Category Archives: Other

esxi snmp v3

I want to monitor our esxi hipervisors through SNMP but also I want to be encrypted 🙂 after all this information floating over the Internet so it is good to be at least encrypted somehow. That’s why we going to use SNMP v3 Enabling SSH on ESXi

  • Connect with the vSphere client to your node
  • Go to the configuration tab, then select Security Profile
  • Select Properties with Services, then select SSH Server
  • Click Options and select Start and Stop with host
  • Click the Start button once to start the service for now

Opening the firewall to allow SSH connections

  • Connect with the vSphere client to your node
  • Go to the configuration tab, then select Security Profile
  • Select Properties with Firewall, then select SSH Server
  • Click SSH Server, select Firewall and allow an IP-range

and now the magic… for  engin ID we need to use hexadecimal value.

esxcli system snmp set --engineid 766d77617265
esxcli system snmp set --authentication SHA1
esxcli system snmp set --privacy AES128
esxcli system snmp hash -r -A secret1234 -X secret5678
esxcli system snmp set --users root/AuthHash/PrivHash/priv
esxcli system snmp set --enable true

And that’s all, you can test is it working with snmpwalk

snmpwalk -v3 -u root -l AuthPriv -a SHA -A Auth -x AES -X Priv %HOST%

Ohh.. snap, I forgot to do one last thing 🙂
esxcli network firewall ruleset set --ruleset-id snmp --allowed-all false
esxcli network firewall ruleset allowedip add --ruleset-id snmp --ip-address %IP%
esxcli network firewall ruleset set --ruleset-id snmp --enabled true

 

rsync freenas

It’s important when you do rsync server in FreeNAS to put auxiliary parameters

incoming chmod = ug=rwx,o=

Otherwise it’s not going to work. You will have permissions to the folder can create but you cant backup anything.

Replacing Windows shell with rdp

If you want to make sort of Windows thin client or something and you want after turning PC on to go straight to the Terminal Server, you can follow those instructions .. Working priceless

1. Create folder .. somewhere .. in this examples my paths are set it up to “C:rdp”
2. In “C:rdp” create file “hidden.vbs” and past in it

CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False

3. Create second file rdp.bat in same folder.
echo OFF
CLS
:start
start /wait c:windowssystem32mstsc.exe c:rdprdp.rdp
goto start

4. Open your RDP and type the terminal server, set your desireble options as a sound redirection etc. and click “Save as”, and save it in same folder as a rdp.rdp

5. Alt + R, type regedit and go to HKLM – Software – Microsoft – WindowsNT – CurrentVersion – Winlogon and edit Shell variable. It shuld be setted up to explorer.exe, you need to change this to:

wscript.exe c:rdphidden.vbs c:rdprdp.bat

Now you have one way ticket to the blue.

Asterisk watch active calls && Fix database

watch -n 1 "asterisk -vvvvvrx 'core show channels' | grep call"

WARNING[25801] res_config_mysql.c: Realtime table general@queue_log: column ‘time’ cannot be type ‘int(10) unsigned’ (need char)

Sample queue_log table for MySQL:

Drop table in qstat & asterisk database – table queue_log, and add it again. Then edit extconfig.conf

CREATE TABLE `queue_log` (
`id` varchar(40) NOT NULL default auto_increment,
`time` char(10) unsigned default NULL,
`callid` varchar(32) NOT NULL default '',
`queuename` varchar(32) NOT NULL default '',
`agent` varchar(32) NOT NULL default '',
`event` varchar(32) NOT NULL default '',
`data` varchar(255) NOT NULL default '',
PRIMARY KEY (`id`)
);

Malicous and Suspicious Files – Finding and removing eval(base64_decode)

I found this very very useful tutorial … I found it on the hard way, when everything is messed up! 🙂

Original Article Written by Rahul Bansai – http://devilsworkshop.org/tutorial/remove-evalbase64decode-malicious-code-grep-sed-commands-files-linux-server/55587/

Command to list all infected files:

grep -lr --include=*.php "eval(base64_decode" /path/to/webroot

This is not necessary but its better to check some files manually to confirm if they have malicious code we are looking for. Also we can use this command after running cleanup command to crosscheck if cleanup is really successful.
Command to remove malicious code:

If above command gives you correct output, execute following command to perform actual cleaning:

grep -lr --include=*.php "eval(base64_decode" /path/to/webroot | xargs sed -i.bak 's/

