Blog
- Home
- Blog
This article covers methods to resolve the issue, Apply Configuration never completes in Nagios. The backend components in Nagios XI require high level privileges, these are accommodated for in sudoers entries.
This allows for high level commands to be executed by scripts without requiring user input. If these entries are missing then they can cause unexpected results.
Sometimes when creating a large amount of objects the apply configuration process is taking longer than expected and PHP may time out or exceed limits.
These are defined in the php.ini file, The location of the php.inifile differs depending on your operating system / version. The following command will determine the location:
find /etc -name php.ini
If there are multiple results then the one in the apache directory is the one that needs changing.
Edit /etc/php.ini and increase these values:
max_execution_time = 60
max_input_time = 60
memory_limit = 256M
After making these changes you'll need to restart the Apache service using one of the commands below:
RHEL 7 | CentOS 7 | Oracle Linux 7
$ systemctl restart httpd.service
Debian | Ubuntu 16/18
$ systemctl restart apache2.service
This article covers how to disable Port 113 IDENT Requests on Nagios.
You are seeing port 113 return requests either from your Nagios XI server (when submitting NSCA passive results) to the originating host OR you are seeing port 113 return requests when checking NRPE services).
You will see this behavior on your firewall logs as you will most likely not have a firewall rule for port 113.
This is usually because you are running an NRPE check through XINETD with USERID included on the log_on_success or log_on_failure options in your remote hosts /etc/xinetd.d/nrpe file.
OR this could be because you are submitting passive results to the XI server through NSCA (which is running under XINETD) /etc/xinetd.d/nsca with the same options as above.
To disable Port 113 IDENT Requests:
1. Then remove the USERID option from the log_on_failure AND log_on_success to stop the IDENT from occurring. The file you need to change depends on:
i. NRPE on remote host
/etc/xinetd.d/nrpe
ii. NSCA on Nagios XI server
/etc/xinetd.d/nsca
2. After making the changes you need to restart the xinetd service using one of the commands below:
RHEL 7+ | CentOS 7+ | Oracle Linux 7+ | Debian | Ubuntu 16/18/20
$ systemctl restart xinetd.service
What is filter ident port 113?
Filter IDENT(port 113) (Enabled) IDENT allows hosts to query the device, and thus discover information about the host.
On the VPN Passthrough screen, you can configure the router to transparently pass IPSec, PPPoE, and PPTP traffic from internal hosts to external resources.
This article covers how to Configure software RAID on Linux using MDADM.
To Install a Software Raid Management Tool:
To install mdadm, run the installation command:
1. For CentOS/Red Hat (yum/dnf is used): $ yum install mdadm
2. For Ubuntu/Debian: $ apt-get install mdadm
3. SUSE: $ sudo zypper install mdadm
4. Arch Linux: $ sudo pacman -S mdadm
Terms related to Integrity of a RAID Array:
1. Version – the metadata version
2. Creation Time – the date and time of RAID creation
3. Raid Level – the level of a RAID array
4. Array Size – the size of the RAID disk space
5. Used Dev Size – the space size used by devices
6. Raid Device – the number of disks in the RAID
7. Total Devices – is the number of disks added to the RAID
8. State – is the current state (clean — it is OK)
9. Active Devices – number of active disks in the RAID
10. Working Devises – number of working disks in the RAID
11. Failed Devices – number of failed devices in the RAID
12. Spare Devices – number of spare disks in the RAID
13. Consistency Policy – is the parameter that sets the synchronization type after a failure, rsync is a full synchronization after RAID array recovery (bitmap, journal, ppl modes are available)
14. UUID – raid array identifier
To Recovering from a Disk Failure in RAID, Disk Replacement:
If one of the disks in a RAID failed or damaged, you may replace it with another one. First of all, find out if the disc is damaged and needs to be replaced.
# cat /proc/mdstat
To Add or Remove Disks to Software RAID on Linux:
1. If you need to remove the previously created mdadm RAID device, unmount it:
# umount /backup
2. Then run this command:
# mdadm -S /dev/md0
mdadm: stopped /dev/md0
3. After destroying the RAID array, it won’t detected as a separate disk device:
# mdadm -S /dev/md0
mdadm: error opening /dev/md0: No such file or directory
4. You can scan all connected drives and re-create a previously removed (failed) RAID device according to the metadata on physical drives. Run the following command:
# mdadm --assemble —scan
About Mdmonitor: RAID State Monitoring & Email Notifications:
The mdmonitor daemon can be used to monitor the status of the RAID.
1. First, you must create the /etc/mdadm.conf file containing the current array configuration:
# mdadm –detail –scan > /etc/mdadm.conf
The mdadm.conf file is not created automatically. You must create and update it manually.
2. Add to the end of /etc/mdadm.conf the administrator email address to which you want to send notifications in case of any RAID problems:
MAILADDR raidadmin@woshub.com
3. Then restart mdmonitor service using systemctl:
# systemctl restart mdmonitor
Then the system will notify you by e-mail if there are any mdadm errors or faulty disks.
This article covers an overview of what Prometheus Distributed Monitoring System is and how it works.
Prometheus is an open-source systems monitoring and alerting toolkit with an active ecosystem.
Why is Prometheus used?
Prometheus is an open-source monitoring software that is very popular in the industry. Prometheus is easy to customize, and produces metrics without impacting application performance.
Along with this, Prometheus monitoring can be used to provide clarity into systems and how to run them.
What is Prometheus monitoring used for?
Prometheus is a free software application used for event monitoring and alerting. It records real-time metrics in a time series database (allowing for high dimensionality) built using a HTTP pull model, with flexible queries and real-time alerting.
