Tag Archives: sysadmin

Setting up DNS Server in CentOS 7

DNS service is used for translating hostnames to IP addresses and vice versa. When your computer needs to communicate with google.com , it asks the DNS server what IP is google.com. DNS server looks at it’s database or any parent DNS servers for that information and replies to your computer. CentOS uses ‘bind‘ package for running DNS server. For querying servers for DNS information, we use commands like host, nslookup or dig

In this article I would like you guide you on how to set up a basic DNS server for your own network using CentOS 7 and bind. A few things we need to keep in mind.

DNS server IP : 10.0.0.1
Domain : example.com
Network : 10.0.0.0/24
Hostname of the DNS server: core ( hence core.example.com )

Configure a static IP for the server, or make sure the DHCP will assign the same IP always for this server. We start by installing packages.

yum install bind bind-utils
firewall-cmd --permanent --add-port 53/udp
firewall-cmd --permanent --add-port 53/tcp
firewall-cmd reload
systemctl enable named.service
systemctl start named.service

Now, we need to configure bind service to start serving example.com domain and it’s DNS entries. First, we need to create a forward zone and a reverse zone for example.com domain. The simplest way to explain, Forward zone serves name to IP conversion, such as A , CNAME , MX records. Reverse zone serves IP to name lookups for PTR records. We need to add the following entries in /etc/named.conf

options {
        listen-on port 53 { 127.0.0.1; 10.0.0.1;};
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 10.0.0.0/24;};
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
        /* Using Google DNS to query for DNS requests outside example.com */
        forwarders {
                8.8.8.8;
                8.8.4.4;
        };
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

/* Forward Zone */
zone "example.com" IN {
type master;
file "example.com.forward";
allow-update { none; };
};

/* Reverse Zone */
zone "0.0.10.in-addr.arpa" IN {
type master;
file "example.com.reverse";
allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

We have configured our DNS server to forward requests not in example.com towards external DNS servers ( 8.8.8.8 and 8.8.4.4 ) to serve the clients. This is called DNS forwarding. Our client nodes need to be configured with only our DNS server. This also improves the network performance because DNS server caches responses so clients will get faster replies.

As you can see in line number 39 and 45 , we have defined out forward and reverse zone to be served from files named example.com.forward and example.com.reverse. These need to be created inside /var/named/ folder.

$TTL 86400
$ORIGIN example.com.
@   IN  SOA     core.example.com. webmaster.example.com. (
        100 ; Serial
        3000        ; Refresh
        3600        ; Retry
        3W      ; Expire
        86400  )     ; Minimum TTL

@       IN  NS          core.example.com.
core       IN  A   10.0.0.1

$TTL 86400
$ORIGIN 0.0.10.in-addr.arpa.
@   IN  SOA     core.example.com. webmaster.example.com.  (
        2015061001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          core.example.com.
@       IN  PTR         example.com.
core       IN  A   10.0.0.1
1     IN  PTR         core.example.com.

Now we can restart the service and test to see if it is working fine.

[root@cos ~]# systemctl restart named.service
[root@cos ~]# host core.example.com 10.0.0.1
Using domain server:
Name: 10.0.0.1
Address: 10.0.0.1#53
Aliases: 

core.example.com has address 10.0.0.1
[root@cos ~]# host 10.0.0.1 10.0.0.1
Using domain server:
Name: 10.0.0.1
Address: 10.0.0.1#53
Aliases: 

1.0.0.10.in-addr.arpa domain name pointer core.example.com.
[root@cos ~]#

Let’s try adding a few more host entries, so you can add more servers to your network and have fully qualified domain names. I am also adding the host server.example.com responsible for handling mail for example.com ( MX record ). That same host will also server www.example.com web content for the domain. Append the following lines to /var/named/example.com.forward file.

