Athena.quadratic.net: Difference between revisions
From Federal Burro of Information
Jump to navigationJump to search
(→Todo) |
|||
| (8 intermediate revisions by the same user not shown) | |||
| Line 31: | Line 31: | ||
** etc | ** etc | ||
* rework iptables | * rework iptables | ||
* Awstats - web | |||
* IPV6 | * IPV6 | ||
** HE Account. | ** HE Account. | ||
** Become expert. | ** Become expert. | ||
=== Kernel Clean up === | |||
<pre> | |||
Module Size Used by | |||
freq_table 1695 1 cpufreq_stats | |||
ipt_LOG 5278 2 | |||
xt_limit 1040 2 | |||
nf_conntrack_ipv4 7728 6 | |||
nf_defrag_ipv4 815 1 nf_conntrack_ipv4 | |||
hwmon_vid 1744 1 smsc47m192 | |||
nfsd 195461 13 | |||
ipv6 191685 60 | |||
xt_conntrack 2281 6 | |||
nf_conntrack 39210 2 xt_conntrack,nf_conntrack_ipv4 | |||
xt_multiport 1186 8 | |||
iptable_filter 956 1 | |||
ip_tables 7511 1 iptable_filter | |||
x_tables 9242 7 ip_tables,iptable_filter,xt_multiport,xt_conntrack,xt_tcpudp,xt_limit,ipt_LOG | |||
REMOVE snd_hda_codec_realtek 192872 1 | |||
REMOVE snd_hda_codec 46142 2 snd_hda_intel,snd_hda_codec_realtek | |||
REMOVE snd_pcm 43934 2 snd_hda_codec,snd_hda_intel | |||
REMOVE snd_timer 12259 1 snd_pcm | |||
snd 34342 5 snd_timer,snd_pcm,snd_hda_codec,snd_hda_intel,snd_hda_codec_realtek | |||
i2c_core 12899 2 i2c_i801,smsc47m192 | |||
intel_gtt 9257 2 intel_agp | |||
iTCO_vendor_support 1332 1 iTCO_wdt | |||
agpgart 18234 2 intel_gtt,intel_agp | |||
REMOVE snd_page_alloc 4861 2 snd_pcm,snd_hda_intel | |||
mii 2835 1 r8169 <----- IMPORTANT | |||
libphy 11919 1 tg3 | |||
fuse 48872 1 | |||
exportfs 2466 2 xfs,nfsd | |||
nfs_acl 1615 2 nfs,nfsd | |||
auth_rpcgss 26741 2 nfs,nfsd | |||
lockd 52016 2 nfs,nfsd | |||
sunrpc 136591 18 lockd,auth_rpcgss,nfs_acl,nfs,nfsd | |||
jbd2 47656 1 ext4 | |||
dm_region_hash 5180 1 dm_mirror | |||
dm_log 6477 2 dm_region_hash,dm_mirror | |||
dm_mod 48553 4 dm_log,dm_mirror,dm_crypt,dm_snapshot | |||
ssb 31783 1 ohci_hcd | |||
usbcore 92731 8 ehci_hcd,usb_storage,uhci_hcd,ohci_hcd,usbhid,sl811_hcd,hid_sony | |||
libsas 40464 1 aic94xx | |||
megaraid_mm 5526 1 megaraid_mbox | |||
scsi_transport_sas 16673 3 mptsas,libsas,aic94xx | |||
scsi_transport_fc 29326 3 mptfc,qla2xxx,lpfc | |||
scsi_tgt 6824 1 scsi_transport_fc | |||
REMOVE mptscsih 21153 3 mptspi,mptfc,mptsas | |||
REMOVE mptbase 67729 4 mptscsih,mptspi,mptfc,mptsas | |||
parport 20803 1 imm | |||
scsi_transport_spi 15279 5 aic79xx,aic7xxx,sym53c8xx,dmx3191d,mptspi | |||
