LibreNMS with NGINX, rSyslog and …
How to configure rSyslog to send all remote logs into LibreNMS
First create the following config inside “/etc/rsyslog.d/”
Comment connecter un AndroidPhone avec un firewall Watchguard ?
La mise en place est triviale. Il faut le matériel suivant: * Un firewall Watchguard * Un smartphone Android * 2 connexions à internet Au niveau du firewall Watchguard, il faut avoir au préalable activé le service VPN SSL et aller récupérer la configuration ovpn fournie par le firewall à l’adresse suivante: https://<url_de_votre_firewall/sslvpn.html Une fois que vous avez récupéré la configuration, il va falloir scinder cette configuration en plusieurs fichiers: * Le certificat CA * Le certificat Utilisateur * Le clef Utilisateur Soit, importer directement le fichier téléchargé. Il est conseillé de renommer le fichier avec un nom intelligent pour que lors de l’importation de ce dernier par OpenVPN for Android, vous n’ayez pas 2 profils VPN similaires. Une fois que cette étape est passée allez sur l’Android Market et faites l’installation du client “OpenVPN for Android”. Vous pouvez maintenant lancer votre VPN et vous authentifiez sur votre réseau. Bon…
Upgrade Cisco Prime Infrastructure 1.3 to 2.1
I followed this article: https://rscciew.wordpress.com/2014/08/23/prime-infrastructure-1-3-to-2-1-upgrade/ Pay attention: Don’t forget to stop NCS To install a patch use: “patch install” To upgrade use: “application upgrade” Put directly files in /localdisk/defaultRepo Add the repository defaultRepo pointing to “disk: /defaultRepo/” But before realizing this upgrade, I got several problems: Not enough space on the virtual machine Solved by adding a disk and playing with LVM tools. Not enough memory:
|
1 2 |
[ERROR] System does not meet minimum resource requirements: - Physical memory available [8043452 KB] is less than the minimum required value of 12 GB |
No access to a FTP server, only SSH was available to upload files So, I activated the root account (I’m pretty sure, it’s just a “sudo”) via enable_root Added “PermitRootLogin Yes” in sshd_config Changed the password of the root account via “passwd” Restarted the sshd process via “/etc/init.d/sshd restart” Launched my session via SecureCRT and uploaded patches via the SFTP tab. Rollback my modifications in the sshd_config Take a cup of coffee and wait till the upgrade is finished.
How to update a redhat 5.x when yum is not installed
Sometime, It’s hard to discover that someone failed to install properly a server with the right tools. Today, it was a Redhat Enterprise Server 5.4 “BareMetal” not updated since a while … So first, I uploaded the ISO from 5.11 on the server, Second, created a local directory Third, mounted the ISO on it At the end, I finished by creating the local.repo file to allow yum to find what it needs. But, “YUM” was not installed on the server ! Right, it’s time to install it with RPM. First, go to the local repository directory and then in the directory “Server”, and copy paste this line:
|
1 |
rpm -Uvh yum-3.2.22-40.el5.noarch.rpm python-elementtree-1.2.6-5.i386.rpm python-iniparse-0.2.3-6.el5.noarch.rpm python-sqlite-1.1.7-1.2.1.i386.rpm rpm-python-4.4.2.3-34.el5.i386.rpm yum-metadata-parser-1.1.2-4.el5.i386.rpm rpm-libs-4.4.2.3-34.el5.i386.rpm popt-1.10.2.3-34.el5.i386.rpm python-urlgrabber-3.1.0-6.el5.noarch.rpm m2crypto-0.16-9.el5.i386.rpm rpm-4.4.2.3-34.el5.i386.rpm |
You should have something similar:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
Preparing... ########################################### [100%] 1:popt ########################################### [ 9%] 2:m2crypto ########################################### [ 18%] 3:yum-metadata-parser ########################################### [ 27%] 4:python-sqlite ########################################### [ 36%] 5:python-elementtree ########################################### [ 45%] 6:python-urlgrabber ########################################### [ 55%] 7:python-iniparse ########################################### [ 64%] 8:rpm-libs ########################################### [ 73%] 9:rpm ########################################### [ 82%] 10:rpm-python ########################################### [ 91%] 11:yum ########################################### [100%] |
And now, you can update the server via a simple yum update -y.
