Mitesh Shah
Jekyll
2024-02-20T19:05:41+00:00
https://miteshshah.github.io/
Mitesh Shah
https://miteshshah.github.io/
Mitesh@LinuxSysAdm.in
https://miteshshah.github.io/golang/install-setup-golang
2022-09-21T08:36:37+00:00
2022-09-21T08:36:37+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#install--setup-golang" id="markdown-toc-install--setup-golang">Install & Setup Golang</a> <ul>
<li><a href="#hellogo" id="markdown-toc-hellogo">hello.go</a></li>
</ul>
</li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="install--setup-golang">Install & Setup Golang</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>brew <span class="nb">install </span>golang
<span class="nv">$ </span>go version
go version go1.20.3 darwin/amd64</code></pre></figure>
<h4 id="hellogo">hello.go</h4>
<figure class="highlight"><pre><code class="language-golang" data-lang="golang"><span class="k">package</span> <span class="n">main</span>
<span class="k">import</span> <span class="s">"fmt"</span>
<span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span>
<span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Hello, 世界"</span><span class="p">)</span>
<span class="p">}</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>go run hello.go
Hello, 世界</code></pre></figure>
<p><a href="https://miteshshah.github.io/golang/install-setup-golang/">Install/Setup & Run simple program in Golang</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on September 21, 2022.</p>
https://miteshshah.github.io/devops/lemp/install-and-setup-nginx-pagespeed
2017-04-13T06:50:32+00:00
2017-04-13T06:50:32+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#install-nginx-pagespeed" id="markdown-toc-install-nginx-pagespeed">Install NGINX Pagespeed</a></li>
<li><a href="#configure-nginx" id="markdown-toc-configure-nginx">Configure NGINX</a></li>
<li><a href="#setup-http-auth" id="markdown-toc-setup-http-auth">Setup HTTP AUTH</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h4 id="install-nginx-pagespeed">Install NGINX Pagespeed</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>add-apt-repository ppa:ansipress/nginx
<span class="nv">$ </span><span class="nb">sudo </span>apt-get update
<span class="nv">$ </span><span class="nb">sudo </span>apt-get <span class="nb">install </span>nginx-pagespeed</code></pre></figure>
<h4 id="configure-nginx">Configure NGINX</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>vim /etc/nginx/ansipress/acl.conf
<span class="c">##</span>
<span class="c"># ACL Settings</span>
<span class="c">##</span>
<span class="c"># HTTP authentication || IP address</span>
satisfy any<span class="p">;</span>
auth_basic <span class="s2">"Restricted Area"</span><span class="p">;</span>
auth_basic_user_file htpasswd<span class="p">;</span>
<span class="c"># Allowed IP Address List</span>
allow 127.0.0.1<span class="p">;</span>
deny all<span class="p">;</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>vim /etc/nginx/ansipress/expires.conf
<span class="c">##</span>
<span class="c"># Cache Static Files</span>
<span class="c">##</span>
<span class="c"># Feed</span>
location ~<span class="k">*</span> <span class="se">\.</span><span class="o">(</span>rss|atom<span class="o">)</span><span class="nv">$ </span><span class="o">{</span>
expires 1h<span class="p">;</span>
<span class="o">}</span>
<span class="c"># Media: images, icons, video, audio, htc</span>
location ~<span class="k">*</span> <span class="se">\.</span><span class="o">(</span>jpg|jpeg|gif|png|ico|cur|bmp|svg|svgz|mp4|ogg|ogv|webm|mid|midi|wav|htc|swf<span class="o">)</span><span class="nv">$ </span><span class="o">{</span>
expires max<span class="p">;</span>
access_log off<span class="p">;</span>
log_not_found off<span class="p">;</span>
add_header Cache-Control <span class="s2">"public"</span><span class="p">;</span>
<span class="o">}</span>
<span class="c"># CSS and Javascript</span>
location ~<span class="k">*</span> <span class="se">\.</span><span class="o">(</span>css|js<span class="o">)</span><span class="nv">$ </span><span class="o">{</span>
expires max<span class="p">;</span>
access_log off<span class="p">;</span>
log_not_found off<span class="p">;</span>
<span class="o">}</span>
<span class="c"># WebFonts</span>
location ~<span class="k">*</span> <span class="se">\.</span><span class="o">(</span>ttf|ttc|otf|eot|woff|woff2<span class="o">)</span><span class="nv">$ </span><span class="o">{</span>
expires 1M<span class="p">;</span>
access_log off<span class="p">;</span>
log_not_found off<span class="p">;</span>
add_header Cache-Control <span class="s2">"public"</span><span class="p">;</span>
add_header <span class="s2">"Access-Control-Allow-Origin"</span> <span class="s2">"*"</span><span class="p">;</span>
<span class="o">}</span>
location ~<span class="k">*</span> <span class="se">\.</span><span class="o">(</span>zip|gz|tar|tgz|rar|bz2|exe|doc|xls|ppt|rtf<span class="o">)</span><span class="nv">$ </span><span class="o">{</span>
expires max<span class="p">;</span>
access_log off<span class="p">;</span>
log_not_found off<span class="p">;</span>
<span class="o">}</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>vim /etc/nginx/ansipress/locations.conf
<span class="c">##</span>
<span class="c"># Basic Locations Files</span>
<span class="c">##</span>
location <span class="o">=</span> /robots.txt <span class="o">{</span>
try_files <span class="nv">$uri</span> <span class="nv">$uri</span>/ /index.php?<span class="nv">$args</span><span class="p">;</span>
access_log off<span class="p">;</span>
log_not_found off<span class="p">;</span>
<span class="o">}</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>vim /etc/nginx/ansipress/protect-system-files.conf
<span class="c">##</span>
<span class="c"># Protect System Files</span>
<span class="c">##</span>
<span class="c"># https://www.mnot.net/blog/2010/04/07/well-known</span>
location ~ /<span class="se">\.</span>well-known <span class="o">{</span>
allow all<span class="p">;</span>
<span class="o">}</span>
<span class="c"># Deny hidden files</span>
location ~ /<span class="se">\.</span> <span class="o">{</span>
deny all<span class="p">;</span>
access_log off<span class="p">;</span>
log_not_found off<span class="p">;</span>
<span class="o">}</span>
<span class="c"># Deny backup extensions & log files</span>
location ~<span class="k">*</span> ^.+<span class="se">\.</span><span class="o">(</span>txt|bak|log|old|orig|original|php#|php~|php_bak|save|sql|conf|dist|fla|psd|sh|in[ci]|sw[op]<span class="o">)</span><span class="nv">$ </span><span class="o">{</span>
deny all<span class="p">;</span>
access_log off<span class="p">;</span>
log_not_found off<span class="p">;</span>
<span class="o">}</span>
<span class="c"># Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)</span>
<span class="k">if</span> <span class="o">(</span><span class="nv">$uri</span> ~<span class="k">*</span> <span class="s2">"^.+(readme|license|example)</span><span class="se">\.</span><span class="s2">(txt|html)$"</span><span class="o">)</span> <span class="o">{</span>
<span class="k">return </span>403<span class="p">;</span>
<span class="o">}</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>vim /etc/nginx/ansipress/status.conf
<span class="c">##</span>
<span class="c"># Status Pages</span>
<span class="c">##</span>
location /nginx_status <span class="o">{</span>
stub_status on<span class="p">;</span>
access_log off<span class="p">;</span>
include ansipress/acl.conf<span class="p">;</span>
<span class="o">}</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>vim /etc/nginx/ansipress/pagespeed.conf
<span class="c">##</span>
<span class="c"># Google PageSpeed Settings</span>
<span class="c">##</span>
<span class="c"># PageSpeed Admin</span>
location /ngx_pagespeed_statistics <span class="o">{</span> include ansipress/acl.conf<span class="p">;</span> <span class="o">}</span>
location /ngx_pagespeed_global_statistics <span class="o">{</span> include ansipress/acl.conf<span class="p">;</span> <span class="o">}</span>
location /ngx_pagespeed_message <span class="o">{</span> include ansipress/acl.conf<span class="p">;</span> <span class="o">}</span>
location /pagespeed_console <span class="o">{</span> include ansipress/acl.conf<span class="p">;</span> <span class="o">}</span>
location ~ ^/pagespeed_admin <span class="o">{</span> include ansipress/acl.conf<span class="p">;</span> <span class="o">}</span>
location ~ ^/pagespeed_global_admin <span class="o">{</span> include ansipress/acl.conf<span class="p">;</span> <span class="o">}</span>
<span class="c"># This is a temporary workaround that ensures requests for pagespeed</span>
<span class="c"># optimized resources go to the pagespeed handler.</span>
location ~ <span class="s2">".pagespeed.([a-z].)?[a-z]{2}.[^.]{10}.[^.]+"</span> <span class="o">{</span> <span class="o">}</span>
location ~ <span class="s2">"^/ngx_pagespeed_static/"</span> <span class="o">{</span> <span class="o">}</span>
location ~ <span class="s2">"^/ngx_pagespeed_beacon$"</span> <span class="o">{</span> <span class="o">}</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>vim /etc/nginx/conf.d/pagespeed.conf
<span class="c">##</span>
<span class="c"># Google PageSpeed Settings</span>
<span class="c">##</span>
<span class="c"># Turning the module on and off</span>
pagespeed on<span class="p">;</span>
<span class="c"># Configuring PageSpeed Filters</span>
pagespeed RewriteLevel PassThrough<span class="p">;</span>
<span class="c"># Needs to exist and be writable by nginx.</span>
<span class="c"># Use tmpfs for best performance.</span>
pagespeed MemcachedThreads 1<span class="p">;</span>
pagespeed MemcachedServers <span class="s2">"127.0.0.1:11211"</span><span class="p">;</span>
pagespeed FileCachePath /run/ngx_pagespeed_cache<span class="p">;</span>
<span class="c"># PageSpeed Admin</span>
pagespeed StatisticsPath /ngx_pagespeed_statistics<span class="p">;</span>
pagespeed GlobalStatisticsPath /ngx_pagespeed_global_statistics<span class="p">;</span>
pagespeed MessagesPath /ngx_pagespeed_message<span class="p">;</span>
pagespeed ConsolePath /pagespeed_console<span class="p">;</span>
pagespeed AdminPath /pagespeed_admin<span class="p">;</span>
pagespeed GlobalAdminPath /pagespeed_global_admin<span class="p">;</span>
<span class="c"># PageSpeed Cache Purge</span>
pagespeed EnableCachePurge on<span class="p">;</span>
pagespeed PurgeMethod PURGE<span class="p">;</span></code></pre></figure>
<h4 id="setup-http-auth">Setup HTTP AUTH</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>sh <span class="nt">-c</span> <span class="s2">"echo -n 'mitesh:' >> /etc/nginx/htpasswd"</span>
