Sunday, 6 December 2015

Nagrestconf on Centos 7

Installation instructions and RPMs are now available for installing Nagresconf on Centos 7.

More work is needed to make the installation process as short as a Centos 6 install, but it's a start.

Thursday, 3 December 2015

Nrcq Update 0.1.1

Nrcq 0.1.1 has been released today.

Notable changes:

* Now supports Basic Auth through -U, user, and -P, password, options.

Go to the GitHub page to get it.


Monday, 23 November 2015

New Nagrestconf Release fixes Centos 6

A new Nagrestconf release 1.174.4 is available in the usual location at Sourceforge.

This fixes Nagrestconf on Centos 6:

PHP 5.3.3 Centos 6 - GUI only shows error message #49

PHP 5.3.3 - Centos 6
After installation the following message is shown in the browser:

Could not execute query using REST.
Please check system settings.

httpd error log shows:

PHP Warning:  json_encode() expects parameter 2 to be long, string given in /usr/share/nagrestconf/htdocs/rest/index.php

Saturday, 31 October 2015

Nrcq - Nagrestconf Query Utility


Nrcq is a command line tool that hopes to make the nagrestconf REST api easier to use than using Resty or 'curl' directly.

Intended for scripting, it automatically url-encodes/decodes fields where required, outputs in text or json and can show all valid nagrestconf endpoints, options and required fields.

It's written in Go so should work in Linux, Windows and Mac. Compiled binaries are available for those platforms.

The Nagrestconf Rest Tutorial and Cook Book have been updated to use nrcq.

It's available from here:

https://github.com/mclarkson/nrcq

And the golang library it uses is here:

https://github.com/mclarkson/nagrestconf-golib

Please report any issues on the Issue tracker.

Sunday, 13 September 2015

New Nagrestconf and Synagios Releases

Nagrestconf version 1.174.1 released. Notable changes:
  • Refresh hosts page after restore. Closes #20.
  • Status Map Image fields added for templates. Closes #22.
  • Added 'parents' field to hosts dialog. Closes #17.
  • Allow hostnames, not just ip addresses. Closes #26.
  • Alias field added to clone host dialog. Closes #29.
  • Added Host Custom Variables and Notes fields to REST and UI. Closes #38.
  • Added extra dependencies for really minimal systems.
Synagios version 0.14 released. Notable changes:
  • Includes Nagrestconf 1.174.1.
  • Base Operating System updated from Debian Wheezy to Debian Jessie.
  • Nagios updated to 3.5.1.
  • Pnp4nagios updated to 0.6.24.
  • Installed nagios_nrpe_plugin. Closes #21.
  • Make synology log output useful. Closes #2.
Installation guides have been updated for more recent Operating System versions. New packages are available from the Downloads section of the Nagrestconf Web site.

Sunday, 6 September 2015

GD2 file names

Here are all the gd2 file names that can be set for the statusmap_image parameter for Nagrestconf and Synagios in the Status Map Image field for templates.

station.gd2
cat5000.gd2
beos.gd2
aix.gd2
caldera.gd2
storm.gd2
stampede.gd2
nagios.gd2
irix.gd2
yellowdog.gd2
router40.gd2
turbolinux.gd2
ng-switch40.gd2
unicos.gd2
ubuntu.gd2
novell40.gd2
switch40.gd2
openbsd.gd2
cat1900.gd2
apple.gd2
redhat.gd2
mac40.gd2
logo.gd2
next.gd2
debian.gd2
slackware.gd2
linux40.gd2
sun40.gd2
cat2900.gd2
sunlogo.gd2
mandrake.gd2
win40.gd2
amiga.gd2
hpux.gd2
freebsd40.gd2
hp-printer40.gd2
ultrapenguin.gd2


Synagios: Enabling HTTPS for Nagrestconf and Nagios

How to enable https access to the nagios3 and nagrestconf:

Thanks to Juan GarcĂ­a for providing this solution.

Configure HTTPS


Go to apache2 config files in Synagios package:

    cd /volume1/@appstore/Synagios/nagios-chroot/etc/apache2/sites-enabled

Copy available conf file for ssl:

    cp ../sites-available/default-ssl .

Change port 443 for desired one (4443 in this case):

    vi default-ssl

    ...
    <VirtualHost default:4443>
    ...


Enable HTTPS


When service ''Synagios'' is launched (then ''dev'', ''proc'', ''sys'' are mounted), launch a shell in chroot environment:

    chroot /volume1/@appstore/Synagios/nagios-chroot /bin/bash

Enable ssl in apache2:

    a2enmod ssl

Restart apache:

    /etc/init.d/apache2 restart

Exit from chroot environment:

    exit

Friday, 4 September 2015

Junos Pulse Secure SmartConnect with DUO on Linux

I want to use my Fedora 22 laptop to connect to the work VPN but SmartConnect with DUO isn't available for Linux yet. So, until there's a proper client, I got it working using a Windows virtual machine for home working, and I can ditch Windows 8 - great!

