The Icacls.exe utility is available for Windows Server 2003 SP 2
Currently, you can use the Xcacls.exe utility, the Cacls.exe utility, and the Xcacls.vbs utility to modify NTFS permissions in Windows Server 2003. The Icacls.exe utility is an alternative option for modifying NTFS permissions. The Icacls.exe utility resolves various issues that occur when you use the existing utilities.
The Icacls.exe utility is included in Windows Vista and in Windows Server 2003 SP2.
Back to the topMORE INFORMATION
Syntax for the Icacls.exe utility
To see the following syntax information, type icacls.exe /? at a command prompt.
ICACLS name /save aclfile [/T] [/C]
store the acls for all matching names into aclfile for
later use with /restore.
ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile [/C]
applies the stored acls to files in directory.
ICACLS name /setowner user [/T] [/C]
changes the owner of all matching names.
ICACLS name /findsid Sid [/T] [/C]
finds all matching names that contain an ACL
explicitly mentioning Sid.
ICACLS name /verify [/T] [/C]
finds all files whose ACL is not in canonical form or whose
lengths are inconsistent with ACE counts.
ICACLS name /resize [/T] [/C] [/L]
changes incorrect recorded lengths of ACLs to true lengths.
ICACLS name /reset [/T] [/C]
replaces acls with default inherited acls for all matching files.
ICACLS name [/grant[:r] Sid:perm[...]]
[/deny Sid:perm [...]]
[/remove[:g|:d]] Sid[...]] [/T] [/C]
/grant[:r] Sid:perm grants the specified user access rights. With :r,
the permissions replace any previously granted explicit permissions.
Without :r, the permissions are added to any previously granted
explicit permissions.
/deny Sid:perm explicitly denies the specified user access rights.
An explicit deny ACE is added for the stated permissions and
the same permissions in any explicit grant are removed.
/remove[:[g|d]] Sid removes all occurrences of Sid in the acl. With
:g, it removes all occurrences of granted rights to that Sid. With
:d, it removes all occurrences of denied rights to that Sid.
Note:
Sids may be in either numeric or friendly name form. If a numeric
form is given, affix a * to the start of the SID.
/T indicates that this operation is performed on all matching
files/directories below the directories specified in the name.
/C indicates that this operation will continue on all file errors.
Error messages will still be displayed.
ICACLS preserves the canonical ordering of ACE entries:
Explicit denials
Explicit grants
Inherited denials
Inherited grants
perm is a permission mask and can be specified in one of two forms:
a sequence of simple rights:
F - full access
M - modify access
RX - read and execute access
R - read-only access
W - write-only access
a comma-separated list in parentheses of specific rights:
D - delete
RC - read control
WDAC - write DAC
WO - write owner
S - synchronize
AS - access system security
MA - maximum allowed
GR - generic read
GW - generic write
GE - generic execute
GA - generic all
RD - read data/list directory
WD - write data/add file
AD - append data/add subdirectory
REA - read extended attributes
WEA - write extended attributes
X - execute/traverse
DC - delete child
RA - read attributes
WA - write attributes
inheritance rights may precede either form and are applied
only to directories:
(OI) - object inherit
(CI) - container inherit
(IO) - inherit only
(NP) - don't propagate inherit
Examples:
icacls c:\windows\* /save AclFile /T
- Will save the ACLs for all files under c:\windows
and its subdirectories to AclFile.
icacls c:\windows\ /restore AclFile
- Will restore the Acls for every file within
AclFile that exists in c:\windows and its subdirectories
icacls file /grant Administrator:(D,WDAC)
- Will grant the user Administrator Delete and Write DAC
permissions to file
icacls file /grant *S-1-1-0:(D,WDAC)
- Will grant the user defined by sid S-1-1-0 Delete and
Write DAC permissions to file
Other available utilities to modify NTFS permissions
For more information about other utilities that you can use to modify NTFS permissions, click the following article numbers to view the articles in the Microsoft Knowledge Base:
How to use Xcacls.vbs to modify NTFS permissions
Note Xcacls.vbs is only compatible with Microsoft Windows 2000, with Microsoft Windows XP, and with Microsoft Windows Server 2003. Xcacls.vbs is not supported by Microsoft.
Set Up and Use Xcacls.vbs
To set up and to use Xcacls.vbs, follow these steps:
- Obtain the latest version of Xcacls.vbs from the following Microsoft Web site:
- Double-click Xcacls_Installer.exe. When you are prompted for a location to place the extracted files, specify a folder that is in your computer’s search-path setting, such as C:\Windows.
- Change the default scripting engine from Wscript to Cscript. (The Xcacls.vbs script works best in Cscript.) To do this, type the following at a command prompt, and then press ENTER:
cscript.exe /h:cscript
Note Changing the default scripting engine to Cscript only affects how scripts write to the screen. Wscript writes each line individually to an OK dialog box. Cscript writes each line to the command window. If you do not want to change the default scripting engine, you must run the script by using the following command
cscript.exe xcacls.vbswhereas if you change the default to Cscript, you can run the script with the following command:
xcacls.vbs.
- To see the Xcacls.vbs command syntax, type the following at a command prompt:
xcacls.vbs /?
Syntax for the Xcacls.vbs Command
The following output of the xcacls.vbs /? command describes the Xcacls.vbs command syntax:
Usage:
XCACLS filename [/E] [/G user:perm;spec] [...] [/R user [...]]
[/F] [/S] [/T]
[/P user:perm;spec [...]] [/D user:perm;spec] [...]
