Ong Map Blog

The Icacls.exe utility is available for Windows Server 2003 SP 2

dinosg — Thu, 29 Jul 2010 03:25:44 +0000

This article describes the Icacls.exe command-line utility. You can use this utility to modify NTFS file system permissions on a computer that is running Microsoft Windows Server 2003 with Service Pack 2 (SP2).

Currently, you can use the Xcacls.exe utility, the Cacls.exe utility, and the Xcacls.vbs utility to modify NTFS permissions in Windows Server 2003. The Icacls.exe utility is an alternative option for modifying NTFS permissions. The Icacls.exe utility resolves various issues that occur when you use the existing utilities.

The Icacls.exe utility is included in Windows Vista and in Windows Server 2003 SP2.

Back to the top

MORE INFORMATION

To install the Icacls.exe utility, install the latest service pack for Windows Server 2003. For more information about how to install the latest service pack for Windows Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:

889100 How to obtain the latest service pack for Windows Server 2003

Back to the top

Syntax for the Icacls.exe utility

To see the following syntax information, type icacls.exe /? at a command prompt.


ICACLS name /save aclfile [/T] [/C]
    store the acls for all matching names into aclfile for
    later use with /restore.

ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile [/C]
    applies the stored acls to files in directory.

ICACLS name /setowner user [/T] [/C]
    changes the owner of all matching names.

ICACLS name /findsid Sid [/T] [/C]
    finds all matching names that contain an ACL
    explicitly mentioning Sid.

ICACLS name /verify [/T] [/C]
    finds all files whose ACL is not in canonical form or whose
    lengths are inconsistent with ACE counts.

ICACLS name /resize [/T] [/C] [/L]
    changes incorrect recorded lengths of ACLs to true lengths.

ICACLS name /reset [/T] [/C]
    replaces acls with default inherited acls for all matching files.

ICACLS name [/grant[:r] Sid:perm[...]]
       [/deny Sid:perm [...]]
       [/remove[:g|:d]] Sid[...]] [/T] [/C]

    /grant[:r] Sid:perm grants the specified user access rights. With :r,
        the permissions replace any previously granted explicit permissions.
        Without :r, the permissions are added to any previously granted
        explicit permissions.

    /deny Sid:perm explicitly denies the specified user access rights.
        An explicit deny ACE is added for the stated permissions and
        the same permissions in any explicit grant are removed.

    /remove[:[g|d]] Sid removes all occurrences of Sid in the acl. With
        :g, it removes all occurrences of granted rights to that Sid. With
        :d, it removes all occurrences of denied rights to that Sid.

Note:
    Sids may be in either numeric or friendly name form. If a numeric
    form is given, affix a * to the start of the SID.

    /T indicates that this operation is performed on all matching
        files/directories below the directories specified in the name.

    /C indicates that this operation will continue on all file errors.
        Error messages will still be displayed.

    ICACLS preserves the canonical ordering of ACE entries:
            Explicit denials
            Explicit grants
            Inherited denials
            Inherited grants

    perm is a permission mask and can be specified in one of two forms:
        a sequence of simple rights:
                F - full access
                M - modify access
                RX - read and execute access
                R - read-only access
                W - write-only access
        a comma-separated list in parentheses of specific rights:
                D - delete
                RC - read control
                WDAC - write DAC
                WO - write owner
                S - synchronize
                AS - access system security
                MA - maximum allowed
                GR - generic read
                GW - generic write
                GE - generic execute
                GA - generic all
                RD - read data/list directory
                WD - write data/add file
                AD - append data/add subdirectory
                REA - read extended attributes
                WEA - write extended attributes
                X - execute/traverse
                DC - delete child
                RA - read attributes
                WA - write attributes
        inheritance rights may precede either form and are applied
        only to directories:
                (OI) - object inherit
                (CI) - container inherit
                (IO) - inherit only
                (NP) - don't propagate inherit

Examples:

        icacls c:\windows\* /save AclFile /T
        - Will save the ACLs for all files under c:\windows
          and its subdirectories to AclFile.

        icacls c:\windows\ /restore AclFile
        - Will restore the Acls for every file within
          AclFile that exists in c:\windows and its subdirectories

        icacls file /grant Administrator:(D,WDAC)
        - Will grant the user Administrator Delete and Write DAC
          permissions to file

        icacls file /grant *S-1-1-0:(D,WDAC)
        - Will grant the user defined by sid S-1-1-0 Delete and
          Write DAC permissions to file

Back to the top

Other available utilities to modify NTFS permissions

For more information about other utilities that you can use to modify NTFS permissions, click the following article numbers to view the articles in the Microsoft Knowledge Base:

318754 How to use Xcacls.exe to modify NTFS permissions

135268 How to use Cacls.exe in a batch file

825751 How to use Xcacls.vbs to modify NTFS permissions

Back to the top

How to use Xcacls.vbs to modify NTFS permissions

dinosg — Thu, 29 Jul 2010 02:42:36 +0000

There is an updated version of the Extended Change Access Control List tool (Xcacls.exe) that is available as a Microsoft Visual Basic script (Xcacls.vbs) from Microsoft. This step-by-step article describes how to use the Xcacls.vbs script to modify and to view NTFS file system permissions for files or for folders. You can use Xcacls.vbs from the command line to set all the file system security options that are accessible in Microsoft Windows Explorer. Xcacls.vbs displays and modifies the access control lists (ACLs) of files.

Note Xcacls.vbs is only compatible with Microsoft Windows 2000, with Microsoft Windows XP, and with Microsoft Windows Server 2003. Xcacls.vbs is not supported by Microsoft.

