Hobbit Server 4.2 Install on RedHat 5  Enterprise  by www.impee.co.uk

Transcription

  Hobbit Server 4.2 Install on RedHat 5  Enterprise  by www.impee.co.uk
 Hobbit Server 4.2 Install on RedHat 5 Enterprise by www.impee.co.uk
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
1 / 52
Amendment History
Date
Issue
Details of Change
Author
30/04/2008
1.0
Definitive
impee
10/06/2008
1.1
Client install / config changes
impee
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
2 / 52
Table of Contents
1 Introduction and Summary ....................................................................................... 5 1.1 Introduction ........................................................................................................ 5 1.2 Purpose ............................................................................................................. 5 1.3 Scope ................................................................................................................ 5 2 Red Hat v5.1 - Install & Configuration ...................................................................... 6 Install & Configuration ....................................................................................................... 6 2.1 Extra Red Hat Configuration .............................................................................. 7 2.2 OS Update ......................................................................................................... 7 2.2.1 Configuring Package Updater .................................................................. 7 2.2.2 Updating Packages .................................................................................. 7 3 ClamAV v0.92.1 (antivirus) ........................................................................................ 8 3.1 Install ................................................................................................................. 8 3.1.1 Prerequisites ............................................................................................ 8 3.1.2 Install ClamAV ......................................................................................... 8 3.2 Uninstall ClamAV ............................................................................................... 9 3.3 Configuration ................................................................................................... 10 3.3.1 Editing Configuration files: ..................................................................... 10 3.3.2 Log File .................................................................................................. 16 3.4 Updating .......................................................................................................... 16 3.5 Testing Scan .................................................................................................... 17 3.6 Schedulling Freshclam using Crontab.............................................................. 17 4 Hobbit Server v4.2.0 ................................................................................................ 18 4.1 Install ............................................................................................................... 18 4.1.1 Prerequisites .......................................................................................... 18 4.1.2 Hobbit Installation .................................................................................. 20 4.2 Uninstall Hobbit ................................................................................................ 21 4.3 Configuring Apache for Hobbit ......................................................................... 21 4.3.1 Start Apache automatically when system restarts .................................. 21 4.4 Using the Hobbit Server ................................................................................... 22 4.4.1 Starting the Hobbit Server ...................................................................... 22 4.4.2 Confirming the Hobbit Server has started .............................................. 22 4.4.3 Autostart Hobbit Configuration ............................................................... 23 4.5 Cleaning up after a completed install ............................................................... 24 4.5.1 Delete Hobbit Source Code ................................................................... 24 4.5.2 Uninstall gcc Compiler ........................................................................... 24 5 Exim v4.63-3 (e-mail client) ..................................................................................... 25 5.1 Exim Install ...................................................................................................... 25 5.2 Exim configuration ........................................................................................... 25 6 Hobbit Server - Tests Configuration....................................................................... 26 6.1 Configuration ................................................................................................... 26 6.2 Hobbit Server’s own Test Configuration ........................................................... 29 7 Hobbit Windows Client v0.11 .................................................................................. 30 7.1 Client Installation ............................................................................................. 30 7.2 Client Configuration ......................................................................................... 30 7.3 Miscellaneous .................................................................................................. 31 7.3.1 Built-in Test Configuration ...................................................................... 31 7.3.2 Custom Tests......................................................................................... 33 8 Appendices .............................................................................................................. 35 8.1 Appendix 1 ....................................................................................................... 35 8.2 Appendix 2 ....................................................................................................... 35 Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
3 / 52
8.3 8.4 8.5 Appendix 3 ....................................................................................................... 49 Appendix 4 ....................................................................................................... 51 Appendix 5 ....................................................................................................... 52 Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
4 / 52
1
Introduction and Summary
1.1
Introduction
1.2
Purpose
The purpose of this document is to outline the installation and use of the Hobbit
Monitor. The document outlines the steps required to setup, install and
configure the server and client software necessary to obtain optimal monitoring
using the Hobbit server.
1.3
Scope
This is a detailed overview of how the Hobbit server is installed and configured.
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
5 / 52
Red Hat v5.1 - Install & Configuration
Install & Configuration
CD Media
install in text mode
Test cd media
Welcome Screen
Language selection
Keyboard selection
Installation Number
Partition Type
Boot Loader
Configuration
Boot Loader
Configuration
Boot Loader
Configuration
Boot Loader
Configuration
Boot Loader
Configuration
Configure Network
Interface
Miscellaneous Network
Settings
Hostname Configuration
Time Zone Selection
Root Password
Package Selection
Package Selection
Installation to Begin
Required install media
Install duration 10
minutes
Setup Agent
Firewall Configuration
SELinux
Red Hat 5.1, 64bit, Enterprise Server, Kernel installed is 2.6.18
Red Hat 5.1 requires only 1-4 CDs, 5 + 6 are not used.
Usually no extra Drivers are required.
linux text <ENTER>
SKIP
OK
English
UK
xxxxxxxxxxxxxxx
Automatic Layout
Use GRUB Boot Loader
OK
Use a GRUB Password <specified password>
Ok
OK
Yes
Select top 2, Active on Boot and Enable IPV4 Support
edit, default for each interface, manual address configuration
eht0 – 10.0.0.2
Subnet Mask: 255.xxx.xxx.xxx
DNS: xxx.xxx.xxx.xxx
Gateway: xxx.xxx.xxx.xxx
hobbit01
<choose suitable location>
<specified password>
Web Server + Customise Software Selection OK
Administration Tools
Editors
Gnome Desktop Environment
Graphical Internet
Graphics
Server Configuration Tools
System Tools
Text Based Internet
Web Server
Windows X System
Install log will be kept in /root/intall.log - OK
Continue
After Install, Server will Reboot
Select firewall configuration, Run Tool
Disable
OK
Disable
OK
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
6 / 52
Extra Red Hat Configuration
Add host list entries at /etc/hosts
hobbit01 xxx.xxx.xxx.xxx (ip address)
Host List Entries
OS Update
Configuring Package Updater
Type init 5 at the command prompt to launch GUI
Login to the GUI
Navigate to Applications > System Tools > Software Updater
Forward
Advanced Network Configuration
Tick 1st box and add the relevant proxy address e.g. proxy.my.server.name :80
Close
st
Select 1 option (I would like to receive updates from Red Hat Network…)
Forward
Login: <redhat_user_account>
Pass: <redhat_user_password>
Forward
Click Active subscription now…
Installation Number: xxxxxxxxxxx
Specify the server name
Tick both boxes i.e. send hardware and software profiles.
Forward
Launch GUI
System Name
Updating Packages
Navigate to Applications > System Tools > Software Updater
Forward
Click Apply updates
Answer onscreen questions as they appear
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
7 / 52
3
ClamAV v0.92.1 (antivirus)
3.1
Install
3.1.1
Prerequisites
3.1.1.1
GCC Compiler
To install gcc compiler to compile Hobbit:
# yum install gcc
# yum install gcc-c++
3.1.1.2
GNU MP
Visit http://www.swox.com/gmp/ and download the latest version of GNU MP.
Copy the tar.gz to:
# /tmp
Unpack install file:
# gzip -d <gmp-4.2.2.tar.gz | tar xv
Navigate to the directory:
# cd /tmp/gmp-4.2.2
Run the Configure script:
# ./configure
When the configure script finishes:.
# make
Check for any errors in the screen output.
# make check
When it is finished, you finish the installation by running make install.
# make install
Check for any errors in the screen output.
3.1.1.2.1
Uninstall GMP MP
Type the below command in the original install directory /tmp/gmp-4.2.2/ to uninstall.
# make clean
3.1.2
Install ClamAV
Add users and groups:
# groupadd clamav
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
8 / 52
# useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
Visit http://www.clamav.org/download/sources and download the latest version of ClamAV.
Copy the tar.gz to:
# /tmp
Unpack install file:
# gzip -d < clamav-0.92.1.tar.gz | tar xv
Navigate to the directory:
# cd /tmp/clamav-0.92.1
To compile:
# zcat clamav-x.yz.tar.gz | tar xvf –
Navigate to the directory:
# cd /tmp/clamav-0.92.1
To configure:
Run the Configure script:
# ./configure --sysconfdir=/etc
Check for any errors in the screen output.
# make
Check for any errors in the screen output.
# make install
Check for any errors in the screen output.
libmilter and its development files are required. To enable clamav-milter:
# ./configure --enable-milter
Check for any errors in the screen output.
3.2
Uninstall ClamAV
Type the below command in the original install directory /tmp/clamav-0.92.1/ to uninstall.
# make clean
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
9 / 52
3.3
Configuration
3.3.1
Editing Configuration files:
The file clamd.conf is to be edited to match the below bold text:
/etc/clamd.conf
##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##
# Comment or remove the line below.
# Example
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
LogFile /tmp/clamd.log
# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option).
