ec2-bundle-vol --prefix what_you_want_to_name_it -d /mnt/ami -c pathtocert.pem -k pathtokeyfile.pem -u 123456789 -s 10240 --kernel aki-9b00e5f2 -r i386
-d, --destination PATH
-c, --cert PATH
-k, --privatekey PATH
--kernel ID Id of the default kernel to launch the AMI with.
-r, --arch ARCHITECTURE Specify target architecture. One of ["i386", "x86_64"]
-s, --size MB The size, in MB (1024 * 1024 bytes), of the image file to create. The maximum size is 10240 MB.
(change the kernel type and arch to suite your needs... might as well use the largest size 10240)
This will bundle your running instance, and place the files in /mnt/ami
ec2-upload-bundle -b bucketname -m /mnt/ami/what_you_named_it.manifest.xml --access-key XYZ --secret-key XYZ
This will upload your bundled image to your bucket.
ec2-register /bucket/what_you_named_it.manifest.xml
The last step is to register your image, you will get back the AMI ID, and can either start your instance on the cmd line, or simply login to the web console and start it.
4/9/09
Nagios - Instead of a ping check to see if a host is alive, use http instead
Sometimes (often) ICMP is blocked, so you can't ping check your hosts to see if they are alive.
You can add this to commands.cfg and hosts.cfg for those hosts to check via http instead.
commands.cfg
hosts.cfg
define host{
host_name hostname.com
address ip.address
alias hostnamealias
use networking_machines_template
check_command check-host-alive-by-http
}
You can add this to commands.cfg and hosts.cfg for those hosts to check via http instead.
commands.cfg
define command {
command_name check-host-alive-by-http
command_line $USER1$/check_http -H $HOSTADDRESS
}
hosts.cfg
define host{
host_name hostname.com
address ip.address
alias hostnamealias
use networking_machines_template
check_command check-host-alive-by-http
}
4/8/09
Installing Nagios
Installing Nagios
---------------------
*need to have basic centos install, with apache installed.
Install rpmforge repo
wget http://apt.sw.be/redhat/el5/en/i386/RPMS.dag/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
wget http://apt.sw.be/redhat/el5/en/x86_64/RPMS.dag/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
rpm -K rpmforge-release-0.3.6-1.el5.rf.*.rpm #verify package
rpm -i rpmforge-release-0.3.6-1.el5.rf.*.rpm #install package
Install yum-priorities #this is't required, but I like to limit the rpmforge repository from effecting any base packages
yum install yum-priorities
#Make sure that yum-priorities is enabled by editing the /etc/yum/pluginconf.d/priorities.conf
#Edit the .repo files in /etc/yum.repos.d/ and set up priorities by adding the line: (lower number = higher priority, 0 = disabled)
priority=N
Install nagios packages
sudo yum install nagios nagios-devel nagios-plugins nagios-plugins-setuid rrdtool
Configure Nagios
sudo htpasswd -c /etc/nagios/htpasswd.users kylec #Create htpasswd file for auth
sudo htpasswd /etc/nagios/htpasswd.users username #for adding users
sudo vi /etc/nagios/nagios.cfg
comment out...
#cfg_file=/etc/nagios/objects/templates.cfg
#cfg_file=/etc/nagios/objects/localhost.cfg
add...
cfg_file=/etc/nagios/objects/hosts.cfg
cfg_file=/etc/nagios/objects/hostgroups.cfg
cfg_file=/etc/nagios/objects/services.cfg
cfg_file=/etc/nagios/objects/contactgroups.cfg
set...
process_performance_data=1
host_perfdata_command=process-host-perfdata
service_perfdata_command=process-service-perfdata
sudo vi /etc/nagios/cgi.cfg
set...
