--------解決方法----------
電腦處理方式(請先拔除usb之後再做)
開始-->(所有程式or按搜尋)-->執行-->填入 shell:startup 後按Enter 檢查系統啟動目錄是否有”helper”捷徑,若有代表該電腦已被植入程式
在捷徑上按右鍵查詢捷徑的路徑(win10叫做開啟檔案位置),
會找到一個WindowsServices的資料夾,裡面會有3個vbs所寫的檔案,將檔案刪除即可
重開機後再去啟動目錄(上述的方法)砍掉”helper”捷徑
PS.若看不到檔案請開啟顯示隱藏檔
隨身碟處理方式
開啟顯示隱藏檔
至隨身碟找到叫做 _ 的資料夾,將裡面資料搬出即可(若找不到請開啟顯示隱藏檔)
格式化隨身碟
4.再將原本的資料放回隨身碟即可
2016年7月20日 星期三
2016年7月18日 星期一
CentOS 7 Cacti plugin Syslog
前情提要:
此情境視為將安裝client 端rsyslog server
並安裝 rsyslog-mysql套件將其syslog透過3306port 寫入至db
故需要再/etc/rsyslog.conf 寫入設定,
而主機名稱會以hostname決定呈現名稱。
安裝監控
cd /var/www/html/cacti/plugins
wget http://docs.cacti.net/_media/plugin:syslog-v1.22-2.tgz
mv plugin:syslog-v1.22-2.tgz syslog-v1.22-2.tgz
tar -zxvf syslog-v1.22-2.tgz
==
mysql -u root -p
Enter password:
mysql> create database syslog;
mysql> show databases;
mysql> quit
===
cd /var/www/html/cacti/plugins/syslog
mysql -u root -p -A syslog < syslog.sql
mysql -u root -p
grant all on syslog.* to 'cactiuser'@'' identified by "cacti";
flush privileges;
==
cd /var/www/html/cacti/plugins/syslog/
vi config.php
$use_cacti_db = false; '將 ture 改為 false
$syslogdb_username = 'cactiuser'; '改成您所設定的帳號
$syslogdb_password = 'cactipassword'; '改成您所設定的密碼
=cacti office=
/* make sure these values refect your actual database/host/user/password */
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cactiuser";
$database_password = "cactipassword";
$database_port = "3306";
$database_ssl = false;
==
log server 主機防火牆設定
sudo firewall-cmd --permanent --zone=public --add-port=3306/tcp
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
service rsyslog status
=========
client
==================
yum install rsyslog-mysql
vi /etc/rsyslog.conf
==
#cacti 20160716 edwin.chen
$ModLoad ommysql.so
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.* :ommysql:192.168.1.10,syslog,cactiuser,cactipassword;cacti_syslog
$ModLoad imudp.so
$ModLoad imtcp.so
$UDPServerRun 514
$InputTCPServerRun 514
==
*.* :ommysql:資料庫所在的主機, 所用的資料庫,資料庫的使用者帳號,密碼;SyslogInsert(自定義)
==
service rsyslog restart
chkconfig rsyslog on
======
於switch設定
R1(config)# logging trap
R1(config)# logging 192.168.10
R1(config)# logging on
此情境視為將安裝client 端rsyslog server
並安裝 rsyslog-mysql套件將其syslog透過3306port 寫入至db
故需要再/etc/rsyslog.conf 寫入設定,
而主機名稱會以hostname決定呈現名稱。
安裝監控
cd /var/www/html/cacti/plugins
wget http://docs.cacti.net/_media/plugin:syslog-v1.22-2.tgz
mv plugin:syslog-v1.22-2.tgz syslog-v1.22-2.tgz
tar -zxvf syslog-v1.22-2.tgz
==
mysql -u root -p
Enter password:
mysql> create database syslog;
mysql> show databases;
mysql> quit
===
cd /var/www/html/cacti/plugins/syslog
mysql -u root -p -A syslog < syslog.sql
mysql -u root -p
grant all on syslog.* to 'cactiuser'@'' identified by "cacti";
flush privileges;
==
cd /var/www/html/cacti/plugins/syslog/
vi config.php
$use_cacti_db = false; '將 ture 改為 false
$syslogdb_username = 'cactiuser'; '改成您所設定的帳號
$syslogdb_password = 'cactipassword'; '改成您所設定的密碼
=cacti office=
/* make sure these values refect your actual database/host/user/password */
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cactiuser";
$database_password = "cactipassword";
$database_port = "3306";
$database_ssl = false;
==
log server 主機防火牆設定
sudo firewall-cmd --permanent --zone=public --add-port=3306/tcp
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
service rsyslog status
=========
client
==================
yum install rsyslog-mysql
vi /etc/rsyslog.conf
==
#cacti 20160716 edwin.chen
$ModLoad ommysql.so
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.* :ommysql:192.168.1.10,syslog,cactiuser,cactipassword;cacti_syslog
$ModLoad imudp.so
$ModLoad imtcp.so
$UDPServerRun 514
$InputTCPServerRun 514
==
*.* :ommysql:資料庫所在的主機, 所用的資料庫,資料庫的使用者帳號,密碼;SyslogInsert(自定義)
==
service rsyslog restart
chkconfig rsyslog on
======
於switch設定
R1(config)# logging trap
R1(config)# logging 192.168.10
R1(config)# logging on
CentOS 7 Cacti 架設
系統監控相關的程式不少
像是CA、Zabbix、What's Up等
但用過這麼多套後Cacti還是相當容易上手安裝的一套
Cacti需要的相關套件為 MySQL, PHP, RRDTool, net-snmp,Apache.
