Archive for February, 2010

Installing & Configuring Cacti Under Gentoo

By Mark Davidson on February 9th, 2010

Cacti is a front end to RRDTool, the purpose of which to provide an effective network graphing solution for monitoring devices within a Network. It can be used with SNMP to monitor various statistics about a device including but not limited to Load Average, Bandwidth, Disk Usage and Processes.

The following are the steps to install Cacti under Gentoo

  1. Modify your /etc/make.conf and modify your use flags adding “mysql xml sockets vhosts”, which should give you a line reading something similar to
    USE="symlink mmx sse sse2 bash-completion vhosts xml sockets snmp"
  2. Now emerge Apache, PHP, Cacti and webapp-config. You may already have some of these installed but it is important to rebuild them with the new use flags.
    sudo emerge apache php cacti webapp-config

    Once completed if everything has installed correctly procede to the next step if you get an error saying “Could not read settings from webapp-config” I found the easiest way to solve this was to unmerege webapp-config and reinstalled it.

  3. Update your /etc/ config files if required
    sudo etc-update
  4. Create a vhost if you don’t already have one and then run the following. Then install cacti to the vhost using webapp-config. Remember to change the -h option to reflect the name of your vhost and that you may need to set a different cacti version number if cacti has been updated since I posted this article.
    sudo webapp-config -I -h -d cacti cacti 0.8.7e-r1
  5. Its now time to setup the database that Cacti will be using.
    mysqladmin -p --user=root create cacti
    mysql -p --user=root cacti < /var/www/ # Remember to change this to reflect the path to your cacti install.
    mysql -p --user=root mysql
    GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY  'somepassword'; # Just a note I like to use apg to generate my passwords.
    flush privileges;
  6. Now that the database has been created your need to set the database settings in cacti. Modify /var/www/ if your installing with a local database and only changed the password above that’s all you need to update in the config file.
  7. The last step of the install is to add a cron entry to your tab to get Cacti to update. Add the following entry to your crontab updating the path as needed.
    */5 * * * * apache /usr/bin/php  /var/www/ > /dev/null  2>&1
  8. That should be it for Cacti base install visit and you should be meet with a login screen use admin as the username and admin as the password. You should now see the Cacti inteface.
  9. Click on the Graphs tab accross the top and after a while once data starts coming in your should see the graphs start to be drawn. At the moment these graphs will display localhost data.

Thats all for now in the next post I will cover setting up net-snmpd on a host and then configuring Cacti to monitor it.

Gentoo & Nagios Configuration for Basic Remote Host Monitoring

By Mark Davidson on February 7th, 2010

Nagios is a very powerful monitoring solution that can be used to monitor the status of hosts and servers. This post is going to cover a basic setup of Nagios under Gentoo and configuring it to monitor the status of remote hosts.

First Add these lines to /etc/portage/package.use

net-analyzer/nagios-plugins nagios-dns nagios-ping nagios-ssh
net-analyzer/nagios-core vim-syntax
media-libs/gd jpeg png # You may need this line as well if your GD isn't already compiled with jpeg and png support.

Then emerge nagios

sudo emerge nagios
sudo chmod +x /etc/nagios/ # You don't have to do this but lets you ls the dir because permissions are a bit strict by default

now that nagios has been installed the next step is to enable it under apache. Edit /etc/conf.d/apache2 and add “-D NAGIOS” to the apache2 opts


After doing so create a new .htaccess file in /usr/share/nagios/htdocs/ containing the following

AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/auth.users
Require valid-user

make a copy of the file to /usr/lib/nagios/cgi-bin/.htaccess

sudo cp /usr/share/nagios/htdocs/.htaccess /usr/lib/nagios/cgi-bin/.htaccess

next create the htpasswd file  and restart apache

sudo htpasswd2 -c /etc/nagios/auth.users nagiosadmin
sudo apache2ctl restart

Now nagios should be configured and monitoring localhost with a number of checks, to check its working simply vist and click the service details link on the menu providing everything is working you should see some service details and other status details about the localhost.

