Re: network monitoring
Hi Martin, I am a little confused with your requirements - On the one hand, you are happy to install via nfs, but on the other hand, you want monitoring done via 'ssh'? If you really need this much security, you should probably look at implementing ALL your connections via IPSEC - and possibly look at storing your ssl keys on a floppy, or usb stick as someone else suggested. Nagios mainly uses SNMP to pull its data - authenitcated but not encrypted. Big Sister - Have heard its similar to big brother - simple to set up (compared to nagios) and for your small network should be more than adequate. Big Brother (and probably big sister) have client software that runs on each machine that sends the status info back to the display server. Either way, if you really need such tight encryption, IPSEC. To be honest, I don't know what sort of data you have running on these boxes, but I would create a relatively secure gateway, and have my cluster behind this. This way you could possibly reduce your internal secuity requirements, and not need encryption everywhere. Just make sure you back up your data regularily All logins via the gateway - squid access to the internet from the cluster network. Regards Andrew On Saturday 30 October 2004 14:54, martin f krafft wrote: also sprach Markus Oswald [EMAIL PROTECTED] [2004.10.30.1442 +0200]: How big is your cluster and what do you want to monitor? 40 nodes, and I basically need availability and ssh. Have you already looked at Nagios? (http://www.nagios.org) No. I will. You'll have to write a few configuration files for all the services and each client you want to monitor, but if all nodes in the cluster are similar, it wont be too much work... Mh, I *hate* writing configuration files under time pressure... :) Thanks, -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: network monitoring
also sprach Andrew Miehs [EMAIL PROTECTED] [2004.10.31.0907 +0100]: On the one hand, you are happy to install via nfs, but on the other hand, you want monitoring done via 'ssh'? Well, I agree that NFS is somewhat of a kludge. However, I want SSH to contact the servers to execute commands to prevent that someone else just executes them without authenticating. If you really need this much security, you should probably look at implementing ALL your connections via IPSEC - and possibly look at storing your ssl keys on a floppy, or usb stick as someone else suggested. Hey, IPsec is a good idea. I will be looking into that. Does anyone have stats on NFS over IPsec? These are 2 GHz machines... Nagios mainly uses SNMP to pull its data - authenitcated but not encrypted. Big Sister - Have heard its similar to big brother - simple to set up (compared to nagios) and for your small network should be more than adequate. Big Brother (and probably big sister) have client software that runs on each machine that sends the status info back to the display server. Yeah, but I want a pulll approach, not a push approach! To be honest, I don't know what sort of data you have running on these boxes, Nothing special. but I would create a relatively secure gateway, and have my cluster behind this. Done. This way you could possibly reduce your internal secuity requirements, and not need encryption everywhere. Just make sure you back up your data regularily The problem is people plugging laptops in on the cluster side. All logins via the gateway - squid access to the internet from the cluster network. I think I am going to make IPsec mandatory. That's the best way probably to shield the local network. Thanks for the pointer. I did not think about it myself. Doh! -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! signature.asc Description: Digital signature
