2016年9月30日 星期五

在 CentOS7/RHEL7上,使用 Nginx 設定基本 Web 帳號密碼

設定提要:
  • 利用 Nginx 作為 Web 平台,實作 Web 站台帳密登入機制
  • 請先安裝 Nginx Web 平台!可參考這一篇文章!
快速設定流程:
  1. 利用 yum 進行相關套件安裝:
    #yum -y install httpd-tools
    
  2. 設定帳號與密碼:
    #htpasswd -c /etc/nginx/.htpasswd nginx
    (查看密碼內容:)
    # cat /etc/nginx/.htpasswd
    
  3. 修改 Nagios 設定檔 /etc/nginx/nginx.conf:
    # vim /etc/nginx/nginx.conf
    (追加下列設定參數:)
    auth_basic "Private Property";
    auth_basic_user_file /etc/nginx/.htpasswd;
    
  4. 重新啟動 Nagios:
    # systemctl reload nginx
    
※附註:
  • 限制指定的目錄:
    #vim /etc/nginx/conf.d/default.conf
    (加入下列設定參數)
    location ~ ^/admin/.* {
            root /usr/share/nginx/html;
            index index.php index.html index.htm;
            location ~ \.php$ {
               try_files $uri = 404;
               fastcgi_pass unix:/var/opt/remi/php70/run/php-fpm/php-fpm.sock;
               fastcgi_index  index.php;
               fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
               include        fastcgi_params;
            }
            auth_basic "Administrator Login";
            auth_basic_user_file /usr/share/nginx/html/.htpasswd;
    }
    
參考文獻:
  • http://tonyhack.familyds.net/wordpress/?p=1998

2016年9月20日 星期二

在 CentOS7/RHEL7 上安裝 Nagios (for Apache)

設定提要:
  • 利用 Nagios 即時監控系統資源運作情形!
  • 利用 Apache 作為 Web 平台!可參考這一篇,安裝 LAMP 平台!
Server 端(監控端)快速設定流程:
  1. 利用 yum 進行 EPEL 套件安裝升級:
    #yum udpate epel-release
    
  2. 安裝 Nagios 與 Plugin 套件:
    #yum install nagios nagios-plugins-* httpd-tools
    
  3. 編寫相關 Nagios 的設定檔:
    # vim /etc/httpd/conf.d/nagios.conf
    (增加下列設定:)
    Require ip 127.0.0.1 192.168.100.0/24
    
  4. 設定 Web 帳密驗證:
    #htpasswd /etc/nagios/passwd nagiosadmin
    
  5. 起動 Nagios :
    #systemctl enable nagios
    #systemctl start nagios
    #systemctl restart httpd
    
  6. 利用 firefox ,連到網頁: http://自己的IP/nagios ,即可看見網頁!
Client 端(被監控端)快速設定流程:
  1. 在 Client 端主機上,利用 yum 進行 EPEL 套件安裝升級:
    #yum udpate epel-release
    
  2. 在 Client 端主機上,安裝 NRPE 與 Plugin 套件:
    #yum install nrpe nagios-plugins-*
    
  3. 在 Client 端主機上,編寫相關 NRPE 的設定檔:
    # vim /etc/nagios/nrpe.cfg
    (增加下列設定:)
    allowed_hosts=127.0.0.1,192.168.100.250
    dont_blame_nrpe=1
    command[check_users]=/usr/lib64/nagios/plugins/check_users -w $ARG1$ -c $ARG2$
    command[check_load]=/usr/lib64/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
    command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
    command[check_procs]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
    
  4. 在 Client 端主機上,起動 NRPE :
    #systemctl enable nrpe
    #systemctl start nrpe
    
  5. 在 Client 端主機上,打開防火牆設定:
    #firewall-cmd --add-port=5666/tcp --permanent
    #firewall-cmd --reload
    
  6. 在 Server 端主機上,安裝 Nagios 的 NRPE Plugin 套件:
    #yum install nagios-plugins-nrpe
    
  7. 在 Server 端主機上,修改 Nagios 相關設定:
    #vim /etc/nagios/objects/commands.cfg
    (在檔尾加入下列設定:)
    define command{
            command_name check_nrpe
            command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
    }
    
  8. 在 Server 端主機上,編寫被監控端的監控設定:
    #vim /etc/nagios/conf.d/node01.cfg
    
    define host{
        use                    linux-server
        host_name              node01
        alias                  node01
        address                192.168.100.1
        }
    define service{
        use                    generic-service
        host_name              node01
        service_description    PING
        check_command          check_ping!100.0,20%!500.0,60%
        }
    
    define service{
        use                    generic-service
        host_name              node01
        service_description    Root Partition
        check_command          check_nrpe!check_disk\!20%\!10%\!/
        }
    
    define service{
        use                    generic-service
        host_name              node01
        service_description    Current Users
        check_command          check_nrpe!check_users\!20\!50
        }
    
    define service{
        use                    generic-service
        host_name              node01
        service_description    Total Processes
        check_command          check_nrpe!check_procs\!250\!400\!RSZDT
        }
    
    define service{
        use                    generic-service
        host_name              node01
        service_description    Current Load
        check_command          check_nrpe!check_load\!5.0,4.0,3.0\!10.0,6.0,4.0
        }
    
  9. 在 Server 端主機上,重新起動 Nagios :
    #systemctl restart nagios
    
參考文獻:
  • https://www.server-world.info/en/note?os=CentOS_7&p=nagios&f=1

在 CentOS7/RHEL7 上安裝 Nagios (for Nginx)

