Generate SSH Keys…

Recently I needed to do password less login for services to be automated. I could make scripts run in cron jobs, which could run in the middle of the night.

Any good operating systems, like a Linux, Mac OSX, freeBSD etc will have ssh built in.

To generate the ssh key file is a simple process. Then you just need to copy the generated file to the destination machine.

Step One:
Generate the SSH keyfile

When you generate the key, it will ask you to type a password for the ssh key. Most people like I do not type a password/paraphrase due to you need to add this later into a script.

I change the encryption bit from the default 2048 to 4096. You can add more encryption but remember the more you add, sometimes it takes longer to log in as the host machine needs to process the keyfiles.

Once this is done you need to copy the file to the remote/destination machine.

Step Two
Copy the newly created keygen file to the remote/destination machine.

Once your public ssh key has been copied across, you now can use passwordless logins across your machines. Enjoy…

Convert Iso to VirtualBox Vdi

A issue recently is I have been playing with some new distributions as I have been doing more development using linux as my desktop operation system.

Before I would commit to using a new distribution os my main laptop operating system. I have been trailing them as virtual systems on VirtualBox.

Some of the distributions only come on live iso images, with no installation application. So my solution was to convert the live iso image into a VirtualBox vdi. The process is only one command to convert the iso to a vdi file.

Step One:
Locate the live iso image for conversion to a vdi file..

Once this is complete you want to add this to your VirtualBox machine. When you create your virtual machine, instead of creating your new your new vdi file, load the newly created vdi file.

Enjoy…

Reset Network Drivers to eth0…

Recently I came across a issue, where a added a dual network card to my ubuntu server and instead of taking over the eth0 and continuing down the line in sequence. Ubuntu decided to just continue the sequence of eth1 and eth2. So it got me wondering why does it not take over the eth0, since the old network card is not there. It seems the culprit is the udev rules and the network cache which remembers the mac address of the previous card and leaves that eth0. So no other ethernet card can be eth0, till you delete the network cache and udev regenerates the device with the new network card. To resolve this issue you just need to delete the fie below and reboot.

# rm -f /etc/udev/rules.d/70-persistent-net.rules

Install Nagios in 600 seconds…

Recently I installed Nagios from the Ubuntu 10.04 repositories and found that the repository version is a version behind the current behind. I decided to install Nagios from source code directly. It is a simple process, below is how it is installed. Note there are two parts to Nagios, the core application and the plugins.

Nagios Core:

We need to install dependancies before we install nagios.

# apt-add install build-essential php5-gd wget libgd2-xpm libgd2-xpm-dev

We now need to create the nagios user on the system, for the nagios software to run under.

# adduser –system –no-create-home –disabled-login –group nagios

# groupadd nagcmd

# usermod -G nagcmd nagios usermod -a -G nagcmd www-data

Now that we have create the nagios user for the system, we need to download the nagios software.

# cd /usr/src

# wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.3.1.tar.gz

# wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.15.tar.gz

Now we build the Nagios software

# tar -xzvf /opt/nagios-3.3.1.tar.gz cd /opt/nagios-3.2.3 ./configure –with-command-group=nagcmd

# cd nagios-3.3.1

# ./configure –with-command-group=nagcmd

We now compile the software and install it, upon the system.

# make all

# make install

# make install-init

# make install-config

# make install-commandmode

Configure the Nagios core.

# vi /usr/local/nagios/etc/objects/contacts.cfg

You need to edit the alias and email lines.

# cd /usr/src/nagios-3.3.1

We need to install the web based frontend software.

# make install-webconf

We need to create the login name of the user from the apache frontend. You wil also need to enter a password for the nagiosadmin user.

# htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

We need to reload the apache2 configuration.

# /etc/init.d/apache2 reload

Nagios Plugin:
We now need to build the plugins from source. Below are the steps below.