[/O user] [/I ENABLE/COPY/REMOVE] [/N
[/L filename] [/Q] [/DEBUG]
filename [Required] If used alone, it displays ACLs.
(Filename can be a filename, directory name or
wildcard characters and can include the whole
path. If path is missing, it is assumed to be
under the current directory.)
Notes:
- Put filename in quotes if it has spaces or
special characters such as &, $, #, etc.
- If filename is a directory, all files and
subdirectories under it will NOT be changed
unless the /F or S is present.
/F [Used with Directory or Wildcard] This will change all
files under the inputted directory but will NOT
traverse subdirectories unless /T is also present.
If filename is a directory, and /F is not used, no
files will be touched.
/S [Used with Directory or Wildcard] This will change all
subfolders under the inputted directory but will NOT
traverse subdirectories unless /T is also present.
If filename is a directory, and /S is not used, no
subdirectories will be touched.
/T [Used only with a Directory] Traverses each
subdirectory and makes the same changes.
This switch will traverse directories only if the
filename is a directory or is using wildcard characters.
/E Edit ACL instead of replacing it.
/G user:GUI Grant security permissions similar to Windows GUI
standard (non-advanced) choices.
/G user:Perm;Spec Grant specified user access rights.
(/G adds to existing rights for user)
User: If User has spaces in it, enclose it in quotes.
If User contains #machine#, it will replace
#machine# with the actual machine name if it is a
non-domain controller, and replace it with the
actual domain name if it is a domain controller.
New to 3.0: User can be a string representing
the actual SID, but MUST be lead by SID#
Example: SID#S-1-5-21-2127521184-160...
(SID string shown has been shortened)
(If any user has SID# then globally all
matches must match the SID (not name)
so if your intention is to apply changes
to all accounts that match Domain\User
then do not specify SID# as one of the
users.)
GUI: Is for standard rights and can be:
Permissions...
F Full control
M Modify
X read and eXecute
L List folder contents
R Read
W Write
Note: If a ; is present, this will be considered
a Perm;Spec parameter pair.
Perm: Is for "Files Only" and can be:
Permissions...
F Full control
M Modify
X read and eXecute
R Read
W Write
Advanced...
D Take Ownership
C Change Permissions
B Read Permissions
A Delete
9 Write Attributes
8 Read Attributes
7 Delete Subfolders and Files
6 Traverse Folder / Execute File
5 Write Extended Attributes
4 Read Extended Attributes
3 Create Folders / Append Data
2 Create Files / Write Data
1 List Folder / Read Data
Spec is for "Folder and Subfolders only" and has the
same choices as Perm.
/R user Revoke specified user's access rights.
(Will remove any Allowed or Denied ACL's for user.)
/P user:GUI Replace security permissions similar to standard choices.
/P user:perm;spec Replace specified user's access rights.
For access right specification see /G option.
(/P behaves like /G if there are no rights set for user.)
/D user:GUI Deny security permissions similar to standard choices.
/D user:perm;spec Deny specified user access rights.
For access right specification see /G option.
(/D adds to existing rights for user.)
/O user Change the Ownership to this user or group.
/I switch Inheritance flag. If omitted, the default is to not touch
Inherited ACL's. Switch can be:
ENABLE - This will turn on the Inheritance flag if
it is not on already.
COPY - This will turn off the Inheritance flag and
copy the Inherited ACL's
into Effective ACL's.
REMOVE - This will turn off the Inheritance flag and
will not copy the Inherited
ACL's. This is the opposite of ENABLE.
If switch is not present, /I will be ignored and
Inherited ACL's will remain untouched.
/L filename Filename for Logging. This can include a path name
if the file is not under the current directory.
File will be appended to, or created if it does not
exit. Must be Text file if it exists or error will occur.
If filename is omitted, the default name of XCACLS will
be used.
/Q Turn on Quiet mode. By default, it is off.
If it is turned on, there will be no display to the screen.
/DEBUG Turn on Debug mode. By default, it is off.
If it is turned on, there will be more information
displayed and/or logged. Information will show
Sub/Function Enter and Exit as well as other important
information.
/SERVER servername Enter a remote server to run script against.
/USER username Enter Username to impersonate for Remote Connections
(requires PASS switch). Will be ignored if it is for a Local Connection.
/PASS password Enter Password to go with USER switch
(requires USER switch).
Wildcard characters can be used to specify more than one file in a command, such as:
* Any string of zero or more characters
? Any single character
You can specify more than one user in a command.
You can combine access rights.
Use Xcacls.vbs to View Permissions
You can also use Xcacls.vbs to view permissions for files or folders. For example, if you have a folder that is named C:\Test, type the following at a command prompt to view the folder permissions, and then press ENTER:
The following example is a typical result:
C:\>XCACLS.VBS c:\test
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
Starting XCACLS.VBS (Version: 3.4) Script at 6/11/2003 10:55:21 AM
Startup directory:
"C:\test"
Arguments Used:
Filename = "c:\test"
**************************************************************************
Directory: C:\test
Permissions:
Type Username Permissions Inheritance
Allowed BUILTIN\Administrators Full Control This Folder, Subfolde
Allowed NT AUTHORITY\SYSTEM Full Control This Folder, Subfolde
Allowed Domain1\User1 Full Control This Folder Only
Allowed \CREATOR OWNER Special (Unknown) Subfolders and Files
Allowed BUILTIN\Users Read and Execute This Folder, Subfolde
Allowed BUILTIN\Users Create Folders / Appe This Folder and Subfo
Allowed BUILTIN\Users Create Files / Write This Folder and Subfo
No Auditing set
Owner: Domain1\User1
Note The output of the xcacls.vbs c:\test command in this example matches the text that is shown in the graphical user interface (GUI). Some words are incomplete in the command window.
