dimanche 6 novembre 2011

Installer un serveur Nagios sur ubuntu 11.10

ubuntu 11.10
Nagios est un programme permettant à un administrateur réseau de superviser ses serveurs.


procédons à son installation.


-----
sudo apt-get install -y nagios3
-----

diverses dépendances s'installent telles que

apache qui nous permettera d'heberger le site / interface web de nagios -- serveur web
postfix qui nous permettera d'envoyerdes mails -- serveur de messagerie


config postfix un tuto anterieur est plus détaillé.

internet site
système mail name = domaine auquel appartient le serveur ici nom de la machine "ubuntu"

config apache pas de difficulté pour l'instant

config nagios

definissez juste le mot de passe ,un utilisateur "nagiosadmin" sera créé, pourquoi pas changer le login pour des raisons de sécurité, à voir plus tard


à ce stade nagios est dejà accessible à cette adresse dans firefox par exemple:

http://localhost/nagios3 , les identifiants seront demandés



Ajoutd'unenouvelle machine (ici hors domaine) à superviser

allons dans le fichier de configuration nagios

cd /etc/nagios3/conf.d/


editons le fichier qui gère les hosts, dans mon cas :


nano generic-host_nagios2.cfg


nous allons ajouter un serveur dont l ip sera 192.168.12.20



# Generic host definition template
define host {
name generic-host
register 0
notifications_enabled 1
event_handler_enabled 1
flap_detection_enabled 1
process_perf_data 1
retain_status_information 1
retain_nonstatus_information 1
check_command check-host-alive
max_check_attempts 10
notification_interval 60
notification_period 24x7
notification_options d,u,r
}

# Definition du materiel reseau du labo
define host {
host_name nomde_l_ordi
use generic-host
alias w7
address 192.168.12.20
}










/etc/init.d/nagios3 restart
verification de la config sudo nagios3 -v /etc/magios3/nagios.cfg
Publié par à l'adresse 0 commentaires
Libellés :

mardi 1 novembre 2011

How to set up a VPN server on Ubuntu

A good way to set up a secure vpn between two machines with ( for example ubuntu 11.10 and windows 7 client) is to use Openvpn

Lest's open a teminal on ubuntu to install open vpn

-------------------------------------------------------------------------------------------------
sudo apt-get install openvpn
-------------------------------------------------------------------------------------------------

We 'll create now the certificate authority witch job is to control and sign all client certificates

Keep connect on mega root :) with

-------------------------------------------------------------------------------------------------
sudo -s
-------------------------------------------------------------------------------------------------

go to

-------------------------------------------------------------------------------------------------
cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/
-------------------------------------------------------------------------------------------------


and edit « Vars » file with

-------------------------------------------------------------------------------------------------
nano vars
-------------------------------------------------------------------------------------------------

Target this text bellow on the file and replace theses lines after the "=" by your self parameters, and so save it...


export KEY_COUNTRY=FR
export KEY_PROVINCE=IDF
export KEY_CITY=paris
export KEY_ORG=tutosinfo
export KEY_EMAIL=polux@xxx.com

After this, we're gonna to reload all certificate process with

-------------------------------------------------------------------------------------------------
. ./vars
-------------------------------------------------------------------------------------------------

And clean all old certificates

-------------------------------------------------------------------------------------------------
./clean-all
-------------------------------------------------------------------------------------------------

We gonna create now the certificate authority and the public key

-------------------------------------------------------------------------------------------------
./build-ca
-------------------------------------------------------------------------------------------------

ca.crt et ca.key have been created after this on "/usr/share/doc/openvpn/examples/easy-rsa/2.0/" folder

We'll create private the server key and certificate with

-------------------------------------------------------------------------------------------------
./build-key-server "servername"
-------------------------------------------------------------------------------------------------

tip "y" after every question

2 other files have been created :servername.crt and servername.key


This process is the same for clients

./build-key client1

ext....

we got to generate Diffie Hellman parameters with

-------------------------------------------------------------------------------------------------
./build-dh
-------------------------------------------------------------------------------------------------

lets copy all keys and certic=ficates to /etc/openvpn/

-------------------------------------------------------------------------------------------------
cp keys/dh*.pem keys/ca.crt keys/server.crt keys/server.key /etc/openvpn/
-------------------------------------------------------------------------------------------------

and go to...

-------------------------------------------------------------------------------------------------
cd /usr/share/doc/openvpn/examples/sample-config-files/
-------------------------------------------------------------------------------------------------

Where we have to unzip "server.conf.gz"

-------------------------------------------------------------------------------------------------
gunzip server.conf.gz
-------------------------------------------------------------------------------------------------

we 'll copy it to "etc/openvpn/" too.

-------------------------------------------------------------------------------------------------
cp /usr/share/doc/openvpn/eamples/sample-cpnfig-files/server.conf /etc/openvpn/
-------------------------------------------------------------------------------------------------

Edit the file :

-------------------------------------------------------------------------------------------------
nano /etc/openvpn/server.conf
-------------------------------------------------------------------------------------------------

The is a very basic configuration witch works :

-------------------------------------------------------------------------------------------------

# Which TCP/UDP port should OpenVPN listen on?

# open up this port on your firewall.
port 1194

# TCP or UDP server?
proto tcp
#proto udp

# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
#dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap

# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca /etc/openvpn/ca.crt
cert /etc/openvpn/ubuntu.crt
key /etc/openvpn/ubuntu.key # This file should be kept secret

# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh /etc/openvpn/dh1024.pem

# ethernet bridging. See the man page for more info.
server x.x.x.x 255.x.x.x

####### x are your network parameters #########


# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist ipp.txt

# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120


# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
#;cipher BF-CBC # Blowfish (default)
cipher AES-128-CBC # AES
#cipher DES-EDE3-CBC # Triple-DES

# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo

# The maximum number of concurrently connected
# clients we want to allow.
max-clients 2

# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nogroup

# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun

# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status openvpn-status.log

# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
log openvpn.log
log-append openvpn.log

# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 5

# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20



-------------------------------------------------------------------------------------------------

let's restart openvpn deamon

-------------------------------------------------------------------------------------------------
/etc/init.d/openvpn retart
-------------------------------------------------------------------------------------------------



You can download openvpn clients here : http://openvpn.net/index.php/open-source/downloads.html

You just have to copy client1 files from server to client C:\Program Files\OpenVPN\config

Launch openvpn connexion client , and be carefull with port tcp 1194 witch have to be opened on firewall, that could help ;)






















Publié par à l'adresse 0 commentaires
Libellés :
Inscription à : Messages (Atom)

Moué :

Ma photo
Vive l'informatique et la guitare !