outils snmp de base ss debian

mbrowse
snmp
snmpd
(ap-utils)
snmptrapfmt
snmptranslate

snmptrapd -f -P -n -a -OS -mALL

les MIBs sont à compiler dans /usr/share/snmp/mibs

nagios et exchange

Simple Checkcommands based on check_nt to monitor the Exchange Server (V 5.5) Health, Queues, Mailloops, etc.

command[ExchangeIMC_queued_Outbound]=/usr/local/nagios/libexec/check_nt -H $HOSTADDRESS$ -p 1248 -v COUNTER -l \"\\\\MSExchangeIMC\\Queued Outbound\" -w 10 -c 25 command[ExchangeIMC_queued_Inbound]=/usr/local/nagios/libexec/check_nt -H $HOSTADDRESS$ -p 1248 -v COUNTER -l \"\\\\MSExchangeIMC\\Queued Inbound\" -w 2 -c 5 command[ExchangeIMC_Connections_Outbound]=/usr/local/nagios/libexec/check_nt -H $HOSTADDRESS$ -p 1248 -v COUNTER -l \"\\\\MSExchangeIMC\\Connections Outbound\", -w 5 -c 10 command[ExchangeIMC_Connections_Inbound]=/usr/local/nagios/libexec/check_nt -H $HOSTADDRESS$ -p 1248 -v COUNTER -l \"\\\\MSExchangeIMC\\Connections Inbound\" -w 5 -c 10 command[ExchangeIMC_final_delivery]=/usr/local/nagios/libexec/check_nt -H $HOSTADDRESS$ -p 1248 -v COUNTER -l \"\\\\MSExchangeIMC\\Queued MTS-IN\" -w 5 -c 10 command[ExchangeIMC_to_convert]=/usr/local/nagios/libexec/check_nt -H $HOSTADDRESS$ -p 1248 -v COUNTER -l \"\\\\MSExchangeIMC\\Queued MTS-OUT\" -w 5 -c 10 command[ExchangeIMC_Loops_detected]=/usr/local/nagios/libexec/check_nt -H $HOSTADDRESS$ -p 1248 -v COUNTER -l \"\\\\MSExchangeIMC\\Total Loops Detected\" -c 1 command[ExchangeDS_AB_Browses]=/usr/local/nagios/libexec/check_nt -H $HOSTADDRESS$ -p 1248 -v COUNTER -l \"\\\\MSExchangeDS\\AB Browses/sec\" -w 10 -c 25 command[ExchangeIS_private_recoverable_items]=/usr/local/nagios/libexec/check_nt -H $HOSTADDRESS$ -p 1248 -v COUNTER -l \"\\\\MSExchangeIS Private\\Total Count of Recoverable Items\" -w 100 -c 250 command[ExchangeIS_private_recoverable_size]=/usr/local/nagios/libexec/check_nt -H $HOSTADDRESS$ -p 1248 -v COUNTER -l \"\\\\MSExchangeIS Private\\Total Size of Recoverable Items\" -w 15000 -c 30000 command[ExchangeIS_private_delivery_time]=/usr/local/nagios/libexec/check_nt -H $HOSTADDRESS$ -p 1248 -v COUNTER -l \"\\\\MSExchangeIS Private\\Average Delivery Time\" -w 15 -c 30 command[NTExchangeserver]=/usr/local/nagios/libexec/check_nt -H $HOSTADDRESS$ -p 1248 -v SERVICESTATE -l MSExchangeDS,MSExchangeES,MSExchangeIMC,MSExchangeIS,MSExchangeMTA,MSExchangeSA command[NAVMX]=/usr/local/nagios/libexec/check_nt -H $HOSTADDRESS$ -p 1248 -v SERVICESTATE -l \"NavExchange\"

tri des syslog

des syslog viennent de plusieurs ap cisco on les trie via:

sur le ciso on met comme facility local use 0 qui devient local0

# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.

local0.* /var/log/apnetworking.log
#

Activation syslog et snmp sur des Cisco

strict minimum pour activer syslog et/ou snmp sur équipement cisco

show run (pour voir la config actuelle)

conf t

syslog
------

logging buffered 4096 debugging (taille et niveau de ce qu'on stocke en local)
logging console critical    (ce qu'on affiche à la console)
logging trap warnings     (ce qu'on envoye par trap)
logging 172.16.5.106       (serveur où on envoye les logs; plusieurs lignes pour plusieurs serveurs)

snmp
----

snmp-server community nagios RO + acl éventuellement (RO = read only et nagios comme mdp)
snmp-server host 172.16.5.74 nagios (où on envoye les traps + mdp en option)
snmp-server enable traps  (on peut compléter pour n'envoyer qu'un seul niveau)

exit


+ show snmp (?)
+ sh mib
--------

syslogd

Sur une debian pour accepter les logs d'une autre machine il faut modifier le fichier vim /etc/default/syslogd


Là dedans on met:

# For remote UDP logging use SYSLOGD="-r"

SYSLOGD="-r"
aulieu de SYSLOGD=""

virtualbox en plein écran

VBoxSDL -vm {fichierdelamachinevirtuelle} -fullscreen

backtrack 2

loadkeys be-latin1
------------------------------------------------------
ifconfig eth0 up
dhcpcd eth0
wlassistant
support intel 3945: backtrack -> Radio Network Analysis -> 80211 -> Misc -> load ipw3945
--------------------------------------------------------------------------------------------------------------------------

airodump-ng --ivs --write 3com2 --channel 1 -w eth1

aireplay-ng -3 -e 3com2 -b 00:1A:C1:7D:D0:40 -h 00-1B-77-02-5C-0A eth1

aircrack-ng -x *.ivs

--------------------------------------------------------------------------------------------------------------------------

networkmanager ubuntu

networkmanager ne fonctionne qu'en dhcp!!!!!

Contrôle de NetworkManager en ligne de commande

Pour démarrer le service

sudo /etc/dbus-1/event.d/26NetworkManagerDispatcher start
sudo /etc/dbus-1/event.d/25NetworkManager start

Pour arrêter le service

sudo /etc/dbus-1/event.d/26NetworkManagerDispatcher stop
sudo /etc/dbus-1/event.d/25NetworkManager stop

Pour activer la connexion

dbus-send --system \
  --dest=org.freedesktop.NetworkManager \
  /org/freedesktop/NetworkManager \
  org.freedesktop.NetworkManager.wake

Pour arrêter la connexion

dbus-send --system \
  --dest=org.freedesktop.NetworkManager \
  /org/freedesktop/NetworkManager \
  org.freedesktop.NetworkManager.sleep

WPA entreprise PEAP: mise en oeuvre de démo

Installation rapide d'une solution fonctionnelle de réseau 802.11 avec sécurité WPA2 entreprise PEAP (mschapv2).

On part du principe que les machines sont installées en XP et qu'on n'a pas l'autorisation d'installer un OS plus complet dessus.

Composants:

Un pc fixe XP qui fera office de serveur Freeradius (connexion ethernet classique), serveur DHCP et serveur Web.

Un pc portable avec carte wi-fi supportant le wpa2

Un point d'accès supportant la variante entreprise du WPA (norme IEEE802.11i)

Un commutateur ethernet pour relier le radius au point d'accès

On est sur un réseau indépendant et non connecté à l'Internet

1) Configuration du PC serveur radius, DHCP et web

- téléchargement d'un serveur DHCP:

http://tftpd32.jounin.net/tftpd32_download.html

-téléchargement d'un serveur web:

http://www.cherokee-project.com/download/windows/
Il suffit d'installer par défaut et le serveur tourne sur les différentes interfaces du serveur http://127.0.0.1 et http://x.y.w.z

- téléchargement de freeradius pour windows:

sur le site http://www.freeradius.net/ on trouve un exécutable pour Windows qui est compilé à partir des sources du projet principal freeradius

à la date du 12/11/2007 il s'agit de FreeRADIUS.net-1.1.7-r0.0.2.exe

Après l'installation on se retrouve avec un menu de ce type et une petite icône dans la barre des tâches (zone de notification).