<span class="nv">$ </span><span class="nb">sudo </span>sh <span class="nt">-c</span> <span class="s2">"openssl passwd -apr1 >> /etc/nginx/htpasswd"</span></code></pre></figure>
<p><a href="https://miteshshah.github.io/devops/lemp/install-and-setup-nginx-pagespeed/">Install & Setup NGINX PageSpeed</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on April 13, 2017.</p>
https://miteshshah.github.io/devops/lemp/setup-user-account
2017-04-12T06:01:48+00:00
2017-04-12T06:01:48+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#create-new-user-account" id="markdown-toc-create-new-user-account">Create New User Account</a></li>
<li><a href="#grant-nginx-read-permissions" id="markdown-toc-grant-nginx-read-permissions">Grant NGINX Read Permissions</a></li>
<li><a href="#setup-custom-bash-prompt-ps1" id="markdown-toc-setup-custom-bash-prompt-ps1">Setup Custom Bash Prompt PS1</a></li>
<li><a href="#setup-directory" id="markdown-toc-setup-directory">Setup Directory</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h4 id="create-new-user-account">Create New User Account</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>useradd <span class="nt">-m</span> <span class="nt">-s</span> /bin/bash mitesh
<span class="nv">$ </span><span class="nb">sudo chmod </span>750 /home/mitesh</code></pre></figure>
<h4 id="grant-nginx-read-permissions">Grant NGINX Read Permissions</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>usermod <span class="nt">-G</span> mitesh www-data</code></pre></figure>
<h4 id="setup-custom-bash-prompt-ps1">Setup Custom Bash Prompt PS1</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo echo</span> <span class="s1">'PS1="\`if [ \$? = 0 ]; then echo \[\e[37m\]^_^[\u@\H:\w]\\$ \[\e[0m\]; else echo \[\e[31m\]O_O[\u@\H:\w]\\$ \[\e[0m\]; fi\`"'</span> <span class="o">>></span> /home/mitesh/.bashrc</code></pre></figure>
<h4 id="setup-directory">Setup Directory</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>su - mitesh
<span class="nv">$ </span><span class="nb">mkdir</span> <span class="nt">-p</span> /home/mitesh/vhosts/<span class="o">{</span>htdocs,ssl,conf,logs<span class="o">}</span></code></pre></figure>
<p><a href="https://miteshshah.github.io/devops/lemp/setup-user-account/">Setup User Account</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on April 12, 2017.</p>
https://miteshshah.github.io/devops/lemp/lemp-stack-conventions-and-file-system-layout
2017-03-15T10:29:34+00:00
2017-03-15T10:29:34+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#file-system-layout" id="markdown-toc-file-system-layout">File System Layout</a> <ul>
<li><a href="#nginx" id="markdown-toc-nginx">NGINX</a></li>
<li><a href="#php7" id="markdown-toc-php7">PHP7</a></li>
<li><a href="#mysql" id="markdown-toc-mysql">MySQL</a></li>
<li><a href="#website" id="markdown-toc-website">Website</a></li>
<li><a href="#shared-hosting-setup" id="markdown-toc-shared-hosting-setup">Shared Hosting Setup</a></li>
</ul>
</li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="file-system-layout">File System Layout</h3>
<h4 id="nginx">NGINX</h4>
<ul>
<li><code class="language-plaintext highlighter-rouge">/etc/nginx</code> - Main NGINX Configuration Directory</li>
<li><code class="language-plaintext highlighter-rouge">/etc/nginx/nginx.conf</code> - Main NGINX Configuration File</li>
<li><code class="language-plaintext highlighter-rouge">/etc/nginx/sites-available/</code> - NGINX Configuration For Websites</li>
<li><code class="language-plaintext highlighter-rouge">/etc/nginx/sites-enabled/</code> - Symbolic Link for Active Websites</li>
<li><code class="language-plaintext highlighter-rouge">/etc/logrotate.d/nginx</code> - NGINX Log Rotation Configuration File</li>
<li><code class="language-plaintext highlighter-rouge">/var/log/nginx/</code> - NGINX Log Directory</li>
</ul>
<h4 id="php7">PHP7</h4>
<ul>
<li><code class="language-plaintext highlighter-rouge">/etc/php/7.1/</code> - Main PHP7 Configuration Directory</li>
<li><code class="language-plaintext highlighter-rouge">/etc/php/7.1/fpm/php.ini</code> - Main PHP7 Configuration File</li>
<li><code class="language-plaintext highlighter-rouge">/etc/php/7.1/fpm/php-fpm.conf</code> - PHP7 FPM Related Settings for WWW Pool</li>
<li><code class="language-plaintext highlighter-rouge">/etc/php/7.1/fpm/pool.d/www.conf</code> - PHP7 WWW Pool Settings</li>
<li><code class="language-plaintext highlighter-rouge">/etc/php/7.1/fpm/pool.d/debug.conf</code> - PHP7 XDEBUG Pool Settings</li>
<li><code class="language-plaintext highlighter-rouge">/etc/php/7.1/fpm/pool.d/user.conf</code> - PHP7 Specific User (user) Pool Settings <code class="language-plaintext highlighter-rouge">127.0.0.1:9011</code></li>
<li><code class="language-plaintext highlighter-rouge">/etc/php/7.1/fpm/pool.d/client.conf</code> - PHP7 Specific User (client) Pool Settings <code class="language-plaintext highlighter-rouge">127.0.0.1:9012</code></li>
<li><code class="language-plaintext highlighter-rouge">/var/log/php/</code> - PHP7 Log Directory</li>
</ul>
<h4 id="mysql">MySQL</h4>
<ul>
<li><code class="language-plaintext highlighter-rouge">/etc/mysql/</code> - Main MySQL Configuration Directory</li>
<li><code class="language-plaintext highlighter-rouge">/etc/mysql/my.cnf</code> - MySQL Configuration File</li>
<li><code class="language-plaintext highlighter-rouge">/root/.my.cnf</code> - MySQL root Username/Password File</li>
<li><code class="language-plaintext highlighter-rouge">/var/log/syslog</code> - MySQL Logs File</li>
</ul>
<h4 id="website">Website</h4>
<ul>
<li><code class="language-plaintext highlighter-rouge">/home/user/vhosts/</code> - Main WebRoot For user Account</li>
<li><code class="language-plaintext highlighter-rouge">/home/user/vhosts/example.com/htdocs/</code> - Webroot for example.com website</li>
<li><code class="language-plaintext highlighter-rouge">/home/user/vhosts/example.com/conf/</code> - Any <code class="language-plaintext highlighter-rouge">*.conf</code> file inside this will be added on NGINX Rules</li>
<li><code class="language-plaintext highlighter-rouge">/home/user/vhosts/example.com/ssl/</code> - SSL Certificate For example.com</li>
<li><code class="language-plaintext highlighter-rouge">/home/user/vhosts/example.com/logs/</code> - NGINX Logs for example.com</li>
</ul>
<h4 id="shared-hosting-setup">Shared Hosting Setup</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="c"># For user (mitesh) PHP Pool would be `/etc/php/7.1/fpm/pool.d/mitesh.conf` `127.0.0.1:9011`</span>
<span class="c"># Both website mitesh.com & mitesh.net run under same pool `127.0.0.1:9011`</span>
/home/mitesh/vhosts/
|-> mitesh.com
|-> logs
|-> ssl
|-> htdocs
|-> conf
|-> mitesh.net
|-> logs
|-> ssl
|-> htdocs
|-> conf
<span class="c"># For user (shah) PHP Pool would be `/etc/php/7.1/fpm/pool.d/shah.conf` `127.0.0.1:9012`</span>
<span class="c"># All website under user (shah) would be run under same pool `127.0.0.1:9012`</span>
/home/shah/vhosts/
|-> shah.com
|-> logs
|-> ssl
|-> htdocs
|-> conf</code></pre></figure>
<p><a href="https://miteshshah.github.io/devops/lemp/lemp-stack-conventions-and-file-system-layout/">LEMP Stack - Conventions & File System Layout</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on March 15, 2017.</p>
https://miteshshah.github.io/devops/lemp/first-5-minutes-on-setup-linux-server-security
2017-03-15T06:56:06+00:00
2017-03-15T06:56:06+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#setup-fqdn-hostname" id="markdown-toc-setup-fqdn-hostname">Setup FQDN Hostname</a></li>
<li><a href="#setup-timezone" id="markdown-toc-setup-timezone">Setup Timezone</a></li>
<li><a href="#setup-umask" id="markdown-toc-setup-umask">Setup UMASK</a></li>
<li><a href="#update-system-packages" id="markdown-toc-update-system-packages">Update System Packages</a></li>
<li><a href="#setup-ntp" id="markdown-toc-setup-ntp">Setup NTP</a></li>
<li><a href="#setup-user--ps1" id="markdown-toc-setup-user--ps1">Setup User & PS1</a></li>
<li><a href="#disable-ssh-password-based-logins" id="markdown-toc-disable-ssh-password-based-logins">Disable SSH Password Based Logins</a></li>
<li><a href="#enable-automatic-security-updates" id="markdown-toc-enable-automatic-security-updates">Enable Automatic Security Updates</a></li>
<li><a href="#install-fail2ban" id="markdown-toc-install-fail2ban">Install Fail2Ban</a></li>
<li><a href="#firewall-setup" id="markdown-toc-firewall-setup">Firewall Setup</a></li>
<li><a href="#install-logwatch-to-keep-an-eye-on-things" id="markdown-toc-install-logwatch-to-keep-an-eye-on-things">Install Logwatch To Keep An Eye On Things</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="setup-fqdn-hostname">Setup FQDN Hostname</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>vim /etc/hostname
srv1.example.com</code></pre></figure>
<h3 id="setup-timezone">Setup Timezone</h3>
<ul>
<li>To know more why you need to setup timezone <a href="http://yellerapp.com/posts/2015-01-12-the-worst-server-setup-you-can-make.html"> Click Here </a></li>
</ul>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>timedatectl set-timezone Etc/UTC</code></pre></figure>
<h3 id="setup-umask">Setup UMASK</h3>
<ul>
<li>To know more about UMASK <a href="/linux/basics/advanced-topics-in-users-groups-and-permissions/#default-permissions"> Click Here </a></li>
<li>By default - Ubuntu will allow to go inside another user home directory and read the data.</li>
<li>By changing UMASK any new user account home directory permission set from 755 to 750</li>
<li>More information - <a href="https://wiki.ubuntu.com/SecurityTeam/Policies#Permissive_Home_Directory_Access"> Permissive Home Directory Access
</a></li>
</ul>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo echo umask </span>0027 <span class="o">>></span> /etc/profile</code></pre></figure>
<h3 id="update-system-packages">Update System Packages</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>apt-get update
<span class="nv">$ </span><span class="nb">sudo </span>apt-get dist-upgrade</code></pre></figure>
<h3 id="setup-ntp">Setup NTP</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>apt-get <span class="nb">install </span>ntp</code></pre></figure>
<h3 id="setup-user--ps1">Setup User & PS1</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>useradd user <span class="nt">-ms</span> /bin/bash
<span class="nv">$ </span><span class="nb">sudo </span>passwd user
<span class="nv">$ </span><span class="nb">sudo chmod </span>0750 /home/user
<span class="nv">$ </span><span class="nb">sudo echo</span> <span class="s1">'PS1="\`if [ \$? = 0 ]; then echo \[\e[37m\]^_^[\u@\H:\w]\\$ \[\e[0m\]; else echo \[\e[31m\]O_O[\u@\H:\w]\\$ \[\e[0m\]; fi\`"'</span> <span class="o">>></span> /home/user/.bashrc</code></pre></figure>