Re: network monitoring
Nagios mainly uses SNMP to pull its data - authenitcated but not encrypted. That is just wrong. Nagios uses whatever you want to pull its data, if you can script it, you can do it. Personally, I mainly use SSH to execute Nagios plugins on remote servers. That's built-in in the nagios-plugins (the plugin check_by_ssh). You can use SNMP, you can use NRPE, which is a special service, I even got RSH-Support working (through my own script). pgpsARxKuIjkB.pgp Description: PGP signature
Re: network monitoring
On Sunday 31 October 2004 14:17, martin f krafft wrote: This way you could possibly reduce your internal secuity requirements, and not need encryption everywhere. Just make sure you back up your data regularily The problem is people plugging laptops in on the cluster side. If people have physical access to your machines/ network hardware you will not be able to find a 100% fool proof solution. If people have console access to the machines they can boot via cd, and copy off all your key files. You will probably find that locking up your hardware behind a big steel door is the easiest, cheapest solution. :-( IPSec will help, but only as long as people can't get at the key files. Some switches allow you to allow only certain MAC addresses - some (i imagine) will probably allow you to have a port automatically disable itself, should a link go down. The question is HOW secure does it really need to be. As for Nagios vrs Big Brother - Big Brother (Big Sister I havent used - should be the same though) is easier to configure and get up and running. Writing your own scripts for big brother though is a pain, (or was a pain) as you have to implement your own routines that parse the 'bbhosts config file'. Nagios is a great tool as well, but has a little bit steeper learning curve - including for the user / operator. (My personal opinion). As for the push or pull - I'm not really convinced that it makes a difference. If Big Brother sees that it hasnt received an update in the last 5 minutes, the host is marked as bad - purple - and can send you emails based on this. Regards Andrew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: network monitoring
Sorry Mike, You are correct - I should have said 'I use nagios for SNMP'... I have too many other boxes that don't speak 'ssh' and as such, try and use one method for all of them. In my environment, I do not pass any data (health data) which needs encryption, so SNMP is perfect for my requirements. Regards Andrew On Sunday 31 October 2004 15:25, Mike Gerber wrote: Nagios mainly uses SNMP to pull its data - authenitcated but not encrypted. That is just wrong. Nagios uses whatever you want to pull its data, if you can script it, you can do it. Personally, I mainly use SSH to execute Nagios plugins on remote servers. That's built-in in the nagios-plugins (the plugin check_by_ssh). You can use SNMP, you can use NRPE, which is a special service, I even got RSH-Support working (through my own script). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: network monitoring
