1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 |
[root@e6320 ~]# yum install hddtemp lm_sensors Loaded plugins: fastestmirror, refresh-packagekit, security Setting up Install Process Loading mirror speeds from cached hostfile * base: mirror.slu.cz * epel: mirror.slu.cz * extras: mirror.slu.cz * updates: mirror.slu.cz Resolving Dependencies --> Running transaction check ---> Package hddtemp.i686 0:0.3-0.20.beta15.el6 will be installed ---> Package lm_sensors.i686 0:3.1.1-17.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================= Package Arch Version Repository Size ============================================================================================= Installing: hddtemp i686 0.3-0.20.beta15.el6 epel 46 k lm_sensors i686 3.1.1-17.el6 base 123 k Transaction Summary ============================================================================================= Install 2 Package(s) Total download size: 169 k Installed size: 451 k Is this ok [y/N]: y Downloading Packages: (1/2): hddtemp-0.3-0.20.beta15.el6.i686.rpm | 46 kB 00:00 (2/2): lm_sensors-3.1.1-17.el6.i686.rpm | 123 kB 00:00 --------------------------------------------------------------------------------------------- Total 331 kB/s | 169 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : lm_sensors-3.1.1-17.el6.i686 1/2 Installing : hddtemp-0.3-0.20.beta15.el6.i686 2/2 Verifying : hddtemp-0.3-0.20.beta15.el6.i686 1/2 Verifying : lm_sensors-3.1.1-17.el6.i686 2/2 Installed: hddtemp.i686 0:0.3-0.20.beta15.el6 lm_sensors.i686 0:3.1.1-17.el6 Complete! [root@e6320 ~]# [root@e6320 ~]# sensors-detect Stopping lm_sensors: not configured, run sensors-detect [WARNING] # sensors-detect revision 1.1 # System: Dell Inc. Latitude E6320 (laptop) # Board: Dell Inc. 0GJF11 This program will help you determine which kernel modules you need to load to use lm_sensors most effectively. It is generally safe and recommended to accept the default answers to all questions, unless you know what you're doing. Some south bridges, CPUs or memory controllers contain embedded sensors. Do you want to scan for them? This is totally safe. (YES/no): Silicon Integrated Systems SIS5595... No VIA VT82C686 Integrated Sensors... No VIA VT8231 Integrated Sensors... No AMD K8 thermal sensors... No AMD Family 11h thermal sensors... No Intel digital thermal sensor... Success! (driver `coretemp') Intel AMB FB-DIMM thermal sensor... No VIA C7 thermal and voltage sensors... No Some Super I/O chips contain embedded sensors. We have to write to standard I/O ports to probe them. This is usually safe. Do you want to scan for Super I/O sensors? (YES/no): Probing for Super-I/O at 0x2e/0x2f Trying family `National Semiconductor'... No Trying family `SMSC'... Yes Found unknown chip with ID 0x0300 Probing for Super-I/O at 0x4e/0x4f Trying family `National Semiconductor'... No Trying family `SMSC'... No Trying family `VIA/Winbond/Nuvoton/Fintek'... No Trying family `ITE'... No Some hardware monitoring chips are accessible through the ISA I/O ports. We have to write to arbitrary I/O ports to probe them. This is usually safe though. Yes, you do have ISA I/O ports even if you do not have any ISA slots! Do you want to scan the ISA I/O ports? (YES/no): Lastly, we can probe the I2C/SMBus adapters for connected hardware monitoring devices. This is the most risky part, and while it works reasonably well on most systems, it has been reported to cause trouble on some systems. Do you want to probe the I2C/SMBus adapters