Archive for July, 2006

Installing rdesktop

Tuesday, July 11th, 2006

For those of you who have Intel Macs and are tired of the sluggish performance of RDC running in Rosetta: download, compile, and use rdesktop. It’s very easy (and works on PPC Macs too):

Requirements: X11 and Xcode (you DID install those, right?)

First, go to the rdesktop download page (http://www.rdesktop.org/#download) and download the latest source code. Extract the source to ~/Desktop/rdesktop. Then, compile the program. To do this, open Terminal and type cd ~/Desktop/rdesktop, and run the following commands:
$ ./configure
$ make
$ sudo make install

To invoke the rdesktop app, open the X11 application, type Cmd-N to open a Terminal window, and type the following command:

/usr/local/bin/rdesktop -g 1024×768 -a 16 techs.three18.com

(if the flags aren’t self-explanatory, just type /usr/local/bin/rdesktop -help)

If you’re like me and want your RDC session to open up whenever you launch X11, do this:

1. In a Terminal window, type:
$ pico ~/.xinitrc

2. In the window that opens, type:
/usr/local/bin/rdesktop -f -u “username” -p “password” -a 24 techs.three18.com
(replace username and password with your actual username and password, or leave those arguments out if you want to be prompted each time for login).

Script to Change Passwords in Mac OS X

Tuesday, July 11th, 2006

Changing a password in Mac OS X with a script is a straight forward process. Here is a script that will do so. Just replace the put currentpasswordhere in with the desired password and the 318admin with the name of the account you wish to change the password for.

#!/bin/bash

#Changes da password for the 318admin

password=”putcurrentpasswordhere”

/usr/bin/dscl . passwd /Users/318admin “$password”
status=$?

if [ $status == 0 ]; then
echo “Password was changed successfully.”
elif [ $status != 0 ]; then
echo “An error was encountered while attempting to change the password. /usr/bin/dscl exited $status.”
fi

exit $status

Using NPRE with Nagios

Wednesday, July 5th, 2006

Nagios is a computer Monitoring Software. Nagios runs on one central server, and has the ability to check resources on remote computers. In order to allow these remote computers to be monitored the Nagios Software team has NRPE. NRPE functions as a Daemon and plugin for executing plugins on remote hosts. When installed on the remote server it creates a Medium for the Nagios server to be able to execute commands to the remote agent. You have the ability to check a wide range of resources, CPU, Hard Drive Space, Computer Load, Server Services, DNS checks etc.

To Download NRPE and NRPE Plugins

http://www.nagios.org/download/

In this example we will be installing NRPE to a remote Linux Server. So to send the downloaded file to the remote server
scp Documents/NAGIOS/nagios-plugins-1.4.9.tar.gz USER@HOSTNAME:
scp Documents/NAGIOS/nrpe-2.8.1.tar.gz USER@HOSTNAME:
This command will send the downloaded file to the 318admin accounts home folder on the remote linux server.

NRPE Plugins
Once the file has been copied to the server and placed in an appropriate location, for example /usr/local/src
First we will uncompress the package
[root@HOSTNAME src]# tar -xzvf nagios-plugins-1.4.9.tar.gz
Then cd into nagios-plugins-1.4.9
Perform the following to compile and install the plugins

[root@HOSTNAME nagios-plugins-1.4.9]# ./configure
With this executed sucsesfuly you should expect an output similar to this:
config.status: creating po/Makefile
–with-apt-get-command:
–with-ping6-command:
–with-ping-command: /bin/ping -n -U -w %d -c %d %s
–with-ipv6: yes
–with-mysql: /usr/bin/mysql_config
–with-openssl: yes
–with-gnutls: no
–with-perl: /usr/bin/perl
–with-cgiurl: /nagios/cgi-bin
–with-trusted-path: /bin:/sbin:/usr/bin:/usr/sbin

Now we will make the package
[root@HOSTNAME nagios-plugins-1.4.9]# make
With this executed successfully the following
Making all in po

Now we will perform the make install command to install the Nagios Plugins on the remote server. Run this command as root
[root@HOSTNAME nagios-plugins-1.4.9]# make install

Nagios Documentation recommends changing the permissions on the files after the install is performed. The commands to perform this are as follows:
chown nagios:nagios /usr/local/nagios
chown -R nagios:nagios /usr/local/nagios/libexec

Now we will need to Install the NRPE Daemon to execute these plugins

NRPE Daemon
Next we will uncompress the package on the remote server. This document assumes that you have some type of root access to the server.
First we will uncompress the file, I generally move my source files to /usr/local/src
To complete these tasks first SSH into the remote server
Sudo mv nrpe-2.8.1.tar.gz /usr/local/src
Cd /usr/local/src
sudo tar -xzvf nrpe-2.8.1.tar.gz

