Tag Archives: Linux

Raspberry Pi, Edimax Wifi, DYMO Printer VMUG Check-in Process Tutorial

This article is out-of-date. It should only be used for historical reference. A new article will be published to reflect the updated code located at https://github.com/tkrn/pivmugc

Project Summary

At the Cleveland VMUG events we will be using a new check-in system. The system consists of a Raspberry Pi, Edimax Wifi adapter and a DYMO thermal label printer to perform wireless iPad check-ins. The setup will sign-in preregistered individuals and capture data from walk-on attendees. Finally, producing a name tag label which is printed wireless to the DYMO LabelWriter 330. This is how it was accomplished!

Videos

 

Hardware Layout

Pi-DYMO

The diagram is simple and straight forward but to give you a visual how things are related.

Prerequisites

Most important some sort of already existing Linux knowledge is highly recommended! This (updating + installing) will require a great amount of time since the Rasberry Pi’s processor is low in computational power and low IO through output since the Secure Digital memory card is generally slow. I started with a fresh image of Raspbian. At the time of writing, this tutorial is using version, 2014-09-09-wheezy-raspbian.

Let’s start by installing all the prerequisites libraries and binaries. Please complete the apt-get commands in order to prevent php5 installing apache2 since we are leveraging lighttpd.

sudo apt-get update -y
sudo apt-get install dnsmasq lighttpd cups libcups2 libcups2-dev libcupsimage2 libcupsimage2-dev build-essential g++ p7zip-full -y
sudo apt-get install php5-common php5-cgi php5-sqlite php5 -y

CUPS Installation & DYMO Driver

If you are using the pi user, add the pi user to the lpadmin (CUPS Admin) group:

sudo usermod -a -G lpadmin pi

After the installation of CUPS we will need to modify the following sections in /etc/cups/cupsd.conf to look like the following below. This will allow remote access to the CUPS Administration page and the CUPS web server will operate on all interfaces not just the localhost.

# Allow remote access
Port 631
Listen /var/run/cups/cups.sock

...

# Restrict access to the server...
<Location />
  # Allow remote access...
  Order allow,deny
  Allow all
</Location>

# Restrict access to the admin pages...
<Location /admin>
  Order allow,deny
  Allow all
</Location>

Here we will download the Dymo CUPS drivers and compile them on the Raspberry Pi. Again, this step will take a little bit of time to complete.

cd ~
wget http://download.dymo.com/Software/Linux/dymo-cups-drivers-1.4.0.tar.gz
tar -xzvf dymo-cups-drivers-1.4.0.tar.gz
cd dymo-cups-drivers-1.4.0.5/
sudo ./configure
sudo make
sudo make install

After these changes have been made to /etc/cups/cupsd.conf, cycling the service is required and to ensure the new Dymo driver is found.

sudo service cups restart

Proceed over to the CUPS web interface to setup the Dymo printer at https://host:631/admin

Once you get to the login page and you are authenticated, proceed to add a printer by selecting Add Printer under the Administration tab.
Dymo LabelWriter 330 CUPS Setup - Step Start

Select your DYMO LabelWriter printer and press Continue.
Dymo LabelWriter 330 CUPS Setup - Step 1

Specify a Name for your printer, I’de recommend keeping it short in name.
Dymo LabelWriter 330 CUPS Setup - Step 2

Select the Model of the printer or choose the PPD file from compiling if it was not automatically detected. Press Add Printer!
Dymo LabelWriter 330 CUPS Setup - Step 3

After the printer is added, ensure the proper defaults are set for the printer such as Print Quality, Print Density and Media Size by going to Set Default Options under the Administration tab.
Dymo LabelWriter 330 CUPS Setup - Step 4

Finally, ensure the DYMO LabelWriter is set to the System Default printer which is located in the dropdown menu of the printer under the Printers tab.
Dymo LabelWriter 330 CUPS Setup - Step 6

lighttpd Setup

Add the pi user to the www-data group so that the default lightttp path can be written to by the pi user:

sudo chown www-data:www-data /var/www
sudo chmod 775 /var/www
sudo usermod -a -G www-data pi

To enable the server to handle php scripts the fastcgi-php module should be enabled and lighttpd reloaded:

sudo lighty-enable-mod fastcgi-php
sudo service lighttpd force-reload

wlan0 Setup

During this section, we will give wlan0 a static ip address and ensure the interface is brought up at boot. Note this section and the dnsmasq sections are almost verbatim taken from, http://ariandy1.wordpress.com/2013/04/07/setting-up-wifi-access-point-with-edimax-ew-7811un-on-raspberry-pi/. These sections are placed here for linear order of operations and recap the article link above.