The output also gives the version of the script, the startup directory, and the arguments that were used.
You can also use wildcard characters to display matching files under the directory. For example, if you type the following, all files with an extension of “.log” that are in the C:\Test folder are displayed:
Examples
The following Xcacls.vbs commands provide some examples of Xcacls.vbs usage.
xcacls.vbs c:\test\ /g domain\testuser1:f /f /t /e
xcacls.vbs c:\test\ /g domain\testuser1:f /s /l “c:\xcacls.log”
xcacls.vbs c:\test\readme.txt /o “machinea\group1″
xcacls.vbs c:\test\badcode.exe /r “machinea\group1″ /r “domain\testuser1″
xcacls.vbs c:\test\subdir1 /i enable /q
xcacls.vbs \\servera\sharez\testpage.htm /p “domain\group2″:14
xcacls.vbs d:\default.htm /g “domain\group2″:f /server servera /user servera\admin /pass password /e
REFERENCES
INSTALL Monit for Monitor System
I/INTRO
Monit is a free open source util ity for man ag ing and mon i tor ing, processes, files, direc to ries and filesys tems on a UNIX sys tem. Monit con ducts auto matic main te nance and repair and can exe cute mean ing ful causal actions in error situations.
II/INSTALL
Step 1:Install monit
#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6 – 1.el5.rf.i386.rpm
#rpm –Uvh rpmforge-release-0.3.6 – 1.el5.rf.i386.rpm
#yum install monit
#chk con fig –lev els 235 monit on
Step 2:Config Monit
edit /etc/moni.d/monitrc
set daemon 60
set logfile syslog facility log_daemon
set mailserver localhost #mail server
set mail-format { from: monit@server1.example.com }
set alert root@localhost #alert to admin with email adrress root@localhost
set httpd port 2812 and
SSL ENABLE
PEMFILE /var/certs/monit.pem
allow admin:test
some fea tures exam ple of monit
*check host CUIBAP with address 19.16.12.32
if failed icmp type echo with time out 20 sec onds then alert
(check host if over 20 sec ond it will alert mail to admin)
*check host CONHEO with address 132.163.193.3
if failed port 25 with time out 30 sec onds then alert
(check Ser vice SMTP if over 30 sec ond it will alert mail to admin)
*check process sshd with pid file /var/run/sshd.pid
start pro gram “/etc/init.d/sshd start“
stop pro gram “/etc/init.d/sshd stop“
if failed port 22 pro to col ssh then restart
if failed port 22 pro to col ssh then alert
if 5 restarts within 5 cycles then time out
(check Ser vice SSH if it down monit auto start only run in localhost)
Step 3:access monit via web mail port 2812
copy from conheotiensinh
pfSense is a FreeBSD-based fire wall tai lored for use as a fire wall and router. The project started in 2004 as a fork of the m0n0wall project, but focused towards full PC instal la tions rather than the embed ded hard ware focus of m0n0wall.
Com mon Deployments
Although mainly deployed as a perime ter fire wall, pfSense is ver sa tile enough to fill many types of deploy ments. Here is a short list of com mon deployments:
- Perime ter Fire wall — As dis cused ear lier, this is by far the most com mon deploy ment for pfSense.
- Router — Due to the abil ity to load bal ance con nec tions and pro vide failover capa bil i ties, pfSense makes for an ideal choice for a DIY Router for the SMB market.
- Wire less Access Point — With the abil ity of Cap tive Por tal within it, pfSense can eas ily be deployed as a wire less hotspot solution.
- Spe cial pur pose appli ance — Some users have decided to uti lize pfSense in a unique way to help ful fill their unique needs.
- VPN Appli ance
- Snif fer Appliance
- Ded i cated DHCP server
- Ded i cated DNS server
Fea tures
pfSense includes almost all the fea tures in expen sive com mer cial fire walls, and more in many cases. Here is a list of fea tures taken from the pfSense Fea tures page.
- Fire wall
- State Table
- NAT
- Redun dancy
- CARP- CARP from OpenBSD allows for hard ware failover. Two or more fire walls can be con fig ured as a failover group. If one inter face fails on the pri mary or the pri mary goes offline entirely, the sec ondary becomes active. pfSense also includes con fig u ra tion syn chro niza tion capa bil i ties, so you make your con fig u ra tion changes on the pri mary and they auto mat i cally syn chro nize to the sec ondary firewall.
- pfsync — pfsync ensures the firewall’s state table is repli cated to all failover con fig ured fire walls. This means your exist ing con nec tions will be main tained in the case of fail ure, which is impor tant to pre vent net work disruptions.
- Out bound and Inbound load balancing
- VPN — IPsec, Open VPN, PPTP
- PPPoE Server
- RRD Graphs Reporting
- Real Time Infor ma tion — Using AJAX
- Dynamic DNS
- Cap tive portal
- DHCP Server and Relay
- Live CD Ver sion Avail able
II/INSTALL
Step 1:Install Pfsense from CD
Step 2:enable vlan or no(I choose “no”)
Step 3:enter the lan inter face name
Step 4:enter the wan inter face name
Step 5: enter
Step 6 type “y”
Step 7: setup ip adr ress as Dia gram
III/LOAD BALANCE WEB
Step 8:Set up Load Bal anc ing Pool
The first thing to do is cre ate a pool (Ser vices > Load Bal ancer > Add).