Providing everything went well we can now start monitoring some hosts remotely. There are many ways of doing so with Nagios I will cover some of these in a later tutorial but for now I will simply explain how to set up a check for PING, SSH and HTTP against a host.

Edit the /etc/nagios/nagios.cfg file and add this line any where below the log_file line.


next you need to create the dir /etc/nagios/servers and set it to be owned by nagios.

sudo mkdir /etc/nagios/servers
sudo chown nagios:nagios /etc/nagios/servers

now create a new .cfg named and begin editing it. Add the following to the file save and exit.

define host{
    use                     linux-server
    host_name  ; Change this to yourdomain
    address               83.XXX.XXX.XXX ; Change this to the IP of your domain

define service {
    use                     generic-service
    host_name      ; Change this to your domain as above
    service_description     PING
    is_volatile             0
    check_period            24x7
    max_check_attempts      3
    normal_check_interval   5
    retry_check_interval    1
    notification_interval   240
    notification_period     24x7
    notification_options    w,u,c,r
    check_command           check_ping!100.0,20%!500.0,60%

define service {
    use                     generic-service
    host_name      ; Change this to your domain as above
    service_description     SSH
    check_command           check_ssh
    notifications_enabled   0

define service {
    use                     generic-service
    host_name      ; Change this to your domain as above
    service_description     HTTP
    check_command           check_http
    notifications_enabled   0

repeat this step for each of your hosts then restart nagios

sudo /etc/init.d/nagios restart

finally visit click on the service details link again and you should see all your servers with status reports for the PING, HTTP and SSH monitoring.

Thats it for now any problems or questsions let me know I plan on covering the subject in more detail in a future post.

In the mean time some more details can be found at and

Installing & Configuring fail2ban Ubuntu 9.04

By Mark Davidson on February 7th, 2010

Fail2Ban’s primary function is to block selected IP addresses that may belong to hosts that are trying to breach the system’s security. It determines the hosts to be blocked by monitoring log files (usually /var/log/auth.log) and bans any host IP that makes too many login attempts or performs any other unwanted action within a time frame defined by the administrator. In most cases people use it to limit the number of login attempts that are allowed against SSH within a period of time, this can make it very difficult for an attacker to brute for a login.

The process for installing fail2ban under Ubuntu is to

sudo apt-get install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/fail.local
sudo /etc/init.d/fail2ban restart

after these initial steps have been completed if your running not running Ubuntu 9.04 you can skip the next section, unless your seeing Unexpected communication errors in the /var/log/fail2ban.log file.

These errors occur due to Ubuntu 9.04 running  Python 2.6 by default so some modifications are neeed

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install python2.5
sudo vim /usr/bin/fail2ban-server

Change the first line from




Once completed restart fail2ban and the communication errors should no longer occur

sudo /etc/init.d/fail2ban restart

Now that fail2ban is installed and working the next step is to configure it for your needs the following is an example /etc/fail2ban/jail.local file which has been configured for protecting SSH. Settings in jail.local will override the ones in jail.conf this is an example where all of the jails have been removed except the one for SSH.

# Fail2Ban local configuration file.


ignoreip = # Here you want to ignore IP's such as the IP of the Server its self, your IP and any other IPs that its important are not locked out.
bantime  = 600 # Default ban time for all jails of 10 minutes
maxretry = 3 

destemail = [email protected] # Email of where alerts should be sent to

banaction = iptables-multiport # Ban action

mta = ssmtp # MTA to be used im using ssmtp in the case but you could be using sendmail

[ssh] # This rule monitors ssh login attempts recorded in the /var/log/auth.log file and blocks the user after 3 attempts with the default bantime of 10 minutes

enabled = true
port    = ssh
filter  = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
 sendmail-whois[name=SSH, [email protected], [email protected]]
logpath  = /var/log/auth.log
maxretry = 3