You can monitor your system’s Web performance quite easily with graphical Linux tools. You’ll learn how to use several in this chapter, including MRTG, which is based on SNMP and monitors raw network traffic, and Webalizer, which tracks Web site hits.

SNMP

Most servers, routers and firewalls keep their operational statistics in object identifiers (OIDs) that you can remotely retrieve via the Simple Network Management Protocol (SNMP). For ease of use, equipment vendors provide Management Information Base (MIB) files for their devices that define the functions of the OIDs they contain. That’s a lot of new terms to digest in two sentences, so take a moment to look more closely.

OIDs And MIBs

OIDs are arranged in a structure of management information (SMI) tree defined by the SNMP standard. The tree starts from a root node, which then descends through branches and leaves that each add their own reference value to the path separated by a period.. Figure 22-1 shows an OID structure in which the path to the enterprises OID branch passes through the org, dod, internet, and private branches first. The OID path for enterprises is, therefore, 1.3.6.1.4.1.

Figure 22-1 SNMP OID Structure

Management Information Bases (MIBs) are text definitions of each of the OID branches. Table 22-1 shows how some commonly used OIDs map to their MIB definitions. For example, the SMI org MIB defines all the topmost OIDs found at the next layer, which is named dod; the internet MIB under dod defines the function of the topmost OIDs in the directory, mgmt, experimental, and private branches. This MIB information is very useful for SNMP management programs, enabling you to click on an OID and see its value, type, and description.

Table 22-1 OIDs And Their Equivalent MIBs

You can refer to an OID by substituting the values in a branch with one of these more readable MIB aliases. For example, you can reference the OID 1.3.6.1.4.1.9.9.109.1.1.1.1.5 as enterprises.9.9.109.1.1.1.1.5.1 by substituting the branch name (enterprises) for its OID numbers (1.3.6.1.4.1).

Remember, only the OID value at the very tip of a branch, the leaf, actually has a readable value. Think of OIDs like the directory structure on a hard disk. Each branch is equivalent to a subdirectory, and the very last value at the tip (the leaf) correlates to a file containing data.

The Linux snmpget command outputs the value of a single leaf, and the snmpwalk command provides the values of all leaves under a branch. I’ll discuss these commands later; for now, all you need to know is that the command output frequently doesn’t list the entire OID, just the MIB file in which it was found and the alias within the MIB. For example

SNMPv2-MIB::sysUpTime.0

Here the OID value was found in the SNMPv2-MIB file and occupies position zero in the sysUpTime alias.

Equipment manufacturers are usually assigned their own dedicated OID branch under the enterprises MIB, and they must also provide information in universally accepted OIDs for ease of manageability. For example, NIC interface data throughput values must always be placed in a predefined location in the general tree, but a memory use value on a customized processor card may be defined in a MIB under the manufacturer’s own OID branch.

SNMP Community Strings

As a security measure, you need to know the SNMP password, or community string, to query OIDs. There are a number of types of community strings, the most commonly used ones are the Read Only or “get” community string that only provides access for viewing statistics and system parameters. In many cases the Read Only community string or password is set to the word “public;” you should change it from this easy-to-guess value whenever possible. The Read/Write or “set” community string is for not only viewing statistics and system parameters but also for updating the parameters.

SNMP Versions

There are currently three versions of SNMP.

1. SNMP Version 1: The first version of SNMP to be implemented, version 1 was designed to be a protocol to provide device statistics and error reporting without consuming a lot of system resources. Security was limited to community strings and access controls based on the IP address of the querying server. Data communication wasn’t encrypted.
2. SNMP Version 2: The second version of SNMP, often referred to as v2c, expanded the number of supported error codes, increased the size of counters used to track data, and had the ability to do bulk queries that more efficiently loaded response packets with data. SNMP v2c is backward compatible with version 1.
3. SNMP Version 3: This version provides greater security and remote configuration capabilities than its predecessors. Access isn’t limited to a single community string for read-only and read/write access, as usernames and passwords have been introduced. Views of OIDs in a MIB can also be limited on a per-user basis. Support for encrypted SNMP data transfer and transfer error detection is also provided.

Remember their differences, because you will need to specify the version number when doing SNMP queries.

Doing SNMP Queries

Configuring SNMP on a server isn’t hard, but it does require a number of detailed steps.

Installing SNMP Utilities on a Linux Server

If you intend to use your Linux box to query your network devices, other servers or even itself using MRTG or any other tool, you need to have the SNMP utility tools package net-snmp-utils installed. This package may also require pre-requisite packages, so it is best to use an automated package updater such yum or apt to do this.

When searching for these packages the filenames will start with the package name followed by a version number, as in net-snmp-utils-5.1.1-2.i386.rpm. (If you need an installation refresher, see Chapter 6, “Installing Linux Software“).

SNMP Utilities Command Syntax

The SNMP utility tools package installs a number of new commands on your system for doing SNMP queries, most notably snmpget for individual OIDs and snmpwalk for obtaining the contents of an entire MIB. Both commands require you to specify the community string with a -c operator. They also require you to specify the version of the SNMP query to be used with a -v 1, -v 2c, or -v 3 operator for versions 1, 2, and 3, respectively. The first argument is the name or IP address of the target device and all other arguments list the MIBs to be queried.

This example gets all the values in the interface MIB of the local server using SNMP version 1 and the community string of craz33guy.

[root@bigboy tmp]# snmpwalk -v 1 -c craz33guy localhost interface
...
...
IF-MIB::ifDescr.1 = STRING: lo
IF-MIB::ifDescr.2 = STRING: eth0
IF-MIB::ifDescr.3 = STRING: eth1
...
...
IF-MIB::ifPhysAddress.1 = STRING:
IF-MIB::ifPhysAddress.2 = STRING: 0:9:5b:2f:9e:d5
IF-MIB::ifPhysAddress.3 = STRING: 0:b0:d0:46:32:71
...
...
[root@bigboy tmp]#

Upon inspecting the output of the snmpwalk command, you can see that the second interface seems to have the name eth0 and the MAC address 0:9:5b:2f:9e:d5. You can now retrieve the individual MAC address using the snmpget command.

[root@bigboy tmp]# snmpget -v 1 -c const1payted localhost ifPhysAddress.2
IF-MIB::ifPhysAddress.2 = STRING: 0:9:5b:2f:9e:d5
[root@bigboy tmp]#

You can confirm this information using the ifconfig command for interface eth0; the very first line shows a matching MAC address.

[root@bigboy tmp]# ifconfig -a eth0
eth0      Link encap:Ethernet  HWaddr 00:09:5B:2F:9E:D5  
          inet addr:216.10.119.244  Bcast:216.10.119.255   Mask:255.255.255.240
...
...
[root@bigboy tmp]#

You’ll now see how you can configure SNMP on your Linux server to achieve these results.

Configuring Simple SNMP on a Linux Server

By default Fedora, installs the net-snmp package as its SNMP server product. This package uses a configuration file named /etc/snmp/snmpd.conf in which the community strings and other parameters may be set. The version of the configuration file that comes with net-snmp is quite complicated. I suggest archiving it and using a much simpler version with only a single line containing the keyword rocommunity followed by the community string. Here is an example.

1) Save the old configuration file

[root@bigboy tmp]# cd /etc/snmp/
[root@bigboy snmp]# mv snmpd.conf snmpd.conf.old
[root@bigboy snmp]# vi snmpd.conf
 

2) Enter the following line in the new configuration file to set the Read Only community string to craz33guy.

rocommunity craz33guy

3) Configure Linux to start SNMP services on each reboot with the chkconfig command:

[root@bigboy root]# chkconfig snmpd on
[root@bigboy root]#

4) Start SNMP to load the current configuration file.

[root@bigboy root]# service snmpd start
Starting snmpd: [ OK ]
[root@bigboy root]#

5) Test whether SNMP can read the system and interface MIBs using the snmpwalk command.

[root@bigboy snmp]# snmpwalk -v 1 -c craz33guy localhost system
SNMPv2-MIB::sysDescr.0 = STRING: Linux bigboy 2.4.18-14 #1 Wed Sep 4 11:57:57 EDT 2002 i586
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
SNMPv2-MIB::sysUpTime.0 = Timeticks: (425) 0:00:04.25
SNMPv2-MIB::sysContact.0 = STRING: root@localhost
SNMPv2-MIB::sysName.0 = STRING: bigboy
...
...
...
[root@bigboy snmp]# snmpwalk -v 1 -c craz33guy localhost interface
IF-MIB::ifNumber.0 = INTEGER: 3
IF-MIB::ifIndex.1 = INTEGER: 1
IF-MIB::ifIndex.2 = INTEGER: 2
IF-MIB::ifIndex.3 = INTEGER: 3
IF-MIB::ifDescr.1 = STRING: lo
IF-MIB::ifDescr.2 = STRING: wlan0
IF-MIB::ifDescr.3 = STRING: eth0 
...
...
...
[root@bigboy snmp]# 

Now that you know SNMP is working correctly on your Linux server, you can configure SNMP statistics gathering software, such as MRTG, to create online graphs of your traffic flows.

SNMP On Other Devices

In the example, you were polling localhost. You can poll any SNMP-aware network device that has SNMP enabled. All you need is the IP address and SNMP Read Only string and you’ll be able to get similar results. Here is an example of a query of a device with an IP address of 192.168.1.1.

[root@bigboy snmp]# snmpwalk -v 1 -c chir1qui 192.168.1.1 interface

Note: When issuing snmpwalk and snmpget commands, remember to use the proper version switch (-v 1, -v 2c, or -v 3) for the version of SNMP you’re using.

Basic SNMP Security

The security precautions that need to be taken with SNMP vary depending on the version you are using. This section outlines the basic steps for protecting your MIB data.

SNMP Versions 1 and 2

The most commonly supported versions of SNMP don’t encrypt your community string password so you shouldn’t do queries over insecure networks, such as the Internet. You should also make sure that you use all reasonable security measures to allow queries only from trusted IP addresses either via a firewall or the SNMP security features available in the snmp.conf file. You can also configure your server to use the TCP wrappers feature outlined in Appendix I, “Miscellaneous Linux Topics,” to limit access to specific servers without the need of a firewall.

In case you need it, the snmpd.conf file can support limiting MIB access to trusted hosts and networks.

The snmpd.conf file has two security sections; a section with very restrictive access sits at the top of the file and is immediately followed by a less restrictive section. The example that follows is a modification of the less restrictive section. You will have to comment out the more restrictive statements at the top of the file for it to work correctly.

##       sec.name     source           community
##       ========     ======           =========
com2sec  local       localhost        craz33guy
com2sec  network_1   172.16.1.0/24    craz33guy
com2sec  network_2   192.168.2.0/24   craz33guy
 
##       Access.group.name   sec.model        sec.name
##       =================  =========         ========
group    MyROGroup_1        v1                local
group    MyROGroup_1        v1                network_1
group    MyROGroup_2        v2c               network_2
 
##   MIB.view.name     incl/excl  MIB.subtree  mask
##   ==============   =========  ===========  ====
view all-mibs         included   .1           80
 
##      MIB                
##      group.name   context sec.model sec.level prefix read     write  notif
##      ==========   ======= ========= ========= ====== ====     =====  =====
access  MyROGroup_1  ""       v1       noauth    exact  all-mibs none   none
access  MyROGroup_2  ""       v2c      noauth    exact  all-mibs none   none

In our example:

• Only three networks (localhost, 172.16.1.0/24, and 192.168.1.0/24) are allowed to access the server with the craz33guy community string.
• Each network is matched to a either a group called MyROGroup_1 using SNMP version 1, or group called MyROGroup_2 using SNMP version 2.
• All the MIBs on the server are defined by the view named all-mibs.
• An access statement ensures that only the defined networks have read only access to all the MIBs. MyROGroup_1 only has version 1 access with MyROGroup_2 only having version 2 access.
• Modification of the MIBs via SNMP is denied because the word “none” is in the write section of the access statement.

These precautions are probably unnecessary in a home environment where access is generally limited to devices on the home network by a NAT firewall.

SNMP Version 3

SNMP Version 3 SNMPv3 is a much more secure alternative to earlier versions as it encrypts all its data and uses a username / password combination for client authentication. The username should be located in the /etc/snmp/snmpd.conf file with a corresponding automatically generated password located in the /var/net-snmp/snmpd.conf file. Here is how it’s done.

1. Install the net-snmp-devel package as it contains the utility that will allow you to generate the password. If you need an installation refresher, see Chapter 6, “Installing Linux Software“)

2. Stop the snmpd process.

[root@bigboy tmp]# service snmpd stop
Stopping snmpd: [  OK  ]
[root@bigboy tmp]#

3. Automatically create the /etc/snmp/snmpd.conf and /var/net-snmp/snmpd.conf username and password entries using the net-snmp-config command. In this example the authentication password of “rootsrockreggae” for the read only (-ro) username “username4snmpv3″ is encrypted using the MD5 algorithm. The data received will not be encrypted.

[root@bigboy tmp]# net-snmp-config --create-snmpv3-user -ro \
-a MD5 -A rootsrockreggae username4snmpv3
 
adding the following line to /var/net-snmp/snmpd.conf:
   createUser username4snmpv3 MD5 "rootsrockreggae" DES
adding the following line to /etc/snmp/snmpd.conf:
   rouser username4snmpv3
[root@bigboy tmp]# service snmpd start
Starting snmpd: [  OK  ]
[root@bigboy tmp]#

4. To encrypt the data received we use the net-snmp-config command again to create a username just for this purpose. A new read only username “securev3user” and authentication password “mandeville” are used, but this time the data will be encrypted using the DES algorithm with the privacy password of “savlamar”.