Step 9:Set up vir tual server
Adding a new Vir tual Server (Ser vices > Load bal ancer > Vir tual Servers > Add )
Step 10: Set up vir tual ip address
Adding a new Vir tual IP (Fire wall > Vir tual IPs > Add )
Step 11:Create Nat(Firewall > Nat > Add)
Note: open port 80 from Inter net access to 192.168.0.5 and 192.168.0.6
Step 12:Access to 
http://192.168.20.204/ and check sta tus load balance
Step 13:Disconnect 192.168.0.5 Access to http://192.168.20.204/ and check sta tus load balance
IV/CLUSTER FAILOVER
As LOAD bal ance but choose Failover
Besides pfsense can cre ate clus ter fail over fire wall and load bal ance outbound
Q. I’ve down loaded RRD Tool pack age called rrdtool-1.3.1.tar.gz. But ./configure com mand giv ing out lots of error mes sages. How do I install RRD Tool on Red Hat Enter prise Linux 5.x — 64 bit version?
A. RRD is the Acronym for Round Robin Data base. RRD is a sys tem to store and dis play time-series data (i.e. net work band width, machine-room tem per a ture, server load aver age). It stores the data in a very com pact way that will not expand over time, and it presents use ful graphs by pro cess ing the data to enforce a cer tain data den sity. It can be used either via sim ple wrap per scripts (from shell or Perl) or via fron tends that poll net work devices and put a friendly user inter face on it.
Installing RRD Tool on RHEL
In order to install RRD Tool on Red Hat Enter prise Linux / Cen tOS Linux 64 bit ver sion you need to install few devel op ment tools and libraries.
Step # 1: Install required dependencies
Login as root and type the fol low ing com mand:
# yum install cairo-devel libxml2-devel pango-devel pango libpng-devel freetype freetype-devel libart_lgpl-devel
Sam ple output:
Loading "rhnplugin" plugin Loading "security" plugin rhel-x86_64-server-vt-5 100% |=========================| 1.4 kB 00:00 rhn-tools-rhel-x86_64-ser 100% |=========================| 1.2 kB 00:00 rhel-x86_64-server-5 100% |=========================| 1.4 kB 00:00 Setting up Install Process Parsing package install arguments Package libxml2-devel - 2.6.26-2.1.2.1.x86_64 is already installed. Package libxml2-devel - 2.6.26-2.1.2.1.i386 is already installed. Package pango - 1.14.9-3.el5.i386 is already installed. Package pango - 1.14.9-3.el5.x86_64 is already installed. Package freetype - 2.2.1-20.el5_2.i386 is already installed. Package freetype - 2.2.1-20.el5_2.x86_64 is already installed. Resolving Dependencies --> Running transaction check ---> Package libart_lgpl-devel.x86_64 0:2.3.17-4 set to be updated ---> Package pango-devel.i386 0:1.14.9-3.el5 set to be updated --> Processing Dependency: libXft-devel for package: pango-devel --> Processing Dependency: libXrender-devel for package: pango-devel --> Processing Dependency: libXext-devel for package: pango-devel --> Processing Dependency: libX11-devel for package: pango-devel --> Processing Dependency: fontconfig-devel >= 2.0 for package: pango-devel ---> Package pango-devel.x86_64 0:1.14.9-3.el5 set to be updated ---> Package freetype-devel.x86_64 0:2.2.1-20.el5_2 set to be updated ---> Package libpng-devel.i386 2:1.2.10-7.1.el5_0.1 set to be updated ---> Package cairo-devel.x86_64 0:1.2.4-5.el5 set to be updated ---> Package libpng-devel.x86_64 2:1.2.10-7.1.el5_0.1 set to be updated ---> Package cairo-devel.i386 0:1.2.4-5.el5 set to be updated ---> Package libart_lgpl-devel.i386 0:2.3.17-4 set to be updated --> Processing Dependency: libart_lgpl_2.so.2 for package: libart_lgpl-devel ---> Package freetype-devel.i386 0:2.2.1-20.el5_2 set to be updated --> Running transaction check ---> Package libXrender-devel.i386 0:0.9.1-3.1 set to be updated --> Processing Dependency: xorg-x11-proto-devel for package: libXrender-devel ---> Package libXft-devel.i386 0:2.1.10-1.1 set to be updated ---> Package libX11-devel.i386 0:1.0.3-9.el5 set to be updated --> Processing Dependency: libXdmcp-devel for package: libX11-devel --> Processing Dependency: libXau-devel for package: libX11-devel ---> Package fontconfig-devel.i386 0:2.4.1-7.el5 set to be updated ---> Package libart_lgpl.i386 0:2.3.17-4 set to be updated ---> Package libXext-devel.i386 0:1.0.1-2.1 set to be updated --> Running transaction check ---> Package xorg-x11-proto-devel.i386 0:7.1-9.fc6 set to be updated --> Processing Dependency: mesa-libGL-devel for package: xorg-x11-proto-devel ---> Package libXdmcp-devel.i386 0:1.0.1-2.1 set to be updated ---> Package libXau-devel.i386 0:1.0.1-3.1 set to be updated --> Running transaction check ---> Package mesa-libGL-devel.i386 0:6.5.1-7.5.el5 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: libart_lgpl-devel x86_64 2.3.17-4 rhel-x86_64-server-5 21 k libart_lgpl-devel i386 