nooblearn: 2016

Thursday 13 October 2016

install dan backup zabbix

sumber : https://www.luzem.com/2014/11/17/centos-6-6-zabbix-server-2-4-with-nginx-1-6-and-mysql-5-6/

install dan backup zabbix

sumber : https://www.luzem.com/2014/11/17/centos-6-6-zabbix-server-2-4-with-nginx-1-6-and-mysql-5-6/

Monday 8 August 2016

large file

 du -hs * | sort -rh | head -5

referensi

http://www.tecmint.com/find-top-large-directories-and-files-sizes-in-linux/

Wednesday 18 May 2016

zabbix plugin

http://monitoringartist.github.io/zabbix-searcher/

Thursday 28 April 2016

Dev operation tools

sumber : https://blog.profitbricks.com/51-best-devops-tools-for-devops-engineers/

51 Best DevOps Tools for #DevOps Engineers

troubleshoot cacti graph Nan-Nan

update dan tune up rrd apabila graph tdk muncul dan putus putus di cacti

Generating Linux audit reports

Generating Linux audit reports Audit reports are very crucial whenever we want to catch / track an incident and user activity on Linux machine. All the audit logs are going to save in /var/log/audit/ directory, when we see them directly we may understand them in correct way and in required fashion in order read all the logs and generate an beautiful reports using aureport utility allows you to generate summary and columnar reports on the events recorded in audit log files. Generating Linux audit reports

Summary report of all the activities
Executable files report
Terminal activity reports
Authentication report
Commands run report
Config change report
Crypto report
Remote Host name report
Integrity event report
Login report
Modification to accounts report
Mandatory Access Control (MAC) report
Pid report
Syscall report
Log time range report
Report about tty keystrokes
Virtualization report
AVC Audit Events – These are generated by the AVC subsystem as a result of access denials, or where specific events have requested an audit message (i.e. where an auditallow rule has been used in the policy).

1. Summary audit report of given range

To generate a report fro logged events in the fast 10 days excluding the current example day, use the following command as mentioned in below

[root@TechTutorial ~]# aureport --start 01/04/2016 00:00:00 --end 01/28/2016 00:00:00
Summary Report
======================
Range of time in logs: 01/08/2016 22:47:49.346 - 01/27/2016 17:30:01.670
Selected time for report: 01/04/2016 00:00:00 - 01/28/2016 00:00:00
Number of changes in configuration: 6942
Number of changes to accounts, groups, or roles: 18
Number of logins: 36
Number of failed logins: 14
Number of authentications: 111
Number of failed authentications: 17
Number of users: 4
Number of terminals: 12
Number of host names: 4
Number of executables: 14
Number of commands: 68
Number of files: 1
Number of AVC's: 1
Number of MAC events: 36
Number of failed syscalls: 0
Number of anomaly events: 1
Number of responses to anomaly events: 0
Number of crypto events: 745
Number of integrity events: 0
Number of virt events: 0
Number of keys: 0
Number of process IDs: 1866
Number of events: 17019

in above command range is starting from Jan/4th/2016 ends with Jan/28th/2016

2. Executable file events

To generate a report of all executable file events, use the below command as shown

[root@TechTutorial ~]# aureport -x
Executable Report
====================================
# date time exe term host auid event
====================================
1. 01/08/2016 22:47:49 /usr/lib/systemd/systemd ? ? -1 6
2. 01/08/2016 22:47:49 /usr/lib/systemd/systemd-update-utmp ? ? -1 7
3. 01/08/2016 22:47:49 /usr/lib/systemd/systemd ? ? -1 8
4. 01/08/2016 22:47:49 /usr/lib/systemd/systemd ? ? -1 9
5. 01/08/2016 22:47:49 /usr/lib/systemd/systemd ? ? -1 10
6. 01/08/2016 22:47:49 /usr/lib/systemd/systemd ? ? -1 11
7. 01/08/2016 22:47:49 /usr/lib/systemd/systemd ? ? -1 12
8. 01/08/2016 22:47:49 /usr/lib/systemd/systemd ? ? -1 13
9. 01/08/2016 22:47:50 /usr/lib/systemd/systemd ? ? -1 14
10. 01/08/2016 22:47:50 /usr/lib/systemd/systemd ? ? -1 15

3. Executable file events summary report

As we see in above 2 step we can get all the executable file events the same if you want to see in summarized format use below command