設定提要:
  • 利用 Nagios 即時監控系統資源運作情形!
  • 利用 Nginx 作為 Web 平台
快速設定流程:
  1. 利用 yum 進行相關套件安裝:
    #yum -y httpd-tool gcc glibc glibc-common gd gd-devel net-snmp openssl-devel wget unzip spawn-fcgi perl-FCGI fcgi fcgi-devel
    
  2. 設定 Nagios 專用帳號與群組:
    #useradd nagios
    #passwd nagios
    #groupadd nagcmd
    #usermod -a -G nagcmd nagios
    #usermod -a -G nagcmd nginx
    
  3. 下載 Nagios 的最新版本:
    # cd /tmp
    #wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.2.1.tar.gz
    #wget https://nagios-plugins.org/download/nagios-plugins-2.1.3.tar.gz
    
  4. 解開 Nagios 壓縮檔:
    #tar zxvf nagios-4.2.1.tar.gz
    #tar zxvf nagios-plugins-2.1.3.tar.gz
    
  5. 編譯 Nagios 原始碼:
    #cd nagios-4.2.1
    #./configure --sysconfdir=/etc/nagios --with-nagios-user=nagios --with-nagios-group=nagios --with-command-user=nagios --with-command-group=nagcmd
    #make all
    #make install
    #make install-init
    #make install-commandmode
    
  6. 編譯 Nagios-plugins 原始碼:
    #cd ../nagios-plugins-2.1.3
    #./configure --with-nagios-user=nagios --with-nagios-group=nagios
    #make all
    #make install
    
  7. 修改 Nagios 相關設定檔:
    #vim /etc/nagios/nagios.cfg
    (修改下列設定:)
    log_file=/var/log/nagios/nagios.log
    
  8. 配合設定檔,新增目錄及檔案:
    #mkdir /var/log/nagios
    #touch /var/log/nagios/nagios.log
    #chown -R nagios:nagios /var/log/nagios/
    
  9. 新增帳密,鎖住 Nagios 網頁:
    #htpasswd -cb /etc/nagios/htpasswd.users nagiosadmin !AGoodPassword
    
  10. 設定 fcgiwrap:
    #cd /etc/yum.repos.d/
    #wget https://copr.fedorainfracloud.org/coprs/jorti/fcgiwrap/repo/epel-7/jorti-fcgiwrap-epel-7.repo
    #yum install fcgiwrap
    #vim /etc/init.d/fcgiwrap
    (編寫內容如下:)
    #!/usr/bin/perl
    
    use strict;
    use warnings FATAL => qw( all );
    
    use IO::Socket::UNIX;
    
    my $bin_path = '/usr/sbin/fcgiwrap';
    my $socket_path = $ARGV[0] || '/tmp/cgi.sock';
    my $num_children = $ARGV[1] || 1;
    
    close STDIN;
    
    unlink $socket_path;
    my $socket = IO::Socket::UNIX->new(
        Local => $socket_path,
        Listen => 100,
    );
    
    die "Cannot create socket at $socket_path: $!\n" unless $socket;
    
    for (1 .. $num_children) {
        my $pid = fork;
        die "Cannot fork: $!" unless defined $pid;
        next if $pid;
    
        exec $bin_path;
        die "Failed to exec $bin_path: $!\n";
    }
    (存檔後離開)
    # chmod +x /etc/init.d/fcgiwrap 
    #vim /etc/rc.local
    (加入下列該行指令:)
    sudo -u nginx /etc/init.d/fcgiwrap
    
  11. 設定 Nginx 內容:
    #cd /etc/yum.repos.d/
    
    
  12. 起動 Nagios :
    #
    #chmod +x /etc/init.d/nagios
    #chkconfig --add nagios
    #service nagios start
    
參考文獻:
  • http://www.phpini.com/linux/rhel-centos-7-install-nagios
  • https://assets.nagios.com/downloads/nagioscore/docs/Nagios-Core-Installing-On-Centos7.pdf
  • http://unix.rocks/2014/nginx-and-nagios-a-howto/
  • https://copr.fedorainfracloud.org/coprs/jorti/fcgiwrap/
  • https://blog.linuxeye.com/312.html
  • http://idevit.nl/node/93

2016年9月2日 星期五

Linux中,自動回答內容的Shell Scripts 用法

設定目標:
  • 利用 Expect 套件,寫出自動回應系統訊息的程式。
快速設定流程:
  1. 安裝 Expect 套件
    # yum install expect
    
  2. 寫個自動登入的 Expect Scripts 程式
    # vim login.sh
    #!/usr/bin/expect -f
    spawn ssh -i .ssh/id_rsa demo@helloworld
    expect {
          "yes/no" {
             send "yes\r"
             expect "passphrase"
             send "123456\r"
          }
          "passphrase" {
             send "123456\r"
          }
      }
    interact timeout 1 { send "logout\n" }
    exit
    
  3. 執行測試
    #chmod +x login.sh
    # ./login.sh
    


參考文獻:

  • http://blog.xuite.net/m740138.m740138/blog/25445084-%E5%B0%8D%E8%A9%B1%E5%9E%8B%E8%87%AA%E5%8B%95%E5%9B%9E%E6%87%89%E8%85%B3%E6%9C%AC(%E4%BD%BF%E7%94%A8expect)
  • http://wiki.tcl.tk/11583
  • https://blog.longwin.com.tw/2011/07/expect-shell-auto-linux-2011/
  • http://white-co.blogspot.tw/2012/01/expect-spawnlinux-expect.html