Edit /etc/network/interfaces, remove anything related to wlan0 then add this lines:

iface wlan0 inet static
address 10.0.0.1
network 10.0.0.0
netmask 255.255.255.0
broadcast 10.0.0.255

To make sure, add ifup wlan0 inside /etc/rc.local file before exit 0 so it will look like this:

...
ifup wlan0
exit 0

dnsmasq Setup

Stop dnsmasq before working on it:

sudo service dnsmasq stop
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
sudo touch /etc/dnsmasq.conf

Edit the newly create /etc/dnsmasq.conf and make it reflect the following contents:

interface=wlan0
expand-hosts
domain=local
dhcp-range=10.0.0.10,10.0.0.50,24h
dhcp-option=6,10.0.0.1

Add the following to the /etc/hosts file to reflect the hostname of the Raspberry Pi for easy typing in the tablet web browser:

10.0.0.1        checkin checkin.local

hostapd Setup

The EW-7811Un features a Realtek RTL8192C depending on the revision. Since it uses a Realtek chipset you must use the Realtek’s version of hostapd. The majority of this following section was taken from, http://jenssegers.be/blog/43/Realtek-RTL8188-based-access-point-on-Raspberry-Pi. Proper credits goes to the author.

cd ~
wget https://github.com/jenssegers/RTL8188-hostapd/archive/v1.1.tar.gz
tar -zxvf v1.1.tar.gz
cd RTL8188-hostapd-1.1/hostapd
sudo make
sudo make install

Create the following file /etc/hostapd/hostapd.conf and tailor the following setting:

# Basic configuration
interface=wlan0
ssid=VMUGCheckin
channel=3

# WPA and WPA2 configuration
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=3
wpa_passphrase=YourPassPhrase
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

# Hardware configuration
driver=rtl871xdrv
ieee80211n=1
hw_mode=g
device_name=RTL8192CU
manufacturer=Realtek

Edit the following file to point to the newly created conf file above. Open up /etc/default/hostapd and make it reflect the following:

DAEMON_CONF="/etc/hostapd/hostapd.conf"

Enable the access point by restarting the hostapd service after all the changes:

sudo service hostapd restart

PHP Application

After everything, download the PHP binary bits included and extract everything to /var/www and follow the directions included in the 7z archive or download the complete Raspberry Pi below which includes all the work above including the application.

Download and extract the 7z archive:

wget <oldurl>
7z x -y -o/var/www VMUGWirelessCheckin_v103.7z

Ensure correct permissions:

sudo chown www-data:www-data /var/www/ -R
sudo find /var/www/ -type d -exec chmod 755 {} ;
sudo find /var/www/ -type f -exec chmod 644 {} ;
sudo chmod 664 /var/www/Checkin.*

For good house keeping delete the old landing page:

sudo rm -f /var/www/index.lighttpd.html

Be sure to set 664 Unix permissions on the *.db (SQLite database) and modify variables as needed in settings.php. Replace the background.png and logo.png under the images directory.

You should now be complete!

Application links are http://<host>/admin.php for the Administrative Functions page and http://<host>/reprint.php for the Reprint Page.

Summary

This give you everything you need to setup the hardware portion of this project. The software portion is simple, extract and deploy. Please post any questions or comments below.

Download / Git Repository

The Git repository for this project can be found here at GitHub, https://github.com/tkrn/pivmugc for the latest version.

Tagged , , , , , , , , , , , , , ,

Installing XAMPP + Xdebug on Oracle Linux 6.4 x86

This guide will show you how to install XAMPP with Xdebug (compiled) on an RedHat/Oracle Linux 6.4 x86 installation in a few simple steps.