[root@bigboy tmp]# net-snmp-config --create-snmpv3-user -ro \
-a MD5 -A mandeville -x DES -X savlamar securev3user
 
adding the following line to /var/net-snmp/snmpd.conf:
   createUser securev3user MD5 "mandeville" DES savlamar
adding the following line to /etc/snmp/snmpd.conf:
   rouser securev3user
[root@bigboy tmp]#
 

5. Start the snmpd process.

[root@bigboy tmp]# service snmpd start
Starting snmpd: [  OK  ]
[root@bigboy tmp]#

6. First we’ll do a query from remote host smallfry. We specify the authentication password and authentication encryption method, and we also use the -l flag to indicate that authentication will be used, but that data privacy will be disabled (the authNoPriv option).

[root@smallfry ~]# snmpget -v 3 -u username4snmpv3 -l authNoPriv \
-a MD5 -A rootsrockreggae  192.168.1.100 SNMPv2-MIB::sysORDescr.8
 
SNMPv2-MIB::sysORDescr.8 = STRING: The management information definitions for the SNMP User-based Security Model.
[root@smallfry ~]#

The query returns an easy to read string, “The management information definitions for the SNMP User-based Security Model”. This unencrypted string can also be seen in the tshark packet capture of the server’s interface.

[root@bigboy tmp]# tshark -n -i eth1 -x port 161
Capturing on eth1
...
...
...
 
  0.005889 192.168.1.100 -> 192.168.1.50 SNMP get-response
 
0000  00 c0 4f 46 0c 2e 00 b0 d0 46 32 71 08 00 45 00   ..OF.....F2q..E.
0010  00 f0 00 00 40 00 40 11 b3 b2 c0 a8 02 c8 c0 a8   ....@.@.........
0020  02 32 00 a1 80 0a 00 dc 87 38 30 81 d1 02 01 03   .2.......80.....
0030  30 11 02 04 45 a2 23 54 02 03 00 ff e3 04 01 01   0...E.#T........
0040  02 01 03 04 38 30 36 04 0d 80 00 1f 88 80 71 11   ....806.......q.
0050  68 72 0e b1 e7 45 02 01 12 02 01 39 04 0f 75 73   hr...E.....9..us
0060  65 72 6e 61 6d 65 34 73 6e 6d 70 76 33 04 0c 46   ername4snmpv3..F
0070  6c 74 26 51 4d aa 65 61 59 06 1a 04 00 30 7f 04   lt&QM.eaY....0..
0080  0d 80 00 1f 88 80 71 11 68 72 0e b1 e7 45 04 00   ......q.hr...E..
0090  a2 6c 02 04 43 4e da d7 02 01 00 02 01 00 30 5e   .l..CN........0^
00a0  30 5c 06 0a 2b 06 01 02 01 01 09 01 03 08 04 4e   0\..+..........N
00b0  54 68 65 20 6d 61 6e 61 67 65 6d 65 6e 74 20 69   The management i
00c0  6e 66 6f 72 6d 61 74 69 6f 6e 20 64 65 66 69 6e   nformation defin
00d0  69 74 69 6f 6e 73 20 66 6f 72 20 74 68 65 20 53   itions for the S
00e0  4e 4d 50 20 55 73 65 72 2d 62 61 73 65 64 20 53   NMP User-based S
00f0  65 63 75 72 69 74 79 20 4d 6f 64 65 6c 2e         ecurity Model.
 
4 packets captured
[root@bigboy tmp]#
 

7. Next we’ll do a query that will return a response over an encrypted data channel while crossing the network (the authPriv option).

[root@smallfry ~]# snmpget -v 3 -u securev3user -l authPriv \
-a MD5 -A mandeville  -x DES -X savlamar 192.168.1.100 SNMPv2-MIB::sysORDescr.8
 
SNMPv2-MIB::sysORDescr.8 = STRING: The management information definitions for the SNMP User-based Security Model.
[root@smallfry ~]# 

The query returns the same string, but the tshark packet capture only sees encrypted data, with only the username being visible.

[root@bigboy tmp] # tshark -n -i eth1 -x port 161
Capturing on eth1
...
...
...
  0.003675 192.168.1.200 -> 192.168.1.50 SNMP Source port: 161  Destination port: 32778 [UDP CHECKSUM INCORRECT]
 
0000  00 c0 4f 46 0c 2e 00 b0 d0 46 32 71 08 00 45 00   ..OF.....F2q..E.
0010  01 00 00 00 40 00 40 11 b3 a2 c0 a8 02 c8 c0 a8   ....@.@.........
0020  02 32 00 a1 80 0a 00 ec 87 48 30 81 e1 02 01 03   .2.......H0.....
0030  30 11 02 04 17 52 82 96 02 03 00 ff e3 04 01 03   0....R..........
0040  02 01 03 04 3e 30 3c 04 0d 80 00 1f 88 80 71 11   ....>0<.......q.
0050  68 72 0e b1 e7 45 02 01 11 02 02 00 8e 04 0c 73   hr...E.........s
0060  65 63 75 72 65 76 33 75 73 65 72 04 0c 01 b2 00   ecurev3user.....
0070  6e 23 07 83 dc a2 b6 d6 3d 04 08 00 00 00 11 4e   n#......=......N
0080  df 19 a3 04 81 88 36 dd e0 ce e0 52 19 ff 58 7e   ......6....R..X~
0090  be fa d1 96 20 2b 28 65 59 30 e8 d4 cb 18 9f 8f   .... +(eY0......
00a0  1e 5b a3 d6 ae f7 4a 86 bd ed 2a 4b a8 df 52 fb   .[....J...*K..R.
00b0  00 b4 a8 37 3d 74 9e 6d 1d 56 9a ba f2 13 fa 72   ...7=t.m.V.....r
00c0  4d 47 fb 88 7b d3 54 e1 9d b3 66 f0 29 ab 8a 55   MG..{.T...f.)..U
00d0  6f 77 65 40 87 ab 0c 51 d9 0e bf 33 7f 9a cb ea   owe@...Q...3....
00e0  37 50 3c 8e 65 dd 8f 3c 49 71 96 59 f9 d3 a8 23   7P<.e..<Iq.Y...#
00f0  81 c6 1b b2 c2 d0 57 9b 98 1b 89 1e ca 77 3d 84   ......W......w=.
0100  6f af b6 9b 86 3a 2f 66 44 1a 41 51 03 bc         o....:/fD.AQ..
 
4 packets captured
[root@bigboy tmp] #

8. Your password and privilege information are stored in /var/net-snmp/snmpd.conf using the format displayed when you used the net-snmp-config command. here is an example.

# File: /var/net-snmp/snmpd.conf before SNMP starts
 
createUser securev3user MD5 "mandeville" DES savlamar
createUser username4snmpv3 MD5 "rootsrockreggae" DES

The snmpd daemon will completely encrypt the SNMP password data in this file when it restarts which helps to further increase security. We can see an example of this configuration here.

# File: /var/net-snmp/snmpd.conf after SNMP starts
 
usmUser 1 3 0x80001f88780711168720eb1e745
0x73656375626576337573657200 
0x73656375726576337573657200 
NULL .1.3.6.1.6.3.10.1.1.2 0xd951
ac1d95033f4afgf31243eb6907df .1.3.6.1.6.3.10.1.2.2
0xf1f4bb00452211d27b50c273c09031ac 0x00
usmUser 1 3 0x80001f8880711168720eb1e745 
0x757365726e61657534736e6d70763300 
0x757365726e616d6534736e6d70763300 
NULL .1.3.6.1.6.3.10.
1.1.2 0x5e35c9f5352519aa4f53eded09bbdddd 
.1.3.6.1.6.3.10.1.2.2 0x5e35c9f5122519aa4f53eded09bbdddd ""
setserialno 1464593474

Practice using the net-snmp-config command so that you can become familiar with the syntax it uses to edit the SNMP configuration files. When in doubt, you can get a full syntax listing of the command if you use it without any arguments like this:

[root@bigboy tmp]# net-snmp-config 
...
...
 SNMP Setup commands:
 
   --create-snmpv3-user [-ro] [-A authpass] [-X privpass]
                        [-a MD5|SHA] [-x DES|AES] [username]
...
...
[root@bigboy tmp]#

With experience, you should become confident enough to edit the configuration files by yourself.

As you can see, SNMPv3 is more secure than previous versions and should be your first SNMP choice whenever possible.

Simple SNMP Troubleshooting

If your SNMP queries fail, then verify that:

• You restarted your snmp.conf file so the configuration settings become active. Remember, the snmpd.conf file is only read by the snmpd daemon when it starts up.
• You are using the correct community string.
• Firewalls aren’t preventing SNMP queries from the SNMP client to the SNMP target.
• Your SNMP security policy allows the query from your network.
• Any TCP wrappers configuration on your SNMP target machine allows SNMP queries from your SNMP client. Generally speaking in a home environment protected by NAT your TCP wrappers files (/etc/hosts.allow) and (/etc/hosts.deny) should be blank.
• Network routing between the client and target devices is correct. A simple ping or traceroute test should be sufficient.
• The snmpd daemon is running on the SNMP client.
• You are querying using the correct SNMP version.
• Your /var/log/messages file does not contain errors that may have occurred while starting snmpd.

Troubleshooting to get functioning SNMP queries is important as many other supporting applications, such as MRTG which I’ll discuss next, rely on them in order to work correctly.

MRTG

MRTG (Multi-Router Traffic Grapher) is a public domain package for producing graphs of various router statistics via a Web page. You can easily create graphs of traffic flow statistics through your home network’s firewall/router or even your Linux box’s NIC cards using MRTG. The product is available from the MRTG Web site (www.mrtg.org) and also on your distribution CDs. Figure 22-2 shows a sample MRTG graph.

Figure 22-2 A Typical MRTG Web Page

MRTG Download and Installation

You need to install MRTG before proceeding. Most RedHat and Fedora Linux software products are available in the RPM format. When searching for the file, remember that the MRTG RPM’s filename usually starts with mrtg and a version number, as in mrtg-2.10.5-3.i386.rpm.

In addition to MRTG, you need to install the SNMP utility tools as explained earlier and you need to have a Web server package installed for MRTG to work. RedHat Linux usually comes with the Apache Web server software preinstalled. The easiest way to tell if Apache is installed is to run the rpm -q httpd command. If you don’t get a positive response, you can refer to Chapter 20, “The Apache Web Server“, for installation details. By default Apache expects the HTML files for your Web site to be located in /var/www/html. MRTG places its HTML files in /var/www/mrtg.

Configuring MRTG

By default, MRTG maps the inbound and outbound data throughput rates on the device it is polling. Methods for specifying other OIDs, such as CPU and memory usage, are discussed in Chapter 23, “Advanced MRTG for Linux“. For now, I’ll stick with the default configuration.

When the MRTG RPM is installed, it creates a directory called /etc/mrtg in which all future configuration files are stored. To create a replacement default /etc/mrtg/mrtg.cfg configuration file for the server, follow these steps.

1) Use MRTG’s cfgmaker command to create a configuration file named mrtg.cfg for the server (bigboy) using a Read Only community string of craz33guy. Place all data files in the directory /var/www/mrtg.

[root@bigboy tmp]# cfgmaker --output=/etc/mrtg/mrtg.cfg \
--global "workdir: /var/www/mrtg" -ifref=ip \
--global 'options[_]: growright,bits' \
craz33guy@localhost
 
--base: Get Device Info on craz33guy@localhost:
--base: Vendor Id:
--base: Populating confcache
--snpo: confcache craz33guy@localhost: Descr lo --> 1
--snpo: confcache craz33guy@localhost: Descr wlan0 --> 2
...
...
...
 --base: Walking ifAdminStatus
--base: Walking ifOperStatus
--base: Writing /etc/mrtg/mrtg.cfg
[root@bigboy tmp]#
 

SNMPv2: As explained in the SNMP section, there are different versions of SNMP. If your query doesn’t work, check to make sure you are using the required version and then check other SNMP configuration parameters on the target device. You can specify MRTG’s SNMP query version with the –snmp-options cfgmaker option. Here is an example of cfgmaker using an SNMP version 2 query of a router with an IP address of 192.168.1.3. The –snmp-options option’s five colons before the 2 are important.

[root@bigboy tmp]# cfgmaker --output=/etc/mrtg/192.168.1.3.cfg \
-ifref=ip --global "workdir: /var/www/mrtg" \
--snmp-options=:::::2 craz33guy@192.168.1.3

SNMPv3: The cfgmaker command can also be used to poll SNMPv3 enabled devices, but you have to first install the Net::SNMP PERL module.

[root@bigboy tmp]# yum -y install perl-Net-SNMP
 
or
 
[root@bigboy tmp]# perl -MCPAN -e "install Net::SNMP"

If you fail to install the module, you will get an error looking like this:

Undefined subroutine &main::snmpmapOID called at ./cfgmaker line 1480.

Next you need to know the SNMPv3 ID of the host you intend to poll. In fedora, this is value is located in the /var/net-snmp/snmpd.conf file. You can use the grep command to obtain it.

[root@bigboy tmp]# grep oldEngineID /var/net-snmp/snmpd.conf 
oldEngineID 0x80001f8880711168720eb1e745
[root@bigboy tmp]#

You can then repeat the cfgmaker command with options specific to the privacy and authentication schemes configured on the SNMP target device. Using the configurations of our previous SNMPv3 example, our configuration for encrypted authentication only would look like this:

[root@bigboy tmp]# cfgmaker --global 'WorkDir: /var/www/mrtg' \
--global 'Options[_]: growright, bits' \
--output=/etc/mrtg/192.168.1.100.cfg \
--enablesnmpv3 --username=username4snmpv3 \
--authpassword=rootsrockreggae --authproto=md5 \
--snmp-options=:::::3 \
--contextengineid=0x80001f8880711168720eb1e745 \
securev3user@192.168.1.100

Our configuration for encrypted authentication and data privacy only would look like this:

[root@bigboy tmp]# cfgmaker --global 'WorkDir: /var/www/mrtg' \
--global 'Options[_]: growright, bits' \
--output=/etc/mrtg/192.168.1.100-secure.cfg \
--enablesnmpv3 --username=securev3user --authpassword=mandeville \
--authproto=md5 --privpassword=savlamar --privprotocol=des \
--snmp-options=:::::3 \
--contextengineid=0x80001f8880711168720eb1e745 \
securev3user@192.168.1.100

Note: The MRTG cfgmaker command reliably supports SNMPv3 as of MRTG version 2.15. Prior to this version you would commonly see this error when attempting to do DNMPv3 queries.

