Hobbit Server 4.2 Install on RedHat 5 Enterprise by www.impee.co.uk
Transcription
Hobbit Server 4.2 Install on RedHat 5 Enterprise by www.impee.co.uk
Hobbit Server 4.2 Install on RedHat 5 Enterprise by www.impee.co.uk Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 1 / 52 Amendment History Date Issue Details of Change Author 30/04/2008 1.0 Definitive impee 10/06/2008 1.1 Client install / config changes impee Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 2 / 52 Table of Contents 1 Introduction and Summary ....................................................................................... 5 1.1 Introduction ........................................................................................................ 5 1.2 Purpose ............................................................................................................. 5 1.3 Scope ................................................................................................................ 5 2 Red Hat v5.1 - Install & Configuration ...................................................................... 6 Install & Configuration ....................................................................................................... 6 2.1 Extra Red Hat Configuration .............................................................................. 7 2.2 OS Update ......................................................................................................... 7 2.2.1 Configuring Package Updater .................................................................. 7 2.2.2 Updating Packages .................................................................................. 7 3 ClamAV v0.92.1 (antivirus) ........................................................................................ 8 3.1 Install ................................................................................................................. 8 3.1.1 Prerequisites ............................................................................................ 8 3.1.2 Install ClamAV ......................................................................................... 8 3.2 Uninstall ClamAV ............................................................................................... 9 3.3 Configuration ................................................................................................... 10 3.3.1 Editing Configuration files: ..................................................................... 10 3.3.2 Log File .................................................................................................. 16 3.4 Updating .......................................................................................................... 16 3.5 Testing Scan .................................................................................................... 17 3.6 Schedulling Freshclam using Crontab.............................................................. 17 4 Hobbit Server v4.2.0 ................................................................................................ 18 4.1 Install ............................................................................................................... 18 4.1.1 Prerequisites .......................................................................................... 18 4.1.2 Hobbit Installation .................................................................................. 20 4.2 Uninstall Hobbit ................................................................................................ 21 4.3 Configuring Apache for Hobbit ......................................................................... 21 4.3.1 Start Apache automatically when system restarts .................................. 21 4.4 Using the Hobbit Server ................................................................................... 22 4.4.1 Starting the Hobbit Server ...................................................................... 22 4.4.2 Confirming the Hobbit Server has started .............................................. 22 4.4.3 Autostart Hobbit Configuration ............................................................... 23 4.5 Cleaning up after a completed install ............................................................... 24 4.5.1 Delete Hobbit Source Code ................................................................... 24 4.5.2 Uninstall gcc Compiler ........................................................................... 24 5 Exim v4.63-3 (e-mail client) ..................................................................................... 25 5.1 Exim Install ...................................................................................................... 25 5.2 Exim configuration ........................................................................................... 25 6 Hobbit Server - Tests Configuration....................................................................... 26 6.1 Configuration ................................................................................................... 26 6.2 Hobbit Server’s own Test Configuration ........................................................... 29 7 Hobbit Windows Client v0.11 .................................................................................. 30 7.1 Client Installation ............................................................................................. 30 7.2 Client Configuration ......................................................................................... 30 7.3 Miscellaneous .................................................................................................. 31 7.3.1 Built-in Test Configuration ...................................................................... 31 7.3.2 Custom Tests......................................................................................... 33 8 Appendices .............................................................................................................. 35 8.1 Appendix 1 ....................................................................................................... 35 8.2 Appendix 2 ....................................................................................................... 35 Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 3 / 52 8.3 8.4 8.5 Appendix 3 ....................................................................................................... 49 Appendix 4 ....................................................................................................... 51 Appendix 5 ....................................................................................................... 52 Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 4 / 52 1 Introduction and Summary 1.1 Introduction 1.2 Purpose The purpose of this document is to outline the installation and use of the Hobbit Monitor. The document outlines the steps required to setup, install and configure the server and client software necessary to obtain optimal monitoring using the Hobbit server. 1.3 Scope This is a detailed overview of how the Hobbit server is installed and configured. Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 5 / 52 Red Hat v5.1 - Install & Configuration Install & Configuration CD Media install in text mode Test cd media Welcome Screen Language selection Keyboard selection Installation Number Partition Type Boot Loader Configuration Boot Loader Configuration Boot Loader Configuration Boot Loader Configuration Boot Loader Configuration Configure Network Interface Miscellaneous Network Settings Hostname Configuration Time Zone Selection Root Password Package Selection Package Selection Installation to Begin Required install media Install duration 10 minutes Setup Agent Firewall Configuration SELinux Red Hat 5.1, 64bit, Enterprise Server, Kernel installed is 2.6.18 Red Hat 5.1 requires only 1-4 CDs, 5 + 6 are not used. Usually no extra Drivers are required. linux text <ENTER> SKIP OK English UK xxxxxxxxxxxxxxx Automatic Layout Use GRUB Boot Loader OK Use a GRUB Password <specified password> Ok OK Yes Select top 2, Active on Boot and Enable IPV4 Support edit, default for each interface, manual address configuration eht0 – 10.0.0.2 Subnet Mask: 255.xxx.xxx.xxx DNS: xxx.xxx.xxx.xxx Gateway: xxx.xxx.xxx.xxx hobbit01 <choose suitable location> <specified password> Web Server + Customise Software Selection OK Administration Tools Editors Gnome Desktop Environment Graphical Internet Graphics Server Configuration Tools System Tools Text Based Internet Web Server Windows X System Install log will be kept in /root/intall.log - OK Continue After Install, Server will Reboot Select firewall configuration, Run Tool Disable OK Disable OK Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 6 / 52 Extra Red Hat Configuration Add host list entries at /etc/hosts hobbit01 xxx.xxx.xxx.xxx (ip address) Host List Entries OS Update Configuring Package Updater Type init 5 at the command prompt to launch GUI Login to the GUI Navigate to Applications > System Tools > Software Updater Forward Advanced Network Configuration Tick 1st box and add the relevant proxy address e.g. proxy.my.server.name :80 Close st Select 1 option (I would like to receive updates from Red Hat Network…) Forward Login: <redhat_user_account> Pass: <redhat_user_password> Forward Click Active subscription now… Installation Number: xxxxxxxxxxx Specify the server name Tick both boxes i.e. send hardware and software profiles. Forward Launch GUI System Name Updating Packages Navigate to Applications > System Tools > Software Updater Forward Click Apply updates Answer onscreen questions as they appear Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 7 / 52 3 ClamAV v0.92.1 (antivirus) 3.1 Install 3.1.1 Prerequisites 3.1.1.1 GCC Compiler To install gcc compiler to compile Hobbit: # yum install gcc # yum install gcc-c++ 3.1.1.2 GNU MP Visit http://www.swox.com/gmp/ and download the latest version of GNU MP. Copy the tar.gz to: # /tmp Unpack install file: # gzip -d <gmp-4.2.2.tar.gz | tar xv Navigate to the directory: # cd /tmp/gmp-4.2.2 Run the Configure script: # ./configure When the configure script finishes:. # make Check for any errors in the screen output. # make check When it is finished, you finish the installation by running make install. # make install Check for any errors in the screen output. 3.1.1.2.1 Uninstall GMP MP Type the below command in the original install directory /tmp/gmp-4.2.2/ to uninstall. # make clean 3.1.2 Install ClamAV Add users and groups: # groupadd clamav Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 8 / 52 # useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav Visit http://www.clamav.org/download/sources and download the latest version of ClamAV. Copy the tar.gz to: # /tmp Unpack install file: # gzip -d < clamav-0.92.1.tar.gz | tar xv Navigate to the directory: # cd /tmp/clamav-0.92.1 To compile: # zcat clamav-x.yz.tar.gz | tar xvf – Navigate to the directory: # cd /tmp/clamav-0.92.1 To configure: Run the Configure script: # ./configure --sysconfdir=/etc Check for any errors in the screen output. # make Check for any errors in the screen output. # make install Check for any errors in the screen output. libmilter and its development files are required. To enable clamav-milter: # ./configure --enable-milter Check for any errors in the screen output. 3.2 Uninstall ClamAV Type the below command in the original install directory /tmp/clamav-0.92.1/ to uninstall. # make clean Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 9 / 52 3.3 Configuration 3.3.1 Editing Configuration files: The file clamd.conf is to be edited to match the below bold text: /etc/clamd.conf ## ## Example config file for the Clam AV daemon ## Please read the clamd.conf(5) manual before editing this file. ## # Comment or remove the line below. # Example # Uncomment this option to enable logging. # LogFile must be writable for the user running daemon. # A full path is required. # Default: disabled LogFile /tmp/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # copy the configuration file, change the LogFile variable, and run # the daemon with --config-file option). # This option disables log file locking. # Default: no #LogFileUnlock yes # Maximum size of the log file. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. # Default: 1M LogFileMaxSize 5M # Log time with each message. # Default: no LogTime yes # Also log clean files. Useful in debugging but drastically increases the # log size. # Default: no LogClean yes # Use system logger (can work together with LogFile). # Default: no LogSyslog yes # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # Default: LOG_LOCAL6 #LogFacility LOG_MAIL # Enable verbose logging. # Default: no LogVerbose yes # This option allows you to save a process identifier of the listening # daemon (main thread). # Default: disabled PidFile /var/run/clamd.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 10 / 52 #TemporaryDirectory /var/tmp # Path to the database directory. # Default: hardcoded (depends on installation options) DatabaseDirectory /var/lib/clamav # The daemon works in a local OR a network mode. Due to security reasons we # recommend the local mode. # Path to a local socket file the daemon will listen on. # Default: disabled (must be specified by a user) LocalSocket /tmp/clamd.socket # Remove stale socket after unclean shutdown. # Default: yes #FixStaleSocket yes # TCP port address. # Default: no #TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. # Default: no #TCPAddr 127.0.0.1 # Maximum length the queue of pending connections may grow to. # Default: 15 #MaxConnectionQueueLength 30 # Clamd uses FTP-like protocol to receive data from remote clients. # If you are using clamav-milter to balance load between remote clamd daemons # on firewall servers you may need to tune the options below. # Close the connection when the data size limit is exceeded. # The value should match your MTA's limit for a maximum attachment size. # Default: 10M #StreamMaxLength 20M # Limit port range. # Default: 1024 #StreamMinPort 30000 # Default: 2048 #StreamMaxPort 32000 # Maximum number of threads running at the same time. # Default: 10 #MaxThreads 20 # Waiting for data from a client socket will timeout after this time (seconds). # Value of 0 disables the timeout. # Default: 120 #ReadTimeout 300 # Waiting for a new job will timeout after this time (seconds). # Default: 30 #IdleTimeout 60 # Maximum depth directories are scanned at. # Default: 15 #MaxDirectoryRecursion 20 # Follow directory symlinks. # Default: no #FollowDirectorySymlinks yes # Follow regular file symlinks. # Default: no #FollowFileSymlinks yes # Perform a database check. # Default: 1800 (30 min) #SelfCheck 600 Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 11 / 52 # Execute a command when virus is found. In the command string %v will # be replaced with the virus name. # Default: no #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" # Run as another user (clamd must be started by root for this option to work) # Default: don't drop privileges #User clamav # Initialize supplementary group access (clamd must be started by root). # Default: no #AllowSupplementaryGroups no # Stop daemon when libclamav reports out of memory condition. #ExitOnOOM yes # Don't fork into background. # Default: no #Foreground yes # Enable debug messages in libclamav. # Default: no #Debug yes # Do not remove temporary files (for debug purposes). # Default: no #LeaveTemporaryFiles yes # Detect Possibly Unwanted Applications. # Default: no #DetectPUA yes # In some cases (eg. complex malware, exploits in graphic files, and others), # ClamAV uses special algorithms to provide accurate detection. This option # controls the algorithmic detection. # Default: yes #AlgorithmicDetection yes ## ## Executable files ## # PE stands for Portable Executable - it's an executable file format used # in all 32 and 64-bit versions of Windows operating systems. This option allows # ClamAV to perform a deeper analysis of executable files and it's also # required for decompression of popular executable packers such as UPX, FSG, # and Petite. # Default: yes #ScanPE yes # Executable and Linking Format is a standard format for UN*X executables. # This option allows you to control the scanning of ELF files. # Default: yes #ScanELF yes # With this option clamav will try to detect broken executables (both PE and # ELF) and mark them as Broken.Executable. # Default: no #DetectBrokenExecutables yes ## ## Documents ## # This option enables scanning of OLE2 files, such as Microsoft Office # documents and .msi files. # Default: yes #ScanOLE2 yes # This option enables scanning within PDF files. # Default: no #ScanPDF yes Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 12 / 52 ## ## Mail files ## # Enable internal e-mail scanner. # Default: yes #ScanMail yes # If an email contains URLs ClamAV can download and scan them. # WARNING: This option may open your system to a DoS attack. # Never use it on loaded servers. # Default: no #MailFollowURLs no # Recursion level limit for the mail scanner. # Default: 64 #MailMaxRecursion 128 # With this option enabled ClamAV will try to detect phishing attempts by using # signatures. # Default: yes #PhishingSignatures yes # Scan URLs found in mails for phishing attempts using heuristics. # Default: yes #PhishingScanURLs yes # Use phishing detection only for domains listed in the .pdb database. It is # not recommended to have this option turned off, because scanning of all # domains may lead to many false positives! # Default: yes #PhishingRestrictedScan yes # Always block SSL mismatches in URLs, even if the URL isn't in the database. # This can lead to false positives. # # Default: no #PhishingAlwaysBlockSSLMismatch no # Always block cloaked URLs, even if URL isn't in database. # This can lead to false positives. # # Default: no #PhishingAlwaysBlockCloak no ## ## HTML ## # Perform HTML normalisation and decryption of MS Script Encoder code. # Default: yes #ScanHTML yes ## ## Archives ## # ClamAV can scan within archives and compressed files. # Default: yes #ScanArchive yes # The options below protect your system against Denial of Service attacks # using archive bombs. # Files in archives larger than this limit won't be scanned. # Value of 0 disables the limit. # Default: 10M #ArchiveMaxFileSize 15M # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR # file, all files within it will also be scanned. This options specifies how Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 13 / 52 # deeply the process should be continued. # Value of 0 disables the limit. # Default: 8 #ArchiveMaxRecursion 10 # Number of files to be scanned within an archive. # Value of 0 disables the limit. # Default: 1000 #ArchiveMaxFiles 1500 # If a file in an archive is compressed more than ArchiveMaxCompressionRatio # times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip) # Value of 0 disables the limit. # Default: 250 #ArchiveMaxCompressionRatio 300 # Use slower but memory efficient decompression algorithm. # only affects the bzip2 decompressor. # Default: no #ArchiveLimitMemoryUsage yes # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). # Default: no #ArchiveBlockEncrypted no # Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit) # if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is # reached. # Default: no #ArchiveBlockMax no ## ## Clamuko settings ## WARNING: This is experimental software. It is very likely it will hang ## up your system!!! ## # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running. # Default: no #ClamukoScanOnAccess yes # Set access mask for Clamuko. # Default: no #ClamukoScanOnOpen yes #ClamukoScanOnClose yes #ClamukoScanOnExec yes # Set the include paths (all files inside them will be scanned). You can have # multiple ClamukoIncludePath directives but each directory must be added # in a seperate line. # Default: disabled #ClamukoIncludePath /home #ClamukoIncludePath /students # Set the exclude paths. All subdirectories are also excluded. # Default: disabled #ClamukoExcludePath /home/bofh # Don't scan files larger than ClamukoMaxFileSize # Value of 0 disables the limit. # Default: 5M #ClamukoMaxFileSize 10M The file freshclam.conf is to be edited to match the below bold text: /etc/freshclam.conf ## ## Example config file for freshclam ## Please read the freshclam.conf(5) manual before editing this file. ## Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 14 / 52 # Comment or remove the line below. # Example # Path to the database directory. # WARNING: It must match clamd.conf's directive! # Default: hardcoded (depends on installation options) # DatabaseDirectory /var/lib/clamav # Path to the log file (make sure it has proper permissions) # Default: disabled UpdateLogFile /var/log/freshclam.log # Maximum size of the log file. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). # in bytes just don't use modifiers. # Default: 1M LogFileMaxSize 5M # Log time with each message. # Default: no LogTime yes # Enable verbose logging. # Default: no LogVerbose yes # Use system logger (can work together with UpdateLogFile). # Default: no LogSyslog yes # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # Default: LOG_LOCAL6 LogFacility LOG_MAIL # This option allows you to save the process identifier of the daemon # Default: disabled PidFile /var/run/freshclam.pid # By default when started freshclam drops privileges and switches to the # "clamav" user. This directive allows you to change the database owner. # Default: clamav (may depend on installation options) #DatabaseOwner clamav # Initialize supplementary group access (freshclam must be started by root). # Default: no #AllowSupplementaryGroups yes # Use DNS to verify virus database version. Freshclam uses DNS TXT records # to verify database and software versions. With this directive you can change # the database verification domain. # WARNING: Do not touch it unless you're configuring freshclam to use your # own database verification domain. # Default: current.cvd.clamav.net #DNSDatabaseInfo current.cvd.clamav.net # Uncomment the following line and replace XY with your country # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. DatabaseMirror db.uk.clamav.net # database.clamav.net is a round-robin record which points to our most # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is # not working. DO NOT TOUCH the following line unless you know what you # are doing. DatabaseMirror database.clamav.net # How many attempts to make before giving up. # Default: 3 (per mirror) #MaxAttempts 5 # With this option you can control scripted updates. It's highly recommended Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 15 / 52 # to keep it enabled. #ScriptedUpdates yes # Number of database checks per day. # Default: 12 (every two hours) #Checks 24 # Proxy settings # Default: disabled HTTPProxyServer <your proxy server ip address> HTTPProxyPort 8080 HTTPProxyUsername http://your_domain_name\jo.bloggs HTTPProxyPassword <password> # If your servers are behind a firewall/proxy which applies User-Agent # filtering you can use this option to force the use of a different # User-Agent header. # Default: clamav/version_number #HTTPUserAgent SomeUserAgentIdString # Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for # multi-homed systems. # Default: Use OS'es default outgoing IP address. #LocalIPAddress aaa.bbb.ccc.ddd # Send the RELOAD command to clamd. # Default: no #NotifyClamd /path/to/clamd.conf # Run command after successful database update. # Default: disabled #OnUpdateExecute command # Run command when database update process fails. # Default: disabled #OnErrorExecute command # Run command when freshclam reports outdated version. # In the command string %v will be replaced by the new version number. # Default: disabled #OnOutdatedExecute command # Don't fork into background. # Default: no #Foreground yes # Enable debug messages in libclamav. # Default: no #Debug yes # Timeout in seconds when connecting to database server. # Default: 30 #ConnectTimeout 60 # Timeout in seconds when reading from database server. # Default: 30 #ReceiveTimeout 60 3.3.2 Log File Create a new file called freshclam.log and give it full execute and write permissions: /var/log/freshclam.log 3.4 Updating Type: # freshclam Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 16 / 52 This updates the antivirus database from the internet mirrors specified in file freshclam.conf. 3.5 Testing Scan # clamscan -r -l scan.txt <file> # more scan.txt 3.6 Schedulling Freshclam using Crontab Typing the below will schedule a update procedure to run every 33 min past the hour on a daily basis. Type: # crontab –e Next type: 33 * * * * /usr/local/bin/freshclam --quiet CTRL O - to save the file CTRL X - to exit the file Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 17 / 52 4 Hobbit Server v4.2.0 4.1 Install 4.1.1 Prerequisites 1) Account Ensure you are logged in as root. 2) Proxy # export http_proxy=http://proxy.my.server.name 80/ This temporarily adds a proxy to shell, but a reboot wipes it. Add the above line to the below to make it permanent. /root/.bash_profile 3) Starting Apache Hobbit is designed with a web-based front-end. So you must have a Web server such as Apache running on the server where you install Hobbit. Type the below to ensure Apache is running whilst Hobbit is installed and configured. # /etc/init.d/httpd start 4) Hobbit User Account A core element of Hobbit is a network daemon. To keep your system secure and limit the amount of damage that can be done if someone finds a security problem in Hobbit it is strongly recommended that you create a dedicated userid (hobbit) for the Hobbit programs. This user should not be a member of any other groups on your system. # adduser hobbit # passwd hobbit <specified password> 5) Package Installer Install a package dependency installer; rpmforge-release. http://dag.wieers.com/rpm/packages/rpmforge-release For 32bit machines - rpmforge-release-0.3.6-1.el5.rf.i386.rpm For 64bit machines - rpmforge-release-0.3.6-1.el4.rf.x86_64.rpm Copy one of the above install files to /tmp and type the below: # rpm –i <file name> Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 18 / 52 6) Packages and Libraries Hobbit relies on a number of Open-Source libraries (fping, pcre, rrdtool, libpng, openssl, openldap) and these must be installed before building Hobbit. With the current Redhat configured install, not all the packages require installing. Type the below to use yum to install these packages / libraries: # yum install fping # yum install rrdtool* # yum install pcre-devel # yum install libpng* # yum install openssl* # yum install openldap* # yum install cppunit* To install gcc compiler to compile Hobbit: NOTE: This was already installed previously for ClamAV, if so, do not re-install it. # yum install gcc # yum install gcc-c++ Package names of the hobbit dependencies fping libpcre3-dev librrd0-dev openssl libssl-dev rrdtool librrd0 libpng10-0 libssl0.9.7 libldap2 libpcre3 librrds-perl libpng10-dev libssl-dev libldap2-dev Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 19 / 52 4.1.2 Hobbit Installation Download the latest version of hobbit source (tar.gz) file from http://sourceforge.net/projects/hobbitmon/ 4.1.2.1 Copy the tar.gz to: # /tmp Unpack install file: # gzip -d <hobbit-4.2.0.tar.gz | tar xv Navigate to the directory: # cd /tmp/hobbit-4.2.0 ./configure Run the Configure script: # ./configure This script asks a series of questions, but all of the questions have a reasonable default response <ENTER>. Further, once the ./configure is complete, scroll back and check the screen for any errors, if any are found, delete the Makefile located at /tmp/hobbit-4.2.0/ and try again (only after fixing the stated problems/issues). This script asks a few questions and builds a file called Makefile, to compile Hobbit. The 2 questions that require manual input are: What group-ID does your webserver use ? apache What is the IP-address of this host [127.0.0.1] ? 10.0.0.2 4.1.2.2 make When the configure script finishes, it tells you to run make to build the Hobbit programs. # make Check for any errors in the screen output. 4.1.2.3 make Install When it is finished, you finish the installation by running make install. # make install Check for any errors in the screen output. The first time you run make install, besides installing the Hobbit programs it also creates the default directory structure /home/hobbit/ used by Hobbit, and installs an initial set of Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 20 / 52 configuration files that you can use as the basis for setting up monitoring of your entire network. 4.2 Uninstall Hobbit Type the below command in the original install directory /tmp/hobbit-4.2.0/ to uninstall Hobbit. # make clean 4.3 Configuring Apache for Hobbit Hobbit uses a web-based front-end. So you need to configure your webserver so that it knows where the Hobbit webpages can be found, and what CGI scripts can run as part of Hobbit. This usually means adding a few lines to your webserver configuration that sets up a URL which points at the ~/server/www/ directory, and which tells your webserver that the ~/cgi-bin/ directory holds CGI scripts that the webserver should run when they are requested. You can find the necessary additions to the Apache configuration in: # /home/hobbit/server/etc/hobbit-apacheconf Copy all the text of the hobbit-apache.conf file and paste it to the bottom of the httpd.conf file: # /etc/httpd/conf/httpd.conf These 2 lines must be added manually at the top of the file: #LoadModule mod_placeholder /usr/lib/apache2/modules/mod_placeholder.so Alias /hobbit/ "/home/hobbit/server/www/" Note: If Hobbit was configured to put the Administration CGI scripts in a separate directory, See Appendix 4. Apache Hobbit account and password 4.3.1 Start Apache automatically when system restarts # cd /etc/rc.d/ In the folders rc0.d – rc5.d, rename the file K15httpd to S15httpd Now restart apache to get the changes effected. # /etc/init.d/httpd reload Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 21 / 52 4.4 Using the Hobbit Server 4.4.1 Starting the Hobbit Server Login as the hobbit user and type the below command to start the Hobbit Server. # ./server/hobbit.sh start 4.4.2 Confirming the Hobbit Server has started Type: # ps -ef | grep hobbitd You should see a list of several processes similar to: hobbit 3395 3394 0 13:35 ? 00:00:00 hobbitd --pidfile=/var/log/hobbit/hobbitd.pid --restart=/home/hobbit/server/tmp/hobbitd.chk -checkpoint-file=/home/hobbit/server/tmp/hobbitd.chk --checkpoint-interval=600 --log=/var/log/hobbit/hobbitd.log --admin-senders=127.0.0.1 10.0.0.2 --store-clientlogs=!msgs hobbit 3396 3394 0 13:35 ? 00:00:00 hobbitd_channel --channel=stachg --log=/var/log/hobbit/history.log hobbitd_history hobbit 3397 3394 0 13:35 ? 00:00:00 hobbitd_channel --channel=clichg --log=/var/log/hobbit/hostdata.log hobbitd_hostdata hobbit 3398 3394 0 13:35 ? 00:00:00 hobbitd_channel --channel=page --log=/var/log/hobbit/page.log hobbitd_alert --checkpointfile=/home/hobbit/server/tmp/alert.chk --checkpoint-interval=600 hobbit 3399 3394 0 13:35 ? 00:00:00 hobbitd_channel --channel=status --log=/var/log/hobbit/rrd-status.log hobbitd_rrd -rrddir=/home/hobbit/data/rrd hobbit 3400 3394 0 13:35 ? 00:00:00 hobbitd_channel --channel=data --log=/var/log/hobbit/rrd-data.log hobbitd_rrd -rrddir=/home/hobbit/data/rrd hobbit 3401 3394 0 13:35 ? 00:00:00 hobbitd_channel --channel=client --log=/var/log/hobbit/clientdata.log hobbitd_client hobbit 3410 3396 0 13:35 ? 00:00:00 hobbitd_history hobbit 3411 3398 0 13:35 ? 00:00:00 hobbitd_alert --checkpoint-file=/home/hobbit/server/tmp/alert.chk --checkpoint-interval=600 hobbit 3412 3397 0 13:35 ? 00:00:00 hobbitd_hostdata hobbit 3413 3399 0 13:35 ? 00:00:00 hobbitd_rrd --rrddir=/home/hobbit/data/rrd hobbit 3414 3400 0 13:35 ? 00:00:00 hobbitd_rrd --rrddir=/home/hobbit/data/rrd hobbit 3415 3401 0 13:35 ? 00:00:00 hobbitd_client hobbit 3441 3366 0 13:35 pts/1 00:00:00 grep hobbitd If the above if ok, view the hobbit webpage by pointing your browser to: http://10.0.0.2/hobbit/ e.g. (http://hobbit01/hobbit/) Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 22 / 52 4.4.3 Autostart Hobbit Configuration Login as root. The following is a script for making hobbit demon start and stop automatically when the system restarts. Copy all the text and paste it in to a new file called hobbit-server. Place the new file at /etc/init.d/ ### ### #!/bin/bash # # hobbit-server This shell script takes care of starting and stopping # hobbit monitoring server. # # chkconfig: - 99 45 # description: Hobbit monitoring server is\ # used to monitor Pathfire's systems. # probe: true # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ "${NETWORKING}" = "no" ] && exit 0 PATH=$PATH:/bin:/usr/bin BBHOME=/home/hobbit BBUSER=hobbit # FOR su case "$1" in start) su - $BBUSER -c "cd $BBHOME;./server/hobbit.sh start" ;; restart) su - $BBUSER -c "cd $BBHOME;./server/hobbit.sh restart" ;; stop) su - $BBUSER -c "cd $BBHOME;./server/hobbit.sh stop" ;; status) su - $BBUSER -c "cd $BBHOME;./server/hobbit.sh status" ;; *) echo "Usage: $0 {start|stop|restart|status}" exit 1 ;; esac exit 0 ### ### Give full executable permission for the hobbit-server file: # chmod +x /etc/init.d/hobbit-server Create a Symbolik link to the hobbit-server file for startup : # ln -s ../init.d/hobbit-server S95hobbit-server Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 23 / 52 Restart the Server: # init 6 Only after confirming that everything is working ok, proceed with the next step. 4.5 Cleaning up after a completed install 4.5.1 Delete Hobbit Source Code Type : # cd / # cd tmp # rm hobbit-4.2.0.tar.gz # rm -rf hobbit-4.2.0 4.5.2 y Uninstall gcc Compiler Type : # yum remove gcc Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 24 / 52 5 Exim v4.63-3 (e-mail client) 5.1 Exim Install Exim is a free e-mail client and it can be used wit Hobbit to send e-mail alerts / notifications about status change to any client machine that is being monitored. 5.2 Exim configuration Will be coming soon… Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 25 / 52 6 Hobbit Server - Tests Configuration For full instructions on configuring a Hobbit server see the documentation installed with the server. The product documentation is available via the menus: On the installed Hobbit server On the author’s Hobbit reference site 6.1 http://hobbit01/hobbit/ http://www.hswn.dk/hobbit/ Configuration The Hobbit configuration is kept in the files in the /home/hobbit/server/etc/ directory. If you look at this directory, you will see these files: • bb-hosts is the one you will change the most. This file contains a list of all the hosts you are monitoring, including information such as their IP-address, what network services you are monitoring on the host, what URL's you are checking, what subpage in the Hobbit web-pages this host is shown on etc. The file snippet shows the use of pages and groups to define which page displays the appropriate servers. Server side tests eg. smtp, imap and ldap are also configured against each server in this file. group Hobbit Server 10.0.0.2 hobbit01 group VitalApps Server 10.0.0.3 server01 # BBDISPLAY BBPAGER BBNET bbd http://hobbit01 / ssh page unitedkingdom UnitedKingdom group London 10.0.0.4 server02 10.0.0.5 server03 10.0.0.6 server04 # noconn 10.0.0.7 server05 # noconn smtp !imap !pop3 ldap group Manchester 10.0.0.8 server05 10.0.0.9 server06 # smtp !imap !pop3 ldap group Birmingham 10.0.0.10 server07 • hobbit-clients.cfg is the configuration file for data reported by the Hobbit clients installed on the hosts you are monitoring. This defines the color of the cpu-, disk-, memory- and procs-columns, based on the information that is sent to Hobbit by the clients. • hobbit-alerts.cfg holds the alerting configuration. In this file, you setup the rules for sending out alerts about services going down: Who gets the alert, how is it sent, how often, whether to send alerts 24x7 or only between 10 AM and 4 PM on weekdays etc. • hobbitserver.cfg is the configuration file for the Hobbit server. This file defines a lot of environment variables that are made available to all of the Hobbit programs when they run. Some environment variables that are defined in the Big Brother system are also setup by Hobbit, so that Big Brother extension scripts will work. The initial configuration of hobbitserver.cfg is setup by the configure script when you install Hobbit, and in most cases you will not need to change it. The only modifications to this file are to produce extra graphs for the external tests such as exchange and printq. # TEST2RRD defines the status- and data-messages you want to collect RRD data # about. You will normally not need to modify this, unless you have added a # script to pick up RRD data from custom tests (the hobbitd_larrd --extra-script Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 26 / 52 # and --extra-tests options). # Note that network tests defined in the bb-services