Year: 2020

How to Install & Configure Nagios 4 on Ubuntu 18.04 for Server Monitoring

Jovan Stosic March 20, 2020

Prerequisites

To follow this tutorial we assume the following:

  • You’re using a machine running Ubuntu or Debian. This tutorial is for Ubuntu 18.04, but it should work on Ubuntu 16.4, 14.04 and Debian systems.
  • You’re acting as a non-root sudo user. If you don’t have one set up, you can follow our tutorial on creating a sudo user on Ubuntu 18.04

Get a High RAM VPS at Entry-level Pricing

Starting with 2GB RAM at $6.99/month

Take your pick from our KVM VPS that offer a generous amount of RAM at an affordable price. We’ve got 5 plans for you to choose from, our smallest featuring 2GB RAM at $6.99/mo.

[Main Features] – SSD Drives
– KVM Virtualization
– 1Gbps Shared Uplink
– Location: Chicago, IL

Pick one of our KVM plans

GET STARTED NOW

Step 1 – Install PHP & Apache

We’ll first update our package index and install PHP and Apache.

Step 2 – Create a User and Group for Nagios

Next, create a new user for Nagios, and assign them a password:

Now we’ll create a group for Nagios, which we’ll call nagcmd and we’ll add the user we just created to this group.

We’ll also add the user to the Apache group.

Step 3 – Install Nagios Binaries

To install Nagios, we’ll first have to download the latest Nagios release. To do this, retrieve the tar.gz download link from the Github Releases page. The latest one at the time of writing is nagios-4.4.3.tar.gz.

We’ll first change our directory into /opt, download the release, and extract the archive.

After extracting the archive, navigate into the source directory and install Nagios along with some additional requirements using the make command:

Now we’ll need to copy event handlers scripts to the libexec directory. These provide multiple event triggers for the Nagios Web Interface.

Step 4 – Set Up Apache with an Authentication Gateway

We’ll now set up Apache Virtual Hosts for Nagios, and to secure our web interface, we’ll set up an authentication gateway to prevent unauthorized access.

To do this, we’ll create an Apache configuration file for Nagios:

And paste the following content into the file.

Save and close the file when you’re done.

Now we can set up the authentication gateway. We’ll use the user nagiosadmin. This is the default user that we can use to authenticate, and to use a different one would require further configuration.

Now enable the Apache configuration and restart it so the changes take effect:

Step 5 – Install Nagios Plugins

Once Nagios is installed and configured, we can download and install the latest nagios-plugins. To do this, retrieve the latest nagios-plugins release link from here. The latest version at the time of writing is nagios-plugins-2.2.1.tar.gz. After which, change the directory into /opt, download it, extract it, and navigate into it’s folder.

Now we compile and install nagios-plugins:

Step 6 – Verify & Start Nagios

After installing and configuring Nagios, we can verify if Nagios has been successfully installed, start it, and configure it to start on system boot.

Verify the installation:

Example Output

Start Nagios:

Configure to start on system boot:

Step 7 – Access the Nagios Web Interface

Now you can access the Nagios Web Interface by visiting your hostname or IP address in your browser followed by /nagios:

Source: How to Install & Configure Nagios 4 on Ubuntu 18.04 for Server Monitoring

How to Install & Configure Nagios 4 on Ubuntu 18.04 for Server Monitoring was last modified: March 20th, 2020 by Jovan Stosic

Jenůfa

Jovan Stosic March 20, 2020

(Czech) (help·info) (Její pastorkyňa, “Her Stepdaughter” in Czech) is an opera in three acts by Leoš Janáček to a Czech libretto by the composer, based on the play Její pastorkyňa by Gabriela Preissová. It was first performed at the National Theatre, Brno on 21 January 1904. Composed between 1896 and 1902, it is among the first operas written in prose.

The first of Janáček’s operas in which his distinctive voice can clearly be heard, it is a grim story of infanticide and redemption. Like the playwright’s original work, it is known for its unsentimental realism. While today it is heard in the composer‘s original version, Jenůfa’s early popularity was due to a revised version by Karel Kovařovic, altering what was considered its eccentric style and orchestration. Thus altered, it was well-received, first in Prague, and particularly after its Vienna première also worldwide. More than 70 years passed before audiences again heard it in Janáček’s original version.

Janáček wrote an overture to the opera, but decided not to use it. It was partly based on a song called Žárlivec (The jealous man). It is now performed as a concert piece under the title Žárlivost (Jealousy).

The composer dedicated the work to the memory of his daughter Olga (d. 1903), as he did his choral composition the Elegy on the Death of Daughter Olga.

https://en.m.wikipedia.org/wiki/Jen%C5%AFfa

Jenůfa was last modified: March 20th, 2020 by Jovan Stosic

Leoš Janáček – Wikipedia

Jovan Stosic March 20, 2020

Leoš Janáček (Czech pronunciation: [ˈlɛoʃ ˈjanaːtʃɛk] listen), baptised Leo Eugen Janáček; 3 July 1854 – 12 August 1928) was a Czech composer, musical theorist, folklorist, publicist and teacher. He was inspired by Moravian and other Slavic folk music to create an original, modern musical style.

