Switch interface komande

!Dozvoljava authentication više klijenata. Svaki klijent se autentifikuje za sebe.
authentication host-mode multi-auth 

!Dozvoljen samo jeda host. Ako se pojavi još jedan port link ide u down, pa u unaouthorized state
authentication host-mode single-host

!Po difoltu. Port prenosti osnovni saobraćaj.
!bez 802.1x authenntication klijenata
authentication port-control force-authorized


!Port je u unauthorized statusu
!Ignoriše se svaki pokušaj da se klijent authentifikuje
authentication port-control force-unauthorized

!Dozvoljava samo EAPOL frejmove. Authentication se startuje kada se pošalje EAPOL frejm
!ili kada port promeni status iz down u up
!switch preusmerava authentication na server
!switch jedinstveno identifikuje klijente po mac adresi
authentication port-control auto

!Nakon uspešne authentication status porta se promeni u authorizeed i svi frejmovi prolaze
!Ako je authentication neuspešna port ostaje u unauthorized statusu i pokušava ponovo određen broj pokušaja

!MAC authentication bypass enabled
mab

!Omogućava full pristup mreži pre authentication
authentication open 


!U single host okida kada se pojave više klijenata
!U multiauthentication modu se ne okida
authentication violation restrict
authentication violation shutdown


!Uključuje dot1x authentication
dot1x pae authenticator


!Kada je authentication neuspešna ide u authentication fail VLAN
authentication event fail action authorize vlan 172

!Posle 3 neuspeha da primeni authentication fail vlan
authentication event fail retry 3

!Periodično reauthentication

authentication periodic 

!period reauthentication default je3600

!Ovo je praktično kada je iza porta hub.
authentication timer reauthenticate 3600




!Uključuje portfast
spanning-tree portfast

!Ubacuje port u errdisable ako primi bpdu paket
spanning-tree bpduguard enable

Klaster mariaDB Centos 7 OS

mysql -u root -p -e "show status like 'wsrep%'"
mysql -u root -p -e "show status like 'wsrep_local_state_comment%'"

virtualizacija aplikacija

https://ninite.com/ # instalacija gomilu programa

http://10minutemail.com/ # kreira mejl na 10 minuta.

http://pickmeapp.com/ # za kreiranje exe fajla.

Kreiranje usera za httpd servis

sudo useradd user01
sudo passwd user01


sudo mkdir -p /var/www/html/user01/public_html
sudo chown -R user01:user01 /var/www/html/user01/public_html
sudo chmod -R 755 /var/www/html/user01/public_html
ln -s /var/www/html/user01/public_html /home/user01/public_html

sudo vi /home/user01/public_html/index.php
#<?php phpinfo(); ?>


sudo vi /etc/httpd/conf.d/user01.conf

Alias /user01 /var/www/html/user01/public_html
<VirtualHost *:80>

    ServerName www.user01.com
    ServerAlias system.com
    DocumentRoot /var/www/html/user01/public_html

</VirtualHost>
# KRAJ RADA U VI EDITORU

systemctl restart httpd.service

SELinux komande

<user:role:type>

sestatus # komanda za proveru statusa SElinux-a
sestatus -v # prikazuje informaciu o context-ima koji su podešeni u /etc/sestatus.conf fajlu
getsebool -a # komanda prikazuje vrednost Selinux promenljivih
semanage boolean -l # isto kao i getsebool ali prikazuje i opis


ls -Z # prikazuje content fajlova i direktorijuma
ps -auxZ # prikazuje content procesa

# menja content type
chcon -v --type=httpd_sys_content_t /home/system/html
chcon -v --type=httpd_sys_content_t /home/system/html/index.html
# moguce je sve odjednom
chcon -Rv --type=httpd_sys_content_t /home/system/html

# kopiranje contenta
chcon -R --reference=/var/www /path/to/webroot

#vracanje prvobitnog content-a
restorecon -Rv /home/system/html


setenforce 0 # trenutno podešava selinux u permissive mode
setenforce 1 # trenutno podešava selinux u enforcing mode

yum -y install policycoreutils-python
semanage login -l # prikazuje koje selinux user je dodeljen linux user-u

semanage port -a -t http_port_t -p tcp 82 # dodaje se  porta 82 type-u httpd_port_t. Nijemoguće startovati servis na portu koji čiji type nije iskonfigurisan.