Back to the top

Set Up and Use Xcacls.vbs

To set up and to use Xcacls.vbs, follow these steps:

Obtain the latest version of Xcacls.vbs from the following Microsoft Web site:
http://download.microsoft.com/download/f/7/8/f786aaf3-a37b-45ab-b0a2-8c8c18bbf483/XCacls_Installer.exe
Double-click Xcacls_Installer.exe. When you are prompted for a location to place the extracted files, specify a folder that is in your computer’s search-path setting, such as C:\Windows.
Change the default scripting engine from Wscript to Cscript. (The Xcacls.vbs script works best in Cscript.) To do this, type the following at a command prompt, and then press ENTER:
cscript.exe /h:cscript

Note Changing the default scripting engine to Cscript only affects how scripts write to the screen. Wscript writes each line individually to an OK dialog box. Cscript writes each line to the command window. If you do not want to change the default scripting engine, you must run the script by using the following command

cscript.exe xcacls.vbs

whereas if you change the default to Cscript, you can run the script with the following command:

xcacls.vbs

.
To see the Xcacls.vbs command syntax, type the following at a command prompt:
xcacls.vbs /?

Syntax for the Xcacls.vbs Command

The following output of the xcacls.vbs /? command describes the Xcacls.vbs command syntax:

Usage:
XCACLS filename [/E] [/G user:perm;spec] [...] [/R user [...]]
[/F] [/S] [/T]
[/P user:perm;spec [...]] [/D user:perm;spec] [...]
[/O user] [/I ENABLE/COPY/REMOVE] [/N
[/L filename] [/Q] [/DEBUG]

filename [Required] If used alone, it displays ACLs.
(Filename can be a filename, directory name or
wildcard characters and can include the whole
path. If path is missing, it is assumed to be
under the current directory.)
Notes:
- Put filename in quotes if it has spaces or
special characters such as &, $, #, etc.
- If filename is a directory, all files and
subdirectories under it will NOT be changed
unless the /F or S is present.

/F [Used with Directory or Wildcard] This will change all
files under the inputted directory but will NOT
traverse subdirectories unless /T is also present.
If filename is a directory, and /F is not used, no
files will be touched.

/S [Used with Directory or Wildcard] This will change all
subfolders under the inputted directory but will NOT
traverse subdirectories unless /T is also present.
If filename is a directory, and /S is not used, no
subdirectories will be touched.

/T [Used only with a Directory] Traverses each
subdirectory and makes the same changes.
This switch will traverse directories only if the
filename is a directory or is using wildcard characters.
/E Edit ACL instead of replacing it.

/G user:GUI Grant security permissions similar to Windows GUI
standard (non-advanced) choices.
/G user:Perm;Spec Grant specified user access rights.
(/G adds to existing rights for user)

User: If User has spaces in it, enclose it in quotes.
If User contains #machine#, it will replace
#machine# with the actual machine name if it is a
non-domain controller, and replace it with the
actual domain name if it is a domain controller.

New to 3.0: User can be a string representing
the actual SID, but MUST be lead by SID#
Example: SID#S-1-5-21-2127521184-160...
(SID string shown has been shortened)
(If any user has SID# then globally all
matches must match the SID (not name)
so if your intention is to apply changes
to all accounts that match Domain\User
then do not specify SID# as one of the
users.)

GUI: Is for standard rights and can be:
Permissions...
F Full control
M Modify
X read and eXecute
L List folder contents
R Read
W Write
Note: If a ; is present, this will be considered
a Perm;Spec parameter pair.

Perm: Is for "Files Only" and can be:
Permissions...
F Full control
M Modify
X read and eXecute
R Read
W Write
Advanced...
D Take Ownership
C Change Permissions
B Read Permissions
A Delete
9 Write Attributes
8 Read Attributes
7 Delete Subfolders and Files
6 Traverse Folder / Execute File
5 Write Extended Attributes
4 Read Extended Attributes
3 Create Folders / Append Data
2 Create Files / Write Data
1 List Folder / Read Data
Spec is for "Folder and Subfolders only" and has the
same choices as Perm.

/R user Revoke specified user's access rights.
(Will remove any Allowed or Denied ACL's for user.)

/P user:GUI Replace security permissions similar to standard choices.

/P user:perm;spec Replace specified user's access rights.
For access right specification see /G option.
(/P behaves like /G if there are no rights set for user.)

/D user:GUI Deny security permissions similar to standard choices.
/D user:perm;spec Deny specified user access rights.
For access right specification see /G option.
(/D adds to existing rights for user.)

/O user Change the Ownership to this user or group.

/I switch Inheritance flag. If omitted, the default is to not touch
Inherited ACL's. Switch can be:
ENABLE - This will turn on the Inheritance flag if
it is not on already.
COPY - This will turn off the Inheritance flag and
copy the Inherited ACL's
into Effective ACL's.
REMOVE - This will turn off the Inheritance flag and
will not copy the Inherited
ACL's. This is the opposite of ENABLE.
If switch is not present, /I will be ignored and
Inherited ACL's will remain untouched.

/L filename Filename for Logging. This can include a path name
if the file is not under the current directory.
File will be appended to, or created if it does not
exit. Must be Text file if it exists or error will occur.

If filename is omitted, the default name of XCACLS will
be used.

/Q Turn on Quiet mode. By default, it is off.
If it is turned on, there will be no display to the screen.

/DEBUG Turn on Debug mode. By default, it is off.
If it is turned on, there will be more information
displayed and/or logged. Information will show
Sub/Function Enter and Exit as well as other important
information.

/SERVER servername Enter a remote server to run script against.

/USER username Enter Username to impersonate for Remote Connections
(requires PASS switch). Will be ignored if it is for a Local Connection.

/PASS password Enter Password to go with USER switch
(requires USER switch).

Wildcard characters can be used to specify more than one file in a command, such as:
* Any string of zero or more characters
? Any single character

You can specify more than one user in a command.
You can combine access rights.

