About Something…

This guide describe howto install and configure SNMP on Ubuntu.

In an earlier article I have described howto set it up on RHES or CentOS, it is slightly different in Ubuntu.

1.Installation

root@ibsen:~# sudo apt-get install snmpd
Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libmpich1.0gf libdc1394-22 genisoimage linux-headers-2.6.27-7 libgfortran2 dvd+rw-tools linux-headers-2.6.27-7-generic libcarp-clan-perl libxml-xql-perl libparse-yapp-perl
  rdate python-xml localechooser-data gcc-4.2-base libimage-size-perl libdebconfclient0 libvisual-0.4-0 libmyth-python perlmagick libvisual-0.4-plugins libavdevice52
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
  libperl5.10 libsensors3 libsnmp-base libsnmp15
Suggested packages:
  lm-sensors
The following NEW packages will be installed:
  libperl5.10 libsensors3 libsnmp-base libsnmp15 snmpd
0 upgraded, 5 newly installed, 0 to remove and 3 not upgraded.
Need to get 2463kB of archives.
After this operation, 7987kB of additional disk space will be used.
Do you want to continue [Y/n]?

answer y

2. Configuration

Move existing /etc/snmp/snmpd.conf configuration file to /etc/snmp/snmpd.conf.org

mv /etc/snmp/snmpd.conf  /etc/snmp/snmpd.conf.org

Create a new /etc/snmp/snmpd.conf file:

rocommunity  public
syslocation  "PDC, Peters DataCenter"
syscontact  peter@it-slav.net

Make snmpd use the newly created file and make it listen to all interfaces:

Edit /etc/default/snmpd

Change from:

# snmpd options (use syslog, close stdin/out/err).
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'

To:

# snmpd options (use syslog, close stdin/out/err).
#SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'

and restart snmpd

/etc/init.d/snmpd restart

3. Test

Do a snmpwalk from another host against your newly configured host.

[root@op5 ~]# snmpwalk -v 1 -c public -O e ibsen
SNMPv2-MIB::sysDescr.0 = STRING: Linux ibsen 2.6.27-9-generic #1 SMP Thu Nov 20 21:57:00 UTC 2008 i686
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (68869) 0:11:28.69
SNMPv2-MIB::sysContact.0 = STRING: peter@it-slav.net
SNMPv2-MIB::sysName.0 = STRING: ibsen
SNMPv2-MIB::sysLocation.0 = STRING: "PDC, Peters DataCenter"
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORID.1 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
SNMPv2-MIB::sysORID.2 = OID: SNMP-MPD-MIB::snmpMPDCompliance
SNMPv2-MIB::sysORID.3 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
SNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIB
SNMPv2-MIB::sysORID.5 = OID: TCP-MIB::tcpMIB
SNMPv2-MIB::sysORID.6 = OID: IP-MIB::ip

Yes it works!!

4. Monitor example

Below is an example of how it looks using op5 Monitor a Nagios based Enterprise Monitor solution.

5. Useful links

• op5 Statistics, a cacti based graph tool
• op5 Monitor, an Enterprise Class Monitoring system based on Nagios
• Net-SNMP, an open source implementation of SNMP
• Cacti, an open source graph tool
• Nagios, the number 1 monitor tool

Having too much deffered messages in Zimbra Collaboration Suite? And this error usually happened when messages with big attachment is sent?

Error example:

[root@mail ~]#  grep deferred /var/log/maillog
Apr 10 05:32:09 mail2 postfix/smtp[5543]: 2EEF859C06A: to=<nurhidayaharipin_87@yahoo.com.my>, relay=mx1.mail.sg1.yahoo.com[124.108.116.109]:25, delay=217976, delays=217793/0.02/0.4/183, dsn=4.4.2, status=deferred (conversation with mx1.mail.sg1.yahoo.com[124.108.116.109] timed out while sending message body)

The error is related to Postfix, one of the main Zimbra component. This is due to a message take too much time when sent to a recipient. Exceeding the timeout limit defined in the server. To solve the situation, we can increase the timeout limit.

To do this, edit a Postfix configuration file, main.cf.

sudo vim /opt/zimbra/postfix/conf/main.cf

.. and append these lines to the file. By default, Zimbra man.cf does not have  these lines like in other Postfix mail server configuration.

smtp_data_done_timeout = 600s
smtp_data_init_timeout = 120s
smtp_data_xfer_timeout = 600s

The effective attributes should be smtp_data_xfer_timeout. The bigger the values, the better. But for me 600 should be enough. Restart the service to implement the new configuration. That should do the work.

