Zen and the Art of NetJitsu

These are the notes from my OpenNMS install on CentOS 4 (RHEL 4):

Install Guide referenced

java sdk
+-------
http://java.sun.com/j2se/1.4.2/install-linux.html

chmod a+x j2sdk-1_4_2_14-linux-i586-rpm.bin
./j2sdk-1_4_2_14-linux-i586-rpm.bin
sudo rpm -iv j2sdk-1_4_2_14-linux-i586.rpm

cleanup:

rm *.bin & rpm

tomcat
+-----
http://tomcat.apache.org/download-41.cgi

wget http://apache.seekmeup.com/tomcat/tomcat-4/v4.1.36/bin/apache-tomcat-4.1.36.tar.gz
wget ftp://ftp.opennms.org/pub/dependencies/tomcat4/tomcat4-4.1.18-full.1jpp.noarch.rpm
wget ftp://ftp.opennms.org/pub/dependencies/tomcat4/tomcat4-webapps-4.1.18-full.1jpp.noarch.rpm

sudo rpm -iv tomcat4-4.1.18-full.1jpp.noarch.rpm

warning: tomcat4-4.1.18-full.1jpp.noarch.rpm: V3 DSA signature: NOKEY, key ID 307a10a5
Preparing packages for installation...
tomcat4-4.1.18-full.1jpp

Don't forget to setup vars in /etc/tomcat4/tomcat4.conf to
adapt the RPM to your configuration.
Also edit/create /etc/java/java.conf to define your default JDK

For security purposes, tomcat4 service is installed
but not activated by default.
use your service installer for such purposes
ie: ntsysv

sudo rpm -iv tomcat4-webapps-4.1.18-full.1jpp.noarch.rpm

warning: tomcat4-webapps-4.1.18-full.1jpp.noarch.rpm: V3 DSA signature: NOKEY, key ID 307a10a5
Preparing packages for installation...
tomcat4-webapps-4.1.18-full.1jpp

sudo vi /etc/tomcat4/tomcat4.conf

JAVA_HOME="/usr/java/j2sdk1.4.2_14"
TOMCAT_USER="root"

rrdtool
+-----
http://dag.wieers.com/rpm/packages/rrdtool/

wget http://dag.wieers.com/rpm/packages/rrdtool/rrdtool-1.0.50-3.el4.rf.i386.rpm
sudo rpm -iv rrdtool-1.0.50-3.el4.rf.i386.rpm

postgresql
+--------
http://www.postgresql.org/

yum install postgresql-server

=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
postgresql-server i386 7.4.16-1.RHEL4.1 update 3.0 M
Installing for dependencies:
postgresql i386 7.4.16-1.RHEL4.1 update 2.0 M
postgresql-libs i386 7.4.16-1.RHEL4.1 update 147 k

[root@netjitsu02 ~]# service postgresql start
Initializing database: [ OK ]
Starting postgresql service: [ OK ]

vi /var/lib/pgsql/data/postgresql.conf
tcpip_socket = true
max_connections = 256
shared_buffers = 1024

vi /var/lib/pgsql/data/pg_hba.conf
local all all trust
host all all 127.0.0.1 255.255.255.255 trust

service postgresql restart

curl
+---
installed:

[root@netjitsu02 ~]# rpm -q curl
curl-7.12.1-8.rhel4

opennms
+-------

wget http://superb-east.dl.sourceforge.net/sourceforge/opennms/opennms-1.2.9-1_rhl9.i386.rpm
wget http://superb-east.dl.sourceforge.net/sourceforge/opennms/opennms-docs-1.2.9-1_rhl9.i386.rpm
wget http://superb-east.dl.sourceforge.net/sourceforge/opennms/opennms-webapp-1.2.9-1_rhl9.i386.rpm

rpm -iv opennms-1.2.9-1_rhl9.i386.rpm
warning: opennms-1.2.9-1_rhl9.i386.rpm: V3 DSA signature: NOKEY, key ID 4c4cbbd9
Preparing packages for installation...
opennms-1.2.9-1_rhl9
- moving *.sql.rpmnew files (if any)... done
- checking for old update files... done