Login in as root or su over to root to start with. Let’s start by making sure we have all the development tools that are necessary to compile the Xdebug library for XAMPP in addition bringing everything the system most up-to-date.

yum update -y
yum groupinstall "Development Tools" -y

Grab the download links from ApacheFriends for XAMPP and use wget to get XAMPP and the Development Packages.

cd ~
wget http://www.apachefriends.org/download.php?xampp-linux-1.8.1.tar.gz
wget http://www.apachefriends.org/download.php?xampp-linux-devel-1.8.1.tar.gz

Extract XAMPP and move to it’s permanent location.

tar -xzvf xampp-linux-1.8.1.tar.gz
mv lampp/ /opt

Extract XAMPP Development libraries and copy the include directory into the base of the lampp directory for use with the compiler.

tar -xzvf xampp-linux-devel-1.8.1.tar.gz
cp -r lampp/include /opt/lampp/.

Using PECL install Xdebug which will invoke the process to compile it the extension.

/opt/lampp/bin/pecl update-channels
/opt/lampp/bin/pecl install Xdebug

Edit the php.ini file to add the newly compiled Xdebug.

vi /opt/lampp/etc/php.ini

Add in the following lines at the end of the php.ini configration file.

zend_extension = "/opt/lampp/lib/php/extensions/no-debug-non-zts-20100525/xdebug.so"
xdebug.remote_enable = 1
xdebug.remote_handler = "dbgp"
xdebug.remote_host = "localhost"
xdebug.remote_port = 9000

Start/Restart XAMPP. Browse to the http://host/xampp/phpinfo.php page to ensure Xdebug was loaded properly.

Tagged , , , , , , , , ,

EMC VNX Celerra NAS Multiprotocol Environment Planning

A mixed protocol environment means that you have two means of accessing the same data generally through SMB/CIFS/Samba and NFS. SMB is natively supported in Windows and NFS is natively in *nix environments.

There are complexities an organization will always run into when running in a mixed protocol environment which is a result of how Windows and *nix systems handle security at the core of their respective operating systems. *nix platforms handles permissions by using permission bits and Windows uses Access Control Lists (ACL). Ownership of a file is either defined by a User ID (UID) in the Unix world or a Security ID (SID) in Windows.

Fundamentally, *nix and Windows platforms handles files, permissions and sharing completely differently and this introduces new complexities because of this business requirement. It is my personal advice, try to avoid running a mixed protocol environment if possible. If a there is a requirement that mandates this need, then design and plan accordingly to prevent future headaches down the road.

This article is not a how-to guide on how to implement a mixed protocol environment since each implementation is unique since there is a complexity reason for driving to use the mixed protocol environment to begin with. Use the following as things to understand and to take in account BEFORE you implement a mixed protocol environment.

This article is a cliff-notes version of the following EMC documents,  Multiprotocol Environment Guide and the User Mapper Guide.

It is important that the sections below are completely understood a head of time for accurate planning of multiprotocol environment. If a change is required after the filesystem is already in production, there is no easy way to change these settings without creating another filesystem and rsync’ing/robocopy’ing the data between filesystems.

Understanding CIFS and Unix Permissions

CIFS

  • Access Control Lists
  • SID Ownership
  • Username Passwords

*nix

  • Permission Bits
  • UID & GID Ownership Bits
  • IP Address Access

Understand the CIFS User ID Resolution Options

• Active Directory
• LDAP Directory
• Local Files
• Network Information Service (NIS)
• Usermapper (Internal or External)

To understand your mappings in technical detail please review the EMC Naming Services Guide.

NOTE: EMC recommends use of Internal Usermapper in Windows-only environments.
NOTE: Avoid static mappings if possible, it becomes a management nightmare. Even if you use custom Active Director Schema Attributes/software to deal with Windows-to-Unix mappings, the Naming Services Guide will provide you with the information to accommodate custom schema attributes and fields.