We have now moved the package file to /usr/local/src and uncompressed the package to /usr/local/src/nrpe-2.8.1

Next a nagios user account needs to be added on the remote system. Execute this command as sudo or root
Useradd nagios
Passwd nagios

Next we must configure and compile the package before we can install it. I have found that compiling NRPE to work best when executed as root, perhaps this will be resolved in later versions. For the purspose of this documentation, it is assumed that the following commands are executed as root

Cd /usr/local/src/nrpe-2.8.1
[root@HOSTNAME nrpe-2.8.1]# ./configure

When ./configure executes properly you should see an output similar to this
*** Configuration summary for nrpe 2.8.1 05-10-2007 ***:

General Options:
————————-
NRPE port: 5666
NRPE user: nagios
NRPE group: nagios
Nagios user: nagios
Nagios group: nagios

Review the options above for accuracy. If they look okay,
type ‘make all’ to compile the NRPE daemon and client.

If you receive errors do not proceed, you must resolve what ever dependency errors you are receiving when attempting to compile.

Next we will perform the make command to ‘make’ the installation. This is done by the following command
[root@HOSTNAME nrpe-2.8.1]# make all

With a succesfull make an output similar to this should be seen
*** Compile finished ***

If the NRPE daemon and client compiled without any errors, you
can continue with the installation or upgrade process.

We are now ready to install NRPE on the remote system. To perform the install, execute the following commands as root:
[root@phillip2 nrpe-2.8.1]# make install-plugin
[root@phillip2 nrpe-2.8.1]# make install-daemon
[root@phillip2 nrpe-2.8.1]# make install-daemon-config
[root@phillip2 nrpe-2.8.1]# make install-xinetd

Now since we installed NRPE with Xinetd, we have to edit the following nrpe file to allow outside connections to NRPE from the Nagios Server
Perform this as root
[root@HOSTNAME nrpe-2.8.1]# nano /etc/xinetd.d/nrpe
Now under ‘only_from’ add the local IP address of the Nagios Server, for example you can have the following:
only_from = 127.0.0.1 192.168.1.23
Save the changes and exit the document edit program

Now we have to Edit the Services file to add the port for NRPE to run. Perform the Following as root:
[root@HOSTNAME nrpe-2.8.1]# nano /etc/services
At the bottom of the File I would just add the following Text
nrpe 5666/tcp #NRPE

Once we have edited the Xinetd File and Services file, perform a restart of Xinetd to apply the changes
This should look something like this if done correctly:
[root@HOSTNAME nrpe-2.8.1]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
To test that the NRPE Daemon is running you can perform this command
netstat -at|grep nrpe
tcp 0 0 *:nrpe *:* LISTEN

If you do not see the same output Nagios Documentation recommends to check the following:
– You added the nrpe entry to your /etc/services file
– The only_from directive in the /etc/xinetd.d/nrpe file contains an entry for “127.0.0.1″
– xinetd is installed and started
– Check the system log files for references about xinetd or nrpe and fix any problems that are reported

Also you can use the check_nrpe plugin to check your installation of NRPE by performing the following command:
[root@HOSTNAME nrpe-2.8.1]# /usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.8.1

The service and Version number should be the expected output of this command.

Before we go to the Nagios server to execute the plugins, in most cases we just have to confirm that the correct devices are being called by the plugins in the config file. Most common is the incorrect hard drive will be checked, which makes the tool not as useful.

So for this server when I run the df command I would want Nagios to examine the partitions of / and /home

For this server I want NRPE to monior /dev/sda1 and /dev/sdb1 so to make this happen we will edit the nrpe.cfg file, /usr/local/nagios/etc/nrpe.cfg down at the bottom are the check commands connected to devices. I have added these two lines, and removed any other hard drive devices
command[check_sda2]=/usr/local/nagios/libexec/check_disk -w 20 -c 10 -p /dev/sda2
command[check_sdb1]=/usr/local/nagios/libexec/check_disk -w 20 -c 10 -p /dev/sdb1

-w 20 means to warn when the drive is 20% free space available
-c 10 mean to have a critical warning when 10% free space available

Configure Nagios Server to Monitor Remote Host

The Remote server must already be running Nagios, this documentation assumes this has already been done. Also if you will need to install the chek_nrpe plugin on the Nagios server. The is done in the same way that a remote host would have NRPE installed, which has already been covered.

