echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

To Enable Ping:

echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

To log into “Server A” from “Server B” without using passwords. Users for both the server will be “root”

Process

 Login to “Server B” as root user and generate key for the root user. No need to enter any passphrase while generating this key.

ssh-keygen -t rsa

Once the key is generated, copy the contents of “Server B” /root/.ssh/id_rsa.pub to “Server A” /root/.ssh/authorized_keys file. Make sure that the permission of authorized_keys is 0600 and .ssh folder is 0700 .

Also make sure that you have the following lines in your /etc/ssh/sshd_config file: 
RSAAuthentication yes
PubkeyAuthentication yes

Finally restart your ssh service and try logging to your “Server B” from “Server A”:

/etc/init.d/sshd restart

ssh [Server_A_ip]

Prerequisites
1) apache/cgi configuration
2) a Mysql installation

Then create script “getip.sh” under “/var/www/cgi-bin/”  ( set location of cgi-bin directory  as per the apache configuration)

#!/bin/bash
#Getting IP address CGI-BASH-script
#Jadu Saikia http://unstableme.blogspot.com/

#MySQL settings

# MHOME=  ( location of mysql binary)
MHOME=/usr/local/mysql/bin
HOST=127.0.0.1
USER=root
PASS=”"
DB=mydb

OWNER=$(echo “$QUERY_STRING” |awk -F “=” ‘{print $NF}’)
IP=$REMOTE_ADDR
#QUERY_STRING = Query information that follows the ? in the URL that referenced this script.
#REMOTE_ADDR = IP address of the remote host making the request

#HTML Output
echo “Content-type: text/html”
echo “”
echo “<html><head><title>YOUR IP</title></head><body><h1>I am collecting the IPs</h1><pre>”;
echo “IP: <em>$IP</em><br />”
echo “You Are IP is : <em>$OWNER</em><br />”

$MHOME/mysql -u$USER -h$HOST –password=$PASS -e “INSERT INTO mydb.ips(rdate,ip,owner) VALUES(NOW(),’$IP’,'$OWNER’)” $DB

echo “</pre></body></html>”;

Then

Create MySql Database for storing the data.

logon to mysql

mysql -u root -p password

create database and table

create database mydb

use mydb

create table mydb.ips ( rdate DATE, ip VARCHAR(20) NOT NULL PRIMARY KEY, owner VARCHAR(25));

exit

Suppose the IP of the box where you are running the cgi is “172.22.22.188″ (your local ip).

Now construct the urls for your colleagues this way:

http://172.22.22.188/cgi-bin/getip.sh?owner=alexm
http://172.22.22.188/cgi-bin/getip.sh?owner=nsarma
…
…

And send them the individual urls in mail with a request to click the url (just to help you collecting the ips in the mysql table)

Once they click, your database table will be automatically populated with datas like this:

mysql> select * from mydb.ips;
+————+—————+

1. Start by configuring the network card that interfaces to the other computers on you network:

# ifconfig ethX ip 

where ethX is the network card and ip is your desired server ip address (Usually 192.168.0.1 is used)

2. Then configure the NAT as follows:

# iptables -t nat -A POSTROUTING -o ethX -j MASQUERADE 

where ethX is the network card that the Internet is coming from 

# echo 1 > /proc/sys/net/ipv4/ip_forward

3. Install dnsmasq and ipmasq using apt-get: 

# apt-get install dnsmasq ipmasq

4. Restart dnsmasq:

# /etc/init.d/dnsmasq restart

5. Reconfigure ipmasq to start after networking has been started:

# dpkg-reconfigure ipmasq

6. Repeat steps 1 and 2.
7. Add the line “net.ipv4.ip_forward = 1″ to /etc/sysctl.conf

# gedit /etc/sysctl.conf

8. Reboot. (Optional) or sysctrl -p

Install openvpn using the rpm
Installing OpenVPN from a binary RPM package has these dependencies:

• openssl
• lzo
• pamInstall rpms as root:# rpm -ivh openvpn-2.0.5-1.el4.rf.i386.rpm

 

installing rpm 

 

    rpm -ivh lzo-1.08-4.2.el4.rf.i386.rpm

 The main configuration directory for open vpn is /etc/openvpn

Setting up your Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients

The first step in building an OpenVPN 2.0 configuration is to establish a PKI (public key infrastructure). The PKI consists of:

• A separate certificate (also known as a public key) and private key for the server and each client, and
• A master Certificate Authority (CA) certificate and key which is used to sign each of the server and client certificates

 Copy the /usr/share/doc/openvpn-2.0.7/easy-rsa/2.0/ directory to /etc/openvpn/easy-rsa

     cp -r /usr/share/doc/openvpn-2.0.7/easy-rsa/2.0/ /etc/openvpn/easy-rsa

Configure easy-rsa

Now edit the vars file  and set the KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL parameters. Don’t leave any of these parameters blank.

Next, initialize the PKI. on Linux:

./vars

./clean-all

./build-ca

The final command (build-ca) will build the certificate authority (CA) certificate and key by invoking the interactive openssl command:

Generating a 1024 bit RSA private key

…………++++++

………..++++++

writing new private key to ‘ca.key’

—–

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [KG]:IN

State or Province Name (full name) [NA]:KERALA

Locality Name (eg, city) [BISHKEK]:KOCHI

Organization Name (eg, company) [OpenVPN-TEST]:company name

Organizational Unit Name (eg, section) []:company name

Common Name (eg, your name or your server’s hostname) []:company name

Email Address [Riyesh@linuxbuddies.com]

Note that in the above sequence, most queried parameters were defaulted to the values set in the vars or vars.bat files. The only parameter which must be explicitly entered is the Common Name. In the example above.