<h3 id="disable-ssh-password-based-logins">Disable SSH Password Based Logins</h3>
<ul>
<li>Make sure your SSH Keys has been added on server.</li>
</ul>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>ssh-copy-id root@exaample.com</code></pre></figure>
<ul>
<li>Configure ssh to prevent password based logins</li>
</ul>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="c"># Change Following Values</span>
<span class="nv">$ </span><span class="nb">sudo </span>vim /etc/ssh/sshd_config
PasswordAuthentication no
<span class="c"># Restart SSH</span>
<span class="nv">$ </span><span class="nb">sudo </span>service ssh restart</code></pre></figure>
<h3 id="enable-automatic-security-updates">Enable Automatic Security Updates</h3>
<ul>
<li>Update the file to look like below.</li>
<li>You should probably keep updates disabled and stick with security updates only.</li>
</ul>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>apt-get <span class="nb">install </span>unattended-upgrades
<span class="nv">$ </span><span class="nb">sudo </span>vim /etc/apt/apt.conf.d/10periodic
// Automatically upgrade packages from these <span class="o">(</span>origin:archive<span class="o">)</span> pairs
Unattended-Upgrade::Allowed-Origins <span class="o">{</span>
// <span class="s2">"</span><span class="k">${</span><span class="nv">distro_id</span><span class="k">}</span><span class="s2">:</span><span class="k">${</span><span class="nv">distro_codename</span><span class="k">}</span><span class="s2">"</span><span class="p">;</span>
<span class="s2">"</span><span class="k">${</span><span class="nv">distro_id</span><span class="k">}</span><span class="s2">:</span><span class="k">${</span><span class="nv">distro_codename</span><span class="k">}</span><span class="s2">-security"</span><span class="p">;</span>
// <span class="s2">"</span><span class="k">${</span><span class="nv">distro_id</span><span class="k">}</span><span class="s2">:</span><span class="k">${</span><span class="nv">distro_codename</span><span class="k">}</span><span class="s2">-updates"</span><span class="p">;</span>
// <span class="s2">"</span><span class="k">${</span><span class="nv">distro_id</span><span class="k">}</span><span class="s2">:</span><span class="k">${</span><span class="nv">distro_codename</span><span class="k">}</span><span class="s2">-proposed"</span><span class="p">;</span>
// <span class="s2">"</span><span class="k">${</span><span class="nv">distro_id</span><span class="k">}</span><span class="s2">:</span><span class="k">${</span><span class="nv">distro_codename</span><span class="k">}</span><span class="s2">-backports"</span><span class="p">;</span>
<span class="o">}</span><span class="p">;</span></code></pre></figure>
<h3 id="install-fail2ban">Install Fail2Ban</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>apt-get <span class="nb">install </span>Fail2Ban</code></pre></figure>
<h3 id="firewall-setup">Firewall Setup</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="c"># Enable UFW</span>
<span class="nv">$ </span><span class="nb">sudo </span>ufw <span class="nb">enable</span>
<span class="c"># By default Deny Everything</span>
<span class="nv">$ </span><span class="nb">sudo </span>ufw default deny
<span class="c"># Allow Port 22 SSH</span>
<span class="nv">$ </span><span class="nb">sudo </span>ufw allow 22
<span class="c"># Allow Port 80 HTTP</span>
<span class="nv">$ </span><span class="nb">sudo </span>ufw allow 80
<span class="c"># Allow Port 443 HTTPS</span>
<span class="nv">$ </span><span class="nb">sudo </span>ufw allow 443
<span class="c"># Limit Connections to SSH which slowdown SSH Attacks</span>
<span class="nv">$ </span><span class="nb">sudo </span>ufw limit ssh/tcp</code></pre></figure>
<h3 id="install-logwatch-to-keep-an-eye-on-things">Install Logwatch To Keep An Eye On Things</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>apt-get <span class="nb">install </span>logwatch
<span class="nv">$ </span><span class="nb">sudo </span>vim /etc/cron.daily/00logwatch
<span class="c">#!/bin/bash</span>
<span class="c">#Check if removed-but-not-purged</span>
<span class="nb">test</span> <span class="nt">-x</span> /usr/share/logwatch/scripts/logwatch.pl <span class="o">||</span> <span class="nb">exit </span>0
<span class="c">#execute</span>
/usr/sbin/logwatch <span class="nt">--output</span> mail <span class="nt">--mailto</span> Mr.Miteshah@gmail.com <span class="nt">--detail</span> high
<span class="c">#Note: It's possible to force the recipient in above command</span>
<span class="c">#Just pass --mailto address@a.com instead of --output mail</span></code></pre></figure>
<p><a href="https://miteshshah.github.io/devops/lemp/first-5-minutes-on-setup-linux-server-security/">First 5 Minutes on Setup Linux Server Security</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on March 15, 2017.</p>
https://miteshshah.github.io/linux/centos/how-to-fix-ping-socket-address-family-not-supported-by-protocol
2017-02-27T05:39:17+00:00
2017-02-27T05:39:17+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#how-to-fix" id="markdown-toc-how-to-fix">How to Fix</a> <ul>
<li><a href="#check-for-updates" id="markdown-toc-check-for-updates">Check For Updates</a></li>
<li><a href="#blacklist-iputils-update" id="markdown-toc-blacklist-iputils-update">Blacklist iputils update</a></li>
</ul>
</li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<ul>
<li>Recently I’d updated CentOS 7 box</li>
<li>This will updated <code class="language-plaintext highlighter-rouge">iputils</code> package from <code class="language-plaintext highlighter-rouge">20121221-7.el7</code> to <code class="language-plaintext highlighter-rouge">20160308-8.el7</code></li>
<li>After the update the <code class="language-plaintext highlighter-rouge">ping</code> command is no longer to ping any IPv4 address :(</li>
</ul>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>ping google.com
ping: socket: Address family not supported by protocol
<span class="nv">$ </span>ping 127.0.0.1
ping: socket: Address family not supported by protocol
<span class="nv">$ </span>ping localhost
ping: socket: Address family not supported by protocol
<span class="nv">$ </span>ping google.com
ping: socket: Address family not supported by protocol
<span class="nv">$ </span>ping <span class="nt">-6</span> localhost
PING localhost <span class="o">(</span>::1<span class="o">)</span> 56 bytes of data.
64 bytes from localhost <span class="o">(</span>::1<span class="o">)</span>: <span class="nv">icmp_seq</span><span class="o">=</span>1 <span class="nv">ttl</span><span class="o">=</span>64 <span class="nb">time</span><span class="o">=</span>0.034 ms
64 bytes from localhost <span class="o">(</span>::1<span class="o">)</span>: <span class="nv">icmp_seq</span><span class="o">=</span>2 <span class="nv">ttl</span><span class="o">=</span>64 <span class="nb">time</span><span class="o">=</span>0.024 ms</code></pre></figure>
<h3 id="how-to-fix">How to Fix</h3>
<ul>
<li>I’d tried to build latest version of <code class="language-plaintext highlighter-rouge">iputils</code> but not successfull :(</li>
<li>So I’d revert it back to the older version</li>
</ul>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>yum remove iputils
<span class="nv">$ </span>wget ftp://bo.mirror.garr.it/1/slc/centos/7.2.1511/os/x86_64/Packages/iputils-20121221-7.el7.x86_64.rpm
<span class="nv">$ </span>yum localinstall iputils-20121221-7.el7.x86_64.rpm</code></pre></figure>
<h4 id="check-for-updates">Check For Updates</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span> yum update
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
<span class="k">*</span> base: mirror.fibergrid.in
<span class="k">*</span> epel: ftp.riken.jp
<span class="k">*</span> extras: mirror.fibergrid.in
<span class="k">*</span> updates: mirror.fibergrid.in
Resolving Dependencies
<span class="nt">--</span><span class="o">></span> Running transaction check
<span class="nt">---</span><span class="o">></span> Package iputils.x86_64 0:20121221-7.el7 will be updated
<span class="nt">---</span><span class="o">></span> Package iputils.x86_64 0:20160308-8.el7 will be an update
<span class="nt">--</span><span class="o">></span> Finished Dependency Resolution
Dependencies Resolved
<span class="o">=============================================================================================================================================================================</span>
Package Arch Version Repository Size
<span class="o">=============================================================================================================================================================================</span>
Updating:
iputils x86_64 20160308-8.el7 base 147 k
Transaction Summary
<span class="o">=============================================================================================================================================================================</span>
Upgrade 1 Package
Total download size: 147 k</code></pre></figure>
<h4 id="blacklist-iputils-update">Blacklist iputils update</h4>
<ul>
<li>I don’t want iputils again updated next time</li>
<li>So I’d blacklist <code class="language-plaintext highlighter-rouge">iputils</code> package from yum update</li>
</ul>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="c"># Update the file as follows using the exclude keyword</span>
<span class="nv">$ </span>vim /etc/yum.repos.d/CentOS-Base.repo
<span class="o">[</span>base]
<span class="nv">name</span><span class="o">=</span>CentOS-<span class="nv">$releasever</span> - Base
<span class="nv">mirrorlist</span><span class="o">=</span>http://mirrorlist.centos.org/?release<span class="o">=</span><span class="nv">$releasever</span>&arch<span class="o">=</span><span class="nv">$basearch</span>&repo<span class="o">=</span>os&infra<span class="o">=</span><span class="nv">$infra</span>
<span class="c">#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/</span>
<span class="nv">gpgcheck</span><span class="o">=</span>1
<span class="nv">gpgkey</span><span class="o">=</span>file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
<span class="nv">exclude</span><span class="o">=</span>iputils</code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>yum update
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
http://mirror.digistar.vn/centos/7.3.1611/extras/x86_64/repodata/repomd.xml: <span class="o">[</span>Errno 12] Timeout on http://mirror.digistar.vn/centos/7.3.1611/extras/x86_64/repodata/repomd.xml: <span class="o">(</span>28, <span class="s1">'Connection timed out after 30001 milliseconds'</span><span class="o">)</span>
Trying other mirror.
