Check-MK Linux Agent Install

Following is the simple steps to install the CheckMK agent onto a Linux 6x OS.

yum -y install xinetd
cd /tmp
cp xinetd.conf /etc/xinetd.d/check_mk

(Above file is at this link.)
wget http://%checkmkurl%/check_mk/agents/check_mk_agent.linux
cp check_mk_agent.linux check_mk_agent
chmod 776 check_mk_agent
cp /tmp/check_mk_agent /usr/bin/check_mk_agent
mkdir /usr/lib/check_mk_agent
mkdir /usr/lib/check_mk_agent/plugins
cd /usr/lib/check_mk_agent/plugins
wget http://
%checkmkurl%/check_mk/agents/plugins/mk_inventory.linux
cp mk_inventory.linux mk_inventory.sh
chmod 776 mk_inventory.sh
/etc/init.d/xinetd restart

.

CheckMK Agent xinetd.d Config

# +——————————————————————+
# | ____ _ _ __ __ _ __ |
# | / ___| |__ ___ ___| | __ | \/ | |/ / |
# | | | | ‘_ \ / _ \/ __| |/ / | |\/| | ‘ / |
# | | |___| | | | __/ (__| < | | | | . \ |
# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ |
# | |
# | Copyright Mathias Kettner 2014 mk@mathias-kettner.de |
# +——————————————————————+
#
# This file is part of Check_MK.
# The official homepage is at http://mathias-kettner.de/check_mk.
#
# check_mk is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation in version 2. check_mk is distributed
# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with-
# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU General Public License for more de-
# ails. You should have received a copy of the GNU General Public
# License along with GNU Make; see the file COPYING. If not, write
# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
# Boston, MA 02110-1301 USA.

service check_mk
{
type = UNLISTED
port = 6556
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/bin/check_mk_agent

# If you use fully redundant monitoring and poll the client
# from more then one monitoring servers in parallel you might
# want to use the agent cache wrapper:
#server = /usr/bin/check_mk_caching_agent

# configure the IP address(es) of your Nagios server here:
only_from = 127.0.0.1 %YOUR IP ADDRESSES HERE!!!%

# Don’t be too verbose. Don’t log every check. This might be
# commented out for debugging. If this option is commented out
# the default options will be used for this service.
log_on_success =

disable = no
}

First Draft Fiji Village Programming Idea

Hi, my name is Harlan Stanley.

I have an interesting project in mind that I would like to talk to you about.

I have family ties to Fiji, we visit home regularly, however not enough. AND. We would like to move there permanently for various reasons. In doing so, I’d like to share my knowledge of technology and skill sets. – I also don’t have a lot of financial resources.

There is a problem.

There are very few jobs and even fewer skilled labor. The economic situation in Fiji is poor at best, and no one really knows if it is getting any better.

Where is Everyone?

In a traditional sense, most Fijians grow up in a very rural environment, we’ll call it “The Village”

In the village you stay with your Mom and Dad, or a relative that cares for you. You attend a primary school, and from there you might go on to a secondary school (aka High School) Depending on your studies, financial capacity, or capabilities of finding a job, you either go on to college, a technical institute, or go work for a resort. Those that are unable to find jobs wind up depending on the government assistance or on the street. Another option is that you return to the Village and become either a farmer, a fisherman, or work at a resort.

Mind you the end result for most of these occupations, even the one where you wind up on the street, is pretty dismal for a land quoted all over the world as “Paradise” you’ll probably make about one United States Dollar per hour, yes, that’s right, $1.00 per hour.  – IF THAT!

Average salary for a government employee is about $7000 USD.

The Problem?

There isn’t really a problem, it’s education, it’s someone’s future. See, once someone becomes educated they see the “light”, they go on to become doctors and educators, mechanics, and plumbers, even lawyers. Why would anyone of these professionals stick around in the village? There is no future for them there. Only the primary school teachers, fisherman or the farmer can make a “living” in the village.

So we have this “brain drain”, how can we fix it?

Introduce technology. We could introduce another field, technology, computer programming, applications development, database management, and other non-location specific types of professional careers to the Village that would allow someone to earn a decent wage while staying in the Village type setting.

How do we do this?

I purpose that we start with the kids. Children have a insatiable thirst for knowledge, they inherently want to know how things work, why they work, and how to break them. They also are capable of learning another “language” easily. Why not start a project where we can introduce these Village Kids to programming – anything – Let’s teach these kids how to have a marketable skill where they could setup up and earn income in a remote environment and instead of having a local marketplace they can market their skills to the world.

Let’s say that we start this project and have it last over a 10 year period of time, we teach the kids starting at around 7-10 years old how to type, then work them in to basic programming, database management, networking, and IT management.

We could build a small computer lab there, solar powered with an internet connection, and a backup generator.