Generate certificate & key for server
Next, we will generate a certificate and private key for the server. On Linux:

./build-key-server server

As in the previous step, most parameters can be defaulted. When the Common Name is queried, enter “server”. Two other queries require positive responses, “Sign the certificate? [y/n]” and “1 out of 1 certificate requests certified, commit? [y/n]“.

Generate certificates & keys for  clients

Generating client certificates is very similar to the previous step. On Linux:

./build-key client1

 

./build-key client2 and so on…

    Generate Diffie Hellman parameters

Diffie Hellman parameters must be generated for the OpenVPN server. On Linux:

./build-dh

 ./build-dh

Generating DH parameters, 1024 bit long safe prime, generator 2

This is going to take a long time

……………..+…………………………………….

……………….+………….+……………..+………

………………………………..

          Creating TLS Key

The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification. Any UDP packet not bearing the correct HMAC signature can be dropped without further processing. The tls-auth HMAC signature provides an additional level of security above and beyond that provided by SSL/TLS.
Using tls-auth requires that you generate a shared-secret key that is used in addition to the standard RSA certificate/key:

openvpn –genkey –secret ta.key

This command will generate an OpenVPN static key and write it to the file ta.key. This key should be copied over a pre-existing secure channel to the server and all client machines. It can be placed in the same directory as the RSA .key and .crt files.

In the server configuration, add:

tls-auth ta.key 0

In the client configuration, add:

tls-auth ta.key 1

          Creating configuration files for server and clients

remote ekm1.dyndns.org 1194

#remote  ekm2.linuxbuddies.com 1194/etc/openvpn/server.conf

port 1194                               ; Port for OpenVpn traffic

proto tcp                               ; TCP protocol

dev tun                                 ; use Tun device

ca ca.crt                               ; Certificate file of signing Authority

cert server.crt                         ; Server certificate

key server.key                          ; Server Key

dh dh2048.pem                           ;Diffie Hellman parameters

server 10.2.100.0 255.255.255.0         ; Openvpn subnet should be different from the local network of server and client

ifconfig-pool-persist ipp.txt

push “route 10.2.1.0 255.255.255.0“     ; Pushing routes to client

push “route 10.1.1.0 255.255.255.0“

client-config-dir ccd

route 10.2.100.0 255.255.255.0

push “dhcp-option DNS 10.2.1.11“        ; Pushing DNS server to client

client-to-client                        ; Clients can communicate eatch other

duplicate-cn

keepalive 10 120

tls-auth ta.key 0                       ; tls key

comp-lzo                                ; Use lzo compression Algo

max-clients 10

user nobody                             ; Run openvpn as user nobody  -

group nobody                            ; group nobody for security

persist-key

persist-tun

tun-mtu 1500

status openvpn-status.log

log-append /var/log/openvpn.log

verb 6

mute 20

client.conf

client

dev tun

proto tcp

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

cert client.crt

key client.key

tls-auth ta.key 1

comp-lzo

verb 3

mute 20

ns-cert-type server

auth-user-pass

pull

mssfix 1450

 

 

############

 

Now anaconda will start to run and will pause at a particular moment showing the below message

Now try to telnet to this IP from a remote machine and proceed with installation steps as usual as we do as shown below

Requirements:

Mysql
Php
Rrdtool
net-snmp
net-snmp-devel.i386
net-snmp-libs.i386
net-snmp-perl.i386
net-snmp-utils.i386
php-snmp
Apache with PHP Support

MySQL configuration for cacti:

mysql -u root -p
mysql> create database cacti;
mysql> grant all on cacti.* to cactiuser@’localhost’ identified by ‘cactipassword’;
mysql> flush privileges;

RRDTool Installation

Requirements:

tcl
tcl-devel

[root]# cd /usr/local/src/
[root]# wget http://oss.oetiker.ch/rrdtool/pub/rrdtool.tar.gz
[root]# tar -zxf rrdtool.tar.gz
[root]# cd rrdtool*
[root]# ./configure
[root]# make
[root]# make install
[root]# make site-perl-install

                  OR

 yum install -y rrdtool*

[root]# useradd cactiuser
[root]# tar -zxvf cacti*
[root]# mv cacti-0.8.xx /home/cactiuser/cacti
[root]# cd /home/cactiuser/cacti
[root]# mysql cactidb < cacti.sql

Edit config.php:

[root]# vi /include/config.php
$database_defaut = “cacti”;
$database_hostname = “localhost”;
$database_username = “cactiuser”;
$database_password = “cactipassword”

Adding CRON Job:

[root]# crontab -e
*/5 * * * * cactiuser php /home/cactiuser/cacti/poller.php > /dev/null 2>&1

In httpd.conf:

Alias /cacti/ “/home/cactiuser/cacti/”

Restart Services 

/etc/init.d/httpd restart
/etc/init.d/mysqld restart

Cacti Installed Successfully…
Access: http://localhost/cacti
Login with username/password : admin/admin