# This option disables log file locking.
# Default: no
#LogFileUnlock yes
# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
# Default: 1M
LogFileMaxSize 5M
# Log time with each message.
# Default: no
LogTime yes
# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: no
LogClean yes
# Use system logger (can work together with LogFile).
# Default: no
LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL
# Enable verbose logging.
# Default: no
LogVerbose yes
# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
PidFile /var/run/clamd.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
10 / 52
#TemporaryDirectory /var/tmp
# Path to the database directory.
# Default: hardcoded (depends on installation options)
DatabaseDirectory /var/lib/clamav
# The daemon works in a local OR a network mode. Due to security reasons we
# recommend the local mode.
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /tmp/clamd.socket
# Remove stale socket after unclean shutdown.
# Default: yes
#FixStaleSocket yes
# TCP port address.
# Default: no
#TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: no
#TCPAddr 127.0.0.1
# Maximum length the queue of pending connections may grow to.
# Default: 15
#MaxConnectionQueueLength 30
# Clamd uses FTP-like protocol to receive data from remote clients.
# If you are using clamav-milter to balance load between remote clamd daemons
# on firewall servers you may need to tune the options below.
# Close the connection when the data size limit is exceeded.
# The value should match your MTA's limit for a maximum attachment size.
# Default: 10M
#StreamMaxLength 20M
# Limit port range.
# Default: 1024
#StreamMinPort 30000
# Default: 2048
#StreamMaxPort 32000
# Maximum number of threads running at the same time.
# Default: 10
#MaxThreads 20
# Waiting for data from a client socket will timeout after this time (seconds).
# Value of 0 disables the timeout.
# Default: 120
#ReadTimeout 300
# Waiting for a new job will timeout after this time (seconds).
# Default: 30
#IdleTimeout 60
# Maximum depth directories are scanned at.
# Default: 15
#MaxDirectoryRecursion 20
# Follow directory symlinks.
# Default: no
#FollowDirectorySymlinks yes
# Follow regular file symlinks.
# Default: no
#FollowFileSymlinks yes
# Perform a database check.
# Default: 1800 (30 min)
#SelfCheck 600
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
11 / 52
# Execute a command when virus is found. In the command string %v will
# be replaced with the virus name.
# Default: no
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
#User clamav
# Initialize supplementary group access (clamd must be started by root).
# Default: no
#AllowSupplementaryGroups no
# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM yes
# Don't fork into background.
# Default: no
#Foreground yes
# Enable debug messages in libclamav.
# Default: no
#Debug yes
# Do not remove temporary files (for debug purposes).
# Default: no
#LeaveTemporaryFiles yes
# Detect Possibly Unwanted Applications.
# Default: no
#DetectPUA yes
# In some cases (eg. complex malware, exploits in graphic files, and others),
# ClamAV uses special algorithms to provide accurate detection. This option
# controls the algorithmic detection.
# Default: yes
#AlgorithmicDetection yes
##
## Executable files
##
# PE stands for Portable Executable - it's an executable file format used
# in all 32 and 64-bit versions of Windows operating systems. This option allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as UPX, FSG,
# and Petite.
# Default: yes
#ScanPE yes
# Executable and Linking Format is a standard format for UN*X executables.
# This option allows you to control the scanning of ELF files.
# Default: yes
#ScanELF yes
# With this option clamav will try to detect broken executables (both PE and
# ELF) and mark them as Broken.Executable.
# Default: no
#DetectBrokenExecutables yes
##
## Documents
##
# This option enables scanning of OLE2 files, such as Microsoft Office
# documents and .msi files.
# Default: yes
#ScanOLE2 yes
# This option enables scanning within PDF files.
# Default: no
#ScanPDF yes
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
12 / 52
##
## Mail files
##
# Enable internal e-mail scanner.
# Default: yes
#ScanMail yes
# If an email contains URLs ClamAV can download and scan them.
# WARNING: This option may open your system to a DoS attack.
#
Never use it on loaded servers.
# Default: no
#MailFollowURLs no
# Recursion level limit for the mail scanner.
# Default: 64
#MailMaxRecursion 128
# With this option enabled ClamAV will try to detect phishing attempts by using
# signatures.
# Default: yes
#PhishingSignatures yes
# Scan URLs found in mails for phishing attempts using heuristics.
# Default: yes
#PhishingScanURLs yes
# Use phishing detection only for domains listed in the .pdb database. It is
# not recommended to have this option turned off, because scanning of all
# domains may lead to many false positives!
# Default: yes
#PhishingRestrictedScan yes
# Always block SSL mismatches in URLs, even if the URL isn't in the database.
# This can lead to false positives.
#
# Default: no
#PhishingAlwaysBlockSSLMismatch no
# Always block cloaked URLs, even if URL isn't in database.
# This can lead to false positives.
#
# Default: no
#PhishingAlwaysBlockCloak no
##
## HTML
##
# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: yes
#ScanHTML yes
##
## Archives
##
# ClamAV can scan within archives and compressed files.
# Default: yes
#ScanArchive yes
# The options below protect your system against Denial of Service attacks
# using archive bombs.
# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# Default: 10M
#ArchiveMaxFileSize 15M
# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
13 / 52
# deeply the process should be continued.
# Value of 0 disables the limit.
# Default: 8
#ArchiveMaxRecursion 10
# Number of files to be scanned within an archive.
# Value of 0 disables the limit.
# Default: 1000
#ArchiveMaxFiles 1500
# If a file in an archive is compressed more than ArchiveMaxCompressionRatio
# times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)
# Value of 0 disables the limit.
# Default: 250
#ArchiveMaxCompressionRatio 300
# Use slower but memory efficient decompression algorithm.
# only affects the bzip2 decompressor.
# Default: no
#ArchiveLimitMemoryUsage yes
# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: no
#ArchiveBlockEncrypted no
# Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)
# if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
# reached.
# Default: no
#ArchiveBlockMax no
##
## Clamuko settings
## WARNING: This is experimental software. It is very likely it will hang
##
up your system!!!
##
# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
# Default: no
#ClamukoScanOnAccess yes
# Set access mask for Clamuko.
# Default: no
#ClamukoScanOnOpen yes
#ClamukoScanOnClose yes
#ClamukoScanOnExec yes
# Set the include paths (all files inside them will be scanned). You can have
# multiple ClamukoIncludePath directives but each directory must be added
# in a seperate line.
# Default: disabled
#ClamukoIncludePath /home
#ClamukoIncludePath /students
# Set the exclude paths. All subdirectories are also excluded.
# Default: disabled
#ClamukoExcludePath /home/bofh
# Don't scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
#ClamukoMaxFileSize 10M
The file freshclam.conf is to be edited to match the below bold text:
/etc/freshclam.conf
##
## Example config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.
##
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
14 / 52
# Comment or remove the line below.
# Example
# Path to the database directory.
# WARNING: It must match clamd.conf's directive!
# Default: hardcoded (depends on installation options)
# DatabaseDirectory /var/lib/clamav
# Path to the log file (make sure it has proper permissions)
# Default: disabled
UpdateLogFile /var/log/freshclam.log
# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
# in bytes just don't use modifiers.
# Default: 1M
LogFileMaxSize 5M
# Log time with each message.
# Default: no
LogTime yes
# Enable verbose logging.
# Default: no
LogVerbose yes
# Use system logger (can work together with UpdateLogFile).
# Default: no
LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
LogFacility LOG_MAIL
# This option allows you to save the process identifier of the daemon
# Default: disabled
PidFile /var/run/freshclam.pid
# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
#DatabaseOwner clamav
# Initialize supplementary group access (freshclam must be started by root).
# Default: no
#AllowSupplementaryGroups yes
# Use DNS to verify virus database version. Freshclam uses DNS TXT records
# to verify database and software versions. With this directive you can change
# the database verification domain.
# WARNING: Do not touch it unless you're configuring freshclam to use your
# own database verification domain.
# Default: current.cvd.clamav.net
#DNSDatabaseInfo current.cvd.clamav.net
# Uncomment the following line and replace XY with your country
# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
DatabaseMirror db.uk.clamav.net
# database.clamav.net is a round-robin record which points to our most
# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is
# not working. DO NOT TOUCH the following line unless you know what you
# are doing.
DatabaseMirror database.clamav.net
# How many attempts to make before giving up.
# Default: 3 (per mirror)
#MaxAttempts 5
# With this option you can control scripted updates. It's highly recommended
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
15 / 52
# to keep it enabled.
#ScriptedUpdates yes
# Number of database checks per day.
# Default: 12 (every two hours)
#Checks 24
# Proxy settings
# Default: disabled
HTTPProxyServer <your proxy server ip address>
HTTPProxyPort 8080
HTTPProxyUsername http://your_domain_name\jo.bloggs
HTTPProxyPassword <password>
# If your servers are behind a firewall/proxy which applies User-Agent
# filtering you can use this option to force the use of a different
# User-Agent header.
# Default: clamav/version_number
#HTTPUserAgent SomeUserAgentIdString
# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
# multi-homed systems.
# Default: Use OS'es default outgoing IP address.
#LocalIPAddress aaa.bbb.ccc.ddd
# Send the RELOAD command to clamd.
# Default: no
#NotifyClamd /path/to/clamd.conf
# Run command after successful database update.
# Default: disabled
#OnUpdateExecute command
# Run command when database update process fails.
# Default: disabled
#OnErrorExecute command
# Run command when freshclam reports outdated version.
# In the command string %v will be replaced by the new version number.
# Default: disabled
#OnOutdatedExecute command
# Don't fork into background.
# Default: no
#Foreground yes
# Enable debug messages in libclamav.
# Default: no
#Debug yes
# Timeout in seconds when connecting to database server.
# Default: 30
#ConnectTimeout 60
# Timeout in seconds when reading from database server.
# Default: 30
#ReceiveTimeout 60
3.3.2
Log File
Create a new file called freshclam.log and give it full execute and write permissions:
/var/log/freshclam.log
3.4
Updating
Type:
# freshclam
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
16 / 52
This updates the antivirus database from the internet mirrors specified in file
freshclam.conf.
3.5
Testing Scan
# clamscan -r -l scan.txt <file>
# more scan.txt
3.6
Schedulling Freshclam using Crontab
Typing the below will schedule a update procedure to run every 33 min past the hour
on a daily basis.
Type: # crontab –e
Next type:
33 * * * * /usr/local/bin/freshclam --quiet
CTRL O - to save the file
CTRL X - to exit the file
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
17 / 52
4
Hobbit Server v4.2.0
4.1
Install
4.1.1
Prerequisites
1) Account
Ensure you are logged in as root.