*** Installation complete. You must still run the installer and
*** make a few other changes before you start OpenNMS. See the
*** install guide and release notes for details.

rpm -iv opennms-docs-1.2.9-1_rhl9.i386.rpm
warning: opennms-docs-1.2.9-1_rhl9.i386.rpm: V3 DSA signature: NOKEY, key ID 4c4cbbd9
Preparing packages for installation...
opennms-docs-1.2.9-1_rhl9

rpm -iv opennms-webapp-1.2.9-1_rhl9.i386.rpm
warning: opennms-webapp-1.2.9-1_rhl9.i386.rpm: V3 DSA signature: NOKEY, key ID 4c4cbbd9
Preparing packages for installation...
opennms-webapp-1.2.9-1_rhl9

Installer
+--------

/opt/OpenNMS/bin/runjava -s
runjava: Looking for an appropriate JRE...
runjava: Checking for an appropriate JRE in JAVA_HOME...
runjava: skipping... JAVA_HOME not set
runjava: Checking JRE in user's path: "/usr/bin/java"...
runjava: /usr/bin/java is GNU gcj, which is not supported
runjava: did not find an appropriate JRE in user's path: "/usr/bin/java"
runjava: searching for a good JRE...
runjava: found a good JRE in "/usr/java/j2sdk1.4.2_14/bin/java"
runjava: value of "/usr/java/j2sdk1.4.2_14/bin/java" stored in configuration file

/opt/OpenNMS/bin/runjava -S "/usr/java/j2sdk1.4.2_14/bin/java"
runjava: checking specified JRE: "/usr/java/j2sdk1.4.2_14/bin/java"...
runjava: specified JRE is good.
runjava: value of "/usr/java/j2sdk1.4.2_14/bin/java" stored in configuration file

Run the Installer to Setup the PostgreSQL Database
+-------------------------------------------------

/opt/OpenNMS/bin/install -disU
==============================================================================
OpenNMS Installer Version $Id: Installer.java 3056 2006-03-26 19:39:16Z djgregor $
==============================================================================

Configures PostgreSQL tables, users, and other miscellaneous settings.