Use Xcacls.vbs to View Permissions

You can also use Xcacls.vbs to view permissions for files or folders. For example, if you have a folder that is named C:\Test, type the following at a command prompt to view the folder permissions, and then press ENTER:

xcacls.vbs c:\test

The following example is a typical result:

C:\>XCACLS.VBS c:\test
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

Starting XCACLS.VBS (Version: 3.4) Script at 6/11/2003 10:55:21 AM

Startup directory:
"C:\test"

Arguments Used:
        Filename = "c:\test"

**************************************************************************
Directory: C:\test

Permissions:
Type     Username                Permissions           Inheritance

Allowed  BUILTIN\Administrators  Full Control          This Folder, Subfolde
Allowed  NT AUTHORITY\SYSTEM     Full Control          This Folder, Subfolde
Allowed  Domain1\User1           Full Control          This Folder Only
Allowed  \CREATOR OWNER          Special (Unknown)     Subfolders and Files
Allowed  BUILTIN\Users           Read and Execute      This Folder, Subfolde
Allowed  BUILTIN\Users           Create Folders / Appe This Folder and Subfo
Allowed  BUILTIN\Users           Create Files / Write  This Folder and Subfo

No Auditing set

Owner: Domain1\User1

Note The output of the xcacls.vbs c:\test command in this example matches the text that is shown in the graphical user interface (GUI). Some words are incomplete in the command window.

The output also gives the version of the script, the startup directory, and the arguments that were used.

You can also use wildcard characters to display matching files under the directory. For example, if you type the following, all files with an extension of “.log” that are in the C:\Test folder are displayed:

xcacls.vbs c:\test\*.log

Examples

The following Xcacls.vbs commands provide some examples of Xcacls.vbs usage.

xcacls.vbs c:\test\ /g domain\testuser1:f /f /t /e

This command edits existing permissions. It grants Domain\TestUser1 full control on all files under C:\Test, it traverses subfolders under C:\Test, and then it changes any files that are found. This command does not touch directories.

xcacls.vbs c:\test\ /g domain\testuser1:f /s /l “c:\xcacls.log”

This command replaces existing permissions. It grants Domain\TestUser1 full control on all subfolders under C:\Test, and it logs to C:\Xcacls.log. This command does not touch files, and it does not traverse directories.

xcacls.vbs c:\test\readme.txt /o “machinea\group1″

This command changes the owner of Readme.txt to be the group MachineA\Group1.

xcacls.vbs c:\test\badcode.exe /r “machinea\group1″ /r “domain\testuser1″

This command revokes the permissions to C:\Test\Badcode.exe for MachineA\Group1 and for Domain\TestUser1.

xcacls.vbs c:\test\subdir1 /i enable /q

This command turns on inheritance on the folder C:\Test\Subdir1. It suppresses any screen output.

xcacls.vbs \\servera\sharez\testpage.htm /p “domain\group2″:14

This command remotely connects to \\ServerA\ShareZ by using Windows Management Instrumentation (WMI). It then obtains the local path for that share, and under that path, it changes the permissions on Testpage.htm. It leaves the existing permissions of Domain\Group2 intact, but it adds permissions 1 (read data) and 4 (read extended attributes). The command drops other permissions on the file because the /e switch was not used.

xcacls.vbs d:\default.htm /g “domain\group2″:f /server servera /user servera\admin /pass password /e

This command uses WMI to remotely connect as ServerA\Admin to ServerA and then grants full permissions on Default.htm to Domain\Group2. Existing permissions for Domain\Group2 are lost and other permissions on the file remain.

Back to the top

REFERENCES

For additional information about how to use Xcacls.exe, click the following article number to view the article in the Microsoft Knowledge Base:

318754 How to use Xcacls.exe to modify NTFS permissions

Back to the top

INSTALL Monit for Monitor System

dinosg — Thu, 29 Jul 2010 02:39:43 +0000

I/INTRO

Monit is a free open source util ity for man ag ing and mon i tor ing, processes, files, direc to ries and filesys tems on a UNIX sys tem. Monit con ducts auto matic main te nance and repair and can exe cute mean ing ful causal actions in error situations.

II/INSTALL

Step 1:Install monit

#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6 – 1.el5.rf.i386.rpm
#rpm –Uvh rpmforge-release-0.3.6 – 1.el5.rf.i386.rpm
#yum install monit
#chk con fig –lev els 235 monit on

Step 2:Config Monit

edit /etc/moni.d/monitrc

set daemon  60
set logfile syslog facility log_daemon
set mailserver localhost #mail server
set mail-format { from: monit@server1.example.com }
set alert root@localhost #alert to admin with email adrress root@localhost
set httpd port 2812 and
  SSL ENABLE
  PEMFILE  /var/certs/monit.pem
  allow admin:test

some fea tures exam ple of monit

*check host CUIBAP with address 19.16.12.32
if failed icmp type echo with time out 20 sec onds then alert
(check host if over 20 sec ond it will alert mail to admin)

*check host CONHEO with address 132.163.193.3
if failed port 25 with time out 30 sec onds then alert
(check Ser vice SMTP if over 30 sec ond it will alert mail to admin)

*check process sshd with pid file /var/run/sshd.pid
start pro gram “/etc/init.d/sshd start“
stop pro gram “/etc/init.d/sshd stop“
if failed port 22 pro to col ssh then restart
if failed port 22 pro to col ssh then alert
if 5 restarts within 5 cycles then time out
(check Ser vice SSH if it down monit auto start only run in localhost)

Step 3:access monit via web mail port 2812

copy from conheotiensinh

No Comments

Sep

LOAD BALANCE AND CLUSTER FAILOVER WEBSERVER(INBOUND)USE PFSENSE

Posted by: admin

I/Intro

pfSense is a FreeBSD-based fire wall tai lored for use as a fire wall and router. The project started in 2004 as a fork of the m0n0wall project, but focused towards full PC instal la tions rather than the embed ded hard ware focus of m0n0wall.

Com mon Deployments

Although mainly deployed as a perime ter fire wall, pfSense is ver sa tile enough to fill many types of deploy ments. Here is a short list of com mon deployments:

Perime ter Fire wall — As dis cused ear lier, this is by far the most com mon deploy ment for pfSense.
Router — Due to the abil ity to load bal ance con nec tions and pro vide failover capa bil i ties, pfSense makes for an ideal choice for a DIY Router for the SMB market.
Wire less Access Point — With the abil ity of Cap tive Por tal within it, pfSense can eas ily be deployed as a wire less hotspot solution.
Spe cial pur pose appli ance — Some users have decided to uti lize pfSense in a unique way to help ful fill their unique needs.
- VPN Appli ance
- Snif fer Appliance
- Ded i cated DHCP server
- Ded i cated DNS server

Fea tures

pfSense includes almost all the fea tures in expen sive com mer cial fire walls, and more in many cases. Here is a list of fea tures taken from the pfSense Fea tures page.

