Geek.Like.Todd

Setting up Zabbix Part 1 – Setting up the Server. —

Whats Zabbix? It’s an open source monitoring platform. I’m going to walk through installing the 3.0 LTS version, and then adding some objects into monitoring. 

I’m going to be installing it on CentOS 7 64bit, in a lab which has a Open source Zimbra Mail Server and some Cisco Switches I wish to monitor via SNMP. 

I generally disable the software firewall and selinux on Centos. I’m not saying those aren’t important, but I’m behind a firewall in a lab. 

πŸ˜€

Step 1 – Install Centos 7 on a VM, disable SE Linux, disable firewalld, and install openssh server. (I may include Links here to help you if you are unfamiliar with how to do those things.)

Step 2 – Install MySQL (You can also use PostgreSQL if you wish)
To accomplish this you need irst need to install MySQL by downloading it’s repository by logging in as root or sudo and typing:

root@localhost:$ rpm -ivh http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm

Then update your repos with:

root@localhost:$ yum update

And finally installing MySQL with:

root@localhost:$ yum install mysql-server

We also need to start MySql

root@localhost:$ systemctl start mysqld

Step 3 – Install Zabbix.
We need to install the repo for Zabbix As root or sudo type:

root@localhost:$ rpm -ivh http://repo.zabbix.com/zabbix/3.0/rhel/7/x86_64/zabbix-release-3.0-1.el7.noarch.rpm

We need to again perform a:

root@localhost:$ yum update

and now we can install the packages for zabbix

root@localhost:$ yum install zabbix-server-mysql zabbix-web-mysql

Step 4 – Harden MySQL
By defualt MySQL is installed with no password in this method. This deletes some uneeded databases, users and will allow you to set an initial mysql root password.

root@localhost:$ mysql_secure_installation

If you are unfamiliar with mysql, it’s a great way to learn SQL in general, but not as robust as many of the platforms you can use. Also if you have ever heard of mariadb, they are the same, but built by different teams. If you want to use that instead here you should be able to.

Step 5 – Install the initial DB for Zabbix.
login to mysql with it’s root password with:

root@localhost:$ mysql -u root -p

you will be prompted for the MySQL root password.
You will now be at a mysql> shell prompt, using this you will use the following to create a database, and a user for that database.

root@localhost:$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 464
Server version: 5.6.35 MySQL Community Server (GPL)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database zabbix character set utf8 collate utf8_bin;
mysql> grant all privileges on zabbix.* to zabbix@localhost identified by 'zabbix';
mysql> quit;

This creates a user called zabbix, with a password zabbix (you maybe could change the identified by ” to another value. πŸ˜€ )
Use this command to import the zabbix schema into your new database, you will be prompted for whatever you set the zabbix user’s password to.

root@localhost:$ zcat /usr/share/doc/zabbix-server-mysql-3.0.*/create.sql.gz | mysql -uzabbix -p

Step 6 – Edit the config file for Zabbix.

root@localhost:$ vi /etc/zabbix/zabbix_server.conf

These values need to be set:
DBHost=localhost
DBName=zabbix
DBUser=zabbix
DBPassword=zabbix

Step 7 – Set your Timezone in the PHP config for Zabbix
edit this file.

root@localhost:$ vi /etc/httpd/conf.d/zabbix.conf

and place your time zone from here
to the line
php_value date.timezone America/New_York
I had to also uncomment this line.

Step 8 – Start the Server!

root@localhost:$ systemctl start httpd
root@localhost:$ /sbin/zabbix_server

Step 9 Open a browser and point it to your URL.
This listens on port 80, not https.
http://yourservername/zabbix/

Step 10 Walk thru the install, you will be asked to put in the zabbix DB password you set earlier.

[ngg_images source=”galleries” container_ids=”14″ display_type=”photocrati-nextgen_basic_slideshow” gallery_width=”640″ gallery_height=”480″ cycle_effect=”fade” cycle_interval=”10″ show_thumbnail_link=”1″ thumbnail_link_text=”[Show picture list]” order_by=”sortorder” order_direction=”ASC” returns=”included” maximum_entity_count=”500″]Step 11 Login. 

The default user name is Admin (the A is upper case.) and the password is zabbix 

Step 12 Change the password!

In the upper right hand corner you will see a user icon. 
You can use this to set your user preferences and password.

In Part 2 I’ll set up some server monitoring πŸ˜€ 


Rogue One – A Star Wars Story —

Hello fellow nerds!, Yeah it’s been a year or better since I’ve posted.
Last December we got a new Star Wars Movie, and the optimism was super high for it, and we weren’t too dissapointed in my opinion. According to BoxOfficeMojo, it’s made 2 Billion worldwide.