2) Proxy
# export http_proxy=http://proxy.my.server.name 80/
This temporarily adds a proxy to shell, but a reboot wipes it.
Add the above line to the below to make it permanent.
/root/.bash_profile
3) Starting Apache
Hobbit is designed with a web-based front-end. So you must have a Web server
such as Apache running on the server where you install Hobbit. Type the below to
ensure Apache is running whilst Hobbit is installed and configured.
# /etc/init.d/httpd start
4) Hobbit User Account
A core element of Hobbit is a network daemon. To keep your system secure and limit
the amount of damage that can be done if someone finds a security problem in Hobbit
it is strongly recommended that you create a dedicated userid (hobbit) for the Hobbit
programs. This user should not be a member of any other groups on your system.
# adduser hobbit
# passwd hobbit <specified password>
5) Package Installer
Install a package dependency installer; rpmforge-release.
http://dag.wieers.com/rpm/packages/rpmforge-release
For 32bit machines - rpmforge-release-0.3.6-1.el5.rf.i386.rpm
For 64bit machines - rpmforge-release-0.3.6-1.el4.rf.x86_64.rpm
Copy one of the above install files to /tmp and type the below:
# rpm –i <file name>
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
18 / 52
6) Packages and Libraries
Hobbit relies on a number of Open-Source libraries (fping, pcre, rrdtool, libpng,
openssl, openldap) and these must be installed before building Hobbit. With the
current Redhat configured install, not all the packages require installing.
Type the below to use yum to install these packages / libraries:
# yum install fping
# yum install rrdtool*
# yum install pcre-devel
# yum install libpng*
# yum install openssl*
# yum install openldap*
# yum install cppunit*
To install gcc compiler to compile Hobbit:
NOTE: This was already installed previously for ClamAV, if so, do not re-install it.
# yum install gcc
# yum install gcc-c++
Package names of the hobbit dependencies
fping
libpcre3-dev
librrd0-dev
openssl
libssl-dev
rrdtool
librrd0
libpng10-0
libssl0.9.7
libldap2
libpcre3
librrds-perl
libpng10-dev
libssl-dev
libldap2-dev
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
19 / 52
4.1.2
Hobbit Installation
Download the latest version of hobbit source (tar.gz) file from
http://sourceforge.net/projects/hobbitmon/
4.1.2.1
Copy the tar.gz to:
# /tmp
Unpack install file:
# gzip -d <hobbit-4.2.0.tar.gz | tar xv
Navigate to the directory:
# cd /tmp/hobbit-4.2.0
./configure
Run the Configure script:
# ./configure
This script asks a series of questions, but all of the questions have a reasonable
default response <ENTER>.
Further, once the ./configure is complete, scroll back and check the screen for any
errors, if any are found, delete the Makefile located at /tmp/hobbit-4.2.0/ and try again
(only after fixing the stated problems/issues).
This script asks a few questions and builds a file called Makefile, to compile Hobbit.
The 2 questions that require manual input are:
What group-ID does your webserver use ?
apache
What is the IP-address of this host [127.0.0.1] ?
10.0.0.2
4.1.2.2
make
When the configure script finishes, it tells you to run make to build the Hobbit
programs.
# make
Check for any errors in the screen output.
4.1.2.3
make Install
When it is finished, you finish the installation by running make install.
# make install
Check for any errors in the screen output.
The first time you run make install, besides installing the Hobbit programs it also creates the
default directory structure /home/hobbit/ used by Hobbit, and installs an initial set of
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
20 / 52
configuration files that you can use as the basis for setting up monitoring of your entire
network.
4.2
Uninstall Hobbit
Type the below command in the original install directory /tmp/hobbit-4.2.0/ to uninstall Hobbit.
# make clean
4.3
Configuring Apache for Hobbit
Hobbit uses a web-based front-end. So you need to configure your webserver so that it knows
where the Hobbit webpages can be found, and what CGI scripts can run as part of Hobbit.
This usually means adding a few lines to your webserver configuration that sets up a URL
which points at the ~/server/www/ directory, and which tells your webserver that the ~/cgi-bin/
directory holds CGI scripts that the webserver should run when they are requested.
You can find the necessary additions to the Apache configuration in:
# /home/hobbit/server/etc/hobbit-apacheconf
Copy all the text of the hobbit-apache.conf file and paste it to the bottom of the httpd.conf file:
# /etc/httpd/conf/httpd.conf
These 2 lines must be added manually at the top of the file:
#LoadModule mod_placeholder /usr/lib/apache2/modules/mod_placeholder.so
Alias /hobbit/ "/home/hobbit/server/www/"
Note: If Hobbit was configured to put the Administration CGI scripts in a separate directory,
See Appendix 4.
Apache Hobbit account and password
4.3.1
Start Apache automatically when system restarts
# cd /etc/rc.d/
In the folders rc0.d – rc5.d, rename the file K15httpd to S15httpd
Now restart apache to get the changes effected.
# /etc/init.d/httpd reload
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
21 / 52
4.4
Using the Hobbit Server
4.4.1
Starting the Hobbit Server
Login as the hobbit user and type the below command to start the Hobbit Server.
# ./server/hobbit.sh start
4.4.2
Confirming the Hobbit Server has started
Type:
# ps -ef | grep hobbitd
You should see a list of several processes similar to:
hobbit 3395 3394 0 13:35 ?
00:00:00 hobbitd --pidfile=/var/log/hobbit/hobbitd.pid --restart=/home/hobbit/server/tmp/hobbitd.chk -checkpoint-file=/home/hobbit/server/tmp/hobbitd.chk --checkpoint-interval=600 --log=/var/log/hobbit/hobbitd.log --admin-senders=127.0.0.1
10.0.0.2 --store-clientlogs=!msgs
hobbit 3396 3394 0 13:35 ?
00:00:00 hobbitd_channel --channel=stachg --log=/var/log/hobbit/history.log hobbitd_history
hobbit 3397 3394 0 13:35 ?
00:00:00 hobbitd_channel --channel=clichg --log=/var/log/hobbit/hostdata.log hobbitd_hostdata
hobbit 3398 3394 0 13:35 ?
00:00:00 hobbitd_channel --channel=page --log=/var/log/hobbit/page.log hobbitd_alert --checkpointfile=/home/hobbit/server/tmp/alert.chk --checkpoint-interval=600
hobbit
3399 3394 0 13:35 ?
00:00:00 hobbitd_channel --channel=status --log=/var/log/hobbit/rrd-status.log hobbitd_rrd -rrddir=/home/hobbit/data/rrd
hobbit
3400 3394 0 13:35 ?
00:00:00 hobbitd_channel --channel=data --log=/var/log/hobbit/rrd-data.log hobbitd_rrd -rrddir=/home/hobbit/data/rrd
hobbit 3401 3394 0 13:35 ?
00:00:00 hobbitd_channel --channel=client --log=/var/log/hobbit/clientdata.log hobbitd_client
hobbit 3410 3396 0 13:35 ?
00:00:00 hobbitd_history
hobbit 3411 3398 0 13:35 ?
00:00:00 hobbitd_alert --checkpoint-file=/home/hobbit/server/tmp/alert.chk --checkpoint-interval=600
hobbit 3412 3397 0 13:35 ?
00:00:00 hobbitd_hostdata
hobbit 3413 3399 0 13:35 ?
00:00:00 hobbitd_rrd --rrddir=/home/hobbit/data/rrd
hobbit 3414 3400 0 13:35 ?
00:00:00 hobbitd_rrd --rrddir=/home/hobbit/data/rrd
hobbit 3415 3401 0 13:35 ?
00:00:00 hobbitd_client
hobbit 3441 3366 0 13:35 pts/1 00:00:00 grep hobbitd
If the above if ok, view the hobbit webpage by pointing your browser to:
http://10.0.0.2/hobbit/
e.g. (http://hobbit01/hobbit/)
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
22 / 52
4.4.3
Autostart Hobbit Configuration
Login as root.
The following is a script for making hobbit demon start and stop automatically when the
system restarts.
Copy all the text and paste it in to a new file called hobbit-server.
Place the new file at /etc/init.d/
###
###
#!/bin/bash
#
# hobbit-server This shell script takes care of starting and stopping
#
hobbit monitoring server.
#
# chkconfig: - 99 45
# description: Hobbit monitoring server is\ # used to monitor Pathfire's systems.
# probe: true
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "${NETWORKING}" = "no" ] && exit 0
PATH=$PATH:/bin:/usr/bin
BBHOME=/home/hobbit
BBUSER=hobbit
# FOR su
case "$1" in
start)
su - $BBUSER -c "cd $BBHOME;./server/hobbit.sh start"
;;
restart)
su - $BBUSER -c "cd $BBHOME;./server/hobbit.sh restart"
;;
stop)
su - $BBUSER -c "cd $BBHOME;./server/hobbit.sh stop"
;;
status)
su - $BBUSER -c "cd $BBHOME;./server/hobbit.sh status"
;;
*)
echo "Usage: $0 {start|stop|restart|status}"
exit 1
;;
esac
exit 0
###
###
Give full executable permission for the hobbit-server file:
# chmod +x /etc/init.d/hobbit-server
Create a Symbolik link to the hobbit-server file for startup :
# ln -s ../init.d/hobbit-server S95hobbit-server
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
23 / 52
Restart the Server:
# init 6
Only after confirming that everything is working ok, proceed with the next step.