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
Loading mirror speeds from cached hostfile
<span class="k">*</span> base: mirror.fibergrid.in
<span class="k">*</span> epel: ftp.riken.jp
<span class="k">*</span> extras: mirror.fibergrid.in
<span class="k">*</span> updates: mirror.fibergrid.in
No packages marked <span class="k">for </span>update</code></pre></figure>
<p><a href="https://miteshshah.github.io/linux/centos/how-to-fix-ping-socket-address-family-not-supported-by-protocol/">How to Fix Ping Socket Address Family Not Supported by Protocol</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on February 27, 2017.</p>
https://miteshshah.github.io/mac/how-to-fix-mac-os-sierra-the-installer-payload-failed-signature-check
2017-01-20T11:32:33+00:00
2017-01-20T11:32:33+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#issue" id="markdown-toc-issue">ISSUE</a></li>
<li><a href="#how-to-fix" id="markdown-toc-how-to-fix">How to Fix</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<p><img src="https://cloud.githubusercontent.com/assets/1223371/22148225/dd6d4868-df32-11e6-8fc3-9f57783a015a.png" alt="How to Fix Mac OS Sierra - the Installer Payload Failed Signature Check" title="How to Fix Mac OS Sierra - the Installer Payload Failed Signature Check" /></p>
<h3 id="issue">ISSUE</h3>
<ul>
<li>The installer checks the date on the computer.</li>
<li>If the date isn’t current, you get the error above.</li>
<li>The fix involves correcting the date on your Mac.</li>
</ul>
<h3 id="how-to-fix">How to Fix</h3>
<ul>
<li>If you use an external boot disk, your Mac starts up into OS X Disk Utilities.</li>
<li>You can access the Terminal by clicking on the Utilities menu and selecting Terminal.</li>
<li>Once the Terminal has launched, follow these steps.</li>
</ul>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>ntpdate <span class="nt">-u</span> time.apple.com</code></pre></figure>
<p><a href="https://miteshshah.github.io/mac/how-to-fix-mac-os-sierra-the-installer-payload-failed-signature-check/">How to Fix Mac OS Sierra - the Installer Payload Failed Signature Check</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on January 20, 2017.</p>
https://miteshshah.github.io/linux/git/how-to-push-empty-commit-to-remote-repository
2016-12-26T10:20:58+00:00
2016-12-26T10:20:58+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<ul>
<li>To setup deployment we need some commits on repository.</li>
<li>But sometimes we need to setup deployment with empty repository</li>
<li>In this guide, We will push empty commit message to remote repository, Which allow us to setup the deployment process.</li>
</ul>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>git commit <span class="nt">--allow-empty</span> <span class="nt">-m</span> <span class="s2">"Empty Commit to setup deployments"</span>
<span class="nv">$ </span>git push</code></pre></figure>
<p><a href="https://miteshshah.github.io/linux/git/how-to-push-empty-commit-to-remote-repository/">How to Push Empty Commit to Remote Repository</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on December 26, 2016.</p>
https://miteshshah.github.io/mac/how-to-fix-ssh-keys-passphrase-issue-on-mac-os-x-10-12
2016-12-14T10:00:52+00:00
2016-12-14T10:00:52+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#summary" id="markdown-toc-summary">Summary</a> <ul>
<li><a href="#how-to-fix" id="markdown-toc-how-to-fix">How to Fix</a></li>
</ul>
</li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="summary">Summary</h3>
<ul>
<li>In previous versions of MAC OS, <code class="language-plaintext highlighter-rouge">ssh-agent</code> used to remember the passphrase for the keys I added to the keychain with <code class="language-plaintext highlighter-rouge">ssh-add -K</code>.</li>
<li>
<p>After a reboot (or logout/login), it automatically picked up the passphrase from the keychain with no extra step.</p>
</li>
<li>In MAC OS X 10.12 Sierra, I have to manually poke the agent to recognize there are passphrase on the keychain</li>
</ul>
<h4 id="how-to-fix">How to Fix</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>wget <span class="nt">-O</span> ~/Library/LaunchAgents/ssh_add.plist https://raw.githubusercontent.com/MiteshShah/admin/master/Mac/ssh_add.plist</code></pre></figure>
<ul>
<li>Above command automatically run <code class="language-plaintext highlighter-rouge">ssh-add -A</code> at login/reboot.</li>
</ul>
<p><a href="https://miteshshah.github.io/mac/how-to-fix-ssh-keys-passphrase-issue-on-mac-os-x-10-12/">How to Fix SSH Keys/passphrase Issue on Mac OS X 10.12</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on December 14, 2016.</p>
https://miteshshah.github.io/devops/nagios/how-to-monitor-ssl-and-ssl-labs-summary-with-nagios
2016-09-14T18:07:59+00:00
2016-09-14T18:07:59+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#prerequisites" id="markdown-toc-prerequisites">Prerequisites</a></li>
<li><a href="#nagios-host-groups" id="markdown-toc-nagios-host-groups">Nagios Host Groups</a></li>
<li><a href="#nagios-services" id="markdown-toc-nagios-services">Nagios Services</a></li>
<li><a href="#nagios-commands" id="markdown-toc-nagios-commands">Nagios Commands</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="prerequisites">Prerequisites</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>apt-get <span class="nt">-y</span> <span class="nb">install </span>libwww-perl libjson-perl
<span class="nv">$ </span>wget <span class="nt">-O</span> /usr/local/nagios/libexec/check_sslscan https://www.unixadm.org/software/nagios-stuff/checks/check_sslscan
<span class="nv">$ </span><span class="nb">chmod </span>a+x /usr/local/nagios/libexec/check_sslscan</code></pre></figure>
<h3 id="nagios-host-groups">Nagios Host Groups</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/hostgroups/https.cfg
define hostgroup<span class="o">{</span>
hostgroup_name HTTPS
<span class="nb">alias </span>HTTPS
members example.com
<span class="o">}</span></code></pre></figure>
<h3 id="nagios-services">Nagios Services</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/services/https.cfg
define service<span class="o">{</span>
use local-service <span class="p">;</span> Name of service template to use
service_description HTTPS
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups oncall-admins
hostgroup_name HTTPS
notification_interval 30
notification_period 24x7
notification_options w,c,r
check_command check_https
<span class="o">}</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/services/ssllabs.cfg
define service<span class="o">{</span>
use local-service <span class="p">;</span> Name of service template to use
service_description SSL Labs
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups oncall-admins
hostgroup_name HTTPS
notification_interval 30
notification_period 24x7
notification_options w,c,r
check_command check_sslscan
<span class="o">}</span></code></pre></figure>
<h3 id="nagios-commands">Nagios Commands</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/commands/https.cfg
define <span class="nb">command</span><span class="o">{</span>
command_name check_https
command_line <span class="nv">$USER1$/</span>check_http <span class="nt">-H</span> <span class="nv">$HOSTADDRESS$ </span><span class="nt">-C</span> 15 <span class="nt">--sni</span>
<span class="o">}</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/commands/sslscan.cfg
define <span class="nb">command</span><span class="o">{</span>
command_name check_sslscan
command_line <span class="nv">$USER1$/</span>check_sslscan <span class="nt">-H</span> <span class="nv">$HOSTADDRESS$ </span><span class="nt">-a</span> 168 <span class="c">#-x</span>
<span class="o">}</span></code></pre></figure>
<p><img alt="Monitor HTTPS SSL Certificate" src="https://cloud.githubusercontent.com/assets/1223371/18524866/def2ef18-7ad7-11e6-810d-859ae40c61c3.png" /></p>
<p><img alt="SSL Labs Grade A" src="https://cloud.githubusercontent.com/assets/1223371/18524865/decdebd2-7ad7-11e6-9167-7f4eff5917b0.png" /></p>
<p><img alt="SSL Labs Grade B" src="https://cloud.githubusercontent.com/assets/1223371/18524863/de4248ca-7ad7-11e6-8265-683a13b32ac3.png" /></p>
<p><a href="https://miteshshah.github.io/devops/nagios/how-to-monitor-ssl-and-ssl-labs-summary-with-nagios/">How to Monitor SSL & SSL Labs Summary With Nagios</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on September 14, 2016.</p>
https://miteshshah.github.io/devops/nagios/how-to-monitor-domain-expire-date-with-nagios
2016-09-14T18:06:22+00:00
2016-09-14T18:06:22+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#prerequisites" id="markdown-toc-prerequisites">Prerequisites</a></li>
<li><a href="#nagios-host-groups" id="markdown-toc-nagios-host-groups">Nagios Host Groups</a></li>
<li><a href="#nagios-services" id="markdown-toc-nagios-services">Nagios Services</a></li>
<li><a href="#nagios-commands" id="markdown-toc-nagios-commands">Nagios Commands</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="prerequisites">Prerequisites</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>wget <span class="nt">-O</span> /usr/local/nagios/libexec/check_domain.sh https://raw.githubusercontent.com/glensc/monitoring-plugin-check_domain/master/check_domain.sh
<span class="nv">$ </span><span class="nb">chmod </span>a+x /usr/local/nagios/libexec/domain.sh</code></pre></figure>
<h3 id="nagios-host-groups">Nagios Host Groups</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/hostgroups/domain.cfg
define hostgroup<span class="o">{</span>
hostgroup_name CHECK_DOMAIN
<span class="nb">alias </span>Domain Expiry Check
members example.com,test.com
<span class="o">}</span></code></pre></figure>
<h3 id="nagios-services">Nagios Services</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/services/domain.cfg
define service<span class="o">{</span>
use local-service <span class="p">;</span> Name of service template to use
service_description Domain Expiry
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups oncall-admins
hostgroup_name CHECK_DOMAIN
notification_interval 30
notification_period 24x7
notification_options c,r
check_command check_domain
<span class="o">}</span></code></pre></figure>
<h3 id="nagios-commands">Nagios Commands</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/commands/domain.cfg
define <span class="nb">command</span><span class="o">{</span>
command_name check_domain
command_line <span class="nv">$USER1$/</span>check_domain.sh <span class="nt">-d</span> <span class="nv">$HOSTADDRESS$ </span><span class="nt">-w30</span> <span class="nt">-c</span> 15
<span class="c">#-a 1 -C /usr/local/nagios/cache -w 30 -c 15</span>
<span class="o">}</span></code></pre></figure>
<p><img alt="Domain Expiry" src="https://cloud.githubusercontent.com/assets/1223371/18525079/b0238dfe-7ad8-11e6-939c-8579fe71826c.png" /></p>
<p><a href="https://miteshshah.github.io/devops/nagios/how-to-monitor-domain-expire-date-with-nagios/">How to Monitor Domain Expire Date With Nagios</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on September 14, 2016.</p>
https://miteshshah.github.io/linux/nginx/how-to-setup-separate-nginx-fastcgi-cache-for-mobile-and-desktop-users
2016-09-07T07:24:04+00:00
2016-09-07T07:24:04+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#prerequisites" id="markdown-toc-prerequisites">Prerequisites</a></li>
<li><a href="#detect-mobile-request" id="markdown-toc-detect-mobile-request">Detect Mobile Request</a></li>
<li><a href="#configure-nginx-fastcgi-cache" id="markdown-toc-configure-nginx-fastcgi-cache">Configure NGINX FastCGI Cache</a></li>
<li><a href="#edit-ee-wpfc-file" id="markdown-toc-edit-ee-wpfc-file">Edit EE WPFC File</a></li>
<li><a href="#edit-website" id="markdown-toc-edit-website">Edit Website</a></li>
<li><a href="#purge-cache" id="markdown-toc-purge-cache">Purge Cache</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="prerequisites">Prerequisites</h3>
<ul>
<li>Website created with EasyEngine FastCGI cache</li>
</ul>
<h3 id="detect-mobile-request">Detect Mobile Request</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim map <span class="nv">$http_user_agent</span> <span class="nv">$mobile_request</span> <span class="o">{</span>
default fullversion<span class="p">;</span>
<span class="s2">"~*ipad"</span> mobileversion<span class="p">;</span>
<span class="s2">"~*android.*mobile"</span> mobileversion<span class="p">;</span>
<span class="s2">"~*iphone"</span> mobileversion<span class="p">;</span>
<span class="s2">"~*ipod.*mobile"</span> mobileversion<span class="p">;</span>
<span class="s2">"~*BlackBerry*Mobile Safari"</span> mobileversion<span class="p">;</span>
<span class="s2">"~*BB*Mobile Safari"</span> mobileversion<span class="p">;</span>
<span class="s2">"~*Opera.*Mini/7"</span> mobileversion<span class="p">;</span>
<span class="s2">"~*IEMobile/10.*Touch"</span> mobileversion<span class="p">;</span>
<span class="s2">"~*IEMobile/11.*Touch"</span> mobileversion<span class="p">;</span>
<span class="s2">"~*IEMobile/7.0"</span> mobileversion<span class="p">;</span>