Understanding Access-checking Policies

Access-checking policy Description
Native (default)
  • Access to a file or directory through NFS or UNIX authenticated FTP is granted only if the UNIX permissions on the file or directory allow it.
  • Access through CIFS or Windows authenticated FTP is granted only if the Windows permissions on the file or directory allow it.
  • ACL and UNIX permissions are maintained for every file and directory.
  • A change in permissions on a file system object in NFS has no impact on permissions in CIFS and a change in permissions on a file system object in CIFS has no impact on permissions in NFS.
NT
  • Access to a file or directory through NFS or UNIX authenticated FTP is granted only if the UNIX and Windows permissions allow it.
  • Access through CIFS or Windows authenticated FTP is granted only if the Windows permissions allow it (the UNIX permissions do not have any effect).
  • ACL and UNIX permissions are maintained for every file and directory.
  • A change in permissions on a file system object in NFS has no impact on permissions in CIFS and a change in permissions on a file system object in CIFS has no impact on permissions in NFS.
UNIX
  • Access to a file or directory through NFS or UNIX authenticated FTP is granted only if the UNIX permissions allow it (the Windows permissions do not have any effect).
  • Access through CIFS or Windows authenticated FTP is granted only if the UNIX and Windows permissions on the file or directory allow it.
  • ACL and UNIX permissions are maintained for every file and directory.
  • A change in permissions on a file system object in NFS has no impact on permissions in CIFS and a change in permissions on a file system object in CIFS has no impact on permissions in NFS.
SECURE
  • Provides the greatest security across CIFS and NFS.
  • Access to a file or directory through either NFS or FTP or CIFS is granted only if the UNIX and Windows permissions on the file or directory allow it.
  • ACL and UNIX permissions are maintained for every file and directory.
  • A change in permissions on a file system object in NFS has no impact on permissions in CIFS and a change in permissions on a file system object in CIFS has no impact on permissions in NFS.
MIXED
  • Access to a file or directory through either NFS or FTP or CIFS is always determined by the ACL.
  • ACL and UNIX permissions are maintained for every file and directory.
  • ACLs for files and directories are created from the protocol that last set or changed the permissions. For example, if an NFS client sets or changes permissions on a file or directory, the ACL is rebuilt based on the UNIX mode bits. If a CIFS client sets or changes permissions on a file or directory, the ACL is built based on the standard Windows permissions.
  • In all cases, the ACL determines file and directory access regardless of whether the client is using the NFS, CIFS or FTP protocol.
  • ACL permissions are more granular than UNIX mode bits, consequently not all permissions set in an ACL can be translated to UNIX mode bits. In some cases, the mode bits might show more permissions than a user actually has
MIXED_COMPAT
  • Access to a file or directory through NFS or FTP or CIFS is determined by which protocol (NFS or CIFS) last set or modified the permissions.
  • ACL and UNIX permissions are maintained for every file and directory.
  • If the permissions of a file or directory are set or changed from a CIFS client, then access is determined by the ACL (EXPLICIT ACL). UNIX mode bits are generated based on the ACL but are not used for access checking.
  • If the permissions of a file or directory are set or changed from a UNIX client, then UNIX mode bits dictate access. An ACL is still created but is not used for access checking.
  • ACL permissions are more granular than UNIX mode bits, consequently not all permissions set in an ACL can be translated to UNIX mode bits. In some cases, the mode bits might show more permissions than a user actually has.


Understand Permission Translations

ACL to Unix Rights
EMC VNX Celerra ACL to Unix Rights Screenshot

Unix to ACL Rights
EMC VNX Celerra Unix to ACL Rights Screenshot

Understand your Inheritance

NATIVE, UNIX, NT, and SECURE
EMC VNX Celerra Native Inheritance Modes

MIXED and MIXED_COMPAT
EMC VNX Celerra Mixed Inheritance Modes

You can find this information and a wealth of other information in EMC’s Multiprotocol Environment Guide and User Mapper Guide.

Other Observed Notes:

  • Taking ownership from Windows Permissions/ACL will change the underlying UID/GID owner even though it is stated otherwise in Native Mode.
Tagged , , , , , , , , , , , ,

EMC Isilon Integration Quest Vintela Authentication Services VASD

There are many challenges that are faced when an organization is forced to run a mixed protocol environment to serve up the same data. This introduces additional management tasks and additional complexities. In a mixed protocol environment you must manage Windows Access Control Lists (ACL) to enforce Windows permissions in addition to managing *nix user/group ids with permission bits to control access. The EMC Isilon solution is a great platform to support mixed protocol environments. In my opinion this far, the Isilon platform is the ideal solution to deal with a mixed protocol environment due to it’s integration with authentication services such as Windows Active Directory or any LDAP service. There are a number of products that provide extensions to Windows Active Directory to provide UID/GID authentication and mappings. One of those products is Quest’s (Vintela) Authentication Services.

Quest Authentication Services uses five fields in the Windows Active Directory. These are the five attributes that Quest Authentication Services uses:

  • gecos
  • uidNumber
  • gidNumber
  • loginShell
  • unixHomeDirectory

Using that information, we are now able to integrate the Quest (Vintela) Authentication Services with the EMC Isilon NAS Storage. The screenshot below displays the correct settings to use on the EMC Isilon storage to integrate with Quest Authentication Services.