How to send a backup of a Barracuda NG Firewall via email
How to create a backup of the firewall:
|
1 2 |
cd /opt/phion/config/configroot/ phionar cdl /tmp/$(date "+%Y%m%d")-$(hostname)-backup.par * |
How to build an email with attachment with bash and openssl:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
#!/usr/bin/env bash # # Author: Brice Lilot FILE=/tmp/mail.txt DATE=$(date "+%a, %d %b %Y %H:%M:%S %z") SUBJECT="Firewall Backup" CUSTOMER="Customer" echo "HELO MAIL.CUSTOMER.TLD" > $FILE echo "MAIL FROM:<$FROM>" >> $FILE echo "RCPT TO:<$1>" >> $FILE echo "DATA" >> $FILE echo "From: Firewall $CUSTOMER <$FROM>" >> $FILE echo "To: <$1>" >> $FILE echo "Date: $DATE" >> $FILE echo "Subject: [$CUSTOMER] Firewall Backup - Done" >> $FILE echo "MIME-Version: 1.0" >> $FILE echo "Content-Type:multipart/mixed;boundary="boundary-yradnuob"" >> $FILE echo "--boundary-yradnuob" >> $FILE echo "Content-Type: text/plain; charset=us-ascii" >> $FILE cat <<<>>>$FILE Backup successful Date: $DATE Filename: $2 EOF echo "--boundary-yradnuob" >> $FILE echo "Content-Type: application/octet-stream;name="$2"" >> $FILE echo "Content-Transfer-Encoding:base64" >> $FILE echo "Content-Disposition:attachment;filename="$2"" >> $FILE openssl base64 > $FILE echo "" >> $FILE echo "" >> $FILE echo "." >> $FILE echo "QUIT" >> $FILE echo "" >> $FILE |
How to send an email via Netcat:
|
1 |
nc $SERVER $PORT < /tmp/mail.txt |
Enabling dayligth saving time on Huawei Switches
How to enable daylight saving time on Huawei Switches: CEST:
|
1 |
clock daylight-saving-time CEST repeating 01:00 last Sun Mar 01:00 last Sun Oct 01:00 |
Rebuild indexes from SolarWinds Orion Server
SolarWinds sell a great solution for monitoring your network and your servers, but regarding the maintenance of the server itself or its database, there is a leak. After serveral months of intensive utilization, indexes from all tables become fragmented and the responsiveness from the SolarWinds Orion decrease a lot. At the beginning, in less than 10 seconds everything was finished but now, you can have a break and take a coffee and be back to see slowly the result. I decided to build a script (Basic MS SQL) to select the most fragmented table (and the most heavy) and to build the “Rebuild script”.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
SET NOCOUNT ON DECLARE @myTables TABLE( tab varchar(256) NOT NULL, ind varchar(256) NOT NULL ); Declare @tabt varchar(256); Declare @indt varchar(256); INSERT INTO @myTables SELECT dbtables.[name] as 'Table', dbindexes.[name] as 'Index' FROM sys.dm_db_index_physical_stats (DB_ID(), NULL, NULL, NULL, NULL) AS indexstats INNER JOIN sys.tables dbtables on dbtables.[object_id] = indexstats.[object_id] INNER JOIN sys.schemas dbschemas on dbtables.[schema_id] = dbschemas.[schema_id] INNER JOIN sys.indexes AS dbindexes ON dbindexes.[object_id] = indexstats.[object_id] AND indexstats.index_id = dbindexes.index_id WHERE indexstats.database_id = DB_ID() and (indexstats.page_count * indexstats.avg_fragmentation_in_percent) > 10000 --ORDER BY indexstats.avg_fragmentation_in_percent desc ORDER BY indexstats.page_count * (indexstats.avg_fragmentation_in_percent) desc; WHILE (SELECT COUNT(*) FROM @myTables) > 0 BEGIN SELECT TOP 1 @indt = ind, @tabt = tab FROM @myTables; DELETE @myTables WHERE ind = @indt AND tab = @tabt; PRINT 'USE [SolarWindsOrion]' PRINT 'GO' PRINT 'ALTER INDEX '+@indt+' ON [dbo].['+@tabt+'] REBUILD PARTITION = ALL WITH ( PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON, ONLINE = OFF, SORT_IN_TEMPDB = OFF )'; PRINT 'GO' PRINT 'PRINT ''The index '+@indt+' from '+@tabt+' has been defragmented'''; END; |
It’s not perfect (it’s crappy, I know) but it solved my problem.
