know-how:linux
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
know-how:linux [2024/02/12 13:22] – [Welche Branches gibt es ?] cc | know-how:linux [2024/05/29 12:44] (aktuell) – [Debian 10 to Debian 11 Upgrade] cc | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | ~~ODT~~ | ||
====== Read Only Root ====== | ====== Read Only Root ====== | ||
* Getestet mit Debian Buster | * Getestet mit Debian Buster | ||
Zeile 1056: | Zeile 1057: | ||
md manage: | md manage: | ||
... | ... | ||
+ | </ | ||
+ | * Upgrade Cluster von 15 auf 16 - ohne Neuinstallation (gvmd kann nicht gestartet werden) / Vorsicht über SSH ! | ||
+ | * https:// | ||
+ | |||
+ | < | ||
+ | |||
+ | root@pentest: | ||
+ | Ver Cluster Port Status Owner Data directory | ||
+ | 15 main 5432 online postgres / | ||
+ | 16 main 5433 online postgres / | ||
+ | |||
+ | root@pentest: | ||
+ | |||
+ | root@pentest: | ||
+ | |||
+ | |||
+ | WARNING: | ||
+ | DETAIL: | ||
+ | HINT: Rebuild all objects in this database that use the default collation and run ALTER DATABASE template1 REFRESH COLLATION VERSION, or build PostgreSQL with the right library version. | ||
+ | WARNING: | ||
+ | DETAIL: | ||
+ | HINT: Rebuild all objects in this database that use the default collation and run ALTER DATABASE template1 REFRESH COLLATION VERSION, or build PostgreSQL with the right library version. | ||
+ | WARNING: | ||
+ | DETAIL: | ||
+ | HINT: Rebuild all objects in this database that use the default collation and run ALTER DATABASE template1 REFRESH COLLATION VERSION, or build PostgreSQL with the right library version. | ||
+ | Stopping old cluster... | ||
+ | Restarting old cluster with restricted connections... | ||
+ | Notice: extra pg_ctl/ | ||
+ | Creating new PostgreSQL cluster 16/main ... | ||
+ | / | ||
+ | The files belonging to this database system will be owned by user " | ||
+ | This user must also own the server process. | ||
+ | |||
+ | The database cluster will be initialized with locale " | ||
+ | The default text search configuration will be set to " | ||
+ | |||
+ | Data page checksums are disabled. | ||
+ | |||
+ | fixing permissions on existing directory / | ||
+ | creating subdirectories ... ok | ||
+ | selecting dynamic shared memory implementation ... posix | ||
+ | selecting default max_connections ... 100 | ||
+ | selecting default shared_buffers ... 128MB | ||
+ | selecting default time zone ... Europe/ | ||
+ | creating configuration files ... ok | ||
+ | running bootstrap script ... ok | ||
+ | performing post-bootstrap initialization ... ok | ||
+ | syncing data to disk ... ok | ||
+ | |||
+ | Copying old configuration files... | ||
+ | Copying old start.conf... | ||
+ | Copying old pg_ctl.conf... | ||
+ | Starting new cluster... | ||
+ | Notice: extra pg_ctl/ | ||
+ | Running init phase upgrade hook scripts ... | ||
+ | |||
+ | WARNING: | ||
+ | DETAIL: | ||
+ | HINT: Rebuild all objects in this database that use the default collation and run ALTER DATABASE template1 REFRESH COLLATION VERSION, or build PostgreSQL with the right library version. | ||
+ | Roles, databases, schemas, ACLs... | ||
+ | WARNING: | ||
+ | DETAIL: | ||
+ | HINT: Rebuild all objects in this database that use the default collation and run ALTER DATABASE postgres REFRESH COLLATION VERSION, or build PostgreSQL with the right library version. | ||
+ | WARNING: | ||
+ | DETAIL: | ||
+ | HINT: Rebuild all objects in this database that use the default collation and run ALTER DATABASE template1 REFRESH COLLATION VERSION, or build PostgreSQL with the right library version. | ||
+ | WARNING: | ||
+ | DETAIL: | ||