Executing above will remove eval(*) codes. Above command will also generate a backup version of files it will modify. For example, if it removes code from index.php, you will find a new file index.php.bak in same directory with original content of index.php

Now after running above command, you still find some more infected files, then you need to adjust search and replace parameters in for “sed” part. You may also use following command for a “liberal” cleaning at the risk of breaking something. (in case you really break something, like I did, you can jump to “Troubleshooting” section below!)

grep -lr --include=*.php "eval(base64_decode" /path/to/webroot | xargs sed -i.bak '/eval(base64_decode*/d'
Trying to avoid re-appearance of this code injection

Its really though to cover every possible way to protect yourself from such attach in this post.

If you remember, WordPress community faced this kind of issue because of WP-PhpMyAdmin plugin sometime back. In our case, we found some old WordPress demo sites were having that plugin installed.

To remove WP-PhpMyAdmin plugin form all WordPress sites on your server, execute following command:

find /path/to/webroot -name "wp-phpmyadmin" -type d | xargs rm -rf

Above is all we did to get rid of eval(base64_decode(*)) codes from all files on our test server. If this happens again on our server, I will update this post with added info.
Troubleshooting:

Just in case you end up in a mess, below are some useful commands.

Missing find /var/www/ -name "index.php" | grep "/htdocs/index.php" | xargs grep -L "

Don’t worry. If you already have a “find . -name '*.php' -exec sed -i -e :a -e '/^n*$/{$d;N;ba' -e '}' '{}' ;

Elastix 2.5 + heartbeat + drbd

As some of you knows I’ve got so much luck that even in my ne job they want new Telefon system 🙂 But massive one with failover and -20 sec downtime.

So what we’ve got:
Elastix 2.5 stable
Heartbeat for failover
Drbd – Network mirror raid, on which are all Elastix and asterig confs etc.

Our goals:
Stability, Reliability, High-availability

Let`s fucking do this shit!

I test it with 2 virtual elastix servers with attached 8 gig hdd on both, whitch I used for networ mirroring.
I followed THE TUTORIAL, the one tutorial for elastix HA+drbd.

/dev/sda1 - /
/dev/sda2 - swap
/dev/sdb1 - /replica

!!!Remember, these partition MUST be identical on both PCs, especially /dev/sdb1, where our Elasterix live.
(By identical i meant compleatly identical start block and finish block must be same on both)

1. When everything is installed, we need to create FS for /dev/sdb

[root@voipSERVER.drbd /]# fdisk /dev/sdb
p
n
----
t - 83
w

2. Format :

[root@voipSERVER.drbd /]# mke2fs -j /dev/sdb1

3. Just in case, we gonna formated with zeros:

[root@voipSERVER.drbd /]# dd if=/dev/zero bs=1M count=500 of=/dev/sdb1; sync

4. Installing drbd and heartbeat:

yum install heartbeat drbd83 kmod-drbd83

Note: If by any chance you experience problems with drbd83, use drbd82 version (64 bit
versions).

5. Now we need to edit /etc/hosts to be sure that the IP name resolution will be ok

192.168.0.242 voipserver.drbd
192.168.0.243 voipbackup.drbd

6. Edit /etc/drbd.conf on the Primary one:

global { usage-count no; }
resource r0 {
protocol C;
startup { wfc-timeout 10; degr-wfc-timeout 30; }
disk { on-io-error detach; }
net {
after-sb-0pri discard-least-changes;
after-sb-1pri discard-secondary;
after-sb-2pri call-pri-lost-after-sb;
cram-hmac-alg "sha1";
shared-secret "SECRET PASSWD";
}
syncer { rate 5M; }
on voipserver.drbd {
device /dev/drbd0;
disk /dev/sdb1;
address 192.168.0.242:7788;
meta-disk internal;
}
on voipbackup.drbd {
device /dev/drbd0;
disk /dev/sdb1;
address 192.168.0.243:7788;
meta-disk internal;
}
}

Note:
The following lines are used to help the servers resolve split brain recovery. Split brain is when two servers are in primary mode and need to know how to resolve who should assume primary/secondary role (discarding or accepting changes made in primaries).
Reference:

  • http://www.drbd.org/users-guide/s-configure-split-brain-behavior.html
  • 7. Replicate this config file to the second server

