David Samaniego i Casademont

Estic provant un soft per monitorar xarxes que pinta molt i molt bé, demoment us passo un script d’instal.lació per ubuntu….

#!/bin/bash

# Icinga Ubuntu Server Post-install Script
# Ezra Bowden
# blog.kyodium.net
# Sept 5, 2011
# Updated: Jan 04, 2012

# Starts with a base server installation, no packages/groups added during OS installation.

# Running this script as root (sudo sh <scriptname>) against a base server install should
# have you up and running without any additional fiddling around. Let me know if you see a better way
# to do this, or any glaring errors.

# Tested versions:
# Ubuntu Server: 10.10/11.04/11.10
# Icinga: 1.5.0/1.5.1/1.6.0/1.6.1

# VARIABLES
PARAMETERS=”[-d|--debug] [--help] [-v|--version <version>] [--plugin-version <version>] [--enable-ssl] [--email <email address>] [--db-address <database ip address>]”
DEBUG=0
SSL=0
DB_ADDRESS=127.0.0.1  # Default is localhost, change this if database is hosted on a separate machine.
APTCMD=”apt-get install -y”
ICINGA_VER=”1.5.0″
PLUGIN_VER=”1.4.15″

# NOTE: If installing ssl then verify the additional ssl packages (under INSTALLING PACKAGES heading).
PACKAGES=”apache2 build-essential libgd2-xpm-dev libjpeg62 libjpeg62-dev libpng12-0 libpng12-dev”

# PARAMETER CHECK
while [ $# -gt 0 ]; do    # Until you run out of parameters …
case “$1″ in
-d|–debug)
# “-d” or “–debug” parameter?
DEBUG=1
APTCMD=`echo “$APTCMD” | sed ‘/.*/ s/[ ]-y//’`
;;
–enable-ssl)
SSL=1
;;
–email)
shift
EMAIL=”$1″
;;
–db-address)
shift
DB_ADDRESS=”$1″
;;
-v|–version)
shift
ICINGA_VER=”$1″
;;
–plugin-version)
shift
PLUGIN_VER=”$1″
;;
*)
echo “\n”
echo “Usage: `basename $0` $PARAMETERS”
echo “\n”
echo “Running this script as root \(sudo sh `basename $0`\) against a base 10.10 server install should”
echo “have you up and running without any additional fiddling around. Let me know if you see a better way”
echo “to do this, or any glaring errors.”
echo “\n”
exit 0
;;
esac
shift       # Check next set of parameters.
done

# VARIABLES
# Set variables that might be changed by calling parameters
# Tarball download URLs
ICINGA_URL=”https://downloads.sourceforge.net/project/icinga/icinga/$ICINGA_VER/icinga-$ICINGA_VER.tar.gz”
PLUGINS_URL=”https://downloads.sourceforge.net/project/nagiosplug/nagiosplug/$PLUGIN_VER/nagios-plugins-$PLUGIN_VER.tar.gz”

# Icinga directory name
ICINGA_DIR=`echo “$ICINGA_URL” | sed ‘s/^\(.*\)\/\(.*\)\(\.tar\.gz\)/\2/’`

# VERIFY DOWNLOAD URLS
if [ "$DEBUG" = 1 ]; then read -p “[Press Enter to continue]” null; fi
echo “\n\n”
echo “——— VERIFYING DOWNLOAD URLS ———”

verifyURL ()
{
# Verify URLs
wget –spider -S $1

if [ $? -ne 0 ]; then
echo “URL verification failed:”
echo “$1″
echo “”
echo “There was a problem verifying the file download URL.”
echo “Please check that the URL above is correct in the script and try again.”
echo “”
echo “Installation Aborted.”
exit
else
echo “URL verification succeeded:”
echo “$1″
fi
echo “\n\n”
}

verifyURL $ICINGA_URL
verifyURL $PLUGINS_URL

if [ "$DEBUG" = 1 ]; then read -p “[Press Enter to continue]” null; fi
echo “\n\n”
echo “——— INSTALLING PACKAGES ———”