What is AWS Prometheus?
Amazon Managed Service for Prometheus (AMP) is a Prometheus-compatible monitoring service that makes it easy to monitor containerized applications at scale.
AMP automatically scales as your workloads grow or shrink, and is integrated with AWS security services to enable fast and secure access to data.
What metrics does Prometheus collect?
At this moment, for Prometheus, all metrics are time-series data. The Prometheus client libraries are the ones in charge of aggregating metrics data, like count or sum. Usually, these client libraries—like the Go library from the graphic above—have four types of metrics: counter, gauge, history, and summary.
What is the difference between Grafana and Prometheus?
Grafana and Prometheus, both help us in tackling issues related to complex data in a simplified manner.
Grafana is an open-source visualization software, which helps the users to understand the complex data with the help of data metrics.
Prometheus is an open-source event monitoring and alerting tool.
How does Prometheus monitoring work?
Prometheus scrapes metrics from instrumented jobs, either directly or via an intermediary push gateway for short-lived jobs.
It stores all scraped samples locally and runs rules over this data to either aggregate and record new time series from existing data or generate alerts.
This article covers difference between Linux and Windows file system. Basically, both Windows and Linux use file systems to store data in an organized manner.
Advantages of using Linux:
1. Linux facilitates with powerful support for networking.
2. The client-server systems can be easily set to a Linux system.
3. It provides various command-line tools such as ssh, ip, mail, telnet, and more for connectivity with the other systems and servers.
4. Tasks such as network backup are much faster than others.
Disadvantages of Linux OS:
1. No single way of packaging software.
2. No standard desktop environment.
3. Poor support for games.
4. Desktop software is still rare.
Why Linux is not popular as Windows?
The main reason why Linux is not popular on the desktop is that it doesn't have “the one” OS for the desktop as does Microsoft with its Windows and Apple with its macOS.
If Linux had only one operating system, then the scenario would be totally different today. Linux kernel has some 27.8 million lines of code.
Linux a good operating system and widely considered one of the most reliable, stable, and secure operating systems too. In fact, many software developers choose Linux as their preferred OS for their projects.
It is important, however, to point out that the term "Linux" only really applies to the core kernel of the OS.
Most Stable Linux Distros:
1. Debian. Suitable for: Beginners.
2. Fedora. Suitable for: Software Developers, Students.
3. Linux Mint. Suitable for: Professionals, Developers, Students.
4. Manjaro. Suitable for: Beginners.
5. openSUSE. Suitable for: Beginners and advanced users.
6. Tails. Suitable for: Security and privacy.
7. Ubuntu.
8. Zorin OS.
Reasons Why Linux Is Better Than Windows:
1. Total cost of ownership. The most obvious advantage is that Linux is free whereas Windows is not.
2. Beginner friendly and easy to use. Windows OS is one of the simplest desktop OS available today.
3. Reliability. Linux is more reliable when compared to Windows.
4. Hardware.
5. Software.
6. Security.
7. Freedom.
8. Annoying crashes and reboots.
Can Linux and Windows share files?
The easiest and most reliable way to share files between a Linux and Windows computer on the same local area network is to use the Samba file sharing protocol.
All modern versions of Windows come with Samba installed, and Samba is installed by default on most distributions of Linux.
Can Linux read NTFS drives?
Linux can read NTFS drives using the old NTFS filesystem that comes with the kernel, assuming that the person that compiled the kernel didn't choose to disable it.
To add write access, it's more reliable to use the FUSE ntfs-3g driver, which is included in most distributions.
For typical everyday Linux use, there's absolutely nothing tricky or technical you need to learn. Running a Linux server, of course, is another matter just as running a Windows server is.
But for typical use on the desktop, if you've already learned one operating system, Linux should not be difficult.
Is Linux a good career choice?
A Linux Administrator job can definitely be something you can start your career with.
It is basically the first step to start working in the Linux industry.
Literally every company nowadays works on Linux. So yes, you are good to go.
This article covers techniques to prevent attacks on the server. Basically, if we manage our servers without proper precautionary actions it is easy to spoil the reputation of the server.
Hardening your server is the process of increasing security on your server through a variety of means to result in a much more secure operating environment. Server hardening is one of the most important tasks to be handled on your servers.
The default configuration of most operating systems is not designed with security as the primary focus.
Default server setups focus more on usability, functionality and communication.
Server Hardening Security Measures Includes:
1. Hide login password from cgi scripts.
This setting allows you to hide the REMOTE_PASSWORD variable from scripts that the cpsrvd daemon's CGI handler executes.
2. Referrer safety check.
Only permit cPanel, Webmail and WHM to execute functions when the browser-provided referrer (port and domain or IP address) exactly matches the destination URL.
3. Initial default/catch-all forwarder destination
Select Fail to automatically discard un-routable email that your servers new accounts receive. This will help protect your server from mail attacks.
4. Verify signatures of third-party cPaddons.
Enable this option to verify GPG signatures of all third-party CPaddons.
5. Prevent "nobody" from sending mail.
Enable to block email that the nobody user sent to the remote address. Nobody is the username for Apache.
6. Enable SPF on domains for newly created accounts.
7. Proxy subdomain override.
Disable this option to prevent automatically-generated proxy domains when a user creates a subdomain.
8. Proxy subdomain creation.
Disable this option to prevent the addition of cPanel, Webmail, Web Disk and WHM proxy subdomain DNS entries to new accounts.
9. Cookie IP validation.
Disable this option to allow logins regardless of the user's IP address.