    [root@voipSERVER.drbd /]# scp /etc/drbd.conf root@voipbackup.drbd:/etc/

    8. Initialize the meta-data area on disk before starting drbd (! on both server!)

    drbdadm create-md r0

    * Start drbd on both nodes (service drbd start)

    service drbd start

    * Verify that both server are secondary

    cat /proc/drbd

    9. As you can see, both nodes are secondary, which is normal. we need to decide
    which node will act as a primary now (voipserver.drbd) : that will initiate the first ‘full
    sync’ between the two nodes:

    drbdadm -- --overwrite-data-of-peer primary r0

    10. Launch the command and wait until it’s finish synchronizing

    watch -n 1 cat /proc/drbd

    11. We can now format /dev/drbd0 and mount it on voipserver.drbd:

    [root@voipSERVER.drbd /]# mkfs.ext3 /dev/drbd0
    [root@voipSERVER.drbd /]# mkdir /replica

    [root@voipSERVER.drbd /]# mount /dev/drbd0 /replica

    12. We can determine the role of a server by executing the following;
    drbdadm role r0
    The primary server should return;

    Primary/Secondary

    13. Now we will copy all of the directories we want synchronized between the two
    servers to our new partition, remove the original directories and then create
    symbolic links to replace them on voipserver.drbd.
    Note: If you use 64bit version of Elastix this line: tar -zcvf usr-lib-asterisk.tgz /usr/lib/asterisk/ should looks like tar -zcvf usr-lib-asterisk.tgz /usr/lib64/asterisk/

    cd /replica

    amportal chown

    tar -zcvf etc-asterisk.tgz /etc/asterisk
    tar -zxvf etc-asterisk.tgz
    tar -zcvf var-lib-asterisk.tgz /var/lib/asterisk
    tar -zxvf var-lib-asterisk.tgz
    tar -zcvf usr-lib-asterisk.tgz /usr/lib/asterisk/
    tar -zxvf usr-lib-asterisk.tgz
    tar -zcvf var-spool-asterisk.tgz /var/spool/asterisk/
    tar -zxvf var-spool-asterisk.tgz
    tar -zcvf var-lib-mysql.tgz /var/lib/mysql/
    tar -zxvf var-lib-mysql.tgz
    tar -zcvf var-log-asterisk.tgz /var/log/asterisk/
    tar -zxvf var-log-asterisk.tgz
    tar -zcvf var-www.tgz /var/www/
    tar -zxvf var-www.tgz
    rm -rf /etc/asterisk
    rm -rf /var/lib/asterisk
    rm -rf /usr/lib/asterisk/
    rm -rf /var/spool/asterisk
    rm -rf /var/www

    rm -rf /var/lib/mysql/
    rm -rf /var/log/asterisk/
    ln -s /replica/etc/asterisk/ /etc/asterisk
    ln -s /replica/var/lib/asterisk/ /var/lib/asterisk
    ln -s /replica/usr/lib/asterisk/ /usr/lib/asterisk
    ln -s /replica/var/spool/asterisk/ /var/spool/asterisk
    ln -s /replica/var/lib/mysql/ /var/lib/mysql
    ln -s /replica/var/log/asterisk/ /var/log/asterisk
    ln -s /replica/var/www /var/www
    cd /

    Stop mysqld, asterisk and httpd services on voipserver.drbd

    service mysqld restart
    service mysqld stop
    service asterisk stop
    service httpd stop
    service elastix-updaterd stop
    service elastix-portknock stop

    14. Verify services are down and proceed to switch manually to the second server:

    [root@voipSERVER.drbd /]# umount /replica ; drbdadm secondary r0

    15. Now switch to the VOIPBACKUP server

    [root@voipBACKUP.drbd /]# mkdir /replica ; drbdadm primary r0 ; mount /dev/drbd0 /replica
    [root@voipBACKUP.drbd /]# ls /replica/

    Note: This is used to check if you are replicating information on both servers. You should
    see all data replicated in the secondary server just like data in the primary.
    * DO NOT perform this action with the physical terminal logged in. Use SSH. Otherwise, it will fail to
    unmount the /replica folder for some reason! Also make sure you are not IN the replica folder. Type “cd /” .

    16. Verify voipserver.drbd status (Primary/Secondary)

    drbdadm role r0

    Note: Executing this same command in voipbackup.drbd while in secondary mode should
    not display the /dev/drbd0 partition unless it’s assuming primary mode.