Il faut éditer les fichiers de configuration clients.conf, users.conf et eap.conf. Si l'accès depuis le menu n'est pas fonctionnel les différents fichiers de configuration se trouvent par défaut dans le répertoire suivant:

C:\FreeRADIUS.net\etc\raddb\

Comme éditeur je ne saurais trop recommander d'utiliser gvim afin d'avoir un affichage correct (notepad semble ne pas comprendre les retours charriot du fichier clients.conf) et ne pas risquer de générer des caractères parasites à l'enregistrement (wordpad). Ceci étant je pratique peu notepad et wordpad.

Dans users.conf, on va définir le login/password des utilisateurs qui peuvent se connecter au réseau wi-fi. En environnement de production on utilise en général une solution d'authentification centralisée standardisée comme LDAP ou Active Directory (si on accepte de renoncer à l'interopérabilité) vers laquelle les requêtes sont redirigées. Un utilisateur testuser testpw est défini par défaut, on peut l'utiliser pour tester rapidement sans devoir éditer ce fichier.
testuser User-Password == "testpw"

Dans eap.conf, on va définir ici le type de méthode EAP dans notre cas: peap
default_eap_type = peap

Dans clients.conf, on va définir les points d'accès qui peuvent interroger le serveur radius.
Le fichier de conf clients.conf se trouve par défaut ici:
C:\FreeRADIUS.net\etc\raddb\clients.conf
Il n'y a pas de raccourci dans le menu radius


On ajoute ceci pour permettre au point d'accès 3com qui a pour adresse IP par défaut 169.254.2.2 d'adresser les requêtes. Le secret est fait pour sécuriser les choses.

client 169.254.2.2 {
secret = testing123
shortname = liv1
}

Via le menu de freeradius, lancer le serveur radius en mode debug.

Il existe un outil de test pour le serveur radius intitulé NTRadPing téléchargeable ici http://www.dialways.com. On l'utilisera pour valider les choses le cas échéant.

l'adresse ip du serveur radius sera choisie dans le "range" 169.254.0.0/16 conformément à la RFC 3927 (Dynamic configuration of IPv4 Link-local Adresses). C'est une adresse de ce type que windows s'attribue lorsqu'il ne trouve pas de serveur DHCP et qu'il n'a pas d'adresse IP configurée manuellement. Microsoft parle de ce concept sous le vocable APIPA (Automatic Private Internet Protocol Addressing)

Admettons que l'adresse IP soit : 169.254.96.171

Si on le souhaite on peut définir ce PC comme faisant office de serveur DHCP par exemple avec l'outil Tftpd32 by Ph. Jounin



2) configuration du point d'accès 3com modèle 7760

Son comportement est le suivant:
sans serveur DHCP le point d'accès prend l'IP 169.254.2.2 ( admin/password )

avec serveur DHCP le point d'accès prend une IP et il faut la retrouver à partir de la mac
ou bien utiliser l'application (windows seulement)

ensuite on peut se connecter via un navigateur et lancer la configuration de base via le setup Wizard (voir les captures d'écran)

L'alternative avec utilisation d'un point d'accès LANCOM nécessite de faire un reset LONG du point d'accès puis de pointer son navigateur sur l'adresse ip par défaut de celui-ci qui est 172.23.56.254

3) Sur le client qui doit se connecter, on doit d'une part installer le certificat du réseau (celui fournit par le serveur radius) et d'autre part lui signifier la méthode d'authentification.

Il convient donc d'installer le certificat fourni par Freeradius.net sur le PC client. Le certificat se trouve dans C:\Freeradius.net\etc\raddb\certs\freerADIUS.net\Democerts\ et se nomme Freeradius.net-CA.crt.

La configuration se fait via windows de la façon suivante:

On the Wireless Network tab, select the network and click Configure to open the network properties. Then

Select the Authentication tab
Select Protected EAP on the drop-down list
Click Properties
Enable "Validate server certificate"
In Trusted Root Certification Authorities list, enable the root.der certificate.
In Select Authentication Method, select "Secured password (EAP-MSCHAPv2)"
Click Configure

Découverte et cartographie réseau

NetWhistler, qui construit une carte réseau, avec une vérification permanente du plan d'adressage IP

CellWriter: Open source handwriting recognition for Linux

enfin un programme de reconnaissance de caractères en open source....
http://risujin.org/cellwriter/

FreeRadius et client XP

FreeRADIUS/WinXP Authentication Setup

This post describes how to build a FreeRADIUS server for TLS and PEAP authentication, and how to configure the Windows XP clients (supplicants). The server is configured for a home (or test) network.

Three papers have been written about TLS authentication with a FreeRADIUS server:

1) www.missl.cs.umd.edu/wireless/eaptls
2) www.freeradius.org/doc/EAPTLS.pdf
3) www.denobula.com

These papers provide an excellent background, but are somewhat out of date. Where appropriate, I will simply refer to these documents rather than repeating the information. I recommend that you follow the steps I give below rather than the steps in these documents.

In the steps below, I give examples from the FreeRADIUS server that I installed yesterday in my Red Hat 9 computer. If you follow this example, please make the needed changes to the names of the files. I installed the FreeRADIUS and OpenSSL files in special local directories. This ensures that there is no interaction between the base Linux files and the new files. It also allows you to easily remove all of the newly installed files.

One word of caution: Be prepared for some frustration. The FreeRADIUS and OpenSSL snapshots used in constructing the server are beta software. Don't be surprised if you encounter some problems.

1. Download and Install OpenSSL and FreeRADIUS

The first step is to download and install the latest snapshot versions of OpenSSL and FreeRADIUS.

a. OpenSSL -- Download the latest OpenSSL-0.9.7-stable snapshot. I downloaded the OpenSSL snapshot to my home directory. The snapshots are located at:

»ftp://ftp.openssl.org/snapshot/

Then I used the following nine steps:

mkdir -p /usr/src/802/openssl
cd /usr/src/802/openssl
cp /home/jbibe/openssl-0.9.7-stable-SNAP-20040202.tar.gz \
openssl-0.9.7-stable-SNAP-20040202.tar.gz

gunzip openssl-0.9.7-stable-SNAP-20040202.tar.gz
tar xvf openssl-0.9.7-stable-SNAP-20040202.tar
cd openssl-0.9.7-stable-SNAP-20040202

./config shared --prefix=/usr/local/openssl
make
make install

That completes the work with OpenSSL, except for building the required certificates.

When you perform the config, make, and make-install here and in the FreeRADIUS install described below, I recommend that you log the information. For example, instead of using the simple "make" command, use:

make > mymake.log 2>&1

If you encounter problems, you can review mymake.log (or myconfig.log, or myinstall.log) for errors.

b. FreeRadius -- Download the latest FreeRADIUS snapshot. Again, I downloaded the file to my home directory. The snapshot is located at:

»ftp://ftp.freeradius.org/pub/radius/CVS-snapshots/

Then I used the following nine steps:

mkdir -p /usr/src/802/radius
cd /usr/src/802/radius
cp /home/jbibe/freeradius-snapshot-20040203.tar.gz \
freeradius-snapshot-20040203.tar.gz

gunzip freeradius-snapshot-20040203.tar.gz
tar xvf freeradius-snapshot-20040203.tar
cd freeradius-snapshot-20040203

./configure --with-openssl-includes=/usr/local/openssl/include \
--with-openssl-libraries=/usr/local/openssl/lib \
--prefix=/usr/local/radius
make
make install

That completes the work with FreeRADIUS, except for building certificates, making the changes to the FreeRADIUS configuration files, moving the server certificates to their final location, and building a wrapper for radiusd.

2. Produce Certificates

Server and client certificates are needed for TLS and PEAP. To produce the required certificates, I recommend that you use CA.all that is included with FreeRADIUS. CA.all uses the configuration information in openssl.cnf.

a. openssl.cnf -- Update openssl.cnf for your configuration. The configuration file is located at:

/usr/local/openssl/ssl

A portion of the information from my openssl.cnf is given below. (The company information is does not describe an actual company located in Brentwood, TN.) Note that the configuration information includes the password "whatever". It is the certificate password.

