Tag Archives: howto

Sophos UTM Firewall Zabbix monitoring template

I recently build my own Sophos UTM firewall based on the home license and wanted to get it under Zabbix monitoring. I’ve been using Zabbix for at least 8 years now and i recommend  it as a (enterprise grade) monitoring system.

For the record, i’m running Zabbix 2.4.6 at home on two Raspberry PI Model B systems. One running the Zabbix Server and the second one is running as a MySQL database server. It performs quite well.

-> Download the latest version of the template at the bottem of this page <-

Zabbix Template

The current version of the Sophos UTM template is quite straight forward and is based on the knowledgebase article 119371 in which usefull SNMP OID’s can be found.  Currently the template consists of:

  • 2 Applications (Network, 37 items & System 13 items)
  • 50 monitoring items, based on two network interfaces (this can be easily expanded if you own a system with more then one interface)
  • 11 Graphs
  • 0 triggers (working on this)

Import Zabbix template

Import the template into Zabbix:

Configuration -> Templates -> Import (upper right corner)

Apply Sophos template to your sophos host

Link the template to your Sophos Host:

Configuration -> Hosts -> your Sophos hosts  -> Templates -> search and link the template.

SNMP MACRO

When you start monitoring your Sophos UTM firewall you need to define a SNMP community string. This community string is used by Zabbix when it starts talking to your Sophos UTM applicance. I’ve used a Zabbix Macro for fill the Zabbix template with the correct community string. The macro that can be used for the specific Sophos appliance you would like to use:

{$SNMPCOMMUNITY}

This macro must be added to your monitored Sophos host:

Configuration -> Hosts -> your Sophos host -> Macros

Add your community string and value as requested.

zabbix_macro_snmp

 

 

 


Download

[29-12-15] Template_Sophos_UTM v1.0

Feel free to ask my any question regarding the template or if you want me to add a specific OID to the template.


This Template can also be found on share.zabbix.com or zabbix.org

 

Howto: Two-Factor authentication on Ubuntu 12.04 LTS

For a more secure terminal (SSH) environment, you can add a second factor to authenticate a user. I personally run Ubuntu and i implemented the Google Authenticator on my Ubuntu system using the Google Authenticator Library of Google in combination with my iPhone with the Google Authenticator App.

See the following howto:

http://wouter.borremans.nl/computer-related-howto/how-to/howto-two-factor-authentication-ubuntu-12-04-lts-using-google-authenticator/

Synology DHCP Server and Firewall

I own a Synology DS211j. As i wanted to use an alternative DHCP mechanism to support custom nameservers i ran into the Synology DHCP Server package, straight-forward and easy to use. Additionally i’ve the Synology  firewall configured to deal with a few ports that are opened to the Internet.

This quick howto gives you tips on how to configure your Synology firewall to work together with the DHCP server package:

Synology DHCP Server and Firewall

Howto: SSH login without password

This howto shows how to generate a certificate to achieve ssh login without password:

Source: thegeekstuff.com

Step 1:

jsmith@local-host$ [Note: You are on local-host here]

jsmith@local-host$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key]
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Pess enter key]
Your identification has been saved in /home/jsmith/.ssh/id_rsa.
Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
The key fingerprint is:
33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 jsmith@local-host

Step 2:

jsmith@local-host$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
jsmith@remote-host's password:
Now try logging into the machine, with "ssh 'remote-host'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

Step 3:


jsmith@local-host$ ssh remote-host
Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2
[Note: SSH did not ask for password.]

jsmith@remote-host$ [Note: You are on remote-host here]



Empty postfix mail queue

A quick way to empty your postfix mail queue (for whatever reason) can be done as follows fromout your console as root or equal:

 

root@localhost: for i in `mailq|grep '@' |awk {'print $1'}|grep -v '@'`; do postsuper -d $i ; done

Be sure you know what you are doing, this cannot be undone! You’re deleting all your messages in the current mail queue!

Samba mount using smbmount

Below you can find a script which mounts  a share over a network to a local folder using ‘smbmount’. I prefer using ‘smbmount‘ instead of ‘mount‘ as unmounting shares executes without any pain.

The script below first asks for a password while blocking console output. You can safely put in your password without appearing it into your bash history.

 

#!/bin/bash
echo ""
echo "Provide the share password:"
# Hide the console output and read the input
stty_orig=`stty -g`
stty -echo
read adminpassword
stty $stty_orig
 
# Connect to the share on the remote server using the password
echo "Connecting to remote share"
smbmount /// /home/wouter/folder/ -o username=,password=$adminpassword,uid=1000,mask=000
 
# Show an overview of all mounted devices / shares
echo "----------"
mount
echo "----------"
echo "Done."