ata_piix 17606 4 | |||
libahci 13606 1 ahci | |||
REMOVE pcmcia 25045 2 pata_pcmcia,ssb | |||
REMOVE pcmcia_core 8389 1 pcmcia | |||
</pre> | |||
== Gentoo Config == | |||
/etc/portage/package.accept_keywords | |||
#required by virtual/perl-MIME-Base64-3.130.0-r2, required by @selected, required by @world (argument) | |||
=dev-lang/perl-5.16.3 ~x86 | |||
=== Genkernel === | |||
genkernel --menuconfig --no-lvm --no-dmraid --busybox --static --no-mrproper --no-clean all | |||
== Disk == | == Disk == | ||
| Line 345: | Line 415: | ||
wc -l /tmp/data.DST.SRC.DPT.1 /tmp/data.DST.SRC.DPT.2 | wc -l /tmp/data.DST.SRC.DPT.1 /tmp/data.DST.SRC.DPT.2 | ||
cat /tmp/data.DST.SRC.DPT.2 | /usr/local/src/afterglow/src/perl/graph/afterglow.pl -e 1.3 -c iptables.properties -p 1 > /tmp/data.DST.SRC.DPT.neato | cat /tmp/data.DST.SRC.DPT.2 | /usr/local/src/afterglow/src/perl/graph/afterglow.pl -e 1.3 -c iptables.properties -p 1 > /tmp/data.DST.SRC.DPT.neato | ||
cat /tmp/data.DST.SRC.DPT.neato | neato -Tpng -o/var/www/www.quadratic.net/secure/fw.png; | cat /tmp/data.DST.SRC.DPT.neato | neato -Tpng -o/var/www/www.quadratic.net/secure/fw.png; | ||
https://www.quadratic.net/fw.png | |||
==== fwlogwatch ==== | ==== fwlogwatch ==== | ||
| Line 352: | Line 424: | ||
./fwlogwatch -O cd -z -b -d -S -w /tmp/kern.log > /var/www/www.quadratic.net/secure/fwlog.html | ./fwlogwatch -O cd -z -b -d -S -w /tmp/kern.log > /var/www/www.quadratic.net/secure/fwlog.html | ||
https://www.quadratic.net/fwlog.html | |||
=== Sysstat === | |||
i.e. sar: | |||
* installed "sysstat" | |||
* root crontab: | |||
*/5 * * * * root /usr/lib/sa/sadc -F -L -S XALL 1 1 - | |||
=== Smokeping === | |||
https://www.quadratic.net/cgi-bin/smokeping.cgi | |||
[[Category:Computers]] | [[Category:Computers]] | ||
Latest revision as of 03:38, 21 October 2013
Overview
- replaces cydonia
- Home server
- gentoo
- On the end of a tek savvy connection with static IP.
- motherboard: D945GCLF
- processor: atom 230 (64 bit profile) intel product page
- onboard realtek wasn't working very good on cydonia, is working great now.
- might be issues with random number generator.
Todo
- disk clean up - WHOLLY SHIT , finally done!
- Security
- chkrootkit
- nessus
- snort
- acid
- aide
- ip6tables (
- sysctl ra stuff
- irssi - DONE
- Pathchar - DONE
- gnuplot - DONE
- ipv6 - oh yeah
- Backups
- mysql - done
- code
- wiki
- etc
- rework iptables
- Awstats - web
- IPV6
- HE Account.
- Become expert.