When CA.all executes, it uses this information three times. The first pass through this information produces the root certificates. If you set up your configuration as shown below, you will be able to accept all of the settings in the first pass. The second pass through this information produces the client certificates. You only need to change the commonName to the client name. In my case, I changed the commonName to jbibe. The third pass through this information produces the server certificates. You only need to change the commonName to the server name. In my case, I changed the commonName to micron.

----- Example -------------------------------------------

...
# req_extensions = v3_req

# The extensions to add to a certificate request

[ req_distinguished_name ]

countryName = Country Name (2 letter code)
countryName_default = US
countryName_min = 2
countryName_max = 2

stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Tennessee

localityName = Locality Name (eg, city)
localityName_default = Brentwood

0.organizationName = Organization Name (eg, company)
0.organizationName_default = Helava

organizationalUnitName = Organizational Unit Name
organizationalUnitName_default = Engineering

commonName = Common Name (eg, YOUR name)
commonName_max = 64
commonName_default = HAI

emailAddress = Email Address
emailAddress_max = 40
emailAddress_default = ohb@cmcast.net

# SET-ex3 = SET extension number 3

[ req_attributes ]

challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
challengePassword_default = whatever

unstructuredName = An optional company name

---------------------------------------------------------

b. CA.all -- Update the CA.all script for your requirements. The file is located at:

/usr/src/802/radius/freeradius-snapshot-20040203/scripts

If you use the default password "whatever", you only need to verify that the path in the script points to the installed openssl information. No changes should be necessary, but there is one gotcha. At about line 30, the path will probably be in error. Look for the following line and update the path as needed.

echo "newreq.pem" | /usr/local/openssl/ssl/misc/CA.pl -newca

When CA.all executes, it produces nine certificates:

root.pem, root.p12, root.der
cert-clt.pem, cert-clt.p12, cert-clt.der
cert-srv.pem, cert-srv.p12, cert-srv.der

For TLS and PEAP, the server needs root.pem and cert-srv.pem. For TLS, the Windows XP client needs root.der and cert-clt.p12. For PEAP, the Windows XP client needs root.der.

In the event that you want to use TLS authentication with multiple clients, Document 3 provides the needed script. Look for the CA.clt script in Section 6.

3. Configure Server for TLS

There are only a few changes and additions needed for TLS authentication. The clients.conf, users, and radiusd.conf are located at:

/usr/local/radius/etc/raddb

a. clients.conf -- This file contains the basic configuration for the Access Point. Look for the following line then uncomment and modify as appropriate:

#client 192.168.0.0/24 {

client 192.168.1.0/24 {
secret = AP_Shared_Secret
shortname = WLAN
}

b. users -- This file contains the basic user information. Look for the following line and then add the user name:

#"John Doe" Auth-Type := Local, User-Password == "hello"
#

jbibe

Note that for TLS, you should not include an Auth-Type or a password. The server is able to determine the correct Auth-Type, and a password is not needed because the client uses a client certificate for authentication.

c. radiusd.conf -- This file contains the server configuration information. Look for the following lines and then change the default_eap_type from md5 to tls:

eap {
default_eap_type = md5

Change md5 to tls.

Move down to the following line, and then uncomment and modify the information, as shown below. Note that I placed the server certificates, dh file and random file in a new directory 1x on my system. Modify the path as needed for your server:

#tls {

tls {
private_key_password = whatever
private_key_file = /usr/local/radius/etc/1x/cert-srv.pem
certificate_file = /usr/local/radius/etc/1x/cert-srv.pem
CA_file = /usr/local/radius/etc/1x/root.pem
dh_file = /usr/local/radius/etc/1x/dh
random_file = /usr/local/radius/etc/1x/random
fragment_size = 1024
include_length = yes
}

No other changes are needed in radiusd.conf for TLS.

d. Server Certificates, DH File, and Random File -- I added a new directory 1x in the radius etc directory, and then copied the server certificates (root.pem and cert-srv.pem) into the directory. Finally, I used the following trick to produce dh and random:

date > dh
date > random

If you prefer, use your keyboard to enter some random characters in these files. Or even better, use the OpenSSL tools to produce the random information for these files.

e. Run-Radius -- The only server addition remaining is wrapper for radiusd. I added a new file run-radius in the /usr/local/radius/sbin directory. The script is from Document 3:

----- Wrapper Script ------------------------------------
#!/bin/sh -x

LD_LIBRARY_PATH=/usr/local/openssl/lib
LD_PRELOAD=/usr/local/openssl/lib/libcrypto.so

export LD_LIBRARY_PATH LD_PRELOAD

/usr/local/radius/sbin/radiusd $@
---------------------------------------------------------

After entering and saving the script, make run-radius executable:

chmod u=rwx run-radius

The server is complete.

4. Install Windows XP Certificates and Setup Client for TLS

The Windows XP certificates need to be installed, and client needs to be configured. I recommend that you follow Raymond McKay's example in Document 3, Section 10, XP Client (Supplicant) Setup. When this step is complete, the client is ready.

5. AP Setup

The AP configuration needs to be modified. This is the setup I used with my ZyXEL B-1000v2. (I assume that the B-1000 has been configured previously to use WEP keys and MAC addresses.)

At the wireless 802.1x tab:

Wireless Port Control = Authentication Required
ReAuthentication Timer = 1800 seconds
Idle Timeout = 3600 seconds
Authentication Database = RADIUS only
Dynamic WEP Key Exchange = 128-bit WEP

At the RADIUS tab for authentication:

Active = Yes
Server IP = 192.168.1.10
Port Number = 1812
Shared Secret = AP_Shared_Secret

6. Test TLS

The final step is to test the server. With Windows XP computer off, start the server in the debug mode by entering:

/usr/local/radius/sbin/run-radius -X -A

The server should start, displaying various debug information before it displays:

----- Example --------------------------------------------

Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
Ready to process requests

----------------------------------------------------------

If you don't see the message, look through the debug information for errors and missing information. If you see this message, start the Windows XP computer.

When the Windows XP starts, you will see various messages and certificates exchanged between the client and the server. If all is well, you should see the client authenticated and the user logged on. The following partial example is from Document 3. It shows the last few lines of a successful authentication:

----- Example ---------------------------------------------
...
MS-MPPE-Recv-Key = 0xe032765ca06c052e5fe7c2a7534a4252daec44a08505bdb459d4
fa81e70390f2221d2b06071eb0625e0ba67452a890909662
MS-MPPE-Send-Key = 0xe03131ce085bc266127528e749bd4753d3e1702df2d4d8c080351
380f52eae2c24a9fa78015c24e0d140bcd01b23d6c0cacc
EAP-Message = "\003_\000\004"
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 5
Going to the next request
-----------------------------------------------------------

If you see MS-MPPE-Recv-Key and MS-MPPE-Send-Key, the server authenticated the client. You should be able to surf.

7. Change Server Configuration for PEAP

To change the server for PEAP authentication, only a few changes need to be made.

a. users -- Return to the users file and add the user password:

jbibe User-Password == "My-XP-Password"

b. Radiusd.conf -- Return to the radiusd.conf file and make the following changes:

Change the default_eap_type from tls to peap:

eap {
default_eap_type = peap

Move to the PEAP section below the TLS section and uncomment the following lines:

peap {
default_eap_type = mschapv2
}

The server is now ready for PEAP authentication.

8. Change Windows XP for PEAP

On the Wireless Network tab, select the network and click Configure to open the network properties. Then

Select the Authentication tab
Select Protected EAP on the drop-down list
Click Properties
Enable "Validate server certificate"
In Trusted Root Certification Authorities list, enable the root.der certificate.
In Select Authentication Method, select "Secured password (EAP-MSCHAPv2)"
Click Configure
If desired, enable "Automatically use my Windows logon name and password".

I did not enable "Automatically use my Windows ..." In my HP laptop, the software adds HP\\ before the user name; e.g., HP\\jbibe. If you don't enable this option, windows will ask for your user name and password the first time the laptop tries to connect to the network. The computer will then use the user name and password exactly as entered.