+ | HINT: Rebuild all objects in this database that use the default collation and run ALTER DATABASE gvmd REFRESH COLLATION VERSION, or build PostgreSQL with the right library version. | ||
+ | WARNING: | ||
+ | DETAIL: | ||
+ | HINT: Rebuild all objects in this database that use the default collation and run ALTER DATABASE postgres REFRESH COLLATION VERSION, or build PostgreSQL with the right library version. | ||
+ | | ||
+ | ------------ | ||
+ | |||
+ | (1 row) | ||
+ | |||
+ | | ||
+ | ------------ | ||
+ | |||
+ | (1 row) | ||
+ | |||
+ | | ||
+ | ------------ | ||
+ | |||
+ | (1 row) | ||
+ | |||
+ | | ||
+ | ------------ | ||
+ | |||
+ | (1 row) | ||
+ | |||
+ | Fixing hardcoded library paths for stored procedures... | ||
+ | WARNING: | ||
+ | DETAIL: | ||
+ | HINT: Rebuild all objects in this database that use the default collation and run ALTER DATABASE template1 REFRESH COLLATION VERSION, or build PostgreSQL with the right library version. | ||
+ | Upgrading database template1... | ||
+ | WARNING: | ||
+ | DETAIL: | ||
+ | HINT: Rebuild all objects in this database that use the default collation and run ALTER DATABASE template1 REFRESH COLLATION VERSION, or build PostgreSQL with the right library version. | ||
+ | Fixing hardcoded library paths for stored procedures... | ||
+ | WARNING: | ||
+ | DETAIL: | ||
+ | HINT: Rebuild all objects in this database that use the default collation and run ALTER DATABASE gvmd REFRESH COLLATION VERSION, or build PostgreSQL with the right library version. | ||
+ | Upgrading database gvmd... | ||
+ | WARNING: | ||
+ | DETAIL: | ||
+ | HINT: Rebuild all objects in this database that use the default collation and run ALTER DATABASE gvmd REFRESH COLLATION VERSION, or build PostgreSQL with the right library version. | ||
+ | Fixing hardcoded library paths for stored procedures... | ||
+ | WARNING: | ||
+ | DETAIL: | ||
+ | HINT: Rebuild all objects in this database that use the default collation and run ALTER DATABASE postgres REFRESH COLLATION VERSION, or build PostgreSQL with the right library version. | ||
+ | Upgrading database postgres... | ||
+ | WARNING: | ||
+ | DETAIL: | ||
+ | HINT: Rebuild all objects in this database that use the default collation and run ALTER DATABASE postgres REFRESH COLLATION VERSION, or build PostgreSQL with the right library version. | ||
+ | Stopping target cluster... | ||
+ | Stopping old cluster... | ||
+ | Disabling automatic startup of old cluster... | ||
+ | Starting upgraded cluster on port 5432... | ||
+ | Running finish phase upgrade hook scripts ... | ||
+ | vacuumdb: processing database " | ||
+ | vacuumdb: processing database " | ||
+ | vacuumdb: processing database " | ||
+ | vacuumdb: processing database " | ||
+ | vacuumdb: processing database " | ||
+ | vacuumdb: processing database " | ||
+ | vacuumdb: processing database " | ||
+ | vacuumdb: processing database " | ||
+ | vacuumdb: processing database " | ||
+ | |||
+ | Success. Please check that the upgraded cluster works. If it does, | ||
+ | you can remove the old cluster with | ||
+ | pg_dropcluster 15 main | ||
+ | |||
+ | Ver Cluster Port Status Owner Data directory | ||
+ | 15 main 5433 down | ||
+ | Ver Cluster Port Status Owner Data directory | ||
+ | 16 main 5432 online postgres / | ||
+ | |||
+ | root@pentest: | ||
+ | |||
+ | root@pentest: | ||
+ | Ver Cluster Port Status Owner Data directory | ||
+ | 16 main 5432 online postgres / | ||
+ | |||
</ | </ | ||
Zeile 1739: | Zeile 1886: | ||
</ | </ | ||
- | * Anpassen von **/ | + | * Anpassen von **/ |
< | < | ||
Zeile 1779: | Zeile 1926: | ||
def main(): | def main(): | ||
- | parser = argparse.ArgumentParser(description=' | + | |
- | parser.add_argument(' | + | |
- | parser.add_argument(' | + | parser.add_argument(' |