# cd /usr/src

# tar xzf nagios-plugins-1.4.15.tar.gz

# cd nagios-plugins-1.4.15.tar.gz

# ./configure –with-nagios-user=nagios –with-nagios-group=nagios

# make

# make install

Now we get Nagios running. We need to get the permissions corrected so the startup files work.

# chmod +x /etc/init.d/nagios

# /usr/sbin/update-rc.d -f nagios defaults

We need to check that our nagios configuration is good, or Nagios will not start. The configuration check will show us if there are any errors in the configuration file.

# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

If no errors are shown, you are able to start Nagios now.

# /etc/init.d/nagios start

You will be able to access Nagios from a web browser. The address will be http://localhost/nagios or http://<ip address of the server>/nagios Remember when you created the Nagios admin user above, you need to remember

Mail Alerts

If you want Nagios to email you on alerts, when things go wrong. You need to install

#apt-get install mailutils sendmail

Select your mail server as a internet site. Note that you can modify the nagios /usr/local/nagios/etc/objects/commands.cfg file or easier process is to link /usr/bin/mail to /bin/mail. You do not need to restart nagios if you just done the soft link of the mail files.

Setup a PPTP server:

Recently I have been wanting to connect to my home network, from anywhere in the world. I want to connect back home via the device I have in my hands on me at the time. This could be my osx, windows 7, linux laptop, ipad, iphone or android device. I was originally thinking of setting up openvpn, as this was the easiest to setup, but decided against as there is clients for windows, android, linux, osx but not for ios devices. So I had to look for another virtual private network software. I was looking of setting up a ipsec/l2tp server, but decided at the moment against this, as it will take some time to setup and debug. This left me with pptp. This protocol is common to all devices and needed no extra client installed for it to run.

The following steps below will show you howto setup a pptp server.

Ubuntu 10.04

# apt-get install ppp pptpd pptp-linux

Enable port 22 in your firewall to pass throu for emergency purposes to ssh back into the machine. Here is the command to allow ssh through. You need to edit your permanent firewalls for this work on reboot.

# /sbin/iptables -A INPUT –protocol tcp –dport 22 -j ACCEPT

Enable port 1723 in your firewall to pass throu for pptp protocol to work on your system.

# /sbin/iptables -A INPUT –protocol tcp –dport 1723 -j ACCEPT
/sbin/iptables -A INPUT –protocol udp –dport 1723 -j ACCEPT

now we modify the /etc/pptpd.conf file. Look for the lines below in your file and modify them. These lines represent the ip address the vpn connections can have upon your local network.

localip 192.168.0.1 remoteip 192.168.0.241-255

The localip is the ip if the internal nic behind the wan port. This ip address is the ip of the pptp server. The remoteip is the ip’s allocated by the pptp process when you make a connection. I have allocated 15 ip’s. This allows me to have 15 devices connected to the server. I probably only need two ips allocated.

Now we modify /etc/ppp/pptpd.options edit the ms-dns entries to reflect the domain nameserver your network uses. A example is below. ms-dns 8.8.8.8 ms-dns 8.8.4.4

ms-dns 8.8.8.8
ms-dns 8.8.4.4

Also modify your file /etc/sysctl.conf

net.ipv4.ip_forward=1

No we need to restart the system controls. The other option than below is restarting the machine.

# sysctl -p

You now need to add users to the system, so we can make a login into the pptp server. You modify the /etc/ppp/chap-secrets file.

username <TAB> * <TAB> user-password <TAB> *

You now need to restart the pptpd daemon for all the changes to be implemented.

# /etc/init.d/pptpd restart

Create a VirtualBox Headless Machine…

More and more I have been running Virtualbox virtual servers upon my main Ubuntu 10.04 server. I used to create the virtual server upon my Macbook Pro 13″, then export the image, and reimport the image upon the linux headless server. Recently I found it was much easier to create the VirtualBox server upon a headless linux server. Certainly creating the virtual server upon a guy based tool is a lot easier, but it does not save time when you need to export and import the image across to the linux server.

The following steps below will show you howto setup a VirtualBox virtual headless server.