Fire wall
State Table
NAT
Redun dancy
- CARP- CARP from OpenBSD allows for hard ware failover. Two or more fire walls can be con fig ured as a failover group. If one inter face fails on the pri mary or the pri mary goes offline entirely, the sec ondary becomes active. pfSense also includes con fig u ra tion syn chro niza tion capa bil i ties, so you make your con fig u ra tion changes on the pri mary and they auto mat i cally syn chro nize to the sec ondary firewall.
- pfsync — pfsync ensures the firewall’s state table is repli cated to all failover con fig ured fire walls. This means your exist ing con nec tions will be main tained in the case of fail ure, which is impor tant to pre vent net work disruptions.
Out bound and Inbound load balancing
VPN — IPsec, Open VPN, PPTP
PPPoE Server
RRD Graphs Reporting
Real Time Infor ma tion — Using AJAX
Dynamic DNS
Cap tive portal
DHCP Server and Relay
Live CD Ver sion Avail able

II/INSTALL

Step 1:Install Pfsense from CD

Step 2:enable vlan or no(I choose “no”)

Step 3:enter the lan inter face name

Step 4:enter the wan inter face name

Step 5: enter

Step 6 type “y”

Step 7: setup ip adr ress as Dia gram
III/LOAD BALANCE WEB

Step 8:Set up Load Bal anc ing Pool

The first thing to do is cre ate a pool (Ser vices > Load Bal ancer > Add).

Step 9:Set up vir tual server

Adding a new Vir tual Server (Ser vices > Load bal ancer > Vir tual Servers > Add )

Step 10: Set up vir tual ip address

Adding a new Vir tual IP (Fire wall > Vir tual IPs > Add )

Step 11:Create Nat(Firewall > Nat > Add)

Note: open port 80 from Inter net access to 192.168.0.5 and 192.168.0.6

Step 12:Access to http://192.168.20.204/ and check sta tus load balance

Step 13:Disconnect 192.168.0.5 Access to http://192.168.20.204/ and check sta tus load balance

IV/CLUSTER FAILOVER

As LOAD bal ance but choose Failover

Besides pfsense can cre ate clus ter fail over fire wall and load bal ance outbound

No Comments

Jul

Install RRDTool on Red Hat Enterprise Linux / CentOS

Posted by: admin

Q. I’ve down loaded RRD Tool pack age called rrdtool-1.3.1.tar.gz. But ./configure com mand giv ing out lots of error mes sages. How do I install RRD Tool on Red Hat Enter prise Linux 5.x — 64 bit version?

A. RRD is the Acronym for Round Robin Data base. RRD is a sys tem to store and dis play time-series data (i.e. net work band width, machine-room tem per a ture, server load aver age). It stores the data in a very com pact way that will not expand over time, and it presents use ful graphs by pro cess ing the data to enforce a cer tain data den sity. It can be used either via sim ple wrap per scripts (from shell or Perl) or via fron tends that poll net work devices and put a friendly user inter face on it.

Installing RRD Tool on RHEL

In order to install RRD Tool on Red Hat Enter prise Linux / Cen tOS Linux 64 bit ver sion you need to install few devel op ment tools and libraries.

Step # 1: Install required dependencies

Login as root and type the fol low ing com mand:
# yum install cairo-devel libxml2-devel pango-devel pango libpng-devel freetype freetype-devel libart_lgpl-devel
Sam ple output:

