Skip to content

web应用的安全评估工具简介

ibm appscan AppScan 是一个面向 Web 应用安全检测的自动化工具,使用它可以自动化检测 Web 应用的安全漏洞,比如跨站点脚本攻击(Cross Site Scripting Flaws)、注入式攻击(Injection Flaws)、失效的访问控制(Broken Access Control)、缓存溢出问题(Buffer Overflows)等等。这些安全漏洞大多包括在 OWASP(Open Web Application Security Project,开放式 Web 应用程序安全项目)所公布的 Web 应用安全漏洞中

IBM站点可以免费注册,然后下载相应的版本即可. 商业版大约100万台币,没错是一百万台币,折和人民币20W左右 这里说大概近50W左右 http://www.softwarelist.cn/?fsid=56&id=5302&cpath=ABAI IBM Rational AppScan Enterprise Edition 7.7.654安装程序、破解文件及注册机可升级(已测试)分七个部分,请分别下载然后放到同一文件夹中解压

http://download.csdn.net/source/840431 http://download.csdn.net/source/840498 http://download.csdn.net/source/840544 http://download.csdn.net/source/840569 http://download.csdn.net/source/840606 http://download.csdn.net/source/840643 http://download.csdn.net/source/840657

Hp Webinspect HP Application Security Center软件产品能全面分析现在构建于新一代Web 2.0技术之上的复杂web应用。HP Application Security Center软件应用范围广泛,具有快速扫描功能且能提供准确的Web应用扫描结果。 HP的工具出现误报的几率相对较大 商业版好像也要一百万,不知道啥币种 https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-201-200%5e9570_4000_100__

Acunetix Web Vulnerability

通过网络爬虫测试你的网站安全,检测流行的攻击 ,如交叉站点脚本,sql 注入等。在被黑客攻击前扫描购物车,表格、安全区域和其他Web应用程序。 短小精干,同时速度也快,适合入门级的朋友 商业版一万四左右 http://www.lengmo.net/post/1332/

N-Stalker N-Stalker Web Application Security Scanner是N-Stalker公司研发的一个顶级的安全评估工具。通过与知名的N-Stealth HTTP Security Scanner及其35,000个web攻击签名数据库合并,以及正在申请专利的web应用程序安全评估技术组件,N-Stalker能为你的web应用程序彻底消除大量普遍的安全隐患,包括跨站点的脚本和SQL injection,缓冲溢出,篡改参数攻击等等。 商业版一万四左右 http://www.3ddown.com/soft/32913.htm

google ratproxy google 审计 XSS 的开源工具 http://code.google.com/p/ratproxy/ Ratproxy 工作流程:

  1. 运行脚本后,会在本地启动一个代理服务器,默认端口是 8080 ;
  2. 浏览器设置这个地址 (http://localhost:8080)为 代理地址 ;
  3. 浏览要测试的 Web 页面,进行实际登录,填写表单等操作(这些动作会被代理服务器捕捉并做点”手脚”发给待检测的页面),ratproxy 会在后台记录相关的 Log ;
  4. 用 ratproxy 提供的工具解析 Log 并输出 HTML 进行分析;
  5. 修正比较严重的问题后,跳回到第一步,直到评估通过为止。

Posted in 安全, 技术.

Tagged with , .

rev="post-614" 2 comments

By C1G 2009/05/20

使用tcpdump 查看mysql 传输是否安全

不要通过Internet传送明文(未加密的)数据。该信息可以被有足够时间和能力来截取它并用于个人目的的任何人访问。相反,应使用加密协议,例如SSL或SSH。MySQL支持内部SSL连接,例如版本 4.0.0。可以使用SSH端口映射为通信创建加密(并压缩)的隧道。

· 学会使用tcpdump和strings工具。在大多数情况下,你可以使用下面的命令检查是否MySQL数据流未加密:

· shell> tcpdump -l -i eth0 -w – src or dst port 3306 | strings (该命令在Linux中可以工作,在其它系统中经过小小的修改后应可以工作)。 警告:如果你没有看见明文数据,并不一定说明信息实际上被加密了。如果你需要较高级别的安全,你应咨询安全专家。

Posted in Linux 命令, Mysql, 安全, 技术.