We would setup the classrooms with three levels of computer systems, the first one would be a typing class and basic computer functionality. second class would be introduction to programming language and writing programs, third class would be full on “we’re writing code, here’s how do it, and kick butt”

A classroom of 50 computers of any caliber will get hot, and you can’t air-condition the entire building. We would have to setup thin clients connected to a VM cluster to do virtual desktops, keeping only the computer room moderately cooled down. Using the thin clients also allows you to expand and contract the classes as necessary.

Bring in a couple of teachers on a work/vacation/sabbatical type program to stay in the Village up to a year at a time and brain dump to these guys. (easy to get visitor’s visa and get an extension for one year – past that and you have to leave the country for a night or two)

Getting paid.

How do we fund this project? Do we pay the teachers a salary? Where do we get the computers from? Who pays for the fuel for the generators?

I’m expecting that we could find some generous angel investors to fund this idea as a 10 year and possibly a 20 year project. We could then have an idea of what happens when we take a group of people that have limited access to technology, and give them a skill that can be performed anywhere in the world.

Involvement.

I’m not asking for 100% involvement from these kids, there will still be ones who want to be fishermen, doctors, educators, and farmers; but there will be kids who have gone historically untapped who can make a difference for this country and their Village.

How did I come up with this idea?

When I first went to the Village, I was impressed with its remoteness, I was in awe of the natural state of the environment  I thought, wow, we could setup a backpackers resort here and everyone could come see this place. Then, on my most recent trip, I saw that there was other backpackers, and “exclusive” type resorts starting up around the area. I began to think wow, there’s so many resorts around, we are training the native to be subservient  this is not good. I took a visit to one of the more exclusive resorts, and spoke with the owner at length. I determined that there was no way that I would become like that person, it’s not in my heart, it’s not in my mind.

Then I thought of all the infrastructure that was required to maintain these resorts, all the materials that have to be brought in, imported into the most remote parts of the world, just so that someone can “see” in comfort. This “way” is not sustainable, only by influx of large amounts of money. Example, Lautha Island Resort uses over 80,000 liters of fuel every month. Fiji is not an oil producing nation. The majority of electricity in Fiji is created by diesel generators. Garment factories have to import cloth and machines for their workers to make shirts at a very low wage in poor conditions, often working long hours and with slave driving bosses.

The software industry looks for creative minds, can be done anywhere, has a very open structure, and when successful can be very profitable. We’re only importing the hardware to do the work, not materials to be processed.

Once we have several successful candidates, those can help teach the other younger generation, along with internet connectivity, and self perpetuate the learning process so that this project could be self sustaining.

Will you help?

We need funding. I’m going to guess that in order to build a proper school there, we’d need around $350,000 USD to get the building put together and all the necessary equipment. This would not include any teacher salaries, although I’m planning on doing the educator/vacation thing – this would require dedication on the other parties part however.

Microsoft Exchange 2010 Configuration – Allow Larger Attachments

1.Organization Configuration

Organization Configuration | Hub Transport | Global Settings tab | Transport Settings |

2.Server Configuration

Server Configuration | Hub Transport | select a HT server | Receive Connectors -> select a connector | Properties |

3.Send Connector Configuration

Organization Configuration | Hub Transport | Send Connectors -> select connector | Properties |

4.Recipients Configuration

Recipients Configuration | Mailbox | select mailbox | properties | Mail Flow Settings | Message Size Restrictions|

5.Recipients Group Configuration

Recipients Configuration |Distribution Group | select Group | properties | Mail Flow Settings | Message Size Restrictions

6.Global Setting

Please use adsiedit to connect Configuration container :

Configuration container | Services | Microsoft Exchange |YourOrgName| Global Settings | Message Delivery | Properties,check the below values:

a. delivContentLength

b. SubmissionContentLength

c. msExchRecipLimit

7.Transport Rules

Organization Configuration | Hub Transport | Transport Rules

Mailbox Size Limits Are Not Enforced in a Reasonable Period of Time

http://technet.microsoft.com/en-us/library/bb684892(EXCHG.80).aspx

DNS Scavenging

Scavenging is a feature that will remove expired records based on their time stamps.
Scavenging is not enabled by default.
Scavenging will NOT remove statically configured records, the ones you manually create unless you run dnscmd /AgeAllRecords, which will stamp them making them eligible for scavenging (more below on this). Without running this command, DNS will scavenge dynamically updated records that have reached their time stamp. To look at the time stamps of a record using Windows 2003 DNS, put the DNS console “view” in the menu to Advanced View, then look at the individual record properties, and you will see the time stamp. If using Windows 2008 or or newer, it will show up in the console as a separate column.