2.3.17-4 rhel-x86_64-server-5 21 k pango-devel i386 1.14.9-3.el5 rhel-x86_64-server-5 280 k pango-devel x86_64 1.14.9-3.el5 rhel-x86_64-server-5 281 k Installing for dependencies: cairo-devel x86_64 1.2.4-5.el5 rhel-x86_64-server-5 131 k cairo-devel i386 1.2.4-5.el5 rhel-x86_64-server-5 130 k fontconfig-devel i386 2.4.1-7.el5 rhel-x86_64-server-5 168 k freetype-devel x86_64 2.2.1-20.el5_2 rhel-x86_64-server-5 151 k freetype-devel i386 2.2.1-20.el5_2 rhel-x86_64-server-5 151 k libX11-devel i386 1.0.3-9.el5 rhel-x86_64-server-5 665 k libXau-devel i386 1.0.1-3.1 rhel-x86_64-server-5 11 k libXdmcp-devel i386 1.0.1-2.1 rhel-x86_64-server-5 7.6 k libXext-devel i386 1.0.1-2.1 rhel-x86_64-server-5 57 k libXft-devel i386 2.1.10-1.1 rhel-x86_64-server-5 16 k libXrender-devel i386 0.9.1-3.1 rhel-x86_64-server-5 8.9 k libart_lgpl i386 2.3.17-4 rhel-x86_64-server-5 76 k libpng-devel i386 2:1.2.10-7.1.el5_0.1 rhel-x86_64-server-5 182 k libpng-devel x86_64 2:1.2.10-7.1.el5_0.1 rhel-x86_64-server-5 186 k mesa-libGL-devel i386 6.5.1-7.5.el5 rhel-x86_64-server-5 465 k xorg-x11-proto-devel i386 7.1-9.fc6 rhel-x86_64-server-5 247 k Transaction Summary ============================================================================= Install 20 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 3.2 M Is this ok [y/N]: Downloading Packages: (1/20): libXext-devel-1.0 100% |=========================| 57 kB 00:00 (2/20): freetype-devel-2. 100% |=========================| 151 kB 00:00 (3/20): libXau-devel-1.0. 100% |=========================| 11 kB 00:00 (4/20): libart_lgpl-devel 100% |=========================| 21 kB 00:00 (5/20): libart_lgpl-2.3.1 100% |=========================| 76 kB 00:00 (6/20): cairo-devel-1.2.4 100% |=========================| 130 kB 00:00 (7/20): libpng-devel-1.2. 100% |=========================| 186 kB 00:00 (8/20): cairo-devel-1.2.4 100% |=========================| 131 kB 00:00 (9/20): fontconfig-devel- 100% |=========================| 168 kB 00:00 (10/20): mesa-libGL-devel 100% |=========================| 465 kB 00:01 (11/20): libXdmcp-devel-1 100% |=========================| 7.6 kB 00:00 (12/20): libpng-devel-1.2 100% |=========================| 182 kB 00:00 (13/20): libX11-devel-1.0 100% |=========================| 665 kB 00:02 (14/20): freetype-devel-2 100% |=========================| 151 kB 00:00 (15/20): libXft-devel-2.1 100% |=========================| 16 kB 00:00 (16/20): pango-devel-1.14 100% |=========================| 281 kB 00:01 (17/20): pango-devel-1.14 100% |=========================| 280 kB 00:01 (18/20): libXrender-devel 100% |=========================| 8.9 kB 00:00 (19/20): libart_lgpl-deve 100% |=========================| 21 kB 00:00 (20/20): xorg-x11-proto-d 100% |=========================| 247 kB 00:01 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing: libart_lgpl ####################### [ 1/20] Installing: freetype-devel ####################### [ 2/20] Installing: fontconfig-devel ####################### [ 3/20] Installing: libpng-devel ####################### [ 4/20] Installing: libXau-devel ####################### [ 5/20] Installing: libart_lgpl-devel ####################### [ 6/20] Installing: libart_lgpl-devel ####################### [ 7/20] Installing: libpng-devel ####################### [ 8/20] Installing: freetype-devel ####################### [ 9/20] Installing: xorg-x11-proto-devel ####################### [10/20] Installing: libX11-devel ####################### [11/20] Installing: libXrender-devel ####################### [12/20] Installing: libXft-devel ####################### [13/20] Installing: cairo-devel ####################### [14/20] Installing: libXext-devel ####################### [15/20] Installing: pango-devel ####################### [16/20] Installing: pango-devel ####################### [17/20] Installing: libXdmcp-devel ####################### [18/20] Installing: mesa-libGL-devel ####################### [19/20] Installing: cairo-devel ####################### [20/20] Installed: libart_lgpl-devel.x86_64 0:2.3.17-4 libart_lgpl-devel.i386 0:2.3.17-4 pango-devel.i386 0:1.14.9-3.el5 pango-devel.x86_64 0:1.14.9-3.el5 Dependency Installed: cairo-devel.x86_64 0:1.2.4-5.el5 cairo-devel.i386 0:1.2.4-5.el5 fontconfig-devel.i386 0:2.4.1-7.el5 freetype-devel.x86_64 0:2.2.1-20.el5_2 freetype-devel.i386 0:2.2.1-20.el5_2 libX11-devel.i386 0:1.0.3-9.el5 libXau-devel.i386 0:1.0.1-3.1 libXdmcp-devel.i386 0:1.0.1-2.1 libXext-devel.i386 0:1.0.1-2.1 libXft-devel.i386 0:2.1.10-1.1 libXrender-devel.i386 0:0.9.1-3.1 libart_lgpl.i386 0:2.3.17-4 libpng-devel.i386 2:1.2.10-7.1.el5_0.1 libpng-devel.x86_64 2:1.2.10-7.1.el5_0.1 mesa-libGL-devel.i386 0:6.5.1-7.5.el5 xorg-x11-proto-devel.i386 0:7.1-9.fc6 Complete!