Loading "rhnplugin" plugin
Loading "security" plugin
rhel-x86_64-server-vt-5   100% |=========================| 1.4 kB    00:00
rhn-tools-rhel-x86_64-ser 100% |=========================| 1.2 kB    00:00
rhel-x86_64-server-5      100% |=========================| 1.4 kB    00:00
Setting up Install Process
Parsing package install arguments
Package libxml2-devel - 2.6.26-2.1.2.1.x86_64 is already installed.
Package libxml2-devel - 2.6.26-2.1.2.1.i386 is already installed.
Package pango - 1.14.9-3.el5.i386 is already installed.
Package pango - 1.14.9-3.el5.x86_64 is already installed.
Package freetype - 2.2.1-20.el5_2.i386 is already installed.
Package freetype - 2.2.1-20.el5_2.x86_64 is already installed.
Resolving Dependencies
--> Running transaction check
---> Package libart_lgpl-devel.x86_64 0:2.3.17-4 set to be updated
---> Package pango-devel.i386 0:1.14.9-3.el5 set to be updated
--> Processing Dependency: libXft-devel for package: pango-devel
--> Processing Dependency: libXrender-devel for package: pango-devel
--> Processing Dependency: libXext-devel for package: pango-devel
--> Processing Dependency: libX11-devel for package: pango-devel
--> Processing Dependency: fontconfig-devel >= 2.0 for package: pango-devel
---> Package pango-devel.x86_64 0:1.14.9-3.el5 set to be updated
---> Package freetype-devel.x86_64 0:2.2.1-20.el5_2 set to be updated
---> Package libpng-devel.i386 2:1.2.10-7.1.el5_0.1 set to be updated
---> Package cairo-devel.x86_64 0:1.2.4-5.el5 set to be updated
---> Package libpng-devel.x86_64 2:1.2.10-7.1.el5_0.1 set to be updated
---> Package cairo-devel.i386 0:1.2.4-5.el5 set to be updated
---> Package libart_lgpl-devel.i386 0:2.3.17-4 set to be updated
--> Processing Dependency: libart_lgpl_2.so.2 for package: libart_lgpl-devel
---> Package freetype-devel.i386 0:2.2.1-20.el5_2 set to be updated
--> Running transaction check
---> Package libXrender-devel.i386 0:0.9.1-3.1 set to be updated
--> Processing Dependency: xorg-x11-proto-devel for package: libXrender-devel
---> Package libXft-devel.i386 0:2.1.10-1.1 set to be updated
---> Package libX11-devel.i386 0:1.0.3-9.el5 set to be updated
--> Processing Dependency: libXdmcp-devel for package: libX11-devel
--> Processing Dependency: libXau-devel for package: libX11-devel
---> Package fontconfig-devel.i386 0:2.4.1-7.el5 set to be updated
---> Package libart_lgpl.i386 0:2.3.17-4 set to be updated
---> Package libXext-devel.i386 0:1.0.1-2.1 set to be updated
--> Running transaction check
---> Package xorg-x11-proto-devel.i386 0:7.1-9.fc6 set to be updated
--> Processing Dependency: mesa-libGL-devel for package: xorg-x11-proto-devel
---> Package libXdmcp-devel.i386 0:1.0.1-2.1 set to be updated
---> Package libXau-devel.i386 0:1.0.1-3.1 set to be updated
--> Running transaction check
---> Package mesa-libGL-devel.i386 0:6.5.1-7.5.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
 libart_lgpl-devel       x86_64     2.3.17-4         rhel-x86_64-server-5   21 k
 libart_lgpl-devel       i386       2.3.17-4         rhel-x86_64-server-5   21 k
 pango-devel             i386       1.14.9-3.el5     rhel-x86_64-server-5  280 k
 pango-devel             x86_64     1.14.9-3.el5     rhel-x86_64-server-5  281 k
Installing for dependencies:
 cairo-devel             x86_64     1.2.4-5.el5      rhel-x86_64-server-5  131 k
 cairo-devel             i386       1.2.4-5.el5      rhel-x86_64-server-5  130 k
 fontconfig-devel        i386       2.4.1-7.el5      rhel-x86_64-server-5  168 k
 freetype-devel          x86_64     2.2.1-20.el5_2   rhel-x86_64-server-5  151 k
 freetype-devel          i386       2.2.1-20.el5_2   rhel-x86_64-server-5  151 k
 libX11-devel            i386       1.0.3-9.el5      rhel-x86_64-server-5  665 k
 libXau-devel            i386       1.0.1-3.1        rhel-x86_64-server-5   11 k
 libXdmcp-devel          i386       1.0.1-2.1        rhel-x86_64-server-5  7.6 k
 libXext-devel           i386       1.0.1-2.1        rhel-x86_64-server-5   57 k
 libXft-devel            i386       2.1.10-1.1       rhel-x86_64-server-5   16 k
 libXrender-devel        i386       0.9.1-3.1        rhel-x86_64-server-5  8.9 k
 libart_lgpl             i386       2.3.17-4         rhel-x86_64-server-5   76 k
 libpng-devel            i386       2:1.2.10-7.1.el5_0.1  rhel-x86_64-server-5  182 k
 libpng-devel            x86_64     2:1.2.10-7.1.el5_0.1  rhel-x86_64-server-5  186 k
 mesa-libGL-devel        i386       6.5.1-7.5.el5    rhel-x86_64-server-5  465 k
 xorg-x11-proto-devel    i386       7.1-9.fc6        rhel-x86_64-server-5  247 k

Transaction Summary
=============================================================================
Install     20 Package(s)
Update       0 Package(s)
Remove       0 Package(s)         

Total download size: 3.2 M
Is this ok [y/N]: 

Downloading Packages:
(1/20): libXext-devel-1.0 100% |=========================|  57 kB    00:00
(2/20): freetype-devel-2. 100% |=========================| 151 kB    00:00
(3/20): libXau-devel-1.0. 100% |=========================|  11 kB    00:00
(4/20): libart_lgpl-devel 100% |=========================|  21 kB    00:00
(5/20): libart_lgpl-2.3.1 100% |=========================|  76 kB    00:00
(6/20): cairo-devel-1.2.4 100% |=========================| 130 kB    00:00
(7/20): libpng-devel-1.2. 100% |=========================| 186 kB    00:00
(8/20): cairo-devel-1.2.4 100% |=========================| 131 kB    00:00
(9/20): fontconfig-devel- 100% |=========================| 168 kB    00:00
(10/20): mesa-libGL-devel 100% |=========================| 465 kB    00:01
(11/20): libXdmcp-devel-1 100% |=========================| 7.6 kB    00:00
(12/20): libpng-devel-1.2 100% |=========================| 182 kB    00:00
(13/20): libX11-devel-1.0 100% |=========================| 665 kB    00:02
(14/20): freetype-devel-2 100% |=========================| 151 kB    00:00
(15/20): libXft-devel-2.1 100% |=========================|  16 kB    00:00
(16/20): pango-devel-1.14 100% |=========================| 281 kB    00:01
(17/20): pango-devel-1.14 100% |=========================| 280 kB    00:01
(18/20): libXrender-devel 100% |=========================| 8.9 kB    00:00
(19/20): libart_lgpl-deve 100% |=========================|  21 kB    00:00
(20/20): xorg-x11-proto-d 100% |=========================| 247 kB    00:01
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: libart_lgpl                  ####################### [ 1/20]
  Installing: freetype-devel               ####################### [ 2/20]
  Installing: fontconfig-devel             ####################### [ 3/20]
  Installing: libpng-devel                 ####################### [ 4/20]
  Installing: libXau-devel                 ####################### [ 5/20]
  Installing: libart_lgpl-devel            ####################### [ 6/20]
  Installing: libart_lgpl-devel            ####################### [ 7/20]
  Installing: libpng-devel                 ####################### [ 8/20]
  Installing: freetype-devel               ####################### [ 9/20]
  Installing: xorg-x11-proto-devel         ####################### [10/20]
  Installing: libX11-devel                 ####################### [11/20]
  Installing: libXrender-devel             ####################### [12/20]
  Installing: libXft-devel                 ####################### [13/20]
  Installing: cairo-devel                  ####################### [14/20]
  Installing: libXext-devel                ####################### [15/20]
  Installing: pango-devel                  ####################### [16/20]
  Installing: pango-devel                  ####################### [17/20]
  Installing: libXdmcp-devel               ####################### [18/20]
  Installing: mesa-libGL-devel             ####################### [19/20]
  Installing: cairo-devel                  ####################### [20/20] 

