Posts

Showing posts from 2013

Detecting a Hacker Attack

I work as a system administrator for a company monitoring around 20 servers running open source applications . One of the application we are using is Jboss . The Jboss version we are running is an old version (4.0) as per client requirement .We have upgraded jboss to the latest after this incident . Besides this we  are using Nagios for application and Infrastructure monitoring. 
The alarm of a server getting compromised raised on a Monday morning when we saw continuous Nagios high load alerts from the server running old version of Jboss . The alerts actually started coming from Saturday morning .

I immediately logged to the affected machine and the first few commands I run was w and top command .
Checking System Load and identifying top contributor top command showed high load on the system with some perl commands running for 'jboss' user with CPU utilization around 100%

# top top - 15:03:03 up 22 days, 2:37, 1 user, load average: 29.02, 28.40, 23.27 Tasks: 310 total, 3 runn…

MRTG : Montoring Network Bandwidth of Linux Servers

About MRTG:

MRTG stands for Multi Router Traffic Grapher  is a free software for monitoring and measuring the traffic load on network devices . MRTG is written in perl and works on Unix/Linux as well as Windows and even Netware systems. MRTG is free software licensed under the Gnu GPL.


Download MRTG:

MRTG is available for download from
http://oss.oetiker.ch/mrtg/download.en.html . 

Steps to install MRTG is available here
http://oss.oetiker.ch/mrtg/doc/mrtg-unix-guide.en.html

Configuring MRTG:  We will be using MRTG to monitor traffic flow of  three Linux based servers . In order to proceed further , we need to configure SNMP on these Linux Servers . Following are the steps to be followed to configure SNMP . In part 2 , we will steps to configure MRTG to monitor these Linux servers.


Part 1: 

1. Install following net-snmp tools on all the three servers.

net-snmp-utils
     net-snmp

2.  Start snmpd service as root

service snmpd start 
         chkconfig snmpd on

3.  Default community string i…

Redhat HA Cluster Functionality : Creating Separate Cluster using same set of Nodes

There was a project requirement of us to create two clusters using the same set of nodes . We are using REDHAT Cluster Suite and it does not support creating different clusters using same set of nodes. Initiated a thread at  Redhat mailing list for Linux HA Clusters on how to achieve the same and an interesting discussion followed. So, thought of creating a blog article based on the discussion which goes  below . Original discussion is available here

================================================================== ==   Original Query raised by me at Redhat mailing list for Linux HA Clusters.  == ================================================================== Hi All ,
Need clarifications whether it is possible to create two different cluster using the same set of nodes. 
Looks like Redhat Cluster Suite does not support creating different clusters using the same nodes. I am getting the following error while building the second  cluster using the same nodes using luci interface .  

==== The foll…

How to add check_http as a service in Nagios Monitoring using NRPE

Before we add the check_http service to check status of HTTP Server on a remote server , it is assumed that we already have a running Nagios Server . If this is not done yet , please configure a Nagios Server by following the steps from the link below.      

http://zaman4linux.blogspot.in/2012/04/configuring-nagios-to-monitor-services.html


                                            REMOTE SERVER  
1. On the Remote host which  we want to monitor for HTTP service , execute  the following steps.

$ /usr/local/nagios/libexec/check_http  -I 
HTTP OK: HTTP/1.1 200 OK - 40321 bytes in 0.090 second response time |time=0.090395s;;;0.000000 size=40321B;;;0


If the above command works fine for you , update nrpe.cfg with the check_http plugin

# vim /usr/local/nagios/etc/nrpe.cfg

command[check_http]=/usr/local/nagios/libexec/check_http -I 192.168.2.142


                                     MONITORING SERVER

1. Execute the following command and look for a response from the remote server.

# /usr/local/nagios…

How to reset MySQL 'root password.

Step 1 .
        Stop MySQL database using the following command

Reducing OpenSSH Login Time

We are seeing slow ssh connections from our servers. After some analysis , we found that the issue is with default SSH Configuration and not because of slow network.

We did a verbose while using ssh and can see ssh getting stucked at a particular point for all outgoing ssh connections and for incoming connections getting stucked at another point.

Following below shows ssh getting stucked for around 1 minutes at "Next authentication method: gssapi-with-mic"  for all outgoing connections from the server.

==================================================

[zaman@server ~]$ time ssh -v 192.168.2.171
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.2.171 [192.168.2.171] port 22.
debug1: Connection established.
debug1: identity file /home/zaman/.ssh/identity type -1
debug1: identity file /home/zaman/.ssh/id_rsa type -1
debug1: identity file /home/zaman/.ssh/id_dsa typ…