Difference between revisions of "User talk:Mmccarn"
(Update agent config for wazuh 3.x) |
m (update time stamp) |
||
Line 1: | Line 1: | ||
− | =[[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) | + | =[[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) [[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) 13:10, 22 January 2018 (CET) = |
==Wazuh== | ==Wazuh== | ||
===Repo=== | ===Repo=== |
Latest revision as of 13:11, 22 January 2018
Mmccarn (talk) Mmccarn (talk) 13:10, 22 January 2018 (CET)
Wazuh
Repo
/sbin/e-smith/db yum_repositories set wazuh repository \ Name 'Wazuh repository' \ BaseURL 'https://packages.wazuh.com/3.x/yum/' \ EnableGroups no \ GPGCheck yes \ GPGKey https://packages.wazuh.com/key/GPG-KEY-WAZUH \ Visible no \ status disabled
Agent Configuration
Wazuh Client Installation Instructions
Wazuh 3.x installs correctly from the yum repository:
yum --enablerepo=wazuh install wazuh-agent
Create the client account on the wazuh manager:
/var/ossec/bin/agent-auth -m [ip.of.wazuh.server]
Replace "MANAGER_IP" with the IP address of the wazuh manager in this section of /var/ossec/etc/ossec.conf:
... <client> <server> <address>MANAGER_IP</address> </server> <config-profile>rhel, rhel6</config-profile> </client> ...
Start the agent
/etc/init.d/wazuh-agent start
SME Customizations
I added these instructions to /var/ossec/etc/ossec.conf:
<localfile> <log_format>djb-multilog</log_format> <location>/var/log/dovecot/current</location> </localfile> <localfile> <log_format>djb-multilog</log_format> <location>/var/log/tinydns/current</location> </localfile> <localfile> <log_format>djb-multilog</log_format> <location>/var/log/dnscache/current</location> </localfile> <localfile> <log_format>command</log_format> <command>grep -h logterse /var/log/*qpsmtpd/current</command> <alias>s/qpsmtpd</alias> <frequency>360</frequency> </localfile>
And this instruction to /var/ossec/etc/local_internal_options.conf:
# from https://documentation.wazuh.com/2.0/user-manual/reference/ossec-conf/localfile.html # 'it may not be permissible in all environments to allow the Wazuh manager to run # arbitrary commands on agents in their root security context.' logcollector.remote_commands=1
And restarted the agent using
/etc/init.d/wazuh-agent restart
Older
Mariadb notes moved to MariaDB_alongside_MySQL
Install Moodle 2.6 using git
Requirements
- Recommended minimum browser: recent Google Chrome, recent Mozilla Firefox, Safari 6, Internet Explorer 9 (IE 10 required for drag and drop of files from outside the browser into Moodle)
- Moodle upgrade: Moodle 2.2 or later (if upgrading from earlier versions, you must upgrade to 2.2.11 as a first step)
- Minimum DB versions: PostgreSQL 8.3, MySQL 5.1.33, MariaDB 5.3.5, MSSQL 2005 or Oracle 10.2
- Minimum PHP version: PHP 5.3.3 (always use latest PHP 5.4.x or 5.5.x on Windows - http://windows.php.net/download/)
- New recommended PHP extensions: zlib, OPcache
DB Version
SME Server 8.x comes with MySQL v5.0.95. In order to install Moodle without risking destabilizing a SME server by changing the MySQL version, you can install MariaDB 5.3.54 alongside MySql.
OPcache
Zend OPcache is built-in to PHP 5.5, and can be compiled to work with PHP 5.3.3.
I have not been able to find a source online for an RPM for OPcache.
I believe this will make Moodle run more slowly than it would *with* OPcache.