# Install ssl if specified.
if [ $SSL = 1 ]; then
PACKAGES=”$PACKAGES openssl libssl-dev”
fi

$APTCMD $PACKAGES

if [ "$DEBUG" = 1 ]; then read -p “[Press Enter to continue]” null; fi
echo “\n\n”
echo “——— INSTALLING MYSQL ———”
RELEASE=`lsb_release -rs`
if [ "$RELEASE" \< "11.10" ]; then
# pre 11.10 packages
PACKAGES=”mysql-server mysql-client libdbi0 libdbi0-dev libdbd-mysql”
else
# post 11.10 packages
PACKAGES=”mysql-server mysql-client libdbi1 libdbi-dev libdbd-mysql”
fi
$APTCMD $PACKAGES

if [ "$DEBUG" = 1 ]; then read -p “[Press Enter to continue]” null; fi
echo “\n\n”
echo “——— ADDING USER/GROUPS ———”
useradd -m icinga
echo “\a\a”
echo “!!!!!!!!!!     The next password prompt is for the system icinga user.     !!!!!!!!!!”
echo “\n”
passwd icinga
groupadd icinga-cmd
usermod -a -G icinga-cmd icinga
usermod -a -G icinga-cmd www-data

if [ "$DEBUG" = 1 ]; then read -p “[Press Enter to continue]” null; fi
echo  “\n\n”
echo “——— DOWNLOADING ICINGA ———”
cd /usr/src
FILE=`echo “$ICINGA_URL” | sed ‘s/^\(.*\)\/\(.*\)\(\.tar\.gz\)/\2\3/’`
if [ -e $FILE ]; then
echo “Local copy of $FILE exists, Skipping download.”
else
wget “$ICINGA_URL”
fi

echo “Extracting $FILE…”
tar -xzvf $FILE
#cd `echo “$FILE” | sed ‘s/^\(.*\)\(\.tar\.gz\)/\1/’`
cd $ICINGA_DIR

if [ "$DEBUG" = 1 ]; then read -p “[Press Enter to continue]” null; fi
echo  “\n\n”
echo “——— INSTALLING ICINGA ———”

CONF=”./configure –with-command-group=icinga-cmd –enable-idoutils”
if [ $SSL = 1 ]; then
CONF=”$CONF –enable-ssl”
fi

$CONF
make all
make fullinstall
make install-config

if [ "$DEBUG" = 1 ]; then read -p “[Press Enter to continue]” null; fi
echo “\n\n”
echo “——— CONFIGURING ICINGA ———”
#Change email to the address you’d like to receive alerts.

while [ -z "$EMAIL" ]; do
echo “\n\n”
echo “\a\a”
read -p “Enter the email address you want to receive icinga alerts: ” EMAIL
done

sed -i ‘s/\(.*\)icinga@localhost\(.*;\).*/\1′$EMAIL’\2/’ /usr/local/icinga/etc/objects/contacts.cfg # replace email address with $EMAIL

cd /usr/local/icinga/etc/
mv idomod.cfg-sample idomod.cfg
mv ido2db.cfg-sample ido2db.cfg
mv modules/idoutils.cfg-sample modules/idoutils.cfg

if [ $SSL = 1 ]; then
# Make changes to idoutils config files:

#   idomod.cfg
#    use_ssl=1
#    output_type=tcpsocket
#    output=127.0.0.1 (your database address if not on localhost)

sed -i ‘/^use_ssl=0/ s/0/1/’ idomod.cfg   # set use_ssl=1
sed -i ‘/output_type=tcpsocket/ s/^#//’ idomod.cfg # uncomment output_type=tcpsocket
sed -i ‘/^output_type=unixsocket/ s//#&/’ idomod.cfg # comment output_type=unixsocket
sed -i ‘/^output=.*ido.sock/ s//#&/’ idomod.cfg  # comment output=/usr/local/icinga/var/ido.sock
sed -i ‘/output=127.0.0.1/ s/^#//’ idomod.cfg  # uncomment this line
sed -i ‘s/\(^output\=\).*/\1′$DB_ADDRESS’/’ idomod.cfg # replace localhost address with $DB_ADDRESS