EMC Isilon Quest Authentication Services Settings Screenshot

Finally, test your mappings to ensure your AD/LDAP authentication and mappings work correctly.

Tagged , , , , , , , , , , , ,

EMC PowerPath Multipathing in RedHat Linux Guide

First and foremost, I want to give the credit to Will’s Notes for the original article on Multipathing in RHEL5. I was able to use this guide with a Xiotech SAN to configure Multipathing. EMC makes it a ton easier to configure Multipathing. EMC has a product called PowerPath, PowerPath can be used with or without a license. If you install and use PowerPath in an unlicensed fashion you have an active-passive connection back to the EMC SAN. If PowerPath is licensed, this allows for an active-active connection back to the EMC SAN. Active-active is not only highly available it is load balanced.

Configuring PowerPath was rather easy to my surprise. Download PowerPath from powerlink.emc.com for your correct distribution and install the RPM.

[root@localhost ~]# rpm -iv EMCPower.LINUX-5.6.0.00.00-143.RHEL5.x86_64.rpm

If you are using PowerPath in licensed mode, register license key with the first command and check the registration of PowerPath with the second command listed below.

[root@localhost ~]# emcpreg -install
[root@localhost ~]# powermt check_registration

Once PowerPath is installed you can rescan the bus or if you do not know how simply reboot RHEL.

To view the information about PowerPath issue the following command.

[root@localhost ~]# powermt display dev=all
Pseudo name=emcpowera
CLARiiON ID=<SERIALNUMBER> [STROAGEGROUP_NAME]
Logical device ID=STORAGEGROUP_WWN [LUN 400]
state=alive; policy=BasicFailover; priority=0; queued-IOs=0;
Owner: default=SP B, current=SP B       Array failover mode: 4
==============================================================================
--------------- Host ---------------   - Stor -   -- I/O Path --  -- Stats ---
###  HW Path               I/O Paths    Interf.   Mode    State   Q-IOs Errors
==============================================================================
3 qla2xxx                  sdb       SP A0     unlic   alive       0      0
3 qla2xxx                  sdd       SP B0     unlic   alive       0      0
3 qla2xxx                  sdf       SP A4     active  alive       0      0
3 qla2xxx                  sdh       SP B4     active  alive       0      0
4 qla2xxx                  sdj       SP A1     unlic   alive       0      0
4 qla2xxx                  sdl       SP B1     unlic   alive       0      0
4 qla2xxx                  sdn       SP A5     unlic   alive       0      0
4 qla2xxx                  sdp       SP B5     unlic   alive       0      0

Pseudo name=emcpowerb
CLARiiON ID=<SERIALNUMBER> [STROAGEGROUP_NAME]
Logical device ID=STORAGEGROUP_WWN [LUN 401]
state=alive; policy=BasicFailover; priority=0; queued-IOs=0;
Owner: default=SP A, current=SP A       Array failover mode: 4
==============================================================================
--------------- Host ---------------   - Stor -   -- I/O Path --  -- Stats ---
###  HW Path               I/O Paths    Interf.   Mode    State   Q-IOs Errors
==============================================================================
3 qla2xxx                  sdc       SP A0     unlic   alive       0      0
3 qla2xxx                  sde       SP B0     unlic   alive       0      0
3 qla2xxx                  sdg       SP A4     active  alive       0      0
3 qla2xxx                  sdi       SP B4     active  alive       0      0
4 qla2xxx                  sdk       SP A1     unlic   alive       0      0
4 qla2xxx                  sdm       SP B1     unlic   alive       0      0
4 qla2xxx                  sdo       SP A5     unlic   alive       0      0
4 qla2xxx                  sdq       SP B5     unlic   alive       0      0

Once PowerPath is installed and PowerPath is able to access the LUNs that are presented to the host, begin to create the filesystem. Create the file system like you would format any ordinary storage device but instead of /dev/sda, /dev/sdb, etc… EMC’s PowerPath devices are /dev/emcpowera, /dev/emcpowerb, /dev/emcpowerc, etc..