now? (YES/no): Found unknown SMBus adapter 8086:1c22 at 0000:00:1f.3. Sorry, no supported PCI bus adapters found. Module i2c-dev loaded successfully. Next adapter: i915 gmbus ssc (i2c-0) Do you want to scan it? (YES/no/selectively): Next adapter: i915 gmbus vga (i2c-1) Do you want to scan it? (YES/no/selectively): Next adapter: i915 gmbus panel (i2c-2) Do you want to scan it? (YES/no/selectively): Next adapter: i915 gmbus dpc (i2c-3) Do you want to scan it? (YES/no/selectively): Next adapter: i915 gmbus dpb (i2c-4) Do you want to scan it? (YES/no/selectively): Next adapter: i915 gmbus dpd (i2c-5) Do you want to scan it? (YES/no/selectively): Next adapter: DPDDC-B (i2c-6) Do you want to scan it? (YES/no/selectively): Next adapter: DPDDC-C (i2c-7) Do you want to scan it? (YES/no/selectively): Next adapter: DPDDC-D (i2c-8) Do you want to scan it? (YES/no/selectively): Now follows a summary of the probes I have just done. Just press ENTER to continue: Driver `coretemp': * Chip `Intel digital thermal sensor' (confidence: 9) Do you want to overwrite /etc/sysconfig/lm_sensors? (YES/no): Starting lm_sensors: loading module coretemp [ OK ] Unloading i2c-dev... OK [root@e6320 ~]# [root@e6320 ~]# [root@e6320 ~]# sensors; hddtemp /dev/sda acpitz-virtual-0 Adapter: Virtual device temp1: +25.0°C (crit = +107.0°C) coretemp-isa-0000 Adapter: ISA adapter Physical id 0: +53.0°C (high = +86.0°C, crit = +100.0°C) Core 0: +53.0°C (high = +86.0°C, crit = +100.0°C) Core 1: +53.0°C (high = +86.0°C, crit = +100.0°C) /dev/sda: KINGSTON SHSS37A240G: 40°C [root@e6320 ~]# |
– na vygenerování certifikátu byl použit Centos6
– Let’s Encrypt klient je https://github.com/Neilpang/acme.sh
– pro požadovanou doménu je nutné přidat TXT záznam, takže je nutný přístup do DNS
root@emg ~ # curl https://get.acme.sh | sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 705 100 705 0 0 835 0 --:--:-- --:--:-- --:--:-- 5778
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 139k 100 139k 0 0 173k 0 --:--:-- --:--:-- --:--:-- 344k
[Sun Apr 16 17:20:55 CEST 2017] Installing from online archive.
[Sun Apr 16 17:20:55 CEST 2017] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Sun Apr 16 17:20:57 CEST 2017] Extracting master.tar.gz
[Sun Apr 16 17:20:57 CEST 2017] Installing to /root/.acme.sh
[Sun Apr 16 17:20:57 CEST 2017] Installed to /root/.acme.sh/acme.sh
[Sun Apr 16 17:20:57 CEST 2017] Installing alias to '/root/.bashrc'
[Sun Apr 16 17:20:58 CEST 2017] OK, Close and reopen your terminal to start using acme.sh
[Sun Apr 16 17:20:58 CEST 2017] Installing alias to '/root/.cshrc'
[Sun Apr 16 17:20:58 CEST 2017] Installing alias to '/root/.tcshrc'
[Sun Apr 16 17:20:58 CEST 2017] Installing cron job
[Sun Apr 16 17:20:59 CEST 2017] Good, bash is found, so change the shebang to use bash as preferred.
[Sun Apr 16 17:21:00 CEST 2017] OK
[Sun Apr 16 17:21:00 CEST 2017] Install success!
root@emg ~ #
root@emg ~ # cd .acme.sh/
root@emg .acme.sh # ll
total 160
-rw-r--r--. 1 root root 96 Apr 16 17:20 account.conf
-rwxr-xr-x. 1 root root 142525 Apr 16 17:20 acme.sh
-rw-r--r--. 1 root root 78 Apr 16 17:20 acme.sh.csh
-rw-r--r--. 1 root root 78 Apr 16 17:20 acme.sh.env
drwxr-xr-x. 2 root root 4096 Apr 16 17:21 deploy
drwxr-xr-x. 2 root root 4096 Apr 16 17:21 dnsapi
root@emg .acme.sh #
root@emg .acme.sh # ./acme.sh --issue --dns -d intra.strachota.net
[Sun Apr 16 17:23:33 CEST 2017] Registering account
[Sun Apr 16 17:23:36 CEST 2017] Registered
[Sun Apr 16 17:23:38 CEST 2017] Update success.