Kernel Clean up
Module Size Used by freq_table 1695 1 cpufreq_stats ipt_LOG 5278 2 xt_limit 1040 2 nf_conntrack_ipv4 7728 6 nf_defrag_ipv4 815 1 nf_conntrack_ipv4 hwmon_vid 1744 1 smsc47m192 nfsd 195461 13 ipv6 191685 60 xt_conntrack 2281 6 nf_conntrack 39210 2 xt_conntrack,nf_conntrack_ipv4 xt_multiport 1186 8 iptable_filter 956 1 ip_tables 7511 1 iptable_filter x_tables 9242 7 ip_tables,iptable_filter,xt_multiport,xt_conntrack,xt_tcpudp,xt_limit,ipt_LOG REMOVE snd_hda_codec_realtek 192872 1 REMOVE snd_hda_codec 46142 2 snd_hda_intel,snd_hda_codec_realtek REMOVE snd_pcm 43934 2 snd_hda_codec,snd_hda_intel REMOVE snd_timer 12259 1 snd_pcm snd 34342 5 snd_timer,snd_pcm,snd_hda_codec,snd_hda_intel,snd_hda_codec_realtek i2c_core 12899 2 i2c_i801,smsc47m192 intel_gtt 9257 2 intel_agp iTCO_vendor_support 1332 1 iTCO_wdt agpgart 18234 2 intel_gtt,intel_agp REMOVE snd_page_alloc 4861 2 snd_pcm,snd_hda_intel mii 2835 1 r8169 <----- IMPORTANT libphy 11919 1 tg3 fuse 48872 1 exportfs 2466 2 xfs,nfsd nfs_acl 1615 2 nfs,nfsd auth_rpcgss 26741 2 nfs,nfsd lockd 52016 2 nfs,nfsd sunrpc 136591 18 lockd,auth_rpcgss,nfs_acl,nfs,nfsd jbd2 47656 1 ext4 dm_region_hash 5180 1 dm_mirror dm_log 6477 2 dm_region_hash,dm_mirror dm_mod 48553 4 dm_log,dm_mirror,dm_crypt,dm_snapshot ssb 31783 1 ohci_hcd usbcore 92731 8 ehci_hcd,usb_storage,uhci_hcd,ohci_hcd,usbhid,sl811_hcd,hid_sony libsas 40464 1 aic94xx megaraid_mm 5526 1 megaraid_mbox scsi_transport_sas 16673 3 mptsas,libsas,aic94xx scsi_transport_fc 29326 3 mptfc,qla2xxx,lpfc scsi_tgt 6824 1 scsi_transport_fc REMOVE mptscsih 21153 3 mptspi,mptfc,mptsas REMOVE mptbase 67729 4 mptscsih,mptspi,mptfc,mptsas parport 20803 1 imm scsi_transport_spi 15279 5 aic79xx,aic7xxx,sym53c8xx,dmx3191d,mptspi ata_piix 17606 4 libahci 13606 1 ahci REMOVE pcmcia 25045 2 pata_pcmcia,ssb REMOVE pcmcia_core 8389 1 pcmcia
Gentoo Config
/etc/portage/package.accept_keywords
#required by virtual/perl-MIME-Base64-3.130.0-r2, required by @selected, required by @world (argument) =dev-lang/perl-5.16.3 ~x86
Genkernel
genkernel --menuconfig --no-lvm --no-dmraid --busybox --static --no-mrproper --no-clean all
Disk
UPDATE David 19:55, 22 September 2012 (EDT)
The system has been cleaned up and now only the single 320 G disk remains.
blkid
WDC WD1200JD-00G 120GB /dev/sda1: LABEL="DISK2S1" UUID="3224-1BD9" TYPE="vfat" ST3120827AS 120GB /dev/sdb1: LABEL="BOOT" UUID="e1380799-31c9-4fe9-a1ff-0113e08be218" SEC_TYPE="ext2" TYPE="ext3" ST3320620AS 320GB /dev/sdc1: LABEL="BOOT" UUID="f91862c9-488c-4567-b82a-1d38bc0310ba" SEC_TYPE="ext2" TYPE="ext3" /dev/sdc2: UUID="b2665415-fa5a-4486-beaf-3a0278a716a8" TYPE="swap" /dev/sdc3: UUID="603dee13-f28e-4c53-bf4d-bd255f46c229" TYPE="ext3" LABEL="VAR" /dev/sdc4: UUID="950356e3-2d28-4176-a250-45f56df94d61" TYPE="ext3" LABEL="ROOT" ST98823AS 80GB /dev/sdd1: UUID="d13157a2-ba77-48a4-8829-55cd6a0ec518" TYPE="ext2" /dev/sdd2: UUID="5d3471bf-ae1c-4286-aa7d-1a486d45c6b6" TYPE="swap" /dev/sdd3: UUID="328df938-26d1-4cb9-b608-d22f64bde502" SEC_TYPE="ext2" TYPE="ext3" /dev/sdd4: UUID="0425f6cc-c1d6-4f26-bc7c-fbb72393b71a" SEC_TYPE="ext2" TYPE="ext3"
/sbin/fdisk -l /dev/sda
