands=1

# EXTERNAL COMMAND CHECK INTERVAL
# NOTE: Setting this value to -1 causes Nagios to check the external
# command file as often as possible.

command_check_interval=15s
#command_check_interval=-1

Um den Error: Could not stat() command file ‘/var/lib/nagios3/rw/nagios.cmd’ loszuwerden, musste ich folgendes tun:

$ sudo /etc/init.d/nagios3 stop
$ sudo dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw
$ sudo dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3
$ sudo /etc/init.d/nagios3 start

Um Benachrichtigungen mittels SMTP Server mit Authentifikation zu versenden:

http://exchange.nagios.org/directory/Addons/Notifications/Notifications-using-ISP-SMTP-server-with-Authentication/details

$ sudo apt-get install sendemail

/etc/nagios3/resource.cfg:

$USER5$=your_isp_email_username
$USER6$=your_isp_email_password
$USER7$=your_isp_outgoing_mail_server

/etc/nagios3/commands.cfg

Ändere “notify-host-by-email” command line zu:

command_line /usr/bin/sendemail -o tls=yes -s $USER7$ -xu $USER5$ -xp $USER6$ -t $CONTACTEMAIL$ -f $CONTACTEMAIL$ -l /var/log/sendEmail -u "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" -m "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n"

Ändere die “notify-service-by-email” command line zu:

command_line /usr/bin/sendemail -o tls=yes -s $USER7$ -xu $USER5$ -xp $USER6$ -t $CONTACTEMAIL$ -f $CONTACTEMAIL$ -l /var/log/sendEmail -u "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" -m "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$"

Nun noch folgendes:

$ sudo touch /var/log/sendEmail
$ sudo chown nagios:nagios /var/log/sendEmail
$ sudo /etc/init.d/nagios3 restart

install nagios3 packages:

$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get install nagios3 nagios3-doc

config files are located in /etc/nagios3 and /etc/nagios3/conf.d configure your contacts and hosts accordingly.

what got me crazy was enabling external commands (needed to perform actions in the webinterface like sending alerts or enabling/disabling things).

edit /etc/nagios3/nagios.cfg:

# EXTERNAL COMMAND OPTION
# Values: 0 = disable commands, 1 = enable commands

check_external_commands=1

# EXTERNAL COMMAND CHECK INTERVAL
# NOTE: Setting this value to -1 causes Nagios to check the external
# command file as often as possible.

command_check_interval=15s
#command_check_interval=-1

to get rid of Error: Could not stat() command file ‘/var/lib/nagios3/rw/nagios.cmd’, i had to do this:

$ sudo /etc/init.d/nagios3 stop
$ sudo dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw
$ sudo dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3
$ sudo /etc/init.d/nagios3 start

to send notification mails using the corporate smtp host i had to do this:

http://exchange.nagios.org/directory/Addons/Notifications/Notifications-using-ISP-SMTP-server-with-Authentication/details

$ sudo apt-get install sendemail

Edit /etc/nagios3/resource.cfg:

$USER5$=your_isp_email_username
$USER6$=your_isp_email_password
$USER7$=your_isp_outgoing_mail_server

Edit /etc/nagios3/commands.cfg

Change command_line for command_name notify-host-by-email:

command_line /usr/bin/sendemail -o tls=yes -s $USER7$ -xu $USER5$ -xp $USER6$ -t $CONTACTEMAIL$ -f $CONTACTEMAIL$ -l /var/log/sendEmail -u "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" -m "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n"

and the notify-service-by-email command line to

command_line /usr/bin/sendemail -o tls=yes -s $USER7$ -xu $USER5$ -xp $USER6$ -t $CONTACTEMAIL$ -f $CONTACTEMAIL$ -l /var/log/sendEmail -u "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" -m "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$"
$ sudo touch /var/log/sendEmail
$ sudo chown nagios:nagios /var/log/sendEmail
$ sudo /etc/init.d/nagios3 restart

SNMPD auf Ubuntu funktionsfähig bekommenGetting SNMPD to work on Ubuntu

Snmpd auf Ubuntu zu installieren scheint einfach zu sein, ist es auch, aber hat bei mir nie wirklich 100% funktioniert. Der snmpd funktionierte immer nur lokal, aber nicht für entfernte Zugriffe meines cacti Servers. Das Problem ist jenes, dass Ubuntu standartmässig den snmpd auf dem Loopback Interface startet, was Zugriffe von aussen verhindert.

Meine /etc/default/snmpd sieht nun so aus:

# This file controls the activity of snmpd and snmptrapd

# MIB directories.  /usr/share/snmp/mibs is the default, but
# including it here avoids some strange problems.
export MIBDIRS=/usr/share/snmp/mibs

# snmpd control (yes means start daemon).
SNMPDRUN=yes

# snmpd options (use syslog, close stdin/out/err).
#SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'

# snmptrapd control (yes means start daemon).  As of net-snmp version
# 5.0, master agentx support must be enabled in snmpd before snmptrapd
# can be run.  See snmpd.conf(5) for how to do this.
TRAPDRUN=no

# snmptrapd options (use syslog).
TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'

# create symlink on Debian legacy location to official RFC path
SNMPDCOMPAT=yes

Das war’s. Nun nur noch mit $ sudo /etc/init.d/snmpd restart den snmp Server neu starten und alles funktioniert so wie’s soll.