Source:

http://serverfault.com/questions/55949/postfix-timed-out-while-sending-message-body-to-microsoft-esmtp-mail-service

http://forums.fedoraforum.org/showthread.php?t=68888

I never knew this until i was really need this. My Firefox automatically upgraded and some of the add-on became incompatible.

If you are using synaptic, you can force a package to specific version. Select

Packages -> Force Version

Then, you ll be given option to use which version to use.

To lock the package from being upgraded. You can lock the package by select the specific package, then select

Packages -> Lock Version

Quite simple and useful. However only do this when u are really needed to.

It has been a long time I have not touch the squid configuration and installation. Recently, when I tried to install it again, I found that the howtos in Internet was a little bit confusing and I did not manage to setup. Until I viewed the log file (/var/log/auth.log) then I understood what went wrong and managed to solve the problem.

My  objective is to create a new proxy server with limited access controlled by using PAM authentication. The original howto is from this page.  I modified it to suit my environment which is using Ubuntu 8.10 server installed on my ESX server (Virtualization is awesome!).

The steps i did:

1. Update the APT installer to find the latest packages

$ sudo apt-get update

2. Installed your squid and any dependencies.
In Intrepix Ibex, they use squid3 name instead of just squid. It made me mistakenly edited the wrong files several times.

$ sudo apt-get install squid3

3. Edit the main configuration files
We need to add 2 entry here to enable PAM authentication and force the PAM authentication. edit the squid.conf.

$ sudo vi /etc/squid3/squid.conf.

and add this lines to enable PAM authentication

auth_param basic program /usr/lib/squid3/pam_auth
auth_param basic children 5
auth_param basic realm Squid
auth_param basic credentialsttl 2 hours

And add this to force authentication to every user using it

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
acl pam proxy_auth REQUIRED
http_access allow pam

4. Configure the pam modules for Squid
Create a new file with name squid in /etc/pam.d/ and populate with this entry.

$ sudo vi /etc/pam.d/squid

Add the below lines. This is the alteration i did from the previously mentioned  howto.

auth             required        pam_unix.so
account         required        pam_unix.so

5. Start the squid service

$ sudo /etc/init.d/squid start

The service should starts smoothly if you are using the same distro and packages that i used. Actually configuring squid is quite straightforward but maintaining and managing different distros with different styles and packages versions is the confusing part.

Often multimedia streaming is not good for the office environment. It will dry out the bandwidth of our network, thus slows it down. We can block the multimedia streaming using squid filter. Below is the example of how I did it using squid:

In the /etc/squid/squid.conf :

<—–snipped—–>
# streaming download
acl fails rep_mime_type ^.*mms.*
acl fails rep_mime_type ^.*ms-hdr.*
acl fails rep_mime_type ^.*x-fcs.*
acl fails rep_mime_type ^.*x-ms-asf.*
acl fails2 urlpath_regex dvrplayer mediastream mms://
acl fails2 urlpath_regex \.asf$ \.afx$ \.flv$ \.swf$
acl deny_rep_mime_flashvideo rep_mime_type -i video/flv
acl deny_rep_mime_shockwave rep_mime_type -i ^application/x-shockwave-flash$
acl x-type req_mime_type -i ^application/octet-stream$
acl x-type req_mime_type -i application/octet-stream
acl x-type req_mime_type -i ^application/x-mplayer2$
acl x-type req_mime_type -i application/x-mplayer2
acl x-type req_mime_type -i ^application/x-oleobject$
acl x-type req_mime_type -i application/x-oleobject
acl x-type req_mime_type -i application/x-pncmd
acl x-type req_mime_type -i ^video/x-ms-asf$

acl x-type2 rep_mime_type -i ^application/octet-stream$
acl x-type2 rep_mime_type -i application/octet-stream
acl x-type2 rep_mime_type -i ^application/x-mplayer2$
acl x-type2 rep_mime_type -i application/x-mplayer2
acl x-type2 rep_mime_type -i ^application/x-oleobject$
acl x-type2 rep_mime_type -i application/x-oleobject
acl x-type2 rep_mime_type -i application/x-pncmd
acl x-type2 rep_mime_type -i ^video/x-ms-asf$
http_reply_access deny deny_rep_mime_flashvideo
http_reply_access deny deny_rep_mime_shockwave
<—–snipped—–>
<—–snipped—–>
#streaming files
http_access deny fails
http_reply_access deny fails
http_access deny fails2
http_reply_access deny fails2
http_access deny x-type
http_reply_access deny x-type
http_access deny x-type2
http_reply_access deny x-type2
<—–snipped—–>

And of course, you have to force your users to use your squid proxy server.