- | parser.add_argument(' | + | parser.add_argument(' |
- | parser.add_argument(' | + | parser.add_argument(' |
- | args = parser.parse_args() | + | parser.add_argument(' |
- | + | args = parser.parse_args() | |
- | sensor = args.sensor | + | |
- | #Predefined position of PIN | + | |
- | pin = ' | + | |
- | warningTemp = args.warning.split(',' | + | |
- | warningHum = args.warning.split(',' | + | |
- | criticalTemp = args.critical.split(',' | + | |
- | criticalHum = args.critical.split(',' | + | |
- | dhtboard | + | sensor |
- | | + | #Predefined position of PIN |
+ | pin = ' | ||
+ | warningTemp = args.warning.split(',')[0] | ||
+ | | ||
+ | criticalTemp | ||
+ | criticalHum = args.critical.split(',' | ||
- | hum, temp = dhtDevice.humidity, | + | dhtboard = getattr(board, |
+ | dhtDevice = adafruit_dht.DHT22(dhtboard, | ||
+ | | ||
+ | | ||
+ | except RuntimeError: | ||
+ | time.sleep(5) | ||
+ | main() | ||
if not re.match(" | if not re.match(" | ||
exitCheck(3, | exitCheck(3, | ||
Zeile 3530: | Zeile 3681: | ||
====== Debian 10 to Debian 11 Upgrade ====== | ====== Debian 10 to Debian 11 Upgrade ====== | ||
+ | * Achtung bei **qemu-kvm** Paket - wird deinstalliert / qemu-system-x86 für die Binaries installieren !! | ||
+ | |||
+ | < | ||
+ | apt-get install qemu-system-x86 | ||
+ | </ | ||
+ | |||
* **Pfad** des ipset binaries ist anders ( ln -s / | * **Pfad** des ipset binaries ist anders ( ln -s / | ||
Zeile 4234: | Zeile 4391: | ||
Apr 03 09:35:28 firewall clamd[50896]: | Apr 03 09:35:28 firewall clamd[50896]: | ||
</ | </ | ||
- | ====== | + | ====== |
+ | * Getestet auf Debian 12 Bookworm | ||
+ | * Ich möchte alle dns queries loggen - mit dnsmasq | ||
+ | * / | ||
+ | < | ||
+ | [main] | ||
+ | ... | ||
+ | dns=dnsmasq | ||
+ | ... | ||
+ | </ | ||
+ | * Nach einem restart vom NetworkManger startet er eine eigene dnsmasq Instanz als **nobody** e.g. | ||
+ | |||
+ | < | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | * Fürs logging erstellen wir ** / | ||
+ | |||
+ | < | ||
+ | log-queries=extra | ||
+ | log-async | ||
+ | </ | ||
+ | |||
+ | * Auf meiner Maschine erhalte ich nun alle queries unter zB: **tail -f / | ||
+ | |||
+ | < | ||
+ | Feb 26 11:41:43 mrWhiteGhost dnsmasq[7898]: | ||
+ | Feb 26 11:41:43 mrWhiteGhost dnsmasq[7898]: | ||
+ | |||
+ | |||
+ | Feb 26 11:42:10 mrWhiteGhost dnsmasq[7898]: | ||
+ | Feb 26 11:42:10 mrWhiteGhost dnsmasq[7898]: | ||
+ | Feb 26 11:42:10 mrWhiteGhost dnsmasq[7898]: | ||
+ | |||
+ | </ | ||
+ | ====== openssh ====== | ||
+ | * Notification mail nach Login via SSH | ||
< | < | ||
root@firewall: | root@firewall: | ||
Zeile 4242: | Zeile 4436: | ||
</ | </ | ||
+ | * Ausführen von bestimmten Skript nach Login über SSH | ||
+ | |||
+ | < | ||
+ | ... | ||
+ | Match User username123 | ||
+ | | ||
+ | ... | ||
+ | </ | ||
====== XRDP Remote Desktop Server mit Kerberos im AD - terminalserver ====== | ====== XRDP Remote Desktop Server mit Kerberos im AD - terminalserver ====== | ||
* Wir wollen in einer Active Directory Umgebung einen Open Source Remote Desktop Server bei dem sich alle Mitglieder der Domäne mit ihren gewohnten Zugangsdaten einloggen können | * Wir wollen in einer Active Directory Umgebung einen Open Source Remote Desktop Server bei dem sich alle Mitglieder der Domäne mit ihren gewohnten Zugangsdaten einloggen können | ||
Zeile 7084: | Zeile 7286: | ||
{{: | {{: | ||
{{: | {{: | ||
+ | |||
+ | ===== Auto Provisioning/ | ||
+ | * Um zB: Workstations als aktiven Agent einzubinden , da sie nicht immer laufen | ||
+ | |||
+ | {{: | ||
+ | |||
+ | * GPO Auto Installation: | ||
+ | |||
+ | * Scratchpad: | ||
+ | |||
+ | < | ||
+ | |||
+ | |||
