Remote Desktop Licensing service to fail to start, with error code %%-1073672191.

The Terminal Services Licensing service cannot start. The following error occurred: Can't initialize Cryptographic - error code 5.

Sometime happens a problem with Remote Desktop Licensing services not starting. The Terminal Licensing MachineKeys have permissions for Administrators and/or TermServLicensing  but the service starts using the “Network Service” account… Why??????

You can fix the problem adding Network Service account (read only privileges it’s ok), on follow directory (you can force ownership propagation for reapply the correct privilege tree):

C:\\Documents and Settings\\all users\\Application Data\\Microsoft\\Crypto\\RSA\\MachineKeys

Then the service start, correctly.

For further information you can take a look at microsoft KB:

Default permissions for the MachineKeys folders: http://support.microsoft.com/kb/278381

http://msdn.microsoft.com/en-us/library/bb909654%28v=vs.90%29.aspx

You can disable this feature by adding this to your notes.ini and restarting the Domino server. PLATFORM\_STATISTICS\_DISABLED=1

smtpd_sasl_authenticated_header = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

dovecot.conf file Dovecot related parameters:

 auth default {
  mechanisms = plain login

[…removed irrelevance parameters…]

 socket listen {
    client {
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = postfix
      group = postfix
    }
  }
}

Authentication refused: bad ownership or modes for directory …

In most cases, potential permission problems can be solved by restricting down access to the SSH configuration files. Permission changes to the home directory might be needed, though restricted rights may break other things.

server$ chmod go-w ~/
server$ chmod 700 ~/.ssh
server$ chmod 600 ~/.ssh/authorized_keys

Get last version of squid radius auth helper at: http://www.squid-cache.org/contrib/squid_radius_auth/

Download: [leo@srv01 leo]# wget http://www.squid-cache.org/contrib/squid_radius_auth/squid_radius_auth-1.10.tar.gz

Extract:

[leo@srv01 leo]# tar -xvf squid_radius_auth-1.10.tar.gz

Go to directory:

[leo@srv01 leo]# cd squid_radius_auth-1.10

Compile:

[leo@srv01 squid_radius_auth-1.10]# make
 gcc -O2 -Wall -g   -c -o squid_rad_auth.o squid_rad_auth.c
 gcc -O2 -Wall -g -c md5.c
 gcc -O2 -Wall -g -c util.c
 gcc -g -o squid_radius_auth squid_rad_auth.o md5.o util.o

Now the installation, for my needs, I wanna keep binary into /usr/lib/squid/ and configuration file into /etc/squid/ and I don’t wanna take man files then edit Make.inc like this:

BINDIR  = /usr/lib/squid
CONFDIR  = /etc/squid
install: squid_radius_auth
mkdir -p $(BINDIR)
install -m 755 -s squid_radius_auth $(BINDIR)/squid_radius_auth
#       mkdir -p $(DESTDIR)$(MANDIR)
#       install -m 755 squid_radius_auth.8 $(DESTDIR)$(MANDIR)/squid_radius_auth$(MANEXT)
mkdir -p $(CONFDIR)
install -m 644 etc/squid_radius_auth.conf $(CONFDIR)/squid_radius_auth.conf.default
if ! test -f $(CONFDIR)/squid_radius_auth.conf; then \
cp -p $(CONFDIR)/squid_radius_auth.conf.default $(CONFDIR)/squid_radius_auth.conf; \
fi

Edit config file /etc/squid/squid_radius_auth.conf here my example:

server 10.255.X.X
secret XXXXXXXX
port 1645

Now you can test the helper, execute and then type your radius username/password on the same line separated with space, on successful authentication it will give “OK” otherwise “ERR login failure”

[leo@srv01 leo]# /usr/lib/squid/squid_radius_auth -f /etc/squid/squid_radius_auth.conf
leo xxxx
OK

Now you can made change to “squid.conf”

#  TAG: auth_param
auth_param basic program /usr/lib/squid/squid_radius_auth -f /etc/squid/squid_radius_auth.conf
auth_param basic children 5
auth_param basic realm Wide-NET-Proxy
auth_param basic credentialsttl 5 minute
auth_param basic casesensitive on