There are other ways of doing this, not using a virtual machine, but I wanted to use something with a low risk of breaking if there are any software updates in the future.

This solution is only good for accessing Intranet Web sites and for ssh connections, which is exactly what I need.

Here's what working from home looks like now:
  1. Power on the laptop choosing Fedora boot.
  2. Log in.
  3. Start VirtualBox.
    1. Start the Windows 7 VM without the GUI (headless).
    2. Close VirtualBox.
  4. Start Remote Desktop.
    1. Connect to the Windows 7 VM.
    2. Click the SmartConnect icon to connect to the VPN.
    3. Confirm the connection in the Duo Android App.
    4. Close Remote Desktop.

      The VPN session lasts the whole day.
  1. Start an ssh session to the Windows 7 VM with SOCKS enabled.
    1. Connect to a work server to work from for the day with 'screen'.
  2. Start a Web Browser.
    1. Click the 'Socks Proxy' plugin button.
    2. Log in to Jira, Wiki, etc.
All the Intranet sites work, as do HP iLO and Remote Consoles through the iLO, since all DNS queries go to the SOCKS 4 ssh connection.

Setting it all up on Fedora 22


If they aren't installed already, install VirtualBox and Vagrant.
sudo cat >/etc/yum.repos.d/virtualbox.repo <<EnD
[virtualbox]
name=Fedora $releasever - $basearch - VirtualBox
baseurl=http://download.virtualbox.org/virtualbox/rpm/fedora/$releasever/$basearch
enabled=1
gpgcheck=1
gpgkey=https://www.virtualbox.org/download/oracle_vbox.asc
EnD
sudo dnf install virtualbox vagrant
After installation go to the Web Site and install the VirtualBox Extensions so that virtual machines can be started without a GUI (headless) later.

Get a Windows image from vagrant.

This minimal Windows 7 box has an ssh server, BitVise, already installed as a service and a bash shell, Git Bash, so there's not much to do once it's installed.

mkdir win7 
cd win7
vagrant init ferventcoder/win7pro-x64-nocm-lite
vagrant up --provider virtualbox

Once Vagrant has started, stop it.

vagrant halt

Download Firefox for Windows and put it in the win7 folder.

Google for Firefox and download the 64 bit Windows version then put it in the win7 folder created earlier. This folder is accessible by the virtual machine when it's running so Firefox can be easily installed inside the VM.

Start the Windows 7 virtual machine and configure it.

Start VirtualBox then start the Windows 7 VM that vagrant created.

Click on Network then VBOXSVR and open the share.

Run the 'Firefox Setup...' executable to install it.



Now that it's installed, open Firefox and search for Microsoft Security Essentials then download and install it. This is required for SmartConnect to work - it will complain otherwise.

Use Firefox again to get SmartConnect DUO from your IT department. They will have supplied a Web address to get the client from.

Run SmartConnect with DUO and connect to the corporate VPN.

The Windows installation is very limited, but enough of it works to make it completely usable as a VPN proxy.

Minimise the Windows 7 VM window. We don't need it anymore.

SSH to the Windows 7 VM

The following ssh command connects to the VM with SOCKS 4 enabled on port 1337. Use the password, 'vagrant', when prompted.
ssh -D1337 -p2222 vagrant@127.0.0.1
I use this terminal to connect to other hosts on the corporate network using ssh. A bash terminal is available by typing 'bash', '~/.ssh/authorized_keys' can be used (but tick the 'use authorized_keys file' in BitVise), and public/private keys can be put in '~/.ssh/'.

By default the terminal foreground colour is green. Type 'color 7' to make it white.

Install 'Socks Proxy' in the Firefox Web browser.

Install Socks Proxy from Add Ons and set it up as shown:



Other proxies, such as Foxy Proxy, could be used to selectively choose when the socks proxy is used, but this one is really simple, and it works, although all Web traffic will go through the proxy.

Try connecting to corporate Web sites.

Enable the socks proxy plugin using the toolbar button .

Navigate to corporate Web sites and they should work, even web sites that specify ports to use.



No screen clutter - use a headless Windows 7 VM

Windows 7 can be started in headless mode by pressing the 'shift' key when starting the virtual machine in the VirtualBox GUI. Then Remote Desktop can be used to start/stop the VPN. These are the Remote Desktop settings:



That's it!