- checking database version... 7.4
- Full version string: PostgreSQL 7.4.16 on i686-redhat-linux-gnu, compiled by GCC gcc (GCC) 3.4.6 20060404 (Red Hat 3.4.6-3)
* using 'opennms' as the PostgreSQL user for OpenNMS
* using 'opennms' as the PostgreSQL password for OpenNMS
* using 'opennms' as the PostgreSQL database name for OpenNMS
- using SQL directory... /opt/OpenNMS/etc
- using create.sql... /opt/OpenNMS/etc/create.sql
- using iplike module... /opt/OpenNMS/lib/iplike.so
- checking database for old backup tables... NONE
- checking for rows that violate constraints... NONE
- creating tables...
- checking table "serverMap"... CREATED
- checking table "serviceMap"... CREATED
- checking table "distPoller"... CREATED
- checking table "node"... CREATED
- checking table "ipInterface"... CREATED
- checking table "snmpInterface"... CREATED
- checking table "service"... CREATED
- checking table "ifServices"... CREATED
- checking table "events"... CREATED
- checking table "outages"... CREATED
- checking table "vulnerabilities"... CREATED
- checking table "vulnPlugins"... CREATED
- checking table "notifications"... CREATED
- checking table "usersNotified"... CREATED
- checking table "assets"... CREATED
- creating tables... DONE
- creating sequences...
- checking "nodeNxtId" minimum value... 1
- removing sequence "nodeNxtId"... CLEAN
- creating sequence "nodeNxtId"... OK
- checking "serviceNxtId" minimum value... 1
- removing sequence "serviceNxtId"... CLEAN
- creating sequence "serviceNxtId"... OK
- checking "eventsNxtId" minimum value... 1
- removing sequence "eventsNxtId"... CLEAN
- creating sequence "eventsNxtId"... OK
- checking "outageNxtId" minimum value... 1
- removing sequence "outageNxtId"... CLEAN
- creating sequence "outageNxtId"... OK
- checking "notifyNxtId" minimum value... 1
- removing sequence "notifyNxtId"... CLEAN
- creating sequence "notifyNxtId"... OK
- checking "vulnNxtId" minimum value... 1
- removing sequence "vulnNxtId"... CLEAN
- creating sequence "vulnNxtId"... OK
- creating sequences... DONE
- creating indexes...
- creating index "server_name_idx"... OK
- creating index "servicemap_name_idx"... OK
- creating index "serviceMap_ipaddr_idx"... OK
- creating index "node_id_type_idx"... OK
- creating index "node_label_idx"... OK
- creating index "ipinterface_nodeid_ipaddr_ismanaged_idx"... OK
- creating index "ipinterface_ipaddr_ismanaged_idx"... OK
- creating index "ipinterface_ipaddr_idx"... OK
- creating index "ipinterface_nodeid_ismanaged_idx"... OK
- creating index "ipinterface_nodeid_idx"... OK
- creating index "snmpinterface_nodeid_ifindex_idx"... OK
- creating index "snmpinterface_nodeid_idx"... OK
- creating index "snmpinterface_ipaddr_idx"... OK
- creating index "ifservices_nodeid_ipaddr_status"... OK
- creating index "ifservices_nodeid_status"... OK
- creating index "ifservices_nodeid_idx"... OK
- creating index "ifservices_serviceid_idx"... OK
- creating index "ifservices_nodeid_serviceid_idx"... OK
- creating index "events_uei_idx"... OK
- creating index "events_nodeid_idx"... OK
- creating index "events_ipaddr_idx"... OK
- creating index "events_serviceid_idx"... OK
- creating index "events_time_idx"... OK
- creating index "events_severity_idx"... OK
- creating index "events_log_idx"... OK
- creating index "events_display_idx"... OK
- creating index "events_ackuser_idx"... OK
- creating index "events_acktime_idx"... OK
- creating index "outages_svclostid_idx"... OK
- creating index "outages_svcregainedid_idx"... OK
- creating index "outages_nodeid_idx"... OK
- creating index "outages_ipaddr_idx"... OK
- creating index "outages_serviceid_idx"... OK
- creating index "outages_regainedservice_idx"... OK
- creating index "vulnerabilities_nodeid_idx"... OK
- creating index "vulnerabilities_ipaddr_idx"... OK
- creating index "vulnerabilities_severity_idx"... OK
- creating index "vulnerabilities_port_idx"... OK
- creating index "vulnerabilities_protocol_idx"... OK
- creating index "vulnplugins_plugin_idx"... OK
- creating index "notifications_ipaddr_idx"... OK
- creating index "notifications_serviceid_idx"... OK
- creating index "notifications_eventid_idx"... OK
- creating index "notifications_respondtime_idx"... OK
- creating index "notifications_answeredby_idx"... OK
- creating index "userid_notifyid_idx"... OK
- creating indexes... DONE
- inserting initial table data for "distPoller"... OK
- checking if database "opennms" is unicode... ALREADY UNICODE
- checking for stale iplike references... CLEAN
- checking for stale eventtime.so references... CLEAN
- adding iplike database function... OK
- adding PL/pgSQL call handler... OK
- adding PL/pgSQL language module... OK
- adding stored procedures...
- getManagePercentAvailIntfWindow.sql... OK
- getManagedOutageForIntfInWindow.sql... OK
- getOutageTimeInWindow.sql... OK
- getManagedServiceCountForIntf.sql... OK
- getManagedOutageForNodeInWindow.sql... OK
- getManagedServiceCountForNode.sql... OK
- getPercentAvailabilityInWindow.sql... OK
- getManagePercentAvailNodeWindow.sql... OK

Installer completed successfully!

Run the Installer to Setup the Web Application
+---------------------------------------------

format:
# $OPENNMS_HOME/bin/install -y -w $CATALINA_HOME/webapps -W $CATALINA_HOME/server/lib

/opt/OpenNMS/bin/install -y -w /var/tomcat4/webapps -W /var/tomcat4/server/lib
==============================================================================
OpenNMS Installer Version $Id: Installer.java 3056 2006-03-26 19:39:16Z djgregor $
==============================================================================

Configures PostgreSQL tables, users, and other miscellaneous settings.