    17. Now we will remove and link on voipbackup.drbd

    cd /replica

    amportal chown

    tar -zcvf etc-asterisk.tgz /etc/asterisk
    tar -zxvf etc-asterisk.tgz
    tar -zcvf var-lib-asterisk.tgz /var/lib/asterisk
    tar -zxvf var-lib-asterisk.tgz
    tar -zcvf usr-lib-asterisk.tgz /usr/lib/asterisk/
    tar -zxvf usr-lib-asterisk.tgz
    tar -zcvf var-spool-asterisk.tgz /var/spool/asterisk/
    tar -zxvf var-spool-asterisk.tgz
    tar -zcvf var-lib-mysql.tgz /var/lib/mysql/
    tar -zxvf var-lib-mysql.tgz
    tar -zcvf var-log-asterisk.tgz /var/log/asterisk/
    tar -zxvf var-log-asterisk.tgz
    tar -zcvf var-www.tgz /var/www/
    tar -zxvf var-www.tgz
    rm -rf /etc/asterisk
    rm -rf /var/lib/asterisk
    rm -rf /usr/lib/asterisk/
    rm -rf /var/spool/asterisk
    rm -rf /var/www

    rm -rf /var/lib/mysql/
    rm -rf /var/log/asterisk/
    ln -s /replica/etc/asterisk/ /etc/asterisk
    ln -s /replica/var/lib/asterisk/ /var/lib/asterisk
    ln -s /replica/usr/lib/asterisk/ /usr/lib/asterisk
    ln -s /replica/var/spool/asterisk/ /var/spool/asterisk
    ln -s /replica/var/lib/mysql/ /var/lib/mysql
    ln -s /replica/var/log/asterisk/ /var/log/asterisk
    ln -s /replica/var/www /var/www
    cd /

    18. Stop mysqld, asterisk and httpd services on voipserver.drbd

    service mysqld restart
    service mysqld stop
    service asterisk stop
    service httpd stop
    service elastix-updaterd stop
    service elastix-portknock stop

    19. Now switch back to the first server:
    [root@voipBACKUP.drbd /]# umount /replica/ ; drbdadm secondary r0

    20. Now switch to the VOIPSERVER server

    [root@voipSERVER.drbd /]# drbdadm primary r0 ; mount /dev/drbd0 /replica

    Drbd is working … let’s be sure that it will always be started:
    chkconfig drbd on

    21. Remember to stop any boot up services on both servers that should be controlled by heartbeat. These services will be controlled by heartbeat on the server that is in control.

    chkconfig asterisk off
    chkconfig mysqld off
    chkconfig httpd off
    chkconfig elastix-updaterd off
    chkconfig elastix-portknock off
    service mysqld stop
    service asterisk stop
    service httpd stop
    service elastix-portknock stop
    service elastix-updaterd stop

    22. Let’s configure a simple /etc/ha.d/ha.cf file on voipserver.drbd :

    debugfile /var/log/ha-debug
    logfile /var/log/ha-log
    debugfile /var/log/ha-debug
    logfile /var/log/ha-log

    logfacility local0
    keepalive 2
    deadtime 30
    warntime 10
    initdead 120
    udpport 694
    bcast eth0
    auto_failback on
    node voipserver.drbd
    node voipbackup.drbd

    23. Create also the /etc/ha.d/authkeys on voipserver.drbd:

    auth 1
    1 sha1 MySecret

    24. Change permissions on the /etc/ha.d/authkeys file on voipserver.drbd:
    chmod 600 /etc/ha.d/authkeys

    25. Edit /etc/ha.d/haresources on voipserver.drbd: (It is two lines!!!!!!! Formating is
    important). Replace the email addresses with your own, on the second line.

    voipserver.drbd drbddisk::r0 Filesystem::/dev/drbd0::/replica::ext3 IPaddr::192.168.0.244/24/eth0/192.168.0.255 mysqld asterisk httpd elastix-updaterd elastix-portknock fop_start
    voipserver.drbd MailTo::hristo@computerassistance.uk.com::DRBD/HA-ALERT
    voipserver.drbd IPaddr::192.168.0.245/24/eth1/192.168.0.255

    Note: If you have second NIC, and you want to failover it, just add it here, like I did, the last line. Now this IP which you’ve set up will be floating between both servers.