Until 1895 he devoted himself mainly to folkloristic research. While his early musical output was influenced by contemporaries such as Antonín Dvořák, his later, mature works incorporate his earlier studies of national folk music in a modern, highly original synthesis, first evident in the opera Jenůfa, which was premiered in 1904 in Brno. The success of Jenůfa (often called the “Moravian national opera”) at Prague in 1916 gave Janáček access to the world’s great opera stages. Janáček’s later works are his most celebrated. They include operas such as Káťa Kabanová and The Cunning Little Vixen, the Sinfonietta, the Glagolitic Mass, the rhapsody Taras Bulba, two string quartets, and other chamber works. Along with Antonín Dvořák and Bedřich Smetana, he is considered one of the most important Czech composers.

https://en.m.wikipedia.org/wiki/Leo%C5%A1_Jan%C3%A1%C4%8Dek

Leoš Janáček – Wikipedia was last modified: March 20th, 2020 by Jovan Stosic

Snort (software)

Jovan Stosic March 18, 2020

Snort is a free open source network intrusion detection system (IDS) and intrusion prevention system (IPS) created in 1998 by Martin Roesch, founder and former CTO of Sourcefire. Snort is now developed by Cisco, which purchased Sourcefire in 2013.

In 2009, Snort entered InfoWorld‘s Open Source Hall of Fame as one of the “greatest [pieces of] open source software of all time”.

https://en.m.wikipedia.org/wiki/Snort_(software)

Snort (software) was last modified: March 18th, 2020 by Jovan Stosic

SSL/DovecotConfiguration – Dovecot Wiki

Jovan Stosic March 18, 2020

The certificate file can be world-readable, since it doesn’t contain anything sensitive (in fact it’s sent to each connecting SSL client). The key file’s permissions should be restricted to only root (and possibly ssl-certs group or similar if your OS uses such). Dovecot opens both of these files while still running as root, so you don’t need to give Dovecot any special permissions to read them (in fact: do not give dovecot user any permissions to the key file).

It’s possible to keep the certificate and the key both in the same file:

# Preferred permissions: root:root 0400
ssl_cert = </etc/ssl/dovecot.pem
ssl_key = </etc/ssl/dovecot.pem

It’s also possible to use different certificates for IMAP and POP3. However its important to note that “ssl = yes” must be set globally if you require SSL for any protocol (or dovecot will not listen on the SSL ports), which in turn requires that a certificate and key are specified globally even if you intend to specify certificates per protocol. The per protocol certificate settings override the global setting.:

protocol imap {
  ssl_cert = </etc/ssl/certs/imap.pem
  ssl_key = </etc/ssl/private/imap.pem
}
protocol pop3 {
  ssl_cert = </etc/ssl/certs/pop3.pem
  ssl_key = </etc/ssl/private/pop3.pem
}

There are a couple of different ways to specify when SSL/TLS is required:

  • ssl=no: SSL/TLS is completely disabled.

  • ssl=yes and disable_plaintext_auth=no: SSL/TLS is offered to the client, but the client isn’t required to use it. The client is allowed to login with plaintext authentication even when SSL/TLS isn’t enabled on the connection. This is insecure, because the plaintext password is exposed to the internet.

  • ssl=yes and disable_plaintext_auth=yes: SSL/TLS is offered to the client, but the client isn’t required to use it. The client isn’t allowed to use plaintext authentication, unless SSL/TLS is enabled first. However, if non-plaintext authentication mechanisms are enabled they are still allowed even without SSL/TLS. Depending on how secure they are, the authentication is either fully secure or it could have some ways for it to be attacked.

  • ssl=required: SSL/TLS is always required, even if non-plaintext authentication mechanisms are used. Any attempt to authenticate before SSL/TLS is enabled will cause an authentication failure.

  • NOTE: If you have only plaintext mechanisms enabled (e.g. auth { mechanisms = plain login } ), ssl=yes and ssl=required are completely equivalent because in either case the authentication will fail unless SSL/TLS is enabled first.

  • NOTE2: With both ssl=yes and ssl=required it’s still possible that the client attempts to do a plaintext authentication before enabling SSL/TLS, which exposes the plaintext password to the internet. Dovecot attempts to indicate this to the IMAP clients via the LOGINDISABLED capability, but many clients still ignore it and send the password anyway. There is unfortunately no way for Dovecot to prevent this behavior. The POP3 standard doesn’t have an equivalent capability at all, so the POP3 clients can’t even know if the server would accept a plaintext authentication.

  • The main difference between ssl=required and disable_plaintext_auth=yes is that if ssl=required, it guarantees that the entire connection is protected against eavesdropping (SSL/TLS encrypts the rest of the connection), while disable_plaintext_auth=yes only guarantees that the password is protected against eavesdropping (SASL mechanism is encrypted, but no SSL/TLS is necessarily used). Nowadays you most likely should be using SSL/TLS anyway for the entire connection, since the cost of SSL/TLS is cheap enough. Using both SSL/TLS and non-plaintext authentication would be the ideal situation since it protects the plaintext password even against man-in-the-middle attacks.

Note that plaintext authentication is always allowed (and SSL not required) for connections from localhost, as they’re assumed to be secure anyway. This applies to all connections where the local and the remote IP addresses are equal. Also IP ranges specified by login_trusted_networks setting are assumed to be secure.

Source: SSL/DovecotConfiguration – Dovecot Wiki

SSL/DovecotConfiguration – Dovecot Wiki was last modified: March 18th, 2020 by Jovan Stosic