Step # 2: Down load lat est rrd tool tar ball
Type the fol low ing com mands:
# cd /opt/
# wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.3.1.tar.gz
Untar tar ball, enter:
# tar -zxvf rrdtool-1.3.1.tar.gz
Step #3: Com pile and install rrdtool
You need to set PKG_CONFIG_PATH, enter:
# export PKG_CONFIG_PATH=/usr/lib/pkgconfig/
Type the fol low ing com mands:
# ./configure
Sam ple output:
config.status: executing default-1 commands config.status: executing intltool commands config.status: executing default commands config.status: executing po/stamp-it commands checking in... and out again ordering CD from http://tobi.oetiker.ch/wish .... just kidding---------------------------------------------------------------- Config is DONE! With MMAP IO: yes Static programs: no Perl Modules: perl_piped perl_shared Perl Binary: /usr/bin/perl Perl Version: 5.8.8 Perl Options: PREFIX=/usr/local/rrdtool-1.3.1 LIB=/usr/local/rrdtool-1.3.1/lib/perl/5.8.8 Ruby Modules: Ruby Binary: no Ruby Options: sitedir=$(DESTDIR)NONE/lib/ruby Build Tcl Bindings: no Build Python Bindings: yes Build rrdcgi: yes Build librrd MT: yes Link with libintl: yes Libraries: -lxml2 -lcairo -lcairo -lcairo -lm -lcairo -lpng12 -lpangocairo-1.0 -lpango-1.0 -lcairo -lgobject-2.0 -lgmodule-2.0 -ldl -lglib-2.0 Type 'make' to compile the software and use 'make install' to install everything to: /usr/local/rrdtool-1.3.1. ... that wishlist is NO JOKE. If you find RRDtool useful make me happy. Go to http://tobi.oetiker.ch/wish and place an order. -- Tobi Oetiker ----------------------------------------------------------------
Now com pile and install RRD Tool on RHEL:
# make
# make install
# cd /usr/local/
# ln -s rrdtool-1.3.1/ rrdtool/
# cd rrdtool
# ls -l
How do I ver ify my installation?
Now RRD tool is installed and ready to use. You can go to /usr/local/rrdtool/share/rrdtool/examples/ direc tory and run them to see if your instal la tion has been suc cess ful or not:
# cd /usr/local/rrdtool/share/rrdtool/examples/
# ./stripes.pl
# ls -l
# cp stripes.png /var/www/html/
Fire a web browser and see a graph for your self by typ ing the fol low ing url:
http://your-domain.com/stripes.png
(Fig.01: Sam ple RRD Tool Graph)
Optional com pile time settings
By default RRD Tool will get installed at /usr/local/rrdtool-1.3.1/ direc tory. To change default instal la tion direc tory use fol low ing com mand:
# ./configure --prefix=/usr/local/rrdtool
# make install
To see all com pile con fig u ra tion option enter:
# ./configure --help
Cacti is a com plete fron tend to RRD Tool, it stores all of the nec es sary infor ma tion to cre ate graphs and pop u late them with data in a MySQL data base. The fron tend is com pletely PHP dri ven. Along with being able to main tain Graphs, Data Sources, and Round Robin Archives in a data base, cacti han dles the data gath er ing. There is also SNMP sup port for those used to cre at ing traf fic graphs with MRTG.
Cacti require ment:
MySQL
PHP
RRD Tool
net-snmp
php-snmp
Apache (com piled with php support)
MySQL con fig u ra tion for cacti:
[root:~]# mysql -uroot -p
Enter password:
mysql> create database cactidb;
mysql> grant all on cactidb.* to root;
mysql> grant all on cactidb.* to root@localhost;
mysql> grant all on cactidb.* to cactiuser;
mysql> grant all on cactidb.* to cactiuser@localhost;
mysql> set password for cactiuser@localhost=password('cactipw');
mysql> flush privileges;
mysql> exit
[root:~]#
RRD Tool Installation:
[root:~]# cd /usr/local/src/ [root:~]# wget http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/pub/rrdtool.tar.gz [root:~]# tar -zxf rrdtool.tar.gz [root:~]# cd rrdtool* [root:~]# ./configure [root:~]# make [root:~]# make install [root:~]# make site-perl-install [root:~]# cd .. [root:~]# rm -fr rrdtool* [root:~]#
Down load and setup cacti:
[root:~]# group-add cacti [root:~]# useradd -g cacti cactiuser
[root:~]# tar -zxvf cacti* [root:~]# mv cacti-0.8.xx /home/cactiuser/cacti [root:~]# cd /home/cactiuser/cacti [root:~]# mysql --user=root --password=rootpw cactidb < cacti.sql [root:~]# chown -R cactiuser rra/ log/
Make the proper changes for data base and data base password:
[root:~]# vi /include/config.php
$database_defaut = “cactidb”; $database_hostname = “localhost”; $database_username = “cactiuser”; $database_password = “cactipw”
Add this cron in /etc/crontab
*/5 * * * * cac tiuser php /home/cactiuser/cacti/poller.php > /dev/null 2>&1
Add an alias or vir tual host in your apache con fig u ra tion file:
Alias /cacti/ “/home/cactiuser/cacti/”
Save and restart the apache and mysql service.