Installed: libart_lgpl-devel.x86_64 0:2.3.17-4 libart_lgpl-devel.i386 0:2.3.17-4 pango-devel.i386 0:1.14.9-3.el5 pango-devel.x86_64 0:1.14.9-3.el5
Dependency Installed: cairo-devel.x86_64 0:1.2.4-5.el5 cairo-devel.i386 0:1.2.4-5.el5 fontconfig-devel.i386 0:2.4.1-7.el5 freetype-devel.x86_64 0:2.2.1-20.el5_2 freetype-devel.i386 0:2.2.1-20.el5_2 libX11-devel.i386 0:1.0.3-9.el5 libXau-devel.i386 0:1.0.1-3.1 libXdmcp-devel.i386 0:1.0.1-2.1 libXext-devel.i386 0:1.0.1-2.1 libXft-devel.i386 0:2.1.10-1.1 libXrender-devel.i386 0:0.9.1-3.1 libart_lgpl.i386 0:2.3.17-4 libpng-devel.i386 2:1.2.10-7.1.el5_0.1 libpng-devel.x86_64 2:1.2.10-7.1.el5_0.1 mesa-libGL-devel.i386 0:6.5.1-7.5.el5 xorg-x11-proto-devel.i386 0:7.1-9.fc6
Complete!

Step # 2: Down load lat est rrd tool tar ball

Type the fol low ing com mands:
# cd /opt/ # wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.3.1.tar.gz
Untar tar ball, enter:
# tar -zxvf rrdtool-1.3.1.tar.gz

Step #3: Com pile and install rrdtool

You need to set PKG_CONFIG_PATH, enter:
# export PKG_CONFIG_PATH=/usr/lib/pkgconfig/
Type the fol low ing com mands:
# ./configure
Sam ple output:

config.status: executing default-1 commands
config.status: executing intltool commands
config.status: executing default commands
config.status: executing po/stamp-it commands
checking in... and out again
ordering CD from http://tobi.oetiker.ch/wish .... just kidding  

----------------------------------------------------------------
Config is DONE!

          With MMAP IO: yes
       Static programs: no
          Perl Modules: perl_piped perl_shared
           Perl Binary: /usr/bin/perl
          Perl Version: 5.8.8
          Perl Options: PREFIX=/usr/local/rrdtool-1.3.1 LIB=/usr/local/rrdtool-1.3.1/lib/perl/5.8.8
          Ruby Modules:
           Ruby Binary: no
          Ruby Options: sitedir=$(DESTDIR)NONE/lib/ruby
    Build Tcl Bindings: no
 Build Python Bindings: yes
          Build rrdcgi: yes
       Build librrd MT: yes
     Link with libintl: yes

             Libraries: -lxml2 -lcairo -lcairo -lcairo -lm  -lcairo -lpng12   -lpangocairo-1.0 -lpango-1.0 -lcairo -lgobject-2.0 -lgmodule-2.0 -ldl -lglib-2.0  

Type 'make' to compile the software and use 'make install' to
install everything to: /usr/local/rrdtool-1.3.1.

       ... that wishlist is NO JOKE. If you find RRDtool useful
make me happy. Go to http://tobi.oetiker.ch/wish and
place an order.

                               -- Tobi Oetiker
----------------------------------------------------------------

Now com pile and install RRD Tool on RHEL:
# make # make install # cd /usr/local/ # ln -s rrdtool-1.3.1/ rrdtool/ # cd rrdtool # ls -l

How do I ver ify my installation?

Now RRD tool is installed and ready to use. You can go to /usr/local/rrdtool/share/rrdtool/examples/ direc tory and run them to see if your instal la tion has been suc cess ful or not:
# cd /usr/local/rrdtool/share/rrdtool/examples/ # ./stripes.pl # ls -l # cp stripes.png /var/www/html/
Fire a web browser and see a graph for your self by typ ing the fol low ing url:
http://your-domain.com/stripes.png

(Fig.01: Sam ple RRD Tool Graph)

Optional com pile time settings

By default RRD Tool will get installed at /usr/local/rrdtool-1.3.1/ direc tory. To change default instal la tion direc tory use fol low ing com mand:
# ./configure --prefix=/usr/local/rrdtool # make install
To see all com pile con fig u ra tion option enter:
# ./configure --help

No Comments

Jul

Cacti, How to install

Posted by: admin

Cacti is a com plete fron tend to RRD Tool, it stores all of the nec es sary infor ma tion to cre ate graphs and pop u late them with data in a MySQL data base. The fron tend is com pletely PHP dri ven. Along with being able to main tain Graphs, Data Sources, and Round Robin Archives in a data base, cacti han dles the data gath er ing. There is also SNMP sup port for those used to cre at ing traf fic graphs with MRTG.

Cacti require ment:

MySQL
PHP
RRD Tool
net-snmp
php-snmp
Apache (com piled with php support)

MySQL con fig u ra tion for cacti:

Code:

[root:~]# mysql -uroot -p
Enter password:
mysql> create database cactidb;
mysql> grant all on cactidb.* to root;
mysql> grant all on cactidb.* to root@localhost;
mysql> grant all on cactidb.* to cactiuser;
mysql> grant all on cactidb.* to cactiuser@localhost;
mysql> set password for cactiuser@localhost=password('cactipw');
mysql> flush privileges;
mysql> exit
[root:~]#

RRD Tool Installation:

Code:

[root:~]# cd /usr/local/src/
[root:~]# wget http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/pub/rrdtool.tar.gz
[root:~]# tar -zxf rrdtool.tar.gz
[root:~]# cd rrdtool*
[root:~]# ./configure
[root:~]# make
[root:~]# make install
[root:~]# make site-perl-install
[root:~]# cd ..
[root:~]# rm -fr rrdtool*
[root:~]#

Down load and setup cacti:

Code:

[root:~]# group-add cacti
[root:~]# useradd -g cacti cactiuser

Code:

[root:~]# tar -zxvf cacti*
[root:~]# mv cacti-0.8.xx /home/cactiuser/cacti
[root:~]# cd /home/cactiuser/cacti
[root:~]# mysql --user=root --password=rootpw cactidb < cacti.sql
[root:~]# chown -R cactiuser rra/ log/

Make the proper changes for data base and data base password:

[root:~]# vi /include/config.php

Code:

$database_defaut = “cactidb”;
$database_hostname = “localhost”;
$database_username = “cactiuser”;
$database_password = “cactipw”

Add this cron in /etc/crontab

*/5 * * * * cac tiuser php /home/cactiuser/cacti/poller.php > /dev/null 2>&1

Add an alias or vir tual host in your apache con fig u ra tion file:

Alias /cacti/ “/home/cactiuser/cacti/”

Save and restart the apache and mysql service.

