Thursday, March 7, 2013

hot link protection

We can enable hot link protection using out .htaccess.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|bmp|zip|rar|mp3|flv|swf|xml|php|png|css|pdf|html)$ - [F]
Posted by at No comments:

Friday, March 1, 2013

view external: query (cache) message for non existing domains

Mar  1 02:13:48 server named[51666]: client IP_address#4938: view external: query (cache) 'domain.com/A/IN' denied


This is seems to be a dns attack in your server and lots of messages are getting in /var/log/messages.

I have fixed this issue by adding ,
additional-from-cache no;

+++++++++++++++++
recursion no;
additional-from-cache no;
minimal-responses yes;
};
+++++++++++++++++

Here BIND server consider it as " additional-from-auth yes " and Cache disabled. BIND will follow out-of-zone records but since this requires the cache.BIND will return REFUSED for the out-of-zone record. In the case you have to set recursion no
Posted by at No comments:

Installing Nagios and monitoring remote machines:

Installing Repo:

[root@server /]# wget http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
--2013-02-21 10:24:21-- http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt

2013-02-21 10:24:25 (78.8 KB/s) - `RPM-GPG-KEY.dag.txt' saved [1672/1672]

[root@server /]# rpm --import RPM-GPG-KEY.dag.txt
[root@server /]# rm -f RPM-GPG-KEY.dag.txt
[root@server /]# vi /etc/yum.repos.d/dag.repo

The contents should be :
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el5/en/$basearch/dag/
gpgcheck=1
enabled=0



[root@server /]# yum --enablerepo=dag -y install nagios nagios-plugins


Dependency Installed:
fontconfig.x86_64 0:2.4.1-7.el5 fping.x86_64 0:3.4-1.el5.rf gd.x86_64 0:2.0.33-9.4.el5_4.2 libtool-ltdl.x86_64 0:1.5.22-7.el5_4 perl-Crypt-DES.x86_64 0:2.05-3.2.el5.rf
perl-Digest-HMAC.noarch 0:1.01-15 perl-Digest-SHA1.x86_64 0:2.11-1.2.1 perl-Net-SNMP.noarch 0:5.2.0-1.2.el5.rf perl-Socket6.x86_64 0:0.19-3.fc6

Complete!



Configuration:


[root@server /]# vi /etc/nagios/nagios.cfg

uncommend the below line:

cfg_dir=/etc/nagios/servers



[root@server /]# vi /etc/httpd/conf.d/nagios.conf

For Directory "/usr/lib64/nagios/cgi"
Order allow,deny
Allow from all

Or allow IP as per your requirements.

and for directory /nagios "/usr/share/nagios"
Allow from all


[root@server /]# mkdir /etc/nagios/servers
[root@server /]# chown nagios. /etc/nagios/servers


[root@server /]# vi /etc/nagios/objects/contacts.cfg

Update your notification email address:


email ajeesh@xyz.com


[root@server /]# htpasswd -c /etc/nagios/htpasswd.users nagiosadmin
New password:
Re-type new password:

root@server /]# /etc/rc.d/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
[root@server /]#
[root@server /]# /etc/rc.d/init.d/nagios start
nagios is stopped
Starting nagios: [ OK ]


Now you will be able access your Nagios using http://172.16.9.155/nagios/ that is  ip/nagios

user name : nagiosadmin password : xyz


Next step is add a remote machine on your Nagios server.



vi /etc/nagios/servers/ldapserver.cfg

define host{
use linux-server
host_name ldap.ajeesh.com
alias lan
address 172.16.9.156
}
define service{
use generic-service
host_name ldap.ajeesh.com
service_description PING
check_command check_ping!100.0,20%!500.0,60%

}

Posted by at No comments:
Subscribe to: Posts (Atom)