Tagged with , , .

rev="post-612" No comments

By C1G 2009/05/19

nagios 检查 mysql服务

nagios_plugin安装时正确关联mysql后会在libexec下产生check_mysql文件

/usr/local/nagios/libexec/check_mysql -h check_mysql v2034 (nagios-plugins 1.4.13) Copyright (c) 1999-2007 Nagios Plugin Development Team This program tests connections to a mysql server Usage: check_mysql [-d database] [-H host] [-P port] [-s socket] [-u user] [-p password] [-S] Options: -h, –help Print detailed help screen -V, –version Print version information -H, –hostname=ADDRESS Host name, IP Address, or unix socket (must be an absolute path) -P, –port=INTEGER Port number (default: 3306) -s, –socket=STRING Use the specified socket (has no effect if -H is used) -d, –database=STRING Check database with indicated name -u, –username=STRING Connect using the indicated username -p, –password=STRING Use the indicated password to authenticate the connection ==> IMPORTANT: THIS FORM OF AUTHENTICATION IS NOT SECURE!!!

创建nagdb空数据库和naguser用户

create database nagemptydb; GRANT select ON nagemptydb.* TO naguser@localhost identified by ‘password123’; FLUSH PRIVILEGES ;

测试check_mysql

sudo -u nagios /usr/local/nagios/libexec/check_mysql -H localhost -u naguser -d nagemptydb -p password123 Uptime: 45850 Threads: 1 Questions: 493233 Slow queries: 0 Opens: 159 Flush tables: 1 Open tables: 153 Queries per second avg: 10.757

修改被子监控机nrpe.cfg增加监控命令 vi /usr/local/nagios/etc/nrpe.cfg

command[check_mysql_status]=/usr/local/nagios/libexec/check_mysql -H localhost -u naguser -d nagemptydb -p ‘password123’

重启被监控机nrpe

ps aux |grep nrpe kill $pid /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d

监控机polo.cfg增加 vi /etc/local/nagios/etc/objects/polo.cfg

define service{ use local-service ; Name of service template to use host_name polo service_description mysql_status check_command check_nrpe!check_mysql_status notifications_enabled 0 }

重载入监控机nagios

service nagios reload

访问http://localhost/nagios的service detail

mysql_status Notifications for this service have been disabled PENDING N/A 0d 0h 0m 35s+ 1/4 Service check scheduled for Tue May 19 15:01:30 CST 2009

等一会

mysql_status Notifications for this service have been disabled OK 05-19-2009 15:01:30 0d 0h 1m 5s 1/4 Uptime: 46758 Threads: 1 Questions: 513579 Slow queries: 0 Opens: 160 Flush tables: 1 Open tables: 154 Queries per second avg: 10.983

Posted in Nagios, 技术.

Tagged with , , .

rev="post-602" 3 comments

By C1G 2009/05/19

tmpwatch 让 /tmp 目录下文件异常丢失

今天服务器上/tmp下的php上传目录upload又没了,不是第一次了,郁闷的很

google下后找到原因,原来是tmpwath干的好事。

cat /etc/cron.daily/tmpwatch tmpwatch 文件内容

/usr/sbin/tmpwatch -x /tmp/.X11-unix -x /tmp/.XIM-unix -x /tmp/.font-unix -x /tmp/.ICE-unix -x /tmp/.Test-unix 240 /tmp /usr/sbin/tmpwatch 720 /var/tmp for d in /var/{cache/man,catman}/{cat?,X11R6/cat?,local/cat?}; do if [ -d “$d” ]; then /usr/sbin/tmpwatch -f 720 $d fi done

系统每天会用tmpwatch命令检查并删除 /tmp 下超过240小时未访问过的文件和目录

tmpwatch简介

功能说明:删除暂存文件。 语  法:tmpwatch [-afqv][–test][超期时间][目录…] 补充说明:执行tmpwatch指令可删除不必要的暂存文件,您可以设置文件超期时间,单位以小时计算。 参  数:  -a或–all  删除任何类型的文件。  -f或–force  强制删除文件或目录,其效果类似rm指令的”-f”参数。  -q或–quiet  不显示指令执行过程。  -v或–verbose  详细显示指令执行过程。  -test  仅作测试,并不真的删除文件或目录。

php.ini中设置

#临时文件的上传目录 upload_tmp_dir = “/tmp/upload” #session 分采用分级目录 session.save_path = “1;/tmp/session” ; 4 bits: 0-9, a-f ; 5 bits: 0-9, a-v ; 6 bits: 0-9, a-z, A-Z, “-“, “,” session.hash_bits_per_character = 4