Disk /dev/sda: 120.0 GB, 120034123776 bytes 255 heads, 63 sectors/track, 14593 cylinders, total 234441648 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0xf8ab449a Device Boot Start End Blocks Id System /dev/sda1 * 63 234436544 117218241 b W95 FAT32
/sbin/fdisk -l /dev/sdb
Disk /dev/sdb: 120.0 GB, 120034123776 bytes 81 heads, 63 sectors/track, 45941 cylinders, total 234441648 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x000dcdfd Device Boot Start End Blocks Id System /dev/sdb1 2048 234441647 117219800 83 Linux
/sbin/fdisk -l /dev/sdc
Disk /dev/sdc: 320.1 GB, 320072933376 bytes 255 heads, 63 sectors/track, 38913 cylinders, total 625142448 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x113e9d6b Device Boot Start End Blocks Id System /dev/sdc1 * 2048 1026047 512000 83 Linux /dev/sdc2 1026048 5122047 2048000 82 Linux swap / Solaris /dev/sdc3 5122048 13510655 4194304 83 Linux /dev/sdc4 13510656 625142447 305815896 83 Linux
/sbin/fdisk -l /dev/sdd
Disk /dev/sdd: 80.0 GB, 80026361856 bytes 255 heads, 63 sectors/track, 9729 cylinders, total 156301488 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x6ddbb66d Device Boot Start End Blocks Id System /dev/sdd1 * 63 996029 497983+ 83 Linux /dev/sdd2 996030 4915889 1959930 82 Linux swap / Solaris /dev/sdd3 4915890 12739544 3911827+ 83 Linux /dev/sdd4 12739545 156296384 71778420 83 Linux
Network
eth0 Link encap:Ethernet HWaddr 00:1c:c0:5d:6c:1a
inet addr:192.168.1.64 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::21c:c0ff:fe5d:6c1a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26000995 errors:0 dropped:2809 overruns:0 frame:0
TX packets:63963297 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4208651941 (3.9 GiB) TX bytes:1678575649 (1.5 GiB)
Interrupt:16 Base address:0x8000
eth0:1 Link encap:Ethernet HWaddr 00:1c:c0:5d:6c:1a
inet addr:192.168.254.100 Bcast:192.168.254.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Base address:0x8000
IPV6
ifconfig sit0 up ifconfig sit0 inet6 tunnel ::216.66.38.58 ifconfig sit1 up ifconfig sit1 inet6 add 2001:470:1c:907::2/64 route -A inet6 add ::/0 dev sit1
Backups
Mysql
in /etc/logrotate.d/mysql:
/var/log/mysql/mysql.err /var/log/mysql/mysql.log /var/log/mysql/mysqld.err {
monthly
create 660 mysql mysql
notifempty
size 5M
sharedscripts
missingok
postrotate
[ -f /var/run/mysqld/mysqld.pid ] && /bin/kill -HUP `cat /var/run/mysqld/mysqld.pid`
endscript
}
/data/backup/cydonia/mysql/dump.sql {
daily
rotate 14
missingok
compress
postrotate
/usr/bin/mysqldump --master-data=1 --single-transaction --flush-privileges --lock-tables --log-error=/var/log/mysql_backup.log --dump-date --opt --flush-logs --all-databases > /data/backup/cydonia/mysql/dump.sql
endscript
}
/var/log/mysql_backup.log {
daily
rotate 14
missingok
}
I need to setup a system to send the backup off site.
The Python Mess
what pythons to I have installed:
10:50:02 athena@athena /home/david # /usr/bin/equery list python * Searching for python ... [IP-] [ ] dev-lang/python-2.6.6-r2:2.6 [IP-] [ ] dev-lang/python-2.7.2-r3:2.7 [IP-] [ ] dev-lang/python-3.1.4-r3:3.1 [IP-] [ ] dev-lang/python-3.2.3:3.2 10:50:57 athena@athena /home/david #
What needs python-2.6.8 ?