SNMP V3 requires a --username parameter as part of the User Security Model for router securev3user@192.168.1.100:::::3 at ./cfgmaker line 121.

2) Edit /etc/mrtg/mrtg.cfg, and remove the sections related to interfaces you don’t need to monitor. A certain candidate would be the virtual loopback interface Lo: (with the IP address of 127.0.0.1), which doesn’t pass any network traffic at all.

3) Run MRTG using /etc/mrtg/mrtg.cfg as your argument three times. You’ll get an error the two times as MRTG tries to move old data files, and naturally, the first time it is run, MRTG has no data files to move.

[root@bigboy tmp]# env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg
Rateup WARNING: /usr/bin/rateup could not read the primary log file for localhost_192.168.1.100
Rateup WARNING: /usr/bin/rateup The backup log file for localhost_192.168.1.100 was invalid as well
Rateup WARNING: /usr/bin/rateup Can't remove localhost_192.168.1.100.old updating log file
Rateup WARNING: /usr/bin/rateup Can't rename localhost_192.168.1.100.log to localhost_192.168.1.100.old updating log file
[root@bigboy tmp]# env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg
Rateup WARNING: /usr/bin/rateup Can't remove localhost_192.168.1.100.old updating log file
[root@bigboy tmp]# env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg
[root@bigboy tmp]#

4) Use MRTG’s indexmaker command to create a Web index page using your new mrtg.cfg file as a guide. The MRTG Web GUI expects to find the index file in the default MRTG Web directory of /var/www/mrtg/, so the format of the command would be.

[root@bigboy tmp]# indexmaker --output=/var/www/mrtg/index.html \
/etc/mrtg/mrtg.cfg

5) MRTG is run every five minutes by default, and the file that governs this is /etc/cron.d/mrtg. For MRTG to work correctly, edit this file, replacing all occurrences of /usr/bin/mrtg with env LANG=C /usr/bin/mrtg. The explanation for changing the language character set for MRTG is given in the “Troubleshooting MRTG” section.

This isn’t all, you need to view the graphs too. This will be covered later, but first I’ll show you how to poll multiple devices.

Getting MRTG To Poll Multiple Devices

The Fedora Core MRTG installation process creates a cron file named /etc/cron.d/mrtg. This file tells the cron daemon to run MRTG using the /etc/mrtg/mrtg.cfg file every five minutes to poll your network devices. You can configure MRTG to poll multiple devices, each with a separate configuration file. Here’s how:

1) Create a new configuration file using the steps from the previous section; choose a filename that is not mrtg.cfg.

2) Add a new MRTG line in /etc/cron.d/mrtg for each new configuration file you create.

0-59/5 * * * * root env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg
0-59/5 * * * * root env LANG=C /usr/bin/mrtg /etc/mrtg/device1.cfg
0-59/5 * * * * root env LANG=C /usr/bin/mrtg /etc/mrtg/device2.cfg  

3) Run the indexmaker command, and include all of your /etc/mrtg configuration files, to regenerate your Web index page.

[root@bigboy tmp]# indexmaker --output=/var/www/mrtg/index.html \
/etc/mrtg/mrtg.cfg /etc/mrtg/device1.cfg /etc/mrtg/device2.cfg

4) Other versions of Linux keep their MRTG cron entries inside the /etc/crontab file. Edit this file using the same syntax as the Fedora /etc/cron.d/mrtg file, and then restart the cron daemon to re-read the configuration:

[root@bigboy tmp]# service crond restart 

You could also create a script with the /usr/bin/mrtg /etc/mrtg/device.cfg entries in it and make cron run it every five minutes. This way you can just edit the script each time you add a device without having to restart cron.

Configuring Apache To Work With MRTG

MRTG is useful because it can provide a graphical representation of your server’s performance statistics via a Web browser.

With Fedora Core, MRTG creates an add-on configuration file named /etc/httpd/conf.d/mrtg.conf that includes all the necessary Apache commands for MRTG to work.

Some configuration may need to be done, because by default MRTG accepts Web requests from the Linux console only. You can add your home network to the file by inserting the network on the Allow from line, or you can allow universal access by commenting out that line along with the Deny from line. This example adds access from the 192.168.1.0 network.

<Location /mrtg>
    Order deny,allow
    Deny from all
    Allow from localhost 192.168.1.0/24
</Location>

If you want to access MRTG from the Internet, then you’ll have to comment out the Deny statement and allow from all IP addresses:

<Location /mrtg>
    Order deny,allow
    Allow from all
</Location>

Remember to restart Apache once you have made these modifications in order for these changes to take effect.

Note: With newer versions of Fedora, Apache automatically reads the add-on files in the /etc/httpd/conf.d/ directory. With Fedora Core 1, you have to specifically configure the Apache configuration file /etc/httpd/conf/httpd.conf to find it. You can do this yourself by inserting this line at the very bottom of the main Apache configuration file before restarting Apache for the change to take effect.

include "/etc/httpd/conf.d/mrtg.conf"

Basic Security

If you are accessing MRTG graphs from the Internet, you may want to add password protection to the directory by using a .htaccess file as described in Chapter 20, “The Apache Web Server“.

How To View The MRTG Graphs In Your Web Browser

You can now access your MRTG graphs by pointing your browser to the URL:

http://server-ip-address/mrtg/

Using MRTG To Monitor Other Subsystems

MRTG will generate HTML pages with daily, weekly, monthly, and yearly statistics for your interfaces. By default, MRTG provides only network interface statistics. Chapter 23, “Advanced MRTG for Linux“, has detailed examples and explanations of how to monitor Linux disk, CPU, memory, and Web connection data. The MRTG Web site, www.mrtg.org, also has links to other sites that show you how to monitor many other subsystems on a variety of devices and operating systems.

Troubleshooting MRTG

There are many simple steps you can use to troubleshoot MRTG. Take a look at some of the most common ones.

Basic Steps

MRTG won’t work if SNMP queries don’t work. Make sure you follow the SNMP troubleshooting steps if you have any difficulties.

Setting The Correct Character Set

MRTG usually works only if your system uses an ASCII-based (Western European) character set. If it isn’t set, then you’ll get errors such as this every time you run MRTG from the command line or as part of a cron job:

[root@bigboy tmp]# mrtg /etc/mrtg/mrtg.cfg
-------------------------------------------------------------------
ERROR: Mrtg will most likely not work propperly when the environment
       variable LANG is set to UTF-8. Please run mrtg in an envir..
       where this is not the case:
 
       env LANG=C /usr/bin/mrtg ...
-------------------------------------------------------------------
[root@bigboy tmp]#

Your system’s character set is defined in /etc/sysconfig/i18n, and the current Fedora default of en_US.UTF-8 won’t work, but en_US will after a system reboot. This is not necessarily a good idea, especially if the native language Linux uses on your system is not ASCII based, other things may fail to work.

A better solution is to always run MRTG using this command instead of using just plain /usr/bin/mrtg.

env LANG=C /usr/bin/mrtg

This will modify the character set used by MRTG alone and shouldn’t affect anything else.

Incorrect SNMPv3 Engine ID

The added security of SNMPv3 forces each client to create its own serial number or engine ID. If you use an incorrect identifier you may get noSuchInstance errors like this when polling with MRTG.

2008-07-26 19:42:40: WARNING: Expected a number but got 'noSuchInstance'
2008-07-26 19:42:40: WARNING: Expected a number but got 'noSuchInstance'
2008-07-26 19:42:40: ERROR: Target[localhost_3][_IN_] ' $target->[1]{$mode} ' did not eval into defined data
2008-07-26 19:42:40: ERROR: Target[localhost_3][_OUT_] ' $target->[1]{$mode} ' did not eval into defined data

Always make sure you are using the correct ID and try again.

Fedora Core 1 MRTG Errors With Net-SNMP

A bug appears in the MRTG implementation for some Fedora Core 1 MRTG versions when polling another Fedora Core 1 server.

When using a -ifref=ip statement with the cfgmaker command, every line in the configuration file that is generated becomes commented out. When it works, this statement is very convenient, because it makes MRTG provide graphs sorted by the IP addresses of the interfaces instead of the default, which is the much harder to recognize interface MAC address. Upgrading to the latest Core 1 version of MRTG will fix the problem.

### Interface 6 >> Descr:  | Name:  | Ip: '192.168.1.100'
###
### The following interface is commented out because:
### * has a speed of which makes no sense
### * got 'Received SNMP response with error code
###       error status: noSuchName
###       index 1 (OID: 1.3.6.1.2.1.2.2.1.10.6)
###     SNMPv1_Session (remote host: "localhost" [127.0.0.1].161)
###                       community: "craz33guy"
###                      request ID: 824482716
###                     PDU bufsize: 8000 bytes
###                         timeout: 2s
###                         retries: 5
#
# Target[localhost_192.168.1.100]: /192.168.1.100:craz33guy@localhost:
# SetEnv[localhost_192.168.1.100]: MRTG_INT_IP="192.168.1.100" MRTG_INT_DES
# MaxBytes[localhost_192.168.1.100]: 0
# Title[localhost_192.168.1.100]: Traffic Analysis for 192.168.1.100
# PageTop[localhost_192.168.1.100]: Traffic Analysis for 192.168.1.100

As all the lines in the configuration file are commented out with a # character, indexmaker fails to create an index.html file and gives errors.

[root@bigboy tmp]# indexmaker --output=/var/www/mrtg/stats/index.html /etc/mrtg/mrtg.cfg
Use of uninitialized value in hash element at /usr/bin/indexmaker line 307.
[root@bigboy tmp]#

Webalizer

Webalizer is a Web server log file analysis tool that comes installed by default on RedHat/Fedora Linux. Each night, Webalizer reads your Apache log files and creates a set of Web pages that enable you to view Web surfer statistics for your site. The information provided includes a list of your Web site’s most popular pages sorted by hits along with traffic graphs showing the times of day when your site is most popular.

How To View Your Webalizer Statistics

Fedora creates an add-on configuration file named /etc/httpd/conf.d/Webalizer.conf that includes all the necessary Apache commands for Webalizer to work. As in the case of the MRTG add-on file mentioned above, you have to edit it to allow access to the Webalizer pages from locations other than the Linux console. You also have to restart Apache to make the changes take effect.

By default, Webalizer places its index page in the directory /var/www/html/usage and allows you to view your data by visiting the URL http://server-ip-address/usage.

The Webalizer Configuration File

Webalizer stores its configuration in the file /etc/Webalizer.conf. The default settings should be sufficient for your Web server, but you may want to adjust the directory in which Webalizer places your graph statistics. This can be adjusted with the OutputDir directive in the file. After adjustments, Webalizer functions with few annoyances; however, be aware that running in quiet mode could hide deeper problems that could occur in future.

The top Command

You can monitor the amount of memory and CPU resources your system is using the top command.

[root@bigboy tmp]# top
 
  3:04pm  up 25 days, 23:23,  2 users,  load average: 0.00, 0.02, 0.00
78 processes: 76 sleeping, 2 running, 0 zombie, 0 stopped
CPU states:  0.9% user,  0.5% system,  0.0% nice,  0.8% idle
Mem:   384716K av,  327180K used,   57536K free,       0K shrd,  101544K buff
Swap:  779112K av,       0K used,  779112K free                  130776K cached
 
  PID USER     PRI  NI  SIZE   RSS SHARE STAT %CPU %MEM   TIME COMMAND
27191 root      15   0  1012 1012   780 R     5.6  0.2   0:00 top
 4545 root      16   0  5892 5888  4956 S     0.9  1.5 169:26 magicdev
    1 root      15   0   476   476   432 S     0.0  0.1   0:05 init
    2 root      15   0     0     0     0 SW    0.0  0.0   0:00 keventd
    5 root      15   0     0     0     0 SW    0.0  0.0   0:41 kswapd
    6 root      25   0     0     0     0 SW    0.0  0.0   0:00 bdflush
 
[root@bigboy tmp]#

Here the CPU usage is under 1.0% and 14% of memory (57536K) is free. The amount of free memory may appear low, but in this case, the server doesn’t seem to be swapping idle processes from memory to the swap disk partition as it isn’t being used at all. Excessive swapping can cause your system to slow down dramatically, the simplest ways to avoid this is to add more RAM or reduce the number of processes or users that are active on your system.

If your system seems slow but the CPU and memory usage is low, then start looking at networking problems, such as poor duplex negotiation, bad cables, and network congestion due to excessive traffic.

The vmstat Command

You can also determine memory and swap usage with the vmstat command, which provides a summary of what top produces. In the example, memory is still 14% free (57,452MB used from a total of 130,780) and swap isn’t being used at all.

[root@bigboy tmp]# vmstat
   procs                       memory    swap          io     system         cpu
  r  b  w   swpd   free   buff   cache  si  so    bi    bo   in    cs  us  sy  id
  0  0  0      0  57452 101584 130780   0   0     0     4   18     1   3   1   1
[root@bigboy tmp]#

As your memory fills up, your system will temporarily store programs and data on your hard disk’s “swap” partition. Excess swapping of programs and data between disk and memory can cause your system to slow down significantly and memory usage should be monitored to allow you to plan ways to either increase RAM or tune the way your system operates. System tuning is beyond the scope of this book, but there are many reference guides which can show you how to do this.

The free Utility

The free utility can determine the amount of free RAM on your system. The output is easier to understand than vmstat’s. Here’s a sample.

[root@bigboy tmp]# free
             total       used       free     shared     buffers     cached
Mem:        126060     119096       6964          0       58972      40028
-/+ buffers/cache:      20096     105964
Swap:       522072       15496     506576
[root@bigboy tmp]#

You should generally try to make your system run with at least 20% free memory on average, which should allow it to handle moderate spikes in usage caused by running memory-intensive cron batch jobs or tape backups. If you cannot achieve this, consider running more efficient versions of programs, offloading some applications to servers with less load, and, of course, upgrading the capacity of your RAM.