4.5
Cleaning up after a completed install
4.5.1
Delete Hobbit Source Code
Type : # cd /
# cd tmp
# rm hobbit-4.2.0.tar.gz
# rm -rf hobbit-4.2.0
4.5.2
y
Uninstall gcc Compiler
Type : # yum remove gcc
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
24 / 52
5
Exim v4.63-3 (e-mail client)
5.1
Exim Install
Exim is a free e-mail client and it can be used wit Hobbit to send e-mail alerts / notifications
about status change to any client machine that is being monitored.
5.2
Exim configuration
Will be coming soon…
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
25 / 52
6
Hobbit Server - Tests Configuration
For full instructions on configuring a Hobbit server see the documentation installed with the
server. The product documentation is available via the menus:
On the installed Hobbit server
On the author’s Hobbit reference site
6.1
http://hobbit01/hobbit/
http://www.hswn.dk/hobbit/
Configuration
The Hobbit configuration is kept in the files in the /home/hobbit/server/etc/ directory. If you
look at this directory, you will see these files:
•
bb-hosts is the one you will change the most. This file contains a list of all the hosts
you are monitoring, including information such as their IP-address, what network
services you are monitoring on the host, what URL's you are checking, what subpage
in the Hobbit web-pages this host is shown on etc. The file snippet shows the use of
pages and groups to define which page displays the appropriate servers. Server side
tests eg. smtp, imap and ldap are also configured against each server in this file.
group Hobbit Server
10.0.0.2
hobbit01
group VitalApps Server
10.0.0.3
server01
# BBDISPLAY BBPAGER BBNET bbd http://hobbit01 / ssh
page unitedkingdom UnitedKingdom
group London
10.0.0.4
server02
10.0.0.5
server03
10.0.0.6
server04 # noconn
10.0.0.7
server05 # noconn smtp !imap !pop3 ldap
group Manchester
10.0.0.8
server05
10.0.0.9
server06 # smtp !imap !pop3 ldap
group Birmingham
10.0.0.10
server07
•
hobbit-clients.cfg is the configuration file for data reported by the Hobbit clients
installed on the hosts you are monitoring. This defines the color of the cpu-, disk-,
memory- and procs-columns, based on the information that is sent to Hobbit by the
clients.
•
hobbit-alerts.cfg holds the alerting configuration. In this file, you setup the rules for
sending out alerts about services going down: Who gets the alert, how is it sent, how
often, whether to send alerts 24x7 or only between 10 AM and 4 PM on weekdays
etc.
•
hobbitserver.cfg is the configuration file for the Hobbit server. This file defines a lot of
environment variables that are made available to all of the Hobbit programs when
they run. Some environment variables that are defined in the Big Brother system are
also setup by Hobbit, so that Big Brother extension scripts will work. The initial
configuration of hobbitserver.cfg is setup by the configure script when you install
Hobbit, and in most cases you will not need to change it. The only modifications to
this file are to produce extra graphs for the external tests such as exchange and
printq.
# TEST2RRD defines the status- and data-messages you want to collect RRD data
# about. You will normally not need to modify this, unless you have added a
# script to pick up RRD data from custom tests (the hobbitd_larrd --extra-script
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
26 / 52
# and --extra-tests options).
# Note that network tests defined in the bb-services file are automatically
# included.
# The format here is "COLUMN=RRDSERVICE". If you leave out the "=RRDSERVICE"
# part, it is assumed to be the same as the COLUMN value.
#
# This is also used by the bb-hostsvc.cgi script to determine if the detailed
# status view of a test should include a graph.
TEST2RRD="cpu=la,disk,inode,qtree,memory,$PINGCOLUMN=tcp,http=tcp,dns=tcp,dig=tcp,tim
e=ntpstat,vmstat,iostat,netstat,
temperature,apache,bind,sendmail,mailq,nmailq=mailq,socks,bea,iishealth,citrix,bbgen,bbtest,bb
proxy,hobbitd,mess=ncv,
exchange=ncv,diskperf=ncv,ts=ncv,printq"
# This defines which RRD files to include on the "trends" column webpage,
# and the order in which they appear.
GRAPHS="la,disk,inode,qtree,memory,users,vmstat,iostat,tcp.http,tcp,netstat,mrtg::1,temperatur
e,ntpstat,apache,bind,s
endmail,mailq,socks,bea,iishealth,citrix,bbgen,bbtest,bbproxy,hobbitd,mess,exchange,diskperf,ts
,printq,ncv"
•
hobbitlaunch.cfg is the configuration file for the hobbitlaunch tool. hobbitlaunch is the
master program in Hobbit, it is the only program you start to run the Hobbit server.
hobbitlaunch reads the hobbitlaunch.cfg file, and starts the programs listed here to
run the server. Some of the programs may run as daemons, some of the programs
may run at regular intervals. If you want to use some of the advanced options for the
bbgen or bbtest-net programs, you change the hobbitlaunch.cfg file to add these
options to the commandline. Modified to run the script makerrd.sh which creates the
RRD data used to draw graphs for the printq and pages external tests. For more
information on this see the section on custom graphs in the Hobbit documentation.
# "rrdstatus" updates RRD files with information that arrives as "status" messages.
# If you want RRD graphs of your monitoring data, then you want to run this.
[rrdstatus]
ENVFILE /home/hobbit/server/etc/hobbitserver.cfg
NEEDS hobbitd
CMD hobbitd_channel --channel=status --log=$BBSERVERLOGS/rrd-status.log hobbitd_rrd
--rrddir=$BBVAR/rrd --ext
ra-script=/home/hobbit/server/bin/makerrd.sh --extra-tests=printq
# "rrddata" updates RRD files with information that arrives as "data" messages.
# If you want RRD graphs of your monitoring BB data, then you want to run this.
[rrddata]
ENVFILE /home/hobbit/server/etc/hobbitserver.cfg
NEEDS hobbitd
CMD hobbitd_channel --channel=data --log=$BBSERVERLOGS/rrd-data.log hobbitd_rrd -rrddir=$BBVAR/rrd --extra-s
cript=/home/hobbit/server/bin/makerrd.sh --extra-tests=printq
•
hobbitgraph.cfg is a configuration file for the hobbitgraph CGI. It defines how the
graphs are generated from the data in the RRD files. Graph definitions that have
been added for the additional external tests.
[mess]
TITLE Message Rate
YAXIS Messages Per Sec
DEF:MessReceived=mess.rrd:MessReceived:AVERAGE
DEF:MessSent=mess.rrd:persecMessSent:AVERAGE
AREA:MessReceived#00FF00:Message Recv p/s
GPRINT:MessReceived:LAST: \: %5.1lf (cur)
GPRINT:MessReceived:MAX: \: %5.1lf (max)
GPRINT:MessReceived:MIN: \: %5.1lf (min)
GPRINT:MessReceived:AVERAGE: \: %5.1lf (avg)\n
LINE1:MessSent#FF0000:Message Sent p/s
GPRINT:MessSent:LAST: \: %5.1lf (cur)
GPRINT:MessSent:MAX: \: %5.1lf (max)
GPRINT:MessSent:MIN: \: %5.1lf (min)
GPRINT:MessSent:AVERAGE: \: %5.1lf (avg)\n
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
27 / 52
[exchange]
TITLE Queue Status
YAXIS Queue Length
DEF:LQL=exchange.rrd:LocalQueueLength:AVERAGE
DEF:LRQL=exchange.rrd:LocalRetryQueueLeng:AVERAGE
DEF:RQL=exchange.rrd:RemoteQueueLength:AVERAGE
DEF:RRQL=exchange.rrd:RemoteRetryQueueLen:AVERAGE
DEF:CQL=exchange.rrd:CategorizerQueueLen:AVERAGE
LINE1:LQL#00FF00:Local Q Length
GPRINT:LQL:LAST: \: %5.1lf (cur)
GPRINT:LQL:MAX: \: %5.1lf (max)
GPRINT:LQL:MIN: \: %5.1lf (min)
GPRINT:LQL:AVERAGE: \: %5.1lf (avg)\n
LINE1:LRQL#FF0000:Local Retry Q Length
GPRINT:LRQL:LAST: \: %5.1lf (cur)
GPRINT:LRQL:MAX: \: %5.1lf (max)
GPRINT:LRQL:MIN: \: %5.1lf (min)
GPRINT:LRQL:AVERAGE: \: %5.1lf (avg)\n
LINE1:RQL#0000FF:Remote Q Length
GPRINT:RQL:LAST: \: %5.1lf (cur)
GPRINT:RQL:MAX: \: %5.1lf (max)
GPRINT:RQL:MIN: \: %5.1lf (min)
GPRINT:RQL:AVERAGE: \: %5.1lf (avg)\n
LINE1:RRQL#FF00FF:Remote Retry Q Length
GPRINT:RRQL:LAST: \: %5.1lf (cur)
GPRINT:RRQL:MAX: \: %5.1lf (max)
GPRINT:RRQL:MIN: \: %5.1lf (min)
GPRINT:RRQL:AVERAGE: \: %5.1lf (avg)\n
LINE1:CQL#FFFF00:Categoriser Q Length
GPRINT:CQL:LAST: \: %5.1lf (cur)
GPRINT:CQL:MAX: \: %5.1lf (max)
GPRINT:CQL:MIN: \: %5.1lf (min)
GPRINT:CQL:AVERAGE: \: %5.1lf (avg)\n
[diskperf]
TITLE Disk Performance
YAXIS % Disk Usage Time
DEF:SecsRead=diskperf.rrd:AvgSecsPerRead:AVERAGE
DEF:SecsWrite=diskperf.rrd:AvgSecsPerWrite:AVERAGE
DEF:ReadBytesSec=diskperf.rrd:ReadBytesPerSec:AVERAGE
DEF:WriteBytesSec=diskperf.rrd:WriteBytesPerSec:AVERAGE
DEF:ReadsSec=diskperf.rrd:ReadsPerSecond:AVERAGE
DEF:WritesSec=diskperf.rrd:WritesPerSecond:AVERAGE
DEF:ReadTime=diskperf.rrd:ReadTime:AVERAGE
DEF:WriteTime=diskperf.rrd:WriteTime:AVERAGE
DEF:IdleTime=diskperf.rrd:IdleTime:AVERAGE
LINE1:SecsRead#00FF00:Average Disk Seconds Per Read
GPRINT:SecsRead:LAST: \: %5.1lf (cur)
GPRINT:SecsRead:MAX: \: %5.1lf (max)
GPRINT:SecsRead:MIN: \: %5.1lf (min)
GPRINT:SecsRead:AVERAGE: \: %5.1lf (avg)\n
LINE1:SecsWrite#FF0000:Average Disk Seconds Per Write
GPRINT:SecsWrite:LAST: \: %5.1lf (cur)