Configuration d’un téléphone 7962G en SIP
Pour mon usage personnel, J’ai réparé un téléphone Cisco 7962G, pour ensuite le mettre sur mon PBX personnel. Pour se faire, il y a quelques étapes à respecter: Utiliser le firmware SIP42.9-1-1SR1S (Les firmwares supérieurs ne fonctionnent pas avec le fichier de configuration). Ajouter la ligne suivante dans XMLDefault.cnf.xml: <loadInformation404 model=”Cisco 7962″>SIP42.9-1-1SR1S</loadInformation404>. Utiliser le fichier de configuration que je vais fournir ici en modifiant les valeurs en fonction de votre environement.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 |
<device> <deviceProtocol>SIP</deviceProtocol> <sshUserId>__USERNAME__</sshUserId> <sshPassword>__PASSWORD__</sshPassword> <devicePool> <dateTimeSetting> <dateTemplate>D/M/Y</dateTemplate> <timeZone>UTC Standard/Daylight Time</timeZone> <ntps> <ntp> <name>europe.pool.ntp.org</name> <ntpMode>Unicast</ntpMode> </ntp> </ntps> </dateTimeSetting> <callManagerGroup> <members> <member priority="0"> <callManager> <ports> <ethernetPhonePort>2000</ethernetPhonePort> <sipPort>5060</sipPort> <securedSipPort>5061</securedSipPort> </ports> <processNodeName>__IP_ADDRESS_PBX__</processNodeName> </callManager> </member> </members> </callManagerGroup> </devicePool> <sipProfile> <sipProxies> <backupProxy>USECALLMANAGER</backupProxy> <backupProxyPort>5060</backupProxyPort> <emergencyProxy>USECALLMANAGER</emergencyProxy> <emergencyProxyPort>5060</emergencyProxyPort> <outboundProxy></outboundProxy> <outboundProxyPort></outboundProxyPort> <registerWithProxy>true</registerWithProxy> </sipProxies> <sipCallFeatures> <cnfJoinEnabled>true</cnfJoinEnabled> <callForwardURI>x--serviceuri-cfwdall</callForwardURI> <callPickupURI>x-cisco-serviceuri-pickup</callPickupURI> <callPickupListURI>x-cisco-serviceuri-opickup</callPickupListURI> <callPickupGroupURI>x-cisco-serviceuri-gpickup</callPickupGroupURI> <meetMeServiceURI>x-cisco-serviceuri-meetme</meetMeServiceURI> <abbreviatedDialURI>x-cisco-serviceuri-abbrdial</abbreviatedDialURI> <rfc2543Hold>false</rfc2543Hold> <callHoldRingback>2</callHoldRingback> <localCfwdEnable>true</localCfwdEnable> <semiAttendedTransfer>true</semiAttendedTransfer> <anonymousCallBlock>2</anonymousCallBlock> <callerIdBlocking>2</callerIdBlocking> <dndControl>0</dndControl> <remoteCcEnable>true</remoteCcEnable> </sipCallFeatures> <sipStack> <sipInviteRetx>6</sipInviteRetx> <sipRetx>10</sipRetx> <timerInviteExpires>180</timerInviteExpires> <timerRegisterExpires>1200</timerRegisterExpires> <timerRegisterDelta>5</timerRegisterDelta> <timerKeepAliveExpires>120</timerKeepAliveExpires> <timerSubscribeExpires>120</timerSubscribeExpires> <timerSubscribeDelta>5</timerSubscribeDelta> <timerT1>500</timerT1> <timerT2>4000</timerT2> <maxRedirects>70</maxRedirects> <remotePartyID>false</remotePartyID> <userInfo>None</userInfo> </sipStack> <autoAnswerTimer>1</autoAnswerTimer> <autoAnswerAltBehavior>false</autoAnswerAltBehavior> <autoAnswerOverride>true</autoAnswerOverride> <transferOnhookEnabled>false</transferOnhookEnabled> <enableVad>false</enableVad> <preferredCodec>none</preferredCodec> <dtmfAvtPayload>101</dtmfAvtPayload> <dtmfDbLevel>3</dtmfDbLevel> <dtmfOutofBand>avt</dtmfOutofBand> <alwaysUsePrimeLine>false</alwaysUsePrimeLine> <alwaysUsePrimeLineVoiceMail>false</alwaysUsePrimeLineVoiceMail> <kpml>3</kpml> <natReceivedProcessing>true</natReceivedProcessing> <natEnabled>false</natEnabled> <natAddress></natAddress> <phoneLabel></phoneLabel> <stutterMsgWaiting>1</stutterMsgWaiting> <callStats>false</callStats> <silentPeriodBetweenCallWaitingBursts>10</silentPeriodBetweenCallWaitingBursts> <disableLocalSpeedDialConfig>false</disableLocalSpeedDialConfig> <startMediaPort>16384</startMediaPort> <stopMediaPort>32766</stopMediaPort> <sipLines> <line button="1"> <featureID>9</featureID> <featureLabel>__LINE_LABEL__</featureLabel> <proxy>USECALLMANAGER</proxy> <port>5060</port> <name>__NAME__</name> <displayName>__DISPLAYNAME__</displayName> <autoAnswer> <autoAnswerEnabled>2</autoAnswerEnabled> </autoAnswer> <callWaiting>3</callWaiting> <authName>__SIP_USERNAME__</authName> <authPassword>__SIP_PASSWORD__</authPassword> <sharedLine>false</sharedLine> <messageWaitingLampPolicy>1</messageWaitingLampPolicy> <messagesNumber>__VOICEMAIL__</messagesNumber> <ringSettingIdle>4</ringSettingIdle> <ringSettingActive>5</ringSettingActive> <contact>__CONTACTNAME__</contact> <forwardCallInfoDisplay> <callerName>true</callerName> <callerNumber>false</callerNumber> <redirectedNumber>false</redirectedNumber> <dialedNumber>true</dialedNumber> </forwardCallInfoDisplay> </line> </sipLines> <voipControlPort>5060</voipControlPort> <dscpForAudio>184</dscpForAudio> <ringSettingBusyStationPolicy>0</ringSettingBusyStationPolicy> <dialTemplate>dialplan.xml</dialTemplate> </sipProfile> <commonProfile> <phonePassword></phonePassword> <backgroundImageAccess>true</backgroundImageAccess> <callLogBlfEnabled>2</callLogBlfEnabled> </commonProfile> <loadInformation>SIP42.9-1-1SR1S</loadInformation> <vendorConfig> <disableSpeaker>false</disableSpeaker> <disableSpeakerAndHeadset>false</disableSpeakerAndHeadset> <pcPort>0</pcPort> <settingsAccess>1</settingsAccess> <garp>0</garp> <voiceVlanAccess>0</voiceVlanAccess> <videoCapability>0</videoCapability> <autoSelectLineEnable>1</autoSelectLineEnable> <sshAccess>1</sshAccess> <sshPort>22</sshPort> <webAccess>1</webAccess> <spanToPCPort>0</spanToPCPort> <loggingDisplay>1</loggingDisplay> <loadServer></loadServer> </vendorConfig> <versionStamp>1143565489-a3cbf294-7526-4c29-8791-c4fce4ce4c38</versionStamp> <userLocale> <name>Belgium</name> <uid>1</uid> <langCode>en_US</langCode> <version>1.0.0.0-1</version> <winCharSet>iso-8859-1</winCharSet> </userLocale> <deviceSecurityMode>1</deviceSecurityMode> <authenticationURL></authenticationURL> <directoryURL></directoryURL> <idleURL></idleURL> <informationURL></informationURL> <messagesURL></messagesURL> <proxyServerURL></proxyServerURL> <servicesURL></servicesURL> <dscpForSCCPPhoneConfig>96</dscpForSCCPPhoneConfig> <dscpForSCCPPhoneServices>0</dscpForSCCPPhoneServices> <dscpForCm2Dvce>96</dscpForCm2Dvce> <transportLayerProtocol>2</transportLayerProtocol> <capfAuthMode>0</capfAuthMode> <capfList> <capf> <phonePort>3804</phonePort> </capf> </capfList> <certHash></certHash> <encrConfig>false</encrConfig> </device> |