<span class="s2">"~*IEMobile/9.0"</span> mobileversion<span class="p">;</span>
<span class="s2">"~*Firefox.*Mobile"</span> mobileversion<span class="p">;</span>
<span class="s2">"~*webOS"</span> mobileversion<span class="p">;</span>
<span class="o">}</span></code></pre></figure>
<h3 id="configure-nginx-fastcgi-cache">Configure NGINX FastCGI Cache</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /etc/nginx/conf.d/fastcgi.conf
<span class="c"># FastCGI cache settings</span>
fastcgi_cache_path /var/run/nginx-cache <span class="nv">levels</span><span class="o">=</span>1:2 <span class="nv">keys_zone</span><span class="o">=</span>WORDPRESS:50m <span class="nv">inactive</span><span class="o">=</span>60m<span class="p">;</span>
<span class="c">#fastcgi_cache_key "$scheme$request_method$host$request_uri";</span>
fastcgi_cache_key <span class="s2">"</span><span class="nv">$scheme$request_method$host$request_uri$mobile_request</span><span class="s2">"</span><span class="p">;</span>
fastcgi_cache_use_stale error <span class="nb">timeout </span>invalid_header updating http_500 http_503<span class="p">;</span>
fastcgi_cache_valid 200 301 302 404 1h<span class="p">;</span>
fastcgi_buffers 16 16k<span class="p">;</span>
fastcgi_buffer_size 32k<span class="p">;</span>
fastcgi_param SERVER_NAME <span class="nv">$http_host</span><span class="p">;</span>
fastcgi_ignore_headers Cache-Control Expires Set-Cookie<span class="p">;</span>
fastcgi_keep_conn on<span class="p">;</span></code></pre></figure>
<h3 id="edit-ee-wpfc-file">Edit EE WPFC File</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">cp</span> <span class="nt">-av</span> <span class="nb">cp</span> <span class="nt">-av</span> /etc/nginx/common/wpfc.conf /etc/nginx/common/wpfc-custom.conf
<span class="nv">$ </span>vim /etc/nginx/common/wpfc-custom.conf
<span class="c"># WPFC NGINX CONFIGURATION</span>
<span class="c"># DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)</span>
<span class="nb">set</span> <span class="nv">$skip_cache</span> 0<span class="p">;</span>
<span class="nb">set</span> <span class="nv">$var_desktop</span> <span class="s2">"fullversion"</span><span class="p">;</span>
<span class="nb">set</span> <span class="nv">$var_mobile</span> <span class="s2">"mobileversion"</span><span class="p">;</span>
<span class="c"># POST requests and URL with a query string should always go to php</span>
<span class="k">if</span> <span class="o">(</span><span class="nv">$request_method</span> <span class="o">=</span> POST<span class="o">)</span> <span class="o">{</span>
<span class="nb">set</span> <span class="nv">$skip_cache</span> 1<span class="p">;</span>
<span class="o">}</span>
<span class="k">if</span> <span class="o">(</span><span class="nv">$query_string</span> <span class="o">!=</span> <span class="s2">""</span><span class="o">)</span> <span class="o">{</span>
<span class="nb">set</span> <span class="nv">$skip_cache</span> 1<span class="p">;</span>
<span class="o">}</span>
<span class="c"># Don't cache URL containing the following segments</span>
<span class="k">if</span> <span class="o">(</span><span class="nv">$request_uri</span> ~<span class="k">*</span> <span class="s2">"(/wp-admin/|/xmlrpc.php|wp-.*.php|index.php|/feed/|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)"</span><span class="o">)</span> <span class="o">{</span>
<span class="nb">set</span> <span class="nv">$skip_cache</span> 1<span class="p">;</span>
<span class="o">}</span>
<span class="c"># Don't use the cache for logged in users or recent commenter</span>
<span class="k">if</span> <span class="o">(</span><span class="nv">$http_cookie</span> ~<span class="k">*</span> <span class="s2">"comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in"</span><span class="o">)</span> <span class="o">{</span>
<span class="nb">set</span> <span class="nv">$skip_cache</span> 1<span class="p">;</span>
<span class="o">}</span>
<span class="c"># Use cached or actual file if they exists, Otherwise pass request to WordPress</span>
location / <span class="o">{</span>
try_files <span class="nv">$uri</span> <span class="nv">$uri</span>/ /index.php?<span class="nv">$args</span><span class="p">;</span>
<span class="o">}</span>
location ~ ^/wp-content/cache/minify/<span class="o">(</span>.+<span class="se">\.</span><span class="o">(</span>css|js<span class="o">))</span><span class="nv">$ </span><span class="o">{</span>
try_files <span class="nv">$uri</span> /wp-content/plugins/w3-total-cache/pub/minify.php?file<span class="o">=</span><span class="nv">$1</span><span class="p">;</span>
<span class="o">}</span>
location ~ <span class="se">\.</span>php<span class="nv">$ </span><span class="o">{</span>
try_files <span class="nv">$uri</span> <span class="o">=</span>404<span class="p">;</span>
include fastcgi_params<span class="p">;</span>
fastcgi_pass php<span class="p">;</span>
fastcgi_cache_bypass <span class="nv">$skip_cache</span><span class="p">;</span>
fastcgi_no_cache <span class="nv">$skip_cache</span><span class="p">;</span>
fastcgi_cache WORDPRESS<span class="p">;</span>
<span class="o">}</span>
location ~ /purge<span class="o">(</span>/.<span class="k">*</span><span class="o">)</span> <span class="o">{</span>
fastcgi_cache_purge WORDPRESS <span class="s2">"</span><span class="nv">$scheme$request_method$host$1$var_desktop</span><span class="s2">"</span><span class="p">;</span>
access_log off<span class="p">;</span>
<span class="o">}</span>
location ~ /mpurge<span class="o">(</span>/.<span class="k">*</span><span class="o">)</span> <span class="o">{</span>
fastcgi_cache_purge WORDPRESS <span class="s2">"</span><span class="nv">$scheme$request_method$host$1$var_mobile</span><span class="s2">"</span><span class="p">;</span>
access_log off<span class="p">;</span>
<span class="o">}</span></code></pre></figure>
<h3 id="edit-website">Edit Website</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>ee site edit example.com
<span class="c"># replace wpfc.conf with wpfc-custom.conf</span>
include common/wpfc-custom.conf<span class="p">;</span></code></pre></figure>
<h3 id="purge-cache">Purge Cache</h3>
<ul>
<li>Desktop Cache Purge: http://example.com/purge/</li>
<li>Mobile Cache Purge: http://example.com/mpurge/</li>
</ul>
<p><a href="https://miteshshah.github.io/linux/nginx/how-to-setup-separate-nginx-fastcgi-cache-for-mobile-and-desktop-users/">How to Setup Separate NGINX FastCGI Cache for Mobile & Desktop Users</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on September 07, 2016.</p>
https://miteshshah.github.io/devops/nagios/how-to-configure-remote-system-for-nagios-monitoring
2016-09-01T19:22:33+00:00
2016-09-01T19:22:33+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#prerequisites" id="markdown-toc-prerequisites">Prerequisites</a></li>
<li><a href="#adding-the-nagios-user-and-group" id="markdown-toc-adding-the-nagios-user-and-group">Adding the Nagios User and Group</a></li>
<li><a href="#download-nagios-plugins--nrpe-tarballs" id="markdown-toc-download-nagios-plugins--nrpe-tarballs">Download Nagios Plugins & NRPE Tarballs</a> <ul>
<li><a href="#extract-nagios-plugins--nrpe-tarballs" id="markdown-toc-extract-nagios-plugins--nrpe-tarballs">Extract Nagios Plugins & NRPE Tarballs</a></li>
</ul>
</li>
<li><a href="#nagios-plugins-installation" id="markdown-toc-nagios-plugins-installation">Nagios Plugins Installation</a></li>
<li><a href="#setup-nrpe" id="markdown-toc-setup-nrpe">Setup NRPE</a></li>
<li><a href="#restart-services" id="markdown-toc-restart-services">Restart Services</a></li>
<li><a href="#check-nrpe" id="markdown-toc-check-nrpe">Check NRPE</a> <ul>
<li><a href="#setup-nrpe-config" id="markdown-toc-setup-nrpe-config">Setup NRPE Config</a></li>
<li><a href="#setup-nrpe-plugins" id="markdown-toc-setup-nrpe-plugins">Setup NRPE Plugins</a></li>
</ul>
</li>
<li><a href="#enable-nginxphp-status-page" id="markdown-toc-enable-nginxphp-status-page">Enable NGINX/PHP status page</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="prerequisites">Prerequisites</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="c"># Ubuntu/Debian</span>
<span class="nv">$ </span><span class="nb">sudo </span>apt-get <span class="nb">install </span>wget build-essential openssl libssl-dev</code></pre></figure>
<h3 id="adding-the-nagios-user-and-group">Adding the Nagios User and Group</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>useradd nagios
<span class="nv">$ </span>groupadd nagcmd
<span class="nv">$ </span>usermod <span class="nt">-a</span> <span class="nt">-G</span> nagcmd nagios
<span class="nv">$ </span>usermod <span class="nt">-a</span> <span class="nt">-G</span> nagios,nagcmd www-data</code></pre></figure>
<h3 id="download-nagios-plugins--nrpe-tarballs">Download Nagios Plugins & NRPE Tarballs</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">cd</span> /tmp
<span class="nv">$ </span>wget http://nagios-plugins.org/download/nagios-plugins-2.1.2.tar.gz
<span class="nv">$ </span>wget https://github.com/NagiosEnterprises/nrpe/archive/3.0.tar.gz</code></pre></figure>
<h4 id="extract-nagios-plugins--nrpe-tarballs">Extract Nagios Plugins & NRPE Tarballs</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">tar </span>zxvf nagios-plugins-2.1.2.tar.gz
<span class="nv">$ </span><span class="nb">tar </span>zxvf 3.0.tar.gz</code></pre></figure>
<h3 id="nagios-plugins-installation">Nagios Plugins Installation</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">cd</span> /tmp/nagios-plugins-2.1.2
<span class="nv">$ </span>./configure <span class="nt">--with-nagios-user</span><span class="o">=</span>nagios <span class="nt">--with-nagios-group</span><span class="o">=</span>nagios <span class="nt">--with-openssl</span> <span class="nt">--with-ping-command</span><span class="o">=</span>ping
<span class="nv">$ </span>make
<span class="nv">$ </span>make <span class="nb">install</span></code></pre></figure>
<h3 id="setup-nrpe">Setup NRPE</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">cd</span> /tmp/nrpe-3.0/
<span class="nv">$ </span>./configure
<span class="nv">$ </span>make all
<span class="nv">$ </span>make <span class="nb">install</span>
<span class="nv">$ </span>make install-config
<span class="nv">$ </span>make install-init</code></pre></figure>
<h3 id="restart-services">Restart Services</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>service nagios restart
<span class="nv">$ </span>service nrpe restart</code></pre></figure>
<h3 id="check-nrpe">Check NRPE</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>/usr/local/nagios/libexec/check_nrpe <span class="nt">-H</span> 127.0.0.1
NRPE vnrpe-3.0</code></pre></figure>
<h4 id="setup-nrpe-config">Setup NRPE Config</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">mv</span> /usr/local/nagios/etc/nrpe.cfg /usr/local/nagios/etc/nrpe.cfg.bak
<span class="nv">$ </span>vim /usr/local/nagios/etc/nrpe.cfg <span class="nv">log_facility</span><span class="o">=</span>daemon
<span class="nv">pid_file</span><span class="o">=</span>/usr/local/nagios/var/nrpe.pid
<span class="nv">server_port</span><span class="o">=</span>5666
<span class="nv">nrpe_user</span><span class="o">=</span>nagios
<span class="nv">nrpe_group</span><span class="o">=</span>nagios
<span class="nv">allowed_hosts</span><span class="o">=</span>127.0.0.1
<span class="nv">dont_blame_nrpe</span><span class="o">=</span>0
<span class="nv">allow_bash_command_substitution</span><span class="o">=</span>0
<span class="nv">debug</span><span class="o">=</span>0
<span class="nv">command_timeout</span><span class="o">=</span>60
<span class="nv">connection_timeout</span><span class="o">=</span>300
<span class="nb">command</span><span class="o">[</span>check_users]<span class="o">=</span>/usr/local/nagios/libexec/check_users <span class="nt">-w</span> 5 <span class="nt">-c</span> 10
<span class="nb">command</span><span class="o">[</span>check_load]<span class="o">=</span>/usr/local/nagios/libexec/check_load <span class="nt">-w</span> 15,10,5 <span class="nt">-c</span> 30,25,20
<span class="nb">command</span><span class="o">[</span>check_hda1]<span class="o">=</span>/usr/local/nagios/libexec/check_disk <span class="nt">-w</span> 20% <span class="nt">-c</span> 10% <span class="nt">-p</span> /
<span class="nb">command</span><span class="o">[</span>check_zombie_procs]<span class="o">=</span>/usr/local/nagios/libexec/check_procs <span class="nt">-w</span> 5 <span class="nt">-c</span> 10 <span class="nt">-s</span> Z
<span class="nb">command</span><span class="o">[</span>check_total_procs]<span class="o">=</span>/usr/local/nagios/libexec/check_procs <span class="nt">-w</span> 150 <span class="nt">-c</span> 200
<span class="nb">command</span><span class="o">[</span>check_memory]<span class="o">=</span>/usr/local/nagios/libexec/check_free_mem <span class="nt">-w</span> 20 <span class="nt">-c</span> 10 <span class="nt">-W</span> 5 <span class="nt">-C</span> 10
<span class="nb">command</span><span class="o">[</span>check_nginx]<span class="o">=</span>/usr/local/nagios/libexec/check_nginx.sh <span class="nt">-H</span> 127.0.0.1 <span class="nt">-p</span> 80 <span class="nt">-s</span> nginx_status <span class="nt">-N</span>