authorized_for_system_information=*
authorized_for_configuration_information=*
authorized_for_system_commands=*
authorized_for_all_services=*
authorized_for_all_hosts=*
authorized_for_all_service_commands=*
authorized_for_all_host_commands=*
----------------------------------------------------------------------------------------------
Installing Nagios pnp
wget http://switch.dl.sourceforge.net/sourceforge/pnp4nagios/pnp-0.4.13.tar.gz
./configure
make all
make fullinstall
edit hosts.cfg
add:
define host{
use generic-host,host-pnp #add host-pnp to networking_machines_template
define host {
name host-pnp
register 0
action_url /nagios/pnp/index.php?host=$HOSTNAME$' onmouseover="get_g('$HOSTNAME$','_HOST_')" onmouseout="clear_g()"
}
edit services.cfg
Add to the main template... (in my case basic-service)
define service{
use generic-service,srv-pnp (srv-pnp is whats added)
name basic-service
.... truncated
define service {
name srv-pnp
register 0
action_url /nagios/pnp/index.php?host=$HOSTNAME$&srv=$SERVICEDESC$' onmouseover="get_g('$HOSTNAME$','$SERVICEDESC$')" onmouseout="clear_g()"
}
edit commands.cfg
add:
define command {
command_name process-service-perfdata
command_line /usr/bin/perl /usr/local/nagios/libexec/process_perfdata.pl
}
define command {
command_name process-host-perfdata
command_line /usr/bin/perl /usr/local/nagios/libexec/process_perfdata.pl -d HOSTPERFDATA
}
comment out the existing SAMPLE PERFORMANCE DATA COMMANDS
setup configs
cd /usr/local/nagios/etc/pnp/
sudo mv npcd.cfg-sample npcd.cfg
sudo mv process_perfdata.cfg-sample process_perfdata.cfg
sudo mv rra.cfg-sample rra.cfg
If you are seeing ... "File does not exist: /usr/share/nagios/pnp," in your httpd logs.
cp -R /usr/local/nagios/share/pnp/ /usr/share/nagios/pnp
edit as you would like them.
start npcd
/etc/init.d/npcd start
-------------------------------------------------------------------------------------------------------
EXAMPLE .cfgs #this is custom, these are just some examples to get you started.
contacts.cfg
define contact{
contact_name kyle
alias kyle
service_notification_period 24x7
host_notification_period 24x7
service_notification_options w,u,c,r
host_notification_options d,u,r
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
email kyle@email.com
}
contactgroups.cfg
define contactgroup{
contactgroup_name admins
alias admins
members internal_infosec, kylepager
}
hosts.cfg
define host{
host_name website.com
address website.com
alias website.com
use networking_machines_template
}
hostgroups.cfg
define hostgroup{
hostgroup_name webservers
alias webservers
members server1, server2, server3, website.com
}
services.cfg
define service{
use basic-service
hostgroup_name webservers
service_description HTTP
check_command check_http!
contact_groups admins
}
---------------------
*need to have basic centos install, with apache installed.
Install rpmforge repo
wget http://apt.sw.be/redhat/el5/en/i386/RPMS.dag/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
wget http://apt.sw.be/redhat/el5/en/x86_64/RPMS.dag/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
rpm -K rpmforge-release-0.3.6-1.el5.rf.*.rpm #verify package
rpm -i rpmforge-release-0.3.6-1.el5.rf.*.rpm #install package
Install yum-priorities #this is't required, but I like to limit the rpmforge repository from effecting any base packages
yum install yum-priorities
#Make sure that yum-priorities is enabled by editing the /etc/yum/pluginconf.d/priorities.conf
#Edit the .repo files in /etc/yum.repos.d/ and set up priorities by adding the line: (lower number = higher priority, 0 = disabled)
priority=N
Install nagios packages
sudo yum install nagios nagios-devel nagios-plugins nagios-plugins-setuid rrdtool
Configure Nagios
sudo htpasswd -c /etc/nagios/htpasswd.users kylec #Create htpasswd file for auth
sudo htpasswd /etc/nagios/htpasswd.users username #for adding users
sudo vi /etc/nagios/nagios.cfg
comment out...
#cfg_file=/etc/nagios/objects/templates.cfg
#cfg_file=/etc/nagios/objects/localhost.cfg
add...
cfg_file=/etc/nagios/objects/hosts.cfg
cfg_file=/etc/nagios/objects/hostgroups.cfg
cfg_file=/etc/nagios/objects/services.cfg
cfg_file=/etc/nagios/objects/contactgroups.cfg
set...
process_performance_data=1
host_perfdata_command=process-host-perfdata
service_perfdata_command=process-service-perfdata
sudo vi /etc/nagios/cgi.cfg
set...
