Posts

Showing posts from April, 2017

Zabbix - Monitoring VSphere Server

I found the best way to monitor a vsphere host is the following. First create a readonly user on vsphere. Logon to vshere with root or another administrator account. Click on Inventory Click on Local Users & Group Right click and Select Add Enter the Login:  User Name: and Password Credentails. Once the user has been created click on the Permissions tab. Right click and select Add Permission Click the Add button and select your newly created user. click on Ok to save. Test the read only account by logging out and using the credentials to log onto vsphere. Next we need the sphere UUID to ensure that our zabbix template works as expected. Access the following url https://{vsphere_server_ip}/mob/?moid=ha-host&doPath=hardware.systemInfo enter the readonly credentais when prompted. copy the uuid string from within the displayed data. Within Zabbix - go to Configuration->Hosts and click on Create Host Under the host name paste the copied uuid from

Zabbix - adding apt update checks

Theres a number of articles on the internet on adding checks to package updates for Zabbix and Nagios.  I found the simplest way of doing this on Ubuntu is to use the update-notifier app-check application.   If you run /usr/lib/update-notifier/apt-check it will output the number of packages requiring updates as well as the number of security updates requiring updates. To apply this check to Zabbix add the following to a conf file within your zabbix_agentd.d directory. cd /etc/zabbix/zabbix_agentd.d vi apt_updates.conf  or something meaningfule  add the following content UnsafeUserParameters=1 Timeout=10 UserParameter=apt.available.updates,updates=$(/usr/lib/update-notifier/apt-check 2>&1);echo $updates | cut -d ";" -f 1 UserParameter=apt.security.updates,updates=$(/usr/lib/update-notifier/apt-check 2>&1);echo $updates | cut -d ";" -f 2 restart your zabbix agent The Timeout=10 is required as the script runs for a couple of seconds

Raspberry PI - Temperature monitoring with Zabbix

Image
A raspberry pi is a good cheap way of getting temperature monitoring in your data centre or home.  You will need a raspberry pi, temperature sensor (DS18B20) and a  4.7k Ω (ohm) resistor . After adding the sensor you need to load the necessary kernel modules. modprobe w1_gpio modprobe w1_therm First make sure the kernel has the correct parameters to read the sensor on boot. cd /boot vi config.txt add dtoverlay=w1-gpio,gpiopin=4 save the file reboot After rebooting you should now have a new directory under /sys/bus/w1/devices. The directory will contain a number of files, but the one we are looking for is w1_slave. If you cat the file the contents look something similar to this b1 01 4b 46 7f ff 0f 10 8d : crc=8d YES b1 01 4b 46 7f ff 0f 10 8d t=27062 The last line contains the temperature t=27062 in degrees celcius multiplied by 1000. Below is a simple script that will read the time from the file divide it by 1000 and output the current temperature. /bin/cat

Zabbix for Monitoring and More

After a year of using Sensu to monitor our infrastructure,  Ive reverted back to using the old faithful Zabbix, sensu worked but wasnt as simple and problem free as zabbix was.  We are doing a few things different this time.  We are not running Zabbix on a pc or dedicated hardware, but rather running it on a virtual server running within our Vcentre cluster and backed up by Veeam 9 .  We therefor do not need to worry about hardware failures or performance issues, we can easily increase memory or cpu if required.  We are also using zabbix proxies to monitor the remote branches, this works significantly better than it did the last time and updates etc are filtered back even if the link between the branch offices is interupted. Below is a simple howto to get a distributed zabbix monitoring system up and running. Feel free to add comments or suggestions on how to improve this howto. Master Node Install ubuntu 16.04lts     Make sure you update your newly installed system with the

Update Openvas Feeds

To ensure openvas 9 is kept up to date and running the latest tests,  you need to sync the nvt, scap and cert data.  The best way to do this is to create a script that sync's the necessary data. Create a script under /usr/local/bin called update-openvas vi /usr/local/bin/update-openvas add the following contents to the file /usr/sbin/greenbone-nvt-sync /usr/sbin/greenbone-certdata-sync /usr/sbin/greenbone-scapdata-sync /usr/sbin/openvasmd --update --verbose --progress /etc/init.d/openvas-manager restart /etc/init.d/openvas-scanner restart save the file and make it executeable chmod a+x /usr/local/bin/update-openvas run the script to make sure it works and that there are no errors /usr/local/bin/update-openvas add the script to cron to run daily crontab -e add the following contents 1 1 * * * /usr/local/bin/update-openvas 1>/dev/null 2>/dev/null  the above cronjob will be run at 1 minute past 1 every day

Openvas 9 - Distributed Setup

If you are responsible for a number of offices located in different regions its best to setup scanners in the regions to best utilise network bandwidth.  You can control all these scanners from a single host.  The following setup has worked well for me and I hope the following helps you in getting a distributed openvas setup up and running. First ensure you setup openvas correctly and that it is using libssh0.7 and greater.  You can follow my post on how to do this here . Create an admin account on the newly created remote scanner that will be used for remote administration/scanning. openvasmd --create-user= newusername --role=Admin The system will generate a unique/random password.  If you'd prefer to setup your own password,  run the following command openvasmd --new-password= my_secure_password --user= newusername We will need the CA certificate from the remote scanner in order to setup the necessary credentials on our primary scanner.  To locate the installed CA cer

Openvas 9 on Ubuntu 16.04 Setup

After a number of hours of fidling / tweaking i have finally gotten openvas 9 running smoothly including SSH authentication against secure ciphers.  The secure cipher part threw me a bit.  Below is a guide to help those of you struggling as I did. Basic Installation  Install Ubuntu 16.04LTS  Make sure you update your newly installed system with the latest patches - security updates. sudo apt-get update sudo apt-get upgrade sudo apt-get dist-upgrade  Openvas9 is available as a package for Ubuntu 14.04 and Ubuntu 16.04. sudo add-apt-repository ppa:mrazavi/openvas sudo apt-get update sudo apt-get install openvas9 Follow the prompts and answer yes for redis-server install. Once installed,  run updates on the NVT to ensure you have the latest vulnerability tests. sudo greenbone-nvt-sync sudo greenbone-scapdata-sync sudo greenbone-certdata-sync The commands above may take a few minutes to run.  Once complete restart the openvas services to ensure they use the