Liens utiles: http://adis.ca/post/using-cisco-ip-phones-with-asterisk/ http://www.voip-info.org/wiki/view/Asterisk+Presence+for+Cisco+79×1+Phones http://forums.asterisk.org/viewtopic.php?p=166124 http://www.dslreports.com/forum/r26632503-Voip.ms-Cisco-7942-configuration-files https://supportforums.cisco.com/docs/DOC-15799 http://www.voip-info.org/wiki/view/Asterisk+phone+cisco+79xx https://sites.google.com/site/seppsbrainoverload/cisco-corner/cisco-voice/cp-7941g-sip-setup http://www.cisco.com/en/US/products/hw/phones/ps379/products_tech_note09186a0080094584.shtml#issue5
Son IPBX personnel avec Nomado et FreeSWITCH
A l’heure d’aujourd’hui, pouvoir diminuer les couts et avoir une infrastructure téléphonique qui ne dépend pas de son opérateur historique (dans mon cas, la société Belgacom), il existe dans le monde de l’open source deux excellents logiciels: Asterisk FreeSWITCH Les deux logiciels offrent pas mal de fonctionnalités. J’ai travaillé par le passé avec Asterisk et maintenant je tourne uniquement avec FreeSWITCH (c’est qune question de gout). Cependant, sans un fournisseur de service pour pouvoir passer des appels téléphoniques externes, votre IPBX, il ne sert pas à grand chose. A la suite d’une discussion avec un collègue, j’ai essayé il y a maintenant un an, le founisseur de service “Nomado Telecom”, et je dois dire que je n’ai aps été déçu. La qualité du service est excellente, le support semble réactif (pour le peu que je le solicite) et le coût global de la solution FreeSWITCH + Nomado “PACK BE” +…
How to add the page number on a PDF file
A friend had a small problem to add a page number on a PDF with a lot of pages. After a quick chat, I have built this script:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
#!/bin/bash # Author: Brice Lilot # Contact: brice_lilot [at] visualstation [dot] be # Website: http://www.visualstation.be/ # Revision: 0.1 # Last modification: # * 2012-05-09: # - First shot ! # if [ -d $1 ] then printf "The directory already existn" cd $1 rm -rf *.jpg else mkdir $1 cd $1 fi whereismyfont=`find /usr/share/fonts -iname "DejaVuSans.ttf"` gs -dBATCH -dNOPAUSE -dSAFER -sDEVICE=jpeg -dJPEGQ=95 -r600x600 -sOutputFile=./$1-page-%d.jpg ../$1.pdf >> /dev/null cFiles=`find . -iname "*.jpg" | wc -l` for (( i=1; i <= $cFiles; i++)) do mogrify -quality 100% -font $whereismyfont -pointsize 90 -draw "gravity southeast fill #000000 text 600,300 '$i/$cFiles'" $1-page-$i.jpg printf "Page $i converted and numberedn" done param="" for (( i=1; i <= $cFiles; i++)) do dimension=$(identify -format "%[fx:(w)] %[fx:(h)]" "$1-page-${i}.jpg") param="${param} >>/PageSize [${dimension}]<< setpagedevice ($1-page-${i}.jpg) viewJPEG showpage" done gs -sDEVICE=pdfwrite -dPDFSETTINGS=/prepress -o "$1_final.pdf" viewjpeg.ps -c "${param}" |
Have fun !