Fast forward to now, and we just saw our first standalone Star Wars movie.

 

Going in I didn’t know what to expect, I had commented on what we knew, it was the story of how the Rebellion acquired the plans to destroy the death star in Episode 4… What? you don’t remember that part? Here let me remind you..

It’s all spelled out on the crawl in Star Wars Episode IV (from 1977)

Well there you go.. at first blush I thought this might be a weird.. Oceans 11 style Star Wars-ish heist movie. I would have been ok with that. 

What we got, I feel at least, was better. We got a story that had a natural flow, it had good characters, and it ended just like I needed it to.

I felt like it stood well on it’s own, and the battle scenes where pretty intense. Like the rest of the Star Wars franchise it’s fast paced, as you follow a group of people through a series of connected events that all kind of work out for our rebel heroes.

Now.. to help me be freeee in my post.. and somehow.. because you *might* live on the moon.. or maybe NOT have already seen this movie and be a fan.. I’ve included a spoiler function! It looks blurry like this! If you click on the blurry it will become LESS Blurry. 

YOU’VE BEEN WARNED! SO DON’T COMPLAIN.

The basic plot of the movie:

Our story follows Jyn Erso who is put into a position to discover that her father who works for the Empire and had designed the Death Star, had in fact betrayed them and put a flaw in it’s design. She and a team of Rebels and a few other Scruffy Nerf herders, move along the plot in standard Star Wars fashion from planet to planet until they end up trying to infiltrate the Imperial Base that Jyn’s father told her would hold the plans to the Death Star to prove her father wasn’t all that bad a guy, and also save the galaxy from the Empire. They run from a CGI Moff Tarkin and new bad guy Orson Krennic (who killed Jyn’s mother, and forced her father to design the Death Star) and eventually succeed in infiltrating a facility where the plans are held and are able to transmit them to the rebels who have come to their aid, but then our heroes die as the Empire fires the Death Star. Just before the credits roll you see a CGI Princess Leah running with plans in hand from Vader just before episode IV.

Plot Points I really liked:

The ending:

Everyone Dies. I wasn’t looking for a good ending, I just needed it to line up and knowing that people really die in real situations like this made it feel real. I really am loving this new Disney owned Lucasfilm. I will continue to watch these as long as they stay interesting.

Characters I really liked:

This isn’t a spoiler.. so I’m not hiding this..

The fucking Robot. K-2SO was the best in this movie. K-2SO is a reprogrammed Imperial Combat Droid.  

The “I’m forced to say these things, but if given the chance I will murder you” attitude was great. 

I was also looking forward to this guy because he’s played by this guy:

You might remember Alan Tudyk from playing Wash on Firefly. He dies in this too and it will always be too soon.

Rebel Scum!

Some of the Rebel pilots you see were actually from footage made in Episode IV. I thought that was a nice touch.

They could have done better with?

Vader. More Vader would have been welcome. I loved that James Earl Jones reprised his role on the voice.. but I didn’t like the sprinkling of Vader that we got in this movie. I’d have preferred we got to see Vader hunt this crew rather than see Krennic do it, even though it does feel nice that kill the bad guy in the end. Rebels tie-ins. I needed some Ashoka or the Rebels crew.. or the Ghost. If any of that was in there in the background I certainly missed it.

That CGI tho.

Moff Tarkin and a Young Leah are represented in CGI, it’s good, but not great, still I am on the fence on whether new actors would have had the same effect seeing as we are getting a new actor for the Han Solo movie.

So I am giving this a 4 out of 5

Rotten tomatoes currently gives it an 84% which is about right. I think everyone should see it, but only if they like Star Wars. 


Simple Cisco NAT Concepts – Nat Pools and Static Nat —

I thought I’d go over these two concepts really quickly.

NAT Pools – When you are overloading a single IP, the truth is that you are using the ports available on that IP to send and recieve traffic and that’s translating to IP’s on the inside.

Once you have even a few pc’s you can see from the translation table that many many ports are used, and while these connections tend to get torn down quickly, it’s still quite possible to run out. It really just depends on how many active clients you have to nat.

To overcome this, you can create a pool of external IP’s to overload. The router will simply move to the next IP when the first has too many ports full.

Lets use the same lab as our last NAT example.Β NATLAB01

Router0 is using 128.128.129.2 as it’s interface. It’s gateway is 128.128.129.1, which is on Router1.

