User:Sapirg/sandbox

Home assignment for IBM Trusteer

Task No. 1
Instantiate an EC2 micro instance The instance creation should be done using the AWS developer tools http://aws.amazon.com/developertools the machine should be opened to ssh and http communication, but limited to Trusteer(195.110.40.7) and your personal IP's

instance description:
Instance ID i-2fb508ee Public DNS ec2-52-28-69-215.eu-central-1.compute.amazonaws.com

Instance state running Public IP 52.28.69.215

Instance type t2.micro Elastic IP -

Private DNS ip-172-31-21-110.eu-central-1.compute.internal Availability zone eu-central-1b

Private IPs 172.31.21.110 Security groups launch-wizard-1. view rules

Secondary private IPs Scheduled events No scheduled events

VPC ID vpc-4b18d622 AMI ID RHEL-7.1_HVM_GA-20150225-x86_64-1-Hourly2-GP2 (ami-dafdcfc7)

Subnet ID subnet-e6f90b9d Platform -

Network interfaces eth0 IAM role -

Source/dest. check True Key pair name sapirg Owner 539438279965

EBS-optimized False Launch time April 28, 2015 at 2:56:34 PM UTC+3 (20 hours)

Root device type ebs Termination protection False

Root device /dev/sda1 Lifecycle normal

Block devices /dev/sda1 Monitoring basic Alarm status None

Username ec2-user

Public Key -BEGIN RSA PRIVATE KEY- MIIEowIBAAKCAQEAigkeu4bLhZZXxy/MPVyu7YgfVbTjY3ND6i//9VgRt3OMlLg8B/Ivy3neVNEi WwU/DtQHJ4N0Q0PncchRQnboXxoOuu/hGGcnq3/RRIhTV8n+g9cgbaQ51rvL0OB2H3WZl+Tvtcxx 3riwi9aBvCX1jKrzqNY1e5UDWqlmkoI0JL2gyj+WWisgos7nqfuQ9creTsikI8O5gYvEaGVzSNWP 9rbc/DsGM97x/aUyMAk5xKXWUkSK41h2wjMDjCApvyBIg7aaO4xgM94lUlpu2ScY+jUzwFGV49y3 huJp4kwQOgD71xH3ikorPtOXxtFge7GyxQoSZY9HOnsTVEswl07/AwIDAQABAoIBAEc1DTWQA82W ERIgBixhc5v1bLS569OR0qcsu83E8N7CLPNLVyyCM0W0SI1YlXB+9Fih6E7p8UAB95Mq00CGNrlY p+CnfmcoT76Y4UuJR/Uxrqo0f/YPkgbEOhA2urjf4awJ3d7a6KMMg4af0a1Np645QhkG5/AonuJW ISPTJzMMFMoVj3frCXou9GuIBu+CSH2daMSxyZ0cfgciDkl13t+JjwGBNevKPU1jmfooT7NHjitz MaPz1IY1spHMlKZF+NFbZaDDMs45IRfG8Y4BKMpuJSdq4Jckh7hTV/jmzXlbRi+pnpiL90235x56 zeBvN1ziJRWSw+Y5pfkFLGxBy4ECgYEA/oZbOZIWCv20Yodx3gqe0h6/M7pfi++M+0cULj71BuL+ /t7hritT2+HfbaLFj0as5XqvOsuL3Gp4IIDDyRiKw0O+YUK5zB7u2RzWZfdNzdnX0jxM0+Gj/S/f xoMzhyVA4H0tu2DfnW97pGWvVOTonq98TJsoLUsQlrt2HX77rvcCgYEAitXtImdxRdMzIAMvioRc 7v14fVv7/2st86DFiYZkh/IYMlrF16HNiA6uVEIhi/6VdjXz1eo0IEOKestlx15Ln3wm0HHKEhJr 2Zb8B0UN0rtj7So+H+No1b6ij2jMKOIKntem0p6dMqDTfe6gjvTx2TuGPwITEb/xHlGCSOB8kVUC gYBvQnwOJnXMSCraBysXTL0wTJB4JDgwC38tOFzx+kNRx1iAQR2V7QqzS4FHg6eogdSCW6bNpLx2 lXP9gUwUU84UnUBTc7+UItF1xs1RtVElctyM4h8TX8c3nf3L4P5dTUOW3iFnj2kwgNMjge+qxIWL GFrVgd2GLxIJUdjH/AI48QKBgBEiRZmxWnFblzukKQHXRADalzwhVgA3ofwnIznNtCpy3jmYqkHq XgskhK8xWiKE0L09+1GzDavNqhFteKoaIQsVr1SaNm30iArab1AWXZZcOgDS7cfRsOZwGG/KZyfE fbsMsjHcEVpmLrOj93ytDgvZJMAx6ViPb5pmRMXprnXhAoGBAO4pDY1clY0K8AqGWgciPqOQlzFU c+jOZawTD5so/lJwhklD7e8P0gXQbZ0V0ENbXYbKV9EIKeo9uOugdUU0FHHrqqtxGNccERPrFKAg pyBA8OihyEKFyixQvcB6bYZ/c8swexPu98++7U/XQSgRoJ3F0KvzDDDgOvSU98H4LIEo -END RSA PRIVATE KEY-

Security group description:
Security Group: sg-9d8b52f4 Protocol Port Range Source SSH TCP 22 5.29.18.4/32 SSH TCP 22 195.110.40.7/32 HTTP TCP 80 5.29.18.4/32 HTTP TCP 80 195.110.40.7/32 HTTP

Task No. 2
Install Nagios 3.x on the machine.