file are automatically # included. # The format here is "COLUMN=RRDSERVICE". If you leave out the "=RRDSERVICE" # part, it is assumed to be the same as the COLUMN value. # # This is also used by the bb-hostsvc.cgi script to determine if the detailed # status view of a test should include a graph. TEST2RRD="cpu=la,disk,inode,qtree,memory,$PINGCOLUMN=tcp,http=tcp,dns=tcp,dig=tcp,tim e=ntpstat,vmstat,iostat,netstat, temperature,apache,bind,sendmail,mailq,nmailq=mailq,socks,bea,iishealth,citrix,bbgen,bbtest,bb proxy,hobbitd,mess=ncv, exchange=ncv,diskperf=ncv,ts=ncv,printq" # This defines which RRD files to include on the "trends" column webpage, # and the order in which they appear. GRAPHS="la,disk,inode,qtree,memory,users,vmstat,iostat,tcp.http,tcp,netstat,mrtg::1,temperatur e,ntpstat,apache,bind,s endmail,mailq,socks,bea,iishealth,citrix,bbgen,bbtest,bbproxy,hobbitd,mess,exchange,diskperf,ts ,printq,ncv" • hobbitlaunch.cfg is the configuration file for the hobbitlaunch tool. hobbitlaunch is the master program in Hobbit, it is the only program you start to run the Hobbit server. hobbitlaunch reads the hobbitlaunch.cfg file, and starts the programs listed here to run the server. Some of the programs may run as daemons, some of the programs may run at regular intervals. If you want to use some of the advanced options for the bbgen or bbtest-net programs, you change the hobbitlaunch.cfg file to add these options to the commandline. Modified to run the script makerrd.sh which creates the RRD data used to draw graphs for the printq and pages external tests. For more information on this see the section on custom graphs in the Hobbit documentation. # "rrdstatus" updates RRD files with information that arrives as "status" messages. # If you want RRD graphs of your monitoring data, then you want to run this. [rrdstatus] ENVFILE /home/hobbit/server/etc/hobbitserver.cfg NEEDS hobbitd CMD hobbitd_channel --channel=status --log=$BBSERVERLOGS/rrd-status.log hobbitd_rrd --rrddir=$BBVAR/rrd --ext ra-script=/home/hobbit/server/bin/makerrd.sh --extra-tests=printq # "rrddata" updates RRD files with information that arrives as "data" messages. # If you want RRD graphs of your monitoring BB data, then you want to run this. [rrddata] ENVFILE /home/hobbit/server/etc/hobbitserver.cfg NEEDS hobbitd CMD hobbitd_channel --channel=data --log=$BBSERVERLOGS/rrd-data.log hobbitd_rrd -rrddir=$BBVAR/rrd --extra-s cript=/home/hobbit/server/bin/makerrd.sh --extra-tests=printq • hobbitgraph.cfg is a configuration file for the hobbitgraph CGI. It defines how the graphs are generated from the data in the RRD files. Graph definitions that have been added for the additional external tests. [mess] TITLE Message Rate YAXIS Messages Per Sec DEF:MessReceived=mess.rrd:MessReceived:AVERAGE DEF:MessSent=mess.rrd:persecMessSent:AVERAGE AREA:MessReceived#00FF00:Message Recv p/s GPRINT:MessReceived:LAST: \: %5.1lf (cur) GPRINT:MessReceived:MAX: \: %5.1lf (max) GPRINT:MessReceived:MIN: \: %5.1lf (min) GPRINT:MessReceived:AVERAGE: \: %5.1lf (avg)\n LINE1:MessSent#FF0000:Message Sent p/s GPRINT:MessSent:LAST: \: %5.1lf (cur) GPRINT:MessSent:MAX: \: %5.1lf (max) GPRINT:MessSent:MIN: \: %5.1lf (min) GPRINT:MessSent:AVERAGE: \: %5.1lf (avg)\n Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 27 / 52 [exchange] TITLE Queue Status YAXIS Queue Length DEF:LQL=exchange.rrd:LocalQueueLength:AVERAGE DEF:LRQL=exchange.rrd:LocalRetryQueueLeng:AVERAGE DEF:RQL=exchange.rrd:RemoteQueueLength:AVERAGE DEF:RRQL=exchange.rrd:RemoteRetryQueueLen:AVERAGE DEF:CQL=exchange.rrd:CategorizerQueueLen:AVERAGE LINE1:LQL#00FF00:Local Q Length GPRINT:LQL:LAST: \: %5.1lf (cur) GPRINT:LQL:MAX: \: %5.1lf (max) GPRINT:LQL:MIN: \: %5.1lf (min) GPRINT:LQL:AVERAGE: \: %5.1lf (avg)\n LINE1:LRQL#FF0000:Local Retry Q Length GPRINT:LRQL:LAST: \: %5.1lf (cur) GPRINT:LRQL:MAX: \: %5.1lf (max) GPRINT:LRQL:MIN: \: %5.1lf (min) GPRINT:LRQL:AVERAGE: \: %5.1lf (avg)\n LINE1:RQL#0000FF:Remote Q Length GPRINT:RQL:LAST: \: %5.1lf (cur) GPRINT:RQL:MAX: \: %5.1lf (max) GPRINT:RQL:MIN: \: %5.1lf (min) GPRINT:RQL:AVERAGE: \: %5.1lf (avg)\n LINE1:RRQL#FF00FF:Remote Retry Q Length GPRINT:RRQL:LAST: \: %5.1lf (cur) GPRINT:RRQL:MAX: \: %5.1lf (max) GPRINT:RRQL:MIN: \: %5.1lf (min) GPRINT:RRQL:AVERAGE: \: %5.1lf (avg)\n LINE1:CQL#FFFF00:Categoriser Q Length GPRINT:CQL:LAST: \: %5.1lf (cur) GPRINT:CQL:MAX: \: %5.1lf (max) GPRINT:CQL:MIN: \: %5.1lf (min) GPRINT:CQL:AVERAGE: \: %5.1lf (avg)\n [diskperf] TITLE Disk Performance YAXIS % Disk Usage Time DEF:SecsRead=diskperf.rrd:AvgSecsPerRead:AVERAGE DEF:SecsWrite=diskperf.rrd:AvgSecsPerWrite:AVERAGE DEF:ReadBytesSec=diskperf.rrd:ReadBytesPerSec:AVERAGE DEF:WriteBytesSec=diskperf.rrd:WriteBytesPerSec:AVERAGE DEF:ReadsSec=diskperf.rrd:ReadsPerSecond:AVERAGE DEF:WritesSec=diskperf.rrd:WritesPerSecond:AVERAGE DEF:ReadTime=diskperf.rrd:ReadTime:AVERAGE DEF:WriteTime=diskperf.rrd:WriteTime:AVERAGE DEF:IdleTime=diskperf.rrd:IdleTime:AVERAGE LINE1:SecsRead#00FF00:Average Disk Seconds Per Read GPRINT:SecsRead:LAST: \: %5.1lf (cur) GPRINT:SecsRead:MAX: \: %5.1lf (max) GPRINT:SecsRead:MIN: \: %5.1lf (min) GPRINT:SecsRead:AVERAGE: \: %5.1lf (avg)\n LINE1:SecsWrite#FF0000:Average Disk Seconds Per Write GPRINT:SecsWrite:LAST: \: %5.1lf (cur) GPRINT:SecsWrite:MAX: \: %5.1lf (max) GPRINT:SecsWrite:MIN: \: %5.1lf (min) GPRINT:SecsWrite:AVERAGE: \: %5.1lf (avg)\n LINE1:ReadTime#0000FF:% Disk Read Time GPRINT:ReadTime:LAST: \: %5.1lf (cur) GPRINT:ReadTime:MAX: \: %5.1lf (max) GPRINT:ReadTime:MIN: \: %5.1lf (min) GPRINT:ReadTime:AVERAGE: \: %5.1lf (avg)\n LINE1:WriteTime#FFFF00:% Disk Write Time GPRINT:WriteTime:LAST: \: %5.1lf (cur) GPRINT:WriteTime:MAX: \: %5.1lf (max) GPRINT:WriteTime:MIN: \: %5.1lf (min) GPRINT:WriteTime:AVERAGE: \: %5.1lf (avg)\n [ts] TITLE Terminal Server Users YAXIS Sessions DEF:ActiveSessions=ts.rrd:ActiveSessions:AVERAGE Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 28 / 52 DEF:InactiveSessions=ts.rrd:InactiveSessions:AVERAGE DEF:TotalSessions=ts.rrd:TotalSessions:AVERAGE LINE1:ActiveSessions#00FF00:Active Sessions GPRINT:ActiveSessions:LAST: \: %5.1lf (cur) GPRINT:ActiveSessions:MAX: \: %5.1lf (max) GPRINT:ActiveSessions:MIN: \: %5.1lf (min) GPRINT:ActiveSessions:AVERAGE: \: %5.1lf (avg)\n LINE1:InactiveSessions#0000FF:Inactive Sessions GPRINT:InactiveSessions:LAST: \: %5.1lf (cur) GPRINT:InactiveSessions:MAX: \: %5.1lf (max) GPRINT:InactiveSessions:MIN: \: %5.1lf (min) GPRINT:InactiveSessions:AVERAGE: \: %5.1lf (avg)\n LINE1:TotalSessions#FF0000:Total Sessions GPRINT:TotalSessions:LAST: \: %5.1lf (cur) GPRINT:TotalSessions:MAX: \: %5.1lf (max) GPRINT:TotalSessions:MIN: \: %5.1lf (min) GPRINT:TotalSessions:AVERAGE: \: %5.1lf (avg)\n [printq] FNPATTERN printq(.*.rrd) TITLE Print Queues YAXIS Queue Length DEF:=p@RRDIDX@=@RRDFN@:qlen:AVERAGE LINE2:p@RRDIDX@#@COLOR@:@RRDPARAM@ GPRINT:p@RRDIDX@:LAST: \: %5.1lf (cur) GPRINT:p@RRDIDX@:MAX: \: %5.1lf (max) GPRINT:p@RRDIDX@:MIN: \: %5.1lf (min) GPRINT:p@RRDIDX@:AVERAGE: \: %5.1lf (avg)\n • 6.2 bb-services is a configuration file for the bbtest-net program. It defines how network services are checked. Hobbit Server’s own Test Configuration The Hobbit Server’s own test configuration is automatically configured during install in the 2 files below: 1. The Servers own IP address file: # /home/hobbit/client/etc/hobbitclient.cfg BBDISP=”10.0.0.2” # IP address of the Hobbit server 2. The Servers own IP address and Host name file: # /home/hobbit/server/etc/hobbitserver.cfg BBSERVERHOSTNAME="hobbit01" BBSERVERIP="10.0.0.2" # The hostname of your server # The IP-address of your server Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 29 / 52 7 Hobbit Windows Client v0.11 The hobbit server is able to perform a number of test using server side scripts. To monitor more detailed information such as CPU utilisation, disk space available etc., it is necessary to install a Hobbit client on the machine that is being monitored. Clients are available for Windows and Linux servers. The infrastructure is predominantly Windows based and so we will concentrate on installing the Windows client. The latest Hobbit Windows client, BBWin is version 0.7. This can be downloaded from http://sourceforge.net/project/showfiles.php?group_id=136450. It is available as a MSI package. It is subsequently necessary to make some configuration changes and optionally to add in some custom tests as detailed below. NOTE: For manual install and configuration of the Client, see Appendix 5. 7.1 Client Installation Copy over the Hobbit client to the client machine and double click the msi file (or exe) to install it on the client machine. 7.2 Client Configuration To configure the Hobbit client for deployment with modified tests / thresholds, use the below table for preference. Changing Thresholds Configuration Setting Printq Termserv Pagefaults Disk CPU Memory Msgs Uptime Services Changes edit – C:\Program Files\BBWin\bin\config\pringq.config - Change values edit – C:\Program Files\BBWin\bin\config\termserv.config - Change values edit – C:\Program Files\BBWin\bin\tests\pagefaults.vbs edit - C:\Program Files\etc\bbwin.cfg - Change default warn levels, these are for any other drive except C:\ "C" has its own specific settings, so they must be changed independently edit - C:\Program Files\etc\bbwin.cfg - Change <cpu> values edit - C:\Program Files\etc\bbwin.cfg - Change <memory> values edit - C:\Program Files\etc\bbwin.cfg - Change <msgs> values edit - C:\Program Files\etc\bbwin.cfg - Change <uptime> values edit - C:\Program Files\etc\bbwin.cfg - add / remove Service name to <SVCS> list Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 30 / 52 7.3 Miscellaneous 7.3.1 Built-in Test Configuration The BBWin package provides information on cpu and disk usage, running processes and services and event log messages. The default installed list of processes and services needs modification for most systems. Example configuration for an exchange server is provided below: <procs> <setting name="drwtsn" rule="<1" alarmcolor="red" /> <!setting name="pageant.exe" rule="=1" comment="Putty agent deamon" /> <setting name="System" rule="=1" /> <setting name="smss.exe" rule="=1" /> <setting name="csrss.exe" rule="=1" /> <setting name="winlogon.exe" rule="=1" /> <setting name="services.exe" rule="=1" /> <setting name="lsass.exe" rule="=1" /> <setting name="svchost.exe" rule=">1" /> <setting name="spoolsv.exe" rule="=1" /> <setting name="racsvc.exe" rule="=1" /> <setting name="msdtc.exe" rule="=1" /> <setting name="beremote.exe" rule="=1" /> <setting name="benetns.exe" rule="=1" /> <setting name="dcevt32.exe" rule="=1" /> <setting name="dcstor32.exe" rule="=1" /> <setting name="dns.exe" rule="=1" /> <setting name="inetinfo.exe" rule="=1" /> <setting name="ismserv.exe" rule="=1" /> <setting name="tcpsvcs.exe" rule="=1" /> <setting name="SAFeService.exe" rule="=1" /> <setting name="FrameworkService.exe" rule="=1" /> <setting name="RPCServ.exe" rule=">1" /> <setting name="Mcshield.exe" rule="=1" /> <setting name="VsTskMgr.exe" rule="=1" /> <setting name="mr2kserv.exe" rule="=1" /> <setting name="sqlservr.exe" rule="=1" /> <setting name="NAIlgpip.exe" rule="=1" /> <setting name="omsad32.exe" rule="=1" /> <setting name="Outbreak.exe" rule="=1" /> <setting name="log_qtine.exe" rule="=1" /> <setting name="omaws32.exe" rule="=1" /> <setting name="snmp.exe" rule="=1" /> <setting name="uphclean.exe" rule="=1" /> <setting name="VxSvc.exe" rule="=1" /> <setting name="mad.exe" rule="=1" /> <setting name="mssearch.exe" rule="=1" /> <setting name="exmgmt.exe" rule="=1" /> <setting name="pvlsvr.exe" rule="=1" /> <setting name="beserver.exe" rule="=1" /> <setting name="bengine.exe" rule="=1" /> <setting name="ECM.exe" rule="=1" /> <setting name="wmiprvse.exe" rule=">1" /> <setting name="store.exe" rule="=1" /> <setting name="emsmta.exe" rule="=1" /> <setting name="NetSvc.exe" rule="=1" /> <setting name="java.exe" rule="=1" /> <setting name="explorer.exe" rule="=1" /> <setting name="shstat.exe" rule="=1" /> <setting name="PRONoMgr.exe" rule="=1" /> <setting name="UpdaterUI.exe" rule="=1" /> <setting name="TBMon.exe" rule="=1" /> <setting name="VxTaskbarMgr.exe" rule="=1" /> <setting name="jusched.exe" rule="=1" /> <setting name="sqlmangr.exe" rule="=1" /> <!setting name="IEXPLORE.EXE" rule="=1" /> <setting name="BBWin.exe" rule="=1" /> <!setting name="mstsc.exe" rule="=1" /> <setting name="naPrdMgr.exe" rule="=1" /> </procs> <svcs> Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 31 / 52 <!