GPRINT:SecsWrite:MAX: \: %5.1lf (max)
GPRINT:SecsWrite:MIN: \: %5.1lf (min)
GPRINT:SecsWrite:AVERAGE: \: %5.1lf (avg)\n
LINE1:ReadTime#0000FF:% Disk Read Time
GPRINT:ReadTime:LAST: \: %5.1lf (cur)
GPRINT:ReadTime:MAX: \: %5.1lf (max)
GPRINT:ReadTime:MIN: \: %5.1lf (min)
GPRINT:ReadTime:AVERAGE: \: %5.1lf (avg)\n
LINE1:WriteTime#FFFF00:% Disk Write Time
GPRINT:WriteTime:LAST: \: %5.1lf (cur)
GPRINT:WriteTime:MAX: \: %5.1lf (max)
GPRINT:WriteTime:MIN: \: %5.1lf (min)
GPRINT:WriteTime:AVERAGE: \: %5.1lf (avg)\n
[ts]
TITLE Terminal Server Users
YAXIS Sessions
DEF:ActiveSessions=ts.rrd:ActiveSessions:AVERAGE
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
28 / 52
DEF:InactiveSessions=ts.rrd:InactiveSessions:AVERAGE
DEF:TotalSessions=ts.rrd:TotalSessions:AVERAGE
LINE1:ActiveSessions#00FF00:Active Sessions
GPRINT:ActiveSessions:LAST: \: %5.1lf (cur)
GPRINT:ActiveSessions:MAX: \: %5.1lf (max)
GPRINT:ActiveSessions:MIN: \: %5.1lf (min)
GPRINT:ActiveSessions:AVERAGE: \: %5.1lf (avg)\n
LINE1:InactiveSessions#0000FF:Inactive Sessions
GPRINT:InactiveSessions:LAST: \: %5.1lf (cur)
GPRINT:InactiveSessions:MAX: \: %5.1lf (max)
GPRINT:InactiveSessions:MIN: \: %5.1lf (min)
GPRINT:InactiveSessions:AVERAGE: \: %5.1lf (avg)\n
LINE1:TotalSessions#FF0000:Total Sessions
GPRINT:TotalSessions:LAST: \: %5.1lf (cur)
GPRINT:TotalSessions:MAX: \: %5.1lf (max)
GPRINT:TotalSessions:MIN: \: %5.1lf (min)
GPRINT:TotalSessions:AVERAGE: \: %5.1lf (avg)\n
[printq]
FNPATTERN printq(.*.rrd)
TITLE Print Queues
YAXIS Queue Length
DEF:=p@RRDIDX@=@RRDFN@:qlen:AVERAGE
LINE2:p@RRDIDX@#@COLOR@:@RRDPARAM@
GPRINT:p@RRDIDX@:LAST: \: %5.1lf (cur)
GPRINT:p@RRDIDX@:MAX: \: %5.1lf (max)
GPRINT:p@RRDIDX@:MIN: \: %5.1lf (min)
GPRINT:p@RRDIDX@:AVERAGE: \: %5.1lf (avg)\n
•
6.2
bb-services is a configuration file for the bbtest-net program. It defines how network
services are checked.
Hobbit Server’s own Test Configuration
The Hobbit Server’s own test configuration is automatically configured during install in the 2
files below:
1. The Servers own IP address file:
# /home/hobbit/client/etc/hobbitclient.cfg
BBDISP=”10.0.0.2”
# IP address of the Hobbit server
2. The Servers own IP address and Host name file:
# /home/hobbit/server/etc/hobbitserver.cfg
BBSERVERHOSTNAME="hobbit01"
BBSERVERIP="10.0.0.2"
# The hostname of your server
# The IP-address of your server
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
29 / 52
7
Hobbit Windows Client v0.11
The hobbit server is able to perform a number of test using server side scripts. To monitor
more detailed information such as CPU utilisation, disk space available etc., it is necessary to
install a Hobbit client on the machine that is being monitored. Clients are available for
Windows and Linux servers. The infrastructure is predominantly Windows based and so we
will concentrate on installing the Windows client.
The latest Hobbit Windows client, BBWin is version 0.7. This can be downloaded from
http://sourceforge.net/project/showfiles.php?group_id=136450. It is available as a MSI
package.
It is subsequently necessary to make some configuration changes and optionally to add in
some custom tests as detailed below.
NOTE: For manual install and configuration of the Client, see Appendix 5.
7.1
Client Installation
Copy over the Hobbit client to the client machine and double click the msi file (or exe) to
install it on the client machine.
7.2
Client Configuration
To configure the Hobbit client for deployment with modified tests / thresholds, use the below
table for preference. Changing Thresholds Configuration Setting
Printq
Termserv
Pagefaults
Disk
CPU
Memory
Msgs
Uptime
Services
Changes
edit – C:\Program Files\BBWin\bin\config\pringq.config - Change values
edit – C:\Program Files\BBWin\bin\config\termserv.config - Change
values
edit – C:\Program Files\BBWin\bin\tests\pagefaults.vbs
edit - C:\Program Files\etc\bbwin.cfg - Change default warn levels, these
are for any other drive except C:\
"C" has its own specific settings, so they must be changed independently
edit - C:\Program Files\etc\bbwin.cfg - Change <cpu> values
edit - C:\Program Files\etc\bbwin.cfg - Change <memory> values
edit - C:\Program Files\etc\bbwin.cfg - Change <msgs> values
edit - C:\Program Files\etc\bbwin.cfg - Change <uptime> values
edit - C:\Program Files\etc\bbwin.cfg - add / remove Service name to
<SVCS> list
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
30 / 52
7.3
Miscellaneous
7.3.1
Built-in Test Configuration
The BBWin package provides information on cpu and disk usage, running processes and
services and event log messages. The default installed list of processes and services needs
modification for most systems. Example configuration for an exchange server is provided
below:
<procs>
<setting name="drwtsn" rule="<1" alarmcolor="red" />
<!setting name="pageant.exe" rule="=1" comment="Putty agent deamon" />
<setting name="System" rule="=1" />
<setting name="smss.exe" rule="=1" />
<setting name="csrss.exe" rule="=1" />
<setting name="winlogon.exe" rule="=1" />
<setting name="services.exe" rule="=1" />
<setting name="lsass.exe" rule="=1" />
<setting name="svchost.exe" rule=">1" />
<setting name="spoolsv.exe" rule="=1" />
<setting name="racsvc.exe" rule="=1" />
<setting name="msdtc.exe" rule="=1" />
<setting name="beremote.exe" rule="=1" />
<setting name="benetns.exe" rule="=1" />
<setting name="dcevt32.exe" rule="=1" />
<setting name="dcstor32.exe" rule="=1" />
<setting name="dns.exe" rule="=1" />
<setting name="inetinfo.exe" rule="=1" />
<setting name="ismserv.exe" rule="=1" />
<setting name="tcpsvcs.exe" rule="=1" />
<setting name="SAFeService.exe" rule="=1" />
<setting name="FrameworkService.exe" rule="=1" />
<setting name="RPCServ.exe" rule=">1" />
<setting name="Mcshield.exe" rule="=1" />
<setting name="VsTskMgr.exe" rule="=1" />
<setting name="mr2kserv.exe" rule="=1" />
<setting name="sqlservr.exe" rule="=1" />
<setting name="NAIlgpip.exe" rule="=1" />
<setting name="omsad32.exe" rule="=1" />
<setting name="Outbreak.exe" rule="=1" />
<setting name="log_qtine.exe" rule="=1" />
<setting name="omaws32.exe" rule="=1" />
<setting name="snmp.exe" rule="=1" />
<setting name="uphclean.exe" rule="=1" />
<setting name="VxSvc.exe" rule="=1" />
<setting name="mad.exe" rule="=1" />
<setting name="mssearch.exe" rule="=1" />
<setting name="exmgmt.exe" rule="=1" />
<setting name="pvlsvr.exe" rule="=1" />
<setting name="beserver.exe" rule="=1" />
<setting name="bengine.exe" rule="=1" />
<setting name="ECM.exe" rule="=1" />
<setting name="wmiprvse.exe" rule=">1" />
<setting name="store.exe" rule="=1" />
<setting name="emsmta.exe" rule="=1" />
<setting name="NetSvc.exe" rule="=1" />
<setting name="java.exe" rule="=1" />
<setting name="explorer.exe" rule="=1" />
<setting name="shstat.exe" rule="=1" />
<setting name="PRONoMgr.exe" rule="=1" />
<setting name="UpdaterUI.exe" rule="=1" />
<setting name="TBMon.exe" rule="=1" />
<setting name="VxTaskbarMgr.exe" rule="=1" />
<setting name="jusched.exe" rule="=1" />
<setting name="sqlmangr.exe" rule="=1" />
<!setting name="IEXPLORE.EXE" rule="=1" />
<setting name="BBWin.exe" rule="=1" />
<!setting name="mstsc.exe" rule="=1" />
<setting name="naPrdMgr.exe" rule="=1" />
</procs>
<svcs>
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
31 / 52
<!-- If true, the agent will always report with green status -->
<setting name="alwaysgreen" value="false" />
<!-- If true, the agent will restart all "automatic services" which would be stopped-->
<setting name="autoreset" value="false" />
<setting name="alarmcolor" value="yellow" />
<!-- The line bellow show you svcs rules. If the "Automatic Updates" service is stopped, it will be
automatically restarted and a red status will be sent
until the service get it's correct status -->
<setting name="Automatic Updates" value="stopped" autoreset="false" alarmcolor="red" />
<setting name="Alerter" value="started" />
<setting name="Application Layer Gateway Service" value="stopped" />
<setting name="Application Management" value="started" />
<setting name="ASP.NET State Service" value="stopped" />
<setting name="Background Intelligent Transfer Service" value="stopped" />
<setting name="Backup Exec Agent Browser" value="started" />
<setting name="Backup Exec Device & Media Service" value="started" />
<setting name="Backup Exec Job Engine" value="started" />
<setting name="Backup Exec Remote Agent for Windows Servers" value="started" />
<setting name="Backup Exec Server" value="started" />
<setting name="Big Brother Hobbit Client" value="started" />
<setting name="ClipBook" value="stopped" />
<setting name="COM+ Event System" value="started" />
<setting name="COM+ System Application" value="stopped" />
<setting name="Computer Browser" value="started" />