#   ido2db.cfg
#    use_ssl=1
#    socket_type=tcp

sed -i ‘/^use_ssl=0/ s/0/1/’ ido2db.cfg   # set use_ssl=1
sed -i ‘/socket_type=tcp/ s/^#//’ ido2db.cfg  # uncomment socket_type=tcp
sed -i ‘/^socket_type=unix/ s//#&/’ ido2db.cfg  # comment socket_type=unix
sed -i ‘s/\(^db_host\=\).*/\1′$DB_ADDRESS’/’ idomod.cfg # replace localhost address with $DB_ADDRESS
fi

if [ "$DEBUG" = 1 ]; then read -p “[Press Enter to continue]” null; fi
echo “\n\n”
echo “——— CONFIGURING MYSQL ———”
# MySQL icinga DB and user. Create idoutils tables.
echo “\a\a”
echo “!!!!!!!!!!     The next two password prompts are for the MySQL root password you set previously.     !!!!!!!!!!”
echo “\n”
start mysql
mysql -u root -p <<HERE
CREATE DATABASE icinga;
GRANT USAGE ON *.* TO ‘icinga’@'localhost’ IDENTIFIED BY ‘icinga’ WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0;
GRANT SELECT , INSERT , UPDATE , DELETE ON icinga.* TO ‘icinga’@'localhost’;
FLUSH PRIVILEGES;
quit
HERE
#mysql -u root -p icinga < /usr/src/icinga-1.5.0/module/idoutils/db/mysql/mysql.sql
mysql -u root -p icinga < /usr/src/$ICINGA_DIR/module/idoutils/db/mysql/mysql.sql

if [ "$DEBUG" = 1 ]; then read -p “[Press Enter to continue]” null; fi
echo “\n\n”
echo “——— INSTALLING CLASSIC INTERFACE ———”
cd /usr/src/$ICINGA_DIR
make cgis
make install-cgis
make install-html

# Install classic web config in apache conf.d directory:
make install-webconf

# Create icingaadmin account for logging into the classic web interface.
echo “\a\a”
echo “!!!!!!!!!!     The password prompt below is to set the web UI icingaadmin password.     !!!!!!!!!!”
echo “\n”
htpasswd -c /usr/local/icinga/etc/htpasswd.users icingaadmin

# Restart apache to apply new settings:
sudo service apache2 restart

if [ "$DEBUG" = 1 ]; then read -p “[Press Enter to continue]” null; fi
echo “\n\n”
echo “——— INSTALLING NAGIOS PLUGINS ———”
cd /usr/src
FILE=`echo “$PLUGINS_URL” | sed ‘s/^\(.*\)\/\(.*\)\(\.tar\.gz\)/\2\3/’`
if [ -e $FILE ]; then
echo “Local copy of $FILE exists, Skipping download.”
else
wget “$PLUGINS_URL”
fi
echo “Extracting…”
tar -xzvf “$FILE”
cd `echo “$FILE” | sed ‘s/^\(.*\)\(\.tar\.gz\)/\1/’`

./configure –prefix=/usr/local/icinga –with-cgiurl=/icinga/cgi-bin –with-htmurl=/icinga –with-nagios-user=icinga –with-nagios-group=icinga
make
make install

if [ "$DEBUG" = 1 ]; then read -p “[Press Enter to continue]” null; fi
echo “\n\n”
echo “——— STARTING SERVICES ———”
# Verify config file:
/usr/local/icinga/bin/icinga -v /usr/local/icinga/etc/icinga.cfg
service ido2db start
service icinga start

if [ "$DEBUG" = 1 ]; then read -p “[Press Enter to continue]” null; fi
echo “\n\n”
echo “——— CONFIGURING SERVICE STARTUP ———”
update-rc.d ido2db defaults
update-rc.d icinga defaults

echo “\n\n”
echo “——— INSTALLATION COMPLETE ———”
echo “\a\a”
echo “go to http://`ifconfig  | grep ‘inet addr:’| grep -v ’127.0.0.1′ | cut -d: -f2 | awk ‘{ print $1}’`/icinga”
echo “and verify that Icinga is working. Use the login details below.”
echo “login: icingaadmin”
echo “password: <the password you set during installation>”
echo “\n”
read -p “[Press Enter to continue]” null
echo “\n\n”

No fa gaire aquesta coneguda marca americana ha tret al mercat unes càmeres ip megapixel a un preu revolucionari per les prestacions que donen… el software es gratuït i compatible amb Linux.

Hi ha el software que es diu Airvision i el Airvision-nvr, aquest ultim transforma el pc amb un gravador. Per instal·lar-ho es senzill gràcies als repositoris d’ubiquiti.

Afegim el repositori:

nano /etc/apt/sources.list

deb http://www.ubnt.com/downloads/airvision/apt natty ubiquiti

Ens baixem la key

wget -O – http://www.ubnt.com/downloads/airvision/apt/airvision.gpg.key | sudo apt-key add -

sudo apt-get update

sudo apt-get upgrade

sudo apt-get install airvision  (soft cams)

sudo apt-get install airvision-nvr (soft grabacio)

Ja hi podem accedir amb la ip del server:7443

Salut   !!!!