authorized_for_system_information=*
authorized_for_configuration_information=*
authorized_for_system_commands=*
authorized_for_all_services=*
authorized_for_all_hosts=*
authorized_for_all_service_commands=*
authorized_for_all_host_commands=*
----------------------------------------------------------------------------------------------
Installing Nagios pnp
wget http://switch.dl.sourceforge.net/sourceforge/pnp4nagios/pnp-0.4.13.tar.gz
./configure
make all
make fullinstall
edit hosts.cfg
add:
define host{
use generic-host,host-pnp #add host-pnp to networking_machines_template
define host {
name host-pnp
register 0
action_url /nagios/pnp/index.php?host=$HOSTNAME$' onmouseover="get_g('$HOSTNAME$','_HOST_')" onmouseout="clear_g()"
}
edit services.cfg
Add to the main template... (in my case basic-service)
define service{
use generic-service,srv-pnp (srv-pnp is whats added)
name basic-service
.... truncated
define service {
name srv-pnp
register 0
action_url /nagios/pnp/index.php?host=$HOSTNAME$&srv=$SERVICEDESC$' onmouseover="get_g('$HOSTNAME$','$SERVICEDESC$')" onmouseout="clear_g()"
}
edit commands.cfg
add:
define command {
command_name process-service-perfdata
command_line /usr/bin/perl /usr/local/nagios/libexec/process_perfdata.pl
}
define command {
command_name process-host-perfdata
command_line /usr/bin/perl /usr/local/nagios/libexec/process_perfdata.pl -d HOSTPERFDATA
}
comment out the existing SAMPLE PERFORMANCE DATA COMMANDS
setup configs
cd /usr/local/nagios/etc/pnp/
sudo mv npcd.cfg-sample npcd.cfg
sudo mv process_perfdata.cfg-sample process_perfdata.cfg
sudo mv rra.cfg-sample rra.cfg
If you are seeing ... "File does not exist: /usr/share/nagios/pnp," in your httpd logs.
cp -R /usr/local/nagios/share/pnp/ /usr/share/nagios/pnp
edit as you would like them.
start npcd
/etc/init.d/npcd start
-------------------------------------------------------------------------------------------------------
EXAMPLE .cfgs #this is custom, these are just some examples to get you started.
contacts.cfg
define contact{
contact_name kyle
alias kyle
service_notification_period 24x7
host_notification_period 24x7
service_notification_options w,u,c,r
host_notification_options d,u,r
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
email kyle@email.com
}
contactgroups.cfg
define contactgroup{
contactgroup_name admins
alias admins
members internal_infosec, kylepager
}
hosts.cfg
define host{
host_name website.com
address website.com
alias website.com
use networking_machines_template
}
hostgroups.cfg
define hostgroup{
hostgroup_name webservers
alias webservers
members server1, server2, server3, website.com
}
services.cfg
define service{
use basic-service
hostgroup_name webservers
service_description HTTP
check_command check_http!
contact_groups admins
}
4/6/09
Use nmap to scan for conflicker...
Use nmap to scan for conflicker...
http://seclists.org/nmap-dev/2009/q1/0869.html
get the latest of nmap, and install lua
Directions for ubuntu ...
sudo apt-get install lua50
wget http://nmap.org/dist/nmap-4.85BETA7.tar.bz2
tar -jzxvf nmap-4.85BETA7.tar.bz2
./configure
make
./nmap -sC --script=smb-check-vulns --script-args=safe=1 -p445 -d -PN -n -T4 --min-hostgroup 256 --min-parallelism 64 -oA conficker_scan 192.168.1.1/24 | grep Conficker:
You should see all
| Conficker: Likely CLEAN
Just remove the grep filter to see the host if you get any other results.
http://seclists.org/nmap-dev/2009/q1/0869.html
get the latest of nmap, and install lua
Directions for ubuntu ...
sudo apt-get install lua50
wget http://nmap.org/dist/nmap-4.85BETA7.tar.bz2
tar -jzxvf nmap-4.85BETA7.tar.bz2
./configure
make
./nmap -sC --script=smb-check-vulns --script-args=safe=1 -p445 -d -PN -n -T4 --min-hostgroup 256 --min-parallelism 64 -oA conficker_scan 192.168.1.1/24 | grep Conficker:
You should see all
| Conficker: Likely CLEAN
Just remove the grep filter to see the host if you get any other results.
Subscribe to:
Posts (Atom)