Vulnerability in SSL 3.0 Could Allow Information Disclosure

  • Disable SSL 3.0 and enable TLS 1.0, TLS 1.1, and TLS 1.2 in Group Policy You can disable the SSL 3.0 protocol that is affected by this vulnerability. You can do this by modifying the Turn Off Encryption Support Group Policy Object.
    1. Open Group Policy Management.
    2. Select the group policy object to modify, right click and select Edit.
    3. In the Group Policy Management Editor, browse to the following setting:Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Explorer Control Panel -> Advanced Page -> Turn Off Encryption Support
    4. Double-click the Turn off Encryption Support setting to edit the setting.
    5. Click Enabled.
    6. In the Options window, change the Secure Protocol combinations setting to “Use TLS 1.0, TLS 1.1, and TLS 1.2“.
    7. Click OK.
  • Disable SSL 3.0 and enable TLS 1.0, TLS 1.1, and TLS 1.2 in Internet Explorer You can disable the SSL 3.0 protocol that is affected by this vulnerability. You can do this by modifying the Advanced Security settings in Internet Explorer.To change the default protocol version to be used for HTTPS requests, perform the following steps:
    1. On the Internet Explorer Tools menu, click Internet Options.
    2. In the Internet Options dialog box, click the Advanced tab.
    3. In the Security category, uncheck Use SSL 3.0 and check Use TLS 1.0Use TLS 1.1, and Use TLS 1.2 (if available).
    4. Click OK.
    5. Exit and restart Internet Explorer.

How to Autoredirect a Page with Java or HTML

<html>
<head>
<title>A web page that points a browser to a different page after 2 seconds</title>
<meta http-equiv="refresh" content="2; URL=http://example.com/services/computing/">
<meta name="keywords" content="automatic redirection">
</head>
<body>
If your browser doesn't automatically go there within a few seconds, 
you may want to go to 
<a href="http://example.com/">the destination</a> 
manually.
</body>
</html>

…or it can done with JavaScript. This JavaScript example opens the new site in a new browser window after a 4.5-second (4500 ms) delay:

 <script language="javascript" type="text/javascript">
     <!--
     window.setTimeout('window.open("http://example.com/","newsite")',4500);
     // -->
 </script>

OWA Showing Blank Page

I am presented with the OWA Authentication page and enter my credentials and then it throws an “HTTP 500” error instead of opening the mailbox.

You tried to issue an “IISReset /NoForce” and even rebooted the server and still see the symptom.

So the issues is typically caused by the “Microsoft Exchange Forms-Based Authentication” service being in a stopped state. Starting the service immediately fixes the issue.

MICROSOFT IIS: HOW TO DISABLE THE SSL V3 PROTOCOL

  1. Open the Registry Editor and run it as administrator.For example, in Windows 2012 or 2008r2:
    1. On the Start screen type regedit.exe.
    2. Right-click on regedit.exe and click Run as administrator.
  2. In the Registry Editor window, go to:HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSchannelProtocols
  3. In the navigation tree, right-click on Protocols, and in the pop-up menu, click New > Key.
  4. Name the key, SSL 3.0.
  5. In the navigation tree, right-click on the new SSL 3.0 key that you just created, and in the pop-up menu, click New > Key.
  6. Name the key, Client.
  7. In the navigation tree, right-click on the new SSL 3.0 key again, and in the pop-up menu, click New > Key.
  8. Name the key, Server.
  9. In the navigation tree, under SSL 3.0, right-click on Client, and in the pop-up menu, click New > DWORD (32-bit) Value.
  10. Name the value DisabledByDefault.
  11. In the navigation tree, under SSL 3.0, select Client and then, in the right pane, double-click the DisabledByDefault DWORD value.
  12. In the Edit DWORD (32-bit) Value window, in the Value Data box change the value to 1 and then, click OK.
  13. In the navigation tree, under SSL 3.0, right-click on Server, and in the pop-up menu, click New > DWORD (32-bit) Value.
  14. Name the value Enabled.
  15. In the navigation tree, under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value.
  16. In the Edit DWORD (32-bit) Value window, in the Value Data box leave the value at 0 and then, click OK.
  17. Restart the server.
  18. You have successfully disabled the SSL v3 protocol.

Forgotten the Password for Your RSA SecureID SuperAdmin Account?

In order to reset the password for the Admin account, we could create a temporary superadmin account (i.e. tempAdmin).

Run the superadmin restoration utility via CLI/ serial console:

  1. Login using the account emcsrv and key in the password when prompted.
  1. Change to root and key in the password when prompted:

sudo su

  1. Navigate to the directory where the superadmin restoration utility resides to create the temporary superadmin account:

cd /usr/opt/rsa/am/utils

./rsautil restore-admin –u [tempadmin_name] –p [password]

[tempadmin_name] – the temporary superadmin account to be created

[password] – the password for the temporary superadmin account

Enter Master Password: **********

A temporary admin will be created with the user ID ‘tempAdmin’.

Are you sure you want to continue (Y/N): Y

Admin created successfully.

  1. Login to the Security Console using the created account tempAdmin.
  1. Go to Identity > Users > Manage Existing and search for the superadmin account whose password need to be reset.
  1. From the Context menu, select Edit and scroll to the section labelled as Password.
  1. Key in the desired password for this superadmin account and click Save.

Note that the temporary superadmin account created will expire in 24 hours.