#  TAG: acl
acl radius-auth proxy_auth REQUIRED

#  TAG: http_access
http_access allow localhost
http_access allow radius-auth
http_access deny all

Firstly edit commands.cfg

And add the two following line:

define command {
command_name    notify-by-twitter
command_line    /usr/bin/curl --basic --user "twitteruser:twitterpassword" --data-ascii "status=[Nagios] $NOTIFICATIONTYPE$ $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$" http://twitter.com/statuses/update.json
}
define command {
command_name    host-notify-by-twitter
command_line    /usr/bin/curl --basic --user "twitteruser:twitterpassword" --data-ascii "status=[Nagios] $HOSTSTATE$ alert for $HOSTNAME$" http://twitter.com/statuses/update.json
}

Now define a contact for this twitter service into: contacts.cfg

define contact{
contact_name                    twitter
service_notification_commands   notify-by-twitter
host_notification_commands      host-notify-by-twitter
service_notification_period 24x7
host_notification_period 24x7
service_notification_options a
host_notification_options a
}

Add this contact into your existing contact groups like this (in contacts.cfg):

define contactgroup{
contactgroup_name       admins
alias                   Nagios Administrators
members                 nagiosadmin,sms_alert,twitter
}

Then run a nagios prefly check to ensure you have no syntax errors, and restart nagios.

the problem is I don’t want to enable the ftp service and make it available to the rest of the world just for that.

So I needs the following two options in proftpd.conf:

DefaultAddress 127.0.0.1
SocketBindTight                 on

Now restart proftpd and you’re done.

[files]
astctlpermissions => 770
astctlowner => asterisk
astctlgroup => asterisk
astctl => /var/run/asterisk/asterisk.ctl

Restart asterisk to apply changes.

Common error (wrong socket permission):

[leo@srv01 ~]$ /usr/sbin/asterisk -r
Asterisk 1.4.22-4 RPM by vc-rpms@voipconsulting.nl, Copyright (C) 1999 - 2008 Digium, Inc. and others.
Created by Mark Spencer
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
=========================================================================
Unable to connect to remote asterisk (does /var/run/asterisk/asterisk.ctl exist?)
[leo@srv01 ~]$

# watch -n 5 'exim -bp | exiqsumm |grep TOTAL'

# ssh-keygen -q -f /etc/ssh/ssh_host_key -N '' -t rsa1

For SSH2 protocol, you need two keys, one rsa key and one dsa key generated has follow:

# ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa # ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa

Simple and very useful example is “Cool Stack” a web deployment packge include most commonly used free and open source applications, recompiled to deliver a 30 to 200 percent performance improvement over standard binaries compiled with GCC.

Cool Tools.

Per ovviare a questo problema ecco come fare: -Prima di tutto installate i support tools, dove sono? Inserite il cd nella directory \Support\Tools trovate un pacchetto suptools.msi -Ora potete procedere:

Definizione dello scenario in questo caso un server con windows con i seguenti ip: xxx.xxx.xxx.xxx (destinato a iis) yyy.yyy.yyy.yyy (destinato ad altro webserver)

from cmd (support tool shell):

 #settiamo l'ip in ascolto di iis
 httpcfg set iplisten -i xxx.xxx.xxx.xxx
 #eliminiamo l'ascolto di iis su questo ip
 httpcfg delete iplisten -i yyy.yyy.yyy.yyy
 #verifichiamo di non aver fatto errori
 httpcfg query iplisten
 #riavviamo il tutto per rendere effettive le modifiche
 net stop http /y
 net start w3svc

Nota: queste operazioni sono testate su IIS6 quindi sulle piattaforme Windows 2003 (tutte le versioni) non posso garantire il funzionamento identico su 2008

Partiamo installando quello che ci serve:

#apt-get install tomcat5.5 tomcat5.5-admin sun-java5-jdk tomcat5.5-webapps

Attenzione, se l’installazione debian di default sicuramente non trovo il java jdk, è necessario quindi aggiungere il repository non-free, in apt editando in questo modo: /etc/apt/source.list

deb http://your-mirror-url/debian/ lenny main non-free
deb-src http://your-mirror-url/debian/ lenny main non-free

Configurare il sistema per utilizzare java

srv01#update-alternatives --config java

There are 2 alternatives which provide ‘java’.