Post Instal la tion Steps:

Browse the below men tioned URL:

http://localhost/cacti

–OR–

http://remoteIP/cacti

No Comments

Jul

Nagios, what is & how to install

Posted by: admin

What is NAGIOS ?

Nagios is a host and ser vice mon i tor designed to inform you of net work prob lems before your clients, end-users or man agers do. It has been designed to run under the Linux oper at ing sys tem, but works fine under most *NIX vari ants as well

Sys tem Requirements

Make sure you’ve installed the fol low ing pack ages on your Fedora instal la tion before continuing.

Apache
GCC com piler
GD devel op ment libraries

You can use yum to install these pack ages by run ning the fol low ing com mands (as root):

yum install httpd
yum install gcc             
yum install glibc glibc-common
yum install gd gd-devel

Instal la tion :

Cre ate Account Infor ma tion
1. Become the root user.

su -l

2.Create a new nagios user account and give it a password.

/usr/sbin/useradd -m nagios
passwd nagios

3. To pre vent nagios user name to access the ssh you can set the spe cific user access on the /etc/passwd ‚example:

vi /etc/passwd
nagios:x:7798:7798::/home/nagios:/bin/bash --> /bin/bash was the default command to access ssh you can changes it into /dev/null
nagios:x:7798:7798::/home/nagios:/dev/null

To know more about the /etc/passwd for mat like above you can refer to http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/

4. Cre ate a new nagcmd group for allow ing exter nal com mands to be sub mit ted through the web inter face. Add both the nagios user and the apache user to the group.

/usr/sbin/groupadd nagcmd
/usr/sbin/usermod -G nagcmd nagios
/usr/sbin/usermod -G nagcmd apache

Down load Nagios and the Plugins

1.Create a direc tory for stor ing the downloads.

mkdir ~/downloads
cd ~/downloads

2. Down load the source code tar balls of both Nagios and the Nagios plu g ins (visit http://www.nagios.org/download/ for links to the lat est ver sions). At the time of writ ing, the lat est ver sions of Nagios and the Nagios plu g ins were 3.0.3 and 1.4.11, respectively.

wget http://osdn.dl.sourceforge.net/sourceforge/nagios/nagios-3.0.3.tar.gz
wget http://osdn.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4...

Com pile and Install Nagios

1. Extract the Nagios source code tarball.

cd ~/downloads  tar xzf nagios-3.0.3.tar.gz
cd nagios-3.0.3

2. Run the Nagios con fig ure script, pass ing the name of the group you cre ated ear lier like so:

./configure --with-command-group=nagcmd

3. Com pile the Nagios source code.

make all

4. Install bina ries, init script, sam ple con fig files and set per mis sions on the exter nal com mand directory.

make install
make install-init
make install-config
make install-commandmode

Cus tomize Configuration

1.Sample con fig u ra tion files have now been installed in the /usr/local/nagios/etc direc tory. These sam ple files should work fine for get ting started with Nagios. You’ll need to make just one change before you proceed…

2.Edit the /usr/local/nagios/etc/objects/contacts.cfg con fig file with your favorite edi tor and change the email address asso ci ated with the nagiosad min con tact def i n i tion to the address you’d like to use for receiv ing alerts.

vi /usr/local/nagios/etc/objects/contacts.cfg
define contact{
contact_name nagiosadmin ; Short name of user
use generic-contact ; Inherit default values from generic-contact template (defined above)
alias Nagios Admin ; Full name of user

email postmaster@test.com ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******

Con fig ure the Web Interface

1. Install the Nagios web con fig file in the Apache conf.d directory.

make install-webconf

2. Cre ate a nagiosad min account for log ging into the Nagios web inter face. Remem ber the pass word you assign to this account — you’ll need it later.

htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

3. Restart Apache to make the new set tings take effect.

service httpd restart

Com pile and Install the Nagios Plugins

1. Extract the Nagios plu g ins source code tarball.

cd ~/downloads  tar xzf nagios-plugins-1.4.11.tar.gz  cd nagios-plugins-1.4.11

2. Com pile and install the plugins.

./configure --with-nagios-user=nagios --with-nagios-group=nagios  make  make install

Start Nagios

1. Add Nagios to the list of sys tem ser vices and have it auto mat i cally start when the sys tem boots.

chkconfig --add nagios  chkconfig nagios on

2. Ver ify the sam ple Nagios con fig u ra tion files.

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

3. If there are no errors, start Nagios.

service nagios start

4. You should now be able to access the Nagios web inter face at the URL below. You’ll be prompted for the user name (nagiosad min) and pass word you spec i fied earlier.

http://localhost/nagios/

5. Click on the “Ser vice Detail” navbar link to see details of what’s being mon i tored on your local machine. It will take a few min utes for Nagios to check all the ser vices asso ci ated with your machine, as the checks are spread out over time.