Installation
Prepare your server
Install useful php modules
- During installation, Moodle will request php-soap, php-xmlrpc and php-intl. These are all available from the 'smeaddons' repository, and can be installed using:
yum install php-soap php-xmlrpc php-intl
Create an ibay
- Create an ibay named 'moodle' in server-manager
- Customize some of the settings on the new moodle ibay
IBAY=moodle /sbin/e-smith/db accounts setprop $IBAY \ FollowSymLinks enabled \ CgiBin enabled \ AllowOverride All \ Group www \ PublicAccess global \ PHPBaseDir "/home/e-smith/files/ibays/$IBAY/:/tmp/" \ UserAccess wr-group-rd-everyone /sbin/e-smith/signal-event remoteaccess-update # mkdir /home/e-smith/files/ibays/$IBAY/moodledata chown www:www /home/e-smith/files/ibays/$IBAY/moodledata #
Create a database
- Install Mariadb alongside mysql
- create a mariadb database for moodle
# Generate a random 23 character password DBPASS=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c23` DBNAME=moodle DBUSER=moodle CONNECT=--socket=/opt/mariadb-data/mariadb.sock # echo ;\ echo ;\ echo Creating Database using: ;\ echo DBNAME=$DBNAME ;\ echo DBUSER=$DBUSER ;\ echo DBPASS=$DBPASS ;\ echo ;\ echo Save this information! You will need it later during initial application setup! \(press \<enter\> when ready\) ;\ read # mysql $CONNECT -e "create database $DBNAME; grant all privileges on $DBNAME.* to $DBUSER@localhost identified by \"$DBPASS\" with grant option; quit"
Install Moodle
Download & Checkout using git
# # Download moodle using git # http://docs.moodle.org/26/en/Git_for_Administrators#Obtaining_the_code_from_Git # IBAY=moodle cd /home/e-smith/files/ibays/$IBAY mv html html.`date +%F-%H%M%S` git clone git://git.moodle.org/moodle.git html cd html git branch -a git branch --track MOODLE_26_STABLE origin/MOODLE_26_STABLE git checkout MOODLE_26_STABLE # # correct ownership signal-event ibay-modify $IBAY
Run the moodle installer
# # run the moodle command line installer # if prompted, set: # mysql port: 3307 # mysql socket: /opt/mariadb-data/mariadb.sock # cd /home/e-smith/files/ibays/$IBAY/html/admin/cli sudo -u www /usr/bin/php install.php
Correct database settings if necessary
If you were not prompted for database socket, port, or other connection settings during the command line setup, you will need to correct the settings manually.
The database connection settings are stored in this file:
/home/e-smith/files/ibays/moodle/html/config.php
If you have just run the above database connection commands in the same putty session, you can correct your moodle settings using:
IBAY=moodle sed -i s/dbname.*/dbname\ \ \ \ \=\ \'$DBNAME\'\;/ /home/e-smith/files/ibays/$IBAY/html/config.php sed -i s/dbuser.*/dbuser\ \ \ \ \=\ \'$DBUSER\'\;/ /home/e-smith/files/ibays/$IBAY/html/config.php sed -i s/dbpass.*/dbpass\ \ \ \ \=\ \'$DBPASS\'\;/ /home/e-smith/files/ibays/$IBAY/html/config.php
Optional Settings
Scan Uploads using ClamAV
Moodle can be configured to scan all user files when uploaded.
mysql $CONNECT -e "use moodle; update mdl_config set value=1 where name='runclamonupload'; update mdl_config set value='/usr/bin/clamscan' where name='pathtoclam'; quit"
Authentication Settings
To configure authentication mechanisms:
- Login to Moodle using an account with administrative rights
- Select 'Site Administration'
- Select 'Plugins'
- Select 'Authentication'
- Select 'Plugins'
Moodle can be configured to authenticate users using any of the methods listed below:
- Manual accounts
- No login
- CAS server (SSO)
- Email-based self-registration
- External database
- FirstClass server
- IMAP server
- Select 'imapcert' if your IMAP server uses a self-signed certificate
- LDAP server
- MNet authentication
- NNTP server
- No authentication
- PAM (Pluggable Authentication Modules)
- POP3 server
- RADIUS server
- Shibboleth
- Web services authentication
Create Additional Administrators
http://docs.moodle.org/26/en/Assign_admins
TiddlyWiki5 Using Node.js
TiddlyWiki is "a complete interactive wiki in JavaScript."
Prerequisites
- node.js > 8.x (note: I was unable to find a binary installer for curent node releases; I use 'gcc' and compile locally)
- npm
Assumptions
- wiki content will be stored in /opt/tiddlywiki/tiddlers
- tiddlywiki code will be stored in /opt/tiddlywiki/node_modules
- tiddlywiki will run as user 'www'
- tiddlywiki logs will be run as 'smelog'
- tiddlywiki will be daemonized using daemontools
Installation
mkdir /opt/tiddlywiki cd /opt/tiddlywiki npm install tiddlywiki chown -R www:www /opt/tiddlywiki/.