On Sun, Oct 31, 2004 at 02:17:35PM +0100, martin f krafft wrote: Nagios mainly uses SNMP to pull its data - authenitcated but not encrypted. Big Sister - Have heard its similar to big brother - simple to set up (compared to nagios) and for your small network should be more than adequate. Big Brother (and probably big sister) have client software that runs on each machine that sends the status info back to the display server. Yeah, but I want a pulll approach, not a push approach! take a look at mon. it's a framework for monitoring systems and sending alerts via email, sms, or whatever. it comes with many scripts to test availability of common services (like smtp, ftp, http, etc), and can test pretty much anything as long as you can write a script to do the test. Package: mon Priority: extra Section: admin Installed-Size: 800 Maintainer: Roderick Schertler [EMAIL PROTECTED] Architecture: i386 Version: 0.99.2-7 Depends: perl, libmon-perl (= 0.10), libtime-period-perl, libtime-hires-perl, libc6 (= 2.3.2.ds1-4) Suggests: fping, libauthen-pam-perl, libfilesys-diskspace-perl, libnet-perl, libnet-dns-perl, libnet-ldap-perl, libnet-telnet-perl, libsnmp-perl, libstatistics-descriptive-perl Filename: pool/main/m/mon/mon_0.99.2-7_i386.deb Size: 177160 MD5sum: 35d62495d9befa374227ffae9a9e3b91 Description: monitor hosts/services/whatever and alert about problems mon is a tool for monitoring the availability of services. Services may be network-related, environmental conditions, or anything that can be tested with software. If a service is unavailable mon can tell you with syslog, email, your pager or a script of your choice. You can control who gets each alert based on the time of day or day of week, and you can control how often an existing problem is re-alerted. . More information can be found at http://www.kernel.org/software/mon/. craig -- craig sanders [EMAIL PROTECTED] (part time cyborg) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: network monitoring
On Sat, Oct 30, 2004 at 02:25:02PM +0200, martin f krafft wrote: I would like to monitor all the nodes of a cluster, but I am rather pressed for time so that I cannot investigate all the options. I tried spong, but it's pretty bad especially because it requires changes to the client to specify which tests to run. Ideally, a network monitoring system should consist of a client (running on the master), and servers on all nodes, which can then do as the client instructs. Obviously, this should be within limits, and strongly authenticated. Maybe SSH would work for this. So my question is: which network monitoring system would you recommend, given my requirements? Another good tool that has not been mentioned yet is ganglia-monitor package. It is designed for use on clusters, and makes use of rrd to graph data over time. I use this tool along with nagios for alerts. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PERSONAL LOAN - Kredit Tunai Tanpa Agunan
--__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com {\rtf1\ansi\ansicpg1252\deff0\deflang1057{\fonttbl{\f0\fswiss\fcharset0 Courier New;}{\f1\froman\fcharset0 Times New Roman;}{\f2\fswiss\fcharset0 Arial;}}
\viewkind4\uc1\pard\sb100\sa100\b\f0\fs20 APLIKASI PERSONAL LOAN\f1\fs24\line\b0\par
\pard\tx0\tx959\tx1918\tx2877\tx3836\tx4795\tx5754\tx6713\tx7672\tx8631\b\f0\fs20 DATA PRIBADI\par
\b0 Nama (sesuai KTP/PASPOR) : \b Lukito Bayu Aji\b0\par
Tanggal Lahir : \b 23 Maret 1977\b0\par
Jenis Kelamin (Pria/Wanita) : \b Pria\par
\b0 No. KTP/PASPOR : \b 32.03.73.1006/7977/8247656\b0\par
Status Pernikahan (Lajang/Menikah/Cerai) : \b Lajang\par
\b0 Jumlah anak : \b -\par
\b0 Pendidikan Tertinggi (SMP/SMA/Akadm/D3/Universitas) : \b Universitas S1\par
\b0 Status Rumah (Sewa/Kost/Mess/Rmh Instansi/Milik Sendiri/Milik Keluarga) :Milik Keluarga\par
Lama Menempati : \b 12\b0 Tahun \b 10\b0\tab Bulan\par
Alamat Rumah : \b Jl. Pendawa I No. 28 Depok II Tengah Depok\b0\par
\tab RT/RW :\tab\b 03/23\b0\tab\tab\tab Kode Pos : \b 16411\b0\par
Telepon Rumah : ( \b 021\b0 )\b 770-1857\b0\par
Hand Phone :\b 0816631988\b0\par
Alamat Email :\b [EMAIL PROTECTED]
Nama Gadis Ibu Kandung :\b Retno Ambarwati\b0\par