How to add another server ip address to the ser vice list

1. Go to /usr/local/nagios/etc/objects/localhost.cfg

vi /usr/local/nagios/etc/objects/localhost.cfg

2. On HOST DEFINITION area add this

# Define a host for the local machine

define host{
use linux-server
host_name 219.99.229.221
alias 219.99.229.221
address 219.99.229.221
}

3. And do not for get to add the ip address to the HOST GROUP DEFINITION area

# Define an optional hostgroup for Linux machines

define hostgroup{
hostgroup_name linux-servers ; The name of the hostgroup
alias Linux Servers ; Long name of the group
members localhost; Comma separated list of hosts that belong to this group
}
define hostgroup{
hostgroup_name linux-servers-monitoring ; The name of the hostgroup
alias Linux Servers Monitoring ; Long name of the group members 219.99.229.221; Comma separated list of hosts that belong to this group
}

4. And if you wanted to add the Ping and Http ser vice go to SERVICE DEFINITIONS area and please add this

# Define a service to "ping" the local machine

define service{
use local-service ; Name of service template to use
host_name localhost
service_description PING
check_command check_ping!100.0,20%!500.0,60%
}

define service{
use local-service ; Name of service template to use
host_name 219.99.229.221
service_description PING
check_command check_ping!100.0,20%!500.0,60%
}
# Define a service to check HTTP on the local machine.
# Disable notifications for this service by default, as not all users may have HTTP enabled.

define service{
use local-service ; Name of service template to use
host_name localhost
service_description HTTP
check_command check_http

notifications_enabled 0
}
define service{
use local-service ; Name of service template to use
host_name 219.99.229.221
service_description HTTP
check_command check_http
notifications_enabled 1 #-----> 1 to enable it 0 to disable it
}

5. then save the files then reload the nagios service

service nagios reload

Check error detail

1 To checked the detail error on what line you can use this com mand, it will show you the direct error line

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

How to add another mailto nagios Contacts

1. You can set the email on /usr/local/nagios/etc/objects/contacts.cfg go to con tact Area

vi /usr/local/nagios/etc/objects/contacts.cfg
define contact{
       contact_name                    nagiosadmin             ; Short name of user
       use                             generic-contact         ; Inherit default values from generic-contact template (defined above)
       alias                           Nagios Admin            ; Full name of user

       email                           postmaster@test.org    ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
}

define contact{
       contact_name                    test             ; Short name of user
       use                             generic-contact         ; Inherit default values from generic-contact template (defined above)
      alias                            test           ; Full name of user

      email                            test@test.org   ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
}

2. And do not for get to add the new con tact name to the con tact groups area

define contactgroup{
     contactgroup_name       admins
     alias                   Nagios Administrators
     members                 nagiosadmin,test
     }

3. Reload the nagios

service nagios reload

4. And you can see the new con tact on your nagios web , http://localhost/nagios -> scroll down and go to View Con fig -> Object Type: -> pick con tacts -> click continue

Save Share Settings and Permissions

dinosg — Fri, 09 Jul 2010 02:05:59 +0000

If you need to complete any of the following procedures, you can save the share names that exist on the original Windows installation, including any permissions assigned to those shares:

Reinstall Windows over an existing installation (a clean install, not an upgrade).
Move all of your data drives from one server to another.
Install Windows to another folder or drive on a computer that already has Windows installed.

To save only the existing share names and their permissions on Windows NT4.0/W2K/XP/2003 follow these steps.

Method #1

On the existing Windows installation that contains the share names and permissions that you want to save, start Registry Editor (Regedt32.exe or Regedit.exe).
Go to the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares

Click Save Key on the Registry menu.
Type a new file name (a file extension is not necessary), and then save the file to a floppy disk.
Reinstall Windows (if you have to, don’t do it just because I said so…).
Run Registry Editor (Regedt32.exe or Regedit.exe).
Go to the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares

Click Restore on the Registry menu.
Type the path and file name of the file that you saved in steps 3 and 4.

Caution: This step overrides the shares that already exist on the Windows computer with the share names and permissions that exist in the file you are restoring. You are warned about this before you restore the key.

Note: You can also do the trick by double-clicking the registry file you’ve created in step 3, if you’ve used Regedit and if the file extension is .REG.

Restart the server.

Note: After you complete this procedure, if you decide that you should not have restored the Shares key, restart the computer and press the SPACEBAR to use the last known good configuration. After you restore the shares key, the shares can be used by network clients. If you run the net shares command on the server, the server displays the shares; however, File Manager does not display the shares. To make File Manager aware of the newly restored shares, create any new share on the server. File Manager displays all of the other shares after you restart the server or stop and restart the Server service.

Only permissions for domain users are restored. If a local user was created in the previous Windows NT installation, that local user’s unique security identifier (SID) is lost. NTFS permissions on folders and files are not affected when you save and restore the shares key.

Method #2

Use the NET SHARE program to create the new share structure, then use the PERMCOPY program found in the Windows 2000 Resource Kit to copy share permissions. The syntax is quite easy:

PERMCOPY //SourceServer ShareName //DestinationServer ShareName

Links

Saving and Restoring Existing Windows Shares – 125996

(from Petri)

Disable Hidden Admin Share

dinosg — Mon, 21 Jun 2010 06:43:24 +0000

The system automatically creates hidden “administrative shares” for its logical drives C:, D:, and so forth which it names C$, D$ and so forth. It also creates the admin$ hidden share for to the \winnt folder. These shares are designed for remote access support by domain administrators. By default, if you delete these admin shares, they will be recreated when you reboot. To disable permanently so they will not be recreated on the next reboot, use the following Windows NT / Windows 2000 / Windows XP registry hack:

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Name: AutoShareServer for servers
Name: AutoShareWks for workstations
Type: REG_DWORD
Value: 0

For background: Q156365. For details on disabling in Windows XP, see Q314984. In Windows 2000 and Windows XP, you disable the shares via

Start
Settings
Control Panel
Systems Tools panel
Shared Folders
Double-click the Shared Folders branch to expand it
Click Shares
In the Shared Folder column, right-click the share you want to disable
Click Stop sharing
Cick OK.

NOTE: If you disable an administrative share that you have created, it will not be automatically enabled after you restart your computer, and you will need to recreate the share.

Perhaps the best approach to protect hard drive resources on workstations is to disable the server service if you can. There are a few workstation applications that need server service running, in particular, some SNA emulation packages.

(from windowsnetworking)

Hello world!

dinosg — Sat, 11 Jul 2009 08:52:54 +0000

Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!