On the original Authentication screen, I disabled the "Authenticate as computer when computer information is available"

Windows XP is now ready for testing.

9. Test PEAP

The final step is to test the server. With Windows XP computer off, start the server in the debug mode by entering:

/usr/local/radius/sbin/run-radius -X -A

The server should start, displaying various debug information. If it displays "Ready to process requests", the server is running. This message is identical to the TLS start message. If you review the debug information, you will see additional messages as peap and mschapv2 start.

If you see the Ready message, start the Windows XP computer. As the client and server communicate, you will see various messages exchanged. If all is well, you should see the client authenticated and the user logged on. Again you will see the MS-MPPE-Recv-Key and the MS-MPPE-Send-Key.

If you review the debug messages, you will see the TLS tunnel being built. Once it is built, you will see verification that messages are passing through the tunnel. Finally, you will see the user authenticated.

Réglages du Wi-Fi sur une machine de l'usine à FUD

Netmanager c'est pratique mais parfois on doit s'en passer.

Les différents paramètres du genre seuil de segmentation ou seuil pour le RTS/CTS se retrouvent dans la base de registre:

Bon alors la base des registres on y arrive via la ligne de commande:

Start, Run..., regedit

En dehors de cela la configuration de la connexion se fait soit par les drivers de la carte soit via Windows et l'on doit choisir un moyen à l'exclusion de l'autre.

Si l'on veut que ce soit windows qui gère la configuration du wifi, il faut sélectionner cette option dans les propriétés de la carte:

Start > Settings > Network Connections
Clic droit sur l'icône de la "wireless network connection puis properties et on va dans l'onglet wireless networks et il faut alors cocher la case Use windows to configure......



Si l'onglet wireless networks n'apparaît pas dans les propriétés de la carte c'est qu'elle est gérée par l'application du constructeur (intel par exemple) et qu'en plus le service Windows zero conf n'est pas démarré.

Pour le démarrer on va dans Start, Settings, Control Panel, Administrative tools, services

Si on souhaite le gérer par l'application du constructeur de la carte c'est du cas par cas mais on n'a plus d'infos qu'avec l'outil windows par exemple on sait le canal utilisé

Dans le cas de Intel on a une icône dans la barre des taches et on peut choisir qui gère la carte en faisant un clic droit dessus:

tunnel SSH

ssh -L 8080:www.google.be:80 -l root 193.190.194.197

ensuite http://127.0.0.1:8080

pidgin on rhel5

> On Fri, 2007-08-03 at 06:38 -0400, Jean-David Beyer wrote:
>> In particular, I run Red Hat Enterprise Linux 5.
>>
>> It complained about missing stuff, libsilc-1.0.so.2 and
>> libsilcclient-1.0.so.1
>>
>> I downloaded and installed libsilc-1.0.so.2 which also included
>> libsilcclient-1.0.so.2.
>
> How did you install these?

I downloaded libsilc-0.9.12-1.i386.rpm from somewhere (rpmfind) and did rpm
-Uvh libsilc-0.9.12-1.i386.rpm and it loaded both of them.
>
>> Is this a bug in your yum dependencies, or must I load libsilc from
>> somewhere else to get the older version, or what?
>
> It appears Red Hat have dropped libsilc from RHEL5, but as I build the
> RPMs using the CentOS RHEL rebuild which appears to have maintained
> libsilc the Pidgin RPMs have SILC support. You can install the CentOS
> libsilc RPM from here to satisfy the missing dependency:
>
> http://mirror.linux.duke.edu/pub/centos/5/os/i386/CentOS/libsilc-1.0.2-2.fc6.i386.rpm
>
>
Thanks. I removed the rpm I had installed and installed the one you
suggested and it now seems to work. No one I know is logged in at the
moment, but it looks somewhat as I remember it from a few months ago. There
are superficial differences, but that does not matter as I am not a power user.

clavier révolutionnaire

The 1 hand keyboard is the Twiddler.

You can get more information at:
http://www.handykey.com/

Unfortunately they seem to have production problems.
Anyway we could develop and enhanced version using the results of FASTY
and combining it with ZigBee to make it wireless.

Another option would be to use a camera on the wirst, replacing the leds
on the quite innovative http://www.lightglove.com/

RHEL5

8. Disabling IPv6

To disable IPv6 you need to:

· Add this line to /etc/modprobe.conf:
alias net-pf-10 off

NOTE: if the line "alias net-pf-10 ipv6" exists in the file, change it.

· Add this line to /etc/sysconfig/network
NETWORKING_IPV6=no

NOTE: If the line "NETWORKING_IPV6=yes" exists in the file, change it.

Recompilation plugin nagios

apt-get build-dep nagios-plugins
apt-get source nagios-plugins
cd /nagios-plugins1.4.5
dpkg buildpackage

PC écologique

http://www.fit-pc.com/specifications.htm

Solutions pour la surdité

The 1 hand keyboard is the Twiddler.

You can get more information at:
http://www.handykey.com/

Unfortunately they seem to have production problems.
Anyway we could develop and enhanced version using the results of FASTY
and combining it with ZigBee to make it wireless.

Another option would be to use a camera on the wirst, replacing the leds
on the quite innovative http://www.lightglove.com/

backup des posts sur blogspot-blogger

http://googlesystem.blogspot.com/2007/02/how-to-backup-blogger-blog.html

MRTG configuration

Doc standard MRTG


/usr/bin/cfgmaker --global 'WorkDir: /var/www/mrtg' --global 'Options[_]: bits,growright' --output /etc/mrtg.cfg public@172.16.11.104

ou pour plusieurs

/usr/bin/cfgmaker --global 'WorkDir: /var/www/mrtg' --global 'Options[_]: bits,growright' --output /etc/mrtgessai.cfg public@172.16.11.102 nagios@172.16.5.25

RUNNING MRTG

Once you have created a configuration file, try the following:

 /usr/local/mrtg-2/bin/mrtg /home/mrtg/cfg/mrtg.cfg

This will query your router and also create your first mrtg trafic graphs and webpages. When you run mrtg for the first time there will be a lot of complaints about missing log files. Don't worry, this is normal for the first 2 times you start mrtg. If it keeps complaining after this time you might want to look into the problem.

Starting mrtg by hand is not ideal in the long run. So when you are satisfied with the results you can automate the process of running mrtg in regular intervals (this means every 5 minutes by default).

You can either add mrtg to your crontab with a line like this:

 0,5,10,15,20,25,30,35,40,45,50,55 * * * * \
   /mrtg /mrtg.cfg \
            --logging /var/log/mrtg.log

or if you live in Linux Land the line may look like this if you are using crontab -e

 */5 * * * *  /mrtg /mrtg.cfg \
                   --logging /var/log/mrtg.log

or like this if you use /etc/crontab

 */5 * * * *  mrtg-user  /mrtg /mrtg.cfg \
                             --logging /var/log/mrtg.log              

You can also run mrtg as a daemon process by adding the line

 RunAsDaemon: Yes

to your mrtg configuration file and then creating a startup script in your system startup sequence. Unfortunately, adding startup scripts differs widely amongst different unix systems. The modern ones normally have a directory called /etc/init.d or /etc/rc.d/init.d where you put scripts which starts the process you want to run when the system boots. Further you must create a symbolic link in /etc/rc3.d or /etc/rc.d/rc?.d called S65mrtg (this is just a sample name ... it is just important that it starts with S followed by a two digit number). If you are not sure about this, make sure you consult the documentation of your system to make sure you get this right.

A minimal script to put into init.d might look like this:

 #! /bin/sh
cd /usr/local/mrtg-2.15.2/bin && ./mrtg --user=mrtg-user \
   /home/httpd/mrtg/mrtg.cfg  --logging /var/log/mrtg.log              

Note that this will only work with RunAsDaemon: Yes in your mrtg.cfg file.

