ntop 3.3.9 on Fedora 9

=====Pre-installation=====
yum install cairo-devel libxml2-devel pango-devel pango libpng-devel freetype freetype-devel libart_lgpl-deve libpcap-devel

=====Install RRDtool=====
cd /usr/local/src/
wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.3.5.tar.gz
cd /usr/local/src/rrdtool-1.3.5
./configure
make
make install
cd ..
ln -s rrdtool rrdtool-1.3.5


=====Verifty installation=====
cd /usr/local/rrdtool/share/rrdtool/examples/
cp stripes.png /var/www/html/
http://ip_address/stripes.png

=====Install Ntop=====
cd /usr/local/src/
tar -zxvf ntop-3.3.9.tar.gz
cd ntop-3.3.9
./autogen.sh --prefix=/usr/local/ntop-3.3.9
make
make install
useradd -M -s /sbin/nologin -r ntop
chown -R ntop.ntop /usr/local/ntop-3.3.9/share/ntop
cd /usr/local/
ln -s ntop-3.3.9 ntop

=====Set Admin Password=====
ntop -A

=====Start Ntop by command=====
/usr/local/ntop/bin/ntop -d -L -u ntop -P /usr/local/ntop-3.3.9/var/ntop --skip-version-check --use-syslog=daemon

http://server-ip:3000/

=====Start Ntop by ntop.conf=====
mkdir -p /usr/share/ntop
cp /usr/local/src/ntop-3.3.9/packages/debian.official/protocol.list /usr/share/ntop/
cp /usr/local/src/ntop-3.3.9/packages/RedHat/ntop.conf.sample /etc/ntop.conf

vi /etc/ntop.conf
--domain mydomain.com
--db-file-path /usr/local/ntop/var/ntop
--interface eth0,eth1,ppp0
-p /usr/share/ntop/protocol.list
-w server-ip:30000 -W 0

/usr/local/ntop/bin/ntop @/etc/ntop.conf

http://server-ip:3000/

=====Configure Round-Robin Database on web interface=====
http://server-ip:3000/ -> Plugins -> Round-Robin Database -> Configure

Change RRD Files Path to

Normal RRDs: /usr/local/ntop/var/ntop/rrd

Dynamic/Volatile RRDs: /usr/local/ntop/var/ntop/rrd

Select **private** to File/Directory Permissions

chown ntop:ntop /usr/local/ntop/var/ntop/rrd

Dell OpenManage Server Administrator on CentOS 5.2

=====Pre-Installation=====
mkdir -p /usr/local/omsa_5.5

=====Install OMSA packages=====
vi /etc/redhat-release
#change
CentOS release 5.2 (Final)
to
CentOS release 5.2 (Tikanga)

=====Install OMSA packages=====
cd /usr/local/omsa_5.5
cp /usr/local/src/OM_5.5.0_ManNode_A00.tar.gz .
tar zxvf OM_5.5.0_ManNode_A00.tar.gz

cd /usr/local/omsa_5.5/linux/RPMS/supportRPMS
rpm -Uvh compat-libstdc++-33-3.2.3-47.3.i386.rpm

cd /usr/local/omsa_5.5
./setup.sh

Select "6" to install ALL

=====Startup OMSA=====
sh /usr/local/omsa_5.5/linux/supportscripts/srvadmin-services.sh start

https://ip_address:1311

Dell OpenManage Server Administrator on Fedora 8

=====Pre-Installation=====
mkdir -p /usr/local/omsa_5.5

=====Install OMSA packages=====
cd /usr/local/omsa_5.5
cp /usr/local/src/OM_5.5.0_ManNode_A00.tar.gz .
tar zxvf OM_5.5.0_ManNode_A00.tar.gz
cd /usr/local/omsa_5.5/linux/custom/RHEL5/srvadmin-base

rpm -Uvh srvadmin-omilcore-5.5.0-364.i386.rpm
rpm -Uvh srvadmin-syscheck-5.5.0-364.i386.rpm
rpm -Uvh srvadmin-deng-5.5.0-364.i386.rpm
rpm -Uvh srvadmin-omauth-5.5.0-364.rhel5.i386.rpm
rpm -Uvh ../../../RPMS/supportRPMS/compat-libstdc++-33-3.2.3-47.3.i386.rpm
rpm -Uvh srvadmin-omacore-5.5.0-364.i386.rpm
rpm -Uvh srvadmin-jre-5.5.0-364.i386.rpm
rpm -Uvh srvadmin-ipmi-5.5.0-364.rhel5.i386.rpm
rpm -Uvh srvadmin-hapi-5.5.0-364.i386.rpm
rpm -Uvh srvadmin-isvc-5.5.0-364.i386.rpm
rpm -Uvh srvadmin-cm-5.5.0-364.i386.rpm
rpm -Uvh ../add-webserver/srvadmin-iws-5.5.0-364.i386.rpm
rpm -Uvh srvadmin-omhip-5.5.0-364.i386.rpm
rpm -Uvh ../add-storageservices/srvadmin-storage-5.5.0-364.i386.rpm

