Tuesday, September 6, 2016

Add All Online Account Plug-ins to Ubuntu 16.04 LTS

Do you only have Facebook, Flickr, and Google listed in Online Accounts like I did? Why not go for broke and install them all.

Execute the following line in the terminal:
sudo apt-get install account-plugin-*

That looks better...  :) 



- Joe


Reference:

Saturday, March 5, 2016

SNMP Configuration in CentOS or RHEL 7


This is the follow-up to my original post on configuring SNMP v3 in CentOS or RHEL 6. Make sure you check out that post first for some background information if you need it.

So let’s get started.

Install net-snmp

If SNMP is not yet installed on your server, execute the following shell command:

sudo yum -y install net-snmp net-snmp-utils

Create an SNMP configuration file

When net-snmp is installed on the machine, a sample/default file is created. So lets move that file to a new location as we are not going to use it. Execute,

sudo mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig

Next, lets create a new file from scratch:

sudo vim /etc/snmp/snmpd.conf

Hit 'i' to enter insert mode, then enter in the following text:

# Basic SNMP Community Information
# Note Source IPs. Enter in your own IPs that will be allowed to communicate with the service.
# It is recommended to allow localhost so you can run tests with snmpwalk.
# Otherwise omit localhost if it is not needed.
# You can list allowed subnets if you wish. Example below.
#
#           Community.Name  Source.IP.Allowed
rocommunity public          127.0.0.1
rocommunity public          10.40.60.57
rocommunity public          192.168.1.0/24

# Optional location information
syslocation MyLocation

# Optional contact information
syscontact Super User <myemail@domain.com>

# SNMP v3 User Information

** Note that the last line is commented out by the '#' and there is nothing in the SNMP v3 User Information section yet. Also, do NOT use "public". Define your own community name.

Save the file and exit by hitting Esc, then :wq to save and quit.

Create the SNMP v3 User

In this example, the read only SNMP v3 user we are going to create in this example defines three things
  • snmpv3user = Rename this to the user name you desire.
  • snmpv3authentication = Define your user authetication key here.
  • snmpv3privacy = Define your privacy key here.
Execute the following commands in order to create your user:

sudo systemctl stop snmpd.service
sudo net-snmp-create-v3-user -ro -A snmpv3authentication -a SHA -X snmpv3privacy -x AES snmpv3user
sudo systemctl reload snmpd.service
sudo systemctl start snmpd.service

** This specific user, with these specific options, is set up with SHA authentication and AES 128 bit privacy.

Note the difference in how to restart services in CoreOS/RHEL v7 - It now uses systemd which takes time to get used to...

So now the core configuration for SNMP v2c communities and your v3 user are now set up. Lets finish this by creating the firewall rules to allow the monitoring traffic in/out.

Create a Firewall Rule to Allow SNMP Traffic

Execute the following command,

sudo firewall-cmd --add-port=161-162/udp --zone=public --permanent

** This rule allows SNMP communication from ALL inbound IP addresses. Note that in v7 we must use "firewall-cmd" instead of iptables to make firewall rule changes.

Set SNMP to Run at Boot Time

Finally execute,

sudo chkconfig snmpd on

From this point, you can now add in your CentOS/RHEL server to your monitoring system via SNMP v2c (as defined by your community you selected), or by SNMP v3 user you created.

- Joe

SNMP v3 Configuration in CentOS or RHEL 6


Good evening IT Pros!

Tonight’s post is a quick overview of setting up a simple SNMP v2c community and SNMP v3 read only user in CentOS v6.x or Red Hat Enterprise Linux (RHEL) v6. I'm not going to get into the nitty gritty of every single line in the config file or the "why". The purpose of this post is to at least lead you in the right direction with getting a 'more secure' SNMP configuration set up in your environment on your CentOS/RHEL servers. There is always a better security configuration out there.

I’ll post a follow up on how to get this done in CentOS/RHEL v7 at a later time. This article assumes that you are somewhat familiar with how to execute shell commands and work with the vim text editor. I also assume that the following is set up:
  • SELinux is enabled, hence the firewall is enabled too and is probably not allowing SNMP traffic in/out of the server.
  • You have SUDO and/or ROOT access to the server.
  • Net-SNMP is not installed yet.
Configuring and setting up SNMP is very straightforward. I will describe the process by the following steps:
  1. Install Net-SNMP using the yum package manager.
  2. Create an SNMP configuration file.
  3. Create your SNMPv3 user.
  4. Allow SNMP traffic through the firewall.
  5. Ensure the SNMP daemon starts at boot time.
  6. Profit.
So let’s get started!