10:48:41 athena@athena /home/david # equery d dev-lang/python-2.6.8
* These packages depend on dev-lang/python-2.6.8:
app-admin/python-updater-0.10 (dev-lang/python)
app-admin/webapp-config-1.50.16-r4 (=dev-lang/python-2*)
app-crypt/mit-krb5-1.9.2-r2 (test ? dev-lang/python)
app-editors/vim-7.3.409 (python ? =dev-lang/python-2*)
(python ? =dev-lang/python-2*[threads])
app-portage/gentoolkit-0.3.0.5 (dev-lang/python[xml])
(dev-lang/python)
(>=dev-lang/python-2.6[xml])
dev-libs/glib-2.30.3 (test ? =dev-lang/python-2*)
(utils ? =dev-lang/python-2*)
dev-libs/gobject-introspection-1.30.0-r2 (=dev-lang/python-2.7*)
(=dev-lang/python-2.6*)
(=dev-lang/python-2.5*)
(=dev-lang/python-2.7*[xml])
(=dev-lang/python-2.6*[xml])
(=dev-lang/python-2.5*[xml])
dev-libs/libxml2-2.8.0_rc1 (python ? =dev-lang/python-2*)
(python ? =dev-lang/python-2*[xml])
dev-libs/libxslt-1.1.26-r3 (python ? =dev-lang/python-2*)
dev-python/argparse-1.2.1 (dev-lang/python)
dev-python/elementtree-1.2.6-r2 (=dev-lang/python-2*)
dev-python/setuptools-0.6.21 (dev-lang/python)
dev-vcs/subversion-1.6.17-r7 (ctypes-python ? =dev-lang/python-2*)
(python ? =dev-lang/python-2*)
gnome-base/librsvg-2.34.2 (=dev-lang/python-2*)
media-gfx/graphviz-2.26.3-r3 (python ? =dev-lang/python-2*)
net-analyzer/nmap-5.51 (gtk ? dev-lang/python:2.7[sqlite])
(gtk ? dev-lang/python:2.6[sqlite])
(gtk ? dev-lang/python:2.5[sqlite])
(=dev-lang/python-2*)
net-analyzer/rrdtool-1.4.5-r1 (python ? =dev-lang/python-2*)
sys-apps/dbus-1.4.20 (test ? dev-lang/python:2.7)
sys-apps/file-5.09 (python ? dev-lang/python)
sys-apps/portage-2.1.10.65 (python3 ? =dev-lang/python-3*)
(!python3 ? >=dev-lang/python-2.7)
(!python3 ? dev-lang/python:2.6[threads])
(!python3 ? dev-lang/python:2.7)
(python3 ? =dev-lang/python-3*[ssl])
(!python3 ? >=dev-lang/python-2.7[ssl])
(!python3 ? dev-lang/python:2.6[threads,ssl])
(!python3 ? dev-lang/python:2.7[ssl])
(!python3 ? dev-lang/python:2.6[ssl,threads])
(kernel_linux ? >=dev-lang/python-3.3_pre20110902)
sys-libs/cracklib-2.8.16 (python ? =dev-lang/python-2*)
sys-libs/tdb-1.2.7-r1 (python ? =dev-lang/python-2*)
10:49:05 athena@athena /home/david #
lm_detect
sensors-detect
Intel digital thermal sensor... Success!
(driver `coretemp')
Found `SMSC LPC47M15x/192/997 Super IO Fan Sensors' Success!
(address 0x680, driver `smsc47m1')
Probing for `SMSC LPC47M15x/192/292/997'... Success!