           IN MX  10  mail.example.com.
server    IN  A   10.0.0.102
www     IN CNAME  server
mail    IN CNAME  server

client          IN  A   10.0.0.103

We should also add PTR records in the reverse zone file.

server    IN  A   10.0.0.102
client          IN  A   10.0.0.103
102     IN  PTR         server.example.com.
103     IN  PTR         client.example.com.

Now, restart the service and test to see if our new hosts are being served.

[root@cos ~]# systemctl restart named.service
[root@cos ~]# host www 10.0.0.1
Using domain server:
Name: 10.0.0.1
Address: 10.0.0.1#53
Aliases: 

www.example.com is an alias for server.example.com.
server.example.com has address 10.0.0.102
[root@cos ~]# host -t MX mail.example.com 10.0.0.1
Using domain server:
Name: 10.0.0.1
Address: 10.0.0.1#53
Aliases: 

mail.example.com is an alias for server.example.com.
[root@cos ~]# host here.com 10.0.0.1
Using domain server:
Name: 10.0.0.1
Address: 10.0.0.1#53
Aliases: 

here.com has address 131.228.152.4
here.com mail is handled by 10 here-com.mail.protection.outlook.com.
[root@cos ~]#

As you can see, you now have a fully functioning DNS server. All you need to do is to configure your machines in the 10.0.0.0/24 network to use 10.0.0.1 as their DNS server. 🙂

This is very nice thing to have , if you are learning things like mail servers or virtual hosting for web services etc. This would be perfectly fine to be used inside a LAB/Testing network, using this in production/live scenario is not recommended (it is too basic).

Note: This setting can be easily pushed to all nodes in the network via DHCP if they are all DHCP clients. I will explain configuring your own DHCP server in another article.

Setting up Bugzilla in Ubuntu 14.04 ( trusty )

Setting up Bugzilla is fairly easy . This blog post is specific to Ubuntu 14.04 ( though it might work with older versions too )

In order to get Bugzilla up and running in Ubuntu 14.04, we are going to install Apache webserver ( SSL enabled ) , MySQL database server and also some tools that are required to install and configure Bugzilla.

Login to the machine as a user that can do “sudo” commands. Here is the command you need to install required packages.
sudo apt-get install apache2 mysql-server libapache2-mod-perl2 libapache2-mod-perl2-dev libapache2-mod-perl2-doc perl postfix make gcc g++

Answer the questions asked by MySQL and postfix .

Setting up MySQL

Login with root access to MySQL and create a DB for Bugzilla. Change “secret_password” to anything you want. You will need it later when configuring Bugzilla too.

mysql -u root -p password: mysql > create database bugs; mysql > GRANT SELECT, INSERT, UPDATE, DELETE, INDEX, ALTER, CREATE, LOCK TABLES, CREATE TEMPORARY TABLES, DROP, REFERENCES ON bugs.* TO bugs@localhost IDENTIFIED BY ‘secret_password’; mysql > flush privileges ; mysql > quit

Setting up Apache

Now , we need to enable CGI and SSL for Apache. Since this is a in-house project, we are ok with a self-signed certificate.
sudo mkdir /etc/apache2/ssl sudo a2enmod ssl sudo a2enmod cgi sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
The last command will ask you to enter a few information about the country and email address etc. Now we have the certificate in /etc/apache2/ssl/apache.crt and the Key file in /etc/apache2/ssl/apache.key . Modify the /etc/apache2/sites-available/default-ssl.conf to properly mark these files.
SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Now to make the SSL site run, sudo a2ensite default-ssl.conf” Restart apache to make the changes effective. You can already test it with your browser pointing to https://your_server_ip/ .

Setting up Bugzilla – Stage 1

Download and extract the latest tar file from the internet. As of this writing , latest stable version is 4.4.5.
cd /var/www/html sudo wget http://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-4.4.5.tar.gz sudo tar zxvf bugzilla-4.4.5.tar.gz sudo mv bugzilla-4.4.5 bugzilla

Now we have Bugzilla extracted, let’s use a script provided by the developers to do further configurations.
cd /var/www/html/bugzilla sudo ./checksetup.pl --check-modules

This will tell you most probably , there are lot of perl modules missing. Do not worry, you can install all of them with the below command.

cd /var/www/html/bugzilla sudo perl install-module.pl --all

This will take some time to download and install all dependancies. Run the checksetup.pl –check-modules command again to verify there are nothing left.