Install net-snmp

If SNMP is not yet installed on your server, execute the following shell command:

sudo yum -y install net-snmp net-snmp-utils

Create an SNMP configuration file

When net-snmp is installed on the machine, a sample/default file is created. So lets move that file to a new location because we are not going to use it. Execute,

sudo mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig

Next, lets create a new file from scratch:

sudo vim /etc/snmp/snmpd.conf

Hit 'i' to enter insert mode, then enter in the following text:

# Basic SNMP Community Information
# Note Source IPs. Enter in your own IPs that will be allowed to communicate with the service.
# It is recommended to allow localhost so you can run tests with snmpwalk.
# Otherwise omit localhost if it is not needed.
# You can list allowed subnets if you wish. Example below.
#
#           Community.Name  Source.IP.Allowed
rocommunity public          127.0.0.1
rocommunity public          10.40.60.57
rocommunity public          192.168.1.0/24

# Optional location information
syslocation MyLocation

# Optional contact information
syscontact Super User <myemail@domain.com>

# SNMP v3 User Information

** Note that the last line is commented out by the '#' and there is nothing in the SNMP v3 User Information section yet. Also, do NOT use "public". Define your own community name.

Save the file and exit by hitting Esc, then :wq to save and quit.

Reload the SNMP configuration then restart the service by executing in order:

sudo service snmpd reload
sudo service snmpd restart

At this point, SNMP v2c communities are set up and running. However we still need to create the SNMP v3 user and allow the traffic through the firewall for remote hosts (such as your SolarWinds, SCOM, or Nagios server).

Create the SNMP v3 User

In this example, the read only SNMP v3 user we are going to create in this example defines three things
  • snmpv3user = Rename this to the user name you desire.
  • snmpv3authentication = Define your user authetication key here.
  • snmpv3privacy = Define your privacy key here.
Execute the following commands in order to create your user:

sudo service snmpd stop
sudo net-snmp-create-v3-user -ro -A snmpv3authentication -a SHA -X snmpv3privacy -x AES snmpv3User
sudo service snmpd reload
sudo service snmpd restart

** This specific user, with these specific options, is set up with SHA authentication and AES 128 bit privacy.

So now the core configuration for SNMP v2c communities and your v3 user are now set up. Lets finish this excersize by creating the firewall rules to allow the monitoring traffic in/out.

Create an IPTABLES rule to allow SNMP traffic

Execute the following commands,

sudo iptables -A INPUT -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT

** This iptables rule allows SNMP communication from ALL inbound IP addresses.

Set SNMP to Run at Boot Time

Finally execute,

sudo chkconfig snmpd on

From this point, you can now add in your CentOS/RHEL server to your monitoring system via SNMP v2c (as defined by your community you selected), or by SNMP v3 user you created.

Next, I'll post the instructions for CentOS/RHEL 7 since the commands are completely different thanks to the changes to firewalld and systemd.

- Joe

Thursday, January 21, 2016

Joe's Super Simple Windows Powershell Log Parser


Hello IT Pros!

I’ve got another really helpful post today. It is a very simple log file parser for Windows Powershell. This script was built when my colleagues and I needed a way to monitor the count of specific failures in an application by parsing through it’s log file for the error entries. Here is the code:

$logcount = Get-Content -path 'C:\PATH_TO_LOG_FILE\logfile.log' | Select-String -pattern "ERROR" –simplematch
If ($logcount -eq 0) { Write-Host 'Statistic: ' $logcount }
Else { Write-Host 'Statistic: ' $logcount.count }

As you can see, yes this is a very simple script and was designed to be used as a SolarWinds SAM template for monitoring purposes. But it can be adapted for a variety of use cases. It should work in Powershell 2.0 but 3.0 is recommended. Enjoy!

- Joe

Wednesday, January 20, 2016

Install GNS3 v1.4 on Windows 10


Hello world! It has been quite a bit of time since I last wrote a post here. In my defense I have been insanely busy with family, work, and especially with planning my next SolarWinds NPM book. So on that note, let’s get straight to today’s topic – install GNS3 v1.4 on Windows 10.

What is GNS3?


GNS stands for “graphical network simulator 3”. It is emulation software that can run real-time Cisco IOS, JunOS, and other network OSes in a virtual environment (think virtual machines for network OSes such as Cisco’s IOS routers). GNS3 is very popular for those that create proof-of-concept networks for their own enterprise environments but it is also very popular for those training for the coveted Cisco certifications. It is important because GNS3 can be used in place of real hardware. As of the time of this writing the current GNS3 release is v1.4.0.

I am personally using GNS3 to help me with my next SolarWinds book. Plus it is just fun learning how to set up networks in a virtual environment. So lets get started!

This guide assumes you have at least an intermediate knowledge of networking and server administration.

Requirements:

  1. A Windows 10 Pro PC with at least 8GB RAM and Quad-core CPU.
    ** At the time of writing this post I’m using Windows 10 Pro build 10586.63 with 16GB RAM. (These instructions have not been tested on Windows 10 Home editions but it should work.)
  2. VMware Workstation 12 Pro installed and ready to go. Trial version works fine.
Assuming you have VMware Workstation 12 Pro installed on your Windows 10 Pro PC, we can get started! Lets download the software we need:
  • GNS3 v1.4.0
  • GNS3 Virtual Machine OVA Image for VMware
  • Cisco 3660 IOS image

Download the GNS3 software


Navigate to www.gns3.com and log in (sign up for an account if you don’t have one). On the downloads page, note the links in the screenshot below. You need the Windows download as well as the GNS3 VM. Get both of them and save the files locally.
image

Get a supported Cisco IOS image


Cisco IOS images are downloaded from Cisco.com provided you are legally licensed for the software. Luckily I am legally licensed. For this example I am using the image c3660-jk9o3s-mz.124-25d.bin.