<setting name="Console Message" value="stopped" />
<setting name="Cryptographic Services" value="started" />
<setting name="DHCP Client" value="started" />
<setting name="DHCP Server" value="stopped" />
<setting name="Disk Management Service" value="started" />
<setting name="Distributed File System" value="stopped" />
<setting name="Distributed Link Tracking Client" value="stopped" />
<setting name="Distributed Link Tracking Server" value="stopped" />
<setting name="Distributed Transaction Coordinator" value="started" />
<setting name="DNS Client" value="started" />
<setting name="DNS Server" value="started" />
<setting name="Error Reporting Service" value="started" />
<setting name="Event Log" value="started" />
<setting name="ExecView Communication Module (ECM)" value="started" />
<setting name="File Replication Service" value="stopped" />
<setting name="Help and Support" value="started" />
<setting name="HTTP SSL" value="started" />
<setting name="Human Interface Device Access" value="stopped" />
<setting name="IIS Admin Service" value="started" />
<setting name="IMAPI CD-Burning COM Service" value="stopped" />
<setting name="Indexing Service" value="stopped" />
<setting name="Intel NCS NetService" value="started" />
<setting name="Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)"
value="stopped" />
<setting name="Intersite Messaging" value="started" />
<setting name="IPSEC Services" value="started" />
<setting name="Kerberos Key Distribution Center" value="started" />
<setting name="License Logging" value="stopped" />
<setting name="Logical Disk Manager" value="started" />
<setting name="Logical Disk Manager Administrative Service" value="stopped" />
<setting name="McAfee Framework Service" value="started" />
<setting name="McAfee GroupShield" value="started" />
<setting name="McAfee Log Service" value="started" />
<setting name="McAfee Outbreak Manager" value="started" />
<setting name="Messenger" value="started" />
<setting name="Microsoft Active Directory Connector" value="stopped" />
<setting name="Microsoft Exchange Event" value="stopped" />
<setting name="Microsoft Exchange IMAP4" value="stopped" />
<setting name="Microsoft Exchange Information Store" value="started" />
<setting name="Microsoft Exchange Management" value="started" />
<setting name="Microsoft Exchange MTA Stacks" value="started" />
<setting name="Microsoft Exchange POP3" value="stopped" />
<setting name="Microsoft Exchange Routing Engine" value="started" />
<setting name="Microsoft Exchange Site Replication Service" value="stopped" />
<setting name="Microsoft Exchange System Attendant" value="started" />
<setting name="Microsoft Search" value="started" />
<setting name="Microsoft Software Shadow Copy Provider" value="stopped" />
<setting name="mr2kserv" value="started" />
<setting name="MSSQL$BKUPEXEC" value="started" />
<setting name="MSSQLServerADHelper" value="stopped" />
<setting name="Net Logon" value="started" />
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
32 / 52
<setting name="NetMeeting Remote Desktop Sharing" value="stopped" />
<setting name="Network Associates McShield" value="started" />
<setting name="Network Associates Task Manager" value="started" />
<setting name="Network Connections" value="started" />
<setting name="Network DDE" value="stopped" />
<setting name="Network DDE DSDM" value="stopped" />
<setting name="Network Location Awareness (NLA)" value="started" />
<setting name="Network News Transfer Protocol (NNTP)" value="stopped" />
<setting name="NT LM Security Support Provider" value="started" />
<setting name="Office Source Engine" value="stopped" />
<setting name="OM Common Services" value="started" />
<setting name="Performance Logs and Alerts" value="stopped" />
<setting name="Plug and Play" value="started" />
<setting name="Portable Media Serial Number Service" value="stopped" />
<setting name="Print Spooler" value="started" />
<setting name="Protected Storage" value="started" />
<setting name="Remote Access Auto Connection Manager" value="stopped" />
<setting name="Remote Access Connection Manager" value="started" />
<setting name="Remote Access Controller 4 (RAC)" value="started" />
<setting name="Remote Desktop Help Session Manager" value="stopped" />
<setting name="Remote Procedure Call (RPC)" value="started" />
<setting name="Remote Procedure Call (RPC) Locator" value="stopped" />
<setting name="Remote Registry" value="started" />
<setting name="Removable Storage" value="stopped" />
<setting name="Resultant Set of Policy Provider" value="stopped" />
<setting name="Routing and Remote Access" value="stopped" />
<setting name="Secondary Logon" value="started" />
<setting name="Secure Port Server" value="started" />
<setting name="Security Accounts Manager" value="started" />
<setting name="Server" value="started" />
<setting name="Shell Hardware Detection" value="started" />
<setting name="Simple Mail Transfer Protocol (SMTP)" value="started" />
<setting name="Smart Card" value="stopped" />
<setting name="SNMP Service" value="started" />
<setting name="SNMP Trap Service" value="stopped" />
<setting name="Special Administration Console Helper" value="stopped" />
<setting name="SQLAgent$BKUPEXEC" value="stopped" />
<setting name="System Event Notification" value="started" />
<setting name="Systems Management Data Manager" value="started" />
<setting name="Systems Management Event Manager" value="started" />
<setting name="Task Scheduler" value="started" />
<setting name="TCP/IP NetBIOS Helper" value="started" />
<setting name="TCP/IP Print Server" value="started" />
<setting name="Telephony" value="started" />
<setting name="Telnet" value="stopped" />
<setting name="Terminal Services" value="started" />
<setting name="Terminal Services Session Directory" value="stopped" />
<setting name="Themes" value="stopped" />
<setting name="Uninterruptible Power Supply" value="stopped" />
<setting name="Upload Manager" value="stopped" />
<setting name="User Profile Hive Cleanup" value="started" />
<setting name="Virtual Disk Service" value="stopped" />
<setting name="Volume Shadow Copy" value="stopped" />
<setting name="WebClient" value="stopped" />
<setting name="Windows Audio" value="started" />
<setting name="Windows Image Acquisition (WIA)" value="stopped" />
<setting name="Windows Installer" value="stopped" />
<setting name="Windows Management Instrumentation" value="started" />
<setting name="Windows Management Instrumentation Driver Extensions" value="stopped" />
<setting name="Windows Time" value="started" />
<setting name="WinHTTP Web Proxy Auto-Discovery Service" value="stopped" />
<setting name="Wireless Configuration" value="stopped" />
<setting name="WMI Performance Adapter" value="stopped" />
<setting name="Workstation" value="started" />
<setting name="World Wide Web Publishing Service" value="started" />
</svcs>
7.3.2
Custom Tests
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
33 / 52
Additional tests have been written to provide additional information from print, exchange and
terminal servers. The tests are written in VBScript and integrated with the Hobbit Windows
client via the ‘externals’ functionality.
Install the tests using the following procedure:
•
•
•
•
•
Copy the config directory and contents to C:\Program Files\BBWin\
Copy the appropriate flag files eg.exchange.flag to C:\Program Files\BBWin\
Copy the ClientTests.wsf to C:\Program Files\BBWin\bin
Copy the common and tests directories and contents to C:\Program Files\BBWin\bin\
Edit BBwin.cfg:
<externals>
<setting name="timer" value="3m" />
<setting name="logstimer" value="60s" />
<load value="cscript ClientTests.wsf" />
--- add this line
<!-- load value="cscript mybbscript.vbs" /-->
<!-- load value="memory.exe" /-->
<!-- load value="cscript wlbs.vbs" timer="15m" /-->
<!-- load value="cluster.exe" timer="90s" /-->
</externals>
•
•
Restart the Big Brother Hobbit Client service.
The tests will show up automatically on the Hobbit server – both statistics and graphs.
Tests currently implemented:
•
•
•
•
•
•
Pages
Printq
Mess
Exchange
Diskperf
Ts
- Number of pages each printer has printed since the last reboot
- Number of items on each print queue
- Messages sent and received per second
- Queues on the local exchange server
- Monitor some disk performance activity
- Number of active and inactive sessions on the terminal server
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
34 / 52
8
Appendices
8.1
Appendix 1
Package Explanations:
fping
pcre
rrdtool
libpng
openssl
openldap
8.2
Allows multiple PING ICMP messages to be sent simultaneously. Hobbit
uses fping when checking if systems are alive, so you need to install it
before running Hobbit. The configure-script will also check for this.