<span class="nb">command</span><span class="o">[</span>check_php]<span class="o">=</span>/usr/local/nagios/libexec/check_phpfpm_status.pl <span class="nt">-H</span> 127.0.0.1 <span class="nt">-u</span> /status
<span class="nb">command</span><span class="o">[</span>check_mysql]<span class="o">=</span>/usr/local/nagios/libexec/check_mysqld.pl <span class="nt">-u</span> root <span class="nt">-p</span> eadgwulm <span class="nt">-T</span> <span class="nt">-a</span> <span class="nb">uptime</span>,threads_connected,questions,slow_queries,open_tables <span class="nt">-A</span> threads_running,innodb_row_lock_time_avg,show global status <span class="nt">-w</span> <span class="s2">",,,,"</span> <span class="nt">-c</span> <span class="s2">",,,,1000"</span></code></pre></figure>
<h4 id="setup-nrpe-plugins">Setup NRPE Plugins</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>wget <span class="nt">-O</span> /usr/local/nagios/libexec/check_free_mem https://gist.githubusercontent.com/MiteshShah/65dad7fa814a31d5a8a5d7bc7716c079/raw/5c2693fedfda4eda46e71b93db7c1dcf8db0f2aa/check_free_mem
<span class="nv">$ </span><span class="nb">chmod </span>a+x /usr/local/nagios/libexec/check_free_mem
<span class="nv">$ </span>wget <span class="nt">-O</span> /usr/local/nagios/libexec/check_nginx.sh https://gist.githubusercontent.com/MiteshShah/49279e58a73ff76f34f294dfce5af92d/raw/b00f77a79b6e89eb3c085142ff665af750873fec/check_nginx.sh
<span class="nv">$ </span><span class="nb">chmod </span>a+x /usr/local/nagios/libexec/check_nginx.sh
<span class="nv">$ </span>wget <span class="nt">-O</span> /usr/local/nagios/libexec/check_phpfpm_status.pl https://gist.githubusercontent.com/MiteshShah/c5f23b253cb439030e5db2db1c6f4eda/raw/d286c86ee38e962e28dae9f121e983d5be7216c3/check_phpfpm_status.pl
<span class="nv">$ </span><span class="nb">chmod </span>a+x /usr/local/nagios/libexec/check_phpfpm_status.pl
<span class="nv">$ </span>wget <span class="nt">-O</span> /usr/local/nagios/libexec/check_mysqld.pl https://gist.githubusercontent.com/MiteshShah/e4ca2ddfe0e87344f94f79b8ae6895f7/raw/050857339623f33275657b5cebc4bb2f6f0587a8/check_mysqld.pl
<span class="nv">$ </span><span class="nb">chmod </span>a+x /usr/local/nagios/libexec/check_mysqld.pl
<span class="nv">$ </span>service nrpe restart</code></pre></figure>
<h3 id="enable-nginxphp-status-page">Enable NGINX/PHP status page</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>wget <span class="nt">-O</span> /etc/nginx/sites-available/status.conf https://gist.githubusercontent.com/MiteshShah/38591a384c426a63ec3b002ac0208801/raw/7cbf2cfafe142b1e048594ed72ed9a5b3dc31f09/status.conf
<span class="nv">$ </span><span class="nb">ln</span> <span class="nt">-s</span> /etc/nginx/sites-available/status.conf /etc/nginx/sites-enabled/
<span class="nv">$ </span>nginx <span class="nt">-t</span> <span class="o">&&</span> service nginx restart</code></pre></figure>
<p><a href="https://miteshshah.github.io/devops/nagios/how-to-configure-remote-system-for-nagios-monitoring/">How to Configure Remote System for Nagios Monitoring</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on September 01, 2016.</p>
https://miteshshah.github.io/devops/nagios/how-to-configure-nagios-monitoring-system
2016-09-01T18:21:10+00:00
2016-09-01T18:21:10+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#configure-nagios" id="markdown-toc-configure-nagios">Configure Nagios</a> <ul>
<li><a href="#nagios-contacts" id="markdown-toc-nagios-contacts">Nagios Contacts</a></li>
<li><a href="#nagios-contact-groups" id="markdown-toc-nagios-contact-groups">Nagios Contact Groups</a></li>
<li><a href="#nagios-hosts" id="markdown-toc-nagios-hosts">Nagios Hosts</a></li>
<li><a href="#nagios-host-groups" id="markdown-toc-nagios-host-groups">Nagios Host Groups</a></li>
<li><a href="#nagios-services" id="markdown-toc-nagios-services">Nagios Services</a></li>
<li><a href="#nagios-commands" id="markdown-toc-nagios-commands">Nagios Commands</a></li>
</ul>
</li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="configure-nagios">Configure Nagios</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/nagios.cfg
<span class="c"># Add following lines on cfg_dir block</span>
<span class="nv">cfg_dir</span><span class="o">=</span>/usr/local/nagios/etc/contacts
<span class="nv">cfg_dir</span><span class="o">=</span>/usr/local/nagios/etc/contactgroups
<span class="nv">cfg_dir</span><span class="o">=</span>/usr/local/nagios/etc/services
<span class="nv">cfg_dir</span><span class="o">=</span>/usr/local/nagios/etc/commands
<span class="nv">cfg_dir</span><span class="o">=</span>/usr/local/nagios/etc/hosts
<span class="nv">cfg_dir</span><span class="o">=</span>/usr/local/nagios/etc/hostgroups</code></pre></figure>
<ul>
<li>Create Nagios Directory</li>
</ul>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">mkdir</span> /usr/local/nagios/etc/<span class="o">{</span>contacts,contactgroups,services,commands,hosts,hostgroups<span class="o">}</span></code></pre></figure>
<h4 id="nagios-contacts">Nagios Contacts</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/contacts/alerts.cfg
define contact<span class="o">{</span>
contact_name ops
<span class="nb">alias </span>Ops
service_notification_period 24x7
host_notification_period 24x7
service_notification_options w,u,c,r
host_notification_options d,u,r
service_notification_commands notify-service-by-email
host_notification_commands notify-host-by-email
email alerts@example.com
<span class="o">}</span></code></pre></figure>
<h4 id="nagios-contact-groups">Nagios Contact Groups</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/contactgroups/oncall-admin.cfg
define contactgroup<span class="o">{</span>
contactgroup_name oncall-admins
<span class="nb">alias </span>On-call Admins
members ops
<span class="o">}</span></code></pre></figure>
<h4 id="nagios-hosts">Nagios Hosts</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/hosts/example.com
define host <span class="o">{</span>
use linux-server
host_name example.com
<span class="nb">alias </span>example.com
address example.com
max_check_attempts 5
check_period 24x7
notification_interval 30
notification_period 24x7
notification_options d,u,r
<span class="o">}</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/hosts/test.com
define host <span class="o">{</span>
use linux-server
host_name test.com
<span class="nb">alias </span>test.com
address test.com
max_check_attempts 5
check_period 24x7
notification_interval 30
notification_period 24x7
notification_options d,u,r
<span class="o">}</span></code></pre></figure>
<h4 id="nagios-host-groups">Nagios Host Groups</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/hostgroups/http.cfg
define hostgroup<span class="o">{</span>
hostgroup_name HTTP
<span class="nb">alias </span>HTTP
members example.com,test.com
<span class="o">}</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/hostgroups/https.cfg
define hostgroup<span class="o">{</span>
hostgroup_name HTTPS
<span class="nb">alias </span>HTTPS
members example.com
<span class="o">}</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/hostgroups/remote_mysql.cfg
define hostgroup<span class="o">{</span>
hostgroup_name REMOTE_MYSQL
<span class="nb">alias </span>REMOTE MYSQL
members example.com,test.com
<span class="o">}</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/hostgroups/remote_nginx.cfg
define hostgroup<span class="o">{</span>
hostgroup_name REMOTE_NGINX
<span class="nb">alias </span>REMOTE NGINX
members example.com,test.com
<span class="o">}</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>define hostgroup<span class="o">{</span>
hostgroup_name REMOTE
<span class="nb">alias </span>Remote Linux Servers
members example.com,test,com
<span class="o">}</span></code></pre></figure>
<h4 id="nagios-services">Nagios Services</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/services/http.cfg
define service<span class="o">{</span>
use local-service <span class="p">;</span> Name of service template to use
service_description HTTP
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups oncall-admins
hostgroup_name HTTP
notification_interval 30
notification_period 24x7
notification_options c,r
check_command check_http
<span class="o">}</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/services/https.cfg
define service<span class="o">{</span>
use local-service <span class="p">;</span> Name of service template to use
service_description HTTPS
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups oncall-admins
hostgroup_name HTTPS
notification_interval 30
notification_period 24x7
notification_options w,c,r
check_command check_https
<span class="o">}</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/services/remote_mysql.cfg
define service<span class="o">{</span>
use local-service <span class="p">;</span> Name of service template to use
service_description Remote MYSQL
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups oncall-admins
hostgroup_name REMOTE_MYSQL
notification_interval 30
notification_period 24x7
notification_options c,r
check_command check_nrpe!check_mysql
<span class="o">}</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/services/remote_nginx.cfg
define service<span class="o">{</span>
use local-service <span class="p">;</span> Name of service template to use
service_description Remote NGINX
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups oncall-admins
hostgroup_name REMOTE_NGINX
notification_interval 30
notification_period 24x7
notification_options c,r
check_command check_nrpe!check_nginx
<span class="o">}</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/services/remote.cfg
define service<span class="o">{</span>
use generic-service <span class="p">;</span> Name of service template to use
service_description Root Partition
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups oncall-admins
hostgroup_name REMOTE
notification_interval 30
notification_period 24x7
notification_options c,r
check_command check_nrpe!check_hda1
<span class="o">}</span>
define service<span class="o">{</span>
use generic-service <span class="p">;</span> Name of service template to use
service_description Current Load
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups oncall-admins
hostgroup_name REMOTE
notification_interval 30
notification_period 24x7
notification_options c,r
check_command check_nrpe!check_load
<span class="o">}</span>
define service<span class="o">{</span>
use generic-service <span class="p">;</span> Name of service template to use
service_description Memory Swap
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups oncall-admins
hostgroup_name REMOTE
notification_interval 30
notification_period 24x7
notification_options c,r
check_command check_nrpe!check_memory
<span class="o">}</span>
<span class="c">#define service{</span>
<span class="c"># use generic-service ; Name of service template to use</span>
<span class="c"># service_description Total Process</span>
<span class="c"># is_volatile 0</span>
<span class="c"># check_period 24x7</span>
<span class="c"># max_check_attempts 3</span>
<span class="c"># normal_check_interval 3</span>
<span class="c"># retry_check_interval 1</span>
<span class="c"># contact_groups oncall-admins</span>
<span class="c"># hostgroup_name REMOTE</span>
<span class="c"># notification_interval 30</span>
<span class="c"># notification_period 24x7</span>
<span class="c"># notification_options c,r</span>
<span class="c"># check_command check_nrpe!check_total_procs</span>
<span class="c">#}</span></code></pre></figure>
<h4 id="nagios-commands">Nagios Commands</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">cp</span> <span class="nt">-av</span> /usr/local/nagios/etc/objects/commands.cfg /usr/local/nagios/etc/commands/</code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/commands/https.cfg
define <span class="nb">command</span><span class="o">{</span>
command_name check_https
command_line <span class="nv">$USER1$/</span>check_http <span class="nt">-H</span> <span class="nv">$HOSTADDRESS$ </span><span class="nt">-C</span> 15 <span class="nt">-sni</span>
<span class="o">}</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>vim /usr/local/nagios/etc/commands/nrpe.cfg
define <span class="nb">command</span><span class="o">{</span>
command_name check_nrpe
command_line <span class="nv">$USER1$/</span>check_nrpe <span class="nt">-H</span> <span class="nv">$HOSTADDRESS$ </span><span class="nt">-c</span> <span class="nv">$ARG1</span><span class="err">$</span>
<span class="o">}</span></code></pre></figure>
<p><a href="https://miteshshah.github.io/devops/nagios/how-to-configure-nagios-monitoring-system/">How to Configure Nagios Monitoring System</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on September 01, 2016.</p>
https://miteshshah.github.io/devops/nagios/how-to-setup-nagios-monitoring-system
2016-09-01T11:31:36+00:00