解决方法 -x 可以排除删除某些目录 -d 可以不删除空目录

/usr/sbin/tmpwatch -x /tmp/.X11-unix -x /tmp/.XIM-unix -x /tmp/.font-unix -x /tmp/.ICE-unix -x /tmp/.Test-unix -x /tmp/session -x /tmp/upload 240 /tmp /usr/sbin/tmpwatch 720 /var/tmp for d in /var/{cache/man,catman}/{cat?,X11R6/cat?,local/cat?}; do if [ -d “$d” ]; then /usr/sbin/tmpwatch -f 720 $d fi done

参考: http://haka.sharera.com/blog/BlogTopic/21687.htm

http://linux.chinaunix.net/bbs/archiver/?tid-979112.html

Posted in Linux 命令, PHP, 技术.

Tagged with .

rev="post-600" 3 comments

By C1G 2009/05/15

as4 升级默认python-2.3.4-14.4到2.6.2

RHEL 4 自带的Python有点旧了,为python-2.3.4-14.4版本的,所以决定升级到最新版本2.6.2。

rpm -qa |grep python

gnome-python2-2.6.0-3 mod_python-3.1.3-5 python-devel-2.3.4-14 libxml2-python-2.6.16-6 rpm-python-4.3.3-7_nonptl gnome-python2-bonobo-2.6.0-3 dbus-python-0.22-11.EL python-ldap-2.0.1-2 python-2.3.4-14 gnome-python2-canvas-2.6.0-3 MySQL-python-1.0.0-1.RHEL4.1

如果用

rpm -e python-2.3.4-14.4

是删除不了的,因为有程序依赖性的问题。

  1. 下载最新源代码包
wget http://www.python.org/ftp/python/2.6.2/Python-2.6.2.tar.bz2 tar jxvf Python-2.6.2.tar.bz2 cd Python-2.6.2
  1. 安装 (原始目录为/usr,以前的ptyhon可能有依赖关系,安装在新目录)
./configure –prefix=/usr/local make make install
  1. 创建链接
mv /usr/bin/python /usr/bin/python_bak (保存原来的版本) ln -s /usr/local/bin/python /usr/bin
  1. 测试效果
python

Python 2.6.2 (r262:71600, May 13 2009, 14:52:27) [GCC 3.4.6 20060404 (Red Hat 3.4.6-9)] on linux2 Type “help”, “copyright”, “credits” or “license” for more information.

参考: http://bbs2.chinaunix.net/archiver/tid-1266412.html

Posted in linux 维护优化, 技术.

Tagged with .

rev="post-588" 4 comments

By C1G 2009/05/13

Nagios 通过snmp检查网卡流量

google一下snmp的漏洞,避免下载到未打补丁的版本

Net-SNMP远程绕过认证漏洞 受影响系统: Net-SNMP net-snmp 5.4.x Net-SNMP net-snmp 5.3.x Net-SNMP net-snmp 5.2.x

不受影响系统: Net-SNMP net-snmp 5.4.1.1 Net-SNMP net-snmp 5.3.2.1 Net-SNMP net-snmp 5.2.4.1

检查有无安装snmp

rpm -qa|grep snmp

下载net-snmp http://www.net-snmp.org/download.html http://nchc.dl.sourceforge.net/sourceforge/net-snmp/net-snmp-5.4.2.1-1.f9.i386.rpm http://nchc.dl.sourceforge.net/sourceforge/net-snmp/net-snmp-devel-5.4.2.1-1.f9.i386.rpm http://nchc.dl.sourceforge.net/sourceforge/net-snmp/net-snmp-perlmods-5.4.2.1-1.f9.i386.rpm

安装snmp

rpm -ivh net-snmp-*.rpm

error: Failed dependencies: libc.so.6(GLIBC_2.4) is needed by net-snmp-5.4.2.1-1.i386 libc.so.6(GLIBC_2.7) is needed by net-snmp-5.4.2.1-1.i386 librpm-4.4.so is needed by net-snmp-5.4.2.1-1.i386 librpmio-4.4.so is needed by net-snmp-5.4.2.1-1.i386

检查glib版本

rpm -qa | grep glibc

glibc-2.3.4-2 glibc-common-2.3.4-2 glibc-kernheaders-2.4-9.1.87 glibc-devel-2.3.4-2 glibc-headers-2.3.4-2

glibc升级风险比较大,改用soure编译

先安装beecrypt

wget http://downloads.sourceforge.net/beecrypt/beecrypt-4.1.2.tar.gz tar zxvf beecrypt-4.1.2.tar.gz cd beecrypt-4.1.2 ./configure –prefix=/usr make