Next step, run the checksetup.pl command without –check-modules option. This will generate a file called “localconfig” in the /var/www/html/bugzilla directory. Edit that file and include the following minimum things.

$webservergroup = 'www-data' $db_pass = 'secret_password'

We will also create a local user account to run Bugzilla.

sudo useradd -d /home/bugs -m bugs sudo passwd bugs

Now , run the sudo checksetup.pl again. It will connect to DB and also install proper files and permissions. If everything goes fine, it will ask for a Administrator user email and password. This is what you will use to setup more details in Bugzilla later.

Configure Apache to properly understand and execute scripts in Bugzilla , by adding the following to /etc/apache2/apache2.conf file.

<Directory "/var/www/html/bugzilla"> AddHandler cgi-script cgi DirectoryIndex index.cgi Options +Indexes +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks AllowOverride None Order allow,deny Allow from all

Now, restart apache ( sudo service apache2 restart ) and connect to https://server_ip/bugzilla .

Setting up Bugzilla – Stage 2

After you have successfully completed stage 1, you can now login to Bugzilla using the Administrator email and password you mentioned while running checksetup.pl.

You will be greeted with a special configuration page. You will need to go to parameters and set at least urlbase as http://server_ip/bugzilla/ and cookie_path as /bugzilla/ . Also there is possibility to force SSL connections in that same page.

Now you need to got to “Administration” and configure Product, milestones, users, authentication, preferences etc. There are so many things you can configure from the “Administration” link , that is beyond the scope of this blog post. More information can be found here : http://www.bugzilla.org/docs/

Enjoy your very own Bugzilla !

SNMP Monitoring using Nagios

3 Replies

Nagios is very good and commonly used monitoring tool for systems and network equipments. It can monitor and report availability statistics as well as provide alerts in case of host or service incidents. I am going to discuss on how to use the SNMP capabilities of Nagios and GNU/Linux to enable monitoring without special agents installed on the hosts.

Usually, Nagios will need you to install NRPE addons to report disk space and so many other updates about the system that need to be monitored. This needs you to install additional software on the target machines which is not always possible/recommended practice. Instead, we are going to use the SNMP software that comes as part of the GNU/Linux OS to provide information for Nagios. I am not going to brief about how to install Nagios and Plugins. You could read that in a beautiful how-to here : http://nagios.sourceforge.net/docs/3_0/quickstart-ubuntu.html

There are two steps in enabling SNMP Monitoring.

Configure SNMP in the host to be monitored.

Edit /etc/snmp/snmpd.conf and add one line. ( rocommunity public )
Restart snmpd service ( sudo /etc/init.d/snmpd restart )

Configure Nagios to check free RAM in the host via SNMP .
First, add a host entry like this to your .cfg file.

define host {
use linux-server
host_name linuxserver01
alias MyLinuxServer
address 192.168.1.24
}

Now we will add a service to check free RAM

define service{
use generic-service
host_name linuxserver01
service_description Free RAM
check_command snmp_freeram_linux
}

Next, we will define the snmp_freeram_linux command to use snmp_check plugin that comes as part of Nagios Plugins installation.

define command{
command_name  snmp_freeram_linux
command_line /usr/local/nagios/libexec/check_snmp -H $HOSTNAME$ -C public -o .1.3.6.1.4.1.2021.4.11.0
}

After this, restart Nagios. ( sudo /etc/init.d/nagios restart )

You should be now able to see a new service added to host and SNMP getting the data. With some efforts, you would be able to configure SNMP for other operating systems and network equipments too. If you have queries, please let me know. 🙂

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Undan Blog

Rajesh Sivaraman's Random Posts