Selection Alternative ---——————————————– 1 /usr/lib/jvm/java-1.5.0-sun/jre/bin/java \*+ 2 /etc/alternatives/kaffe-system/bin/java

Press enter to keep the default[*], or type selection number:

digitiamo 1 per attivare /usr/lib/jvm/java-1.5.0-sun/jre/bin/java

Definiamo il runtime java specifico installato e reso di default nel sistema come da step precendenti, editando il file /etc/default/tomcat5.5 e aggiungendo:

JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun/

Definiamo ora gli utenti per l’interffaccia di gestione editando il file /var/lib/tomcat5.5/conf/tomcat-users.xml e creando una struttura simile:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="standard"/>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="tomcat" password="pwd" roles="tomcat,admin"/>
<user username="both" password="pwd" roles="tomcat,role1"/>
<user username="role1" password="pwd" roles="role1"/>
<user username="leo" password="pwd" fullName="leonardo" roles="standard"/>
<user username="manager" password="pwd" fullName="" roles="manager"/>
</tomcat-users>

In questo caso sono definiti 3 utenti, due principali e uno definito dall’utente (manager, admin, leo)

Fatto questo avviamo tomcat o riavviamolo se già attivo:

srv01#/etc/init.d/tomcat5.5 start o restart

Di default il server è in ascolto sulla porta 8180 quindi per accedere andare all’indirizzo:

http://ipserver:8180/

Nota: nel mio caso ho usato il pacchetto jdk5 che contiene il java 1.5.0 è disponibile anche a scelta il pacchetto 1.6.0 ovviamente di chiama jdk6

If you have not created any subversion repositories yet, you can create one with svnadmin:

# svnadmin create ~/my-repository

• Tweaking svnserve.conf

Open up and edit the svnserve.conf file located in the $HOME/my-repo/conf/ directory.

Sample $HOME/my-repo/conf/svnserve.conf

[general]

# Path to the file containing svn users and passwords.
password-db = $HOME/my-repo/conf/passwd

# Authentication realm of the repository. Two repositories using the
# same password-db should have the same realm.
realm = My-test-repository

# Deny all anonymous access
anon-access = none

# Grant authenticated users read and write privileges
auth-access = write

• Setting up password authentication

Open up and edit the password-db file (ie. $HOME/my-repo/conf/passwd). A sample entry might look like this:

[users]
user1 = password1
user2 = password2

• Starting up the server

Run the server by invoking svnserve with the -d switch (daemon mode) and –listen-host 1.2.3.4 (substituting 1.2.3.4 for your v-host IP address).

# svnserve -d --listen-host 1.2.3.4 -r $HOME/my-repo

To ensure that your svnserve gets started whenever the server is booted, you must add a @reboot line to your crontab. Use the crontab -e command to bring up your crontab in your favorite text editor and add the following line:

@reboot svnserve -d --listen-host 1.2.3.4 -r $HOME/my-repo

• Testing the server

To test the server’s functionality, you can create a working copy of your repository using your shell. The checkout command will create a working copy of the repository:

# svn co svn://your-domain.com/$HOME/my-repo my-working-dir
# cd my-working-dir
# echo "foo bar" test-file
# svn add test-file
# svn remove test-file
# svn commit

If you have not created any Subversion repositories yet, you can create one with svnadmin:

# svnadmin create ~/my-repository

Adding mod_dav_svn to your httpd

# a2enmod mod\_dav\_svn

If you plan to use fine-grained permissions, load mod_authz_svn.so as well:

# a2enmod mod_authz_svn

• Configuring access to repositories

HTTP access to your repositories is defined using a <Location> section in your httpd.conf.

<Location /myproject>
DAV svn
SVNPath /home/myself/myrepos/myproject
AuthType Basic
AuthName "My project"
AuthUserFile /home/myself/private/myproject.pw
Order deny,allow
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>

This entry would grant read-only access to everyone and write access to every user AuthUserFile. You can use the htpasswd utility to create or update this file, as described here.

The next entry grants read/write access to users in the AuthUserFile, and no access to anyone else.

<Location /myproject>
DAV svn
SVNPath /home/myself/myrepos/myproject
AuthType Basic
AuthName "My project"
AuthUserFile /home/myself/private/myproject.pw
Order deny,allow
Require valid-user
</Location>

The previous examples all define access on a per-repository basis. It is also possible to grant access from specific users to specific areas of the repository, using fine-grained permissions.

• Testing the repository

Using either a remote Subversion client or the standard svn command from your shell, you can generate your working copy of the repository with the checkout command. If you are accessing public data over a read-only account, you can use a standard http URL:

# svn co http://your-domain/myproject/

If you are accessing private data or using a read/write account, make sure to use an https URL:

# svn co https://your-domain/myproject/

The contents of public repositories are also accessible from a web browser. Keep in mind that search engines will try to index any public data, so you may want to use a robots.txt file.