----------------------------------

env LANG=C /usr/bin/mrtg /etc/mrtg.cfg

sur une debian 4.0 en français cette commande est nécessaire

------------------------------

dans le fichier services

# check bandwidth
define service {
host_name switch104
service_description port 1 bandwidth usage
check_command traffic_average!/var/www/mrtg/172.16.11.104_1.log!2000,2000!50000,50000
use generic-service
notification_interval 0 ; set > 0 if you want to be renotified
}

------------------------------------------------------------------------------------

# 'traffic_average' command definition
define command{
command_name traffic_average
command_line /usr/lib/nagios/plugins/check_mrtgtraf -F $ARG1$ -a AVG -w $ARG2$ -c $ARG3$ -e 10
}

Compilation plugins nagios debian

apt-get build-dep nagios-plugins
apt-get source nagios-plugins
cd nagios-plugins_....
dpkg-buildpackage

mise à jour du nom dns via le client dhcp

dans le fichier /etc/dhcp3/dhclient.conf

send host-name "hostnamesansledomaine";

nb: la ligne est en commentaire par défaut

Nagios2 sur Debian 4.0

installation de debian etch via le réseau système de base seulement

ajout de contrib et non-free dans /etc/apt/sources.list

en root:

apt-get install nagios2 nagios-images nagios-plugins nagios2-doc openssh-server

On obtient typiquement quelque chose de ce type:
PDBL:~# apt-get install nagios2 nagios-images nagios-plugins nagios2-doc openssh-server
Reading package lists... Done
Building dependency tree... Done
openssh-server is already the newest version.
The following extra packages will be installed:
fping libnet-snmp-perl libradius1 nagios-plugins-basic
nagios-plugins-standard nagios2-common qstat radiusclient1 snmp
Suggested packages:
libcrypt-des-perl libdigest-hmac-perl libdigest-sha1-perl
libio-socket-inet6-perl nagios-text nagios nagios-nrpe-plugin
The following NEW packages will be installed:
fping libnet-snmp-perl libradius1 nagios-images nagios-plugins
nagios-plugins-basic nagios-plugins-standard nagios2 nagios2-common
nagios2-doc qstat radiusclient1 snmp
0 upgraded, 13 newly installed, 0 to remove and 1 not upgraded.
Need to get 0B/6020kB of archives.
After unpacking 14.9MB of additional disk space will be used.

cd /etc/nagios2/
htpasswd -c htpasswd.users nagiosadmin

!!!! si on choisit un autre nom d'utilisateur que nagiosadmin,
il faut faire le changement dans /etc/nagios2/cgi.cfg

Pour pouvoir lancer des vérifications de puis l'interface graphique

chown nagios.www-data /var/lib/nagios2/
chown nagios.www-data /var/lib/nagios2/rw/

chmod u+rwx /var/lib/nagios2/rw/
chmod g+rwx /var/lib/nagios2/rw/

chmod g+s /var/lib/nagios2/
chmod g+s /var/lib/nagios2/rw/

----------------------------------------------------

quand on fait une modification dans un des fichiers de configuration,
on peut vérifier que tout est ok en faisant:

/usr/sbin/nagios2 -v /etc/nagios2/nagios.cfg

afin de pouvoir lancer des checks depuis l'interface web:

dans /etc/nagios2/nagios.cfg

check_external_commands=1 (mis à 0 par défaut)

---------------------------------------------------

Monitoring d'une machine windows:

• sur la machine windows il faut installer un client

Installing the Windows Agent

Before you can begin monitoring private services and attributes of Windows machines,
you'll need to install an agent on those machines. I recommend using the NSClient++ addon, which can be found at http://sourceforge.net/projects/nscplus. These instructions will take
you through a basic installation of the NSClient++ addon, as well as the configuration
of Nagios for monitoring the Windows machine.

1. Download the latest stable version of the NSClient++ addon from http://sourceforge.net/projects/nscplus

2. Unzip the NSClient++ files into a new C:\NSClient++ directory

3. Open a command prompt and change to the C:\NSClient++ directory

4. Register the NSClient++ system service with the following command:

 nsclient++ /install

5. Install the NSClient++ systray with the following command ('SysTray' is case-sensitive):

 nsclient++ SysTray

6. Open the services manager and make sure the NSClientpp service is allowed to interact
with the desktop (see the 'Log On' tab of the services manager). If it isn't already allowed
to interact with the desktop, check the box to allow it to.

7. Edit the NSC.INI file (located in the C:\NSClient++ directory) and make the following changes:

• Uncomment all the modules listed in the [modules] section, except for CheckWMI.dll and RemoteConfiguration.dll
• Optionally require a password for clients by changing the 'password' option in the [Settings] section.
• Uncomment the 'allowed_hosts' option in the [Settings] section. Add the IP address of the Nagios server to this line, or leave it blank to allow all hosts to connect.
• Make sure the 'port' option in the [NSClient] section is uncommented and set to '1248' (the default port).

voilà un exemple de fichier de config NSC.INI fonctionnel:

[modules]
;# NSCLIENT++ MODULES
;# A list with DLLs to load at startup.
; You will need to enable some of these for NSClient++ to work.
; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
; * *
; * N O T I C E ! ! ! - Y O U H A V E T O E D I T T H I S *
; * *
; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
FileLogger.dll
CheckSystem.dll
CheckDisk.dll
NSClientListener.dll
NRPEListener.dll
SysTray.dll
CheckEventLog.dll
CheckHelpers.dll
;
; CheckWMI IS AN EXTREM EARLY IDEA SO DONT USE FOR PRODUCTION ENVIROMNEMTS!
;CheckWMI.dll
;
; RemoteConfiguration IS AN EXTREM EARLY IDEA SO DONT USE FOR
PRODUCTION ENVIROMNEMTS!
;RemoteConfiguration.dll

[Settings]
;# OBFUSCATED PASSWORD
; This is the same as the password option but here you can store the password
in an obfuscated manner.
; *NOTICE* obfuscation is *NOT* the same as encryption, someone with access
to this file can still figure out the
; password. Its just a bit harder to do it at first glance.
;obfuscated_password=Jw0KAUUdXlAAUwASDAAB
;
;# PASSWORD
; This is the password (-s) that is required to access NSClient remotely.
If you leave this blank everyone will be able to access the daemon remotly.
password=test
;# ALLOWED HOST ADDRESSES
; This is a comma-delimited list of IP address of hosts that are allowed to talk
; to the all daemons.
; If leave this blank anyone can access the deamon remotly (NSClient still requires
; a valid password).
; The syntax is host or ip/mask so 192.168.0.0/24 will allow anyone on that
; subnet access
allowed_hosts=172.16.0.0/16
;
;# USE THIS FILE
; Use the INI file as opposed to the registry if this is 0 and the use_reg in the
; registry is set to 1
; the registry will be used instead.
use_file=1

[log]
;# LOG DEBUG
; Set to 1 if you want debug message printed in the log file (debug messages
; are always printed to stdout when run with -test)
debug=1
;
;# LOG FILE
; The file to print log statements to
file=NSC.log
;
;# LOG DATE MASK
; The format to for the date/time part of the log entry written to file.
date_mask=%Y-%m-%d %H:%M:%S


[NSClient]
;# ALLOWED HOST ADDRESSES
; This is a comma-delimited list of IP address of hosts that are allowed to talk
; to NSClient deamon.
; If you leave this blank the global version will be used instead.
allowed_hosts=172.16.27.43
;
;# NSCLIENT PORT NUMBER
; This is the port the NSClientListener.dll will listen to.
port=1248
;
;# BIND TO ADDRESS
; Allows you to bind server to a specific local address.
;This has to be a dotted ip adress not a hostname.
; Leaving this blank will bind to all avalible IP adresses.
bind_to_address=


[Check System]
;# CPU BUFFER SIZE
; Can be anything ranging from 1s (for 1 second) to 10w for 10 weeks.
; Notice that a larger buffer will waste memory
; so don't use a larger buffer then you need (ie. the longest check you do +1).
;CPUBufferSize=1h
;
;# CHECK RESOLUTION
; The resolution to check values (currently only CPU).
; The value is entered in 1/10:th of a second and the default is 10
; (which means ones every second)
;CheckResolution=10

