Linux Patch Management for Automate, formerly LabTech

In most MSPs, Linux is a small if any footprint in their overall service offerings and this is reflected in the support given to these systems within the RMM tools they use.  MSPs often pass on managing Linux agents as the RMM tool they have available to them does not lend itself to managing Linux patching and updates.

Demand drives the development of the tools we use and we all know that Windows OS reigns supreme in the managed businesses realm. With MSPs looking to save every dollar where they can, they are not hiring techs to man the helpdesk that are Linux hardened vets. If they are lucky to have 1 guy that knows his way around BASH, he tends to be closer to management. They also most often overlook these systems in any maintenance plans the RMM tool is providing. This tends to leave Linux systems that are widely considered the workhorses of the Internet grossly under patched and vulnerable to exploits.

Like any MSP we had similar issues with maintenance plans as techs came and left taking skill sets with them. It was hard to keep up with managing maintenance when the previous engineer was very Linux savvy and the incoming engineer is not. Where do they pick up and go with patch management of these systems?

In comes a patch manager for Linux that plugs into LabTech, Linux Update Manager.

Plugins4LabTech decided to jump in and help give MSPs the ability to have a standard method and interface inside LabTech that they could use to determine what systems they have. MSPs can know what updates are available for each system and the ability to automate the installs of patches and updates. MSPs can determine if they have systems that have pending updates or pending reboots due to updates.  See what update versions of packages are available and the ability to manually run updates or update a single package.  The first release has basic automation controls for unassisted updating but the P4L team assures us there is several big expansions they want to add to the plugin to include detailed scheduling of updates, ticketing and alerting.

What to try the new Linux Update Manager plugin for free, or visit http://www.plugins4labtech.com

GhostFile -> Host File Manager plugin for LabTech

ghostlogo

GhostFile plugin for Labtech is a Host file manager that allows a Tech to add, update or delete host file entries from within LabTech. The client console will allow management of 1, many or all systems under the client from a single interface. The plugin will write a new host file to the systems and send a DNS resolver flush command to the system so entries take effect immediately.

client-hostfile

comp-LMHosts

comp-Network

comp-Protocol

comp-Services

Version 1.0.2 now available for download

download

How-to : Setup GoDaddy SSL on Tomcat using a Public Certificate

Hello again,

Today I will be walking you through the process of setting up your Tomcat installation to use a public SSL certificate. I will be using examples from my Ubuntu 11 box but this will work with any linux based Tomcat install.  We should have you up and running in just a few minutes, here is what we are going to be doing.

  • ·     Enable and initialize an empty keystore
  • ·     Generate a certificate signing request (CSR)
  • ·     Add a root certificate authority (CA) to your keystore
  • ·     Import the generated certificate for use in Tomcat

To create and configure a public certificate for your Tomcat installation:

 

  1. Open a SSH Terminal to the server.
  2. In Terminal, navigate to the Tomcat directory by typing the following command:

    cd /var/lib/tomcat/

  3.  Type the following command to generate the keystore:

    sudo keytool -genkey -alias Tomcat -keysize 2048 -keyalg RSA –keystore /var/lib/tomcat/.mykeystore

  4. Fill in the appropriate information when prompted. Type a new keystore password and when the prompt asks for a first and last name, it is requesting the Fully Qualified Domain Name (FDQN). All other information is not as important as the first and last name as this will define the URL the SSL is good for.
  5. Let’s now generate a certificate signing request by typing the following command:

    sudo keytool -certreq -alias tomcat -keystore /var/lib/tomcat/.mykeystore -file godaddy-ssl-cert.req

  6. Copy the entire text from the .req file and paste it in the Cert request window for GoDaddy SSL request form on the Godaddy.com website. Once approved GoDaddy will provide a download zip file that includes your new SSL certificate and the GoDaddy RootCA cert. We will be installing both certs in to the keystore. You will need to copy these certificates up to your Ubuntu (Linux) system.
  7. Import the CA’s root certificate using the following command: (Replace the file location with the location you placed your new certificates from GoDaddy)

    sudo keytool -import -trustcacerts -alias rootCA –file /home/myuser/gd_bundle.crt -keystore /var/lib/tomcat/.mykeystore

  8.  Import your certificate signed by GoDaddy by typing the following command: (Replace myFQDN.crt with the file name and location of the new GoDaddy certificate)

    sudo keytool -import -alias tomcat -keystore /var/lib/tomcat/.mykeystore -trustcacerts -file /home/myuser/myFQDN.crt

  9. Lastly we will  edit the /var/lib/tomcat/conf/server.xml file. Point the “keystoreFile” attribute to the location of the keystore, and include the “keystorePass” containing the password to your keystore.This is the part of the file that you should modify:  <Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”              
                   maxThreads=”150″ scheme=”https” secure=”true”
                  
                  
    clientAuth=”false” sslProtocol=”TLS”             
                   keystoreFile=”/var/lib/tomcat/.mykeystor
             
                   keystorePass=”your keystore password” />

 

The instructions below can be followed to update a certificate, assuming you will be using the same keystore.