_bc-py.c:8:20: Python.h: No such file or directory

rpm -qa|grep python

rpm-python-4.3.3-18_nonptl gnome-python2-bonobo-2.6.0-3 python-2.3.4-14.2 libxml2-python-2.6.16-6 python-elementtree-1.2.6-4.2.1 python-sqlite-1.1.7-1.2 gnome-python2-2.6.0-3 gnome-python2-canvas-2.6.0-3 mod_python-3.1.3-5.1 dbus-python-0.22-12.EL.7 MySQL-python-1.0.0-1.RHEL4.1 python-urlgrabber-2.9.8-2

没有python-devel,升级下python https://blog.c1gstudio.com/archives/588

重新make make make install

更新动态库

ldconfig -v ln -s /lib/libelf.so.1 /usr/lib/libelf.so

安装net-snmp

wget http://nchc.dl.sourceforge.net/sourceforge/net-snmp/net-snmp-5.4.2.1.tar.gz tar zxvf net-snmp-5.4.2.1.tar.gz cd net-snmp-5.4.2.1 ./configure -enable-mfd-rewrites -with-default-snmp-version=”2″ -with-sys-contact=”admin” -with-sys-location=”China” -with-logfile=”/var/log/snmpd.log” -with-persistent-directory=”/var/net-snmp”

编译的输出

SNMP Versions Supported: 1 2c 3 Net-SNMP Version: 5.4.2.1 Building for: linux Network transport support: Callback Unix TCP UDP SNMPv3 Security Modules: usm Agent MIB code: default_modules => snmpv3mibs mibII ucd_snmp notification notification-log-mib target agent_mibs agentx disman/event disman/schedule utilities host Embedded Perl support: enabled SNMP Perl modules: building — embeddable SNMP Python modules: disabled Authentication support: MD5 SHA1 Encryption support: DES AES make

安装出错

grep: /usr/lib/libbeecrypt.la: No such file or directory /bin/sed: can’t read /usr/lib/libbeecrypt.la: No such file or directory libtool: link: `/usr/lib/libbeecrypt.la’ is not a valid libtool archive #请安装beecrypt /usr/bin/ld: cannot find -lelf collect2: ld returned 1 exit status #ln -s libelf.so.1 /usr/lib/libelf.so make install ldconfig -v

community string 网络设备在使用SNMP中都设有community string,它类似于简单的口令验证机制,用来确认是否具有可读或读写的权限。许多用户在购买设备以来,从未修改系统缺省的community string,因此非授权用户使用缺省口令就可以对重要的系统信息、设备的状态等进行修改。 将”COMMUNITY”字段改为你要设置的密码.比如”public”或privatepass. 将“localhost”改为你想哪台机器可以看到你的snmp信息,如localhost或10.10.10.10。

SNMP的版本 在SNMP协议得益于重大升级,因为在1988年推出。 不幸的是,很大比例的网络内容供应商,甚至一些网络管理系统厂商都没有利用这些改进。 许多网络元素只支持SNMPv1和SNMPv2c 。 支持SNMPv3的是最小的。 版本 描述 SNMPv1 SNMPv1 ,其中实施以社区为基础的安全 SNMPv2c SNMPv2以社区为基础的安全 SNMPv2u SNMPv2与基于用户的安全 SNMPv2 SNMPv2党为基础的安全 SNMPv3安全机制 SNMPv3安全机制,而实现基于用户的安全

配置snmp

mkdir /usr/local/etc/snmp cp EXAMPLE.conf /usr/local/etc/snmp/snmpd.conf vi usr/local/etc/snmp/snmpd.conf # sec.name source community com2sec local localhost privatepass #com2sec mynetwork NETWORK/24 public #### # Second, map the security names into group names: # sec.model sec.name #group MyRWGroup v1 local #group MyRWGroup v2c local #group MyRWGroup usm local #group MyROGroup v1 mynetwork #group MyROGroup v2c mynetwork #group MyROGroup usm mynetwork group MyROGroup v1 local group MyROGroup v2c local #### # Third, create a view for us to let the groups have rights to: # incl/excl subtree mask #view all included .1 80 view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc #### # Finally, grant the 2 groups access to the 1 view with different # write permissions: # context sec.model sec.level match read write notif access MyROGroup “” any noauth exact mib2 none none #access MyRWGroup “” any noauth exact all all none

 

