Wednesday, 28 September 2016

Top Daily Use Linux/Unix Commands

pwd
cat
less
cd
mkdir
ls
cp
mv
head
tail
wc
grep
kill
nohup
df
du
zip
tar
find
date

Top Useful Network Monitoring Commands

Useful commands for network monitoring

Ping  (Unix/Windows)
Traceroute  (Unix/Windows)
Arp (Unix/Windows)
Curl and wget (Unix/ Windows)
Netstat (Unix/Windows)
Whois (Unix/ Windows)
SSH (Unix/Linux/Windows)
TCPDump (Unix/Linux/Windows)
Ngrep (Unix/Linux/Windows)
NMAP (Unix/Windows)
Netcat (Windows/Unix)
Lsof (Unix/Windows)
IPtraf (Linux)

Ping (Unix/Window):
Ping is very basic and important command. Ping sends an ICMP ECHO_REQUEST packet to the specified host. If the host responds, you get an ICMP packet back. You can “ping” an IP address to see if a machine is alive. If there is no response, you know something is wrong. It’s also used to check the “speed” or latency time for said network connection. It’s a command that exists on all OS’s that support TCP/IP and it’s one of those basics you should know. Following is the ping examle.

$ ping HostName/IP Address
$ ping google.com
$ ping 192.168.182.132

You can specify the count of ECHO_REQUEST packets to be sent while ping a host. For this we can use parameter '-c' as following.

$ ping -c 4 192.168.182.132
PING 192.168.182.132 (192.168.182.132) 56(84) bytes of data.
64 bytes from 192.168.182.132: icmp_req=1 ttl=64 time=0.281 ms
64 bytes from 192.168.182.132: icmp_req=2 ttl=64 time=0.495 ms
64 bytes from 192.168.182.132: icmp_req=3 ttl=64 time=0.459 ms
64 bytes from 192.168.182.132: icmp_req=4 ttl=64 time=0.250 ms

--- 192.168.182.132 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.250/0.371/0.495/0.107 ms

Traceroute  (Unix/Windows):
Traceroute command is a very useful network diagnostic tool. Traceroute displays each host that a packet travels through(devices, switches, routers, computers) as it tries to reach its destination. In case of trouble it can give us an idea at which point problem is there while moving packets to its destination.

Traceroute (Unix):
~$ traceroute 192.168.182.132
traceroute to 192.168.182.132 (192.168.182.132), 30 hops max, 60 byte packets
 1  ubuntu.local (192.168.182.132)  0.302 ms  0.316 ms  0.304 ms

tracert( Window ):
C:\Users\Mukesh.Kumar>tracert google.com

Tracing route to google.com [216.58.220.46]
over a maximum of 30 hops:
  1     *        *        *     Request timed out.
  2    48 ms    56 ms    49 ms  10.210.0.82
  3    55 ms    23 ms    41 ms  10.210.0.86
  4    25 ms    26 ms    29 ms  125.17.150.37
  5    62 ms    42 ms    38 ms  182.79.234.221
  6    49 ms     *       59 ms  72.14.242.178
  7    56 ms    46 ms    34 ms  66.249.94.73
  8    44 ms    36 ms     *     209.85.255.43
  9    57 ms    50 ms    29 ms  maa03s18-in-f14.1e100.net [216.58.220.46]

Trace complete.

Note : The Unix "traceroute" uses UDP datagrams rather than ICMP to perform a similar function link ping.