(confidence 6, driver `smsc47m192')
Probing for `SPD EEPROM'... Yes
(confidence 8, not a hardware monitoring chip)
Driver `smsc47m1':
* ISA bus, address 0x680
Chip `SMSC LPC47M15x/192/997 Super IO Fan Sensors' (confidence: 9)
Driver `coretemp':
* Chip `Intel digital thermal sensor' (confidence: 9)
Driver `smsc47m192':
* Bus `SMBus I801 adapter at 2000'
Busdriver `i2c_i801', I2C address 0x2d
Chip `SMSC LPC47M15x/192/292/997' (confidence: 6)
/etc/conf.d/lm_sensors
LOADMODULES=yes INITSENSORS=yes HWMON_MODULES="coretemp smsc47m1 smsc47m192" MODULE_0=coretemp MODULE_1=smsc47m1 MODULE_2=smsc47m192
sensors gives:
coretemp-isa-0000 Adapter: ISA adapter Core 0: -1.0 C (crit = +90.0 C) smsc47m1-isa-0680 Adapter: ISA adapter fan1: 0 RPM (min = 1280 RPM, div = 4) ALARM fan2: 0 RPM (min = 1280 RPM, div = 4) ALARM smsc47m192-i2c-0-2d Adapter: SMBus I801 adapter at 2000 in0: +2.54 V (min = +0.00 V, max = +3.32 V) Vcore: +1.15 V (min = +0.00 V, max = +2.99 V) +3.3V: +3.35 V (min = +2.97 V, max = +3.63 V) +5V: +4.97 V (min = +4.50 V, max = +5.50 V) +12V: +11.94 V (min = +10.81 V, max = +13.19 V) VCC: +3.37 V (min = +2.97 V, max = +3.63 V) in6: +1.57 V (min = +0.00 V, max = +1.99 V) in7: +1.77 V (min = +0.00 V, max = +2.39 V) SIO Temp: +29.0 C (low = -127.0 C, high = +127.0 C) temp2: +40.0 C (low = -127.0 C, high = +50.0 C) temp3: +33.0 C (low = -127.0 C, high = +127.0 C) cpu0_vid: +2.050 V
cacti setup for lmsensors
see http://www.eric-a-hall.com/software/cacti-netsnmp-lmsensors/
Reporting
iptables reports
- psad was installed ( emerge )
- afterglow was installed ( /usr/local/src )
- fwlogwatch 1.1 was installed ( emerge , failed )
- fwlogwatch 1.3 was installed ( /usr/local/src , no make install, worked)
- some good gnuplot examples: http://cipherdyne.org/LinuxFirewalls/ch14/
- also see http://cipherdyne.org/talks/Michael_Rash_OSCON_2007.pdf
- also see http://raffy.ch/blog/2007/06/18/afterglow-example-visualizing-ip-tables-logs/
neato graph with afterglow
head -10000 /tmp/kern.log | perl -a -n -e 'chomp; foreach ( @F ) { if ( /DST=(.*)/ || /SRC=(.*)/ || /DPT=(.*)/) { print $1." "; } } print "\n"; ' | awk '{print $1 ", " $3 ", " $2;}' > /tmp/data.DST.SRC.DPT
more /tmp/data.DST.SRC.DPT | awk 'NF==3 { print }' > /tmp/data.DST.SRC.DPT.1
grep -v 127.0.0.1 /tmp/data.DST.SRC.DPT.1 | sort | uniq > /tmp/data.DST.SRC.DPT.2
wc -l /tmp/data.DST.SRC.DPT.1 /tmp/data.DST.SRC.DPT.2
cat /tmp/data.DST.SRC.DPT.2 | /usr/local/src/afterglow/src/perl/graph/afterglow.pl -e 1.3 -c iptables.properties -p 1 > /tmp/data.DST.SRC.DPT.neato
cat /tmp/data.DST.SRC.DPT.neato | neato -Tpng -o/var/www/www.quadratic.net/secure/fw.png;
https://www.quadratic.net/fw.png
fwlogwatch
cd /usr/local/src/fwlogwatch-1.3 ./fwlogwatch -O cd -z -b -d -S -w /tmp/kern.log > /var/www/www.quadratic.net/secure/fwlog.html
https://www.quadratic.net/fwlog.html
Sysstat
i.e. sar:
- installed "sysstat"
- root crontab:
*/5 * * * * root /usr/lib/sa/sadc -F -L -S XALL 1 1 -
Smokeping
https://www.quadratic.net/cgi-bin/smokeping.cgi
