Homework 5 DNS 、 HTTPD 、 SNMP

Requirements One dedicated domain name for yourself Setup DNS server with following records  SOA, NS, MX  Make them reasonable NS Delegation (with team mates)  Dedicate a sub domain to each of your team mates  Building a slave server for your team mate  And a stub server for another team mate  Updates should be synchronized Reverse resolution for your NAT  x.0/24 for each of team mates

Requirements (Cont.) slave stub a.nctucs.net a.a /24 b.nctucs.net b.b /24 c.nctucs.net c.c /24

Requirements (Cont.) View  Create view.example.csie.net A record: Queries from /24:  view.example.csie.net A Otherwise, get your normal ip Logging  Record all records to /var/log/named.log  Do log rotate  Note: you will be asked for explaining the what does the log entry means in named.log

Requirements (Cont.) SPF/DomainKeys record for your server  Add resonable SPF/DomainKeys records  Configure your mail system to support these feature SSHFP record for your server  Make a reasonable setting

Requirements (Cont.) Dynamic DNS update  Your DNS should accept the update requests from and your team mates  You should know how to update a dns record Management  Your DNS server should support TSIG and allow the connection from  Your DNS server should only allow the AXFR request from  Only allow recursion query from your team mates and

Appendix Use ldap as backend database  dns/bind9-sdb-ldap   SPF setup wizard  DKIMproxy 

HTTPD

Requirements HTTPD  apache, lighttpd, nginx, etc..  PHP with fastcgi  HTTPS  Virtual Hosts  Reverse Proxy

SNMP

Requirement – Tools Goal – Implement simple SNMP agent and SNMP trapd for system resource monitoring Prerequisites – SNMP Software net-mgmt/net-snmp – Graphing tool databases/rrdtool – Perl module Net::SNMPTrapd(install it from CPAN by root) NetSNMP::agent(embedded on Net-snmp)

Requirement – SNMP Agent Functions of SNMP agent  get  set  getnext(bonus)  Auto trigger the trap if resource limit exceeded (every 30s) To get system resources  CPU/Memory/Disk usage  Network flow(incoming/outgoing)  Any resources you want(bonus)

Requirement – SNMP Trapd SNMP trapd  When server receives SNMP trap from client, then sends a mail to manager SNMP collecter agent SNMP trapd agent SNMP trap SNMP request SNMP agent:SNMP trapd:

Requirement – Front End Graphing  Multiple items with one graph

Introduction to RRDtool RRDtool was written by Tobi Oetiker, the author of MRTG Round Robin Database(RRD) Command line based Bindings exist for Perl, Python, Ruby, Tcl, PHP and Lua

RRDtool – QuickStart Part of functions(man rrdtool)  create Set up a new Round Robin Database (RRD).  update Store new data values into an RRD  graph Create a graph from data stored in one or several RRDs  dump Dump the contents of an RRD in plain ASCII Flow Fetch data update graphing Create RRD file

Define Data Sources (Inputs) DS:cpu:COUNTER:600:0:  DS = Data Source  cpu = variable name  COUNTER, GAUGE = variable type  600 = heartbeat, UNKNOWN returned for interval  0: = MIN:MAX, limits on variable

Define Archives (Outputs)‏ RRA:AVERAGE:0.5:1:24  RRA = Round Robin Archive  AVERAGE, MIN, MAX, LAST = consolidation function  0.5 = xfiles factor  1:24 = this RRA keeps each sample (average over one 5 minute primary sample), 24 times (which is 2 hours worth)‏ Ps. All depends on step size which defaults to 5 minutes

RRDtool – Create and Update // create.sh #!/bin/sh rrdtool create cpu.rrd -s 300 \ DS:rs:GAUGE:600:0: \ RRA:AVERAGE:0.5:1:603 \ RRA:AVERAGE:0.5:6:603 \ RRA:AVERAGE:0.5:24:603 \ RRA:AVERAGE:0.5:288:800 \ RRA:MAX:0.5:1:603 \ RRA:MAX:0.5:6:603 \ RRA:MAX:0.5:24:603 \ RRA:MAX:0.5:288:800 // update.sh data1=`hexdump -n4 -e\"%u\" /dev/random` data1c=`expr $data1 % 100` ${RRD_CMD} update ${CPU_RRD} ${NOW}:${data1c}

RRDtool – Graph // update.sh for t in H d w m y do ${RRD_CMD} graph ${IMAGE_PATH}/rs-${t}.png \ --title "NA rrdtool example " \ DEF:rs=${CPU_RRD}:rs:AVERAGE \ COMMENT:" \n" \ LINE1:rs#0055ff:"item1" \ GPRINT:rs:AVERAGE:"%6.0lf \n" \ -v "left (%%)" -l 0\ -Y -X b -h 250 -w 500 -s `date -v -1${t} +%s` done

Appendix Using CPAN with a non-root account – How to use rrdtool? – – rrdtool 中文教學 How to know OID is for? MIB browser Installation notes of NetSNMP – Configuration options [X] PERL Install additional perl modules [X] PERL_EMBEDDED Build embedded perl – Simply configure your /usr/local/share/snmp/snmpd.conf