[Sun Apr 16 17:23:39 CEST 2017] ACCOUNT_THUMBPRINT='9qB5HKEYhoWER4SjfxBO6p1N-cuAn4ApejodRT5Bwx8'
[Sun Apr 16 17:23:39 CEST 2017] Creating domain key
[Sun Apr 16 17:23:39 CEST 2017] Single domain='intra.strachota.net'
[Sun Apr 16 17:23:40 CEST 2017] Getting domain auth token for each domain
[Sun Apr 16 17:23:40 CEST 2017] Getting webroot for domain='intra.strachota.net'
[Sun Apr 16 17:23:40 CEST 2017] Getting new-authz for domain='intra.strachota.net'
[Sun Apr 16 17:23:42 CEST 2017] The new-authz request is ok.
[Sun Apr 16 17:23:43 CEST 2017] Add the following TXT record:
[Sun Apr 16 17:23:43 CEST 2017] Domain: '_acme-challenge.intra.strachota.net'
[Sun Apr 16 17:23:43 CEST 2017] TXT value: 'hdxoUJ50NcB53SdxoKky21jEvqa6tmLrKrEvhRGU-qo'
[Sun Apr 16 17:23:43 CEST 2017] Please be aware that you prepend _acme-challenge. before your domain
[Sun Apr 16 17:23:43 CEST 2017] so the resulting subdomain will be: _acme-challenge.intra.strachota.net
[Sun Apr 16 17:23:43 CEST 2017] Please add the TXT records to the domains, and retry again.
[Sun Apr 16 17:23:43 CEST 2017] Please add '--debug' or '--log' to check more details.
[Sun Apr 16 17:23:43 CEST 2017] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
root@emg .acme.sh #
Vygenerování se nepodařilo, protože TXT záznam pro požadovanou doménu neexistuje.
Pro doménu _acme-challenge.intra.strachota.net přidat TXT záznam hdxoUJ50NcB53SdxoKky21jEvqa6tmLrKrEvhRGU-qo
root@emg .acme.sh # nslookup -q=txt _acme-challenge.intra.strachota.net 8.8.8.8|grep text
_acme-challenge.intra.strachota.net text = "hdxoUJ50NcB53SdxoKky21jEvqa6tmLrKrEvhRGU-qo"
root@emg ~ #
root@emg .acme.sh # ./acme.sh --renew -d intra.strachota.net
[Sun Apr 16 19:59:40 CEST 2017] Renew: 'intra.strachota.net'
[Sun Apr 16 19:59:41 CEST 2017] Single domain='intra.strachota.net'
[Sun Apr 16 19:59:41 CEST 2017] Getting domain auth token for each domain
[Sun Apr 16 19:59:42 CEST 2017] Verifying:intra.strachota.net
[Sun Apr 16 20:00:03 CEST 2017] Success
[Sun Apr 16 20:00:03 CEST 2017] Verify finished, start to sign.
[Sun Apr 16 20:00:09 CEST 2017] Cert success.