#启动 /usr/local/sbin/snmpd #加入启动 echo ‘/usr/local/sbin/snmpd’ >> /etc/rc.local #查看161端口是否开启 netstat -ano|grep 161 #测试 snmpwalk -v 1 -c privatepass localhost system

SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 2.6.9-5.ELsmp #1 SMP Wed Jan 5 19:30:39 EST 2005 i686 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2612) 0:00:26.12 SNMPv2-MIB::sysContact.0 = STRING: Me SNMPv2-MIB::sysName.0 = STRING: localhost.localdomain SNMPv2-MIB::sysLocation.0 = STRING: Right here, right now. SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORID.1 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance SNMPv2-MIB::sysORID.2 = OID: SNMP-MPD-MIB::snmpMPDCompliance SNMPv2-MIB::sysORID.3 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance SNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIB SNMPv2-MIB::sysORID.5 = OID: TCP-MIB::tcpMIB SNMPv2-MIB::sysORID.6 = OID: IP-MIB::ip SNMPv2-MIB::sysORID.7 = OID: UDP-MIB::udpMIB SNMPv2-MIB::sysORID.8 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup SNMPv2-MIB::sysORDescr.1 = STRING: The SNMP Management Architecture MIB. SNMPv2-MIB::sysORDescr.2 = STRING: The MIB for Message Processing and Dispatching. SNMPv2-MIB::sysORDescr.3 = STRING: The management information definitions for the SNMP User-based Security Model. SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for SNMPv2 entities SNMPv2-MIB::sysORDescr.5 = STRING: The MIB module for managing TCP implementations SNMPv2-MIB::sysORDescr.6 = STRING: The MIB module for managing IP and ICMP implementations SNMPv2-MIB::sysORDescr.7 = STRING: The MIB module for managing UDP implementations SNMPv2-MIB::sysORDescr.8 = STRING: View-based Access Control Model for SNMP. SNMPv2-MIB::sysORUpTime.1 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.2 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.3 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.4 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.5 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.6 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.7 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.8 = Timeticks: (0) 0:00:00.00

snmp安装完毕

安装check_traffic脚本 下载check_traffic_v1.1.6.zip脚本 http://www.itnms.net/discuz/viewthread.php?tid=767&extra=pageD1&page=1 上传./check_traffic.sh 至/usr/local/nagios/libexec

cd /usr/local/nagios/libexec/ chown nagios:nagios ./check_traffic.sh chmod 755 ./check_traffic.sh

用 -L选项列出对应主机所有的interface,来确定你要监控的网络接口(如果能你确认接口的index值,这一步可以省略)。 通过输出,我们确认要监控的网络接口为4,对应为”Macronix MX98715-Based Ethernet Adapter (Generic) – 数据包计划程序微型端口”

./check_traffic.sh -V 2c -C privatepass -H localhost -L

List Interface for host localhost. Interface index 1 orresponding to lo Interface index 2 orresponding to eth0 Interface index 3 orresponding to eth1 Interface index 4 orresponding to sit0

按照说明,选择版本为2c(一般选择1或者2c),community为privatepass,interface为2,单位为KB/s,in流量对应warning/critical值为200/400,out流量对应warning/critical值为300/500.

sudo -u nagios ./check_traffic.sh -V 2c -C privatepass -H localhost -I 2 -w12,30 -c15,50 -K -b

Can not found data in the history data file. If it’s the first time for this plugins, that’s OK. Otherwise,please use debug mode and check the debug file.

第一次执行,因为history data file不存在,因此会由此提示,可以忽略。 如果每次执行都忽略,则要检查/var/tmp下是否有/var/tmp/checktraffic${Host}_${Interface}.hist_dat文件生成。 文件的内容是系统当前的时间,in及out当前的数值。

nagios监控本机的配置 修改/usr/local/nagios/etc/objects/commands.cfg,增下以下内容

define command{ command_name check_traffic_nv command_line $USER1$/check_traffic.sh -V 2c -C privatepass -H localhost -I $ARG1$ -w $ARG2$ -c $ARG3$ -M -b }

修改/usr/local/nagios/etc/objects/localhost.cfg,增下以下内容

define service{ use local-service,srv-pnp ; Name of service template to use host_name nagios service_description check_nv_traffic_eth0 check_command check_traffic_nv!2!12,30!15,35 notifications_enabled 0 normal_check_interval 5 ;5分钟 retry_interval 1 ;1分钟 }

  nagios监控远程机的配置

修改/usr/local/nagios/etc/objects/remotehost.cfg,增下以下内容

define service{ use local-service,srv-pnp ; Name of service template to use host_name nagios service_description check_nv_traffic_eth0 check_command check_nrpe!check_traffic_nv notifications_enabled 0 normal_check_interval 5 ;5分钟 retry_interval 1 ;1分钟 }