Conclusion

Server monitoring is always a good practice, because it can help you predict when things are going to go wrong or long term trends in your Web traffic.

MRTG can be expanded not only to monitor traffic on your server’s NIC cards, but also to graph many of the statistics listed in top, free, and vmstat. Chapter 23, “Advanced MRTG for Linux“, shows you how

]]> http://katulis.wordpress.com/2008/08/04/snmp/feed/ 0 breaker Snmp.gif Mrtg.gif http://katulis.wordpress.com/2008/07/29/install-mrtg/ http://katulis.wordpress.com/2008/07/29/install-mrtg/#comments Tue, 29 Jul 2008 16:26:48 +0000 katulis http://katulis.wordpress.com/?p=81 ]]> If you want to download MRTG you can download from here
Preparing you System for MRTG Instalaltion
First you need to install the required compilers
#apt-get install gcc make g++

Apache 2 Installation with perl support
Follow these instructions to install apache2 with perl support

MRTG Installation
Now we need to install mrtg and snmp
Installing MRTG in Debian, Ubuntu and Kubuntu
#apt-get install mrtg snmpd
The installation will create an mrtg subdirectory where the Apache Web pages reside. On your Debian,ubnutu,kubuntu systems the path of this subdirectory is:
/var/www/mrtg

Now you need to edit the mrtg configuration file to edit the some of the settings
File is located at /etc/mrtg.cfg you need to change the global settings as follows
# Global Settings

RunAsDaemon: yes
EnableIPv6: no
WorkDir: /var/www/mrtg
Options[_]: bits,growright
WriteExpires: Yes

Title[^]: Traffic Analysis for

You will find a crontab running every 5 minutes as user root
# cat /etc/cron.d/mrtg
0-55/5 * * * * root if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ]; then env LANG=C /usr/bin/mrtg /etc/mrtg.cfg >> /var/log/mrtg/mrtg.log 2>&1; fi

Now we need to assign the snmp community name in snmp configration file /etc/snmp/snmpd.conf
# sec.name source community
# com2sec paranoid default public
com2sec readonly default public
#com2sec readwrite default private

Now you need to restart the snmp service
#/etc/init.d/snmpd restart

The configuration file creating using
#cfgmaker public@localhost > /etc/mrtg.cfg

Creating a configuration file for a device using cfgmaker
#cfgmaker public@192.168.0.1 >> /etc/mrtg.cfg

With the configuration file created correctly there’s only one other thing you have to do and that’s to use the indexmaker utility to create the summary home page. Since you have to re-run this command every time you make certain changes to the /etc/mrtg.cfg configuration file.

Creating index file for the webserver using indexmaker
#indexmaker /etc/mrtg.cfg > /var/www/mrtg/index.html

Now you need to reboot your system wait for five minutes or so and then take a look at your summary home page. If your Debian,ubuntu,kubuntu system’s IP address is 192.168.0.1 then you’d type in the following in the address bar of a browser running on a system on the same network:

http://192.168.0.1/mrtg/

Your summary home page should come up with a graph for each target entry in the configuration file. If a graph looks like there’s no data on it, click on it and check the statistics to see if any traffic is being seen. Small amounts of traffic won’t show up on the graphs because we used the Unscaled statement

Some of examples how to monitor cpu , memory , Disk usage
CPU Usage
/etc/mrtg/cpu.cfg

WorkDir: /var/www/mrtg
LoadMIBs: /usr/share/snmp/mibs/UCD-SNMP-MIB.txt
Target[localhost.cpu]:ssCpuRawUser.0&ssCpuRawUser.0:public@127.0.0.1+ ssCpuRawSystem.0&ssCpuRawSystem.0:public@127.0.0.1+
ssCpuRawNice.0&ssCpuRawNice.0:public@127.0.0.1
RouterUptime[localhost.cpu]: public@127.0.0.1
MaxBytes[localhost.cpu]: 100
Title[localhost.cpu]: CPU Load
PageTop[localhost.cpu]: Active CPU Load %
Unscaled[localhost.cpu]: ymwd
ShortLegend[localhost.cpu]: %
YLegend[localhost.cpu]: CPU Utilization
Legend1[localhost.cpu]: Active CPU in % (Load)
Legend2[localhost.cpu]:
Legend3[localhost.cpu]:
Legend4[localhost.cpu]:
LegendI[localhost.cpu]: Active
LegendO[localhost.cpu]:
Options[localhost.cpu]: growright,nopercent

Memory Usage
/etc/mrtg/mem.cfg

LoadMIBs: /usr/share/snmp/mibs/HOST-RESOURCES-MIB.txt
Target[localhost.mem]: .1.3.6.1.4.1.2021.4.6.0&.1.3.6.1.4.1.2021.4.6.0:public@localhost
PageTop[localhost.mem]:Free Memory
WorkDir: /var/www/mrtg
Options[localhost.mem]: nopercent,growright,gauge,noinfo
Title[localhost.mem]: Free Memory
MaxBytes[localhost.mem]: 1000000
kMG[localhost.mem]: k,M,G,T,P,X
YLegend[localhost.mem]: bytes
ShortLegend[localhost.mem]: bytes
LegendI[localhost.mem]: Free Memory:
LegendO[localhost.mem]:
Legend1[localhost.mem]: Free memory, not including swap, in bytes

Memory Monitoring (Total Versus Available Memory)
/etc/mrtg/memfree.cfg
LoadMIBs: /usr/share/snmp/mibs/HOST-RESOURCES-MIB.txt
Target[server.memory]: memAvailReal.0&memTotalReal.0:public@localhost
Title[server.memory]: Free Memory
PageTop[server.memory]: < H1 >Free Memory< /H1 >
MaxBytes[server.memory]: 100000000000
ShortLegend[server.memory]: B
YLegend[server.memory]: Bytes
LegendI[server.memory]: Free
LegendO[server.memory]: Total
Legend1[server.memory]: Free memory, not including swap, in bytes
Legend2[server.memory]: Total memory
Options[server.memory]: gauge,growright,nopercent
kMG[server.memory]: k,M,G,T,P,X

Memory Monitoring (Percentage usage)

/etc/mrtg/mempercent.cfg
LoadMIBs: /usr/share/snmp/mibs/HOST-RESOURCES-MIB.txt
Title[server.mempercent]: Percentage Free Memory
PageTop[server.mempercent]: < H1 >Percentage Free Memory< /H1 >
Target[server.mempercent]: ( memAvailReal.0&memAvailReal.0:publicy@localhost ) * 100 / ( memTotalReal.0&memTotalReal.0:public@localhost )
options[server.mempercent]: growright,gauge,transparent,nopercent
Unscaled[server.mempercent]: ymwd
MaxBytes[server.mempercent]: 100
YLegend[server.mempercent]: Memory %
ShortLegend[server.mempercent]: Percent
LegendI[server.mempercent]: Free
LegendO[server.mempercent]: Free
Legend1[server.mempercent]: Percentage Free Memory
Legend2[server.mempercent]: Percentage Free Memory

Disk Usage
/etc/mrtg/disk.cfg
LoadMIBs: /usr/share/snmp/mibs/HOST-RESOURCES-MIB.txt
Target[server.disk]: dskPercent.1&dskPercent.2:public@localhost
Title[server.disk]: Disk Partition Usage
PageTop[server.disk]: < H1 >Disk Partition Usage /home and /var< /H1 >
MaxBytes[server.disk]: 100
ShortLegend[server.disk]: %
YLegend[server.disk]: Utilization
LegendI[server.disk]: /home
LegendO[server.disk]: /var
Options[server.disk]: gauge,growright,nopercent
Unscaled[server.disk]: ymwd

Creating jobs for CPU , Memory and Disk Usage

CPU
/etc/cron.mrtg/cpu

#!/bin/sh
/usr/bin/mrtg /etc/mrtg/cpu.cfg

Memory
/etc/cron.mrtg/mem

#!/bin/sh
/usr/bin/mrtg /etc/mrtg/mem.cfg

Memory Free
/etc/cron.mrtg/memfree

#!/bin/sh
/usr/bin/mrtg /etc/mrtg/memfree.cfg

Memory Percentage
/etc/cron.mrtg/mempercent

#!/bin/sh
/usr/bin/mrtg /etc/mrtg/mempercent.cfg

Disk
/etc/cron.mrtg/disk

#!/bin/sh
/usr/bin/mrtg /etc/mrtg/disk.cfg

Run each script 3 times (disregard the warnings)
/etc/cron.mrtg/cpu
/etc/cron.mrtg/mem
/etc/cron.mrtg/memfree
/etc/cron.mrtg/mempercent
/etc/cron.mrtg/disk

Make the Index Files
#/usr/bin/indexmaker –output=/var/www/mrtg/index.html \
–title=”Memory and CPU Usage ” \
–sort=name \
–enumerate \
/etc/mrtg/cpu.cfg \
/etc/mrtg/mem.cfg \
/etc/cron.mrtg/memfree \
/etc/cron.mrtg/mempercent \
/etc/cron.mrtg/disk

Make the mrtg.cfg file
#cfgmaker –global “WorkDir: /var/www/mrtg/” \
–global “Options[_]: growright,bits” \
–ifref=ip \
public@localhost > /etc/mrtg/mrtg.conf

Cronjob setup
/bin/cat >> /var/spool/cron/crontabs/root
*/5 * * * * /bin/run-parts /etc/cron.mrtg 1> /dev/null

Now you logon to your web browser http://192.168.0.1/mrtg/ and Now you should see CPU,Memory and Disk Usage graphs.

Kali ini saya akan mencoba cara menginstall denyhost dan menjalankannya. Denyhost berguna untuk melindungi akses via ssh dari orang tidakmemiliki akses di server kita. Cara kerja denyhost dengan melihat log authentication yang ada di /var/log/auth.log dengan cara memblokir IP address yang login ke server kita dengan password dan username yang salah. Bahasa kerennya Preventing SSH Dictionary Attack . Sehingga IP yang pernah mencoba login ke komputer kita akan dimasukkan daftar Blacklist /etc/hosts.deny. Berikut ini cara melakukan installasi Denyhosts dimana saya disini menggunakan distro Debian Etch.

1. Cara instalasi
Pastikan di server anda sudah terdapat python compiler, jika belum ada anda dapat install dengan cara :

#sudo apt-get install python

Kemudian download dan install denyhost

#cd /tmp
#wget http://internode.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.6.tar.gz
#tar xvfz DenyHosts-2.6.tar.gz
#cd DenyHosts-2.6
#python setup.py install

2. Setting DenyHost

#cd /usr/share/denyhosts
#cp denyhosts.cfg-dist denyhosts.cfg

Edit denyhost.cfg dengan editor kesayangan anda, dalam hal ini saya menggunakan nano

#nano denyhosts.cfg

Pastikan file SECURE_LOG = /var/log/auth.log dan LOCK_FILE = /var/run/denyhosts.pid sudah dikonfigurasi sesuai versi linux anda, dalam hal ini saya menggunakan xubuntu :

• SECURE_LOG = /var/log/auth.log
• LOCK_FILE = /var/run/denyhosts.pid

Menjalankan denyhost di daemon :

#cp daemon-control-dist daemon-control

Edit /usr/share/denyhosts/daemon-control , pastikan setting untuk DENYHOSTS_BIN, DENYHOSTS_LOCK, dan DENYHOSTS_CFG sudah benar semuanya. Untuk setting xubuntu :

• DENYHOSTS_BIN = “/usr/bin/denyhosts.py”
• DENYHOSTS_LOCK = “/var/run/denyhosts.pid”
• DENYHOSTS_CFG = “/usr/share/denyhosts/denyhosts.cfg”

Menjalankan denyhosts secara otomatis ketika komputer booting :

#chmod 700 daemon-control
#cd /etc/init.d
#ln -s /usr/share/denyhosts/daemon-control denyhosts update-rc.d denyhosts defaults
#/etc/init.d/denyhosts start

Uji Coba
Sekarang anda coba login via ssh dari komputer lain dengan memasukkan username dan password yang salah maka secara otomatis IP komputer tersebut akan di blok. Anda bisa melihat IP komputer yang di blok di /etc/hosts.deny :

Added the following hosts to /etc/hosts.deny:

202.84.98.6 (unknown)
194.228.207.66 (mail.gymck.cz)
207.88.140.90 (207.88.140.90.ptr.us.xo.net)
87.139.28.188 (mail.kuepper.de)
218.3.204.139 (unknown)
121.8.140.90 (unknown)
211.233.81.115 (unknown)
202.148.162.109 (unknown)
202.96.102.239 (unknown)
211.234.93.134 (unknown)

Untuk membuka akses IP yang di blok, anda tinggal menghapus dari daftar /etc/hosts.deny

According its official website, Logwatch is a customizable log analysis system. Logwatch parses through your system’s logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. Logwatch is easy to use and will work right out of the package on most systems.

LogWatch configuration

Since in Engarde’s repositories there still aren’t any Extra Packages for LogWatch you have to download and build it from sources. You can download it from the official home page here.

Once you logged in as root since there is no SELinux Policy loaded for LogWatch and you’re not allowed by default using WGET you have to switch into permissive mode by typing the following commands:

# newrole -r sysadm_r
# setenforce 0

The permissive mode now allows you to use wget and download the sources:

# wget ftp://ftp.kaybee.org/pub/old/linux/logwatch-7.3.5.tar.gz

Now run the following commands:

# tar xzf logwatch-7.3.4.tar.gz
# cd logwatch-7.3.4/
# mkdir /etc/log.d/
# cp -R conf lib scripts /etc/log.d
# (cd /usr/bin && ln -s ../../etc/log.d/scripts/logwatch.pl logwatch)

If want to build the package by using a simple bash-based installer run these commands:

# cd logwatch-7.3.4/
# chmod +x install_logwatch.sh
# ./install_logwatch.sh
LogWatch and Cron

If you want to run logwatch daily by using Cron you can simply make a symbolik link from the logwatch.pl script to /etc/cron.daily/logwatch.pl and the script will do the work daily.