-----BEGIN CERTIFICATE-----
****************************************************************
****************************************************************
****************************************************************
****************************************************************
****************************************************************
****************************************************************
****************************************************************
****************************************************************
****************************************************************
****************************************************************
****************************************************************
****************************************************************
****************************************************************
****************************************************************
*************************************************************==
-----END CERTIFICATE-----
[Sun Apr 16 20:00:09 CEST 2017] Your cert is in /root/.acme.sh/intra.strachota.net/intra.strachota.net.cer
[Sun Apr 16 20:00:09 CEST 2017] Your cert key is in /root/.acme.sh/intra.strachota.net/intra.strachota.net.key
[Sun Apr 16 20:00:12 CEST 2017] The intermediate CA cert is in /root/.acme.sh/intra.strachota.net/ca.cer
[Sun Apr 16 20:00:12 CEST 2017] And the full chain certs is there: /root/.acme.sh/intra.strachota.net/fullchain.cer
root@emg .acme.sh #
root@emg .acme.sh # scp /root/.acme.sh/intra.strachota.net/ca.cer admin@router:/
ca.cer 100% 1647 1.6KB/s 00:00
root@emg .acme.sh # scp /root/.acme.sh/intra.strachota.net/intra.strachota.net.key admin@router:/
intra.strachota.net.key 100% 1679 1.6KB/s 00:00
root@emg .acme.sh # scp /root/.acme.sh/intra.strachota.net/intra.strachota.net.cer admin@router:/
intra.strachota.net.cer 100% 1809 1.8KB/s 00:00
root@emg .acme.sh #
[admin@MikroTik] > file print where type=".key file" or type=".cer file"
# NAME TYPE SIZE CREATION-TIME
0 intra.strachota.net.key .key file 1679 apr/17/2017 22:19:27
1 intra.strachota.net.cer .cer file 1809 apr/17/2017 22:19:33
2 ca.cer .cer file 1647 apr/17/2017 22:19:06
[admin@MikroTik] >
Pomocí ssllabs.com lze zjistit, jak je na tom Mikrotik s konfigurací SSL. Na verzi RouterOS 6.38.5 (duben 2017) dostávám hodnocení „B“, protože akceptuje RC4 a nepodporuje bezpečné generování per session klíče (forward secrecy).
This script will check a disk’s free space and send a warning if the server has dropped below the limit you have specified.
The settings are in a XML file. The main entity is the filesystem – let’s say a drive letter or disk. Each disk must be defined as an element, which includes values such as the hostname, limit, and list of recipents.
Both files for this solution must be in the same folder.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
$ScriptPath = $MyInvocation.MyCommand.Path $RunPath = Split-Path $ScriptPath $Settings = [xml](Get-Content "$RunPath\watchdog.config.xml") $Log = "$RunPath\$($Settings.freeSpaceWatchdog.globalSettings.log)" $SMTPServer = $Settings.freeSpaceWatchdog.globalSettings.smtpserver $EmailSender = $Settings.freeSpaceWatchdog.globalSettings.emailSender $Timestamp = Get-Date -Format "yyyy.MM.dd HH:mm" foreach ($Item in $Settings.freeSpaceWatchdog.filesystem) { $ComputerName = $($Item.Hostname) $Disk = $($Item.Volume) $Limit = [math]::round($($Item.Limit), 2) $EmailRecipients = $($Item.EmailRecipients) $Data = Get-WmiObject Win32_LogicalDisk -ComputerName $ComputerName -Filter "DeviceID='$Disk'" | Select-Object FreeSpace, Size $Size = [math]::round($Data.Size / 1GB, 2) $FreeSpace = [math]::round($Data.FreeSpace / 1GB, 2) if ($FreeSpace -le $Limit) { "$Timestamp - Warning - $Comptername disk $Disk, limit $Limit, freespace $Freespace" >> $Log Send-MailMessage ` -From $EmailSender ` -To $EmailRecipients ` -SmtpServer $SMTPServer ` -Subject "$Computername disk $Disk warning" ` -Body "On $ComputerName disk $Disk has exceeded the limit $Limit GB.`n`nSize $Size GB`nFree space $FreeSpace GB" ` -Priority High } else { "$Timestamp - OK - $Computername disk $Disk, limit $Limit, freespace $Freespace" >> $Log } } |
Here is an overview:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
<freeSpaceWatchdog> <globalSettings> <smtpserver>mailer15</smtpserver> <emailSender>freespacelimit@mydomain.com</emailSender> <log>freespacewatchdog.log</log> </globalSettings> <filesystem volume="C:"> <hostname>mbx01</hostname> <limit>50</limit> <emailRecipients>helpdesk@mydomain.com</emailRecipients> </filesystem> <filesystem volume="E:"> <hostname>mbx02</hostname> <limit>70</limit> <emailRecipients>helpdesk@mydomain.com</emailRecipients> </filesystem> </freeSpaceWatchdog> |