[NRPE]
;# NRPE PORT NUMBER
; This is the port the NRPEListener.dll will listen to.
;port=5666
;
;# COMMAND TIMEOUT
; This specifies the maximum number of seconds that the NRPE
; daemon will allow plug-ins to finish executing before killing them off.
;command_timeout=60
;
;# COMMAND ARGUMENT PROCESSING
; This option determines whether or not the NRPE daemon will
;allow clients to specify arguments to commands that are executed.
;allow_arguments=0
;
;# COMMAND ALLOW NASTY META CHARS
; This option determines whether or not the NRPE daemon will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments. ;allow_nasty_meta_chars=0 ; ;# USE SSL SOCKET ; This option controls if SSL should be used on the socket. ;use_ssl=1 ; ;# BIND TO ADDRESS ; Allows you to bind server to a specific local address. This has to be a dotted ip adress not a hostname. ; Leaving this blank will bind to all avalible IP adresses. ; bind_to_address= ; ;# ALLOWED HOST ADDRESSES ; This is a comma-delimited list of IP address of hosts that are allowed to talk to NRPE deamon. ; If you leave this blank the global version will be used instead. ;allowed_hosts= ; ;# SCRIPT DIRECTORY ; All files in this directory will become check commands. ; *WARNING* This is undoubtedly dangerous so use with care! ;script_dir=scripts\ [NRPE Handlers] ;# COMMAND DEFINITIONS ;# Command definitions that this daemon will run. ;# Can be either NRPE syntax: ;command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10 ;# Or simplified syntax: ;test=c:\test.bat foo $ARG1$ bar ;check_disk1=/usr/local/nagios/libexec/check_disk -w 5 -c 10 ;# Or even loopback (inject) syntax (to run internal commands) ;# This is a way to run "NSClient" commands and other internal module commands such as check eventlog etc. ;check_cpu=inject checkCPU warn=80 crit=90 5 10 15 ;check_eventlog=inject CheckEventLog Application warn.require.eventType=error warn.require.eventType=warning critical.require.eventType=error critical.exclude.eventType=info truncate=1024 descriptions ;check_disk_c=inject CheckFileSize ShowAll MaxWarn=1024M MaxCrit=4096M File:WIN=c:\ATI\*.* ;# But be careful: ; dont_check=inject dont_check This will "loop forever" so be careful with the inject command... ;# Check some escapings... ; check_escape=inject CheckFileSize ShowAll MaxWarn=1024M MaxCrit=4096M "File: foo \" WIN=c:\\WINDOWS\\*.*" ;# Some real world samples ;nrpe_cpu=inject checkCPU warn=80 crit=90 5 10 15 ;nrpe_ok=scripts\ok.bat

8. Start the NSClient++ service with the following command:

 nsclient++ /start

9. If installed properly, a new icon should appear in your system tray.

It will be a yellow circle with a black 'M' inside.

10. Success! The Windows server can now be added to the Nagios monitoring configuration...

• sur le serveur nagios

créer un fichier avec toutes les machines windows

cd /etc/nagios2/conf.d/

cp host-gateway_nagios2.cfg host-windows_nagios2.cfg
vim host-windows_nagios2.cfg

renseigner le hostname, l'alias, l'adresse et le parent

rajouter le service:
optiplex:/etc/nagios2/conf.d# vim services_nagios2.cfg

# check that NSClient is up
define service {
host_name pc-simulation
service_description NS Client Version
check_command check_nt!CLIENTVERSION
use generic-service
notification_interval 0 ; set > 0 if you want to be renotified
}

dans /etc/nagios-plugins/config/nt.cfg s'assurer que le mot de passe défini
dans NSC.INI est bien présent (par défaut non)

command_line /usr/lib/nagios/plugins/check_nt -H $HOSTADDRESS$
-v $ARG1$ -s test (le -s test est à rajouter)

define service{
use   generic-service
host_name   winserver
service_description NSClient++ Version
check_command  check_nt!CLIENTVERSION
}

Add the following service definition to monitor the uptime of the Windows server.

define service{
use   generic-service
host_name   winserver
service_description Uptime
check_command  check_nt!UPTIME
}

Add the following service definition to monitor the CPU utilization on the
Windows server and generate a CRITICAL alert if the 5-minute CPU load
is 90% or more or a WARNING alert if the 5-minute load is 80% or greater.

define service{
use   generic-service
host_name   winserver
service_description CPU Load
check_command  check_nt_cpuload!10,80,90,20,80,95,30,80,95
}

!!!!!  Il faut rajouter ceci dans le fichier /etc/nagios-plugins/config/load.cfg
# 'check_nt_cpuload command definition
define command{
command_name check_nt_cpuload
command_line /usr/lib/nagios/plugins/check_nt -H $HOSTADDRESS$ -p 1248 -
s test -v CPULOAD -l $ARG1$
}

Add the following service definition to monitor memory usage
on the Windows server and generate a CRITICAL alert if memory
usage is 90% or more or a WARNING alert if memory usage is 80% or greater.

define service{
use   generic-service
host_name   winserver
service_description Memory Usage
check_command  check_nt!MEMUSE!-w 80 -c 90
}

Add the following service definition to monitor usage of the C:\ drive on
the Windows server and generate a CRITICAL alert if disk usage is 90%
or more or a WARNING alert if disk usage is 80% or greater.

define service{
use   generic-service
host_name   winserver
service_description C:\ Drive Space
check_command  check_nt_disk!C!80!90
}

!!!!!  Il faut rajouter ceci dans le fichier /etc/nagios/-plugins/config/disk.cfg
# 'check_nt_disk command definition
define command{
command_name check_nt_disk
command_line /usr/lib/nagios/plugins/check_nt -H $HOSTADDRESS$ -p 1248 -
s test -v USEDDISKSPACE -l $ARG1$ -w $ARG2$ -c $ARG3$
}

Add the following service definition to monitor the W3SVC service
state on the Windows machine and generate a CRITICAL alert if
the service is stopped.

define service{
use   generic-service
host_name   winserver
service_description W3SVC
check_command  check_nt!SERVICESTATE!-d SHOWALL -l W3SVC
}

Add the following service definition to monitor the Explorer.exe process
on the Windows machine and generate a CRITICAL alert if the process
is not running.

define service{
use   generic-service
host_name   winserver
service_description Explorer
check_command  check_nt!PROCSTATE!-d SHOWALL -l Explorer.exe
}
----------------------------------------------------------------

monitoring de "switches" et routeurs

Creating Required Definitions

You'll need to create some object definitions in order to monitor a new switch.
These definitions can be placed in their own file or added to an already exiting
object configuration file.

First, its best practice to create a new template for each different type of host
you'll be monitoring. Let's create a new template for switches.

define host{ name generic-switch ; The name of this host template use generic-host ; Inherit default values from the generic-host template check_period 24x7 ; By default, switches are monitored round the clock check_interval 5 ; Switches are checked every 5 minutes retry_interval 1 ; Schedule host check retries at 1 minute intervals max_check_attempts 10 ; Check each switch 10 times (max) check_command check-host-alive ; Default command to check if routers are "alive" notification_period 24x7 ; Send notifications at any time notification_interval 30 ; Resend notifications every 30 minutes notification_options d,r ;
Only send notifications for specific host states contact_groups admins ; Notifications get sent to the admins by default register 0 ; DONT REGISTER THIS - ITS JUST A TEMPLATE }

Notice that the switch template definition is inheriting default values from the generic-host template, which is defined in the sample localhost.cfg file.

Next, define a new host for the switch that references the newly created generic-switch host template.

define host{ use generic-switch ; Inherit default values from a template host_name linksys-srw224p ; The name we're giving to this switch alias Linksys SRW224P Switch ; A longer name associated with the switch address 192.168.1.253 ; IP address of the switch hostgroups allhosts ; Host groups this switch is associated with }

Add an optional hostgroup for switches. This is useful if you create additional switches in the future and want to view them together in the CGIs. It can also be useful for object definition tricks that you can use to manage larger configurations later on.

define hostgroup{ hostgroup_name switches ; The name of the hostgroup alias Network Switches ; Long name of the group members linksys-srw224p ; Comma separated list of hosts that belong to this group }

The linksys-srw224p host will be a member of two hostgroups - allhosts (which is referenced in the host definition and defined in localhost.cfg) and switches (which is defined above).