但mysql不一定要與cacti裝在一起,故將步驟分開說明。
========
1.安裝相關套件(root only)
yum install httpd*
yum install php*
yum install net-snmp*
create database cacti ;
像是CA、Zabbix、What's Up等
但用過這麼多套後Cacti還是相當容易上手安裝的一套
Cacti需要的相關套件為 MySQL, PHP, RRDTool, net-snmp,Apache.
但mysql不一定要與cacti裝在一起,故將步驟分開說明。
========
1.安裝相關套件(root only)
yum install httpd*
yum install php*
yum install net-snmp*
yum install rrdtool*
yum install freetype-devel libpng-devel libart_lgpl-devel
========
2. php 設定
vi /etc/php.ini
原來為
;date.timezone =
改為
2. php 設定
vi /etc/php.ini
原來為
;date.timezone =
改為
[Date] date.timezone = Asia/Taipei========
3.下載安裝cacti至目錄位置
yum install cacti
或是自行至網站下載新版(http://www.cacti.net/downloads/)
cd /tmp
wget http://www.cacti.net/downloads/cacti-0.8.tar.gz
tar -xzvf cacti-0.8.tar.gz
cp cacti /var/www/html/
(依不同設定也有可能在 /usr/share/)
若是yum大概都沒甚麼問題
==========
4.config html
vi /etc/httpd/conf.d/cacti.conf
Alias /cacti /var/www/cacti
<Directory /var/www/cacti>
DirectoryIndex index.php
order deny,allow
Addtype application/x-httpd-php .php
php_flag magic_quotes_gcp on
php_flag track_vars on
</Directory>
==========
5. service httpd restart
service httpd restart
==========
5.modify cacti/include/config.php
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost"; //也可填寫ip如"192.168.1.99"
$database_username = "cactiuser";
$database_password = "cactipassword";
$database_port = "3306";
$database_ssl = false;
#
/*
Edit this to point to the default URL of your Cacti install
ex: if your cacti install as at http://serverip/cacti/ this
would be set to /cacti/
*/
//$url_path = "/cacti/"; <======將註解去除
$url_path = "/cacti/";
==========
6. crontab –e
*/5 * * * * root php /var/www/cacti/poller.php &>/dev/null
==========
7.SNMP設定
修改/etc/snmp/snmpd.conf
#com2sec notConfigUser default public
#group notConfigGroup v1 notConfigUser
#group notConfigGroup v2c notConfigUser
新增下列設定
com2sec local localhost public
com2sec mynetwork 192.168.3.0/24 public
group notConfigGroup v1 local
group notConfigGroup v2c local
group notConfigGroup v1 mynetwork
group notConfigGroup v2c mynetwork
view all included .1 80
view systemview included .1.3.6.1.2.1.2
access notConfigGroup "" any noauth prefix all none none
access notConfigGroup "" any noauth prefix all all all
===========
至此Cacti http端設定完畢
如果開啟網頁設定應該會顯示無法連結mysql
http://ServerIP/cacti/
接下來則是開始設定mysql端
看安裝於哪裡做決定
===========
安裝
1.yum install mariadb*
初始化設定
2.mysql
systemctl start mariadb
systemctl start mariadb
mysql_secure_installation
(該設定的設一設)
3.建立資料庫
mysql -u root -p
create database cacti ;
//GRANT cacti 資料庫權限給Cacti 資料庫使用者,密碼為cacti
//GRANT ALL ON '資料庫'.* TO '帳號'@'IP/hostname' IDENTIFIED BY '密碼';
//@後之IP或是HOSTNAME為限定其主機與IP可連結,留空白則為都開放。
grant all on cacti.* to 'cactiuser'@'localhost' identified by "cactipassword";
flush privileges;
FLUSH privileges; //刷新
4.將欄位設定匯入mysql
如果都安裝在同一台則
cd /var/www/cacti/
mysql -u root -p -A cacti < cacti.sql
如果不同台則要看root有無開放給其他主機登入(通常不會....)
如果無則需複製檔案至mysql主機上在執行此指令。
================
防火牆設定:
http 80
如果需查看SNMP須開啟udp 161 , 162
sudo firewall-cmd --permanent --zone=public --add-port=161/udp
sudo firewall-cmd --permanent --zone=public --add-port=162/udp
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
=====
SELINUX需設定為permissive
# vim /etc/selinux/config
SELINUX=permissive
訂閱:
文章 (Atom)