Ubuntu 10.04.03

We now create and register the virtual server with the command VBoxManage.

# VBoxManage createvm -name “server” –ostype Ubuntu_64 –register

We allocated the amount of memory the virtual server will have, the sequence of boot, e.g. dvd first, and which either net adapter does the virtual machine attach itself too. The memory we have allocated is 1024mb and the ethernet it uses is eth4.

# VBoxManage modifyvm “server” –memory 1024 –acpi on –boot1 dvd –nic1 bridged –bridge adapter1 eth4

We now create the hard disk or virtual disk for the virtual server. We allocated 100gb of hard disk space, and store the virtual hard disk file in /home/vbox

# VBoxManage createvdi –filename “/home/vbox/server.vdi” –size 100000

We state that the virtual server uses a ide controller. We can use ahci also, but ide is safe to use.

# VBoxManage storagectl “server” –name “IDE Controller” –add ide

We state that the virtual server uses the ide controller and attach the vital server hard disk to the ide controller.

# VBoxManage storageattach “server” –storagectl “IDE Controller” –port 0 –device 0 –type hdd –medium “/home/vbox/server.vdi”

We need also attach the dvd driver to the ide storage controller. Also we attach the iso image to the dvd drive, so that when we boot the virtual server for the first time, it boots the  virtual dvd driver and uses the iso image.

# VBoxManage storageattach “server” –storagectl “IDE Controller” –port 1 –device 0 –type dvddrive –medium “/home/vbox/ubuntu-10.04.3-server-amd64.iso”

We now allow remote desktop software to connect to the virtual server.

# VBoxManage modifyvm “server” –vrde on”

We now set the port, we can connect to the virtual server on with the remote desktop software. We can connect to the virtual server on port 3392. You can use Microsoft Remote Desktop Connection to connect.

# VBoxManage modifyvm “server” –vrdeport 3392

Once this is all done we can now startup the headless virtual server.

# VBoxHeadless –startvm “server” &

You can shutdown the virtual server with the following command.

# VBoxManage controlvm “server” poweroff

You can pause and restart the virtual server, but within the means of this document, I will not explain them, as they are commands not really needed.

Fujitsu P1620 a new hope…

I have had for a while a Fujitsu P1620 small form factor convertable. I have had for a while Windows Seven working upon the machine, but with only two gigabytes of ram, performance was limited at best. I have decided to install ubuntu 11.04, 64 bit desktop, and remove the gnome desktop for the xfce desktop. The other issue is the very slow 4200rpm 100gb hard disk. The installation was about sixty minutes to install. Half of the installation was downloading packages from the ubuntu repository. I used a external usb dvd rom drive to install ubuntu 11.04, 64 bit desktop. I will further along the way try to document the configuration of software and hardware as in the touchscreen which seems a tricky issue.

No-IP for those with no static IP…

So people do not have a permanent ip and it makes supporting those users/clients. As you need to keep track of there ip when you need to log into there system/server. A handy way to do this is to use a third party service that tracks your clients non static ip to a dynamic name service. On of these services is no-ip.org This service requires you to install software upon your clients server/machine. Every 30 minutes the software talks to the no-ip.org domain name service and inserts the ip of the clients wan into the no-ip.org name server. So instead of remembering the clients ip address you can remember there name and attach the no-ip.org address. There are many other domains no-ip.org allows you to choose from but this is the domain I have choosen. e.g. client.no-ip.org. better than remembering a ip address. To install no-ip, there following steps are required on you clients server/machine.

Generic:

You must create a on no-ip.org for you to be able to add hostnames. Once this is done you will need to log into your account and be able to add hosts which are the machines that have the dynamic ip. Note, do not create the hosts into groups or one machine will change all the machines ip to the same ip as the machine that does the update. Leave them ungrouped. Below is a image of the buttons that need to be ticked.

CentOS:

Download the no-ip.org unix client.