    26. Start the heartbeat service on voipserver.drbd :
    service heartbeat start

    27. Replicate now the ha.cf, authkeys and haresources to voipbackup.drbd and start heartbeat

    [root@voipserver.drbd ha.d]# scp /etc/ha.d/ha.cf /etc/ha.d/authkeys /etc/ha.d/haresources
    root@voipbackup.drbd:/etc/ha.d/
    [root@svoipbackup.drbd ha.d]# service heartbeat start

    28. Configure heartbeat to initialize at boot on both server

    chkconfig --add heartbeat
    chkconfig heartbeat on

    29. Verify voipserver.drbd status (Primary/Secondary)

    drbdadm role r0

    30. Execute ‘df -h’ on the primary to confirm that our /dev/drbd0 partition is
    mounted and in use.

    Filesystem Size Used Avail Use% Mounted on
    /dev/sda1 5.7G 1.9G 3.5G 36% /
    tmpfs 249M 0 249M 0% /dev/shm
    /dev/drbd0 7.9G 394M 7.1G 6% /replica

    31. Test your work by creating a SIP extension or anything inside Elastix Web
    Interface, then shut down your primary server while making a continuous ping to
    192.168.0.245 (floating IP address) verifying it doesn’t lose connectivity. Make
    another change in the secondary server, turn your primary back on, and all
    changes should be kept intact.
    Special Note: Any changes made to asterisk files should be done via web Interface
    ONLY. Do not attempt to upgrade Elastix version once finished the cluster or else it will
    write its own files again discarding links to the /replica directory.
    Troubleshooting:

    tcpdump –i eth0:0 –s 1500 –w captura.pcap #capture traffic
    mv captura.pcap /var/www/html #move file to web for download

    http://wiki.centos.org/HowTos/Ha-Drbd
    http://support.red-fone.com/downloads/elastix/Elastix HA Cluster.pdf
    http://danielaliaman.com/blog/files/phonecube/cluster/AsteriskCluster.pdf
    http://www.drbd.org/users-guide/s-configure-split-brain-behavior.html

    Note: Here it is the original tutorial, there is few other think that you can do … as fop and tftpboot migrating Elastix HA cluster

    ThinUbuntu

    I was searching for best thin client for one client. I have tried this Thinstation, but everything is so confusing. So I asked myself, why should I use whole thinclient os. I start browsing about some solutions and I found the best one! It use Ubuntu any version, you can tweak it for your needs and have everything that you
    need. Lets start with Ubuntu 14.04.1 LTS.

    1st you need to install it, update if you want and then all that you need to do is:

    sudo apt-get install rdesktop
    sudo apt-get install lxde

    We gonna use lxde, because is lightweigt and simple. Once these packages are installed you can satart configuring them.

    Create executable mythinclient wherever you want, and there you need to pass some parameters to rdesktop. I use following configuration
    rdesktop -N -k en-gb -a 32 -z -f -5 -r disk:usb=/media/usb1 host.name/ipaddr

    If you want, you can serch for rdesktop parameters. This uses usb redirection host/remote, numlock export 32 bit collors and automatically fullscreen.

    Now we need to write autostart conf file to execute this script when user login.

    mkdir -p ~/.conf/autostart && vim ~/.conf/autostart/$USER.desktop

    [Desktop Entry]
    Type=Application
    Exec=/home/username/mythinclient
    Hidden=false
    NoDisplay=false
    X-GNOME-Austoart-enabled=true

    Now we are going to pass some parameters to lightdm. I have some problems with DHCP, it takes 5 sec to obtain address and by this time, when session start there is no internet and the session does not start … fail …
    I solve this with 6 sec bypass 🙂

    vim /etc/lightdm/lightdm.conf

    [SeatDefaults]
    autologin-guest=false
    autologin-user=thin
    autologin-session=lightdm-autologin
    greeter-hide-users=true
    greeter-session=unity-greeter
    user-session=LXDE.desktop
    autologin-user-timeout=6

    Now reboot and everything must be OK. :)If you want you can check for additional options of lightdm.conf file

    ubuntu boot/6sec login screen and then you are in the game!

    Cacti spine snmp responce time

    Ако има графики които , не чертаят след поставянето на spine и при лога има грешка от сорта:

    03/20/2014 04:44:25 PM – SPINE: Poller[0] Host[256] TH[1] DS[2833] WARNING: SNMP timeout detected [500 ms], ignoring host ‘192.168.55.140’

    Влизаш в настройките на хоста и увеличаваш snmp timeout-a 🙂