修改/usr/local/nagios/etc/nrpe.cfg增加以下内容

command[check_traffic_nv]=/usr/local/nagios/libexec/check_traffic_nv.sh -V 2c -C privatepass -H localhost -I 2 -w 12,30 -c 15,35 -M -b

访问http://localhost/nagios 点击Service Detail 点击check_nv_traffic_eth0服务旁的小太阳 等5分钟后就可以看到图表

which: no snmpwalk in (/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin) 如果check_nv_traffic_eth0服务报找不到snmpwalk.

ln -s /usr/local/bin/snmpwalk /usr/bin/snmpwalk

有时我作的软链接会丢失,挺奇怪的。。。

===================== 2014-09-24更新 固定网卡顺序 https://blog.c1gstudio.com/archives/1703

Posted in Nagios, 技术.

Tagged with , , .

rev="post-579" 6 comments

By C1G 2009/05/12

查看Linux系统版本

这个命令适用于所有的linux,包括Redhat、SuSE、Debian等发行版

lsb_release -a

LSB Version: 1.3 Distributor ID: RedHatEnterpriseAS Description: Red Hat Enterprise Linux AS release 4 (Nahant) Release: 4 Codename: Nahant

cat /etc/redhat-release

Red Hat Enterprise Linux AS release 4 (Nahant)

rpm -q redhat-release

redhat-release-4AS-2

cat /proc/version

Linux version 2.6.9-5.EL ([email protected]) (gcc version 3.4.3 20041212 (Red Hat 3.4.3-9.EL4)) #1 Wed Jan 5 19:22:18 EST 2005

cat /etc/issue

Red Hat Enterprise Linux AS release 4 (Nahant) Kernel \r on an \m

Posted in Linux 命令, 技术.

Tagged with , .

rev="post-574" No comments

By C1G 2009/05/11

Nagios NRPE监控远程主机

参考:http://space.itpub.net/228190/viewspace-578408

示意图:

http://www.nagios.org/images/addons/nrpe/nrpe.png

监控机安装NRPE

wget http://nchc.dl.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz tar zxvf nrpe-2.12.tar.gz cd nrpe-2.12 ./configure –prefix=/usr/local/nagios make all make install-plugin #监控机只需安装到这步

被监控机添加用户

groupadd nagios useradd -g nagios -d /usr/local/nagios -s /sbin/nologin nagios

被监控机安装plugin

wget http://nchc.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.13.tar.gz tar zxf nagios-plugins-1.4.13.tar.gz cd nagios-plugins-1.4.13 ./configure –with-nagios-user=nagios –with-nagios-group=nagios –prefix=/usr/local/nagios –with-ping-command=”/bin/ping” –with-mysql=/opt/mysql make make install #查看播件文件是否已安装在这个目录 ls /usr/local/nagios/libexec

被监控机安装NRPE

wget http://nchc.dl.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz tar zxvf nrpe-2.12.tar.gz cd nrpe-2.12 ./configure –prefix=/usr/local/nagios make all make install-plugin make install-daemon make install-daemon-config chown -R nagios:nagios /usr/local/nagios

配置 NRPE:

vi /usr/local/nagios/etc/nrpe.cfg allowed_hosts=127.0.0.1,192.168.1.91 #Nagios监控机的地址或域名

修改/etc/hosts.allow增加监控机ip

echo ‘nrpe:192.168.1.91’ >> /etc/hosts.allow

启动 NRPE 守护进程:

/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d

可以将此命令加入 /etc/rc.local ,以便开机自动启动。

echo “/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d” >> /etc/rc.local

检查 NRPE 是否正常: 在被监控机上

/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1

查看相应的端口:netstat -an |grep 5666 防火墙开启5666 允许局域网IP或固定IP连接

在监控主机上

/usr/local/nagios/libexec/check_nrpe -H $目标主机地址

都应该可以输出 NRPE 的版本: NRPE v2.12

检查可监控的服务 在被监控端的 nrpe.cfg 文件中,可以看到这样的配置: command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20 这是用来检查 CPU 负载的。