Instalacija Cacti

#Install Apache
yum install httpd httpd-devel
#Install MySQL
#yum install mysql mysql-server - ZA centos 5 i 6
yum install mariadb-server -y
#Install PHP
yum install php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli
#Install PHP-SNMP
yum install php-snmp
#Install NET-SNMP
yum install net-snmp-utils net-snmp-libs
#Install RRDTool
yum install rrdtool
#Staring Apache, MySQL and SNMP Services
 systemctl start httpd.service
 systemctl start mariadb.service
 systemctl start snmpd.service
#Configure Start-up Links
systemctl enable httpd.service
systemctl enable mariadb.service
systemctl enable snmpd.service
#Install Cacti on RHEL / CentOS / Fedora
#yum install cacti - ovo ne funkcionise

http://www.cacti.net/downloads/cacti-0.8.8f.tar.gz
cd /var/www/html
tar -xzvf cacti-0.8.8f.tar.gz
ln -s cacti-0.8.8f cacti
#add user cacti
adduser -d /var/www/html/cacti -s /sbin/nologin cacti
cd /var/www/html/cacti
chown -R cacti.apache rra log
chmod 775 rra log

#Set MySQL Password
/usr/bin/mysql_secure_installation

#mysqladmin -u root password YOUR-PASSWORD-HERE
#Create MySQL Cacti Database
mysql -u root -p
MariaDB [(none)]> create database cacti;
MariaDB [(none)]> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'tecmint';
MariaDB [(none)]> FLUSH privileges;
MariaDB [(none)]> quit;

#Install Cacti Tables to MySQL
rpm -ql cacti | grep cacti.sql
/var/www/html/cacti/cacti.sql
mysql -u cacti -p cacti < /var/www/html/cacti/cacti.sql
Enter password:

#Configure MySQL settings for Cacti
cd /var/www/html/cacti/include/
vi confige.php
/* make sure these values reflect your actual database/host/user/password */
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "your-password-here";
$database_port = "3306";
$database_ssl = false;
#end vi

#Configuring Firewall for Cacti
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload

#Important PHP Settings
vi /etc/php.ini

##Running Cacti Installer Setup
 http://YOUR-IP-HERE/cacti/
admin
admin

Instalacija nagios-a

********************************Instalacija LAMP
https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-centos-7
sudo yum install httpd
sudo systemctl start httpd.service
sudo systemctl enable httpd.service

sudo yum install mariadb-server mariadb
sudo systemctl start mariadb
sudo mysql_secure_installation
root/root
sudo systemctl enable mariadb.service

sudo yum install php php-mysql
sudo systemctl restart httpd.service
yum search php-
yum info php-fpm
sudo yum install php-fpm





********************************INSTALACIJA NAGIOS

https://www.digitalocean.com/community/tutorials/how-to-install-nagios-4-and-monitor-your-servers-on-centos-7

sudo yum install gcc glibc glibc-common gd gd-devel make net-snmp openssl-devel xinetd unzip

sudo useradd nagios
sudo groupadd nagcmd
sudo usermod -a -G nagcmd nagios


Preuzmi fajl: https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.1.1.tar.gz
tar xvf nagios-*.tar.gz
cd nagios-*
./configure --with-command-group=nagcmd
make all

sudo make install
sudo make install-commandmode
sudo make install-init
sudo make install-config
sudo make install-webconf


sudo usermod -G nagcmd apache


**********************************Install Nagios Plugins
cd ..
Preuzmi fajl: http://nagios-plugins.org/download/nagios-plugins-2.1.1.tar.gz
tar xvf nagios-plugins-*.tar.gz
cd nagios-plugins-*
./configure --with-nagios-user=nagios --with-nagios-group=nagios --with-openssl
make
sudo make install


***************************************Install NRPE
Preuzmi fajl: http://downloads.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz
tar xvf nrpe-*.tar.gz
cd nrpe-*
./configure --enable-command-args --with-nagios-user=nagios --with-nagios-group=nagios --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/x86_64-linux-gnu
./configure --enable-command-args --with-nagios-user=nagios --with-nagios-group=nagios --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/x86_64-linux-gnu

make all
sudo make install
sudo make install-xinetd
sudo make install-daemon-config


sudo vi /etc/xinetd.d/nrpe
only_from = 127.0.0.1 192.168.0.0/16
sudo service xinetd restart



***************************************Configure Nagios
sudo vi /usr/local/nagios/etc/nagios.cfg
odkomentarisati:
#cfg_dir=/usr/local/nagios/etc/servers
sudo mkdir /usr/local/nagios/etc/servers

*************************************Configure Nagios Contacts
sudo vi /usr/local/nagios/etc/objects/contacts.cfg

************************************Configure check_nrpe Command
sudo vi /usr/local/nagios/etc/objects/commands.cfg
na kraju fajla dodati:
define command{
        command_name check_nrpe
        command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}