Setting up snmpd on ubuntu seems easy, but i never got it full working. It was working locally, but not for a cacti setup from another server. The problem was that the default install of snmpd on Ubuntu starts the demon on the loopback interface only, refusing connections from other computers.

Edit /etc/default/snmpd to fix that:

# This file controls the activity of snmpd and snmptrapd

# MIB directories.  /usr/share/snmp/mibs is the default, but
# including it here avoids some strange problems.
export MIBDIRS=/usr/share/snmp/mibs

# snmpd control (yes means start daemon).
SNMPDRUN=yes

# snmpd options (use syslog, close stdin/out/err).
#SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'

# snmptrapd control (yes means start daemon).  As of net-snmp version
# 5.0, master agentx support must be enabled in snmpd before snmptrapd
# can be run.  See snmpd.conf(5) for how to do this.
TRAPDRUN=no

# snmptrapd options (use syslog).
TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'

# create symlink on Debian legacy location to official RFC path
SNMPDCOMPAT=yes

that’s it. To restart the snmp server enter $ sudo /etc/init.d/snmpd restart

MP4 Videos vom eigenen Webserver iPhone tauglich machenEnable your webserver to feed iPhone with MP4 videos

Ich verwende iPhone OS 3.x und hatte Probleme .mp4 Dateien direkt im Safari auf dem iPhone angezeigt zu bekommen. Ich habe verschiedenste Einstellungen beim Encodieren ausprobiert, aber immer wenn ich im iPhone Safari auf einen .mp4 Link auf meinem Webserver geklickt habe, kam die Fehlermeldung “Diese Datei kann nicht heruntergeladen / angezeigt werden”. Nach intensiver Suche im Internet fand ich dann Hinweise, dass es evtl. mit MIME types und der Apache Konfiguration zu tun haben könnte.

Lösung:

  1. Video für iPhone / iPod Touch encodieren (Compressor, Quicktime, Adobe Media Encoder, …)
  2. Video auf dem Gerät testen! (zur iTunes Library hinzufügen, aufs iPhone spielen und anschauen)
  3. Video auf den Webserver hochladen
  4. sicherstellen, dass folgende Zeile in der Apache Konfiguration bzw. in einer .htaccess Datei drin steht:
AddType video/mp4 mp4 mp4v mpg4 m4v

Das war’s, nun sollten .mp4 Videos vom Webserver als progressive Downloads (wieder) auf dem iPhone angezeigt werden können.

I’m using iPhone OS 3.x on my iPhone and recently i had problems to get my .mp4 files displayed in mobile Safari. I tried different settings for encoding the files but not a single one worked. When i clicked the link to the .mp4 file in mobile Safari, all i got was the “file can’t get downloaded” error. After some googling i found a clue that it might has something to do with MIME types and the apache server hosting the videos.

Solution:

  1. encode your videos for iPhone / iPod Touch (Compressor, Quicktime, Adobe Media Encoder, …)
  2. test them on the device (add the video to your iTunes library and upload it to your iPhone and watch it!)
  3. upload the video to your webserver
  4. make sure you have the following line in your apache config or in a .htaccess file in your directory on your webserver:
AddType video/mp4 mp4 mp4v mpg4 m4v

That’s it, now progressively watching .mp4 videos from your webserver on your iPhone should work (again).

How to hide a worpress instance behind a different apache server with mod_rewrite

I had the need to move my blog running wordpress 2.0.x to a different server, but keeping the domain name on the “old” server. I used mod_rewrite and with a lot of trial and error and some updates i finally got this working solution:
Read More »

Ubuntu: networking tip

I upgraded one server to new hardware by changing the complete HP machine, but using my harddrive from the “old” server. As these two machines are almost identically, except for the processor (dual core now) this should have worked like a charm – and it did! (almost)

I rebooted on the new hardware, all services and serves came up, no problems so far. But when i tried to ping some other machine, this didn’t work 🙁

I checked /var/log/messages and the onboard Broadcom Interface showed up as eth1, but i was not able to start it. When i ran $ sudo /etc/init.d/networking restart i got some error messages like:

SIOCSIFADDR: No such device eth1
eth1: ERROR while getting interface flags: No such device

No clue what went wrong, i googled a lot and finally i stumbled upon this forum entry: http://ubuntuforums.org/showthread.php?t=221768

Then i ran: $ ifconfig -a
and got a list with my network interfaces and more importantly with it’s MAC address.

Then i edited /etc/iftab and changed the MAC address of the old hardware to the new onboard interface’s MAC address.

restart the networking with $ sudo /etc/init.d/networking restart

YESS, it works!

Ubuntu Server insecurity?

i just found out that my Ubuntu Server 6.10 has login shells for almost all users set in the /etc/passwd file!

That’s a very bad idea because this maybe enabled someone to install “Data Cha0s Back Backdoor” on my machine 🙁

I checked this with 2 other fresh Ubuntu Server 6.10 installations and both had the login shells for users like daemon, mail, www-data and so on. Especially www-data should not have a chance to create a shell in my opinion!

So i changed /bin/sh to /usr/sbin/nologin and hope this makes it a bit more secure.

Sprache ändern

Categories

Archives