• Using fine-grained permissions (optional)

You can allow or deny specific users read/write privileges on specific items within a repository using AuthzSVNAccessFile. If you use this directive, make sure the mod_authz_svn module is loaded.

<Location /repos>
DAV svn
SVNPath /home/myself/myrepos

# Access Control via the authz module.
AuthzSVNAccessFile /home/myself/private/myrepos.acl
# Anonymous access is allowed. Prompt as needed.
Satisfy Any
Require valid-user
AuthType Basic
AuthName "My subversion repositories"
AuthUserFile /home/myself/private/myrepos.pw
</Location>

The file specified in AuthzSVNAccessFile is a plain text file which defines fine-grained access lists. Note that all path names specified are relative to the SVNPath.

#
# Allow anonymous read access to everything by default.
#
[/]
\* = r

#
# Grant alice and bob write access to all of /myproject1/.
#
[/myproject]
\* = r
leo = rw
temp = rw

#
# Grant carol and charlie write access to only /myproject/foo
#
[/myproject/foo]
leo= rw
temp = rw

# mysqladmin -u root password NEWPASSWORD

However, if you want to change (or update) a root password, then you need to use following command

# mysqladmin -u root -p oldpassword newpass

Enter password: Change MySQL password for other user To change a normal user password you need to type (let us assume you would like to change password for leo):

# mysqladmin -u leo -p oldpassword newpass

Changing mysql root user password using mysql sql command This is another method. mysql stores username and passwords in user table inside mysql database. You can directly update password using the following method to update or change password for user leo:

1. Login to mysql server, type following command at shell prompt:

# mysql -u root -p

2. Use mysql database (type command at mysqlprompt):

mysqluse mysql;

3. Change password for user leo:

mysqlupdate user set password=PASSWORD("NEWPASSWORD") where User='leo';

4. Reload privileges:

mysqlflush privileges;
mysqlquit

Per risolvere:

#/etc/proftpd/proftpd.conf
IdentLookups no

• Stop IIS from command line

iisreset /STOP

• Open MetaBase file, find the variable AspMaxRequestEntityAllowed limits the number of bytes in the page request (by default 200KB); change the value to 1073741824 (unlimited) or to a limit of your choice.

• Start IIS from command linet:

iisreset /START

There’s another way for do this change without stop the service but sincerly IIS is a Microsoft program, I’m no sure about this operation..

Go to IIS and right click the server, select Properties, and check the box “Allow changes to MetaBase configuration while IIS is running” then try to edit metbase file.

root@tardis:~# `mysqldump --database dbname > name_db.sql -u root -p`

Queste sono opzioni utili:

–quick: effettua il dump direttamente sullo standard output; –add-drop-table: inserisce le istruzioni di eliminare le tabelle esistenti prima di ricrearle; –add-locks: blocca gli inserimenti; –lock-tables: blocca la lettura;

Per fare un restore del singolo database:

root@tardis:~# `mysql --one-database dbname < name_db.sql -u root -p `

1. Stoppare il server mysql solitamente una cosa del genere dovrebbe bastare:

root@tardis:~# /etc/init.d/mysql stop

2`. Avviare una sessione del demone mysql con il parametro “skip grant table”

root@tardis:~# mysqld\_safe --skip-grant-tables

3. A questo punto è possibile collegarsi al server senza che richieda credenziali quindi:

 root@tardis:~# mysql
 >

4. Reipostiamo direttamente nella tabella del db la password di root:

mysql> UPDATE mysql.user SET Password=PASSWORD('NewPass') WHERE User='root';
mysql> FLUSH PRIVILEGES;

5. Stoppiamo il demone avviato con il “skip grant table” e riavviare quello corretto:

root@tardis:~# /etc/init.d/mysql start

Ecco quello che serve per partire, è necessario avere questi 3 pacchetti:

• Il server TFTP dove risiederanno le immagini di boot.
• Il server DHCP per distribuire gli indirizzi e i parametri PXE
• Il dnsmasq questo servirà ad installazione avviata per recuperare i pacchetti dal repository