如果需要自定参数则使用下面命令 command[check_load]=/usr/local/nagios/libexec/check_load -w $ARG1$ -c $ARG2$ 并开启dont_blame_nrpe =1 开启参数将会带来一定的安全风险

被监控机重启nrpe

ps aux|grep nrpe kill $pid /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d

监控机设置 在监控机commands.cfg 添加nrpe的定义

# ‘check_nrpe ‘ command definition define command{ command_name check_nrpe command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ }

增加hostA.cfg 在/usr/local/nagios/etc/objects/ 目录下新建文件:hostA.cfg 把A.cfg添加到nagios主机: echo “cfg_file=/usr/local/nagios/etc/objects/hostA.cfg” >> /usr/local/nagios/etc/nagios.cfg 如果要再添加B机器方法炮制就可以了

hostA.cfg

define host{ use generic-server host_name A alias A address A 的IP } define service{ use generic-service host_name A service_description load check_command check_nrpe!check_load #使用自定参数 #check_command check_nrpe!check_load!6.0,5.0,4.0!15.0,8.0,6.0 }

重启监控机nagios

service nagios reload

访问http://localhost/nagios就可以看到新增的机器了

如何修改nrpe端口 被监控机nrpe.cfg修改server_port为15666 /usr/local/nagios/libexec/check_nrpe -p 15666 -H 127.0.0.1

server_port=15666

重启nrpe

监控机commands.cfg增加-p 15666

define command{ command_name check_nrpe command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 15666 -c $ARG1$ }

重启nagios就可以了

Connection refused or timed out 检查nrpe 端口 检查nrpe.cfg中allowed_hosts是否包含监控机ip地址 检查/etc/hosts.allow文件中监控机ip地址nrpe:192.168.1.91 检查iptables

开放5666端口

iptables -L iptables -A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 5666 -j ACCEPT #注意顺序 iptables -L service iptables save service iptables restart

NRPE: Unable to read output 1.检查客户端nrpe的权限是否可读,可被nagios执行。 2.检查nrpe.cfg里面commands命令路径是否正确。

CHECK_NRPE: Error – Could not complete SSL handshake. 1.查看防火墙 2.nrpe.cfg中授权ip 3./etc/hosts.allow中授权ip

Posted in Nagios, 技术.

Tagged with , .

rev="post-559" 3 comments

By C1G 2009/05/07

Nagios 使用sendEmail 发送邮件

http://yahoon.blog.51cto.com/13184/49722

wget http://caspian.dotconf.net/menu/Software/SendEmail/sendEmail-v1.55.tar.gz tar –zxvf sendEmail-v1.55.tar.gz cd sendEmail-v1.55 cp sendEmail /usr/local/bin chmod 0755 /usr/local/bin/sendEmail /usr/local/bin/sendEmail –f [email protected]–t [email protected] –s mail.test.com –u “from nagios” –xu nagios –xp 123456–m nagios test

解释: -f 表示发送者的邮箱 -t 表示接收者的邮箱 -s 表示SMTP服务器的域名或者ip -u 表示邮件的主题 -xu 表示SMTP验证的用户名 -xp 表示SMTP验证的密码(注意,这个密码貌似有限制,例如我用d!5neyland就不能被正确识别) -m 表示邮件的内容

修改commands.cfg

# ‘notify-by-email’ command definition define command{ command_name notify-by-email command_line /usr/bin/printf “%b” “***** Nagios 2.9 *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$” | /usr/local/bin/sendEmail -f [email protected] -t $CONTACTEMAIL$ -s mail.test.com -u “** $NOTIFICATIONTYPE$ alert – $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **” -xu nagios -xp 123456 }

Posted in Nagios, 技术.

Tagged with , .

rev="post-555" 1 comment

By C1G 2009/05/05

nagios 3.X 安装 pnp 增加绘图功能

参考: http://www.pnp4nagios.org/pnp/start http://www.pnp4nagios.org/pnp/install

Required Software Perl >= 5.x without additional modules RRDtool >= 1.x, better 1.2 but not compulsory Attention: installing RRDtool without a packet manager might lead to missing dejavu fonts. If you see graphs without text then this may be the cause. PHP >= 4.3.8 for Webfrontend PHP-extension zlib and GD. Nagios 2.x oder higher

rrdtool安装参考 https://blog.c1gstudio.com/archives/459 nagios安装参考 https://blog.c1gstudio.com/archives/545