Import the GNS3 VM OVA into VMware Workstation


Before we GNS3 we need to import the VM image into VMware Workstation so it is ready to go.
  1. Launch VMware Workstation.
  2. Click File > Open
    image
  3. Locate and select the GNS3 VM.OVA file, click Open.
  4. The Import Virtual Machine window will appear. Select the storage path and name for the VM (I’m using the default options). Click Import to finish.
    image
The VM should now be imported and available. Leave VMW12 running (don’t close it) because GNS3 will automatically access the VM on-demand. We can now proceed with installing and configuring GNS3 on our PC.

Installing GNS3


Now that we have all of the prerequisite items, we can move forward with the installation.
  1. Launch the installer, click Next.
  2. Agree to the license terms, click I Agree.
  3. At Choose Start Menu Folder, click Next.
  4. At Choose Components, select ALL items and click Next.
  5. At Choose Install Location, define a location and click Install. **Default C:\Program Files\ is recommended.
  6. The WinPcap installer will appear. Click Next
  7. Click I Agree on the license terms.
  8. Make sure the check mark is selected to automatically start the driver at boot time. Click Install, then Finish
  9. The Wireshark installer will appear. Click Next, then click I Agree.
  10. Select all components then click Next.
  11. On Additional Tasks, click Next.
  12. On Choose Install Location, leave the default location and click Next.
  13. Remove the checkmark to install WinPcap (because we already installed it). Click Install.
  14. When Wireshark is installed, click Next then Finish.
  15. The SolarWinds Response Time Viewer installer will appear. Enter your email address then click Continue.
  16. Click Next,
  17. Accept the license terms, Click Next,
  18. At Choose Install Location, leave the default path then click Next, then Next again.
  19. Click Finish.
  20. The GNS3 software will finish installing on it’s own. Click Next when done.
  21. The “SolarWinds Standard Toolset” free license option appeared for me. I opted out of the free offer. I leave it up to you if you want it.
  22. Go ahead and click Finish to launch GNS3 for the first time.
Lets move forward with initial setup.

Configuring GNS3


  1. The Setup Wizard will appear. Since we are using the GNS3 VM in VMware, choose the Local GNS3 VM option then click Next.
    image
  2. Select VMware and the VM we imported. I recommend changing the vCPU cores to 2x and reducing the RAM to 2048 for now. Click Next to proceed.
    NOTE: You can always increase the vCPU cores to 4x and increase the RAM at a later time if you plan on having a larger virtual environment. My personal configuration is shown in the screenshot below.
    image
  3. GNS3 will automatically start up the virtual machine in VMware. At Add Virtual Machines, check the box “Add an IOS router using a real IOS image” then click Finish.
    image
  4. Choose the GNS3 VM server type and click Next.
    image
  5. Choose your IOS image and click Next.
    image
  6. At Name and Platform, choose the appropriate options for your image and click Next.
    NOTE: The default options will suffice for most. When in doubt just use the default options.
    image
  7. Select the default RAM and click Next.
    Again, when in doubt just use the default option.
    image
  8. The next screen is where you define the default adapters that are added automatically when a new copy of this device is added to the GNS3 lab environment. Choose the adapters you want then click Next.
    image
  9. At the idle-pc finder, skip this section and just click Finish. (This can be done at a later time.)
  10. The Preferences window will appear. Just click OK to close.
  11. Create a new Lab name then click OK.
    image
And that is it! GNS3 is now installed and working in VMware Workstation. If you open up VMware you should see the GNS3 virtual machine running and should look similar to the screenshot below.
image

Adding Your First Device to the Lab


Everything is now good to go. So lets go ahead and add in the first device and get it up and running!
Click the devices button, drag and drop the device into the lab pane, then click the Play button.
image

If everything is good, you’ll see the device status in green on the topology pane. Right-click the device and choose Console to open up the PuTTY console window to confirm.

From this point you should head over to the GNS3 community and start learning! Here is a direct link: https://gns3.com/community.

There are also a bunch of additional how-to/example videos on YouTube for GNS3 so you’ll want to look there as well.

A few notes:
  • Don’t close VMware Workstation when you have GNS3 open because it will shut down your virtual machines and cause GNS3 to crash.
  • Don’t close GNS3 until you have saved your lab because GNS3 will automatically shut down the GNS3 VM in VMware Workstation when the app is closed. Also when you launch GNS3 it will automatically launch VMware Workstation and start up the VM. This is by design and is helpful so you won’t have to remember to start/stop the VM when launching or closing GNS3.
Well, that’s all I have for now. I’m still working on setting up my GNS3 and SolarWinds lab environments so maybe I’ll have more to write about soon. Have fun setting up your own labs!

- Joe