Install a Nagios 3.x distro on the image - both the daemon and the client should be installed on the machine.

The installation should be performed using a script invoked remotely i.e. without a need to manually ssh into the machine.

Nagios Installer Script
chk_user { 	if [ $(whoami) != "root" ] then echo -e "###### WARNING ######" echo -e "\tYou must login as root user to run this script." echo -e "\tPlease become root user using 'sudo -s' and try again." echo -e "\tQuitting Installer.....\n" sleep 3 exit 1 fi } chk_user cd /tmp wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-4.0.4.tar.gz wget http://nagios-plugins.org/download/nagios-plugins-2.0.tar.gz useradd nagios groupadd nagcmd usermod -a -G nagcmd nagios tar zxvf nagios-4.0.4.tar.gz tar zxvf nagios-plugins-2.0.tar.gz  cd nagios-4.0.4 ./configure --with-command-group=nagcmd make all make install make install-init make install-config make install-commandmode make install-webconf cp -R contrib/eventhandlers/ /usr/local/nagios/libexec/ chown -R nagios:nagios /usr/local/nagios/libexec/eventhandlers /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg /etc/init.d/nagios start echo -e "\n\n\t${txtylw}${txtbld}Please Enter the password for nagiosadmin user.${txtrst}" htpasswd -c /etc/nagios/passwd nagiosadmin sleep 1 cd /tmp/nagios-plugins-2.0 ./configure --with-nagios-user=nagios --with-nagios-group=nagios make make install chkconfig --add nagios chkconfig --level 35 nagios on chkconfig --add httpd chkconfig --level 35 httpd on IP=`/sbin/ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` echo -e "\n\tNow Nagios is ready to be used via: http://$IP/nagios" echo -e "\n\n\tInstallation of Nagios Core and the Nagios-Plugins have been finished!\n\t" exit 0
 * 1) !/bin/bash
 * 2) Script to install nagios server in Linux Servers. ####
 * 3) Installation Starts ######
 * 1) Installation Starts ######
 * 1) Download Nagios Core and Nagios Plugins Tarballs
 * 1) Adding the Nagios User and Group
 * 1) Nagios Core Installation
 * 1) Create a Default User for Web Access.
 * 1) Nagios Plugin Installation
 * 1) Nagios Service Setup
 * 1) Installation Completes. END OF SCRIPT ######
 * 1) Installation Completes. END OF SCRIPT ######

Script Deployment Options
The above script should be executed locally. Therefore a different simple remote script should include a command to scp the above script to all destination nodes, and then execute the script remotely using:

ssh sudo -s

Logging records can and should be added as needed to both scripts.

Alternatively, a central configuration management tool such as Puppet can be used to distribute and execute the script.

Task No. 3
Write a Nagios plugin.

Trusteer keeps various files in directories structured as events_storage/phishing_detected/ / / / / e.g. events_storage/phishing_detected/2010/11/02/07/53

The Nagios plugin should count the number of files in the given directory (events_storage/phishing_constant_patterns) in the last 5 minutes and report:
 * OK - if the number is greater than 100
 * WARN - if the number is between 50 and 100
 * CRITICAL - if the number is less than 50

Sample data is attached. Place it on the same machine. This step may be done manually, but please document the instructions.

Configure nagios to use this plugin. This step may be done manually.

Write a Nagios plugin.
[root@ip-172-31-21-110 tmp]# cat check_events_storage base_dir=/tmp/events_storage/phishing_constant_patterns t=0 for i in 1 2 3 4 5 ; do       d=`date +%Y"/"%m"/"%d"/"%H"/"%M"/" -d "now - $i minute"` if -d $base_dir/$d  ; then f=`find $base_dir/$d -type f | wc -l | awk '{print $1} ` else f=0 fi       let t=t+$f done case $t in [0-9][0-9][0-9]*) echo "OK - $t files found." exit 0 ;; [5-9][0-9]|100) echo "WARNING - $t files found." exit 1 ;; [0-9]|[1-4][0-9]) echo "CRITICAL - $t files found." exit 2 ;; *) echo "UNKNOWN - $t files found." exit 3 ;; esac
 * 1) !/bin/bash

Untar Sample Data Archive File
From the events_storage base directory run:

tar zxvf eventsamples.tgz

Configure nagios to use this plugin

 * As root, Copy the check sh script to /usr/local/nagios/libexec/
 * add x permissions: chmod +x /usr/local/nagios/libexec/check_events_storage

-rwxr-xr-x. 1 root root 510 Apr 29 03:37 /usr/local/nagios/libexec/check_events_storage


 * Edit command.cfg to add the new check command /usr/local/nagios/etc/objects/commands.cfg

define command{ command_name   check_events_storage command_line   $USER1$/check_events_storage }
 * 1) 'check_events_storage' command definition


 * Edit /usr/local/nagios/etc/objects/localhost.cfg to add the new service:

define service{ use                            local-service         ; Name of service template to use host_name                      localhost service_description            events_storage check_command                  check_events_storage }

service nagios restart
 * Restart the nagios service :

Task No. 4
Document all the steps and the instructions on WIKI.

pmwiki Installation
I have installed pmwiki on the ec2 node (pmwiki.org), and created a new page with this content. Please go to URL:

http://52.28.69.215/pmwiki/pmwiki.php?n=Main.IBMTrusteerAssignment

This Wiki website is locked by password for editing, unless you authenticate with the admin password.