安装pnp

wget http://nchc.dl.sourceforge.net/sourceforge/pnp4nagios/pnp-0.4.14.tar.gz tar -xvzf pnp-0.4.14.tar.gz cd pnp-0.4.14 ./configure checking for rrdtool… no checking rrdtool path … no configure: error: is a directory! PNP needs the Path to the rrdtool binary! export PKG_CONFIG_PATH=/usr/local/rrdtool/lib/pkgconfig export PKG_CONFIG=/usr/local/rrdtool/bin/pkg-config export PATH=/usr/local/rrdtool/bin:$PATH *** Configuration summary for pnp 0.4.14 05-02-2009 *** General Options: ————————- ——————- Nagios user/group: nagios nagios Install directory: /usr/local/nagios HTML Dir: /usr/local/nagios/share/pnp Config Dir: /usr/local/nagios/etc/pnp Location of rrdtool binary: /usr/local/rrdtool/bin/rrdtool Version 1.3.7 RRDs Perl Modules: *** NOT FOUND *** RRD Files stored in: /usr/local/nagios/share/perfdata process_perfdata.pl Logfile: /usr/local/nagios/var/perfdata.log Perfdata files (NPCD) stored in: /usr/local/nagios/var/spool/perfdata/ Review the options above for accuracy. If they look okay, type ‘make all’ to compile. WARNING: The RRDs Perl Modules are not found on your System Using RRDs will speedup things in larger Installtions. make all make install make install-config make install-init

process_perfdata.pl 安装在 /usr/local/nagios/share/ 配置示例文件安装在/usr/local/nagios/libexecs config.php安装于/usr/local/nagios/etc/pnp

修改配置文件

cp /usr/local/nagios/etc/pnp/process_perf data.cfg-sample /usr/local/nagios/etc/pnp/process_perfdata.cfg vi /usr/local/nagios/etc/pnp/process_perfdata.cfg LOG_FILE = /usr/local/nagios/var/perfdata.log # # Loglevel 0=silent 1=normal 2=debug # LOG_LEVEL = 2 #先改为2

在界面上加上小太阳 参考:http://www.pnp4nagios.org/pnp/webfe

修改etc/objects/templates.cfg增加新命令

define host { name host-pnp register 0 action_url /nagios/pnp/index.php?host=$HOSTNAME$ process_perf_data 1 } define service { name srv-pnp register 0 action_url /nagios/pnp/index.php?host=$HOSTNAME$&srv=$SERVICEDESC$ process_perf_data 1 }

修改etc/objects/localhost.cfg增加相应命令

define host{ use linux-server,host-pnp ; Name of host templates to use ; This host definition will inherit all variables that are defined ; in (or inherited by) the linux-server host template definition. host_name localhost alias localhost address 127.0.0.1 } define service{ use local-service,srv-pnp ; Name of service template to use host_name localhost service_description PING check_command check_ping!100.0,20%!500.0,60% }

修改etc/nagios.cfg 找到如下几项,去掉注释

process_performance_data=1 host_perfdata_command=process-host-perfdata service_perfdata_command=process-service-perfdata

修改commands.cfg

# ‘process-host-perfdata’ command definition define command{ command_name process-host-perfdata #command_line /usr/bin/printf “%b” “$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n” >> /usr/local/nagios/var/host-perfdata.out command_line /usr/bin/perl /usr/local/nagios/libexec/process_perfdata.pl -d HOSTPERFDATA } # ‘process-service-perfdata’ command definition define command{ command_name process-service-perfdata #command_line /usr/bin/printf “%b” “$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n” >> /usr/local/nagios/var/service-perfdata.out command_line /usr/bin/perl /usr/local/nagios/libexec/process_perfdata.pl }

修改pnp的web服务器配置文件nginx.conf,请注意安全问题,我这里未做安全验证。

location /pnp/ { root /usr/local/nagios/share/; location ~ .*\.php?$ { #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; } }

如果开启了open_basedir还需修改php.ini

open_basedir = “/opt/htdoc:/opt/php/lib/php:/tmp/session:/tmp/upload:/usr/local/nagios/share/pnp:/usr/local/nagios/etc/pnp:/usr/local/nagios/share/perfdata:/usr/local/rrdtool/bin/rrdtool”

重新加载配置文件

service nagios reload /bin/kill -HUP `cat /dev/shm/nginx.pid`

http://localhost/nagios 点击小太阳就可以看到图表了

Posted in Nagios, 技术.

Tagged with , .

rev="post-552" 2 comments

By C1G 2009/05/04