Perl Compatible Regular Expression library - is a library for matching textstrings.
is a library for handling the Round-Robin Databases used to hold the
historical data Hobbit gathers. RRDTool can be used to examine the data
is a library for generating images in the PNG format. It is used by rrdtool
(and hence Hobbit).
is a library for communicating with network services that use SSL
encryption - e.g. secure websites. Although this library is not absolutely
required for Hobbit, it is strongly recommend that it is installed because
sooner or later it will probably be needed anyway.
is used to query LDAP directory servers. If you would like to test that your
directory server is up and running, you will need this library.
Appendix 2
httpd.conf
The httpd.conf should look like this.
#LoadModule mod_placeholder /usr/lib/apache2/modules/mod_placeholder.so
Alias /hobbit/ "/home/hobbit/server/www/"
#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
#
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
# whole (the 'global environment').
# 2. Directives that define the parameters of the 'main' or 'default' server,
# which responds to requests that aren't handled by a virtual host.
# These directives also provide default values for the settings
# of all virtual hosts.
# 3. Settings for virtual hosts, which allow Web requests to be sent to
# different IP addresses or hostnames and have them handled by the
# same Apache server process.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
35 / 52
# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
# with ServerRoot set to "/etc/httpd" will be interpreted by the
# server as "/etc/httpd/logs/foo.log".
#
### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
#
# Don't give away too much information about all the subcomponents
# we are running. Comment out this line if you don't mind remote sites
# finding out what major optional modules you are running
ServerTokens OS
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation
# (available at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
ServerRoot "/etc/httpd"
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
PidFile run/httpd.pid
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 120
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive Off
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15
##
## Server-Pool Size Regulation (MPM specific)
##
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# ServerLimit: maximum value for MaxClients for the lifetime of the server
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule prefork.c>
StartServers
8
MinSpareServers 5
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
36 / 52
MaxSpareServers 20
ServerLimit
256
MaxClients
256
MaxRequestsPerChild 4000
</IfModule>
# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule worker.c>
StartServers
2
MaxClients
150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
Listen 80
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
37 / 52
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule version_module modules/mod_version.so
#
# The following modules are not loaded by default:
#
#LoadModule cern_meta_module modules/mod_cern_meta.so
#LoadModule asis_module modules/mod_asis.so
#
# Load config files from the config directory "/etc/httpd/conf.d".
#
Include conf.d/*.conf
#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
#
#ExtendedStatus On
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# . On SCO (ODT 3) use "User nouser" and "Group nogroup".
# . On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
# when the value of (unsigned)Group is above 60000;
# don't use Group #-1 on these systems!
#
User apache
Group apache
### Section 2: 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin root@localhost
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
38 / 52
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If this is not set to valid DNS name for your host, server-generated
# redirections will not work. See also the UseCanonicalName directive.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address anyway, and this will make
# redirections work in a sensible way.
#
#ServerName www.example.com:80
#
# UseCanonicalName: Determines how Apache constructs self-referencing
# URLs and the SERVER_NAME and SERVER_PORT variables.
# When set "Off", Apache will use the Hostname and Port supplied
# by the client. When set "On", Apache will use the value of the
# ServerName directive.
#
UseCanonicalName Off
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/html"
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/var/www/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
39 / 52
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
#
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
UserDir disable
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disable" line above, and uncomment
# the following line instead:
#
#UserDir public_html
</IfModule>
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
#<Directory /home/*/public_html>
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# <Limit GET POST OPTIONS>
#
Order allow,deny
#
Allow from all
# </Limit>
# <LimitExcept GET POST OPTIONS>
#
Order deny,allow
#
Deny from all
# </LimitExcept>
#</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
# The index.html.var file (a type-map) is used to deliver content# negotiated documents. The MultiViews Option can be used for the
# same purpose, but it is much slower.
#
DirectoryIndex index.html index.html.var
#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
40 / 52
#
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
#
# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.
#
TypesConfig /etc/mime.types
#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
<IfModule mod_mime_magic.c>
# MIMEMagicFile /usr/share/magic.mime
MIMEMagicFile conf/magic
</IfModule>
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
#
# EnableMMAP: Control whether memory-mapping is used to deliver
# files (assuming that the underlying OS supports it).
# The default is on; turn this off if you serve from NFS-mounted
# filesystems. On some systems, turning it off (regardless of
# filesystem) can improve performance; for details, please see
# http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap
#
#EnableMMAP off
#
# EnableSendfile: Control whether the sendfile kernel support is
# used to deliver files (assuming that the OS supports it).
# The default is on; turn this off if you serve from NFS-mounted
# filesystems. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile
#
#EnableSendfile off
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog logs/error_log
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
41 / 52
#
LogLevel warn
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this
# requires the mod_logio module to be loaded.
#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
#CustomLog logs/access_log common
#
# If you would like to have separate agent and referer logfiles, uncomment
# the following directives.
#
#CustomLog logs/referer_log referer
#CustomLog logs/agent_log agent
#
# For a single logfile with access, agent, and referer information
# (Combined Logfile Format), use the following directive:
#
CustomLog logs/access_log combined
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature On
#
# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/". If the fakename is slash-terminated, then the
# realname must also be slash terminated, and if the fakename omits the
# trailing slash, the realname must also omit it.
#
# We include the /icons/ alias for FancyIndexed directory listings. If you
# do not use FancyIndexing, you may comment this out.
#
Alias /icons/ "/var/www/icons/"
<Directory "/var/www/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
#
# WebDAV module configuration section.
#
<IfModule mod_dav_fs.c>
# Location of the WebDAV lock database.
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
42 / 52
DAVLockDB /var/lib/dav/lockdb
</IfModule>
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
#
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
#
# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
# Example:
# Redirect permanent /foo http://www.example.com/bar
#
# Directives controlling the display of server-generated directory listings.
#
#
# IndexOptions: Controls the appearance of server-generated directory
# listings.
#
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
#
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions. These are only displayed for
# FancyIndexed directories.
#
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
43 / 52
#
# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
#
DefaultIcon /icons/unknown.gif
#
# AddDescription allows you to place a short description after a file in
# server-generated indexes. These are only displayed for FancyIndexed
# directories.
# Format: AddDescription "description" filename
#
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz
#
# ReadmeName is the name of the README file the server will look for by
# default, and append to directory listings.
#
# HeaderName is the name of a file which should be prepended to
# directory indexes.
ReadmeName README.html
HeaderName HEADER.html
#
# IndexIgnore is a set of filenames which directory indexing should ignore
# and not include in the listing. Shell-style wildcarding is permitted.
#
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
#
# DefaultLanguage and AddLanguage allows you to specify the language of
# a document. You can then use content negotiation to give a browser a
# file in a language the user can understand.
#
# Specify a default language. This means that all data
# going out without a specific language tag (see below) will
# be marked with this one. You probably do NOT want to set
# this unless you are sure it is correct for all cases.
#
# * It is generally better to not mark a page as
# * being a certain language than marking it with the wrong
# * language!
#
# DefaultLanguage nl
#
# Note 1: The suffix does not have to be the same as the language
# keyword --- those with documents in Polish (whose net-standard
# language code is pl) may wish to use "AddLanguage pl .po" to
# avoid the ambiguity with the common suffix for perl scripts.
#
# Note 2: The example entries below illustrate that in some cases
# the two character 'Language' abbreviation is not identical to
# the two character 'Country' code for its country,
# E.g. 'Danmark/dk' versus 'Danish/da'.
#
# Note 3: In the case of 'ltz' we violate the RFC by using a three char
# specifier. There is 'work in progress' to fix this and get
# the reference data for rfc1766 cleaned up.
#
# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
# Norwegian (no) - Polish (pl) - Portugese (pt)
# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
#
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
44 / 52
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
#
# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
#
# Just list the languages in decreasing order of preference. We have
# more or less alphabetized them here. You probably want to change this.
#
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
#
# ForceLanguagePriority allows you to serve a result page rather than
# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
# [in case no accepted languages matched the available variants]
#
ForceLanguagePriority Prefer Fallback
#
# Specify a default charset for all content served; this enables
# interpretation of all content as UTF-8 by default. To use the
# default browser choice (ISO-8859-1), or to allow the META tags
# in HTML content to override this choice, comment out this
# directive:
#
AddDefaultCharset UTF-8
#
# AddType allows you to add to or override the MIME configuration
# file mime.types for specific file types.
#
#AddType application/x-tar .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
# Despite the name similarity, the following Add* directives have nothing
# to do with the FancyIndexing customization directives above.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
45 / 52
#AddHandler cgi-script .cgi
#
# For files that include their own HTTP headers:
#
#AddHandler send-as-is asis
#
# For type maps (negotiated resources):
# (This is enabled by default to allow the Apache "It Worked" page
# to be distributed in multiple languages.)
#
AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# Putting this all together, we can internationalize error responses.