After all the requirements have been met, its now time to define server commands for the new host.
First you have to define a services file. This is done on the Nagios Server nagios.cfg. Edit the file located in /usr/local/nagios/etc/nagios.cfg and include for example
cfg_file=/usr/local/nagios/etc/hosts.cfg
cfg_file=/usr/local/nagios/etc/services.cfg
cfg_file=/usr/local/nagios/etc/timeperiods.cfg

Then we will edit the Host.cfg to include the new remote host. Using a text editor add the following, this will add a Host called HOSTNAME with an a local ip of 192.168.1.226, also it will be given the linux-server template. Templates are configured in the nagios.cfg file

define host{
use linux-server
host_name HOSTNAME
alias HOSTNAME
address 192.168.1.226
}

Now we can edit the services file to tell Nagios what NRPE services to check on the new Remote Host. I generally use this template to check various default services

#HOSTNAME
define service{
use generic-service
host_name HOSTNAME
service_description / Free Space
is_volatile 0
check_period 24×7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups admins
notification_interval 120
notification_period 24×7
notification_options w,u,c,r
check_command check_nrpe!check_sda2
}

define service{
use generic-service
host_name HOSTNAME
service_description /home Free Space
is_volatile 0
check_period 24×7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups admins
notification_interval 120
notification_period 24×7
notification_options w,u,c,r
check_command check_nrpe!check_sdb1
}

define service{
use generic-service ; Name of service template to use
host_name HOSTNAME
service_description SMTP
is_volatile 0
check_period 24×7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups admins
notification_interval 120
notification_period 24×7
notification_options w,u,c,r
check_command check_smtp
}
define service{
use generic-service ; Name of service template to use
host_name HOSTNAME
service_description FTP
is_volatile 0
check_period 24×7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups admins
notification_interval 120
notification_period 24×7
notification_options w,u,c,r
check_command check_ftp
}
define service{
use generic-service ; Name of service template to use
host_name HOSTNAME
service_description HTTP
is_volatile 0
check_period 24×7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups admins
notification_interval 120
notification_period 24×7
notification_options w,u,c,r
check_command check_nrpe!check_http
}
define service {
use generic-service
host_name HOSTNAME
service_description CPU Load
is_volatile 0
check_period 24×7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups admins
notification_interval 120
notification_period 24×7
notification_options w,u,c,r
check_command check_nrpe!check_load
}
define service{
use generic-service
host_name HOSTNAME
service_description Current Users
is_volatile 0
check_period 24×7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups admins
notification_interval 120
notification_period 24×7
notification_options w,u,c,r
check_command check_nrpe!check_users
}
define service{
use generic-service
host_name HOSTNAME
service_description Total Processes
is_volatile 0
check_period 24×7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups admins
notification_interval 120
notification_period 24×7
notification_options w,u,c,r
check_command check_nrpe!check_total_procs
}
define service{
use generic-service
host_name HOSTNAME
service_description Zombie Processes
is_volatile 0
check_period 24×7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups admins
notification_interval 120
notification_period 24×7
notification_options w,u,c,r
check_command check_nrpe!check_zombie_procs
}

After you have edited the host and service files, you may want to run a check to see what if anything is wrong with your config. Run this file, I find it helpful to make this just a script that you can execute once your done. The command is
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

If everything runs without error, its safe to restart the nagio service and check the website for the new host.

How to Monitor Remote services with Nagios and NRPE

As long as both the Nagios server and Remote Host running NRPE have the nagios plugins installed this is very straight forward.

In this example we will add monitoring of HTTP and MySQL to a remote server named terrence2.

First on the Remote Host with NRPE, edit the nrpe.cfg file to include:
command[check_mysql]=/usr/local/nagios/libexec/check_mysql -h localhost
command[check_http]=/usr/local/nagios/libexec/check_http -h localhost

Then on the Nagios server simply edit the services.cfg file to add the following check command:
define service{
use generic-service ; Name of service template to use
host_name HOSTNAME
service_description HTTP
is_volatile 0
check_period 24×7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups admins
notification_interval 120
notification_period 24×7
notification_options w,u,c,r
check_command check_nrpe!check_http

and for MySQL

define service{
use generic-service ; Name of service template to use
host_name HOSTNAME
service_description MySQL
is_volatile 0
check_period 24×7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups admins
notification_interval 120
notification_period 24×7
notification_options w,u,c,r
check_command check_nrpe!check_mysql

Restart xinetd on the remote host and restart nagios on the server and your up and monitoring.