***********************************Configure Apache
Kreiranje korisnika nagiosadmin:
sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
Ubaci password: nagiosadmin

sudo systemctl start nagios.service
sudo systemctl restart httpd.service

*******************************Optional: Restrict Access by IP Address
sudo vi /etc/httpd/conf.d/nagios.conf
komentarisati
Order allow,deny
Allow from all
odkomentarisati i dodati vasu adresu. Linije ce se pojaviti dva puta u fajlu
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
*********************************RESTART
sudo systemctl restart nagios.service
sudo systemctl restart httpd.service


*******************************Accessing the Nagios Web Interface
http://ipaddresa/nagios
nagiosadmin
nagiosadmin

*******************************Ispravljanje greŠke
Error: Could not stat() command file '/usr/local/nagios/var/rw/nagios.cmd'!
komanda koja je na kraju reŠila problem je:
setenforce 0


service httpd restart
service nagios restart


**********************************PROVERA KONFIGURACIJE
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

Instalacija eastichearch, logstash and kibana

https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-1-7-logstash-1-5-and-kibana-4-1-elk-stack-on-centos-7

Logstash: The server component of Logstash that processes incoming logs
Elasticsearch: Stores all of the logs
Kibana: Web interface for searching and visualizing logs, which will be proxied through Nginx


#***********************Install Java 8
Download jre-8u74-linux-x64.rpm from:
https://mirror.its.sfu.ca/mirror/CentOS-Third-Party/NSG/common/x86_64/
cd /root
yum localinstall jre-8u74-linux-x64.rpm
ls -la /usr/bin/jav*
ls -la /etc/alternatives/java

#************************Install Elasticsearch
cd /root
ls

yum localinstall elasticsearch-2.3.1.rpm

#Elasticsearch is now installed. Let's edit the configuration:
sudo vi /etc/elasticsearch/elasticsearch.yml
#You will want to restrict outside access to your Elasticsearch instance (port 9200)
network.host: localhost

#Now start Elasticsearch:
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch
sudo systemctl status elasticsearch

##########################Install Kibana

cd /root
yum localinstall kibana-4.5.0-1.x86_64.rpm
sudo vi /opt/kibana/config/kibana.yml
server.host: "localhost"
#end vi
sudo systemctl start kibana
sudo systemctl status kibana
sudo systemctl enable kibana

############################Install Nginx
Because we configured Kibana to listen on localhost, we must set up a reverse proxy to allow external access to it. We will use Nginx for this purpose.
#Add the EPEL repository to yum
sudo yum -y install epel-release
sudo yum -y install nginx httpd-tools


sudo htpasswd -c /etc/nginx/htpasswd.users kibanaadmin
password: kibanaadmin



sudo vi /etc/nginx/nginx.conf
#proveri
 include /etc/nginx/conf.d/*.conf;
#end vi

#Now we will create an Nginx server block in a new file:

sudo vi /etc/nginx/conf.d/kibana.conf
server {
    listen 80;

    server_name example.com;

    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.users;

    location / {
        proxy_pass http://localhost:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;      
    }
}
#endvi
sudo systemctl stop httpd.service
sudo systemctl start nginx
sudo systemctl enable nginx

#Note: This tutorial assumes that SELinux is disabled. If this is not the case, you may need to run the following command for Kibana to work properly: sudo setsebool -P httpd_can_network_connect 1
sudo setsebool -P httpd_can_network_connect 1


##################################Install Logstash
cd /root
yum localinstall logstash-2.3.0-1.noarch.rpm


##################################Configure Logstash
sudo vi /etc/logstash/conf.d/01-lumberjack-input.conf
input {
  lumberjack {
    port => 5043
    type => "logs"
    ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
    ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
  }
}
#end vi

sudo vi /etc/logstash/conf.d/10-syslog.conf
filter {
  if [type] == "syslog" {
    grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at", "%{@timestamp}" ]
      add_field => [ "received_from", "%{host}" ]
    }
    syslog_pri { }
    date {
      match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
    }
  }
}
#end vi

sudo vi /etc/logstash/conf.d/30-lumberjack-output.conf
output {
  elasticsearch { host => localhost }
  stdout { codec => rubydebug }
}
#This output basically configures Logstash to store the logs in Elasticsearch.

print screen sa kursorom miša

Softver se može preuzeti sa:

https://getsharex.com/


http://www.gadwin.com/download/index.htm#PrintScreen

Kreiranje drugog youtube kanala

Link je:
https://www.youtube.com/channel_switcher