+ | https:// | ||
+ | |||
+ | Secure autoregistration | ||
+ | |||
+ | A secure way of autoregistration is possible by configuring PSK-based authentication with encrypted connections. | ||
+ | |||
+ | The level of encryption is configured globally in Administration → General → Autoregistration. It is possible to select no encryption, TLS encryption with PSK authentication or both (so that some hosts may register without encryption while others through encryption). | ||
+ | |||
+ | Authentication by PSK is verified by Zabbix server before adding a host. If successful, the host is added and Connections from/to host are set to ' | ||
+ | |||
+ | To ensure security of autoregistration on installations using proxies, encryption between Zabbix server and proxy should be enabled. | ||
+ | |||
+ | |||
+ | ----- | ||
+ | |||
+ | |||
+ | Using host metadata | ||
+ | |||
+ | When agent is sending an auto-registration request to the server it sends its hostname. In some cases (for example, Amazon cloud nodes) a hostname is not enough for Zabbix server to differentiate discovered hosts. Host metadata can be optionally used to send other information from an agent to the server. | ||
+ | |||
+ | Host metadata is configured in the agent configuration file - zabbix_agentd.conf. There are 2 ways of specifying host metadata in the configuration file: | ||
+ | |||
+ | HostMetadata HostMetadataItem | ||
+ | |||
+ | See the description of the options in the link above. | ||
+ | |||
+ | < | ||
+ | Example 1 | ||
+ | |||
+ | Using host metadata to distinguish between Linux and Windows hosts. | ||
+ | |||
+ | Say you would like the hosts to be auto-registered by the Zabbix server. You have active Zabbix agents (see " | ||
+ | Agent configuration | ||
+ | |||
+ | The first thing to do is configuring the agents. Add the next line to the agent configuration files: | ||
+ | |||
+ | HostMetadataItem=system.uname | ||
+ | |||
+ | This way you make sure host metadata will contain " | ||
+ | |||
+ | Linux: Linux server3 3.2.0-4-686-pae #1 SMP Debian 3.2.41-2 i686 GNU/Linux Windows: Windows WIN-0PXGGSTYNHO 6.0.6001 Windows Server 2008 Service Pack 1 Intel IA-32 | ||
+ | |||
+ | Do not forget to restart the agent after making any changes to the configuration file. | ||
+ | Frontend configuration | ||
+ | |||
+ | Now you need to configure the frontend. Create 2 actions. The first action: | ||
+ | |||
+ | Name: Linux host autoregistration | ||
+ | Conditions: Host metadata like Linux | ||
+ | Operations: Link to templates: Template OS Linux | ||
+ | |||
+ | You can skip an "Add host" operation in this case. Linking to a template requires adding a host first so the server will do that automatically. | ||
+ | |||
+ | The second action: | ||
+ | --- | ||
+ | |||
+ | |||
+ | Install Client on Windows | ||
+ | |||
+ | https:// | ||
+ | |||
+ | Examples | ||
+ | |||
+ | To install Zabbix Windows agent from the command-line, | ||
+ | |||
+ | SET INSTALLFOLDER=C: | ||
+ | |||
+ | You may also run, for example: | ||
+ | |||
+ | msiexec /l*v log.txt /i zabbix_agent-6.4.0-x86.msi /qn^ SERVER=192.168.6.76^ | ||
+ | |||
+ | If both TLSPSKFILE and TLSPSKVALUE are passed, then TLSPSKVALUE will be written to TLSPSKFILE. | ||
+ | |||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ===== HPE 1950 OfficeConnect ===== | ||
+ | * Grundsätzlich ein H3C Switch - Template: **HP Comware HH3C by SNMP** | ||
+ | * **Achtung** , Anpassung bei Network Interface Discovery notwendig für Bits sent / Bits received | ||
+ | * **snmpwalk** ist dein Freund :) | ||
+ | |||
+ | {{: | ||
+ | {{: | ||
+ | {{: | ||
+ | |||
know-how/linux.1707740556.txt.gz · Zuletzt geändert: 2024/02/12 13:22 von cc