Installing Joomla in OS X Server

Tuesday, July 4th, 2006

1. Enable MySQL.
2. Create a database in MySQL called joomladb.
3. Create a new user called jadmin that has full priviledges to this database (the user does not need to be called jadmin, but that is the username we will be using for this walkthrough).
4. Download the latest stable release of Joomla.
5. Extract the tar files into a new folder (for this example we are going to call it joomla to keep things easy).
6. Make the following folders writeable for Joomla
administrator/backups/
administrator/components/
administrator/modules/
administrator/templates/
cache/
components/
images/
images/banners/
images/stories/
language/
mambots/
mambots/content/
mambots/editors/
mambots/editors-xtd/
mambots/search/
media/
modules/
templates/
7. Move the joomla folder onto a web server.
8. From your web server, visit the site 127.0.0.1/joomla or the subfolder that you placed the joomla files into.
9. Make sure PHP is enabled for the domain and globally.
10. At the Joomla Pre-Installation check page, you will either see a notice that you can install Joomla or a notice that your system does not meet the minimum requirements for installion. If your system does not meet the requirements, install the modules that are listed in Red, or make Joomla work and click on the Check Again button. Once the dependencies are all installed click Next.
11. Read the license agreement and click on Next.
12. Fill in the appropriate fields for your MySQL environment and click Next >>. The fields that are used:
a. Host Name: If the server you are currently using is a MySQL server then enter localhost. Otherwise enter the name or IP of your MySQL server.
b. MySQL User Name: Either enter the root User Name for your MySQL server or another username if desired.
c. MySQL User Name: Either enter the root password for your MySQL server or the password for another user if desired.
d. MySQL Database Name: The name of the database on the MySQL server you would like the Joomla files saved to. In our example, we will use joomladb.
13. Enter the name you would like to use for your Joomla site. This will be the name users will see when logging into your Joomla site and click on the Next button.
14. At the next screen you will be asked to enter some site specific information and then click Next.
a. URL: Enter the URL that users will use to access your site.
b. Path: Enter the full path to the Joomla directory on your server.
c. Email: This will be used for administrative logins.
d. Admin password: This will be the administrative password used to access your Joomla site.
15. cd into the Joomla directory and remove the directory called installation.
16. Click on the View Site button. If you see the Default Joomla site then you are almost done.
17. Go back to the previous screen and click on the Administration button.
18. Enter admin as your username and the administrative password you gave Joomla in field 14.d.
19. You now have Joomla configured and are now ready to customize it.

Email Privacy and Encryption

Sunday, July 2nd, 2006

Ever get an email from yourself that you didn’t send? Ever get spam from someone that you can’t reply to? Using the settings of an email program, it is possible to pretend to be anyone that you would like. If you want to send email from bill.gates@microsoft.com then that is entirely possible. Finding the address of who actually sent email is easy, but ensuring the identity of the sender is not part of standard email.

This is where the protocols for PGP, Pretty Good Privacy, and GPG, or GNU Privacy Guard, come into play. GPG and PGP are Open Source suites of applications allowing senders to digitally sign outgoing emails in such a way that it is highly unlikely that anyone else could have sent the message. In order to use their digital signature senders are required to enter a password to send the message.

It is also possible to use GPG to encrypt email using a shared password. This allows for forcing a password to both send and receive the message. Encrypting messages ensures both the identity of the sender and the identity of the receiver. Anyone that intercepts a message in transit or finds the message on either system at a later date can open the message without the password to do so.

GPG and PGP provide strong encryption measures to ensure privacy over public mediums of messaging. Email is not the only use for this. GPG can also be used to encrypt a file before using transferring it using other methods such as FTP or the web. The commercial version of PGP can also be set up to encrypt certain instant messaging traffic and an entire hard disk.

Boolean vs Logic Arguments in FileMaker: Scripting and Field Creation

Saturday, July 1st, 2006

When creating an argument to determine if a field or variable contains data it is faster to use a Boolean argument as opposed to a logic, text string argument. The Boolean will only argue the ‘true’ / ‘false’ value of the statement as opposed to parsing out the full logic of the statement.

According to the “Under the Hood” sessions given by FMI at the last DevCon, Boolean arguments can provide boosts to speed.

Instead of “Yes / No” values in checkboxes, use “ 1 / null “ then when you argue for that checkbox, the argument becomes:

If ( checkbox ) or If not ( checkbox )
as opposed to
If ( checkbox = “ Yes / No “ )

Use IsEmpty ( field ) or not IsEmpty ( field ) as opposed to field >< “”

FMI also had some considerations for boolean calculations:

It only matters if something is True. If it’s not true, it must be false (which is also a null value), therefore, FileMaker does not need to know if it is false , only if it is true. ex:

Case ( myName = myName ; 1 )

Do not include the default negative result in the calc. This can aid in speed for searching and scripting.