[root@TechTutorial ~]# aureport -x --summary
Executable Summary Report
=================================
total  file
=================================
6992  /usr/sbin/xtables-multi
4932  /usr/sbin/crond
3267  /usr/lib/systemd/systemd
1129  /usr/sbin/sshd
240  /usr/bin/kmod
165  /usr/libexec/gdm-session-worker
73  /usr/bin/su
65  /usr/lib/systemd/systemd-update-utmp
16  /usr/bin/passwd
10  /usr/sbin/useradd
9  /usr/bin/sudo
3  /usr/sbin/usermod
2  /usr/bin/crontab
2  /usr/sbin/groupadd

4. Failed User Summary Report

To generate a summary report of failed events for all users, use the following command

[root@TechTutorial ~]# aureport -u --failed --summary -i
Failed User Summary Report
===========================
total  auid
===========================
68  unset
25  rankam
3  root

5. Failed login attempts report per each system user

Generate a summary of all failed login attempts per each system user, use the below command as shown in example

[root@TechTutorial ~]# aureport --login --summary -i
Login Summary Report
============================
total  auid
============================
176  root
12  unset
6  ravi
2  aavi

6. Search all file access events for particular user

generate a report from an ausearch query that searches all file access events for user 0 (root), use the following command as shown below

[root@TechTutorial ~]# ausearch --start today --loginuid 0 --raw | aureport -f --summary
File Summary Report
===========================
total  file
===========================
<no events of interest were found>

7. Log time range report

In order to know your current log available range use following command

[root@TechTutorial ~]# aureport -t
Log Time Range Report
=====================
/var/log/audit/audit.log: 01/08/2016 22:47:49.346 - 01/28/2016 17:20:01.265

8. Modifications to accounts report

This below command will give us the report about modified user accounts

[root@TechTutorial ~]# aureport -m
Account Modifications Report
=================================================
# date time auid addr term exe acct success event
=================================================
1. 01/09/2016 17:31:20 0 ? pts/1 /usr/sbin/useradd ravi yes 570
2. 01/09/2016 17:31:20 0 ? pts/1 /usr/sbin/useradd ? yes 571
3. 01/09/2016 17:31:20 0 ? pts/1 /usr/sbin/useradd ? yes 572
4. 01/09/2016 17:31:28 0 ? pts/1 /usr/bin/passwd ravi yes 573
5. 01/09/2016 17:31:28 0 ? pts/1 /usr/bin/passwd ? yes 574
6. 01/13/2016 15:13:02 0 ? pts/0 /usr/sbin/groupadd ? yes 443
7. 01/13/2016 15:13:02 0 ? pts/0 /usr/sbin/groupadd ? yes 444
8. 01/13/2016 15:14:41 0 ? pts/0 /usr/sbin/useradd ? yes 445
9. 01/13/2016 15:14:41 0 ? pts/0 /usr/sbin/useradd ? yes 446
10. 01/14/2016 14:38:36 0 ? pts/0 /usr/sbin/useradd ? yes 536

9. Reports about process ID’s

below report will gives you the date and time when the process has been run

[root@TechTutorial ~]# aureport --pid
Process ID Report
======================================
# date time pid exe syscall auid event
======================================
1. 01/08/2016 22:47:49 614 ? 0 -1 6513
2. 01/08/2016 22:47:49 1 /usr/lib/systemd/systemd 0 -1 6
3. 01/08/2016 22:47:49 638 /usr/lib/systemd/systemd-update-utmp 0 -1 7
4. 01/08/2016 22:47:49 1 /usr/lib/systemd/systemd 0 -1 8
5. 01/08/2016 22:47:49 1 /usr/lib/systemd/systemd 0 -1 9
6. 01/08/2016 22:47:49 1 /usr/lib/systemd/systemd 0 -1 10
7. 01/08/2016 22:47:49 1 /usr/lib/systemd/systemd 0 -1 11
8. 01/08/2016 22:47:49 1 /usr/lib/systemd/systemd 0 -1 12
9. 01/08/2016 22:47:49 1 /usr/lib/systemd/systemd 0 -1 13
10. 01/08/2016 22:47:50 1 /usr/lib/systemd/systemd 0 -1 14