LogWatch Configuration

The default LogWatch configuration file is placed in /etc/log.d/conf/logwatch.conf. You can edit it by using your favourite editor if you want to add or remove some features to your default installation. You can simply understand the meaning of each line thanks to the comments.

Using LogWatch

Now you’re ready to run LogWatch. Here some examples of use on our test machine.

The first:

# logwatch –print –detail High –archives –range All

Now we’re printing (–print) the informations on the standard output (monitor) with an high level of details (–detail High) including the archived logs (–archives) with all the messages of each date (–range ALL).

The second:

# logwatch –save logwatch.txt –range Today

We’re saving the output in the “logwatch.txt” file (–save logwatch.txt) regarding the current day (–range Today) using the the default parameters defined in the configuration file.

thanks to: http://wiki.engardelinux.org/index.php/HOWTO:Installing_LogWatch

Instalasi :
Ambil paket dari
http://sourceforge.net/project/showfiles.php?group_id=80573

lalu ekstrak file tersebut
# tar zxvf portsentry-1.2.tar.gz
# cd portsentry_beta

Edit file portsentry_config.h, lalu ganti baris berikut :
#define CONFIG_FILE “/usr/local/psionic/portsentry/portsentry.conf”

Menjadi

#define CONFIG_FILE “/etc/portsentry/portsentry.conf”

Edit file portsentry.conf, lalu ganti baris berikut :
######################
# Configuration Files#
######################
#
# Hosts to ignore
IGNORE_FILE=”/usr/local/psionic/portsentry/portsentry.ignore”
# Hosts that have been denied (running history)
HISTORY_FILE=”/usr/local/psionic/portsentry/portsentry.history”
# Hosts that have been denied this session only (temporary until next restart)
BLOCKED_FILE=”/usr/local/psionic/portsentry/portsentry.blocked”

Menjadi
######################
# Configuration Files#
######################
#
# Hosts to ignore
IGNORE_FILE=”/etc/portsentry/portsentry.ignore”
# Hosts that have been denied (running history)
HISTORY_FILE=”/etc/portsentry/portsentry.history”
# Hosts that have been denied this session only (temporary until next restart)
BLOCKED_FILE=”/etc/portsentry/portsentry.blocked”

Juga pada baris :
# iptables support for Linux
#KILL_ROUTE=”/usr/local/bin/iptables -I INPUT -s $TARGET$ -j DROP”

Menjadi
# iptables support for Linux
KILL_ROUTE=”/usr/sbin/iptables -I INPUT -s $TARGET$ -j DROP”

PENTING:
Untuk menentukan letak binary iptables Anda, lakukan perintah ini di shell.
Berikut contoh pada box linux saya :
# which iptables
/usr/sbin/iptables

Edit file Makefile, lalu ganti baris berikut :
INSTALLDIR = /usr/local/psionic
ke
INSTALLDIR = /etc

Kemudian compile
#make linux

Bila ada error seperti dibawah ini :
SYSTYPE=linux
Making
cc -O -Wall -DLINUX -DSUPPORT_STEALTH -o ./portsentry ./portsentry.c
./portsentry_io.c ./portsentry_util.c
portsentry.c:1584:11: missing terminating ” character
portsentry.c: In function `Usage’:
portsentry.c:1585: error: syntax error before “sourceforget”
portsentry.c:1585: error: stray ” in program
portsentry.c:1585:24: missing terminating ” character
make: *** [linux] Error 1

maka edit portsentry.c, hilangkan baris 1585, lalu pada baris 1584, edit menjadi demikian:
printf (“Copyright 1997-2003 Craig H. Rowland n”);

Lalu, coba jalankan kembali perintah
# make linux

Kemudian install
# make install

Jika lancar, coba cek ke direktori /etc/portsentry

# ls /etc/portsentry
portsentry* portsentry.conf portsentry.ignore

Akan tercipta file2 seperti diatas.

Berikut penjelasan file2 diatas :

- portsentry
File ini adalah binary portsentry. Anda perlu mengeksekusi file ini bila ingin menjalankan aplikasi
portsentry

- portsentry.conf
File ini adalah file konfigurasi portsentry
Sekarang Anda siap menjalankan aplikasi portsentry :

- portsentry.ignore
File ini berisikan list ip yang diabaikan atau ip yang tidak di blok oleh portsentry

Edit file portsentry.ignore dan pastikan ip local dan ip static Anda terdaftar didalamnya, misalnya :
127.0.0.1/32
202.78.xxx.xxx –> ganti dengan ip kamu yang diijinkan untuk scan

Comment baris ini :
0.0.0.0 menjadi # 0.0.0.0

Eksekusi binary portsentry
# /etc/portsentry/portsentry -stcp

Cek di syslog
# tail -f /var/log/messages
portsentry[3772]: adminalert: Going into stealth listen mode on TCP port: 27665
portsentry[3772]: adminalert: Going into stealth listen mode on TCP port: 31337
portsentry[3772]: adminalert: Going into stealth listen mode on TCP port: 32771
portsentry[3772]: adminalert: Going into stealth listen mode on TCP port: 32772
portsentry[3772]: adminalert: Going into stealth listen mode on TCP port: 32773
portsentry[3772]: adminalert: Going into stealth listen mode on TCP port: 32774
portsentry[3772]: adminalert: Going into stealth listen mode on TCP port: 40421
portsentry[3772]: adminalert: Going into stealth listen mode on TCP port: 49724
portsentry[3772]: adminalert: Going into stealth listen mode on TCP port: 54320
portsentry[3772]: adminalert: PortSentry is now active and listening.

Untuk ujicoba, coba lakukan port scanning melalui komputer yang memiliki ip yang
tidak terdaftar di dalam portsentry.ignore

Misalnya : Saya scan dari ip 172.168.0.1
# nmap -sS -vv -O -P0 202.78.xxx.xxx (ganti dengan ip server)

Saya lihat kembali ke shell saya dan cek pada syslog
# tail -f /var/log/messages

portsentry[4009]: attackalert: TCP SYN/Normal scan from host: server.kapukvalley.net/172.168.0.1
to TCP port: 1080
portsentry[4009]: attackalert: Host 172.168.0.1 has been blocked via wrappers with string: “ALL: 172.168.0.1″
portsentry[4009]: attackalert: Host 172.168.0.1 has been blocked via dropped route using command:
“/usr/sbin/iptables -I INPUT -s 172.168.0.1 -j DROP”
portsentry[4009]: attackalert: TCP SYN/Normal scan from host: 172.168.0.1/172.168.0.1 to TCP port: 54320
portsentry[4009]: attackalert: Host: 172.168.0.1/172.168.0.1 is already blocked Ignoring

Ehm.. seperti diatas, ada peringatan serangan dari ip 172.168.0.1
Apa gunanya baris KILL_ROUTE tadi, yaitu merupakan aksi dari serangan, aksi yang kita
ambil seperti diatas adalah di handle oleh iptables. Bila ada serangan seperti diatas,
maka iptables akan segera mendrop ip tersebut, kita lihat list tabel iptables :
# iptables -L -vnx
Chain INPUT (policy ACCEPT 545689 packets, 79757453 bytes)
pkts bytes target prot opt in out source destination
1351 65609 DROP all — * * 172.168.0.1 0.0.0.0/0

Untuk membuka koneksi nya kembali anda perlu seperti ini :
# iptables -D INPUT 1

Pada waktu ada serangan, maka akan tercipta 2 file di direktori /etc/portsentry, yaitu :
- portsentry.blocked.stcp
File ini berisikan host yang di blokir

Contoh isinya :

# cat portsentry.blocked.stcp
1139373183 – 02/08/2006 11:33:03 Host: server.kapukvalley.net/172.168.0.1 Port: 1080 TCP Blocked

- portsentry.history
File ini isinya hampir sama dengan file diatas, perbedaan yang spesifik yaitu,
file yang diatas menyimpan informasi mengenai host yang melalukan serangan dan berhubungan
dengan aturan pemblokiran atau aksi pemblokiran. Sedangkan file history hanya menyimpan
informasi yang melalukan serangan saja, tidak termasuk aksi.

Contoh isinya :

# cat portsentry.history
1139373183 – 02/08/2006 11:33:03 Host: server.kapukvalley.net/172.168.0.1
Port: 1080 TCP Blocked

Bila Anda sudah mendelete aturan yang ada di chain iptables, maka sebaiknya isi file
portsentry.blocked.stcp pada host yang bersangkutan di delete, bisa dengan perintah :
# echo “” > /etc/portsentry/portsentry.blocked.stcp

Apabila Anda ingin praktis membuka koneksi host yang di blokir,
Anda bisa membuat script bash seperti yang penulis buat dibawah ini :

———————–Awal-Script———————–

#!/bin/sh

IPTABLES=”$(which iptables)”
ROOT_UID=0
E_NOTROOT=67

# Harus root
if [ "$UID" -ne "$ROOT_UID" ]
then
echo “Harus root euy..”
exit $E_NOTROOT
fi

# clear blocked portsentry -stcp
if [ -f /etc/portsentry/portsentry.blocked.stcp ]
then
echo “Hapus log file portsentry.blocked.stcp… done…”
echo “” > /etc/portsentry/portsentry.blocked.stcp
else
echo “ga ada file portsenty.blocked.stcp-na”
fi

# Print ip si nakalz :
$IPTABLES -L INPUT -vnx | awk ‘{print “IP si nakalz -> ” $8}’ | sed ’1,2d’

echo “IP berapa yang mau dibuka?”
read ip
echo “IP yang Anda masukkan adalah : $ip”
echo “Apakah benar? [y/t]”
read jawab
case “$jawab” in
‘y’)
$IPTABLES -D INPUT -s $ip -j DROP
;;
‘n’)
esac
exit 0

————————–Akhir-Script————————-

terimakasih kepada: bintang kecil

1. Pengenalan QoS
Mungkin Anda semua sudah mengetahuinya, QoS adalah singkatan dari Quality of Service. Tetapi apa artinya? Apa yang bisa Anda lakukan untuk mengimplementasikannya?

QoS artinya network yang telah memenuhi kriteria-kriteria tertentu yang dibuat oleh manager-manager network tersebut. Kriteria tersebut termasuk:

1. Availability, yaitu persentase hidupnya sistem atau layanan yang diberikan. Idealnya, availability harus mencapai 100% atau setidaknya 99,9999% (ada 6 buah angka sembilan), yang menunjukkan tingkat kerusakan sebesar 2,6 detik per bulan.
2. Bandwidth Usages, yaitu masing-masing user akan diberikan bandwidth sesuai kebutuhan mereka. Selain berdasarkan user, pemakaian bandwidth juga dapat dibagi berdasarkan jenis traffic atau jenis protocol. Misalnya, untuk traffic HTTP dialokasikan bandwidth sebesar 40%, untuk voice 25%, sisanya untuk ftp dan lain-lain. Yang terakhir ini sering disebut dengan “traffic shaper”.
3. Throughput, yaitu kecepatan (rate) transfer data efektif, yang diukur dalam bps (bit per second). Penggunaan sebuah saluran secara bersama-sama akan mengurangi nilai ini.
4. Latency, adalah waktu yang dibutuhkan data untuk menempuh jarak dari asal ke tujuan. Tundaan (delay) ini dapat dipengaruhi oleh jarak (misalnya akibat penggunaan wireless LAN), atau kongesti (yang memperpanjang antrian), atau bisa juga akibat waktu olah yang lama (misalnya proses baca-tulis pada sebuah proxy server).
5. Packet Loss, yaitu jumlah paket yang hilang. Umumnya perangkat network memiliki buffer untuk menampung data yang diterima. Jika terjadi kongesti yang cukup lama, buffer akan penuh, dan data baru tidak dapat diterima. Paket yang hilang ini harus diretransmisi, yang akan membutuhkan waktu tambahan.

Ada banyak kriteria-kriteria lain yang dapat ditentukan oleh seorang manager network disebuah perusahaan Lebih lengkap mengenai QoS dapat dilihat di http://www.qosforum.com/tech_resources.htm

Pada kasus tertentu, sebuah perusahaan bahkan memilih ISP yang telah memiliki service-level agreements, atau SLA. Dengan adanya perjanjian ini, perusahaan tersebut dijamin akan mendapatkan layanan sesuai yang diiklankan oleh ISPnya atau akan mendapat kompensasi apabila layanan tersebut tidak sesuai yang diharapkan.

Artikel ini secara khusus akan membahas bagaimana sebuah akses Internet berkecepatan tinggi (broadband Internet access) dapat dimanfaatkan bersamaan oleh beberapa karyawan di sebuah perusahaan. Dengan menggunakan sebuah fasilitas bandwidth manager, masing-masing karyawan akan dialokasikan dengan bandwidth sesuai kebutuhan mereka.

2. Linux Ethernet Bridge

Kita akan menganggap perusahaan ini memiliki jaringan komputer yang telah berjalan baik, termasuk akses ke Internetnya. Perusahaan ini telah lama memanfaatkan Linux sebagai Gateway ke Internet menggunakan IP-Masquerade. Karena penggunaan bandwidth yang tidak teratur, maka salah seorang karyawan yang men-download sebuah file MP3 berukuran besar akan mengganggu karyawan lain yang hanya menggunakan Internet untuk email dan browsing.

Anda sebagai seorang staff Network-nya diberi tugas oleh atasan untuk mengimplementasikan bandwidth manager tanpa merubah topologi logik jaringan yang telah ada. Artinya, Anda diharapkan untuk dapat mengimplementasikannya tanpa harus mengutak-ngatik konfigurasi yang telah ada pada komputer client. Selain itu, Anda juga dianjurkan oleh atasan untuk tidak merubah konfigurasi pada server.