* using 'opennms' as the PostgreSQL user for OpenNMS
* using 'opennms' as the PostgreSQL password for OpenNMS
* using 'opennms' as the PostgreSQL database name for OpenNMS
- using Top-level web application directory... /var/tomcat4/webapps
- using Tomcat server library directory... /var/tomcat4/server/lib
- using OpenNMS webapps directory... /opt/OpenNMS/webapps
- Checking for old opennms webapp directory in /var/tomcat4/webapps/opennms... OK
- Checking for old opennms context in /var/tomcat4/webapps/../conf/server.xml... OK
- Install OpenNMS webapp...
- creating link to /var/tomcat4/webapps/opennms.xml... DONE
- creating link to /var/tomcat4/server/lib/log4j.jar... DONE
- creating link to /var/tomcat4/server/lib/castor-0.9.3.9.jar... DONE
- creating link to /var/tomcat4/server/lib/castor-0.9.3.9-xml.jar... DONE
- creating link to /var/tomcat4/server/lib/opennms_core.jar... DONE
- creating link to /var/tomcat4/server/lib/opennms_services.jar... DONE
- creating link to /var/tomcat4/server/lib/opennms_web.jar... DONE
- Installing OpenNMS webapp... DONE

Installer completed successfully!

Configure Discovery
+------------------

vi /opt/OpenNMS/etc/discovery-configuration.xml

Start PostgreSQL, Tomcat4, and OpenNMS
+-------------------------------------

service postgresql start
service tomcat4 start
service opennms start

opennms -v status
OpenNMS.Eventd : running
OpenNMS.Trapd : running
OpenNMS.Dhcpd : running
OpenNMS.Actiond : running
OpenNMS.Capsd : running
OpenNMS.Notifd : running
OpenNMS.Scriptd : running
OpenNMS.Rtcd : running
OpenNMS.Pollerd : running
OpenNMS.Collectd : running
OpenNMS.Threshd : running
OpenNMS.Discovery : running
OpenNMS.Vacuumd : running
opennms is running

chkconfig --add opennms
chkconfig --list opennms
chkconfig opennms on
chkconfig --list opennms
opennms 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Last night, while logged into a router deployed at the network edge, I noticed an uninvited guest:

br02#sh users
Line User Host(s) Idle Location
1 vty 0 idle 00:00:01 201.63.40.18
2 vty 1 root idle 00:00:02 201.63.40.18

What's this, a root login to a Cisco router? I was pretty sure a root login did not exist in our AAA server, but I checked the tacacs log just to verify. No unauthorized logins there. Where is this login coming from?:

whois 201.63.40.18 [Querying whois.lacnic.net] [Redirected to whois.registro.br]
inetnum: 201.63.40.16/29
aut-num: AS10429
abuse-c: STE21
owner: Acoplast Indústria e Comércio Ltda
ownerid: 061.344.578/0001-50
responsible: Josiel Augusto Morosi
owner-c: JAM651
tech-c: JAM651
created: 20060830
changed: 20060830
inetnum-up: 201.63/16

nic-hdl-br: JAM651
person: JOSIEL AUGUSTO MOROSI
e-mail: josiel@acoplast.com.br

We definitely don't have any engineers in Brazil. Could this be a covert channel or an exploit of a recent bug?

I quickly opened a case, and received the following response:

A display bug exists in earlier versions of IOS where a user connecting to the ssh or telnet port will display as logged in while connected even if they have not sucessfully authenticated. You can if this is the case on your device if you enter a login and not authenticate sucessfully then do a "show user". This should display you "rouge" connection as a connected user.

I am not currently aware of a BugID for this issue.

As these are most likely brute-force attempts, an access-list applied to the VTY lines should mitigate them. Were the crackers in Brazil restless last night?

Zen and the Art of NetJitsu

Sunday, April 29, 2007

Installing Java on Ubuntu Linux

Sunday, April 15, 2007

OpenNMS

Wednesday, April 11, 2007

Like your company logo?

Friday, February 16, 2007

VMware & Samba on Linux

Thursday, February 15, 2007

Alphabet Soup

Friday, February 09, 2007

Cisco IOS Display Bug

Monday, January 22, 2007

Migration to Linux - Disk Encryption

Links

Blog Links

About Me

Blog Archive