Arp (Unix/Windows) :
Using the arp command allows you to display and modify the Address Resolution Protocol (ARP) cache. An ARP cache is a simple mapping of IP addresses to MAC addresses.
Example:
C:\Users\Mukesh.Kumar>arp -a 192.168.182.132

Interface: 192.168.182.1 --- 0x1e
  Internet Address      Physical Address      Type
  192.168.182.132       00-0c-29-08-b7-93     dynamic
 
Wget and curl (Unix/ Windows):
    This command allow to download files or entire webpage.both are command line tools that can download contents from FTP, HTTP and HTTPS
    both can send HTTP POST requests
    both support HTTP cookies
    both are designed to work without user interaction, like from within scripts
    both are fully open source and free software
    both support metalink

    Note : curl supports FTP, FTPS, Gopher, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT,
      LDAP, LDAPS, FILE, POP3, IMAP, SMB/CIFS, SMTP, RTMP and RTSP.    
      Wget only supports HTTP, HTTPS and FTP

Netstat (Unix/Windows):
Netstat prints information about the Linux networking subsystem. By default, netstat displays a list of open sockets.  If you don't specify any address families, then the active sockets of  all  configured address families will be printed.  The type of information printed is controlled by the first argument,as follows:
Netstat( Unix ):
   --route , -r
       Display the kernel routing tables. See the description in route(8) for details.  netstat -r and route -e produce the same output.

   --groups , -g
       Display multicast group membership information for IPv4 and IPv6.

   --interfaces, -i
       Display a table of all network interfaces.

   --masquerade , -M
       Display a list of masqueraded connections.

   --statistics , -s
       Display summary statistics for each protocol.
'

Whois (Unix/ Windows) :
Network command used to consult domain data. Mainly data like the domain owner, it’s expire time, configured registries, contact data, etc. are consulted. It’s very recommendable to use it to contact domain administrators or for service migration instances, such as email or webpage migrations.

In order to use ‘whois’ on Windows, you should download the software linked on the following URL: https://technet.microsoft.com/en-us/sysinternals/whois.aspx

You can also consult them using services such as https://www.whois.net/ on your browser.

SSH (Unix/Linux/Windows):
SSH, or Secure Shell, is a protocol used to securely log onto remote systems. It is the most common way to access remote Linux and Unix-like servers.

$ ssh remote-host

If remote user name is diffrence then you can use username also
$ ssh user-name@remote-host

If you wish to execute a command on remote system, you can specify it after the host-name.
$ ssh remote_host command_to_run
$ ssh mukesh@ubuntu-server.com ls

Note : To use SSH on Windows we recommend using Putty. http://www.putty.org/

TCPDump (Unix/Linux/Windows):
tcpdump is a most powerful and widely used command-line packets sniffer or package analyzer tool which is used to capture or filter TCP/IP packets that received or transferred over a network on a specific interface. It is available under most of the Linux/Unix based operating systems. tcpdump also gives us a option to save captured packets in a file for future analysis. It saves the file in a pcap format, that can be viewed by tcpdump command or a open source GUI based tool called Wireshark (Network Protocol Analyzier) that reads tcpdump pcap format files.

Ngrep (Unix/Linux/Windows):
This takes the potency of the ‘grep’ command to the Net. It’s basically a tcpdump with text subchain filters in real time. It’s an HTTP, SMTP, DNS and other protocol communication packets filter. It has a very powerful filtering system over regular expressions and it’s usually used to process files generated by tcpdump, Wireshark, etc.

NMAP (Unix/Windows):
The Nmap aka Network Mapper is an open source and a very versatile tool for Linux system/network administrators. Nmap is used for exploring networks, perform security scans, network audit and finding open ports on remote machine. It scans for Live hosts, Operating systems, packet filters and open ports running on remote hosts.

Netcat (Windows/Unix):
Netcat or nc is a networking utility for debugging and investigating the network.

This utility can be used for creating TCP/UDP connections and investigating them. The biggest use of this utility is in the scripts where we need to deal with TCP/UDP sockets.

Lsof (Unix/Windows):
It’s a tool that’s useful for identifying which files a process is using or keeping open. In the case of Unix environments, a file is also a network connection, so it’s useful to know which ports are open during a specific running process, something which can prove to be extremely useful in some cases.
It can also be used to know how many files a single process has open. It doesn’t have anything to do with the network, but we’re sure it’ll be useful for you anyway. Lsof is one of those tools you should know about.