10. Host report

[root@TechTutorial ~]# aureport -h |less
Host Report
===================================
# date time host syscall auid event
===================================
1. 01/08/2016 22:47:49 ? 0 -1 6
2. 01/08/2016 22:47:49 ? 0 -1 7
3. 01/08/2016 22:47:49 ? 0 -1 8
4. 01/08/2016 22:47:49 ? 0 -1 9
5. 01/08/2016 22:47:49 ? 0 -1 10
6. 01/08/2016 22:47:49 ? 0 -1 11
7. 01/08/2016 22:47:49 ? 0 -1 12
8. 01/08/2016 22:47:49 ? 0 -1 13
9. 01/08/2016 22:47:50 ? 0 -1 14
10. 01/08/2016 22:47:50 ? 0 -1 15

11. Reports about configuration changes

if you want to track your system wide configuration changes you can go ahead and generate below type of report

[root@TechTutorial ~]# aureport --config 
Config Change Report
===================================
# date time type auid success event
===================================
1. 01/08/2016 22:47:49 CONFIG_CHANGE -1 yes 5
2. 01/08/2016 23:05:02 NETFILTER_CFG -1 yes 35
3. 01/08/2016 23:05:02 NETFILTER_CFG -1 yes 36
4. 01/08/2016 23:05:02 NETFILTER_CFG -1 yes 37
5. 01/08/2016 23:05:02 NETFILTER_CFG -1 yes 38
6. 01/08/2016 23:05:02 NETFILTER_CFG -1 yes 40
7. 01/08/2016 23:05:02 NETFILTER_CFG -1 yes 41
8. 01/08/2016 23:05:02 NETFILTER_CFG -1 yes 42
9. 01/08/2016 23:05:02 NETFILTER_CFG -1 yes 43
10. 01/08/2016 23:05:02 NETFILTER_CFG -1 yes 44

12. Keystroke report

The audit.log file contains all keystrokes entered by the specified user, including backspaces, delete and return keys, the control key and others. Although the contents of audit.log are human-readable it might be easier to use the aureport utility, which provides a TTY report in a format which is easy to read. You can use the following command as root:

[root@TechTutorial ~]# aureport --tty
TTY Report
===============================================
# date time event auid term sess comm data
===============================================
<no events of interest were found>

We can generate lot many reports using this aureport command below are the options Generating Linux audit reports Generating Linux audit reports Generating Linux audit reports

-a,–avc Avc report

-au,–auth Authentication report

–comm Commands run report

-c,–config Config change report

-cr,–crypto Crypto report

-e,–event Event report

-f,–file File name report

–failed only failed events in report

-h,–host Remote Host name report

–help help

-i,–interpret Interpretive mode

-if,–input <Input File name> use this file as input

–input-logs Use the logs even if stdin is a pipe

–integrity Integrity event report

-l,–login Login report

-k,–key Key report

-m,–mods Modification to accounts report

-ma,–mac Mandatory Access Control (MAC) report

-n,–anomaly anomaly report

-nc,–no-config Don’t include config events

–node <node name> Only events from a specific node

-p,–pid PID report

-r,–response Response to anomaly report

-s,–syscall Syscall report

–success only success events in report

–summary sorted totals for main object in report

-t,–log Log time range report

-te,–end [end date] [end time] ending date & time for reports

-tm,–terminal Terminal name report

-ts,–start [start date] [start time] starting data & time for reports

–tty Report about tty keystrokes

-u,–user User name report

-v,–version Version

–virt Virtualization report

-x,–executable executable name report

If no report is given, the summary report will be displayed

Sumber : http://arkit.co.in/linux/generating-linux-audit-reports/

Friday 22 April 2016

mongodb

WARNING: soft rlimits too low. rlimits set to 1024 processes, 64000 files. Number of processes should be at least 32000 : 0.5 times number of files.

/etc/security/limits.d/90-nproc.conf

edit 1024 di uncoment

Sunday 10 April 2016

create_key pem on linux ubuntu

Creating SSL keys, CSRs, self-signed certificates, and .pem files.

posted on July 14 2009

What is the whole darned process?

Generate .ppk out of .pem with Linux (Ubuntu)

Here is a example how to convert .pem to .ppk using Ubuntu.

