Nagios Installation on Production server via Source code compilation

We have CentOS Linux Operating System as a Server OS

[root@nagiosprod nagios]# yum install httpd php gcc glibc glibc-common gd gd-devel
[root@nagiosprod nagios]# yum install httpd php gcc glibc glibc-common gd gd-devel openssl-devel wget perl make
[root@nagiosprod nagios]# /usr/sbin/groupadd -g 310 nagios
[root@nagiosprod nagios]# /usr/sbin/useradd -g 310 -u 310 -c "Nagios" -d /home/nagios nagios
[root@nagiosprod nagios]# passwd -x nagios
[root@nagiosprod nagios]# wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-4.0.6.tar.gz
 Continue reading "Nagios Installation on Production server via Source code compilation" 

Fedora 20 i686 Live AntiVirus Spin from WBITT Team!

The main purpose of Fedora 20 i686 Live AntiVirus Spin is of-course to clean your Windows infected virus infected Windows computers. Use this spin to boot your system in a clean state, remove the virus infected files, and get back to what you wanted to do with your Windows computer.
Download the ISO from the download section of www.wbitt.com .

Continue reading “Fedora 20 i686 Live AntiVirus Spin from WBITT Team!”

Time to Replace Windows XP OS with Linux OS on same old PC’s

It is a right time to move for something very exciting stuff  “Open Source Software” by replacing Windows XP or Windows OS with Linux Operating System on same old PC without  paying Licensing fees.

After April 8th 2014, no support for Windows XP from Microsoft Inc. will be available for Windows XP users, also no security updates or patches for XP, no updates for MS Security Essential Anti Virus for Windows XP.

Continue reading “Time to Replace Windows XP OS with Linux OS on same old PC’s”

How to Audit Linux / *Nix System using Lynis Audit Utility on CentOS RHEL Fedora Urdu CBT

How to Audit Linux/Nix System using Lynis Audit Utility on CentOS RHEL Fedora

In this Computer based training video CBT, we will learn how to install Lynis Audit tool, how to use this lynis utility to audit the system and configure our system according to Lynis report.

 

How to configure Extra Package Eenterprise Linux – EPEL Repository on CENTOS Fedora RHEL Urdu CBT

How to configure Extra Package Eenterprise Linux – EPEL Repository in short steps on CENTOS Fedora RHEL Urdu CBT Video.

In this Computer Based Training Video (CBT) we will learn how to configure EPEL Repository in short and simple steps for CentOS Red Hat Enterprise Linux Fedora Scientific Linux.

How to Configure Network Time Protocol NTP Server in CentOS RHEL Fedora

We have two Linux Machines one machine is Server  and one machine is Client

Server Machine 192.168.1.50 baber

Cleint Machine  192.168.1.60 farrukh

Server side configuration on CentOS /RHEL /Fedora

root@localhost# vi /etc/ntp.conf Continue reading "How to Configure Network Time Protocol  NTP Server in CentOS RHEL Fedora" 

Authentication Server: Setting up FreeRADIUS in RHEL, CENTOS

Installing FreeRADIUS

  1. Head over to the FreeRADIUS site, http://www.freeradius.org/, and download the latest release.
    
       # cd /usr/local/src
       # wget ftp://ftp.freeradius.org/pub/radius/freeradius-1.0.0.tar.gz
       # tar zxfv freeradius-1.0.0.tar.gz
       # cd freeradius-1.0.0
      
  2. Configure, make and install:
    
        # ./configure
        # make
        # make install
       

    You can pass options to configure. Use ./configure –help or read the README file, for more information.

The binaries are installed in /usr/local/bin and /usr/local/sbin. The configuration files are found under /usr/local/etc/raddb.

If something went wrong, check the INSTALL and README included with the source. The RADIUS FAQ also contains valuable information.

3.2. Configuring FreeRADIUS

FreeRADIUS has a big and mighty configuration file. It’s so big, it has been split into several smaller files that are just “included” into the main radius.conf file.

There is numerous ways of using and setting up FreeRADIUS to do what you want: i.e., fetch user information from LDAP, SQL, PDC, Kerberos, etc. In this document, user information from a plain text file, users, is used.

Tip The configuration files are thoroughly commented, and, if that is not enough, the doc/ folder that comes with the source contains additional information.

Configuring FreeRADIUS

  1. The configuration files can be found under /usr/local/etc/raddb/
    
        # cd /usr/local/etc/raddb/
       
  2. Open the main configuration file radiusd.conf, and read the comments! Inside the encrypted PEAP tunnel, an MS-CHAPv2 authentication mechanism is used.
    1. MPPE [RFC3078] is responsible for sending the PMK to the AP. Make sure the following settings are set:
      
          # under MODULES, make sure mschap is uncommented!
          mschap {
            # authtype value, if present, will be used
            # to overwrite (or add) Auth-Type during
            # authorization. Normally, should be MS-CHAP
            authtype = MS-CHAP
      
            # if use_mppe is not set to no, mschap will
            # add MS-CHAP-MPPE-Keys for MS-CHAPv1 and
            # MS-MPPE-Recv-Key/MS-MPPE-Send-Key for MS-CHAPv2
            #
            use_mppe = yes
      
            # if mppe is enabled, require_encryption makes
            # encryption moderate
            #
            require_encryption = yes
      
            # require_strong always requires 128 bit key
            # encryption
            #
            require_strong = yes
      
            authtype = MS-CHAP
            # The module can perform authentication itself, OR
            # use a Windows Domain Controller. See the radius.conf file
            # for how to do this.
          }
          
    2. Also make sure the “authorize” and “authenticate” contains:
      
          authorize {
              preprocess
              mschap
              suffix
              eap
              files
          }
      
          authenticate {
      
               #
               #  MSCHAP authentication.    
               Auth-Type MS-CHAP {
                     mschap
                }
      
               #
               #  Allow EAP authentication.
               eap
           }
          
  3. Then, change the clients.conf file to specify what network it’s serving:
    
       # Here, we specify which network we're serving
       client 192.168.0.0/16 { 
            # This is the shared secret between the Authenticator (the 
            # access point) and the Authentication Server (RADIUS).
            secret          = SharedSecret99
            shortname       = testnet
        }
       
  4. The eap.conf should also be pretty straightforward.
    1. Set “default_eap_type” to “peap”:
      
            default_eap_type = peap
           
    2. Since PEAP is using TLS, the TLS section must contain:
      
          tls { 
              # The private key password
              private_key_password = SecretKeyPass77
              # The private key
              private_key_file = ${raddbdir}/certs/cert-srv.pem
              #  Trusted Root CA list
              CA_file = ${raddbdir}/certs/demoCA/cacert.pem
              dh_file = ${raddbdir}/certs/dh
              random_file = /dev/urandom
              }
          
    3. Find the “peap” section, and make sure it contain the following:
      
            peap {
              #  The tunneled EAP session needs a default
              #  EAP type, which is separate from the one for
              #  the non-tunneled EAP module.  Inside of the
              #  PEAP tunnel, we recommend using MS-CHAPv2,
              #  as that is the default type supported by
              #  Windows clients.
              default_eap_type = mschapv2
            }
            
  5. The user information is stored in a plain text file users. A more sophisticated solution to store user information may be preferred (SQL, LDAP, PDC, etc.).Make sure the users file contains the following entry:
    
       "testuser"      User-Password == "Secret149"