If we are using that same lab.. we need to remove the nat command we issued earlier.

WORKRTR(config)#noΒ ip nat inside source list INSIDE_NAT_ADDRESSES interface GigabitEthernet0/1 overload

if you have active connections you will be asked to kill those connections, and nat will of course.. stop.

to nat overload, first we need to create a nat pool.Β In this example, I want to make ip’s 128.128.129.50 thru 128.128.129.100 available in my pool.

WORKRTR(config)#ip nat pool OUTSIDE_PUBLIC 128.128.129.50 128.128.129.100 netmask 255.255.255.0

and now we simply create our nat using the same ACL we made in our last example.

WORKRTR(config)#ip nat inside source list INSIDE_NAT_ADDRESSES pool OUTSIDE_PUBLIC overload

We can now see in in the translations tables the nats being created.

WORKRTR#sho ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 128.128.129.50:102410.0.0.101:7 128.128.128.10:7 128.128.128.10:1024
icmp 128.128.129.50:102510.0.0.101:8 128.128.128.10:8 128.128.128.10:1025
icmp 128.128.129.50:102610.0.0.101:9 128.128.128.10:9 128.128.128.10:1026
icmp 128.128.129.50:102710.0.0.101:10 128.128.128.10:10 128.128.128.10:1027
icmp 128.128.129.50:102810.0.0.101:11 128.128.128.10:11 128.128.128.10:1028
icmp 128.128.129.50:102910.0.0.101:12 128.128.128.10:12 128.128.128.10:1029
icmp 128.128.129.50:103010.0.0.101:13 128.128.128.10:13 128.128.128.10:1030
icmp 128.128.129.50:103110.0.0.101:14 128.128.128.10:14 128.128.128.10:1031
icmp 128.128.129.50:103210.0.0.101:15 128.128.128.10:15 128.128.128.10:1032
icmp 128.128.129.50:103310.0.0.101:16 128.128.128.10:16 128.128.128.10:1033
icmp 128.128.129.50:103410.0.0.101:17 128.128.128.10:17 128.128.128.10:1034
icmp 128.128.129.50:103510.0.0.101:18 128.128.128.10:18 128.128.128.10:1035
icmp 128.128.129.50:103610.0.0.101:19 128.128.128.10:19 128.128.128.10:1036
icmp 128.128.129.50:103710.0.0.101:20 128.128.128.10:20 128.128.128.10:1037
icmp 128.128.129.50:103810.0.0.101:21 128.128.128.10:21 128.128.128.10:1038
icmp 128.128.129.50:103910.0.0.101:22 128.128.128.10:22 128.128.128.10:1039
icmp 128.128.129.50:104010.0.0.101:23 128.128.128.10:23 128.128.128.10:1040
icmp 128.128.129.50:104110.0.0.101:24 128.128.128.10:24 128.128.128.10:1041
icmp 128.128.129.50:104210.0.0.101:25 128.128.128.10:25 128.128.128.10:1042
icmp 128.128.129.50:104310.0.0.101:26 128.128.128.10:26 128.128.128.10:1043

I can’t really create the traffic in my lab to make this jump to the next IP however πŸ˜€

Static Nat

This is also really useful to you, if you have an IP that it’s internal and you want to map that IP completley 1 to 1 to another ip on the other side of the router (publicly, for example) you may follow the next example to accomplish this.

In our diagram you see on the Inside a Server which is IP 10.0.0.254 and we want to make this server publicly available as 128.128.129.254. On our router we as seen before specify on the interface which is inside and which is outside. And then we pass the following command:

WORKRTR(config)#ip nat inside source static 10.0.0.254 128.128.129.254

Now on our other server on the outside we can test access via ping.

SERVER>ping 128.128.129.254

Pinging 128.128.129.254 with 32 bytes of data:

Reply from 128.128.129.254: bytes=32 time=1ms TTL=126
Reply from 128.128.129.254: bytes=32 time=0ms TTL=126
Reply from 128.128.129.254: bytes=32 time=11ms TTL=126
Reply from 128.128.129.254: bytes=32 time=12ms TTL=126

Ping statistics for 128.128.129.254:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 12ms, Average = 6ms

Also if you wanted to only do certain ports, for example, just port 80, you can do so in this way:

WORKRTR(config)#ip nat inside source static tcp 10.0.0.254 80 128.128.129.254 80

Or perhaps I wanted to send traffic that would normally go to port 3389 to some wild port so that it would mitigate an attack directed towards rdp:

WORKRTR(config)#ip nat inside source static tcp 10.0.0.254 3389 128.128.129.254 12658