First you need to install package putty-tools

 sudo apt-get install putty-tools

apt-get install errors

root@root:~# apt-get install
Read packets Lists ... 0%
Building dependency tree
Reading state information... Was
E: The package firefox-mozilla-build needs to be reinstalled, but I can't find an archive for it.

install vpn checkpoint di linux

link referensi dari sini

download disni : https://drive.google.com/open?id=0B8GDi0lY8FDgQ0RCZVFFdVg4d3M

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk65210

SSL Network Extender E75

Solution ID	sk65210
Product	SSL Network Extender
Version	E75
Platform / Model	Intel/PC
Date Created	09-Oct-2013
Last Modified	10-Feb-2016

Solution

Table of Contents

Overview
What's New
Supported Security Gateways
Endpoint Platforms
Linux Supported Platforms
E75 Documentation
E75 Downloads

	For more information on Check Point releases see: release map, upgrade map, backward compatibility map.
	For more information on SSL Network Extender E75, refer to sk65669 (SSL Network Extender E75 Known Limitations).You can also visit our Mobile Access / SSL VPN forum or any other Check Point discussion forum to ask questions and get answers from technical peers and Support experts.
	See sk91060: Removing old Check Point packages and files after an upgrade.

Overview

SSL Network Extender is a secure connectivity framework for remote access to a corporate network. SSL Network Extender uses a thin VPN client installed on the user's remote computer that connects to an SSL-enabled web server. The web server and the client are in the same VPN.
Note: SSL Network Extender requires that Java is installed on the endpoint computer. Java is not installed on Mac OS X 10.7 (Lion). For more information see sk65144 (SSL Network Extender - Java Availablity).

What's New

These features are new for SSL Network Extender E75:

Support for Mac OS X 64-bit.
Support for new Linux platforms 32 and 64-bit.
Proxy server auto-detection is now supported for browsers that run Java or ActiveX.
Improved user experience that explains how to install Java when necessary.

Supported Security Gateways

This hotfix can be installed on top of these Security Gateways (refer to "E75 Downloads" section below):

R70.40
R71.40
R75.10
R75.20
VSX NGX R67.10

Note: Any Security Gateway version higher than those listed above, includes SSL Network Extender based on E75 version. It is relevant for R76 and higher, as well.
Important: R70.40 Security Gateways must have the security hotfix installed as described in sk62410. Failure to do so can make the Security Gateway susceptible to attacks.

Endpoint Platforms

SSL Network Extender is supported on these Operating Systems.
Windows

XP Home and Professional (SP2, SP3) (32-bit and 64-bit)
Vista (SP1) (32-bit and 64-bit)
Windows 7 (including SP1) Ultimate, Enterprise, Professional, and Home (32-bit and 64-bit)
Windows 8 (all versions and editions, not including Windows RT)

Note: SSL Network Extender is not supported on 64-bit browsers in Windows.
Macintosh

Mac OS X 10.6.8 (Snow Leopard) (32-bit and 64-bit)
Mac OS X 10.7, 10.7.1, 10.7.2, 10.7.3, 10.7.4, 10.7.5 (Lion) (32-bit and 64-bit)
OS X 10.8, 10.8.1, 10.8.2 (Mountain Lion) (64-bit)
OS X 10.9.x (Mavericks)
OS X 10.10 (Yosemite)

Linux

Ubuntu 11.10 (32-bit and 64-bit)
openSUSE 11.4 (32-bit and 64-bit)
Fedora 15 and 16 (32-bit and 64-bit) (Requires xterm (standard terminal emulator) for deployment)
RHEL 5.7 and 6.1 (32-bit and 64-bit)

Note: All Linux OSs require Oracle JRE to install.
Use the snx -h command to make sure that the SSL Network Extender client is installed correctly.

Linux Supported Platforms

Latest Linux Distribution	32-bit Prerequisites	64-bit Prerequisites
Ubuntu 11.10	libstdc++5 (i386)	libstdc++5 (amd64)
Ubuntu 12.04/12.10	libstdc++5 (i386)	ia32-libs libpam0g:i386 (the 32-bit version if libpam0g)
Ubuntu 14.04	libpam0g:i386 libx11-6:i386 libstdc++6:i386 libstdc++5:i386	libpam0g:i386 libx11-6:i386 libstdc++6:i386 libstdc++5:i386
openSUSE 11.4	libstdc++33	pam-32bit libstdc++33 32bit Install all dependencies required by pam and libstdc++33 packages.
openSuSE 12.2	compat-libstdc++	pam-32bit pam-modules-32bit compat-libstdc++.i586
Fedora 15	xterm.i686 libXaw.so.7 libstdc++.so.5	Xterm.86_64 (with libXaw.86_64 dependency) libX11.i686 pam-devel.i686 (which contains: libaudit.so.1, libcrack.so.2, lindb-4.8.so, libselinux.so.1, libpam.so.0) libstdc++.so.5
Fedora 16/18	xterm.i686 libstdc++.so.5	xterm.x86_64 (with libXaw.86_64 dependency) elf_utils-libelf.i686 libX11.i686 libaudit.so.1 libcrack.so.2 libdb-4.8.so libselinux.so.1 libpam.so.0 libstdc++.so.5
RHEL 5.7	None	None
RHEL 6.1	Same as Fedora 16 32-bit	Same as Fedora 16 64-bit

E75 Documentation

Important: You must read the instructions in the Release Notes before installing the relevant download.