#
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
# our collection of by-error message multi-language collections. We use
# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
# default HTTP_<error>.html.var files by adding the line:
#
# Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
# /var/www/error/include/ files and
# copying them to /your/include/path/, even on a per-VirtualHost basis.
#
Alias /error/ "/var/www/error/"
<IfModule mod_negotiation.c>
<IfModule mod_include.c>
<Directory "/var/www/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback
</Directory>
#
ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
46 / 52
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
ErrorDocument 410 /error/HTTP_GONE.html.var
ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
</IfModule>
</IfModule>
#
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
#
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
#
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
# Change the ".example.com" to match your domain to enable.
#
#<Location /server-status>
# SetHandler server-status
# Order deny,allow
# Deny from all
# Allow from .example.com
#</Location>
#
# Allow remote server configuration reports, with the URL of
# http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".example.com" to match your domain to enable.
#
#<Location /server-info>
# SetHandler server-info
# Order deny,allow
# Deny from all
# Allow from .example.com
#</Location>
#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
#<IfModule mod_proxy.c>
#ProxyRequests On
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
47 / 52
#
#<Proxy *>
# Order deny,allow
# Deny from all
# Allow from .example.com
#</Proxy>
#
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#
#ProxyVia On
#
# To enable a cache of proxied content, uncomment the following lines.
# See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details.
#
#<IfModule mod_disk_cache.c>
# CacheEnable disk /
# CacheRoot "/var/cache/mod_proxy"
#</IfModule>
#
#</IfModule>
# End of proxy directives.
### Section 3: Virtual Hosts
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
# Use name-based virtual hosting.
#
#NameVirtualHost *:80
#
# NOTE: NameVirtualHost cannot be used without a port specifier
# (e.g. :80) if mod_ssl is being used, due to the nature of the
# SSL protocol.
#
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
#<VirtualHost *:80>
# ServerAdmin webmaster@dummy-host.example.com
# DocumentRoot /www/docs/dummy-host.example.com
# ServerName dummy-host.example.com
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>
# This file is for Apache 1.3.x and Apache 2.0.x
#
# Add this to your Apache configuration, it makes
# the Hobbit webpages and cgi-scripts available in the
# "/hobbit" and "/hobbit-cgi" URLs.
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
48 / 52
# NB: The "Alias" line below must NOT be used if you have
# the Hobbit webfiles as the root URL. In that case,
# you should instead set this:
#
#
DocumentRoot /home/hobbit/server/www
<Directory "/home/hobbit/server/www">
Options Indexes FollowSymLinks Includes MultiViews
Order allow,deny
Allow from all
</Directory>
ScriptAlias /hobbit-cgi/ "/home/hobbit/cgi-bin/"
<Directory "/home/hobbit/cgi-bin">
AllowOverride None
Options ExecCGI Includes
Order allow,deny
Allow from all
</Directory>
ScriptAlias /hobbit-seccgi/ "/home/hobbit/cgi-secure/"
<Directory "/home/hobbit/cgi-secure">
AllowOverride None
Options ExecCGI Includes
Order allow,deny
Allow from all
# Password file where users with access to these scripts are kept.
# Create it with "htpasswd -c /home/hobbit/server/etc/hobbitpasswd USERNAME"
# Add more users / change passwords with "htpasswd /home/hobbit/server/etc/hobbitpasswd
USERNAME"
#
# You can also use a group file to restrict admin access to members of a
# group, instead of anyone who is logged in. In that case you must setup
# the "hobbitgroups" file, and change the "Require" settings to require
# a specific group membership. See the Apache docs for more details.
AuthUserFile /home/hobbit/server/etc/hobbitpasswd
AuthGroupFile /home/hobbit/server/etc/hobbitgroups
AuthType Basic
AuthName "Hobbit Administration"
# "valid-user" restricts access to anyone who is logged in.
Require valid-user
# "group admins" restricts access to users who have logged in, AND
# are members of the "admins" group in hobbitgroups.
# Require group admins
</Directory>
8.3
Appendix 3
./configure output:
[root@hobbit01 hobbit-4.2.0]# ./configure
Configuration script for Hobbit
This script asks a few questions and builds a Makefile to compile Hobbit
Checking your make-utility
Checking pre-requisites for building Hobbit
Checking for fping ...
Hobbit has a built-in ping utility (hobbitping)
However, it is not yet fully stable and therefore it
may be best to use the external fping utility instead.
I found fping in /usr/sbin/fping
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
49 / 52
Do you want to use it [Y/n] ?
y
Checking to see if '/usr/sbin/fping 127.0.0.1' works ...
127.0.0.1 is alive
OK, will use '/usr/sbin/fping' for ping tests
NOTE: If you are using an suid-root wrapper, make sure the 'hobbit'
user is also allowed to run fping without having to enter passwords.
For 'sudo', add something like this to your 'sudoers' file:
hobbit: ALL=(ALL) NOPASSWD: /usr/local/sbin/fping
Checking for RRDtool ...
test-rrd.c: In function âmainâ:
test-rrd.c:30: error: too few arguments to function ârrd_graphâ
make: *** [test-compile] Error 1
Not RRDtool 1.0.x, checking for 1.2.x
Found RRDtool include files in /usr/include
Found RRDtool libraries in /usr/lib
Linking RRD with PNG library: -L/usr/lib -lpng
Checking for PCRE ...
Found PCRE include files in /usr/include
Found PCRE libraries in /usr/lib
Checking for OpenSSL ...
Found OpenSSL include files in /usr/include
Found OpenSSL libraries in /usr/lib
Hobbit can use the OpenSSL library to test SSL-enabled services
like POP3S, IMAPS, NNTPS and TELNETS. If you have the OpenSSL
library installed, I recommend that you enable this.
Do you want to be able to test SSL-enabled services (y) ?
Checking for LDAP ...
test-ldap.c: In function âmainâ:
test-ldap.c:16: warning: implicit declaration of function âldap_initâ
test-ldap.c:16: warning: assignment makes pointer from integer without a cast
Found LDAP include files in /usr/include
Found LDAP libraries in /usr/lib
Hobbit can use your OpenLDAP LDAP client library to test LDAP servers.
Do you want to be able to test LDAP servers (y) ?
Enable experimental support for LDAP/SSL (OpenLDAP 2.x only) (y) ?
Checking for Large File Support ...
Large File Support OK
Setting up for a Hobbit server
What userid will be running Hobbit [hobbit] ?
Found passwd entry for user hobbit:x:500:500::/home/hobbit:/bin/bash
Where do you want the Hobbit installation [/home/hobbit] ?
OK, will configure to use /home/hobbit as the Hobbit toplevel directory
What URL will you use for the Hobbit webpages [/hobbit] ?
Where to put the Hobbit CGI scripts [/home/hobbit/cgi-bin] ?
(Note: This is the filesystem directory - we will get to the URL shortly)
What is the URL for the Hobbit CGI directory [/hobbit-cgi] ?
(Note: This is the URL - NOT the filesystem directory)
********************** SECURITY NOTICE ****************************
If your Hobbit server is accessible by outsiders, then you should
restrict access to the CGI scripts that handle enable/disable of
hosts, and acknowledging of alerts. The easiest way to do this is
to put these in a separate CGI directory and require a password to
access them.
Even if your Hobbit server is on a secured, internal network, you
may want to have some operations (like disabling a host) be password-
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
50 / 52
protected - that lets you see who disabled or acknowledged an alert.
Where to put the Hobbit Administration CGI scripts [/home/hobbit/cgi-secure] ?
(Note: This is the filesystem directory - we will get to the URL shortly)
What is the URL for the Hobbit Administration CGI directory [/hobbit-seccgi] ?
(Note: This is the URL - NOT the filesystem directory)
** Note that you may need to modify your webserver configuration.
** After installing, see /home/hobbit/server/etc/hobbit-apache.conf for an example configuration.
To generate Hobbit availability reports, your webserver
must have write-access to a directory below the Hobbit
top-level directory. I can set this up if you tell me
what group-ID your webserver runs with. This is typically
'nobody' or 'apache' or 'www-data'
If you dont know, just hit ENTER and we will handle it later.
What group-ID does your webserver use ?
apache
Where to put the Hobbit logfiles [/var/log/hobbit] ?
What is the name of this host [hobbit01] ?
What is the IP-address of this host [127.0.0.1] ?
10.0.0.2
Where should I install the Hobbit man-pages (/usr/local/man) ?
Using Linux Makefile settings
Created Makefile with the necessary information to build Hobbit
Some defaults are used, so do look at the Makefile before continuing.
Configuration complete - now run make (GNU make) to build the tools
8.4
Appendix 4
If you configured Hobbit to put the Administration CGI scripts into a separate
directory:
If you configured Hobbit to put the Administration CGI scripts into a separate directory
(recommended for better security), you will also need to setup the password-file that
controls access to this directory. Use the htpasswd command both to create the
password file and to add or delete users.
NOTE: It will first be necessary to create the directory structure for this.
Type the below:
# /usr/bin/htpasswd -c /usr/local/hobbit/server/etc/hobbitpasswd admin
Provide a new password when prompted as below:
New password: <provide a new password>
Re-type new password: <provide a new password>
Adding password for user admin
#
The -c option should only be used the first time, to create the password file.
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
51 / 52
See the Apache documentation for details about how to use htpasswd.
8.5
Appendix 5
Manual Hobbit client Install & configuration
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Logon to the server where the client is to be installed.
Copy the current version of Hobbit Windows client to the server.
Unzip the Hobbit client into a temporary directory.
Start the installation by double clicking on the msi file.
Accept all of the defaults and complete the setup. [change install directory if required]
Open Windows Explorer and browse to C:\Program Files\BBWin\etc.
Open BBWin.cfg in Notepad.
Edit the 4th line which starts <setting name="bbdisplay"..../> replacing the
"yourfirstbbdisplay" with "hobbit01"
Save the changes and close Notepad.
Start Regedit.
Expand HKLM->Software->BBWin->hostname.
Double click on hostname and enter the name by which you wish Hobbit to refer to
this server. This must match with the name entered in the bb-hosts file on the Hobbit
server.
Close Regedit.
Open Services.
The Big Brother Hobbit Client service should be installed and set to automatic. Start
the service.
Close services.
The installation is now complete.
Additional settings can be made by further modification to BBWin.cfg and additional files to
run further external scripts.
Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk
52 / 52