How-To clear the Tomcat alias:

 

1.   Open a SSH terminal session to Ubuntu.

2.   Create a backup of the previous alias by typing the following command:

    sudo keytool -export -alias Tomcat -keystore /var/lib/tomcat/.mykeystore -file MyBackup.cer

3.    After a successful backup, type the following command to clear out the Tomcat alias:

    sudo keytool -delete -alias Tomcat -keystore /var/lib/tomcat/.mykeystore


You should now be able to run the commands to create and import a new certificate.


I hope this makes quick work for somone out there..

Enjoy

Cubert 


Keeping Time on Linux using ntpdate and hwclock

If you want a quick way to keep your linux system up to current time then just pop in our little script and your stay on time.

You can also use the following script to run every hour from your cronjob or create a file and copy the following to it. Place file in /etc/cron.hourly
#!/bin/sh
#Quick script to update time and push time to hardware clock
#Created

If you want a quick way to keep your linux system up to current time then just pop in our little script and your stay on time.


You can also use the following script to run every hour from your cronjob or create a file and copy the following to it. Place file in /etc/cron.hourly
#!/bin/sh
#Quick script to update time and push time to hardware clock
#Created by Cubert for squidworks.net
/usr/sbin/ntpdate -s
/sbin/hwclock --adjust
/sbin/hwclock --systohc

Hobbit / XYMON undefined reference to `clock_gettime’

Hobbit / XYMON does not compile on CentOS 5 and complains about clock_gettime issues.

Here is how to fix this issue.
Download Hobbit-4.2.3.tar.gz
#1 make sure pcre-devel is installed (#~yum install pcre-devel)
#2 add xymon user (#~useradd xymon)
#3 set varible for “ltr” (#~LIBRTDEF=-lrt)
#4 export varible (#~export LIBRTDEF)
#5 Configure Hobbit inside hobbit src directory (#~./configure –client)
#6 Compile program (#~make)
#7 Install program (#~make install)
#8 Start

Hobbit / XYMON does not compile on CentOS 5 and complains about clock_gettime issues.

Error: timefunc.c:55: undefined reference to `clock_gettime’

Here is how to fix this issue.
Download Hobbit-4.2.3.tar.gz
#1 make sure pcre-devel is installed (#~yum install pcre-devel)
#2 add xymon user (#useradd xymon)
#3 set varible for “ltr” (#LIBRTDEF=-lrt)
#4 export varible (#export LIBRTDEF)
#5 Configure Hobbit inside hobbit src directory (#./configure –client)
#6 Compile program (#make)
#7 Install program (#make install)
#8 Start hobbit client (#/home/xymon/client/runclient.sh start)

Afterwards your hobbit / xymon client should be running on your CentOS or Fedora core systems.


cc -o ../client/hobbitd_client -Wl,--rpath=/usr/lib64
hobbitd_client.o
hobbitd_worker.o hobbitd_buffer.o client_config.o
../lib/hobbitclient.a
-L/usr/lib64 -lpcre
../lib/hobbitclient.a(timefunc-client.o): In function `gettimer':
/usr/src/xymon-4.2.3/lib/timefunc.c:55: undefined reference to
`clock_gettime'
../lib/hobbitclient.a(timefunc-client.o): In function `getntimer':
/usr/src/xymon-4.2.3/lib/timefunc.c:67: undefined reference to
`clock_gettime'
collect2: ld returned 1 exit status
make[1]: *** [../client/hobbitd_client] Error 1

If You get the Following Errors:

gcc -o ../client/xymond_client -Wl,--rpath,/usr/lib64 xymond_client.o    xymond_worker.o xymond_buffer.o client_config.o ../lib/xymonclient.a -L/usr/lib64 -lpcre
xymond_worker.o: In function `net_worker_run':
/root/xymon-4.3.0/xymond/xymond_worker.c:292: undefined reference to `locator_init'
/root/xymon-4.3.0/xymond/xymond_worker.c:298: undefined reference to `locator_register_server'
/root/xymon-4.3.0/xymond/xymond_worker.c:312: undefined reference to `locator_serverdown'
xymond_worker.o: In function `net_worker_heartbeat':
/root/xymon-4.3.0/xymond/xymond_worker.c:80: undefined reference to `locator_serverup'
xymond_worker.o: In function `net_worker_run':
/root/xymon-4.3.0/xymond/xymond_worker.c:317: undefined reference to `locator_serverdown'

 

The just Add "locator.o" to CLIENTLIBOBJS in lib/Makefile inside of the XYMON build directory. Then re-run "make" and you should be able to build the client.