1. Quindi prima cosa installiamo:

root@tardis:~/apt-get install tftpd-hpa dhcp3-server dnsmasq

2. Abilitiamo il server tftp con questi passaggi:

Editiamo: /etc/default/tftpd-hpa

Modificando questo parametro: RUN_DAEMON="no" in questo: RUN_DAEMON="yes" Io mi sono creato per comodità un link simbolico alla root del tftp in /

root@tardis:~# ln -s /var/lib/tftpboot /tftp-root

Ora di può far partire il servizio:

root@tardis:~# /etc/init.d/tftpd-hpa start

3. Abilitiamo il server dhcp:

Editiamo questo file: /etc/dhcp3/dhcpd.conf

Inserendo queste righe:

 option domain-name-servers 192.168.10.50;
 default-lease-time 86400;
 max-lease-time 604800;
 authoritative;

 subnet 192.168.10.0 netmask 255.255.255.0 {
 range 192.168.10.10 192.168.1.20;
 filename "pxelinux.0";
 next-server 192.168.10.50;
 option subnet-mask 255.255.255.0;
 option broadcast-address 192.168.1.255;
 option routers 192.168.10.50;
 }

Ora di può far partire il servizio:

root@tardis:~# /etc/init.d/dhcpd-server start

4. Abilitiamo il dnsmasq

Editiamo questo file: /etc/dnsmasq.conf

dhcp-boot=pxelinux.0,tardis,192.168.10.50

Ora di può far partire il servizio:

root@tardis:~# /etc/init.d/dnsmasq start

5. Routing:

Questa parte ci serve per fare il get dal repository usando il portatile da router.

root@tardis:~# echo 1 > /proc/sys/net/ipv4/ip_forward

6. Prepariamo il repository locale:

root@tardis:~# cd /tftp-root
root@tardis:~# wget http://ftp.nl.debian.org/debian/dists/etch/main/installer-i386/current/images/netboot/netboot.tar.gz
root@tardis:~# tar xvf netboot.tar.gz

Con questa operazione creaiamo il repository per il boot normale senza opzioni, eventuali parametri andranno specificati manualmente.

Ora collegando una macchina da installare con il pxe abilitato, prederà l’ip dal server dhcp e caricherà l’immagine di boot tramite tftp!

/etc/mysql/debian.cnf

Questo è necessario se usate il sitema APT per gestire gli aggiornamenti dei servizi, in caso contrario non ha senso di esistere.

http://megastep.org/makeself/

Comando per estrarre la chiave:

# openssl pkcs12 -nocerts -in cert.p12 -out key.pem

Comando per estrarre il certificato:

# openssl pkcs12 -nokeys -in cert.p12 -out cert.pem

Comando per decriptare la chiave, questo serve per evitare di reinserire tutte le volte che si usa la chiave, la password rsa:

# openssl rsa -in key.pem -out decryptkey.pem

L’installazione è stata effettuato con successo usando Debian Etch 4.0r5 e CentOS 5.2 inutile dire che tutte le operazio che seguiranno dovranno essere fatte da utente ‘root’

1. Prepariamo quello che ci serve per la compilazione:

tardis:~# aptitude -y install build-essential libmysqlclient-dev libssl-dev libsnmp-dev libiksemel-dev libcurl3-dev

tardis:~# apt-get install snmp libiksemel3 libcurl3 libsnmp-base libmysqlclient15off

2. Scarichiamo i sorgenti, e procediamo con scompattazione:

tardis:~# wget http://garr.dl.sourceforge.net/sourceforge/zabbix/zabbix-1.6.1.tar.gz
tardis:~# tar zxvf zabbix-1.6.1.tar.gz
tardis:~# cd zabbix-1.6.1

3. Configurazione e compilazione, in questo caso verà compilato oltre all’agente dedicato a discovery e al monitoraggio, anche il server che ha la funzione di raccogliere di dati dai vari agent, gestire gli allarmi e le operazioni di cordinameto:

tardis:~# ./configure --prefix=/usr --with-mysql --with-net-snmp --enable-server --enable-agent --enable-ipv6 --with-jabber
tardis:~# make

Ora una piccola nota, se compilaste direttamente su macchine di produzione a questo punto basterebbe fare un ‘make install’ non avendo gli strumenti dedicati, è necessario spostare il compilato sulla macchina dedicata e procedere a mano, quindi (questa fase è da eseguire sulla macchina di produzione che dovrà avere a bordo Apache2, PHP5, Mysql5 già funzionanti):

4. Creiamo utente e gruppo dedicato:

 groupadd zabbix
 useradd -c 'Zabbix' -d /home/zabbix -g zabbix -s /bin/bash zabbix
 mkdir /home/zabbix
 chown zabbix:zabbix /home/zabbix

