Install Splunk on Ubuntu and hide behind Apache2 Proxy

Problem

  • Hide Splunk behind Apache2
  • Enable .htaccess
  • Ubuntu 16.04 LTS

Solution

Install Splunk

dpkg -i splunk_package_name.deb

/opt/splunk/bin/splunk start –accept-license

For enable this behavior, please set the following in /opt/splunk/etc/system/default/web.conf

root_endpoint=/NAME

Restart Splunk:

/opt/splunk/bin/splunk restart

Start at boot time:

opt/splunk/bin/splunk enable boot-start

Apache

Enable needed modules:

  • sudo a2enmod proxy
  • sudo a2enmod proxy_http

Edit /etc/apache2/sites-available/000-default.conf

<VirtualHost *:80>
ProxyPreserveHost On

ProxyPass / http://127.0.0.1:8000/NAME
ProxyPassReverse / http://127.0.0.1:8000/NAME
</VirtualHost>

Add .htaccess to VirtualHost

<Location /NAME>
AuthType Basic
AuthName “Wrapper auth”
AuthBasicProvider file
AuthUserFile “/PATHTOHTPASSWD/htpasswd”
Require valid-user
</Location>

Restart

sudo systemctl restart apache2

Advertisements

Install Apache2 with SSL/HTTPs on Ubuntu

Problem

  • You need a Apache2 with HTTPs on Ubuntu

Solution

Prepare

sudo apt-get update && sudo apt-get upgrade -y

sudo apt-get install apache2

Create certificate

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

You will be asked for some infomation. Just put in, what you want:

Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

Optional

Create strong Diffie-Hellman

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

SSL Params

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
# Disable preloading HSTS for now. You can use the commented out header line that includes
# the “preload” directive if you understand the implications.
#Header always set Strict-Transport-Security “max-age=63072000; includeSubdomains; preload”
Header always set Strict-Transport-Security “max-age=63072000; includeSubdomains”
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLSessionTickets Off
SSLUseStapling on
SSLStaplingCache “shmcb:logs/stapling-cache(150000)”

Edit /etc/apache2/sites-available/default-ssl.conf

sudo nano /etc/apache2/sites-available/default-ssl.conf

Change to

SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key

Eanble everything

sudo a2enmod ssl
sudo a2enmod headers
sudo a2ensite default-ssl
sudo a2enconf ssl-params

Restart Apache2

sudo systemctl restart apache2

 

 

 

Install RabbitMQ on Ubuntu 16.04

Problem

  • Install RabbitMQ on Ubuntu Server

Solution

Install Repository

echo ‘deb http://www.rabbitmq.com/debian/ testing main’ | sudo tee /etc/apt/sources.list.d/rabbitmq.list

wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add –

Install RabbitMQ

sudo apt-get update

sudo apt-get install rabbitmq-server

Status

sudo systemctl status rabbitmq-server

Start RabbitMQ

sudo systemctl start rabbitmq-server

Stop RabbitMQ

sudo systemctl stop rabbitmq-server

Limits

sudo nano /etc/sysctl.conf

Add

fs.file-max = 65536

Run

sudo sysctl -p

Edit

sudo nano /etc/security/limits.conf

Add

* soft nproc 65536
* hard nproc 65536
* soft nofile 65536
* hard nofile 65536
root soft nproc 65536
root hard nproc 65536
root soft nofile 65536
root hard nofile 65536

Edit

sudo nano /etc/pam.d/common-session

Add

session required pam_limits.so

Restart

sudo reboot

Ports

Open Ports: 15672 (Mgmt), 5672 and 5671 (Messages)

Management Plugin

sudo rabbitmq-plugins enable rabbitmq_management

sudo systemctl restart rabbitmq-server

Add Admin

rabbitmqctl add_user admin <<password>>
rabbitmqctl set_user_tags admin administrator
rabbitmqctl set_permissions -p / admin “.*” “.*” “.*”

See Management Site

Open http://<<IP>>:15672

Install iTop on Linux

Problem

  • Install itop on Linux with SELinux

Setting

  • Oracle Linux
  • iTop Version 2.3.4

Solution

Install MySQL

yum install mysql mysql-server

#Set root password
/usr/bin/mysql_secure_installation

mysql – u -p <>

mysql> create database itop;
mysql> create user ‘itop’@’%’ identified by ‘itop-password’;
mysql> grant all privileges on itop.* to ‘itop’@’%’;

mysql> quit;

Install Apache and PHP

yum install httpd php php-mysql php-xml php-soap

systemctl start httpd

Get iTop

wget https://downloads.sourceforge.net/project/itop/itop/2.3.4/iTop-2.3.4-3302.zip?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fitop%2Ffiles%2Fitop%2F2.3.4%2F&ts=1502963636&use_mirror=10gbps-io