-- If true, the agent will always report with green status --> <setting name="alwaysgreen" value="false" /> <!-- If true, the agent will restart all "automatic services" which would be stopped--> <setting name="autoreset" value="false" /> <setting name="alarmcolor" value="yellow" /> <!-- The line bellow show you svcs rules. If the "Automatic Updates" service is stopped, it will be automatically restarted and a red status will be sent until the service get it's correct status --> <setting name="Automatic Updates" value="stopped" autoreset="false" alarmcolor="red" /> <setting name="Alerter" value="started" /> <setting name="Application Layer Gateway Service" value="stopped" /> <setting name="Application Management" value="started" /> <setting name="ASP.NET State Service" value="stopped" /> <setting name="Background Intelligent Transfer Service" value="stopped" /> <setting name="Backup Exec Agent Browser" value="started" /> <setting name="Backup Exec Device & Media Service" value="started" /> <setting name="Backup Exec Job Engine" value="started" /> <setting name="Backup Exec Remote Agent for Windows Servers" value="started" /> <setting name="Backup Exec Server" value="started" /> <setting name="Big Brother Hobbit Client" value="started" /> <setting name="ClipBook" value="stopped" /> <setting name="COM+ Event System" value="started" /> <setting name="COM+ System Application" value="stopped" /> <setting name="Computer Browser" value="started" /> <setting name="Console Message" value="stopped" /> <setting name="Cryptographic Services" value="started" /> <setting name="DHCP Client" value="started" /> <setting name="DHCP Server" value="stopped" /> <setting name="Disk Management Service" value="started" /> <setting name="Distributed File System" value="stopped" /> <setting name="Distributed Link Tracking Client" value="stopped" /> <setting name="Distributed Link Tracking Server" value="stopped" /> <setting name="Distributed Transaction Coordinator" value="started" /> <setting name="DNS Client" value="started" /> <setting name="DNS Server" value="started" /> <setting name="Error Reporting Service" value="started" /> <setting name="Event Log" value="started" /> <setting name="ExecView Communication Module (ECM)" value="started" /> <setting name="File Replication Service" value="stopped" /> <setting name="Help and Support" value="started" /> <setting name="HTTP SSL" value="started" /> <setting name="Human Interface Device Access" value="stopped" /> <setting name="IIS Admin Service" value="started" /> <setting name="IMAPI CD-Burning COM Service" value="stopped" /> <setting name="Indexing Service" value="stopped" /> <setting name="Intel NCS NetService" value="started" /> <setting name="Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)" value="stopped" /> <setting name="Intersite Messaging" value="started" /> <setting name="IPSEC Services" value="started" /> <setting name="Kerberos Key Distribution Center" value="started" /> <setting name="License Logging" value="stopped" /> <setting name="Logical Disk Manager" value="started" /> <setting name="Logical Disk Manager Administrative Service" value="stopped" /> <setting name="McAfee Framework Service" value="started" /> <setting name="McAfee GroupShield" value="started" /> <setting name="McAfee Log Service" value="started" /> <setting name="McAfee Outbreak Manager" value="started" /> <setting name="Messenger" value="started" /> <setting name="Microsoft Active Directory Connector" value="stopped" /> <setting name="Microsoft Exchange Event" value="stopped" /> <setting name="Microsoft Exchange IMAP4" value="stopped" /> <setting name="Microsoft Exchange Information Store" value="started" /> <setting name="Microsoft Exchange Management" value="started" /> <setting name="Microsoft Exchange MTA Stacks" value="started" /> <setting name="Microsoft Exchange POP3" value="stopped" /> <setting name="Microsoft Exchange Routing Engine" value="started" /> <setting name="Microsoft Exchange Site Replication Service" value="stopped" /> <setting name="Microsoft Exchange System Attendant" value="started" /> <setting name="Microsoft Search" value="started" /> <setting name="Microsoft Software Shadow Copy Provider" value="stopped" /> <setting name="mr2kserv" value="started" /> <setting name="MSSQL$BKUPEXEC" value="started" /> <setting name="MSSQLServerADHelper" value="stopped" /> <setting name="Net Logon" value="started" /> Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 32 / 52 <setting name="NetMeeting Remote Desktop Sharing" value="stopped" /> <setting name="Network Associates McShield" value="started" /> <setting name="Network Associates Task Manager" value="started" /> <setting name="Network Connections" value="started" /> <setting name="Network DDE" value="stopped" /> <setting name="Network DDE DSDM" value="stopped" /> <setting name="Network Location Awareness (NLA)" value="started" /> <setting name="Network News Transfer Protocol (NNTP)" value="stopped" /> <setting name="NT LM Security Support Provider" value="started" /> <setting name="Office Source Engine" value="stopped" /> <setting name="OM Common Services" value="started" /> <setting name="Performance Logs and Alerts" value="stopped" /> <setting name="Plug and Play" value="started" /> <setting name="Portable Media Serial Number Service" value="stopped" /> <setting name="Print Spooler" value="started" /> <setting name="Protected Storage" value="started" /> <setting name="Remote Access Auto Connection Manager" value="stopped" /> <setting name="Remote Access Connection Manager" value="started" /> <setting name="Remote Access Controller 4 (RAC)" value="started" /> <setting name="Remote Desktop Help Session Manager" value="stopped" /> <setting name="Remote Procedure Call (RPC)" value="started" /> <setting name="Remote Procedure Call (RPC) Locator" value="stopped" /> <setting name="Remote Registry" value="started" /> <setting name="Removable Storage" value="stopped" /> <setting name="Resultant Set of Policy Provider" value="stopped" /> <setting name="Routing and Remote Access" value="stopped" /> <setting name="Secondary Logon" value="started" /> <setting name="Secure Port Server" value="started" /> <setting name="Security Accounts Manager" value="started" /> <setting name="Server" value="started" /> <setting name="Shell Hardware Detection" value="started" /> <setting name="Simple Mail Transfer Protocol (SMTP)" value="started" /> <setting name="Smart Card" value="stopped" /> <setting name="SNMP Service" value="started" /> <setting name="SNMP Trap Service" value="stopped" /> <setting name="Special Administration Console Helper" value="stopped" /> <setting name="SQLAgent$BKUPEXEC" value="stopped" /> <setting name="System Event Notification" value="started" /> <setting name="Systems Management Data Manager" value="started" /> <setting name="Systems Management Event Manager" value="started" /> <setting name="Task Scheduler" value="started" /> <setting name="TCP/IP NetBIOS Helper" value="started" /> <setting name="TCP/IP Print Server" value="started" /> <setting name="Telephony" value="started" /> <setting name="Telnet" value="stopped" /> <setting name="Terminal Services" value="started" /> <setting name="Terminal Services Session Directory" value="stopped" /> <setting name="Themes" value="stopped" /> <setting name="Uninterruptible Power Supply" value="stopped" /> <setting name="Upload Manager" value="stopped" /> <setting name="User Profile Hive Cleanup" value="started" /> <setting name="Virtual Disk Service" value="stopped" /> <setting name="Volume Shadow Copy" value="stopped" /> <setting name="WebClient" value="stopped" /> <setting name="Windows Audio" value="started" /> <setting name="Windows Image Acquisition (WIA)" value="stopped" /> <setting name="Windows Installer" value="stopped" /> <setting name="Windows Management Instrumentation" value="started" /> <setting name="Windows Management Instrumentation Driver Extensions" value="stopped" /> <setting name="Windows Time" value="started" /> <setting name="WinHTTP Web Proxy Auto-Discovery Service" value="stopped" /> <setting name="Wireless Configuration" value="stopped" /> <setting name="WMI Performance Adapter" value="stopped" /> <setting name="Workstation" value="started" /> <setting name="World Wide Web Publishing Service" value="started" /> </svcs> 7.3.2 Custom Tests Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 33 / 52 Additional tests have been written to provide additional information from print, exchange and terminal servers. The tests are written in VBScript and integrated with the Hobbit Windows client via the ‘externals’ functionality. Install the tests using the following procedure: • • • • • Copy the config directory and contents to C:\Program Files\BBWin\ Copy the appropriate flag files eg.exchange.flag to C:\Program Files\BBWin\ Copy the ClientTests.wsf to C:\Program Files\BBWin\bin Copy the common and tests directories and contents to C:\Program Files\BBWin\bin\ Edit BBwin.cfg: <externals> <setting name="timer" value="3m" /> <setting name="logstimer" value="60s" /> <load value="cscript ClientTests.wsf" /> --- add this line <!-- load value="cscript mybbscript.vbs" /--> <!-- load value="memory.exe" /--> <!-- load value="cscript wlbs.vbs" timer="15m" /--> <!-- load value="cluster.exe" timer="90s" /--> </externals> • • Restart the Big Brother Hobbit Client service. The tests will show up automatically on the Hobbit server – both statistics and graphs. Tests currently implemented: • • • • • • Pages Printq Mess Exchange Diskperf Ts - Number of pages each printer has printed since the last reboot - Number of items on each print queue - Messages sent and received per second - Queues on the local exchange server - Monitor some disk performance activity - Number of active and inactive sessions on the terminal server Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 34 / 52 8 Appendices 8.1 Appendix 1 Package Explanations: fping pcre rrdtool libpng openssl openldap 8.2 Allows multiple PING ICMP messages to be sent simultaneously. Hobbit uses fping when checking if systems are alive, so you need to install it before running Hobbit. The configure-script will also check for this. Perl Compatible Regular Expression library - is a library for matching textstrings. is a library for handling the Round-Robin Databases used to hold the historical data Hobbit gathers. RRDTool can be used to examine the data is a library for generating images in the PNG format. It is used by rrdtool (and hence Hobbit). is a library for communicating with network services that use SSL encryption - e.g. secure websites. Although this library is not absolutely required for Hobbit, it is strongly recommend that it is installed because sooner or later it will probably be needed anyway. is used to query LDAP directory servers. If you would like to test that your directory server is up and running, you will need this library. Appendix 2 httpd.conf The httpd.conf should look like this. #LoadModule mod_placeholder /usr/lib/apache2/modules/mod_placeholder.so Alias /hobbit/ "/home/hobbit/server/www/" # # This is the main Apache server configuration file. It contains the # configuration directives that give the server its instructions. # See <URL:http://httpd.apache.org/docs/2.2/> for detailed information. # In particular, see # <URL:http://httpd.apache.org/docs/2.2/mod/directives.html> # for a discussion of each configuration directive. # # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # The configuration directives are grouped into three basic sections: # 1. Directives that control the operation of the Apache server process as a # whole (the 'global environment'). # 2. Directives that define the parameters of the 'main' or 'default' server, # which responds to requests that aren't handled by a virtual host. # These directives also provide default values for the settings # of all virtual hosts. # 3. Settings for virtual hosts, which allow Web requests to be sent to # different IP addresses or hostnames and have them handled by the # same Apache server process. # # Configuration and logfile names: If the filenames you specify for many # of the server's control files begin with "/" (or "drive:/" for Win32), the # server will use that explicit path. If the filenames do *not* begin Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 35 / 52 # with "/", the value of ServerRoot is prepended -- so "logs/foo.log" # with ServerRoot set to "/etc/httpd" will be interpreted by the # server as "/etc/httpd/logs/foo.log". # ### Section 1: Global Environment # # The directives in this section affect the overall operation of Apache, # such as the number of concurrent requests it can handle or where it # can find its configuration files. # # # Don't give away too much information about all the subcomponents # we are running. Comment out this line if you don't mind remote sites # finding out what major optional modules you are running ServerTokens OS # # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # # NOTE! If you intend to place this on an NFS (or otherwise network) # mounted filesystem then please read the LockFile documentation # (available at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>); # you will save yourself a lot of trouble. # # Do NOT add a slash at the end of the directory path. # ServerRoot "/etc/httpd" # # PidFile: The file in which the server should record its process # identification number when it starts. # PidFile run/httpd.pid # # Timeout: The number of seconds before receives and sends time out. # Timeout 120 # # KeepAlive: Whether or not to allow persistent connections (more than # one request per connection). Set to "Off" to deactivate. # KeepAlive Off # # MaxKeepAliveRequests: The maximum number of requests to allow # during a persistent connection. Set to 0 to allow an unlimited amount. # We recommend you leave this number high, for maximum performance. # MaxKeepAliveRequests 100 # # KeepAliveTimeout: Number of seconds to wait for the next request from the # same client on the same connection. # KeepAliveTimeout 15 ## ## Server-Pool Size Regulation (MPM specific) ## # prefork MPM # StartServers: number of server processes to start # MinSpareServers: minimum number of server processes which are kept spare # MaxSpareServers: maximum number of server processes which are kept spare # ServerLimit: maximum value for MaxClients for the lifetime of the server # MaxClients: maximum number of server processes allowed to start # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule prefork.c> StartServers 8 MinSpareServers 5 Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 36 / 52 MaxSpareServers 20 ServerLimit 256 MaxClients 256 MaxRequestsPerChild 4000 </IfModule> # worker MPM # StartServers: initial number of server processes to start # MaxClients: maximum number of simultaneous client connections # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadsPerChild: constant number of worker threads in each server process # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule worker.c> StartServers 2 MaxClients 150 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0 </IfModule> # # Listen: Allows you to bind Apache to specific IP addresses and/or # ports, in addition to the default. See also the <VirtualHost> # directive. # # Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses (0.0.0.0) # #Listen 12.34.56.78:80 Listen 80 # # Dynamic Shared Object (DSO) Support # # To be able to use the functionality of a module which was built as a DSO you # have to place corresponding `LoadModule' lines at this location so the # directives contained in it are actually available _before_ they are used. # Statically compiled modules (those listed by `httpd -l') do not need # to be loaded here. # # Example: # LoadModule foo_module modules/mod_foo.so # LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_digest_module modules/mod_auth_digest.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_alias_module modules/mod_authn_alias.so LoadModule authn_anon_module modules/mod_authn_anon.so LoadModule authn_dbm_module modules/mod_authn_dbm.so LoadModule authn_default_module modules/mod_authn_default.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_owner_module modules/mod_authz_owner.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_dbm_module modules/mod_authz_dbm.so LoadModule authz_default_module modules/mod_authz_default.so LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so LoadModule include_module modules/mod_include.so LoadModule log_config_module modules/mod_log_config.so LoadModule logio_module modules/mod_logio.so LoadModule env_module modules/mod_env.so LoadModule ext_filter_module modules/mod_ext_filter.so LoadModule mime_magic_module modules/mod_mime_magic.so LoadModule expires_module modules/mod_expires.so LoadModule deflate_module modules/mod_deflate.so LoadModule headers_module modules/mod_headers.so LoadModule usertrack_module modules/mod_usertrack.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule mime_module modules/mod_mime.so LoadModule dav_module modules/mod_dav.so LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 37 / 52 LoadModule info_module modules/mod_info.so LoadModule dav_fs_module modules/mod_dav_fs.so LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule dir_module modules/mod_dir.so LoadModule actions_module modules/mod_actions.so LoadModule speling_module modules/mod_speling.so LoadModule userdir_module modules/mod_userdir.so LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule cache_module modules/mod_cache.so LoadModule suexec_module modules/mod_suexec.so LoadModule disk_cache_module modules/mod_disk_cache.so LoadModule file_cache_module modules/mod_file_cache.so LoadModule mem_cache_module modules/mod_mem_cache.so LoadModule cgi_module modules/mod_cgi.so LoadModule version_module modules/mod_version.so # # The following modules are not loaded by default: # #LoadModule cern_meta_module modules/mod_cern_meta.so #LoadModule asis_module modules/mod_asis.so # # Load config files from the config directory "/etc/httpd/conf.d". # Include conf.d/*.conf # # ExtendedStatus controls whether Apache will generate "full" status # information (ExtendedStatus On) or just basic information (ExtendedStatus # Off) when the "server-status" handler is called. The default is Off. # #ExtendedStatus On # # If you wish httpd to run as a different user or group, you must run # httpd as root initially and it will switch. # # User/Group: The name (or #number) of the user/group to run httpd as. # . On SCO (ODT 3) use "User nouser" and "Group nogroup". # . On HPUX you may not be able to use shared memory as nobody, and the # suggested workaround is to create a user www and use that user. # NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) # when the value of (unsigned)Group is above 60000; # don't use Group #-1 on these systems! # User apache Group apache ### Section 2: 'Main' server configuration # # The directives in this section set up the values used by the 'main' # server, which responds to any requests that aren't handled by a # <VirtualHost> definition. These values also provide defaults for # any <VirtualHost> containers you may define later in the file. # # All of these directives may appear inside <VirtualHost> containers, # in which case these default settings will be overridden for the # virtual host being defined. # # # ServerAdmin: Your address, where problems with the server should be # e-mailed. This address appears on some server-generated pages, such # as error documents. e.g. admin@your-domain.com # ServerAdmin root@localhost Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 38 / 52 # # ServerName gives the name and port that the server uses to identify itself. # This can often be determined automatically, but we recommend you specify # it explicitly to prevent problems during startup. # # If this is not set to valid DNS name for your host, server-generated # redirections will not work. See also the UseCanonicalName directive. # # If your host doesn't have a registered DNS name, enter its IP address here. # You will have to access it by its address anyway, and this will make # redirections work in a sensible way. # #ServerName www.example.com:80 # # UseCanonicalName: Determines how Apache constructs self-referencing # URLs and the SERVER_NAME and SERVER_PORT variables. # When set "Off", Apache will use the Hostname and Port supplied # by the client. When set "On", Apache will use the value of the # ServerName directive. # UseCanonicalName Off # # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # DocumentRoot "/var/www/html" # # Each directory to which Apache has access can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # # First, we configure the "default" to be a very restrictive set of # features. # <Directory /> Options FollowSymLinks AllowOverride None </Directory> # # Note that from this point forward you must specifically allow # particular features to be enabled - so if something's not working as # you might expect, make sure that you have specifically enabled it # below. # # # This should be changed to whatever you set DocumentRoot to. # <Directory "/var/www/html"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.2/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 39 / 52 # # Controls who can get stuff from this server. # Order allow,deny Allow from all </Directory> # # UserDir: The name of the directory that is appended onto a user's home # directory if a ~user request is received. # # The path to the end user account 'public_html' directory must be # accessible to the webserver userid. This usually means that ~userid # must have permissions of 711, ~userid/public_html must have permissions # of 755, and documents contained therein must be world-readable. # Otherwise, the client will only receive a "403 Forbidden" message. # # See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden # <IfModule mod_userdir.c> # # UserDir is disabled by default since it can confirm the presence # of a username on the system (depending on home directory # permissions). # UserDir disable # # To enable requests to /~user/ to serve the user's public_html # directory, remove the "UserDir disable" line above, and uncomment # the following line instead: # #UserDir public_html </IfModule> # # Control access to UserDir directories. The following is an example # for a site where these directories are restricted to read-only. # #<Directory /home/*/public_html> # AllowOverride FileInfo AuthConfig Limit # Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec # <Limit GET POST OPTIONS> # Order allow,deny # Allow from all # </Limit> # <LimitExcept GET POST OPTIONS> # Order deny,allow # Deny from all # </LimitExcept> #</Directory> # # DirectoryIndex: sets the file that Apache will serve if a directory # is requested. # # The index.html.var file (a type-map) is used to deliver content# negotiated documents. The MultiViews Option can be used for the # same purpose, but it is much slower. # DirectoryIndex index.html index.html.var # # AccessFileName: The name of the file to look for in each directory # for additional configuration directives. See also the AllowOverride # directive. # AccessFileName .htaccess # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 40 / 52 # <Files ~ "^\.ht"> Order allow,deny Deny from all </Files> # # TypesConfig describes where the mime.types file (or equivalent) is # to be found. # TypesConfig /etc/mime.types # # DefaultType is the default MIME type the server will use for a document # if it cannot otherwise determine one, such as from filename extensions. # If your server contains mostly text or HTML documents, "text/plain" is # a good value. If most of your content is binary, such as applications # or images, you may want to use "application/octet-stream" instead to # keep browsers from trying to display binary files as though they are # text. # DefaultType text/plain # # The mod_mime_magic module allows the server to use various hints from the # contents of the file itself to determine its type. The MIMEMagicFile # directive tells the module where the hint definitions are located. # <IfModule mod_mime_magic.c> # MIMEMagicFile /usr/share/magic.mime MIMEMagicFile conf/magic </IfModule> # # HostnameLookups: Log the names of clients or just their IP addresses # e.g., www.apache.org (on) or 204.62.129.132 (off). # The default is off because it'd be overall better for the net if people # had to knowingly turn this feature on, since enabling it means that # each client request will result in AT LEAST one lookup request to the # nameserver. # HostnameLookups Off # # EnableMMAP: Control whether memory-mapping is used to deliver # files (assuming that the underlying OS supports it). # The default is on; turn this off if you serve from NFS-mounted # filesystems. On some systems, turning it off (regardless of # filesystem) can improve performance; for details, please see # http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap # #EnableMMAP off # # EnableSendfile: Control whether the sendfile kernel support is # used to deliver files (assuming that the OS supports it). # The default is on; turn this off if you serve from NFS-mounted # filesystems. Please see # http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile # #EnableSendfile off # # ErrorLog: The location of the error log file. # If you do not specify an ErrorLog directive within a <VirtualHost> # container, error messages relating to that virtual host will be # logged here. If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here. # ErrorLog logs/error_log # # LogLevel: Control the number of messages logged to the error_log. # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 41 / 52 # LogLevel warn # # The following directives define some format nicknames for use with # a CustomLog directive (see below). # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent # "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this # requires the mod_logio module to be loaded. #LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio # # The location and format of the access logfile (Common Logfile Format). # If you do not define any access logfiles within a <VirtualHost> # container, they will be logged here. Contrariwise, if you *do* # define per-<VirtualHost> access logfiles, transactions will be # logged therein and *not* in this file. # #CustomLog logs/access_log common # # If you would like to have separate agent and referer logfiles, uncomment # the following directives. # #CustomLog logs/referer_log referer #CustomLog logs/agent_log agent # # For a single logfile with access, agent, and referer information # (Combined Logfile Format), use the following directive: # CustomLog logs/access_log combined # # Optionally add a line containing the server version and virtual host # name to server-generated pages (internal error documents, FTP directory # listings, mod_status and mod_info output etc., but not CGI generated # documents or custom error documents). # Set to "EMail" to also include a mailto: link to the ServerAdmin. # Set to one of: On | Off | EMail # ServerSignature On # # Aliases: Add here as many aliases as you need (with no limit). The format is # Alias fakename realname # # Note that if you include a trailing / on fakename then the server will # require it to be present in the URL. So "/icons" isn't aliased in this # example, only "/icons/". If the fakename is slash-terminated, then the # realname must also be slash terminated, and if the fakename omits the # trailing slash, the realname must also omit it. # # We include the /icons/ alias for FancyIndexed directory listings. If you # do not use FancyIndexing, you may comment this out. # Alias /icons/ "/var/www/icons/" <Directory "/var/www/icons"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> # # WebDAV module configuration section. # <IfModule mod_dav_fs.c> # Location of the WebDAV lock database. Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 42 / 52 DAVLockDB /var/lib/dav/lockdb </IfModule> # # ScriptAlias: This controls which directories contain server scripts. # ScriptAliases are essentially the same as Aliases, except that # documents in the realname directory are treated as applications and # run by the server when requested rather than as documents sent to the client. # The same rules about trailing "/" apply to ScriptAlias directives as to # Alias. # ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" # # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased # CGI directory exists, if you have that configured. # <Directory "/var/www/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> # # Redirect allows you to tell clients about documents which used to exist in # your server's namespace, but do not anymore. This allows you to tell the # clients where to look for the relocated document. # Example: # Redirect permanent /foo http://www.example.com/bar # # Directives controlling the display of server-generated directory listings. # # # IndexOptions: Controls the appearance of server-generated directory # listings. # IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable # # AddIcon* directives tell the server which icon to show for different # files or filename extensions. These are only displayed for # FancyIndexed directories. # AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (VID,/icons/movie.gif) video/* AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binhex.gif .hqx AddIcon /icons/tar.gif .tar AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip AddIcon /icons/a.gif .ps .ai .eps AddIcon /icons/layout.gif .html .shtml .htm .pdf AddIcon /icons/text.gif .txt AddIcon /icons/c.gif .c AddIcon /icons/p.gif .pl .py AddIcon /icons/f.gif .for AddIcon /icons/dvi.gif .dvi AddIcon /icons/uuencoded.gif .uu AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/tex.gif .tex AddIcon /icons/bomb.gif core AddIcon /icons/back.gif .. AddIcon /icons/hand.right.gif README AddIcon /icons/folder.gif ^^DIRECTORY^^ AddIcon /icons/blank.gif ^^BLANKICON^^ Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 43 / 52 # # DefaultIcon is which icon to show for files which do not have an icon # explicitly set. # DefaultIcon /icons/unknown.gif # # AddDescription allows you to place a short description after a file in # server-generated indexes. These are only displayed for FancyIndexed # directories. # Format: AddDescription "description" filename # #AddDescription "GZIP compressed document" .gz #AddDescription "tar archive" .tar #AddDescription "GZIP compressed tar archive" .tgz # # ReadmeName is the name of the README file the server will look for by # default, and append to directory listings. # # HeaderName is the name of a file which should be prepended to # directory indexes. ReadmeName README.html HeaderName HEADER.html # # IndexIgnore is a set of filenames which directory indexing should ignore # and not include in the listing. Shell-style wildcarding is permitted. # IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t # # DefaultLanguage and AddLanguage allows you to specify the language of # a document. You can then use content negotiation to give a browser a # file in a language the user can understand. # # Specify a default language. This means that all data # going out without a specific language tag (see below) will # be marked with this one. You probably do NOT want to set # this unless you are sure it is correct for all cases. # # * It is generally better to not mark a page as # * being a certain language than marking it with the wrong # * language! # # DefaultLanguage nl # # Note 1: The suffix does not have to be the same as the language # keyword --- those with documents in Polish (whose net-standard # language code is pl) may wish to use "AddLanguage pl .po" to # avoid the ambiguity with the common suffix for perl scripts. # # Note 2: The example entries below illustrate that in some cases # the two character 'Language' abbreviation is not identical to # the two character 'Country' code for its country, # E.g. 'Danmark/dk' versus 'Danish/da'. # # Note 3: In the case of 'ltz' we violate the RFC by using a three char # specifier. There is 'work in progress' to fix this and get # the reference data for rfc1766 cleaned up. # # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) # Norwegian (no) - Polish (pl) - Portugese (pt) # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) # AddLanguage ca .ca AddLanguage cs .cz .cs AddLanguage da .dk AddLanguage de .de AddLanguage el .el AddLanguage en .en Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 44 / 52 AddLanguage eo .eo AddLanguage es .es AddLanguage et .et AddLanguage fr .fr AddLanguage he .he AddLanguage hr .hr AddLanguage it .it AddLanguage ja .ja AddLanguage ko .ko AddLanguage ltz .ltz AddLanguage nl .nl AddLanguage nn .nn AddLanguage no .no AddLanguage pl .po AddLanguage pt .pt AddLanguage pt-BR .pt-br AddLanguage ru .ru AddLanguage sv .sv AddLanguage zh-CN .zh-cn AddLanguage zh-TW .zh-tw # # LanguagePriority allows you to give precedence to some languages # in case of a tie during content negotiation. # # Just list the languages in decreasing order of preference. We have # more or less alphabetized them here. You probably want to change this. # LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW # # ForceLanguagePriority allows you to serve a result page rather than # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) # [in case no accepted languages matched the available variants] # ForceLanguagePriority Prefer Fallback # # Specify a default charset for all content served; this enables # interpretation of all content as UTF-8 by default. To use the # default browser choice (ISO-8859-1), or to allow the META tags # in HTML content to override this choice, comment out this # directive: # AddDefaultCharset UTF-8 # # AddType allows you to add to or override the MIME configuration # file mime.types for specific file types. # #AddType application/x-tar .tgz # # AddEncoding allows you to have certain browsers uncompress # information on the fly. Note: Not all browsers support this. # Despite the name similarity, the following Add* directives have nothing # to do with the FancyIndexing customization directives above. # #AddEncoding x-compress .Z #AddEncoding x-gzip .gz .tgz # If the AddEncoding directives above are commented-out, then you # probably should define those extensions to indicate media types: # AddType application/x-compress .Z AddType application/x-gzip .gz .tgz # # AddHandler allows you to map certain file extensions to "handlers": # actions unrelated to filetype. These can be either built into the server # or added with the Action directive (see below) # # To use CGI scripts outside of ScriptAliased directories: # (You will also need to add "ExecCGI" to the "Options" directive.) # Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 45 / 52 #AddHandler cgi-script .cgi # # For files that include their own HTTP headers: # #AddHandler send-as-is asis # # For type maps (negotiated resources): # (This is enabled by default to allow the Apache "It Worked" page # to be distributed in multiple languages.) # AddHandler type-map var # # Filters allow you to process content before it is sent to the client. # # To parse .shtml files for server-side includes (SSI): # (You will also need to add "Includes" to the "Options" directive.) # AddType text/html .shtml AddOutputFilter INCLUDES .shtml # # Action lets you define media types that will execute a script whenever # a matching file is called. This eliminates the need for repeated URL # pathnames for oft-used CGI file processors. # Format: Action media/type /cgi-script/location # Format: Action handler-name /cgi-script/location # # # Customizable error responses come in three flavors: # 1) plain text 2) local redirects 3) external redirects # # Some examples: #ErrorDocument 500 "The server made a boo boo." #ErrorDocument 404 /missing.html #ErrorDocument 404 "/cgi-bin/missing_handler.pl" #ErrorDocument 402 http://www.example.com/subscription_info.html # # # Putting this all together, we can internationalize error responses. # # We use Alias to redirect any /error/HTTP_<error>.html.var response to # our collection of by-error message multi-language collections. We use # includes to substitute the appropriate text. # # You can modify the messages' appearance without changing any of the # default HTTP_<error>.html.var files by adding the line: # # Alias /error/include/ "/your/include/path/" # # which allows you to create your own set of files by starting with the # /var/www/error/include/ files and # copying them to /your/include/path/, even on a per-VirtualHost basis. # Alias /error/ "/var/www/error/" <IfModule mod_negotiation.c> <IfModule mod_include.c> <Directory "/var/www/error"> AllowOverride None Options IncludesNoExec AddOutputFilter Includes html AddHandler type-map var Order allow,deny Allow from all LanguagePriority en es de fr ForceLanguagePriority Prefer Fallback </Directory> # ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 46 / 52 # # # # # # # # # # # # # # # # ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var ErrorDocument 410 /error/HTTP_GONE.html.var ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var </IfModule> </IfModule> # # The following directives modify normal HTTP response behavior to # handle known problems with browser implementations. # BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 # # The following directive disables redirects on non-GET requests for # a directory that does not include the trailing slash. This fixes a # problem with Microsoft WebFolders which does not appropriately handle # redirects for folders with DAV methods. # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. # BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully BrowserMatch "MS FrontPage" redirect-carefully BrowserMatch "^WebDrive" redirect-carefully BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully BrowserMatch "^gnome-vfs/1.0" redirect-carefully BrowserMatch "^XML Spy" redirect-carefully BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully # # Allow server status reports generated by mod_status, # with the URL of http://servername/server-status # Change the ".example.com" to match your domain to enable. # #<Location /server-status> # SetHandler server-status # Order deny,allow # Deny from all # Allow from .example.com #</Location> # # Allow remote server configuration reports, with the URL of # http://servername/server-info (requires that mod_info.c be loaded). # Change the ".example.com" to match your domain to enable. # #<Location /server-info> # SetHandler server-info # Order deny,allow # Deny from all # Allow from .example.com #</Location> # # Proxy Server directives. Uncomment the following lines to # enable the proxy server: # #<IfModule mod_proxy.c> #ProxyRequests On Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 47 / 52 # #<Proxy *> # Order deny,allow # Deny from all # Allow from .example.com #</Proxy> # # Enable/disable the handling of HTTP/1.1 "Via:" headers. # ("Full" adds the server version; "Block" removes all outgoing Via: headers) # Set to one of: Off | On | Full | Block # #ProxyVia On # # To enable a cache of proxied content, uncomment the following lines. # See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details. # #<IfModule mod_disk_cache.c> # CacheEnable disk / # CacheRoot "/var/cache/mod_proxy" #</IfModule> # #</IfModule> # End of proxy directives. ### Section 3: Virtual Hosts # # VirtualHost: If you want to maintain multiple domains/hostnames on your # machine you can setup VirtualHost containers for them. Most configurations # use only name-based virtual hosts so the server doesn't need to worry about # IP addresses. This is indicated by the asterisks in the directives below. # # Please see the documentation at # <URL:http://httpd.apache.org/docs/2.2/vhosts/> # for further details before you try to setup virtual hosts. # # You may use the command line option '-S' to verify your virtual host # configuration. # # Use name-based virtual hosting. # #NameVirtualHost *:80 # # NOTE: NameVirtualHost cannot be used without a port specifier # (e.g. :80) if mod_ssl is being used, due to the nature of the # SSL protocol. # # # VirtualHost example: # Almost any Apache directive may go into a VirtualHost container. # The first VirtualHost section is used for requests without a known # server name. # #<VirtualHost *:80> # ServerAdmin webmaster@dummy-host.example.com # DocumentRoot /www/docs/dummy-host.example.com # ServerName dummy-host.example.com # ErrorLog logs/dummy-host.example.com-error_log # CustomLog logs/dummy-host.example.com-access_log common #</VirtualHost> # This file is for Apache 1.3.x and Apache 2.0.x # # Add this to your Apache configuration, it makes # the Hobbit webpages and cgi-scripts available in the # "/hobbit" and "/hobbit-cgi" URLs. Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 48 / 52 # NB: The "Alias" line below must NOT be used if you have # the Hobbit webfiles as the root URL. In that case, # you should instead set this: # # DocumentRoot /home/hobbit/server/www <Directory "/home/hobbit/server/www"> Options Indexes FollowSymLinks Includes MultiViews Order allow,deny Allow from all </Directory> ScriptAlias /hobbit-cgi/ "/home/hobbit/cgi-bin/" <Directory "/home/hobbit/cgi-bin"> AllowOverride None Options ExecCGI Includes Order allow,deny Allow from all </Directory> ScriptAlias /hobbit-seccgi/ "/home/hobbit/cgi-secure/" <Directory "/home/hobbit/cgi-secure"> AllowOverride None Options ExecCGI Includes Order allow,deny Allow from all # Password file where users with access to these scripts are kept. # Create it with "htpasswd -c /home/hobbit/server/etc/hobbitpasswd USERNAME" # Add more users / change passwords with "htpasswd /home/hobbit/server/etc/hobbitpasswd USERNAME" # # You can also use a group file to restrict admin access to members of a # group, instead of anyone who is logged in. In that case you must setup # the "hobbitgroups" file, and change the "Require" settings to require # a specific group membership. See the Apache docs for more details. AuthUserFile /home/hobbit/server/etc/hobbitpasswd AuthGroupFile /home/hobbit/server/etc/hobbitgroups AuthType Basic AuthName "Hobbit Administration" # "valid-user" restricts access to anyone who is logged in. Require valid-user # "group admins" restricts access to users who have logged in, AND # are members of the "admins" group in hobbitgroups. # Require group admins </Directory> 8.3 Appendix 3 ./configure output: [root@hobbit01 hobbit-4.2.0]# ./configure Configuration script for Hobbit This script asks a few questions and builds a Makefile to compile Hobbit Checking your make-utility Checking pre-requisites for building Hobbit Checking for fping ... Hobbit has a built-in ping utility (hobbitping) However, it is not yet fully stable and therefore it may be best to use the external fping utility instead. I found fping in /usr/sbin/fping Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 49 / 52 Do you want to use it [Y/n] ? y Checking to see if '/usr/sbin/fping 127.0.0.1' works ... 127.0.0.1 is alive OK, will use '/usr/sbin/fping' for ping tests NOTE: If you are using an suid-root wrapper, make sure the 'hobbit' user is also allowed to run fping without having to enter passwords. For 'sudo', add something like this to your 'sudoers' file: hobbit: ALL=(ALL) NOPASSWD: /usr/local/sbin/fping Checking for RRDtool ... test-rrd.c: In function âmainâ: test-rrd.c:30: error: too few arguments to function ârrd_graphâ make: *** [test-compile] Error 1 Not RRDtool 1.0.x, checking for 1.2.x Found RRDtool include files in /usr/include Found RRDtool libraries in /usr/lib Linking RRD with PNG library: -L/usr/lib -lpng Checking for PCRE ... Found PCRE include files in /usr/include Found PCRE libraries in /usr/lib Checking for OpenSSL ... Found OpenSSL include files in /usr/include Found OpenSSL libraries in /usr/lib Hobbit can use the OpenSSL library to test SSL-enabled services like POP3S, IMAPS, NNTPS and TELNETS. If you have the OpenSSL library installed, I recommend that you enable this. Do you want to be able to test SSL-enabled services (y) ? Checking for LDAP ... test-ldap.c: In function âmainâ: test-ldap.c:16: warning: implicit declaration of function âldap_initâ test-ldap.c:16: warning: assignment makes pointer from integer without a cast Found LDAP include files in /usr/include Found LDAP libraries in /usr/lib Hobbit can use your OpenLDAP LDAP client library to test LDAP servers. Do you want to be able to test LDAP servers (y) ? Enable experimental support for LDAP/SSL (OpenLDAP 2.x only) (y) ? Checking for Large File Support ... Large File Support OK Setting up for a Hobbit server What userid will be running Hobbit [hobbit] ? Found passwd entry for user hobbit:x:500:500::/home/hobbit:/bin/bash Where do you want the Hobbit installation [/home/hobbit] ? OK, will configure to use /home/hobbit as the Hobbit toplevel directory What URL will you use for the Hobbit webpages [/hobbit] ? Where to put the Hobbit CGI scripts [/home/hobbit/cgi-bin] ? (Note: This is the filesystem directory - we will get to the URL shortly) What is the URL for the Hobbit CGI directory [/hobbit-cgi] ? (Note: This is the URL - NOT the filesystem directory) ********************** SECURITY NOTICE **************************** If your Hobbit server is accessible by outsiders, then you should restrict access to the CGI scripts that handle enable/disable of hosts, and acknowledging of alerts. The easiest way to do this is to put these in a separate CGI directory and require a password to access them. Even if your Hobbit server is on a secured, internal network, you may want to have some operations (like disabling a host) be password- Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 50 / 52 protected - that lets you see who disabled or acknowledged an alert. Where to put the Hobbit Administration CGI scripts [/home/hobbit/cgi-secure] ? (Note: This is the filesystem directory - we will get to the URL shortly) What is the URL for the Hobbit Administration CGI directory [/hobbit-seccgi] ? (Note: This is the URL - NOT the filesystem directory) ** Note that you may need to modify your webserver configuration. ** After installing, see /home/hobbit/server/etc/hobbit-apache.conf for an example configuration. To generate Hobbit availability reports, your webserver must have write-access to a directory below the Hobbit top-level directory. I can set this up if you tell me what group-ID your webserver runs with. This is typically 'nobody' or 'apache' or 'www-data' If you dont know, just hit ENTER and we will handle it later. What group-ID does your webserver use ? apache Where to put the Hobbit logfiles [/var/log/hobbit] ? What is the name of this host [hobbit01] ? What is the IP-address of this host [127.0.0.1] ? 10.0.0.2 Where should I install the Hobbit man-pages (/usr/local/man) ? Using Linux Makefile settings Created Makefile with the necessary information to build Hobbit Some defaults are used, so do look at the Makefile before continuing. Configuration complete - now run make (GNU make) to build the tools 8.4 Appendix 4 If you configured Hobbit to put the Administration CGI scripts into a separate directory: If you configured Hobbit to put the Administration CGI scripts into a separate directory (recommended for better security), you will also need to setup the password-file that controls access to this directory. Use the htpasswd command both to create the password file and to add or delete users. NOTE: It will first be necessary to create the directory structure for this. Type the below: # /usr/bin/htpasswd -c /usr/local/hobbit/server/etc/hobbitpasswd admin Provide a new password when prompted as below: New password: <provide a new password> Re-type new password: <provide a new password> Adding password for user admin # The -c option should only be used the first time, to create the password file. Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 51 / 52 See the Apache documentation for details about how to use htpasswd. 8.5 Appendix 5 Manual Hobbit client Install & configuration • • • • • • • • • • • • • • • • • Logon to the server where the client is to be installed. Copy the current version of Hobbit Windows client to the server. Unzip the Hobbit client into a temporary directory. Start the installation by double clicking on the msi file. Accept all of the defaults and complete the setup. [change install directory if required] Open Windows Explorer and browse to C:\Program Files\BBWin\etc. Open BBWin.cfg in Notepad. Edit the 4th line which starts <setting name="bbdisplay"..../> replacing the "yourfirstbbdisplay" with "hobbit01" Save the changes and close Notepad. Start Regedit. Expand HKLM->Software->BBWin->hostname. Double click on hostname and enter the name by which you wish Hobbit to refer to this server. This must match with the name entered in the bb-hosts file on the Hobbit server. Close Regedit. Open Services. The Big Brother Hobbit Client service should be installed and set to automatic. Start the service. Close services. The installation is now complete. Additional settings can be made by further modification to BBWin.cfg and additional files to run further external scripts. Hobbit Server 4.2 Install on RedHat 5 Enterprise – www.impee.co.uk 52 / 52