Tagged , , , , , , , , , , , ,

Symantec Backup Exec RALUS Linux Agent ///// Error

Dealing with Symantec is a complete nightmare and it’s more of a nightmare when you feel like you’ve have been held hostage by a product that does not have the support or the quality of code that it needs to be considered an ‘enterprise’ software solution. As you’ve already guessed, we are talking about Symantec Backup Exec 2010 R2.

I have had the RALUS/VRTSralus Linux Agent working just fine for months until what I suspect was a LiveUpdate patch which may have broken the Linux remote agent. The root cause of this particular issue is really unknown but has to do with the error listed below.

43bd9940 Sat Jul 30 01:48:19 2011 :
vx_stat_by_name: Getting stat of /backup/dir/home/user/build/emcgrab/tools/lite//////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
//////////////////////////////////ecc.sh
43bd9940 Sat Jul 30 01:48:19 2011 :
vx_get_link_target for /backup/dir/home/user/build/emcgrab/tools/lite//////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////

After speaking with Symantec support and a bunch of go around over the telephone and emails, my team and I are lead to believe that Soft-link directories in Linux is causing the issue above. There is a known limitation with Backup Exec’s Linux agent which prevents paths being longer than 255 characters. I believe when the agent encounters a soft-linked directory, the agent fails and appends trailing slashes in an infinite loop until it hits the 255 character limit which causes the remote agent to crash. The backup job then terminates early and forces the job to Verify if you job is configured to do so.

I have disabled the backup of soft-linked directories at the job level and the global application level to determine if this has resolved the issue. NOTE: This is to a RALUS agent which has an NFS mount pointing to the data.

To get this log out of the Backup Exec RALUS Linux Agent, follow this article on how you can put the agent into debug mode, TECH35477. If you plan on contacting Symantec be sure that your operating system is supported, in our case RedHat Enterprise Linux 5.4 is the lastest supported RedHat Linux, in addition, know how to put the Linux Agent in debug mode and how to perform core dumps, TECH53188. Finally, be ready to work at their snail’s pace.

Tagged , , , , , , ,

Setup Linux RedHat Up.time SSL Agent

The Windows version of the SSL Up.time Agent was cover by the following article, Setup an Windows Up.time SSL Agent (stunnel & Scripted).

This version goes over setting up a Linux agent on a RedHat based distribution. The distribution that I was working with through this guide was RedHat Enterprise Linux 5.6. First start off by going to the Up.time Software website and downloading the latest rpm package of the Linux Up.time Agent.

Here is the step by step break down of how I was able to configure the Up.time Agent to use SSL in RHEL.

Install the up.time Linux Agent by issuing the following command.

sudo rpm -ivh uptimeagent-5.3.0-linux-x86_64.rpm

Copy-paste the contents to ‘/opt/uptime-agent/conf/agent.conf’, overwrite the existing agent.conf file.

port=9997
user=uptimeagent
mode=xinetd
timeout=60
log_file=/opt/uptime-agent/logs/uptimeagent.log
log_level=NONE

Create ‘uptimeagent.conf’ and copy the contents below to the file

cert=/etc/stunnel/uptime_agent.pem
exec=/opt/uptime-agent/bin/uptimeagent

Generate the SSL certificate

openssl req -x509 -nodes -days 3650 -subj '/C=US/ST=Ohio/L=Cleveland/O=My Company/OU=My Department/CN=uptime-agent' -newkey rsa:1024 -keyout uptime_agent.pem -out uptime_agent.pem

Copy ‘uptimeagent.conf’ and ‘uptime_agent.pem’ to ‘/etc/stunnel’.

sudo cp uptimeagent.conf /etc/stunnel
sudo cp uptime_agent.pem /etc/stunnel

Set the correct ownership and permissions by running the following:

sudo chown root:nobody /etc/stunnel/uptime_agent.pem
sudo chmod 640 /etc/stunnel/uptime_agent.pem
sudo chmod 755 /etc/stunnel/uptimeagent.conf

Replace the contents of ‘/etc/xinetd.d/uptimeagent’ with

service uptimeagent
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = nobody
server = /usr/sbin/stunnel
server_args = /etc/stunnel/uptimeagent.conf
}

In ‘/etc/services’ ensure the last lines look like the following

# *** Installed by the uptimeagent installer
uptimeagent 9997/tcp # uptimeagent agent

Restart the ‘xinetd’ service

sudo /etc/init.d/xinetd restart
Tagged , , , , , , ,