Monitoring Packet Loss and RTA

Now its time to define some services that should be associated with the switch. First off, we should monitor packet loss and round trip average between the Nagios host and the switch.
This can be accomplished by using the check_ping plugin. A command definition for using the check_ping plugin that has been defined in the commands.cfg file. That command definition looks like this...

define command{ command_name check_ping command_line $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5 }

Let's create a service called PING as follows...

define service{ use generic-service ; Inherit values from a template host_name linksys-srw224p ; The name of the host the service is associated with service_description PING
; The service description check_command check_ping!200.0,20%!600.0,60%
; The command used to monitor the service normal_check_interval 5
; Check the service every 5 minutes under normal conditions retry_check_interval 1
; Re-check the service every minute until its final/hard state is determined }

Notice that the check_command directive is passing "200.0,20%" and "600.0,60%" to the check_ping command, where they are substituted for the $ARG1$ and $ARG2$ macros, respectively. This means that the PING service will be:

• CRITICAL if the round trip average (RTA) is greater than 600 milliseconds or the packet loss is 60% or more
• WARNING if the RTA is greater than 200 ms or the packet loss is 20% or more
• OK if the RTA is less than 200 ms and the packet loss is less than 20%

Monitoring SNMP Status Information

If your switch or router supports SNMP, you can monitor a lot of information by using the check_snmp plugin. A command definition for using the check_snmp plugin that has been defined in the commands.cfg file. That command definition looks like this...

define command{ command_name check_snmp command_line $USER1$/check_snmp -H $HOSTADDRESS$ $ARG1$ }

Monitoring the uptime of a switch is fairly common. A service definition that would accomplish that looks like this...

define service{ use generic-service ; Inherit values from a template host_name linksys-srw224p service_description Uptime check_command check_snmp!-C public -o sysUpTime.0 }

The check_command directive will pass the "-C public -o sysUpTime.0" options to the $ARG1$ macro in the check_snmp command definitions. The "-C public" tells the plugin that the SNMP community name is "public" and the "-o sysUpTime.0" is the OID that we want to check.

If you want to ensure that a specific port/interface on the switch is in an up state, you could create a service definition like this:

define service{ use generic-service ; Inherit values from a template host_name linksys-srw224p service_description Port 1 Link Status check_command check_snmp!-C public -o ifOperStatus.1 -r 1 -m RFC1213-MIB }

In the example above, the "-o ifOperStatus.1" refers to the OID for the operational status of port 1 on the switch. The "-r 1" option tells the check_snmp plugin to return an OK state if "1" is found in the SNMP result (1 indicates an "up" state on the port) and CRITICAL if it isn't found. The "-m RFC1213-MIB" is optional and tells the check_snmp plugin to only load the "RFC1213-MIB" instead of every single MIB that's installed on your system, which can help speed things up.

That's it for the SNMP monitoring example. There are a million things that can be monitored via SNMP, so its up to you to decide what you need and want to monitor. Good luck!

Tip: You can usually find the OIDs that can be monitored on a switch by running the following command (replace 192.168.1.253 with the IP address of the switch): snmpwalk -v1 -c public 192.168.1.253 -m ALL .1

helo mal configuré sur serveur exim4

LE problème:

Testing HELO configuration

One way of testing whether your mail server is misconfigured is to send an email through it to helocheck@cbl.abuseat.org. You will get a virtually immediate rejection.

In other words, you will get bounce message back that appears to indicate that your email to helocheck didn't work. It did. It's _supposed_ to work that way. The important piece to check is the error message you see.

Examine the error message, and you should see something like one of the following lines:

#5.1.1 SMTP; 550 Your HELO name for IP address 1.2.4.6 was "localhost.localdomain"
#5.1.1 SMTP; 550 Your HELO name for IP address 1.2.4.6 was "localhost"
#5.1.1 SMTP; 550 Your HELO name for IP address 1.2.4.6 was "smtp"
#5.1.1 SMTP; 550 Your HELO name for IP address 1.2.4.6 was "1.2.4.6"
#5.1.1 SMTP; 550 Your HELO name for IP address 1.2.4.6 was "[1.2.4.6]"
#5.1.1 SMTP; 550 Your HELO name for IP address 1.2.4.6 was "mail.example.com"

It should be the fully qualified domain name for your mail server or an IP address enclosed in square brackets.

In the above example, the first four examples are syntactically wrong by RFC2821. The last two are valid.

If it isn't like one of the last two examples, you have found the problem that needs to be fixed.

If the HELO you see from "helocheck" is a fully qualified domain (such as "mail.example.com"), your mail server software is configured correctly, but something else in your environment is attempting to send email, and you need to hunt it down. Check for sender verify code, challenge/response or proxy trojans (common on certain flavours of web servers). Eg: check the running tasks for anything you don't immediately recognize.

Please don't contact us and say "but our mail server software isn't doing it". It may not be, but SOMETHING at the listed IP IS.

Hit the browser button to see hints on how to fix this.

La solution:

rajouter la variable

primary_hostname = name.domain

avant la ligne

domainlist local_domains = DEBCONF.....

dans le fichier /etc/exim4/exim4.conf.template

et puis faire un

dpkg-reconfigure exim4-config

impression qualité photo epson r800

il faut absolument aller dans les options avancées et sélectionner le bon papier et la bonne qualité:

Capture d'écran sous macosx

tiré de wikipedia (excellentissime)

MacOSX offre plusieurs possibilités pour réaliser une capture d'écran :

Combinaisons de touches :

• majuscule - commande (touche pomme) - 3(pas sur le pavé numérique) capturera l'écran entier, et placera le résultat dans un fichier Image x.png (où x est un chiffre). Si vous utilisez une configuration multi-écrans, un fichier par écran sera créé.
• majuscule - commande (touche pomme) - 4(pas sur le pavé numérique) fera apparaitre une croix permettant de délimiter la zone de l'écran à capturer. Une pression sur la barre espace transformera cette croix en appareil photo, permettant de prendre une capture d'un élément de l'écran (menu, fenêtre, dock ...). L'élément qui sera capturé est mis en surbrillance lors du passage de la souris.

Si vous appuyez sur la touche contrôl (ctrl) lors de la capture, le résultat ne sera pas stocké dans un fichier, mais dans le presse papier. Vous pourrez alors le coller dans n'importe quelle application acceptant les images.

Sous Mac OS X 10.4 "Tiger", le format par défaut des fichiers créés est le PNG. Il est possible de modifier ce format, mais cela nécessite une manipulation en ligne de code : dans le Terminal, entrez :

defaults write com.apple.screencapture type format

où format peut êre BMP (Windows bitmap), GIF, JPEG 2000, JPEG, PDF, PICT, PNG, PSD, SGI, TGA & TIFF.

Pour finir, entrez

killall SystemUIServer

pour redémarrer le serveur graphique (c'est totalement invisible et immédiat). Vous pouvez aussi relancer la session si vous n'aimez pas les lignes de commandes.

caractères de protection en bash

PROTECTION

Les protections (quoting) permettent de forcer l'interpréteur à ignorer la signification spéciale de certains caractères ou mots. Les protections peuvent être utilisées pour empêcher le traitement des caractères spéciaux, éviter la reconnaissance des mots-réservés ou empêcher le développement des paramètres.

Tous les méta-caractères mentionnés dans le paragraphe DÉFINITIONS plus haut ont des significations spéciales pour le shell, et doivent être protégés pour garder leur propre valeur. Il y a trois mécanismes de protection : Le caractère d'échappement, les apostrophes (quote) et les guillemets (double-quote).

Un caractère backslash (\), quand il n'est pas protégé, représente le caractère d'échappement. Il préserve la valeur littérale du caractère qui le suit, à l'exception du . Si une séquence \ apparaît, et si le backslash n'est pas protégé, l'ensemble \ est considéré comme une continuation de ligne (autrement dit, il est ignoré).

Encadrer des caractères entre des apostrophes simples préserve la valeur littérale de chacun des caractères. Une apostrophe ne peut pas être placée entre deux apostrophes, même si elle est précédée d'un backslash.