=====Startup OMSA=====
sh /usr/local/omsa_5.5/linux/supportscripts/srvadmin-services.sh start

https://ip_address:1311

=====Install RAC support on OMSA interface=====
cd /usr/local/omsa_5.5/linux/custom/RHEL5/add-RAC5
rpm -Uvh srvadmin-rac*

tar over ssh

You can use tar over ssh

tar zcvf - /tmp | ssh user@ip_address "cat /backup/tmp.tar.gz"

Or

tar zcvf - /tmp | ssh user@hostname "cat /backup/tmp.tar.gz"

You can also tar and untar to remote host with specific dir.

tar -zcf - /tmp | ssh user@ip_address tar -C /path/to/remote/dir -zxf -

vlan - tagged and untagged

Summary for setup 3Com baseline 2948SFP Plus switch

If a port is in a single VLAN it can be untagged but if the port needs to be a member of multiple VLANs it must be tagged.

The IEEE 802.1Q standard defines how VLANs operate within an open packet-switched network. An 802.1Q compliant packet carries additional information that allows a switch to determine to which VLAN the port belongs. If a frame is carrying the additional data, it is known as tagged.

To carry multiple VLANs across a single physical (backbone) link, each packet must be tagged with a VLAN identifier so that the switches can identify which packets belong in which VLANs. Routers interconnect VLANs, so they must also understand 802.1Q tagging, so that they do not become bottlenecks for inter-VLAN traffic.

.htaccess - Manager can view this page from anywhere, everyone else must be from intranet

AuthUserFile /home/www/htpasswd

AuthName "Intranet"
AuthType Basic
Satisfy Any #Default is Satisfy ALL

order deny,allow
deny from all
allow from 192.168.1.
allow from 192.168.2.
require user manager


Reference link
http://home.golden.net/htaccess.html
http://www.sfu.ca/cas/htaccess.html
http://webmaster.iu.edu/security_info/index.shtml

IPSEC VPN - Tunnel Mode by using AH and ESP

Note from wikipedia:
Authentication Header (AH)

AH is a member of the IPsec protocol suite. AH is intended to guarantee connectionless integrity and data origin authentication of IP packets.

Encapsulating Security Payload (ESP)

ESP is a member of the IPsec protocol suite. It is the portion of IPsec that provides origin authenticity, integrity, and confidentiality protection of packets. ESP also supports encryption-only and authentication-only configurations, but using encryption without authentication is strongly discouraged because it is insecure.

#Fire
echo "1" > /proc/sys/net/ipv4/ip_forward

vi 10-0-1-104.conf

#Configuration file on Fire
flush;
spdflush;

#SAD
add 10.0.1.103 10.0.1.104 ah 0x200 -m tunnel
-A hmac-sha1 0xe983bd728c2e7ecd4369d2050db804bc2f36aee7;

add 10.0.1.104 10.0.1.103 ah 0x300 -m tunnel
-A hmac-sha1 0xdd2f63da632c7ddcc5a6c29a6ca9739e8d4d9e77;

add 10.0.1.103 10.0.1.104 esp 0x201 -m tunnel
-E 3des-cbc 0x3fdad5392f9ead005660b36b5358de87552f7d0c5f2dd996;

add 10.0.1.104 10.0.1.103 esp 0x301 -m tunnel
-E 3des-cbc 0x5362f516f083ebf9326ad103d7e0d573a4d3d9e25a31f65d;

#SPD
spdadd 172.16.14.0/24 192.168.82.0/24 any -P out ipsec
esp/tunnel/10.0.1.104-10.0.1.103/require;
ah/tunnel/10.0.1.104-10.0.1.103/require;

spdadd 192.168.82.0/24 172.16.14.0/24 any -P in ipsec
esp/tunnel/10.0.1.103-10.0.1.104/require;
ah/tunnel/10.0.1.103-10.0.1.104/require;


#Rage
echo "1" > /proc/sys/net/ipv4/ip_forward

flush;
spdflush;
#SAD
add 10.0.1.103 10.0.1.104 ah 0x200 -m tunnel
-A hmac-sha1 0xe983bd728c2e7ecd4369d2050db804bc2f36aee7;

add 10.0.1.104 10.0.1.103 ah 0x300 -m tunnel
-A hmac-sha1 0xdd2f63da632c7ddcc5a6c29a6ca9739e8d4d9e77;

add 10.0.1.103 10.0.1.104 esp 0x201 -m tunnel
-E 3des-cbc 0x3fdad5392f9ead005660b36b5358de87552f7d0c5f2dd996;

add 10.0.1.104 10.0.1.103 esp 0x301 -m tunnel
-E 3des-cbc 0x5362f516f083ebf9326ad103d7e0d573a4d3d9e25a31f65d;

#SPD
spdadd 172.16.14.0/24 192.168.82.0/24 any -P in ipsec
esp/tunnel/10.0.1.104-10.0.1.103/require;
ah/tunnel/10.0.1.104-10.0.1.103/require;

spdadd 192.168.82.0/24 172.16.14.0/24 any -P out ipsec
esp/tunnel/10.0.1.103-10.0.1.104/require;
ah/tunnel/10.0.1.103-10.0.1.104/require;