Tenim disponible gratuitament el software de control dels nostres dispositius Ubiquiti, us deixo les passes a seguir per la seva instal.lació en un Linux debian/ubuntu

apt-get update
aptitude update
aptitude install java6-runtime-headless
aptitude install jsvc
cd /tmp
descarreguem el software: wget (wget http://www.ubnt.com/downloads/aircon…3-beta_all.deb) l’adressa fiquem l’actual, es pot mirar al seguent post per quina versió van http://forum.ubnt.com/showpost.php?p=177840&postcount=1
instalem amb dpkg (dpkg -i aircontrol_1.3.3-beta_all.deb)

Ja el tenim muntat i a punt per fer-lo anar amb la ip del server:9080

Salut !

Aquest cap de setmana he estat de proves amb dos sistemes de monitorat, per un costat el dude de mikrotik molt bona eina per monitorar les nostres rb’s i guardar log’s en el servidor. El nagios es una eina molt potent que podeu posar en marxa seguint un petit manualillu … http://www.ajpdsoft.com/modules.php?name=News&file=article&sid=344

Salut !!!

Si t’interessa tenir la les comandes de configuració amb un fitxer visible per poder fer un cop d’ull, es pot fer de la següent manera:

backup
export file=configuracio.rsc

restore
import file=configuracio.rsc

Si ! i després diuen que hi ha crisi !

Hi ha notícies que hem deixen indiferent, però aquesta m’ha deixat de pedra. Fa més d’un any que estic desplegant guifi.net a bona part de l’alt empordà inclòs Figueres. Tot això gràcies a particulars i empreses que apadrinen el material.

Enlloc d’ampliar la xarxa existent, que amb pocs diners aviat estaria feta i cobriria el 99% de la ciutat, prefereixen fer una de nova i cobrir tansols algunes places de la ciutat amb un internet limitat.

VISCA ELS NOSTRES POLÍTICS ! per malgastar els diners tots el partits polítics hi donen suport !  http://www.elpunt.cat/noticia/article/3-politica/17-politica/439379.html

Per cert, tot això passa després del gran fracàs de Girona i la seva wifi que ara la treuen a concurs !!  http://www.diaridegirona.cat/girona/2011/02/05/girona-oferira-internet-franc-traves-duna-xarxa-wi-tota-ciutat/463295.html

Salut !!!

A vegades ens ha passat que volem fer un scan a una wlan d’una rb de mikrotik, i ens trobem que si la fem a l’estil tradicional des del winbox, ens quedem fora i es talla perquè no tenim redundància.

Doncs ja ho podem fer tranquilament per telnet de la seguent manera:

interface wireless scan duration=6 wlan1 freeze-frame-interval=2

Aqui ho teniu per defecte a la wlan1, si voleu fer d’una altre tansols ho heu de canviar.

Salut !

Si necessitem que s’executi el servidor dude automàticament….

cd /etc/rc5.d/

sudo nano script.sh (on hi posem l’accés al dude, per exemple el meu es: env WINEPREFIX=”/home/david/.wine” wine “C:\Program Files\Dude\dude.exe”

ln -s script.sh S99dude (creen l’enllaç simbòlic i li donem permisos d’execució)

Ara, cada cop que reiniciem la maquina, l’engegarà automàticament…

Salut !

Un dels problemes d’Ubuntu, es que la contrasenya de root es aleatòria per defecte, i a vegades ens complica una mica la vida….

Podem canviar-la i posar una de nostra per defecte….

sudo su

passwd root

i li posem la nova

Amb el codi seguent fem el nat d’un rang privat de 192.168.1.0 al ether 1 d’una rb mikrotik, tansols heu de canviar-hi la gateway que esta en vermell,per la vostra…

# Device has firewall (setting up as CPE)
/ip route add gateway=10.140.91.1
/interface ethernet set ether1 arp=proxy-arp
/ip address
:foreach i in [find address="192.168.1.1/24"] do={remove $i}
/ip address add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=ether1 comment=”" disabled=no
:delay 1
/ip pool
:foreach i in [find name=private] do={remove $i}
add name=”private” ranges=192.168.1.100-192.168.