DATA PEKERJAAN DAN PENGHASILAN\par
Nama Perusahaan :\b PT. Grasia Unisarana\b0\par
Alamat Perusahaan :\b Menara Kadin Lt.20 Jl. HR. Rasuna Said Kav 2-3 Kuningan Jaksel\par
\b0 Kode Pos : \b 45511\par
\b0 Telepon Kantor : ( \b 021 \b0 )\b 5274680\b0\tab\tab\tab\tab ext :\tab Direct : (\b 151\b0 )\par
Fax Kantor : ( \b 021\b0 )\b 5274687\par
\b0 Jenis Perusahaan (Asing/Lokal) :\b Lokal\b0\par
\pard\tx959\tx1918\tx2877\tx3836\tx4795\tx5754\tx6713\tx7672\tx8631 Pekerjaan (PNS/Swasta/Wiraswasta/Profesional/BUMN) :\b Swasta \b0\par
\pard\tx0\tx959\tx1918\tx2877\tx3836\tx4795\tx5754\tx6713\tx7672\tx8631 Jenis Usaha :\b Asuransi\b0\par
Jabatan :\b Senior Staff IT\b0\par
Lama Bekerja :\b\tab 3\b0\tab Tahun\tab\b 11\b0 Bulan\par
Nomor Induk Pegawai : \b 0604\par
\b0 Department : \b IT\b0\par
Gaji Kotor Per-Bulan : Rp. \b 2.150.000\b0\par
Penghasilan Lain Per-Bulan : Rp. \b 1.750.000\b0\par
Total Penghasilan Per-Bulan : Rp. \b 2.900.000\b0\par
Nama Atasan Langsung : \b Jimmy Sutanto\b0\par
% Kepemilikan : \b WARNET\b0\par
Omset Per-Bulan : Rp. \b 3.750.000\b0\par
No. SIUP : -\par
No. NPWP Pribadi :-\par
Tahun Berdiri : \b 2001\b0\par
Jumlah Karyawan : \b 3 orang\b0\par
DATA PASANGAN\par
Nama :\par
Pekerjaan :\par
Nama Perusahaan :\par
Alamat Perusahaan :\tab\tab\tab\tab\tab Kode Pos :\par
Telepon Kantor : ( )\par
DALAM KEADAAN DARURAT. KELUARGA TIDAK SERUMAH YANG DAPAT DIHUBUNGI\par
Nama Lengkap : \b Listya Wardhani\b0\par
Hubungan : \b Kakak Kandung\b0\par
Alamat Rumah :\b Jl. H. Naim I No. 28\b0\par
\tab RT/RW :\tab\b 12/18\b0\tab\tab\tab Kode Pos :\b 15142\b0\par
Telepon Rumah : (\b 021\b0 )\b 7205232\b0\par
DATA REKENING BANK\par
Nama Bank :\b BANK MANDIRI\b0\par
Jenis Rekening :\b TABUNGAN \b0\par
No. Rekening : \b 124-000100\b0\par
Tahun Dibuka : \b 2001\b0\par
\pard\sb100\sa100\f1\fs24\line\f0\fs20 Pernah Menerima Fasilitas Personal Loan ABN AMRO Bank (Ya/Tidak) ? \b Tidak\b0\f1\fs24\line\par
\pard\tx0\tx959\tx1918\tx2877\tx3836\tx4795\tx5754\tx6713\tx7672\tx8631\f0\fs20 DATA KARTU KREDIT\par
Bank Penerbit : \b DANAMON\b0\par
Limit Kartu : \b 5 juta\b0\par
Tahun Dibuka : \b 2002\b0\par
No. Kartu : \b 5577-9092-8338-7003\b0\par
Bank Penerbit : \b CITIBANK\b0\par
Limit Kartu : \b 5 juta\b0\par
Tahun Dibuka : \b 2002\b0\par
No. Kartu : \b 5421-7701-2713-3237\b0\par
DATA PERMOHONAN PINJAMAN\par
Berapa Jumlah Yang Diminta ? Rp. \b 8.000.000.-\b0\par
Jangka Waktu Pinjaman (1/2/3 Tahun) : \b 3 th\b0\par
Alamat Pengiriman Informasi Pinjaman (Rumah/Kantor) : \b Rumah\b0\par
Untuk Tujuan Apa Pinjaman Ini Akan Digunakan ? \b Mengembangkan Usaha Warnet saya\b0\par
\pard\f2\par
}
Re: network monitoring
Greetings! On Sun, 31 Oct 2004 14:17:35 +0100 martin f krafft [EMAIL PROTECTED] wrote: also sprach Andrew Miehs [EMAIL PROTECTED] [2004.10.31.0907 +0100]: On the one hand, you are happy to install via nfs, but on the other hand, you want monitoring done via 'ssh'? Well, I agree that NFS is somewhat of a kludge. However, I want SSH to contact the servers to execute commands to prevent that someone else just executes them without authenticating. So I'd like to suggest you should have a look at the MoSSHe tool http://www.wyae.de/software/mosshe/ It does monitoring via SSH (key auth) while *NOT* allowing execution of arbitrary commands. The whole system is just consisting of shell scripts and one simple central config file plus simple agents on the servers for in-depth monitoring (load, memory, ...). So it's fast to implement and light on system ressources. Plus you won't need additional IPSec or whatever config on your systems... Bye Volker Tanger ITK Security -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