Solusinya adalah dengan menjalankan CBQ pada sebuah Linux Bridge. Keterangan mengenai CBQ akan dijelaskan di poin berikutnya pada artikel yang sama. Membuat Bridge

Ada beberapa syarat yang harus dipenuhi pada sebuah bridge:

* Sebuah port hanya dapat menjadi anggota dari satu bridge
* Sebuah bridge tidak perlu mengetahui rute yang akan dilaluinya
* Sebuah bridge tidak mengetahui protocol yang lebih tinggi dari ARP. Itulah sebabnya ia dapat membawa berbagai macam protocol yang dilalui ethernet pada bridge tersebut.
* Berapa pun banyaknya port yang akan menjadi anggota sebuah bridge, ia akan dianggap satu interface logik.

Bila Anda pernah mencoba untuk nge-ping sebuah unmanaged switch, tentunya Anda tahu bahwa itu tidak akan berhasil karena switch tersebut tidak memiliki IP address.

Tetapi bila Anda ingin melakukan perubahan konfigurasi pada bridge, Anda dapat menggunakan SNMP, telnet, rlogin, atau ssh. Dianjurkan untuk menggunakan SSH. Source code bridge yang baru memungkinkan Anda untuk mengalokasikan IP terhadap interface virtualnya.

Catatan: Bridge berfungsi sama seperti sebuah switch.

Berikutnya, download program bridge-utils dari http://sourceforge.net/project/showfiles.php?group_id=26089.

Setelah sebuah file binary /sbin/brctl telah terinstall. Ketik brctl untuk melihat beberapa opsi program tersebut.
Setup Bridge

Perlu diperhatikan bahwa pada komputer yang akan dijadikan bridge ini memiliki dua network card (eth0 dan eth1). Kedua-duanya yang akan dijadikan anggota sebuah bridge.

* Membuat bridge dengan nama ‘jembatan’:

[root@apple]# brctl addbr jembatan

Untuk mematikannya gunakan: brctl delbr jembatan

* Menambah interface pada bridge:

[root@apple]# ifconfig eth0 0.0.0.0

[root@apple]# ifconfig eth1 0.0.0.0

[root@apple]# ifconfig eth0 promisc up

[root@apple]# ifconfig eth1 promisc up

[root@apple]# brctl addif jembatan eth0

[root@apple]# brctl addif jembatan eth1

Perhatikan bahwa interface-interface tersebut dalam keadaan ‘promisc’ dan tanpa IP. Sekarang aktifkan bridge ‘jembatan’ dengan perintah:

[root@apple]# ifconfig jembatan up

Bila ingin menambahkan IP pada bridge untuk kemudahaan manajemen nantinya, gunakan:

[root@apple]# ifconfig jembatan 192.168.1.2 up

Dengan demikian anda dapat login ke PC bridge ini dengan telnet atau ssh dengan menggunakan IP 192.168.1.2

Setelah selesai, masukkan perintah-perintah di atas di dalam script /etc/rc.d/rc.local agar dapat dijalankan setiap saat komputer di boot.

Anda juga dapat mendownload antarmuka grafis (GUI) untuk mengkonfigurasi bridge dari: http://home.planet.nl/~kristian/gbrctl.html

eth0 eth1

PC ———- PC LINUX BRIGE ——– PC

Test Bridge

Test bridge ini dengan cara menghubungkan kedua interface eth0 dan eth1 dengan kabel cross, masing-masing ke sebuah PC. Coba ping dari satu PC ke PC lain dan sebaliknya. Bila berhasil, maka sebuah ethernet bridge telah siap digunakan.

3. CBQ

Berikutnya adalah mengaktifkan CBQ untuk mengatur jumlah bandwidth masing-masing PC yang terhubung melalui bridge kita. Perhatikan rencana pemasangan CBQ pada Gambar 2.

gateway ——– linux cbq bridge ——— hub ———|_____ pc bagus 48 Kbps

gateway ——– linux cbq bridge ——— hub ———|_____ pc indra 128 Kbps

gateway ——– linux cbq bridge ——— hub ———|_____ pc dani 48 Kbps

gateway ——– linux cbq bridge ——— hub ———|_____ pc tomy 128 Kbps

gateway ——– linux cbq bridge ——— hub ———|_____ pc rosi 64 Kbps

gateway ——– linux cbq bridge ——— hub ———|_____ pc gita 64 Kbps

Rencana Pemasangan CBQ

Sekali lagi, penulis menggunakan Centos 5.0 yang juga telah dilengkapi dengan program CBQ. Tetapi penulis tetap berkeras untuk menggunakan rilis terbaru CBQ yaitu versi 0.7.3 yang dapat di download dari: http://sourceforge.net/projects/cbqinit/

Setelah di download letakkan di dalam direktori /sbin:

[root@apple]# chmod 755 cbq.init

[root@apple]# cp cbq.init /sbin/cbq

cp: overwrite ‘/sbin/cbq’? y

Semua konfigurasi CBQ akan diletakkan di dalam direktori /etc/sysconfig/cbq.

Sedikit tentang CBQ. CBQ adalah kependekan dari class based queueing, yaitu sebuah ethernet shaper yang dapat dijalankan di Linux. CBQ hanya dapat menggunakan interface Ethernet untuk Linux (eth0, eth1, eth2, …) dan ARCNET. Untuk ARCNET, tukar parameter bandwidth menjadi 2Mbit dan bukannya 10Mbit seperti pada ethernet.

Untuk menjalankan CBQ diperlukan utilitas iproute2 yang dibuat oleh Alexey Kuznetsov dan dapat di download dari: ftp://ftp.inr.ac.ru/ip-routing. Tetapi pada distro yang penulis gunakan, iproute2 telah terinstall dengan baik.

Bagaimana CBQ bekerja? Baiklah. Setiap shaper akan ditulis pada sebuah file konfigurasi yang secara default terletak di dalam direktori /etc/sysconfig/cbq. Satu file per satu shaper / class.

Penamaan file konfigurasinya harus seperti: cbq-. dimana adalah dua byte heksadesimal dalam kisaran <0002-FFFF> yang merupakan class ID CBQ. Sedangkan adalah nama dari shaper itu sendiri. Anda dapat menentukannya sesuka hati. Misalnya sesuai dengan Gambar 2, kita akan menamakan sebuah file konfigurasi CBQ dengan: cbq-1280.nisayudo

File konfigurasi CBQ akan dibagi kedalam beberapa paramater. Berikut adalah beberapa paramater yang akan kita gunakan pada artikel ini.
Parameter Divais
DEVICE=,,

Contoh: DEVICE=eth0,10Mbit,1Mbit

adalah nama interface yang akan diatur. Misalnya eth0. adalah bandwidth fisik dari divais tersebut, misalnya 10Mbit atau 100Mbit untuk ethernet atau 2Mbit untuk arcnet. Sedangkan adalah parameter yang dapat ditentukan dengan rumus: = / 10

Bila terdapat lebih dari satu class pada satu divais, Anda cukup mengisi dan sekali saja. Sedangkan pada file-file lainnya hanya isikan: DEVICE=.

Parameter Class
RATE=

Contoh: RATE=128Kbit

Adalah bandwidth yang dialokasikan pada class tersebut. Dengan cara ini kita dapat membatasi (limit) kecepatan dari shaper. Anda dapat menggunakan akhiran Kbit, Mbit, bps, Kbps, atau Mbps.
WEIGHT=

Contoh: WEIGHT=12Kbit

Dapat ditentukan dengan cara: WEIGHT = RATE / 10
PRIO=<1-8>

Contoh: PRIO=5

Prioritas trafik dari class bersangkutan. Semakin tinggi angkanya, semakin kecil prioritasnya. Umumnya digunakan prioritas 5.

Parameter Filter
RULE=[[saddr[/prefix]][:port],][daddr[/prefix]][:port]

Contoh: RULE=192.168.1.4

Anda dapat menggunakan lebih dari satu RULE per satu file konfigurasi. RULE digunakan untuk mem-filter trafik apa yang akan diatur. Contoh lainnya:

RULE=192.168.1.4:80

Memfilter trafik yang ditujukan kepada port 80 pada IP 192.168.1.4

RULE=192.168.1.0/24

Filter seluruh trafik yang terdapat di network 192.168.1.0

Keterangan tambahan mengenai parameter-parameter CBQ dapat Anda lihat di dalam file cbq.init itu sendiri.

Dari Gambar 2, kita akan membuat CBQ untuk mengatur bandwidth terhadap IP-IP tertentu. Perlu diperhatikan bahwa interface eth1 adalah yang menghubungi antara
CBQ Bridge dengan network 192.168.1.0/24 (HUB). Buatlah file-file berikut di dalam direktori /etc/sysconfig/cbq:

== cbq-64.gitastefanny

DEVICE=eth1,10Mbit,1Mbit

RATE=64Kbit

WEIGHT=6Kbit

PRIO=5

RULE=192.168.1.5

RULE=192.168.1.6

== cbq-48.bagusdanny

DEVICE=eth1

RATE=48Kbit

WEIGHT=4Kbit

PRIO=5

RULE=192.168.1.1

RULE=192.168.1.3

== cbq-128.yudonisa

DEVICE=eth1

RATE=128Kbit

WEIGHT=12Kbit

PRIO=5

RULE=192.168.1.2

RULE=192.168.1.4

Setelah semua file konfigurasi dibuat, jalankan CBQ dengan cara:

[root@apple]# /sbin/cbq start

Untuk melihat statistik CBQ jalankan:

[root@apple]# /sbin/cbq stats

Sedangkan untuk mematikan CBQ:

[root@apple]# /sbin/cbq stop

Dengan dijalankannya CBQ pada bridge tersebut, komputer-komputer pada Gambar 2 telah dialokasikan bandwidth sesuai aturan yang telah dibuat. Anda dapat mencoba dari masing-masing komputer dengan cara mendownload sebuah file yang terdapat di server Linux Gateway, misalnya. Atau dengan mengaktifkan SNMP agent di masing-masing PC dan memonitor trafik masing-masing komputer menggunakan MRTG (http://www.ee.ethz.ch/~oetiker/webtools/mrtg/).

4. Penutup

Perintah-perintah bridge dan CBQ di atas dapat diletakkan di dalam file /etc/rc.d/rc.local agar selalu diaktifkan pada saat komputer di boot. Pada artikel ini hanya dibahas bagaimana CBQ dapat digunakan untuk membatasi penggunaan bandwidth per alamat IP tertentu. Sedangkan CBQ sebenarnya lebih dari sekedar pembatas bandwidth per IP. Ia juga dapat digunakan untuk membatasi trafik Internet seperti trafik HTTP (web), mail, ftp, dan lain-lain. Selain itu CBQ juga memiliki fitur untuk mengatur bandwidth pada jam-jam tertentu. Dengan memanfaatkan fasilitas-fasilitas pada CBQ, Anda dapat membuat sebuah bandwidth manager murah yang hanya memanfaatkan PC.

Bahan bacaan:

* QoS Forum: http://www.qosforum.com/tech_resources.htm
* Artikel-artikel dari I Made Wiryana: http://wiryana.dhs.org/my_project/3rd-party/
* Linux Bridge STP HOWTO:

http://www.linuxdoc.org/HOWTO/BRIDGE-STP-HOWTO/index.html

* CBQ.INIT: ftp://ftp.equinox.gu.net/pub/linux/cbq/cbq.init
* Linux Ethernet Bridge: http://bridge.sourceforge.net
* Bridge GUI (gbrctl): http://home.planet.nl/~kristian/gbrctl.html
* Linux Bridge Mailing List: http://www.math.leidenuniv.nl/pipermail/bridge/
* Ethernet Frame Diverter: http://diverter.sourceforge.net

* malang.linux.or.id

Command pada router cisco devices terdiri dari Router Commands
CISCO ROUTER COMMANDS :

Usermode Commands
1. disconnect, hapus sesi telnet dan logout
2. enable, masuk ke privilegemode
3. ping <host/ip>
4. traceroute <host/ip>

Privilegemode Commands
1. clear arp-cache, hapus cache arp
2. configure terminal, masuk ke global configuration mode
3. copy running-config startup-config, simpan konfigurasi sekarang
4. copy startup-config running-config, load konfigurasi yang  tersimpan
5. debug ip packet, debug paket dari tcp/ip
6. disable, kembali ke privilegemode dari global configuration mode
7. disconnect <telnet id>
8. erase startup-config, hapus file konfigurasi dari router
9. logout, keluar dari privilegemode
10. ping <hostname/ip>
11. reload, load kembali startup-config
12. resume <telnet id>, konek kembali setelah diskonek
13. show access-list, memperlihatkan semua access-list dari semua
protokol pada  router
14. show banner, memperlihatkan banner
15. show cdp, memperlihatkan status CDP router
16. show cdp interface, memperlihatkan interface CDP
17. show cdp neighbor
18. show cdp traffic
19. show clock
20. show flash, memperlihatkan IOS image dan file yang tersimpan di flash
memory
21. show frame-relay lmi, memperlihatkan statistik detail LMI
22. show frame-relay map
23. show frame-relay pvc <nomer dlci>
24. show history, memperlihatkan semua perintah yang telah dieksekusi
25. show hosts, memperlihatkan static host yang disimpan
26. show interfaces, memperlihatkan interface yang dimiliki (semua)
secara detail
27. show interfaces ethernet 0
28. show interfaces serial 0
29. show interfaces loopback 0
30. show ip arp
31. show ip eigrp neighbors
32. show ip eigrp neighbors detail
33. show ip eigrp topology
34. show ip eigrp traffic, memperlihatkan traffic statistik dari  protokol eigrp
35. show ip interface
36. show ip interface brief, verify konfigurasi ip
37. show ip ospf database
38. show ip ospf interface
39. show ip ospf neighbor detail
40. show ip route, memperlihatkan konfigurasi routing
41. show protocols, memperlihatkan protokol routing yang telah dikonfigurasi dan
sedang berjalan
42. show running-config, memperlihatkan konfigurasi global yang  sedang berjalan
43. show sessions, memperlihatkan sesi yang ada sekarang
44. show startup-config, memperlihatkan konfigurasi yang tersimpan  pada flash
45. show version, memperlihatkan informasi hardware dan firmware
46. telnet <host/ip>
47. traceroute <host/ip>
48. vlan database, mengakses vlan database atau masuk ke konfigurasi  VTP
49. write erase
50. write memory
51. write terminal