Post Instal la tion Steps:
Browse the below men tioned URL:
–OR–
What is NAGIOS ?
Nagios is a host and ser vice mon i tor designed to inform you of net work prob lems before your clients, end-users or man agers do. It has been designed to run under the Linux oper at ing sys tem, but works fine under most *NIX vari ants as well
Sys tem Requirements
Make sure you’ve installed the fol low ing pack ages on your Fedora instal la tion before continuing.
- Apache
- GCC com piler
- GD devel op ment libraries
You can use yum to install these pack ages by run ning the fol low ing com mands (as root):
yum install httpdyum install gccyum install glibc glibc-commonyum install gd gd-devel
Instal la tion :
Cre ate Account Infor ma tion
1. Become the root user.
su -l 2.Create a new nagios user account and give it a password.
/usr/sbin/useradd -m nagiospasswd nagios
3. To pre vent nagios user name to access the ssh you can set the spe cific user access on the /etc/passwd ‚example:
vi /etc/passwdnagios:x:7798:7798::/home/nagios:/bin/bash --> /bin/bash was the default command to access ssh you can changes it into/dev/nullnagios:x:7798:7798::/home/nagios:/dev/null
To know more about the /etc/passwd for mat like above you can refer to http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/
4. Cre ate a new nagcmd group for allow ing exter nal com mands to be sub mit ted through the web inter face. Add both the nagios user and the apache user to the group.
/usr/sbin/groupadd nagcmd/usr/sbin/usermod -G nagcmd nagios/usr/sbin/usermod -G nagcmd apache
Down load Nagios and the Plugins
1.Create a direc tory for stor ing the downloads.
mkdir ~/downloads cd ~/downloads
2. Down load the source code tar balls of both Nagios and the Nagios plu g ins (visit http://www.nagios.org/download/ for links to the lat est ver sions). At the time of writ ing, the lat est ver sions of Nagios and the Nagios plu g ins were 3.0.3 and 1.4.11, respectively.
wget http://osdn.dl.sourceforge.net/sourceforge/nagios/nagios-3.0.3.tar.gz wget http://osdn.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4...
Com pile and Install Nagios
1. Extract the Nagios source code tarball.
cd ~/downloads tar xzf nagios-3.0.3.tar.gz cd nagios-3.0.3
2. Run the Nagios con fig ure script, pass ing the name of the group you cre ated ear lier like so:
./configure --with-command-group=nagcmd
3. Com pile the Nagios source code.
make all
4. Install bina ries, init script, sam ple con fig files and set per mis sions on the exter nal com mand directory.
make install make install-init make install-config make install-commandmode
Cus tomize Configuration
1.Sample con fig u ra tion files have now been installed in the /usr/local/nagios/etc direc tory. These sam ple files should work fine for get ting started with Nagios. You’ll need to make just one change before you proceed…
2.Edit the /usr/local/nagios/etc/objects/contacts.cfg con fig file with your favorite edi tor and change the email address asso ci ated with the nagiosad min con tact def i n i tion to the address you’d like to use for receiv ing alerts.
vi /usr/local/nagios/etc/objects/contacts.cfg
define contact{
contact_name nagiosadmin ; Short name of user
use generic-contact ; Inherit default values from generic-contact template (defined above)
alias Nagios Admin ; Full name of user
email postmaster@test.com ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
Con fig ure the Web Interface
1. Install the Nagios web con fig file in the Apache conf.d directory.
make install-webconf
2. Cre ate a nagiosad min account for log ging into the Nagios web inter face. Remem ber the pass word you assign to this account — you’ll need it later.
htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
3. Restart Apache to make the new set tings take effect.
service httpd restart
Com pile and Install the Nagios Plugins
1. Extract the Nagios plu g ins source code tarball.
cd ~/downloads tar xzf nagios-plugins-1.4.11.tar.gz cd nagios-plugins-1.4.11
2. Com pile and install the plugins.
./configure --with-nagios-user=nagios --with-nagios-group=nagios make make install
Start Nagios
1. Add Nagios to the list of sys tem ser vices and have it auto mat i cally start when the sys tem boots.
chkconfig --add nagios chkconfig nagios on
2. Ver ify the sam ple Nagios con fig u ra tion files.
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
3. If there are no errors, start Nagios.
service nagios start
4. You should now be able to access the Nagios web inter face at the URL below. You’ll be prompted for the user name (nagiosad min) and pass word you spec i fied earlier.
http://localhost/nagios/
5. Click on the “Ser vice Detail” navbar link to see details of what’s being mon i tored on your local machine. It will take a few min utes for Nagios to check all the ser vices asso ci ated with your machine, as the checks are spread out over time.