E75 Downloads

Important: Installing SSL Network Extender consists of two parts:

Upgrading SSL Network Extender on Security Gateways
Deploying the clients from the Security Gateways to endpoint devices

Upgrading SSL Network Extender on Security Gateways depends on your Security Gateway. Select the hotfix link that is relevant for your Security Gateway version and OS. Then you can continue deploying the clients from the Security Gateways to endpoint devices, as per the instructions provided in the SSL Network Extender E75 Release Notes.
Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.
SSL Network Extender E75 for Security Gateway R70.40

SSL Network Extender E75 for Security Gateway R71.40

SSL Network Extender E75 for Security Gateway R75.10

SSL Network Extender E75 for Security Gateway R75.10 Hotfix - SecurePlatform, Solaris, IPSO and Windows

SSL Network Extender E75 for Security Gateway R75.20

Security Gateway VSX R67.10 Hotfix for SSL Network Extender E75

Security Gateway VSX - R67.10 Hotfix for SSL Network Extender E75 - SecurePlatform, Solaris, IPSO and Windows

Related Links:

This solution is about products that are no longer supported and it will not be updated

Tuesday 29 March 2016

check port and service di hpux

netstat -af inet

netstat -anf inet

Saturday 19 March 2016

zabbix api

https://github.com/express42/zabbixapi

zabbix pdf report

v0.1 Beta
# - Generate dynamic PDF report from custom graphs
# - All Hosts or Single Host
# - Timeperiods of Hour, Day, Week, Month, Year

paket yang penting harus terinstall di zabbix

untuk curl
curl.x86_64 7.19.7-46.el6 @base
libcurl.x86_64 7.19.7-46.el6 @base
libcurl-devel.x86_64 7.19.7-46.el6 @base
python-pycurl.x86_64 7.19.0-8.el6 @anaconda-CentOS-201303020151.x86_64/6.4

CENTOS: Sending Email using SENDMAIL, Relay via GMAIL

on request.

To send Email from Linux (Centos) shell using simple mail commands, you need to setup sendmail and use G-MAIL as relay (comes in handy). This was also required in radius manager setup where radius system sends various alerts to user like expiry alerts, quota alerts and my own customized alerting events.

First install required items.

yum -y install sendmail mailutils mailx sendmail-bin sendmail-cf cyrus-sasl-plain

Now issue following command to create Gmail authentication file in a folder in which you will add Gmail user name and password.

echo [fedora_repo] >> /etc/yum.repos.d/fedora_repo.repo #allow yum access to the fedora repo

echo name=fedora_repo >> /etc/yum.repos.d/fedora_repo.repo

echo baseurl=http://download1.fedora.redhat.com/pub/epel/\$releasever/\$basearch/ >> /etc/yum.repos.d/fedora_repo.repo

echo enabled=1 >> /etc/yum.repos.d/fedora_repo.repo

echo skip_if_unavailable=1 >> /etc/yum.repos.d/fedora_repo.repo

echo gpgcheck=0 >> /etc/yum.repos.d/fedora_repo.repo

yum -y install ssmtp

sed 's/^enabled=1/enabled=0/' -i /etc/yum.repos.d/fedora_repo.repo #disable fedora repo

install snx

http://kevin.deldycke.com/2012/04/check-point-snx-client-ubuntu/

yum install /lib/ld-linux.so.2 libX11.so.6 libpam.so.0 libstdc++.so.5

Thursday 3 March 2016

libgcc_s.so.1 must be installed for pthread_cancel to work

yum install libgcc.i686

di centos drc simkpnas

link referensi : http://www.linuxquestions.org/questions/linux-newbie-8/libgcc_s-so-1-must-be-installed-for-pthread_cancel-to-work-4175474124/

How to fix /lib/ld-linux.so.2: bad ELF interpreter: No such file or directory

yum -y install glibc.i686

link referensi

http://www.howtodoityourself.org/how-to-fix-libld-linux-so-2-bad-elf-interpreter-no-such-file-or-directory.html

satu