Global configuration mode Commands
1. access-list <nomer> {permit|deny} <source ip address>
2. access-list <nomer> {permit|deny} <any>
3. access-list <nomer> {permit|deny} <ip address> <ip address>
4. access-list <nomer> {permit|deny} <hostname> <ip address>
5. banner motd <string bannernya>
6. cdp advertise-v2
7. cdp holdtime <detik>, mengubah nilai holdtime cdp
8. cdp run
9. cdp timer <detik>, mengubah nilai cdp timer
10. config-register <nilai>
11. dialer-list <nomer> protocol ip permit
12. enable password <passwordnya>, set password untuk masuk ke
mode privilege
13. enable secret <passwordnya>, set enkripsi untuk password yang  disimpan
14. end, kembali ke mode privilege
15. hostname <namahost>, set nama host
16. interface ethernet 0, masuk ke subconfiguration interface  ethernet 0
17. interface fastethernet 0, masuk ke subconfiguration interface  fastethernet 0
18. interface serial 0, masuk ke subconfiguration interface serial 0
19. interface vlan <nomer vlan>, masuk ke subconfiguration vlan
20. ip default-gateway <ip address>, set default gateway
21. ip default-network <ip network>
22. ip host <nama host> <ip address>, set static hostname lain
23. ip name-server <ip address>, set DNS router
24. ip route <prefix> <mask> {next-hop-ip-addr|interface-type}
25. ip route 0.0.0.0 0.0.0.0 <ip gateway>, set defaut gateway /  static route
26. ip route <ip network> <mask> <ip gateway>, set static route
27. ip routing
28. ipx routing
29. isdn switch-type <tipe switch>
30. line aux
31. line console 0, masuk ke konfigurasi console nomer 0
32. line vty 0 4, masuk ke konfigurasi vty untuk 5 buah vty
33. no banner motd, menghapus banner
34. no ip routing, menghapus ip routing
35. no router igrp, menghapus konfigurasi route igrp
36. no router ospf, menghapus konfigurasi route ospf
37. no router rip, menghapus konfigurasi route rip
38. no vlan <nomer>, menghapus vlan nomer ke sekian
39. router eigrp <auth_sys>, masuk ke konfigurasi routing menggunakan  eigrp
40. router ospf <proses id>, masuk ke konfigurasi routing menggunakan  ospf
41. router rip, masuk ke konfigurasi routing menggunakan rip
42. snmp-server enable traps vtp
43. username <nama user> password <passwordnya>, set username dan
passwordnya

Interface subconfiguration mode Commands
1. bandwidth <kilobits>, set bandwidth yang akan dilalui interface
ini dalam kilobits
2. cdp enable
3. clock rate <bits per detik>, set clock rate dalam bits/s
4. compress stac <nomer> in

Line subconfiguration mode Commands
1. exec-timeout <menit> [detik], pilihan detik opsional
2. login synchronous
3. password <passwordnya>, set passwordnya

Subinterface subconfiguration mode Commands
1. description <string deskripsi>, set deskripsi dari subinterface

IP Routing Protocol subconfiguration mode Commands
1. network <ip network>, set ip network

Contoh :
Lab_A>enable
Lab_A#configure terminal atau config t
Lab_A(router)#interface fast eth0/0 atau int f0/0
Lab_A(router-config)#ip add 192.168.0.2 255.255.255.0  (misal)
Lab_A(router-config)#no shut  (mengaktifkan Network IP kayak service
network restart kalo di linux)
Lab_A(router-config)#end
Lab_A#show ip interface brief ( melihat configurasi IP yg telah diseting )

Berikut ini saya akan mencoba menuliskan browsing menggunakan BW komputer lain dengan menggunakan SSH tuneling.

Syarat menggunakan SSH Tuneling :

• Anda harus memiliki account SSH di server yang dituju
• Firefox Web Browser (knp firefox? karena saya menggunakan firefox)

Kelebihan browsing menggunakan SSH Tunneling

1. Bypass semua rules (firewall) dalam jaringan yang dilewati.
2. Seolah-olah anda menggunakan bandwidth orang lain.
3. Berguna apabila anda mendownload di situs limited download seperti rapidshare (tanpa harus mencari free proxy).

SSH Tunneling bisa dilakukan di OS berbasis Windows atau berbasis Unix tetapi disini saya akan menjelaskan browsing ssh tunneling di Unix.

• SSH Tunneling di OS Unix
• Dalam hal ini saya menggunakan Sistem operasi Windows Xp, lakukan remote ke server disini saya menggunakan server dengan OS Debian Etch (Debian 4.0). Pastikan anda memiliki Putty untuk melakukan remot keserver:D.

Dari Start > klick Run > kemudian lakukan ssh tuneling ke mesin yg akan anda tuju: putty -ssh username@hostname -D port -C
Contoh : putty -ssh wwn@202.43.163.xxx -D 9090 -C

• Yakinkan anda bisa login dan masuk ke mesin server yg dituju. Setelah itu buka firefox anda lakukan perintah berikut : Klik Edit>Preference>Advance>Network>Settings
• Kemudian klik pada bagian “Manual proxy configuration” isi SOCKS HOST “127.0.0.1″ port “9090″,

Beres dah!

[root@wedus src]# wget http://clamav.elektrapro.com/stable/clamav-0.54.tar.gz
[root@wedus src]# tar -xzvf clamav-0.54.tar.gz
[root@wedus src]# cd clamav-0.54

Buat user dan group yang akan menjalankan daemon clam anvirus :

[root@wedus clamav-0.54]# groupadd clamav
[root@wedus clamav-0.54]# useradd -g clamav -s /bin/false -c “Clam AntiVirus” clamav

Lakukan kompilasi dan install :

[root@wedus clamav-0.54]# ./configure
[root@wedus clamav-0.54]# make
[root@wedus clamav-0.54]# make install

Pindah file konfigurasi standar dari clam antivirus ke nama file yang lain, karena kita akan menyusun sendiri file konfigurasi tersebut :

[root@wedus clamav-0.54]# mv /usr/local/etc/clamav.conf /usr/local/etc/clamav.conf.default

Buatlah file /usr/local/etc/clamav.conf isinya :

LogFile /tmp/clamd.log
LogFileMaxSize 2M
LogVerbose
LogTime
PidFile /var/run/clamd.pid
DataDirectory /usr/local/share/clamav
LocalSocket /tmp/clamd
MaxDirectoryRecursion 15
User clamav
ScanArchive
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000

Jalankan daemon clam antivirus (clamd ) :

[root@wedus clamav-0.54]# clamd

Periksa apakah daemon tersebut sudah berjalan seperti yang kita inginkan :

[root@wedus clamav-0.54]# ps axu | grep clamd
clamav   29192  0.0  4.7  9120 5984 ?        S    11:06   0:00 clamd
clamav   29193  0.0  4.7  9120 5984 ?        S    11:06   0:00 clamd
clamav   29194  0.0  4.7  9120 5984 ?        S    11:06   0:00 clamd

Untuk menjalankan daemon clamd setiap server di reboot :

[root@wedus clamav-0.54]# echo /usr/local/sbin/clamd >> /etc/rc.local

Tanpa berpindah dari direktori source clam antivirus, lakukan test dengan cara menscan direktori test :

[root@wedus clamav-0.54]# clamscan -r test

Kemudian download update database virus yang paling baru :

[root@wedus clamav-0.54]# freshclam

Jika sudah selesai kemudian kita jalankan daemon proses update database virus tersebut secara otomatis (akan dilaksanakan pengecekan database virus yang paling baru 2 kali dalam sehari ) :

[root@wedus clamav-0.54]# touch /var/log/clam-update.log
[root@wedus clamav-0.54]# chmod 644 /var/log/clam-update.log
[root@wedus clamav-0.54]# chown clamav /var/log/clam-update.log

Jalankan daemonnya (freshclam ):

[root@wedus clamav-0.54]# freshclam -d -c 2 -l /var/log/clam-update.log

Untuk menjalankan daemon freshclam jika server di reboot :

[root@wedus clamav-0.54]# echo “freshclam -d -c 2 -l /var/log/clam-update.log” \
>> /etc/rc.local

2. Instal Module Perl Time::HiRes dan DB_FIle

Anda bisa mendapatkan module perl Time::HiRes tersebut yang paling baru melalui http://search.cpan.org/search?module=Time::HiRes, atau anda bisa langsung mendownload di lokal mirror CPAN di Indonesia (terima kasih kepada ISP CBN), download, ekstrak, dan kompilasi :

[root@wedus src]# wget \
ftp://ftp.cbn.net.id/mirror/CPAN/authors/id/J/JH/JHI/Time-HiRes-1.42.tar.gz
[root@wedus src]# tar -xzvf Time-HiRes-1.42.tar.gz
[root@wedus src]# cd Time-HiRes-1.42
[root@wedus Time-HiRes-1.42]# perl Makefile.PL
[root@wedus Time-HiRes-1.42]# make
[root@wedus Time-HiRes-1.42]# make install

Atau, anda juga bisa menggunakan CPAN auto-install sebagai berikut untuk menginstal module perl Time::HiRes tersebut :

[root@wedus src]# perl -MCPAN -e “install Time::HiRes”

Lakukan juga langkah seperti tersebut diatas untuk module DB_File.
3. Instal maildrop

Yang dibutuhkan oleh qmail-scanner dari paket maildrop sebenarnya adalah program reformime. Download, ekstrak, kompilasi dan install :

[root@wedus src]# wget http://unc.dl.sf.net/courier/maildrop-1.5.2.tar.bz2
[root@wedus src]# tar -jxvf maildrop-1.5.2.tar.bz2
[root@wedus src]# cd maildrop-1.5.2
[root@wedus maildrop-1.5.2]# ./configure
[root@wedus maildrop-1.5.2]# make
[root@wedus maildrop-1.5.2]# make install

4. Instal tnef unpacker

Tnef unpacker digunakan untuk menguraikan attachment MS-TNEF MIME yang digunakan oleh Microsoft mail server.

[root@wedus src]# wget http://unc.dl.sf.net/sourceforge/tnef/tnef-1.2.0.tar.gz
[root@wedus src]# tar -xzvf tnef-1.2.0.tar.gz
[root@wedus src]# cd tnef-1.2.0
[root@wedus tnef-1.2.0]# ./configure
[root@wedus tnef-1.2.0]# make
[root@wedus tnef-1.2.0]# make install

5. Instal perl-suidperl

Karena pada default distribusi RedHat 7.3 tidak menyertakan program perl-suidperl, maka kita perlu menginstal program tersebut (hal ini mungkin bisa anda temui jika anda tidak menginstal program tersebut pada file /var/log/qmail/smtpd/current akan terdapat error Can’t do setuid atau jika di server lokal akan anda dapatkan error 451_qq_temporary_problem_(#4.3.0) ) :

[root@wedus src]# wget \
ftp://rpmfind.net/linux/redhat/7.3/en/os/i386/RedHat/RPMS/perl-suidperl-5.6.1-34.99.6.i386.rpm
[root@wedus src]# rpm -ivh perl-suidperl-5.6.1-34.99.6.i386.rpm

6. Instal qmail-scanner

Download, ekstrak source qmail-scanner yang paling baru :

[root@wedus src]# wget \

http://unc.dl.sourceforge.net/sourceforge/qmail-scanner/qmail-scanner-1.16.tgz

[root@wedus src]# tar -xzvf qmail-scanner-1.16.tgz

Ganti direktori ke source qmail-scanner kemudian lakukan konfigurasi :

[root@wedus src]# cd qmail-scanner-1.16
[root@wedus qmail-scanner-1.16]# ./configure

Jika sukses, script configure akan menemukan path program yang dibutuhkan oleh qmail-scanner dan clam antivirus, misalnya :

….
mimeunpacker=/usr/local/bin/reformime
uudecode=/usr/bin/uudecode
unzip=/usr/bin/unzip
tnef=/usr/local/bin/tnef
clamscan=/usr/local/bin/clamscan
scanners=”clamscan_scanner”
….