2016-09-01T11:31:36+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#prerequisites" id="markdown-toc-prerequisites">Prerequisites</a></li>
<li><a href="#adding-the-nagios-user-and-group" id="markdown-toc-adding-the-nagios-user-and-group">Adding the Nagios User and Group</a></li>
<li><a href="#download-nagios-core-nagios-plugins--nrpe-tarballs" id="markdown-toc-download-nagios-core-nagios-plugins--nrpe-tarballs">Download Nagios Core, Nagios Plugins & NRPE Tarballs</a> <ul>
<li><a href="#extract-nagios-core-nagios-plugins--nrpe-tarballs" id="markdown-toc-extract-nagios-core-nagios-plugins--nrpe-tarballs">Extract Nagios Core, Nagios Plugins & NRPE Tarballs</a></li>
</ul>
</li>
<li><a href="#nagios-core-installation" id="markdown-toc-nagios-core-installation">Nagios Core Installation</a> <ul>
<li><a href="#copy-nagios-core-files" id="markdown-toc-copy-nagios-core-files">Copy Nagios Core Files</a></li>
</ul>
</li>
<li><a href="#setup-apache" id="markdown-toc-setup-apache">Setup Apache</a></li>
<li><a href="#nagios-plugins-installation" id="markdown-toc-nagios-plugins-installation">Nagios Plugins Installation</a></li>
<li><a href="#setup-nrpe" id="markdown-toc-setup-nrpe">Setup NRPE</a></li>
<li><a href="#restart-services" id="markdown-toc-restart-services">Restart Services</a></li>
<li><a href="#enable-services" id="markdown-toc-enable-services">Enable Services</a></li>
<li><a href="#check-nrpe--nagios" id="markdown-toc-check-nrpe--nagios">Check NRPE & Nagios</a></li>
<li><a href="#nagios-web-interface" id="markdown-toc-nagios-web-interface">Nagios Web Interface</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<p><img src="https://cloud.githubusercontent.com/assets/1223371/18166139/0917267c-7067-11e6-8efb-58950b52fab4.jpg" alt="How to Setup Nagios Monitoring System" title="How to Setup Nagios Monitoring System" /></p>
<h3 id="prerequisites">Prerequisites</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="c"># Ubuntu/Debian</span>
<span class="nv">$ </span><span class="nb">sudo </span>apt-get <span class="nb">install </span>wget build-essential openssl libssl-dev apache2 php apache2-mod-php7.0 php-gd libgd-dev unzip apache2-utils</code></pre></figure>
<h3 id="adding-the-nagios-user-and-group">Adding the Nagios User and Group</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>useradd nagios
<span class="nv">$ </span>groupadd nagcmd
<span class="nv">$ </span>usermod <span class="nt">-a</span> <span class="nt">-G</span> nagcmd nagios
<span class="nv">$ </span>usermod <span class="nt">-a</span> <span class="nt">-G</span> nagios,nagcmd www-data</code></pre></figure>
<h3 id="download-nagios-core-nagios-plugins--nrpe-tarballs">Download Nagios Core, Nagios Plugins & NRPE Tarballs</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">cd</span> /tmp
<span class="nv">$ </span>wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-4.2.0.tar.gz
<span class="nv">$ </span>wget http://nagios-plugins.org/download/nagios-plugins-2.1.2.tar.gz
<span class="nv">$ </span>wget https://github.com/NagiosEnterprises/nrpe/archive/3.0.tar.gz</code></pre></figure>
<h4 id="extract-nagios-core-nagios-plugins--nrpe-tarballs">Extract Nagios Core, Nagios Plugins & NRPE Tarballs</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">tar </span>zxvf nagios-4.2.0.tar.gz
<span class="nv">$ </span><span class="nb">tar </span>zxvf nagios-plugins-2.1.2.tar.gz
<span class="nv">$ </span><span class="nb">tar </span>zxvf 3.0.tar.gz</code></pre></figure>
<h3 id="nagios-core-installation">Nagios Core Installation</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">cd </span>nagios-4.2.0
<span class="nv">$ </span>./configure <span class="nt">--with-nagios-group</span><span class="o">=</span>nagios <span class="nt">--with-command-group</span><span class="o">=</span>nagcmd <span class="nt">--with-httpd-conf</span><span class="o">=</span>/etc/apache2/sites-available/
<span class="nv">$ </span>make all
<span class="nv">$ </span>make <span class="nb">install</span>
<span class="nv">$ </span>make install-init
<span class="nv">$ </span>make install-config
<span class="nv">$ </span>make install-commandmode
<span class="nv">$ </span>make install-webconf</code></pre></figure>
<h4 id="copy-nagios-core-files">Copy Nagios Core Files</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">cp</span> <span class="nt">-R</span> contrib/eventhandlers/ /usr/local/nagios/libexec/
<span class="nv">$ </span><span class="nb">chown</span> <span class="nt">-R</span> nagios:nagios /usr/local/nagios/libexec/eventhandlers</code></pre></figure>
<h3 id="setup-apache">Setup Apache</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>a2ensite nagios
<span class="nv">$ </span><span class="nb">sudo </span>a2enmod rewrite cgi
<span class="nv">$ </span>htpasswd <span class="nt">-c</span> /usr/local/nagios/etc/htpasswd.users nagiosadmin</code></pre></figure>
<h3 id="nagios-plugins-installation">Nagios Plugins Installation</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">cd</span> /tmp/nagios-plugins-2.1.2
<span class="nv">$ </span>./configure <span class="nt">--with-nagios-user</span><span class="o">=</span>nagios <span class="nt">--with-nagios-group</span><span class="o">=</span>nagios <span class="nt">--with-openssl</span> <span class="nt">--with-ping-command</span><span class="o">=</span>ping
<span class="nv">$ </span>make
<span class="nv">$ </span>make <span class="nb">install</span></code></pre></figure>
<h3 id="setup-nrpe">Setup NRPE</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">cd</span> /tmp/nrpe-3.0/
<span class="nv">$ </span>./configure
<span class="nv">$ </span>make all
<span class="nv">$ </span>make <span class="nb">install</span>
<span class="nv">$ </span>make install-config
<span class="nv">$ </span>make install-init</code></pre></figure>
<h3 id="restart-services">Restart Services</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>service apache2 restart
<span class="nv">$ </span>service nagios restart
<span class="nv">$ </span>service nrpe restart</code></pre></figure>
<h3 id="enable-services">Enable Services</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>update-rc.d nagios defaults</code></pre></figure>
<h3 id="check-nrpe--nagios">Check NRPE & Nagios</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>/usr/local/nagios/libexec/check_nrpe <span class="nt">-H</span> 127.0.0.1
NRPE vnrpe-3.0
<span class="nv">$ </span>/usr/local/nagios/bin/nagios <span class="nt">-v</span> /usr/local/nagios/etc/nagios.cfg</code></pre></figure>
<h3 id="nagios-web-interface">Nagios Web Interface</h3>
<ul>
<li>After correctly following the procedures you should now be able to access your Nagios Core installation from a
web browser.</li>
<li>Simply use the following: <a href="http://1.1.1.1/nagios">http://1.1.1.1/nagios</a></li>
<li>Log in with the credentials you chose when adding the nagiosadmin user to the htpasswd.users file.</li>
</ul>
<p><a href="https://miteshshah.github.io/devops/nagios/how-to-setup-nagios-monitoring-system/">How to Setup Nagios Monitoring System</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on September 01, 2016.</p>
https://miteshshah.github.io/sysadmin/how-to-fix-no-space-left-on-device
2016-08-01T11:22:45+00:00
2016-08-01T11:22:45+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#issue" id="markdown-toc-issue">Issue</a></li>
<li><a href="#how-to-fix" id="markdown-toc-how-to-fix">How to Fix</a> <ul>
<li><a href="#find-those-small-files" id="markdown-toc-find-those-small-files">Find those small files</a></li>
<li><a href="#lets-cross-check" id="markdown-toc-lets-cross-check">Let’s Cross Check</a></li>
</ul>
</li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="issue">Issue</h3>
<ul>
<li>One of our servers went down today.</li>
<li>
<p>Problem started with developer complains about “No space left on device”</p>
</li>
<li>I’d checked server and found server has nearly 60% free disk space.</li>
</ul>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">df</span> <span class="nt">-h</span>
Filesystem Size Used Avail Use% Mounted on
/dev/root 24G 7.7G 15G 35% /
devtmpfs 998M 4.0K 998M 1% /dev
none 4.0K 0 4.0K 0% /sys/fs/cgroup
none 200M 352K 200M 1% /run
none 5.0M 0 5.0M 0% /run/lock
none 1000M 0 1000M 0% /run/shm
none 100M 0 100M 0% /run/user</code></pre></figure>
<ul>
<li>Let’s check available Inodes</li>
</ul>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">df</span> <span class="nt">-i</span>
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/root 1504000 1504000 0 100% /
devtmpfs 255453 1383 254070 1% /dev
none 255919 2 255917 1% /sys/fs/cgroup
none 255919 842 255077 1% /run
none 255919 1 255918 1% /run/lock
none 255919 1 255918 1% /run/shm
none 255919 2 255917 1% /run/user</code></pre></figure>
<ul>
<li>If you ever run into such trouble – most likely you have too many small or 0-sized files on your disk</li>
<li>while you have enough free disk space, you have exhausted all available Inodes.</li>
</ul>
<h3 id="how-to-fix">How to Fix</h3>
<h4 id="find-those-small-files">Find those small files</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span><span class="k">for </span>i <span class="k">in</span> /<span class="k">*</span><span class="p">;</span> <span class="k">do </span><span class="nb">echo</span> <span class="nv">$i</span><span class="p">;</span> find <span class="nv">$i</span> | <span class="nb">wc</span> <span class="nt">-l</span><span class="p">;</span> <span class="k">done</span></code></pre></figure>
<ul>
<li>This command will list directories and number of files in them.</li>
<li>Once you see a directory with unusually high number of files (or command just hangs over calculation for a long time), repeat the command for that directory to see where exactly the small files are</li>
</ul>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="k">for </span>i <span class="k">in</span> /home/<span class="k">*</span><span class="p">;</span> <span class="k">do </span><span class="nb">echo</span> <span class="nv">$i</span><span class="p">;</span> find <span class="nv">$i</span> | <span class="nb">wc</span> <span class="nt">-l</span><span class="p">;</span> <span class="k">done</span></code></pre></figure>
<ul>
<li>Once you found the suspect – just delete the files</li>
</ul>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo rm</span> <span class="nt">-rf</span> /home/bad_user/lots_of_small_junk_files</code></pre></figure>
<h4 id="lets-cross-check">Let’s Cross Check</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">df</span> <span class="nt">-i</span>
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/root 1504000 1132528 371472 76% /
devtmpfs 255453 1383 254070 1% /dev
none 255919 2 255917 1% /sys/fs/cgroup
none 255919 842 255077 1% /run
none 255919 1 255918 1% /run/lock
none 255919 1 255918 1% /run/shm
none 255919 2 255917 1% /run/user</code></pre></figure>
<p><a href="https://miteshshah.github.io/sysadmin/how-to-fix-no-space-left-on-device/">How to Fix No Space Left on Device</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on August 01, 2016.</p>
https://miteshshah.github.io/linux/nginx/how-to-fix-nginx-logging-issue
2016-07-18T15:25:19+00:00
2016-07-18T15:25:19+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#nginx-logging-issue" id="markdown-toc-nginx-logging-issue">NGINX Logging Issue</a></li>
<li><a href="#fix-nginx-logging-issue" id="markdown-toc-fix-nginx-logging-issue">Fix NGINX Logging Issue</a></li>
<li><a href="#fix-all-servers-using-ansible" id="markdown-toc-fix-all-servers-using-ansible">Fix All Servers using Ansible</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<p><img src="http://nginx.org/nginx.png" alt="How to Fix NGINX Logging Issue" title="How to Fix NGINX Logging Issue" /></p>
<h3 id="nginx-logging-issue">NGINX Logging Issue</h3>
<ul>
<li>After looking into NGINX DEBUG & other I’d found nothing related to this issue.</li>
<li>So I’d decided to run the logrotate command manually and see what’s going on.</li>
</ul>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">cat</span> /etc/logrotate.d/nginx
/var/log/nginx/<span class="k">*</span>.log <span class="o">{</span>
daily
missingok
rotate 14
compress
delaycompress
notifempty
create 0640 www-data adm
sharedscripts
prerotate
<span class="k">if</span> <span class="o">[</span> <span class="nt">-d</span> /etc/logrotate.d/httpd-prerotate <span class="o">]</span><span class="p">;</span> <span class="k">then</span> <span class="se">\</span>
run-parts /etc/logrotate.d/httpd-prerotate<span class="p">;</span> <span class="se">\</span>
<span class="k">fi</span> <span class="se">\</span>
endscript
postrotate
invoke-rc.d nginx rotate <span class="o">></span>/dev/null 2>&1
endscript
<span class="o">}</span></code></pre></figure>
<ul>
<li>When I run the post rotate script manually it’s through errors.</li>
</ul>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash">^_^[root@mitesh.com:~]# invoke-rc.d nginx rotate
initctl: invalid <span class="nb">command</span>: rotate
Try <span class="sb">`</span>initctl <span class="nt">--help</span><span class="s1">' for more information.