How to add another server ip address to the ser vice list
1. Go to /usr/local/nagios/etc/objects/localhost.cfg
vi /usr/local/nagios/etc/objects/localhost.cfg
2. On HOST DEFINITION area add this
# Define a host for the local machine
define host{
use linux-server
host_name 219.99.229.221
alias 219.99.229.221
address 219.99.229.221
}
3. And do not for get to add the ip address to the HOST GROUP DEFINITION area
# Define an optional hostgroup for Linux machines
define hostgroup{
hostgroup_name linux-servers ; The name of the hostgroup
alias Linux Servers ; Long name of the group
members localhost; Comma separated list of hosts that belong to this group
}
define hostgroup{
hostgroup_name linux-servers-monitoring ; The name of the hostgroup
alias Linux Servers Monitoring ; Long name of the group members 219.99.229.221; Comma separated list of hosts that belong to this group
}
4. And if you wanted to add the Ping and Http ser vice go to SERVICE DEFINITIONS area and please add this
# Define a service to "ping" the local machine
define service{
use local-service ; Name of service template to use
host_name localhost
service_description PING
check_command check_ping!100.0,20%!500.0,60%
}
define service{
use local-service ; Name of service template to use
host_name 219.99.229.221
service_description PING
check_command check_ping!100.0,20%!500.0,60%
}
# Define a service to check HTTP on the local machine.
# Disable notifications for this service by default, as not all users may have HTTP enabled.
define service{
use local-service ; Name of service template to use
host_name localhost
service_description HTTP
check_command check_http
notifications_enabled 0
}
define service{
use local-service ; Name of service template to use
host_name 219.99.229.221
service_description HTTP
check_command check_http
notifications_enabled 1 #-----> 1 to enable it 0 to disable it
}
5. then save the files then reload the nagios service
service nagios reload
Check error detail
1 To checked the detail error on what line you can use this com mand, it will show you the direct error line
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
How to add another mailto nagios Contacts
1. You can set the email on /usr/local/nagios/etc/objects/contacts.cfg go to con tact Area
vi /usr/local/nagios/etc/objects/contacts.cfg
define contact{
contact_name nagiosadmin ; Short name of user
use generic-contact ; Inherit default values from generic-contact template (defined above)
alias Nagios Admin ; Full name of user
email postmaster@test.org ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
}
define contact{
contact_name test ; Short name of user
use generic-contact ; Inherit default values from generic-contact template (defined above)
alias test ; Full name of user
email test@test.org ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
}
2. And do not for get to add the new con tact name to the con tact groups area
define contactgroup{
contactgroup_name admins
alias Nagios Administrators
members nagiosadmin,test
}
3. Reload the nagios
service nagios reload
4. And you can see the new con tact on your nagios web , http://localhost/nagios -> scroll down and go to View Con fig -> Object Type: -> pick con tacts -> click continue
Save Share Settings and Permissions
If you need to complete any of the following procedures, you can save the share names that exist on the original Windows installation, including any permissions assigned to those shares:
- Reinstall Windows over an existing installation (a clean install, not an upgrade).
- Move all of your data drives from one server to another.
- Install Windows to another folder or drive on a computer that already has Windows installed.
To save only the existing share names and their permissions on Windows NT4.0/W2K/XP/2003 follow these steps.
Method #1
- On the existing Windows installation that contains the share names and permissions that you want to save, start Registry Editor (Regedt32.exe or Regedit.exe).
- Go to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares
- Click Save Key on the Registry menu.
- Type a new file name (a file extension is not necessary), and then save the file to a floppy disk.
- Reinstall Windows (if you have to, don’t do it just because I said so…).
- Run Registry Editor (Regedt32.exe or Regedit.exe).
- Go to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares
- Click Restore on the Registry menu.
- Type the path and file name of the file that you saved in steps 3 and 4.
Caution: This step overrides the shares that already exist on the Windows computer with the share names and permissions that exist in the file you are restoring. You are warned about this before you restore the key.
Note: You can also do the trick by double-clicking the registry file you’ve created in step 3, if you’ve used Regedit and if the file extension is .REG.
- Restart the server.
Note: After you complete this procedure, if you decide that you should not have restored the Shares key, restart the computer and press the SPACEBAR to use the last known good configuration. After you restore the shares key, the shares can be used by network clients. If you run the net shares command on the server, the server displays the shares; however, File Manager does not display the shares. To make File Manager aware of the newly restored shares, create any new share on the server. File Manager displays all of the other shares after you restart the server or stop and restart the Server service.
Only permissions for domain users are restored. If a local user was created in the previous Windows NT installation, that local user’s unique security identifier (SID) is lost. NTFS permissions on folders and files are not affected when you save and restore the shares key.
Method #2
Use the NET SHARE program to create the new share structure, then use the PERMCOPY program found in the Windows 2000 Resource Kit to copy share permissions. The syntax is quite easy:
PERMCOPY //SourceServer ShareName //DestinationServer ShareName
Links
Saving and Restoring Existing Windows Shares – 125996
(from Petri)
Disable Hidden Admin Share
The system automatically creates hidden “administrative shares” for its logical drives C:, D:, and so forth which it names C$, D$ and so forth. It also creates the admin$ hidden share for to the \winnt folder. These shares are designed for remote access support by domain administrators. By default, if you delete these admin shares, they will be recreated when you reboot. To disable permanently so they will not be recreated on the next reboot, use the following Windows NT / Windows 2000 / Windows XP registry hack:
Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Name: AutoShareServer for servers
Name: AutoShareWks for workstations
Type: REG_DWORD
Value: 0
For background: Q156365. For details on disabling in Windows XP, see Q314984. In Windows 2000 and Windows XP, you disable the shares via
- Start
- Settings
- Control Panel
- Systems Tools panel
- Shared Folders
- Double-click the Shared Folders branch to expand it
- Click Shares
- In the Shared Folder column, right-click the share you want to disable
- Click Stop sharing
- Cick OK.
NOTE: If you disable an administrative share that you have created, it will not be automatically enabled after you restart your computer, and you will need to recreate the share.
Perhaps the best approach to protect hard drive resources on workstations is to disable the server service if you can. There are a few workstation applications that need server service running, in particular, some SNA emulation packages.
(from windowsnetworking)
Hello world!
Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!