Enjoy….

www.alertonfailure.com Free BBDisplay and BBpager Monitor Service under development

Alert On Failure

  

 The Engineers at Squidworks are building another free web services site. AlertOnFailure.com is the first free public BBDisplay and BBpager compatible service available on the web. It takes the well known BB model of delivering data and packages a large scale MySql Database schema around it and a world class web interface to

Alert On Failure

  

 The Engineers at Squidworks are building another free web services site. AlertOnFailure.com is the first free public BBDisplay and BBpager compatible service available on the web. It takes the well known BB model of delivering data and packages a large scale MySql Database schema around it and a world class web interface to view and manager the data collected. The clients are freely available across the Internet, some off the better clients are BBwin, XYMon and BB4.org. If you ever used BB, Hobbit or XYmon then this will be a great experence for you.

www.AlertOnFailure.com

Hobbit / XYMON / Big Brother

Get EPOCH using DATE function on linux

If you need epoch from a shell cmd line on a linux system the date cmd is a great way to do it.
date +%s -d “$a”
This code by will print epoch out at the cmd line in a ssh window or terminal window

If you need epoch from a shell cmd line on a linux system the date cmd is a great way to do it.
date +%s -d "$a"
This code by will print epoch out at the cmd line in a ssh window or terminal window

Howto Install ImageMagick and PHP imagick extension on CentOS 5

Howto install imagemagick and PHP imagick extension on Linux CentOS 5 LAMP server. It is pretty simple really

yum install ImageMagick.i386
yum install ImageMagick-devel.i386
pecl install imagick

After the installation, create an inclusion file in your /etc/php.d directory for imagick.so module and then restart apache daemon:

echo “extension=imagick.so” > /etc/php.d/imagick.ini
/etc/init.d/httpd restart

Test the loading of the module by running:

php -m | grep imagick

Howto install imagemagick and PHP imagick extension on Linux CentOS 5 LAMP server. It is pretty simple really

yum install ImageMagick.i386
yum install ImageMagick-devel.i386
pecl install imagick

After the installation, create an inclusion file in your /etc/php.d directory for imagick.so module and then restart apache daemon:

echo "extension=imagick.so" > /etc/php.d/imagick.ini
/etc/init.d/httpd restart

Test the loading of the module by running:

php -m | grep imagick

Remove CRLF from windows PHP files.

I have had a few guys ask me, Shannon I have a Windows guy developing web aps in PHP but I run them on a Linux (LAMP) system. Some times the code seems to fail and I find the files populated with Carrage Return Line Feed or better seen while looking at a windows file on a linux system in a text editor ( ^M ). This has been know

I have had a few guys ask me, Shannon I have a Windows guy developing web aps in PHP but I run them on a Linux (LAMP) system. Some times the code seems to fail and I find the files populated with Carrage Return Line Feed or better seen while looking at a windows file on a linux system in a text editor ( ^M ). This has been know to have adverse effects on LAMP systems at times and could cause web errors.

Great we now know the why.. How do we fix it?

Simple, Linux provides the program to review a file and make the mods and we can the loop it through a directory to do all files. Here is the cmd you want to use.
find (path to top level folder) -type f -exec dos2unix {} \;

We use the program “find” to get and pipe our files to the cmd dos2unix which is the program that is actually doing the repairs. We use both programs together to produce the desired effect of removing all CRLF from a directory of windows files like a php website.

Remember always backup your files first, be safe.

How-to : Installing RRDTool on centos 5 using yum

Yes, I know CentOS 5 does not come with a repository that holds valid redhat style rpm’s for rrdtool. So here is how we fix that. We are going to echo to a new file the repo information you will need to allow yum to install rrdtool.

We create a file called dag.repo in /etc/yum.repos.d/ by running the echo cmd below. Just copy and past it in to your putty

Yes, I know CentOS 5 does not come with a repository that holds valid redhat style rpm’s for rrdtool. So here is how we fix that. We are going to echo to a new file the repo information you will need to allow yum to install rrdtool.

We create a file called dag.repo in /etc/yum.repos.d/ by running the echo cmd below. Just copy and past it in to your putty window and hit [enter] once. Then let’s cat the file to make sure it has saved correctly.


echo "[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el\$releasever/en/\$basearch/dag
gpgcheck=1
gpgkey=http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
enabled=1" > /etc/yum.repos.d/dag.repo

Now run

[root@localhosts]#cat /etc/yum.repos.d/dag.repo
And you will see this

[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
gpgkey=http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
enabled=1

Now run
[root@localhosts]# yum install rrdtool

This is also good for

awstats
cacti
bandwidth
cfengine
ClamAV
Claws Mail
darkstat
dante
devilspie
dnstop
dvd95
dvdrip
etherape
flash-plugin
fuse
gkrellm
iperf

Another good place to get rrdtool for cent if you just want to download the RPM’s and go..
RRDTOOL