Files

mv ./web /var/www/itop

cd /var/www/html/itop

mkdir conf
mkdir env-production

chmod 777 conf
chmod 777 data
chmod 777 env-production
chmod 777 log

# If SELinux blocks access
chcon –user system_u –type httpd_sys_content_t -Rv /var/www/html/itop/
# or
sudo setenforce 0

Start install process

Go in your browser and type: http://localhost/itop

Fin

 

Restart failed program every 5 min

Problem

  • Your program fails regularly
  • You need to check if it is running and if not, restart it

Solution

Create a script:

nano restart.sh

Put in the code and replace htop with your program name:

#!/bin/sh

ps cax | grep htop > /dev/null
if [ $? -eq 0 ]; then
echo “Process running.”
else
echo “Process is down.”
fi

Make the script executable:

chmod +x restart.sh

Create a cron job:

crontab -e

Create a new line (replace /home/user/):

*/5 * * * * /home/user/restart.sh

Fin.

 

System wide proxy settings for Xubuntu (16.10)

Problem

  • You have to set http etc. proxy settings for all application
  • XUbuntu GUI is not helpful 😉

Solution

Step 1: Edit environment

sudo nano /etc/environment

Append these lines (fill in your proxy):

http_proxy=http://yourproxy:8080/
https_proxy=http://yourproxy:8080/
HTTP_PROXY=http://yourproxy:8080/
HTTPS_PROXY=http://yourproxy:8080/

To load the new variables:

source /etc/environment

Step 2: Edit apt

Go to /etc/apt/apt.conf.d/ and create a file named 95proxies.

sudo nano /etc/apt/apt.conf.d/95proxies

Fill in these lines:

Acquire::http::proxy “http://yourproxy:8080/&#8221;;
Acquire::ftp::proxy “ftp://yourproxy:8080/”;
Acquire::https::proxy “http://yourproxy:8080/&#8221;;

Fin.

Raspberry PI – Static WIFI IP address

Problem

  •  Raspberry PI is configured using Wifi and DHCP by default (Jessie)

Solution

The solution is simple. Open the file /etc/dhcpcd.conf as root (sudo nano /etc/dhcpcd.conf)

At the end of the file, add the following lines:

interface wlan0
static ip_address=192.168.xxx.xxx/24
static routers=192.168.2.1
static domain_name_servers=192.168.2.1

  • static ip_address: your desired IP address
  • static routers: your gateway
  • static domain_name _servers: your DNS server

Save the file and reboot:

sudo reboot

Fin.

Icinga2 – Change layout of email notifications

Problem

  • You want to change the layout of the email notifications in Icinga2
  • You want to know, which variables Icinga2 provides

Solution

In Icinga2, emails are sent by a command line script (default is one for host and one for service notifications). In a default installation these scripts can be found under/etc/icinga2/scripts

The scripts are easy structured. At first, a variable template is set with a string which defines the mail body. After this template is “printed” and sent to mail. The -s parameter defines the subject of the email notification. (How to setup mail is described in an another post).

The default template looks like this:

#!/bin/sh
template=`cat <<TEMPLATE
***** Icinga *****

Notification Type: $NOTIFICATIONTYPE

Host: $HOSTALIAS
Address: $HOSTADDRESS
State: $HOSTSTATE

Date/Time: $LONGDATETIME

Additional Info: $HOSTOUTPUT

Comment: [$NOTIFICATIONAUTHORNAME] $NOTIFICATIONCOMMENT
TEMPLATE
`

/usr/bin/printf “%b” “$template” | mail -s “$NOTIFICATIONTYPE – $HOSTDISPLAYNAME is $HOSTSTATE” $USEREMAIL

This means, you can change the mail body and the subject of the email.

Variables

Unfortunately, a listing of the available variables in Icinga2 are difficult to find. I found them in the migration chapter of the Icinga2 docs.

If you need more information in your notification, pick them out of the list. To use a new variable for the template or subject, you have to register them in the environment.

The environment is set in the commands.conf under /etc/icinga2/conf.d/

object NotificationCommand “mail-service-notification” {
import “plugin-notification-command”

command = [ SysconfDir + “/icinga2/scripts/mail-service-notification.sh” ]

env = {
NOTIFICATIONTYPE = “$notification.type$”
SERVICEDESC = “$service.name$”
HOSTALIAS = “$host.display_name$”
HOSTADDRESS = “$address$”
SERVICESTATE = “$service.state$”
LONGDATETIME = “$icinga.long_date_time$”
SERVICEOUTPUT = “$service.output$”
NOTIFICATIONAUTHORNAME = “$notification.author$”
NOTIFICATIONCOMMENT = “$notification.comment$”
HOSTDISPLAYNAME = “$host.display_name$”
SERVICEDISPLAYNAME = “$service.display_name$”
USEREMAIL = “$user.email$”
}
}

In the “env = {” statement, a mapping between the Icinga2 variables and the command variables is build up. If you want to add the needed variable, just add a new line.

Fin