Buat direktori yang akan digunakan oleh qmail-scanner :

[root@wedus qmail-scanner-1.16]# mkdir -p /var/spool/qmailscan/quarantine/{tmp,cur,new}
[root@wedus qmail-scanner-1.16]# mkdir -p /var/spool/qmailscan/working/{tmp,cur,new}
[root@wedus qmail-scanner-1.16]# mkdir -p /var/spool/qmailscan/archive/{tmp,cur,new}

Salin file quarantine-attachments.txt ke direktori /var/spool/qmailscan :

[root@wedus qmail-scanner-1.16]# cp quarantine-attachments.txt /var/spool/qmailscan/

Ubah kepemilikan dari direktori /var/spool/qmailscan :

[root@wedus qmail-scanner-1.16]# chown -R qmailq:qmail /var/spool/qmailscan/

Salin file qmail-scanner-queue.pl ke direktori /var/qmail/bin :

[root@wedus qmail-scanner-1.16]# cp qmail-scanner-queue.pl \
/var/qmail/bin/qmail-scanner-queue.pl

Ganti kepemilikan dan mode dari file qmail-scanner-queue.pl tersebut :

[root@wedus qmail-scanner-1.16]# chown qmailq:qmail /var/qmail/bin/qmail-scanner-queue.pl
[root@wedus qmail-scanner-1.16]# chmod 4755  /var/qmail/bin/qmail-scanner-queue.pl

Generate database perl-scanner dan membersihkan file-file sementara :

[root@wedus qmail-scanner-1.16]# /var/qmail/bin/qmail-scanner-queue.pl -z
[root@wedus qmail-scanner-1.16]# /var/qmail/bin/qmail-scanner-queue.pl -g

Edit file /var/qmail/bin/qmail-scanner-queue.pl, sesuaikan dengan konfigurasi yang anda kehendaki, misalnya :

my $V_FROM=’virus-notifier@kurowo.edu’;
my $QUARANTINE_CC=’asfik@indolinuxefnet.org’;

Test kirim email bervirus ke root@localhost :

[root@wedus qmail-scanner-1.16]# ./contrib/test_installation.sh -doit

Jika sukses, anda bisa memodifikasi file startup untuk menjalakan qmail-smtpd anda, misalnya jika anda menggunakan supervise anda bisa mengedit file /service/qmail-smtpd/run menjadi :

PATH=$PATH:/usr/local/bin:/var/qmail/bin
QMAILQUEUE=”/var/qmail/bin/qmail-scanner-queue.pl”
export PATH QMAILQUEUE

QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=30
exec /usr/local/bin/softlimit -m 11000000 \
tcpserver -H -R -v -x /etc/tcp.smtp.cdb -c “$MAXSMTPD” -u “$QMAILDUID” -g “$NOFILESGID” \
0 25 qmail-smtpd 2>&1

Perhatikan perubahan tersebut diatas terutama pada path QMAILQUEUE dan angka (memory) yang digunakan softlimit, jika anda mengeset angka tersebut terlalu kecil, maka biasanya anda akan mendapatkan error perl: error in loading shared libraries: atau failed to map segment from shared object: Cannot allocate memory. Qmail-scanner tidak mendeteksi virus klez jika setting dari soflimit kurang dari 11000000 (11 juta), anda bisa lihat referensinya di http://archive.elektrapro.com/clamav.elektrapro.com/users/2002/10/msg00114.html (thanks kepada tio aka geep di #indolinux EFnet)

Restart daemon qmail anda, jika anda menggunakan supervise anda bisa menggunakan :

[root@wedus qmail-scanner-1.16]# qmailctl restart

Kemudian anda bisa mencoba mengirim email dengan attachment sebuah file eicar.com yang isinya sebagai berikut :

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Jika anda lakukan tail -f /var/spool/qmailscan/quarantine.log, maka akan anda dapatkan file tersebut akan ditolak dan di log oleh qmail-scanner, misalnya :

04/03/2003 12:31:45     asfik@indolinuxefnet.org        asfik@kurowo.edu      test email mengandung virus     EICAR Test Virus      clamscan: 0.54.

Jika sukses, berarti mail server anda telah menggunakan software antivirus , have fun ! Jika anda menginginkan pembacaan statistik berapa jumlah email yang masuk kedalam file /var/spool/qmailscan/quarantine.log, anda bisa menggunakan Qmail Scanner Statistics (QSS). Caranya, buat direktori qss, download source qss, dan ekstrak :

[root@wedus src]# mkdir qss
[root@wedus src]# cd qss
[root@wedus qss]# wget http://unc.dl.sf.net/sourceforge/qss/qss-2.0.2.tar.gz
[root@wedus qss]# tar -xzvf qss-2.0.2.tar.gz

Tentukan direktori dimana akan kita salin file /var/spool/qmailscan/quarantine.log, misalnya buat direktori /usr/local/httpd/logs/quarantine, kemudian cari user yang menjalankan daemon apache (anda bisa melihat dari file httpd.conf anda bagian User atau anda bisa menggunakan perintah ps axu | grep httpd untuk mencarinya), disini kita misalkan usernya adalah www. Kemudian buatlah file /etc/qss.sh (mulai dibawah ini ganti user www dengan user yang menjalankan daemon apache anda) isinya :

#!/bin/bash
cp -f /var/spool/qmailscan/quarantine.log /usr/local/httpd/logs/quarantine/quarantine.log
chown www /usr/local/httpd/logs/quarantine/quarantine.log

Set menjadi script yang executable :

[root@wedus qss]# chmod +x /etc/qss.sh

Buat direktori /usr/local/httpd/logs/quarantine dan ganti kepemilikannya ke user www :

[root@wedus qss]# mkdir /usr/local/httpd/logs/quarantine
[root@wedus qss]# chown www /usr/local/httpd/logs/quarantine

Tentukan dimana qss akan diinstall, hal ini tergantung setting dari DocumentRoot di file httpd.conf anda, misalnya kita buat di direktori /usr/local/httpd/htdocs/qss (sehingga nantinya bisa diakses melalui http://localhost/qss misalnya) :

[root@wedus qss]# mkdir /usr/local/httpd/htdocs/qss

Salin semua file ke direktori tersebut diatas dan ganti kepemilikannya :

[root@wedus qss]# cp -R * /usr/local/httpd/htdocs/qss
[root@wedus qss]# chown -R www /usr/local/httpd/htdocs/qss

Edit file /usr/local/httpd/htdocs/qss/config.php ganti bagian :

$config["logFile"] = “quarantine.log”;

menjadi :

$config["logFile"] = “/usr/local/httpd/logs/quarantine/quarantine.log”;

Jalankan script untuk menyalin file quarantine.log untuk pertama kali :

[root@wedus qss]# sh /etc/qss.sh

Test dengan browser anda dengan url http://localhost/qss atau http://ip.address.server.anda/qss tergantung konfigurasi ServerNamepada file httpd.conf anda. Jika sukses anda bisa menambahkan cron setiap 5 menit (jika anda menginginkan waktu yang lebih lama anda bisa mengganti angka 5 menjadi yang lain, misalnya 10,15 atau 30, silakan konsultasi dengan man 5 crontab anda ) :

[root@wedus qss]# echo “*/5 * * * * /etc/qss.sh” > cron.temp
[root@wedus qss]# crontab -u root cron.temp

Enjoy !

Rsync adalah sebuah program yang fungsinya hampir sama dengan RCP, namun memiliki fitur tambahan yang lebih banyak dan menggunakan protokol rsync remote update untuk mempercepat transfer file bila file tujuan sudah ada.

Rsync hanya menyalin perbedaan file yang tidak ada saja, kemudian mengompres dan mengirimnya lewat ssh jika anda memerlukan keamanan yang lebih.

Berikut ini adalah beberapa buah fitur tambahan rsync :

1. mendukung penyalinan link, device, owner, grup, dan permisi.
2. Option exclude dan exclude-from serupa dengan GNU tar
3. sebuah mode CVS exclude untuk mengabaikan file-file yang sama yang akan diabaikan oleh CVS
4. dapat menggunakan sembarang remote shell transparan, termasuk rsh atau ssh
5. tidak membutuhkan root privilege
6. pipelining transfer file untuk meminimalkan biaya latency

7. dukungan bagi server rsync anonymous atau authenticated.

INSTALASI RSYNC

Rsync dapat diinstall melalui paket rpm atau pun dengan tarball… Semua sesuai selera anda.

Instalasi lewat RPM dapat dilakukan dengan cara berikut ini:

1. download paket rpm, anda bisa mendownloadnya disini

2. Setelah paket di download ga perlu panjang lebar segera saja kita bantai:D. Login dengan hak akses root kemudian ketik command dibawah ini:

# rpm -ivh rsync-2.4.6-1.i386.rpm

Untuk instalasi denga tarball dapat kita lakukan dengan cara berikut:

1. Yang pasti download terlebih dahulu paket rsync nya, silahkan cari disini sendiri ya
2. Extrak paket yang telah didownload tadi dengan cara : # tar -zxvf rsync-2.4.6.tar.gz
3. Setealah di extrak masuk kedirectorynya. misal : # cd /home/donwload/rsync-2.4.6 <<– letak paket di Extrak.
4. Kemidian ketikan command berikut: # ./configure
5. Kemudian buildin rsync dengan cara: # make && make install

PENGGUNAAN RSYNC

Ada beberapa cara untuk menggunakan rsync, langsung saja sebagai berikut ini:

rsync [OPTION]… SRC [SRC]… [USER@]HOST:DEST

rsync [OPTION]… [USER@]HOST:SRC DEST

rsync [OPTION]… SRC [SRC]… DEST

rsync [OPTION]… [USER@]HOST::SRC [DEST]

rsync [OPTION]… SRC [SRC]… [USER@]HOST::DEST

rsync [OPTION]… rsync://[USER@]HOST[:PORT]/SRC [DEST]

Catatan yang perlu diperhatikan dalam penggunaan rsync :

Ada beberapa buah cara untuk menggunakan rsync :

* untuk menyalinkan file-file lokal. Ini dilakukan dengan tidak menggunakan tanda “:” pada path sumber dan tujuan.
* Untuk menyalinkan dari mesin lokal ke mesin remote dengan menggunakan program remote shell sebagai alat transpornya. Dapat dilakukan ketika path tujuan berisikan tanda pemisah “:”.
* untuk menyalin dari mesin remote ke mesin lokal dengan menggunakan program remote shell sebagai alat transpornya. Dapat dilakukan ketika path sumber berisikan tanda pemisah “::” atau sebuah URL rsync://.
* Untuk menyalinkan dari mesin lokal ke server rsync remote. Ini dilakukan dengan memberikan tanda pemisah “::” pada path tujuan.
* Untuk menampilkan daftar file-file pada mesin tujuan. Dapat dilakukan dengan cara yang sama dengan transfer rsync kecuali anda tidak mengisikan tujuan lokal.

contoh penggunaan rsync:

# rsync -avz /var/www/html /home/web

command diatas akan memerintahkan untuk mentransfer file yang ada di direktori /var/www/html ke direktori /home/web, jika di direktori /home/web telah terdapat beberapa file yg sama maka rsync akan menggunakan protokol remote-update agar mengirimkan perbedaannya saja.

# rsync -avz html www.yourserver.com:/html

command diatas memeintahkan untuk mentransfer data dari direktori html di komputer client ke direktori html yg ada di server www.yourserver.com. File-file ditransfer dalam mode “archive”, yang memastikan bahwa link simbolik, device, atribut, permisi, kepemilikan dan sebagainya disimpan saat transfer. Sebagai tambahan, digunakan pula kompresi untuk mengurangi ukuran data yang ditransfer.

# rsync -avz yourserver:data/tmp /data/tmp

Perintah ini akan melakukan transfer data dari data yang ada direktori data/tmp di mesin yourserver ke direktori /data/tmp di komputer client.

INSTALASI RSYNC SERVER

Untuk membuat sebuah server rsync ada dua langkah utama yang harus anda lakukan pada mesin yang ingin anda jadikan sebagai server rsync :

Menjalankan rsync dalam mode daemon

dengan memberikan perintah rsync –daemon(menjalankan atau merestart rsync setelah dilakukan konfigurasi baru difile rsyncd.conf) pada perintah baris.

Menset file konfigurasi /etc/rsyncd.conf

rsyncd.conf adalah sebuah file konfigurasi rsync ketika dijalankan dengan option –daemon. Saat itulah rsync menjadi rsync server yang listening ke TCP port 873. File rsyncd.conf mengendalikan otentikasi, akses, pencatatan dan modul yang tersedia.

Format File Konfigurasi

File konfigurasi ini terdiri dari modul dan parameter. Modul dimulai dengan nama modul dalam tanda kurung siku dan berlanjut terus hingga awal modul berikutnya. Modul berisikan parameter dalam bentuk “name = value”.

Hanya tanda sama dengan pertama yang signifikan. Whitespace sebelum dan setelah tanda sama dengan pertama diabaikan.

Baris yang dimulai dengan tanda “#” akan diabaikan.

Nilai yang dapat diberikan mengikuti tanda sama dengan di parameter berupa string (tidak dibutuhkan quote) atau boolean, yang mungkin dapat diberikan sebagai yes/no, 0/1, true/false.

Option Global

Parameter pertama dalam file, sebelum header modul, adalah parameter-parameter global.

motd file

Option “motd file” memungkinkan anda untuk menspesifikasikan “pesan hari ini” yang akan ditampilkan ke client setiap kali koneksi. Defaultnya adalah tidak ada file motd.

log file

Option “log file” memberi tahu daemon rsync untuk mencatat pesan-pesan ke file alih-alih menggunakan syslog.

pid file

Option “pid file” memberitahu daemon rsync untuk mencatat id prosesnya ke file tersebut.

syslog facility

Option “syslog facility” memungkinkan anda menspesifikasikan nama fasilitas syslog yang akan digunakan ketika mencatat pesan-pesan ke server rsync. Anda dapat menggunakan sembarang nama fasilitas syslog standar yang didefinisikan pada sistem anda. Nama-nama umum tersebut antara lain auth, authpriv, cron, daemon, ftp, kern, lpr, mail, news, security, syslog, user, uucp, local0, local1, local2, local3, local4, local5, local6 dan local7. Bakunya adalah daemon.

socket options

Option ini dapat menyediakan beragam kegembiraan bagi orang-orang yang suka mengotak-atik sistem mereka. Anda dapat menset segala macam option soket yang mungkin dapat mempercepat transfer atau memperlambatnya. Silakan baca man page untuk sistem call setsockopt() untuk rincinya. Bakunya tidak ada option soket khusus yang diset.

Contoh sederhana :

[root@botak]# cat /etc/rsyncd.conf
motd file = /etc/rsyncd.motd
max connections = 25
syslog facility = local3
hosts allow = 202.146.250.212/32 202.78.201.6/32
hosts deny = 0.0.0.0/0
[web]
comment = botak area
path = /home/webs/botak/html
read only = yes
strict modes = false
list = yes
uid = webs
gid = webs
auth users = webs
secrets file = /etc/rsyncd.secrets
[emails]
comment = Email botak
path = /home/vpopmail/domains/botak.com
use chroot = false
read only = yes
list = yes
uid = vpopmail
gid = vchkpw

[mysql]
comment = Mysql Lapan
path = /var/lib/mysql
use chroot = false
read only = yes
list = yes
uid = mysql
gid = mysql

Sebelumnya buatlah file rsyncd.conf dan rsyncd.secrets kemudian insert dengan perintah diatas.

File /etc/rsyncd.secrets akan tampak sebagai berikut :

osamu:mypass
lader:mypass

Sekian sedikit kutipan dan penjelasan dari pengalaman dan referensi dari rekan2 , terimakasih