By default, in most Linux distros, OpenVPN log output goes to the syslog, which is usually at
/var/log/syslog. However, your config files can set the logfile location explicitly, as shown below:
sudo vi /etc/openvpn/server.conf
- Change or add:
- Restart to use the new config:
sudo service openvpn restart
- Add to Splunk forwarder:
sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/openvpn.log -index main -sourcetype OpenVPN
sudo vi /opt/splunkforwarder/etc/apps/search/local/inputs.conf
disabled = false
index = main
sourcetype = OpenVPN
Using a personal proxy server can be helpful for a variety of reasons, such as:
- Performance – network speed and bandwidth
- Security – filtering and monitoring
- Debugging – to trace activity
Here are some simple steps to get you started, obviously you will need to further “harden” security to make it production ready!
sudo apt-get install squid3
sudo mv squid.conf squid.orig
sudo vi squid.conf
NOTE: the following configuration works, but will likely need to be adapted for your specific usage.
auth_param digest program /usr/lib/squid3/digest_file_auth -c /etc/squid3/passwords
#auth_param digest program /usr/lib/squid3/digest_pw_auth -c /etc/squid3/passwords
auth_param digest realm proxy
auth_param basic credentialsttl 4 hours
acl authenticated proxy_auth REQUIRED
acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC 1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
#acl SSL_ports port 443
#http_access deny to_localhost
#http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access allow authenticated
Create the users and passwords:
sudo apt-get install apache2-utils (required for htdigest)
sudo htdigest -c /etc/squid3/passwords proxy user1
sudo htdigest /etc/squid3/passwords proxy user2
Open up firewall port (if enabled):
sudo ufw allow 3128
Restart the server and tail the logs:
sudo service squid3 restart
sudo tail -f /var/log/squid3/access.log
OTHER FILE LOCATIONS:
MONITORING with Splunk…
sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/squid3/access.log -index main -sourcetype Squid3
sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/squid3/cache.log -index main -sourcetype Squid3
WireShark is an invaluable tool in recording and reviewing network traffic, it was previously known as Ethereal and is available for a variety of platforms.
Installation can sometimes be hard to remember as use by non-superusers requires additional configuration in Linux.
- Add the repository and install:
sudo add-apt-repository ppa:wireshark-dev/stable
sudo apt-get update
sudo apt-get install wireshark
- During installation, the following will appear, chose "Yes" for most instances.
Should non-super users be able to capture packets - Yes / No?
- If you need to change the value you selected, you can always re-run the following:
- Add the user to the
wireshark group so that they can capture traffic:
add user to group:
sudo usermod -a -G wireshark username
- If you need additional information, you can always RTFM:
sudo vi /usr/share/doc/wireshark-common/README.Debian.
Ubuntu updates occasionally fail due to IPv6 update servers not being reachable. While I prefer to keep IPV6 activated, this approach will allow you to disable it for updates, simply reverse the steps to re-enable afterwards!
- Update the configuration file…
sudo vi /etc/sysctl.conf
# IPv6 disabled
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
Then, you must enable the change…
sudo sysctl -p
- To verify…
Splunk is a popular enterprise level tool for log collection, analysis and management. While you can obtain an enterprise license, most functions are available in the free community edition.
Setup is very easy:
- Download and move the .tar.gz file to the appropriate server (i386 vs. amd64)
sudo dpkg -i splunk*.deb
- Start the server:
sudo /opt/splunk/bin/splunk start
The first time you run after installation or update you will have to accept terms.
Access the admin screen:
Go to Settings/Forwarding * Receiving
– add new (port 9997)
- Open firewall port (if enabled):
sudo ufw allow 8000
Now to start as a service…
sudo /opt/splunk/bin/splunk enable boot-start
I’ve done a LOT of web and software development in my career, one of the biggest problems I’v e had is doing proper testing on various platforms. VirtualBox can be run on most platforms, and allows for you to virtualize various operating systems. Apple’s OS X can be problematic to install, here’s some functioning instructions and settings that I’ve successfully used for my virtual Hackintosh test environment.
WARNING: As this uses an image of the software, it is advisable to also have a valid licenced copy as to use this without a licence would be “stealing”.
NOTE: this is a version of Snow Leopard, unfortunately you will NOT be able to update or add “fixes” to this test copy as it will usually break. I recommend making a copy of the VM if you wish to try!
My VirtualBox settings:
Mac OS X
Mac OS X Snow Leopard (64-bit)
- English, continue
- Utilities… disk Utilities… Select drive, Erase, name, erase… close
- Select disk… continue
- Customize (see instructions for: updates, kernels & bootloaders)
NOTE: i only did 10.6.1 (an earlier 10.6.2 failed)
- Resolution fix – (I could not save file, but here are the instructions…
Finder > OSX Drive (On desktop) > Extras > com.apple.Boot.plist (open with TextEdit – use the field to find)
DomainKeys (originally from Yahoo!) and Cisco, and later as an industry collaboration, is a means for and organization to claim responsibility for sending a message, in a way that can be validated by a recipient. As a result, emails are “signed” by the outgoing SMTP server and can be verified against a DNS record. Depending upon the receiver, unsigned emails MAY be treated or marked as SPAM as they could be forgeries.
The below instructions assume Ubuntu (Debian) and Postfix, but could likely be modified for other platforms.
I’ve found New Relic to be a great free addition to my suite of tools for server monitoring and alerting as I shifted to a DevOps support environment.
Installation is very fast an simple once you’ve created a free accound. Paid options are available and allow for more features.
You will need to record/save YOUR_LICENSE_KEY from your account for step 5 below.
sudo sh -c 'echo deb http://apt.newrelic.com/debian/ newrelic non-free > /etc/apt/sources.list.d/newrelic.list'
wget -O- https://download.newrelic.com/548C16BF.gpg | sudo apt-key add -
sudo apt-get update
sudo apt-get install newrelic-sysmond
sudo nrsysmond-config --set license_key=YOUR_LICENSE_KEY
sudo /etc/init.d/newrelic-sysmond start
You are done! Within a few minutes you should start seeing data on your consoles at the New Relic website.
Shortly updating to Ubuntu Trusty (14.04), I noticed the following warning on my console during updates. I finally got around to looking into it deeper and found that many users have seen this too.
Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.
If you edit the ‘grub’ file, you can comment out the GRUB_HIDDEN_TIMEOUT line by adding a hash in front of it.
sudo vi /etc/default/grub
Verify that the error is fixed by executing the following:
If you are interested, you can also go and look at the updated ‘grub’ file at
NOTE: I’d also seen that the following command could be used, but it was of no use in my testing.
The Canonical/Ubuntu Landscape service has been around for as long as I can remember using Ubuntu. A free trial period is enabled (re-enabled?) when a new installation occurs, that allows for a server administrator to see performance metrics and uptime information for any hardware that is running the client. After the trial ends, it is still a quick means of visually observing some key statistics in the terminal MOTD at login. I’d also noticed that it was still doing DNS lookups to “
landscape.canonical.com” on a regular basis, and while I did not look for it, I assume that some information was still being collected and reported upon.
As there are MANY other ways to get server performance information, I decided that it was time to be rid of landscape itself.
Removal is easy, as only one line is required… I chose to “purge” all references, though you can “remove” if you feel inclined to leave any configuration for possible later re-installation.
sudo apt-get purge landscape-client landscape-client-ui landscape-client-ui-install landscape-common