Create daemontools scripts, folders, etc
The code below is designed to be run by copy/paste into a server console prompt.
mkdir -p /var/service/tiddlywiki/log mkdir -p /var/log/tiddlywiki chown -R smelog:smelog /var/log/tiddlywiki cd /service ln -s /var/service/tiddlywiki . cd /var/service/tiddlywiki touch down # # create the service 'run' file # echo '#!/bin/sh # # setup node environment # exec 2>&1 # APP_DIR=/opt/tiddlywiki USER=www # NODE_EXEC=/usr/local/bin/node NODE_ENV=production NODE_CONFIG_DIR=$APP_DIR NODE_APP=node_modules/tiddlywiki/tiddlywiki.js NODE_ARGS=--server echo "Starting $NODE_EXEC $APP_DIR/$NODE_APP $NODE_ARGS" cd $APP_DIR exec \ setuidgid $USER \ $NODE_EXEC $NODE_APP $NODE_ARGS ' > /var/service/tiddlywiki/run # # Create log/run # echo '#!/bin/sh # exec \ /usr/local/bin/setuidgid smelog \ /usr/local/bin/multilog t s5000000 \ /var/log/tiddlywiki' > /var/service/tiddlywiki/log/run
start the service
sv u tiddlywiki
check the log files to see if it worked
tail /var/log/tiddlywiki/current
Create init.d script and startup.shutdown scripts
This segment of code will create the scripts needed to start the service at boot and to stop the service at shutdown.
SERVICE=tiddlywiki # cd /etc/rc.d/init.d ln -s daemontools $SERVICE cd /etc/rc.d/rc0.d ln -s /etc/rc.d/init.d/e-smith-service K01$SERVICE cd /etc/rc.d/rc1.d ln -s /etc/rc.d/init.d/e-smith-service K01$SERVICE cd /etc/rc.d/rc6.d ln -s /etc/rc.d/init.d/e-smith-service K01$SERVICE cd /etc/rc.d/rc7.d ln -s /etc/rc.d/init.d/e-smith/service S99$SERVICE
Create config db entry
/etc/rc.d/init.d/e-smith-service will start a service whose status is enabled, and will not start it otherwise.
SERVICE=tiddlywiki config set $SERVICE service access public status enabled
Proxypass Domain for WAN access
I found that I needed to proxypass a domain. An alias/directory/location proxypass generated errors and prevented edits from saving correctly.
DOMAIN=tiddlywiki.domain.tld db domains set $DOMAIN domain Nameservers internet ProxyPassTarget http://localhost:8080/ TemplatePath ProxyPassVirtualHosts # # Several TiddlyWiki 5 Plugins require AllowEncodedSlashes On in httpd.conf mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts echo '# # AllowEncodedSlashes On from custom template in ProxyPassVirtualHosts AllowEncodedSlashes On ' > /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts/04ProxyPassVirtualHosts signal-event domain-create $DOMAIN
Update to the latest tiddlywiki code
cd /opt/tiddlywiki && setuidgid www npm update tiddlywiki && sv t tiddlywiki
COMPLETE Removal
DOMAIN=tiddlywiki.domain.tld signal-event domain-delete $DOMAIN db domains delete $DOMAIN # SERVICE=tiddlywiki config delete $SERVICE find /etc/rc.d -name "*$SERVICE*" -exec 'rm' -f "{}" \; 'rm' -rf /service/$SERVICE 'rm' -rf /var/service/$SERVICE 'rm' -rf /var/log/$SERVICE # cd /opt/$SERVICE npm remove $SERVICE cd /opt 'rm' -rf /opt/$SERVICE
Notes on check_earlytalker
Why did you remove the Request_for_deletion template on the check_earlytalker page? AFAIK it is obsolete and should be deleted according to http://forums.contribs.org/index.php/topic,46234.msg226418.html#msg226418 - — Cactus (talk | contribs) 07:05, 16 February 2012 (MST)
Here's my understanding of the Request_for_deletion addition to this page:
1) Piran posted a link to this page in a thread with the text "Install the check_earlytalker plugin": http://forums.contribs.org/index.php/topic,46229.msg226377.html#msg226377
2) Charlie noticed Piran's post, and assumed the wiki page described how to install check_earlytalker, so he made his post that the page is obsolete: http://forums.contribs.org/index.php/topic,46234.msg226418.html#msg226418
3) The page was updated with the 'Request_for_deletion' template
4) I added the reasoning to the 'talk' page outlining why the page is NOT obsolete (see below)
5) Over a year later, I removed the 'Request_for_deletion' template, assuming everyone had read and agreed with the reasoning I outlined on the 'talk' page.
Copied from http://wiki.contribs.org/Talk:Qpsmtpd_check_earlytalker - Unless there is more information elsewhere, I don't feel that this page is obsolete.
Despite the language used by piran in his mention of this page at http://forums.contribs.org/index.php/topic,46229.msg226377.html#msg226377, this page is not about adding check_earlytalker - which is included by default as mentioned by Charlie in the forum post referenced above.
This page is about:
Documenting the functionality of check_earlytalker (what it does and why it does it) Documenting how to change the timeout value applied by check_earlytalker Documenting how to monitor check_earlytalker to see if it is being used to deny email