5. Creiamo database e utente dedicato in mysql server:

mysql -p -u root create database zabbix; grant all on zabbix.* to ‘zabbix’@’localhost’ identified by ‘changeme’; quit;

6. Popoliamo le tabelle del database:

 server:~/zabbix-1.6.1# mysql -u root -p zabbix  < create/schema/mysql.sql
 server:~/zabbix-1.6.1# mysql -u root -p zabbix < create/data/data.sql
 server:~/zabbix-1.6.1# mysql -u root -p zabbix < create/data/images_mysql.sql

7. Creaiamo una struttura di directory dedicata, questa soluzione potrebbe risultare noiasa, ma durante le operazioni di aggiornamento e manutenzione sarà molto più comodo e veloce:

 server:~# mkdir /usr/share/zabbix
 server:~# mkdir /usr/share/zabbix/sbin
 server:~# mkdir /usr/share/zabbix/etc
 server:~# mkdir /usr/share/zabbix/frontends

8. Con i seguenti passaggi creaiamo un link simbolico delle /etc di zabbix alla /etc di sistema, copiamo il frontend php nella directory dedicata, e infine copiamo gli esguibili compilati che ci servono:

 server:~/zabbix-1.6.1# ln -s /usr/share/zabbix/etc/ /etc/zabbix
 server:~/zabbix-1.6.1# cp -r frontends/php/* /usr/share/zabbix/frontends

 server:~/zabbix-1.6.1# cp src/zabbix\_agent/zabbix_agent /usr/share/zabbix/sbin/zabbix_agent
 server:~/zabbix-1.6.1# cp src/zabbix\_agent/zabbix_agentd /usr/share/zabbix/sbin/zabbix_agentd
 server:~/zabbix-1.6.1# cp src/zabbix_server/zabbix_server /usr/share/zabbix/sbin/zabbix_server

9. Configuriamo i file di init.d copiandoli e aggiustando i path

server:~/zabbix-1.6.1# cp misc/init.d/debian/* /etc/init.d/

Modificate entrambi gli script aggiustando i path in particolare questa riga:

da così: DAEMON=/home/zabbix/bin/${NAME} deve diventare così: DAEMON=/usr/share/zabbix/sbin/${NAME}

10. Aggiungiamo la definizione delle porte usate da zabbix nei /etc/services

echo > " zabbix_agent 10050/tcp # Zabbix ports zabbix_trap 10051/tcp" /etc/services

11. Copiamo le configurazioni di default e apportiamo le modifiche di base:

server:/zabbix-1.6.1# chown -R zabbix:zabbix /usr/share/zabbix/etc server:/zabbix-1.6.1# cp misc/conf/zabbix_* /usr/share/zabbix/etc

Editiamo il file: zabbix_agentd.conf e assicuriamoci che ci sia la seguente riga

Server=127.0.0.1

Editiamo zabbix_server.conf

 max_execution_time = 300
 date.timezone = UTC
 DBHost=localhost
 DBName=zabbix
 DBUser=zabbix
 DBPassword=changeme

12. Apache e PHP

Nel file php.ini è necessario avere i seguenti parametri definiti:

 max_execution_time = 300
 date.timezone = UTC

La configurazione di apache è abbastanza a discrezione dell’amministratore si può fare in due modi:

Creando un vhost dedicato:

 <virtualhost>
 ServerName zabbix.domain.tld
DocumentRoot /usr/share/zabbix/frontends
 <directory>
 Options FollowSymLinks
 AllowOverride None
 </directory>
 </virtualhost>

Oppure creando un’alias in una vhost già definito:

<IfModule mod\_alias.c>
 Alias /zabbix /usr/share/zabbix/frontends
</IfModule>

13. Ora se tutto è stato fatto correttamente avviando i servizi e aprendo la pagina web si potrà procedere con la rapiada configurazione del frontends e poi all’uso ma prima i seguenti comandi:

/etc/init.d/apache2 restart
/etc/init.d/zabbix-server start
/etc/init.d/zabbix-agent start

Allora con buona probabilita’ manca una direttiva nella configurazione globale o nella singola del vhost:

<Directory "/var/www/">
 Options None
 AllowOverride None
 Order allow,deny
 Allow from all
</Directory>

Could not load host key: /etc/ssh/ssh_host_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key

Con questi comandi si generano le chiavi host:

ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key