Categories
Linux network servers Uncategorized

Getting ntop running on CentOS

What is ntop

ntop is a linux service which monitors network traffic and nework devices on your LAN.  However the best explanation cabe had be visting ntop’s website.

So how you install and set it up then? Well, that’s when the fun begins, though by the end of it you might not think of it as “fun”.

Installing ntop

I am using CentOS 5.6 so the version of ntop which comes with it is the older  3.3.9. The latest version being 4.1.0 and can be downloaded from ntop.org and compiled and setup if you wish. However, I stuck with the version in the repositories of CentOS.

One thing about the install on CentOS is that it is entirely broken. You’ll see why later.

To download ntop, simply perform

sudo yum install ntop

Now you’d be tempted to just go ahead and do

sudo service ntop start

However that is not going to work, for several reasons. Firstly, you need to set a admin password  and second, the path which contains the various files is in the wrong place.  For the first simply run

sudo ntop -A

But! do not do that until you have fixed the config file. The config file is set to put the files in the folder /var/lib/ntop which causes permissions problems. The “correct” or rather, usable, folder you want to use is /etc/ntop which already contains some of the files.

So really the first thing you need to do is modify the config file /etc/ntop.conf.

Change the following line

...
# sets the directory that ntop runs from
--db-file-path /var/lib/ntop
...

to

--db-file-path /etc/ntop

Now you can set the admin password and start the service. One item you will notice is that ntop will spit out the errors.

Error Opening file ./GeoLiteCity.dat
Error Opening file ./GeoIPASNum.dat

If you check the /etc/ntop folder you will see those files are there. The issue is not with the files, but with the contents. ntop runs fine however and you can access the web interface at http://localhost:3000

Conclusion

This gets the ntop started and going and access to ntop on the web host. In my next post I will show how to connect ntop to the reverse proxy so you can monitor the server remotely.

That will also be even more “fun”.

Categories
Exim exim4 IMAP ldap Linux ssl Uncategorized

Hooking WP7 to exim4 and dovecot with SSL

Okay, so I go this new phone which allows me to access my gmail and hotmail accounts – I have a lot of e-mails. Part of the problem with my frazzled brain is that I setup a lot of different e-mails

Setting up Dovecot

Dovecot was remarkably simple to setup and get the authentication working. A quick follow of these instructions got the SSL connection to my phone working. I was even able to reuse my self-signed certificate which I use for other services on the same CNAME.

Setting up Exim SSL

Exim has two levels here. One is TLS/SSL setup and other is authentication. I first started with SSL to encrypt the content and authentication information. Seems obvious doesn’t it?

My system is a Ubuntu(Debian) system using the single file configuration. I find this far easier to manage.

This is where I ran into my first issue. A follow of these instructions did not fully enable the  connection with the phone.  The Exim log indicated repeated problems with the TLS connection. Not so easy after all.

Reasearch indicates that some e-mail clients are unable to use the new STARTTLS syntax and instead used a immediate jump into SSL. I would be miffed if that was the case with the Windows Phone client. I set about trying it anyway.

Exim has the setting

 tls_on_connect_ports = 465 

This initiates the SSL connection from the start. This did not work either giving other errors. It appeared that my SSL certificates were not compatible with Exim – even though they worked fine with dovecot. (see above)

However even after I used the certificate generation tool

 exim-gencert 

I still received the same errors. This was beyond my meagre skills. So I moved on, perhaps another day I will find the answer.

Setting up Exim Auth

This part of the setup was very much easier, but sorting out the Debian single file setup was a bit of fun. Not really.

As I use LDAP for authentication and mapping of the virtual e-mail addresses the basic Exim – Debian setup was required to be changed. Below is what I used and is pretty self explanatory.

plain: 
 driver = plaintext
 public_name = PLAIN
 server_condition = ${if ldapauth{user="uid=${quote_ldap_dn:$2},PEOPLE_BASEDN" pass=${quote:$3} \
 ldap://localhost/} {yes}{no}}
 server_set_id = $2

login:
 driver = plaintext
 public_name = LOGIN
 server_prompts = Username:: : Password::
 server_condition = ${if and{ {!eq{}{$1} }\
 {ldapauth{user="uid=${quote_ldap_dn:$1},PEOPLE_BASEDN" pass=${quote:$2} \
 ldap://localhost/} }} \
 {yes}{no}}
 server_set_id = $1 

Note that the PLAIN authenticator does not have prompts and that the userid is $2, because $1 is and unique ID passed through, but often not used. As well there is no empty check for userid – like there is with the LOGIN. This seemed to cause errors.

Summary

I can now read and send e-mails from my phone which is great. While the send cannot use SSL for now, this is something I hope to find an answer for.

One last issue is that the phone client likes to store outgoing e-mails in the Sent Items folder and trash in Deleted Items. This is not the standard setup that Outlook and client use so I will show you how to fix that in my next post.

Categories
boot clonezilla GRUB Linux MBR Ubuntu

Conezilla and GRUB a match

The backup server in the office is obviously a quite critical machine. Its the only thing preventing user’s from permanently losing their data. The machine was an old machine that I had bought from a charity. I replaced the powesupply and the internal fans and upgrade the NIC and installed a RAID.

Well I had been checking the drive health by SMART using the LINUX package smartctl. I don’t fully understand the statistics in this package but it did look like the drive was wearing and due for a replacement. So I’d heard of Clonezilla and thought this was the perfect solution.

I had a 160GB drive I bought over a year ago for just this purpose. So I installed it and turned off the RAID while I figured things out.

I fired up clonezilla and went through the steps. I ran into a couple of hitches along the way.
Clonezilla failed to copy one of the partitions because it wasn’t clean. I had to fsck that partition and start over.

The second was that I asked Clonezilla to copy over the GRUB in the MBR – but this also failed as I was still on GRUB 1.x and Clonezilla wanted to put in GRUB 2.0. So on the reboot the machine did not boot. It dumped me into a min-GRUB command line. This didn’t have all the commands of the OS version. So I was a bit stuck.

Now the frustrating bit. Somehow as I was rejigging the cables and devices the machine failed to POST, which was sad indeed. I have a spare but this sad as this machine really had been a workhorse for four years now.

I now have to use another unused machine (lucky me) to take over the backup duties. I did try the Ubuntu repair-system process but this failed to install GRUB for some reason. Which does worry me a lot. Obviously another way would be to re-install Ubuntu fresh to the disk and clone over the partitions. That would be a last resort.

Any advice would be most welcome.