invoke-rc.d: initscript nginx, action "rotate" failed.</span></code></pre></figure>
<ul>
<li>That clearly means we have to look into post rotate script.</li>
</ul>
<h3 id="fix-nginx-logging-issue">Fix NGINX Logging Issue</h3>
<ul>
<li>After doing some research and search on IRC channel,</li>
<li>I’d found the solution which fix this issue.</li>
</ul>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash">^_^[root@mitesh.com:~]# service nginx rotate
<span class="k">*</span> Re-opening nginx log files nginx</code></pre></figure>
<h3 id="fix-all-servers-using-ansible">Fix All Servers using Ansible</h3>
<ul>
<li>I hate manually run same command on nearly hundred of servers.</li>
<li>Ansible is a good way to automate this boring work.</li>
</ul>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>ansible ALL <span class="nt">-m</span> shell <span class="nt">-a</span> <span class="s2">"sudo sed -i 's/invoke-rc.d nginx rotate/service nginx rotate/' /etc/logrotate.d/nginx"</span>
<span class="nv">$ </span>ansible ALL <span class="nt">-m</span> shell <span class="nt">-a</span> <span class="s2">"sudo service nginx rotate"</span></code></pre></figure>
<p class="notice"><strong>NOTE!</strong>: If you are not sure what is Ansible then check out some <a href="/devops/ansible/">Ansible Tutorials</a>.</p>
<p><a href="https://miteshshah.github.io/linux/nginx/how-to-fix-nginx-logging-issue/">How to Fix NGINX Logging Issue</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on July 18, 2016.</p>
https://miteshshah.github.io/devops/ansible/ansible-installation
2016-07-13T11:44:35+00:00
2016-07-13T11:44:35+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#prerequisites" id="markdown-toc-prerequisites">Prerequisites</a></li>
<li><a href="#installation" id="markdown-toc-installation">Installation</a> <ul>
<li><a href="#install-ansible-on-ubuntu" id="markdown-toc-install-ansible-on-ubuntu">Install Ansible on Ubuntu</a></li>
<li><a href="#install-ansible-on-centos" id="markdown-toc-install-ansible-on-centos">Install Ansible on CentOS</a></li>
<li><a href="#install-ansible-on-mac-os-x" id="markdown-toc-install-ansible-on-mac-os-x">Install Ansible on Mac OS X</a></li>
</ul>
</li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="prerequisites">Prerequisites</h3>
<ul>
<li>Python 2.6/2.7</li>
</ul>
<h3 id="installation">Installation</h3>
<h4 id="install-ansible-on-ubuntu">Install Ansible on Ubuntu</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>apt-get <span class="nb">install </span>software-properties-common
<span class="nv">$ </span><span class="nb">sudo </span>apt-add-repository ppa:ansible/ansible
<span class="nv">$ </span><span class="nb">sudo </span>apt-get update
<span class="nv">$ </span><span class="nb">sudo </span>apt-get <span class="nb">install </span>ansible</code></pre></figure>
<h4 id="install-ansible-on-centos">Install Ansible on CentOS</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">sudo </span>yum <span class="nb">install </span>epel-release
<span class="nv">$ </span><span class="nb">sudo </span>yum <span class="nb">install </span>ansible</code></pre></figure>
<h4 id="install-ansible-on-mac-os-x">Install Ansible on Mac OS X</h4>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>brew <span class="nb">install </span>ansible</code></pre></figure>
<p class="notice"><strong>NOTE!</strong>: Make sure you have installed HomeBrew on your system,
If you don’t have HomeBrew installed then <a href="/mac/things-to-do-after-installing-mac-os-x/#install-homebrew"> Click Here to Install HomeBrew </a></p>
<p><a href="https://miteshshah.github.io/devops/ansible/ansible-installation/">Ansible Installation</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on July 13, 2016.</p>
https://miteshshah.github.io/devops/aws/s3/how-to-find-out-aws-s3-bucket-human-readable-size
2016-07-13T06:19:40+00:00
2016-07-13T06:19:40+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#install--configure-s3cmd" id="markdown-toc-install--configure-s3cmd">Install & Configure S3CMD</a></li>
<li><a href="#find-out-s3-bucket-size" id="markdown-toc-find-out-s3-bucket-size">Find Out S3 Bucket Size</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<p><img src="https://cloud.githubusercontent.com/assets/1223371/16793780/20cc9308-48f1-11e6-8c9f-242070064a8f.png" alt="How to Find Out AWS S3 Bucket Human Readable Size" title="How to Find Out AWS S3 Bucket Human Readable Size" /></p>
<h3 id="install--configure-s3cmd">Install & Configure S3CMD</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="c"># Download S3CMD</span>
<span class="nv">$ </span>git clone https://github.com/s3tools/s3cmd.git
<span class="c"># Configure S3CMD</span>
<span class="nv">$ </span><span class="nb">cd </span>s3cmd
<span class="nv">$ </span>./s3cmd <span class="nt">--configure</span></code></pre></figure>
<h3 id="find-out-s3-bucket-size">Find Out S3 Bucket Size</h3>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>s3cmd <span class="nb">du </span>s3://my-bucket
5885516953 s3://my-bucket
<span class="c"># Human Readable</span>
<span class="nv">$ </span>s3cmd <span class="nb">du</span> <span class="nt">-H</span> s3://my-bucket
5G s3://my-bucket
<span class="c"># Find All S3 Bucket Human Readable Size</span>
<span class="nv">$ </span>s3cmd <span class="nb">du</span> <span class="nt">-H</span> s3://
18G 144 objects s3://bucket1/
19G 7441 objects s3://bucket2/
143G 10333 objects s3://bucket3/</code></pre></figure>
<p><a href="https://miteshshah.github.io/devops/aws/s3/how-to-find-out-aws-s3-bucket-human-readable-size/">How to Find Out AWS S3 Bucket Human Readable Size</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on July 13, 2016.</p>
https://miteshshah.github.io/tips-and-tricks/how-to-search-remove-google-chrome-history
2016-07-12T05:37:23+00:00
2016-07-12T05:37:23+00:00
Mitesh Shah
https://miteshshah.github.io
Mitesh@LinuxSysAdm.in
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#issue" id="markdown-toc-issue">Issue</a></li>
<li><a href="#how-crash-chrome-works" id="markdown-toc-how-crash-chrome-works">How Crash Chrome Works</a></li>
<li><a href="#now-lets-clear-chrome-history" id="markdown-toc-now-lets-clear-chrome-history">Now Let’s clear Chrome History</a> <ul>
<li><a href="#perform-search--remove" id="markdown-toc-perform-search--remove">Perform Search & Remove</a></li>
</ul>
</li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="issue">Issue</h3>
<ul>
<li>Recently, I’d open <a href="http://crashchrome.com">Crash Chrome</a></li>
<li>Now after Google Chrome crash, I’d check Chrome History and entire Chrome History is full of logs of <a href="http://crashchrome.com">Crash Chrome</a></li>
</ul>
<h3 id="how-crash-chrome-works">How Crash Chrome Works</h3>
<ul>
<li><a href="http://crashchrome.com">Crash Chrome</a> is a simple redirection loop</li>
<li>
<p>It’s a webpage that sends you to ($webAddress + nextnumber)</p>
</li>
<li>http://crashchrome.com redirect to http://crashchrome.com/1</li>
<li>http://crashchrome.com/1 redirect to http://crashchrome.com/12</li>
</ul>
<h3 id="now-lets-clear-chrome-history">Now Let’s clear Chrome History</h3>
<ul>
<li>In Chrome History there is no <code class="language-plaintext highlighter-rouge">select all</code> button</li>
<li>So let’s do it little different way</li>
</ul>
<h4 id="perform-search--remove">Perform Search & Remove</h4>
<ul>
<li>Open chrome://history-frame/#q=crashchrome</li>
<li>Right click on this page</li>
<li>Click on Inspect Element</li>
<li>Click on Console</li>
<li>Copy Paste Following Code and Press Enter.</li>
</ul>
<p><img src="https://cloud.githubusercontent.com/assets/1223371/16765760/9174db2c-4853-11e6-8d4f-ee405511d366.png" alt="How to Search/remove Google Chrome History" title="How to Search/remove Google Chrome History" /></p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">$('remove-selected').removeAttribute("disabled"); Array.prototype.forEach.call(document.querySelectorAll("input[type=checkbox]"), function(node) {node.checked = "checked"}); $('remove-selected').click()</code></pre></figure>
<p><a href="https://miteshshah.github.io/tips-and-tricks/how-to-search-remove-google-chrome-history/">How to Search/remove Google Chrome History</a> was originally published by Mitesh Shah at <a href="https://miteshshah.github.io">Mitesh Shah</a> on July 12, 2016.</p>