# wget https://www.no-ip.com/client/linux/noip-duc-linux.tar.gz

# tar xvfz www.no-ip.com/client/linux/noip-duc-linux.tar.gz

You can compile the source code yourself, but for the purposes of the excercise

# cd noip-2.1.9-1/binaries

# noip2.i686 /usr/local/bin/noip2

# chown root:root /usr/local/bin/noip2

# chmod 755 /usr/local/bin/noip2

Now we run noip for the first time to configure for connection to the no-ip service.

# /usr/local/bin/noip2 -C

# cd ..

We now create the startup script so no-ip starts up when the machine starts up.

# cp redhat.noip.sh /etc/rc.d/init.d/noip2

# chmod 755 /etc/rc.d/init.d/noip2

# cd /etc/rc.d/rc5.d

# ln -s /etc/rc.d/init.d/noip2 S99noip2

# cd ../rc6.d

# ln -s /etc/rc.d/init.d/noip2 K99noip2

We can now start the no-ip service

# /etc/rc.d/init.d/noip2 stop

# /etc/rc.d/init.d/noip2 start

Install Virtualbox Headless Server for Guests Operating Systems.

To install Virtualbox which is a free virtual machine software, that allows you to run machines/containers upon a physical server. Virtualbox is free open source technology. It is available for all platforms e.g. Mac OSX, Centos, Windows etc. Virtualbox is very easy to setup upon linux variants as there is software packages already available that you can install in one easy command. Below I will show you howto install Virtualbox and create a container. Virtualbox has a very active community, where help can be found very easily.

This installation will show you how to install via headless solution where no gui isused.

CENTOS:

To install Virtualbox upon Centos is a very easy procedure. The following steps will tell how to install Virtualbox upon centos.

# cd /etc/yum.repos.d

# wget http://download.virtualbox.org/virtualbox/rpm/rhel/virtualbox.repo

# yum –enablerepo rpmforge install dkms

Below we will now install the kernel drivers for Virtualbox.

# yum groupinstall “Development Tools”

# yum install kernel-devel

Now we will install the Virtualbox package itself.

# yum install VirtualBox-4.1

The last item we need to do is add the user who will run the Virtualbox application to the Virtualbox group.

# usermod -G vboxusers username

Ubuntu:

To install Virtualbox upon Ubuntu is a very easy procedure. The following steps will tell how to install Virtualbox upon centos.

# cd /etc/apt

# vi sources.list

Add the following line below to the sources.list file so we can talk to the Virtualbox repository.

deb http://download.virtualbox.org/virtualbox/debian lucid contrib non-free

Now we will install the Virtualbox package itself.

# wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add –

The last item we need to do is add the user who will run the Virtualbox application to the Virtualbox group.

# sudo apt-get update

# sudo apt-get install virtualbox-4.1

Below I use the root user, you can use any user you believe you want to run

# usermod -a vboxusers

Next we will now post howto setup/create a virtual machine in our next post.

Network Time Protocol:

Keeping track of time on your server can become a bit daunting, when you start having multiple number of servers. A solution is called ntp (network time protocol). The machine ever so often, loses time, by going out up to a few hours. Defined period checks with a main time server, and adjusts your machines time if it is out from the main timeserver.

CentOS:

The following commands below will install and configure ntp under CentOS.

# yum install ntp
# chkconfig ntpd on
# ntpdate pool.ntp.org
# /etc/rc.d/init.d/ntpd restart

The results will be shown as below.

Shutting down ntpd:    [ OK ]
Starting ntpd:              [ OK ]

Ubuntu:

The following commands below will install and configure ntp under Ubuntu.

# apt-get install ntp

# /etc/init.d/ntp restart

Configuring the ntp.conf files will not be needed as they are automatically configured during installation.

Generic

Another way around this issue is to manually have the ntpdate application run directly via the cron to update the time. This issue is caused on virtual machines where the virtual software forces the virtual machine to sync with the host machine. Below is a work around. Just enter this into cron. The ip of the time server is au.pool.ntp.org

# crontab -e

*/5 * * * * /sbin/ntpdate -u 149.20.68.17