Encadrer des caractères entre des guillemets préserve la valeur littérale de chacun des caractères sauf $, `, et \. Les caractères $ et ` conservent leurs significations spéciales, même entre guillemets. Le backslash ne conserve sa signification que lorsqu'il est suivi par $, `, ", \, ou . Un guillemet peut être protégé entre deux guillemets, à condition de le faire précéder par un backslash.

Les caractères spéciaux * et @ ont des significations spéciales lorsqu'ils se trouvent entre guillemets (voir le paragraphe PARAMÈTRES ci-dessous).

Les mots de la forme $'chaîne' sont traités différemment. Le mot est développé en chaîne avec les séquences d'échappement remplacées par les séquences standards du C ANSI:

\a

alerte (cloche alias bip)

\b

effacement arrière

\e

un caractère escape

\f

fin de page

\n

fin de ligne

\r

retour chariot

\t

tabulation horizontale

\v

tabulation verticale

\\

anti-slash

\nnn

le caractère dont le code ASCII en octal est nnn (un à trois chiffres)

\xnnn

le caractère dont le code ASCII en hexadécimal est nnn (un à trois chiffres)

Le résultat après traduction est protégé par des apostrophes comme si le symbole dollar n'avait pas été présent.

Une chaîne entre guillemets précédée d'un symbole dollar ($) sera traduite selon la localisation en vigueur. Si la locale courante est C ou POSIX, le symbole dollar est ignoré. Si la chaîne a subi une traduction ou des remplacements, le résultat est protégé par des guillemets.

reconfiguration de vmware

Au changement de noyaux, il faut reconfigurer vmware en lancant le script:
/usr/bin/vmware-config.pl

pour recompiler il faut installer les derniers headers
uname -a
apt-get install linux-headers-2.6.15-28-386

et préciser le chemin
/usr/src/linux-headers-2.6.15-28-386linux-headers-2.6.15-28-386/include
les machines virtuelles se trouvent dans le sous répertoire vm de mon home directory

monitoring du wifi: aircrack

apt-get install aircrack

pour capturer du traffic sur l'interface eth1 et le channel 3 et le sauvegarder dans un format lisible par wireshark/ethereal

sudo airodump eth1 wlantest 3

ensuite on lit le contenu de wlantest dans wireshark

monitoring du wifi: kismet

apt-get install kismet

éditer le fichier de config:

vi /etc/kismet/kismet.conf

changer 4 lignes:
suiduser=hanoteau (mettre à la place de hanoteau votre utilisateur)
source=ipw2200,eth1,ipw2200 (pour mon latitude D610 avec centrino ipw2200 cfr lspci)
defaultchannels=IEEE80211b:1,7,13,2,8,3,9,4,10,5,11,6,12
defaultchannels=IEEE80211g:1,7,13,2,8,3,9,4,10,5,11,6,12

Pour le lancer:
sudo kismet

dans l'interface appuyer sur s pour lister les différents réseaux et pouvoir les sélectionner
h = help

Accélérer le Mac

Lorsque votre Mac se fait plus lent qu'à l'accoutumé, il est temps de d'exécuter ces 11 commandements :

1. Supprimer des applications qui se lancent à l'ouverture de la session (Préférences Systèmes/Comptes/Ouverture)
2. Désactiver l'accès universel, le Bluetooth et la reconnaissance vocale.
3. Nettoyer les Préférences Systèmes "Autre".
4. Contrôler la version du logiciel : éviter les applications tournant sous Rosetta.
5. Supprimer le code superflu : les dernières applications contiennent le code destiné aux processeurs PowerPC et Intel. XSlimmer permet de ne garder que le code nécessaire à votre machine.
6. Supprimer les langues qui vous sont inutiles à l'aide d'utilitaires comme Monolingual.
7. Améliorer le refroidissement de votre Mac : Divers utilitaires permettent de contrôler la vitesse de rotation du ventilateur du processeur.
8. Réduire le nombre de Widgets.
9. Garder un oeil sur le Moniteur d'Activité (situé dans les utilitaires). Il permet de surveiller la charge du processeur et la disponibilité de la RAM.
10. Nettoyer votre disque dur.
11. Exécuter OnyX.

Les étapes à suivre sont détaillées sur le site Low End Mac

wpa supplicant et ms chap v2

copié du site: http://pthichat.net/index.php/Linux

Voici les différentes étapes de configuration pour utiliser le réseau WIFI de l'Université de Bretagne Occidentale sous Linux.

"Installation de wpa_supplicant"

Pour cela il suffit de télecharger le paquet wpa_supplicant pour votre distribution favorite. Pour les gens qui utilisent Debian

apt-get install wpa_supplicant

"Configuration du SSID"

Pour cela il faut préciser qu'on va utiliser le vlan enseignement et non pas le SSID wifiUBO (Saleté d'AP CISCO je me suis fait avoir).

iwconfig ath0 essid enseignement

"Configuration wpa_supplicant"

Le réseau wifi utilise le protocol 802.1x/PEAP/MS-ChapV2 pour cela veuillez renseigner le fichier wpa_supplicant.conf comme suit :

network={
ssid="enseignement"
key_mgmt=IEEE8021X
eap=PEAP
phase2="auth=MSCHAPV2"
identity="numero etudiant"
password="password"
}

"Lancement de wpa_supplicant"

Je vous laisse lire la doc de wpa_supplicant pour savoir quelles options utiliser (Dans mon cas ma carte wifi ath0 et j'utilise ndiswrapper avec le driver wext)

wpa_supplicant -Dwext -iath0 -c/etc/wpa_supplicant/wpa_supplicant.conf &

Il vous reste maintenant à lancer le dhcp et vous voila prêt a utiliser le wifi

dhclient ath0

Config d'une IP sur un ap cisco 1242

enable
(passwd Cisco)
configure terminal
no logging console
interface bvi1
ip address 172.16.1.115 255.255.255.0
exit
exit
copy run start

connecteurs RF & microwave

Cisco vers antennes :

• Reverse TNC mâle jack ->OK -> reverse TNC femelle plug

• Reverse TNC mâle jack -> reverse TNC femelle plug/N femelle jack (adaptateur 7603400, 242131, be.farnell.com) -> N mâle plug/N mâle plug (câble 50cm 1056158, be.farnell.com) -> N femelle jack

Proxim vers antennes :

• Reverse MMCX femelle ->voir anixter (1086-PGTL pigtail cable N mâle plug) -> N femelle jack/reverse TNC mâle jack ????? -> reverse TNC femelle plug

• Reverse MMCX femelle -> voir anixter (1086-PGTL pigtail cable N mâle plug) -> N femelle jack

Zyxel/d-link vers antennes :

• Reverse SMA mâle jack -> reverse SMA femelle plug/reverse TNC mâle jack ??? -> reverse TNC femelle plug

• Reverse SMA mâle jack -> OK -> N femelle jack

--------------------------------------------------------------------------------------------

AP Cisco 1242 reverse TNC Male Jack
AP Proxim 4000 reverse MMCX Femelle
AP Zyxel 3000/570U Reverse SMA Male Jack
AP d-link 2000 Reverse SMA Male Jack

Antenne Cisco (2,2 dBi et Yagi) Reverse TNC femelle plug
Antenne proxim 1086 9.5 dBi, d-link 0800 8 dBi & 1080 8 dBi N femelle jack

script conversion tif jpg (basename est mon ami)

#!/bin/bash

#for img in `ls *.TIF`
#do
# convert $img $img.jpg
#done
mkdir jpeg
FILES=$(ls *.tif)
echo $FILES
for i in $FILES; do
# sed -e 's/\.TIF.jpg$/\.jpg/';
# convert $i $i.jpg
convert $i `basename $i .tif`.jpg
# sed -e 's/\.tif.jpg/\.jpg/';
done

Files=$(ls *.TIF)
#echo $Files
for i in $Files; do
# sed -e 's/\.TIF.jpg$/\.jpg/';
convert $i `basename $i .TIF`.jpg
done
cp *.jpg jpeg/