IPtraf (Linux):
A specialized network command which obtains traffic statistics. It has an ncurses interface (text) to analyze the traffic that goes through an interface in real time. Very useful if you see anomalies on your device and you need to see and inspect the traffic coming through it.

Sunday, 25 September 2016

How To Install NRPE on Ubuntu 16.04, 14.04, 12.04 and LinuxMint

NRPE is stands for Nagios Remote Plugin Executor. In previous post i had described about installation of Nagios Server on Ubuntu operating system(link). This article will help you to install NRPE on Ubuntu 15.04, 14.04, 12.04 & LinuxMint systems.

The NRPE addon is designed to allow you to execute Nagios plugins on remote Linux/Unix machines. The main reason for doing this is to allow Nagios to monitor "local" resources (like CPU load, memory usage, etc.) on remote machines. Since these public resources are not usually exposed to external machines, an agent like NRPE must be installed on the remote Linux/Unix machines.
Need personal assistance on Nagios? Please contact me at

immukesh72@gmail.com

at very nominal charges

Note: It is possible to execute Nagios plugins on remote Linux/Unix machines through SSH. There is a check_by_ssh plugin that allows you to do this. Using SSH is more secure than the NRPE addon, but it also imposes a larger (CPU) overhead on both the monitoring and remote machines. This can become an issue when you start monitoring hundreds or thousands of machines. It is useful to use NRPE to lower load on monitoring and remote host as well.












 As showing in above image the NRPE addon consists of two pieces:

– The check_nrpe plugin, which resides on the local monitoring machine.
– The NRPE daemon, which runs on the remote Linux/Unix machine.

Step 1. Install NRPE and Nagios Plugins

NRPE is available under default apt repositories of Ubuntu systems. Execute the following command to install it

$ sudo apt-get install nagios-nrpe-server nagios-plugins nagios-plugins-basic nagios-plugins-standard

Step 2. Configure NRPE

Edit the /etc/nagios/nrpe.cfg file and in allowed_hosts give the ip address of Nagios monitoring Server from which monitoring will be done. For example nagios monitoring host server ip is 192.168.182.130, then add this IP address to allowed_hosts list.

allowed_hosts=127.0.0.1,192.168.182.130

Step 3. Restart the NRPE service

Restart the nrpe service in client machine with following command.

$ sudo /etc/init.d/nagios-nrpe-server restart
Step 4. Install nagios-nrpe-plugin package in your nagios monitoring server. 
Run the following command to install the check_nrpe plugin on your Nagios server. It will install check_nrpe plugin under /usr/lib/nagios/plugins/.

$ sudo apt-get install nagios-nrpe-plugin

Step 5. Verification 

Now login to the nagios server and sudo nagios user. To verify if nagios are able to communicate with nrpe agent in client machine run check_nrpe plugin by passing client machine IP address ( In my case client machine IP is 192.168.182.131 )as following. If you are not able to find check_nrpe plugin please follow the setp 4 to install check_nrpe plugin.

nagios@ubuntu:~$ /usr/lib/nagios/plugins/check_nrpe -H 192.168.182.131
NRPE v2.12

The output "NRPE v2.12" shows that the nagios server was successfully communicating with NRPE agent.

Step 6. Add nagios check command in NRPE

By defaults all nagios installed in /usr/lib/nagios/plugins/ directory. You can add new service check as per your requirements in /etc/nagios/nrpe.cfg. Folloing are the default check commans in nrpe.cfg file.

command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200

Step 7. Start/Stop/Restart NRPE service

Each time when we make change into the configuration file which are in client machine that time we need to restart the nrpe srevice.

$ sudo /etc/init.d/nagios-nrpe-server stop
$ sudo /etc/init.d/nagios-nrpe-server start
$ sudo /etc/init.d/nagios-nrpe-server restart


   
Need personal assistance on Nagios? Please contact me at

immukesh72@gmail.com

at very nominal charges
Related Posts Plugin for WordPress, Blogger...