Cacti Error: No Such File or Directory

Today, i spent quite time to investigate the cause of an error while creating a chart for a specific measurement of 3 similar systems.

The error is ‘{path to cacti}/rra/file_1191.rrd’: No such file or directory. Finally, its got resolved. The problem was, in Data Templates part, the option Data Source Active was not ticked (after ticked as below, it has been becoming OK).

How did i find it? After comparing all the settings with other similar chart, the only difference was on Data Template as mentioned above. To have more understanding, in my case, this setting affected that there would be no polling happened expected from the script in Data Input Method which is supposed to be run every 5 minutes. It can be seen from cacti.log by increasing log level to DEBUG.

Well, thanks to “Debugging” manual from Cacti for helping me out.

Advertisements

How to Turn On Password Complexity Parameter for Sun Java System Directory Server in Solaris

Its been common in any system to have policy on password in term of how complex it is. This is to avoid the vulnerability that may lead to harmful condition in the system due to unauthorized access.

If the system is using Sun Java System Directory Server, the password complexity can be enforced by turning on parameter: pwd-strong-check-enabled.

While the parameter is set to ON, the password will have to conform with following rules:

1- The password must contain the alphanumeric character

2- The password must contain the UPPERCASE and lowercase characters

3- The password must contain special character

4- The password must not contain word from dictionary file (for example: qwerty)

Now, first let’s check the existing parameter status by running below command:

<Bin's Path of Directory Server>/dsconf get-server-prop pwd-strong-check-enabled  pwd-strong-check-require-charset

If the result is OFF, then fire below command to set it to ON:

<Bin's Path of Directory Server>/dsconf set-server-prop -h <directory server IP> -p 389 pwd-strong-check-enabled:on

And once enabling is done, continue with restarting Directory Server for changes to take effect

<Bin's Path of Directory Server>/dsadm restart /var/ds

If there is redundancy of Directory Server, then similar commands have to be applied as well on second server.

Useful resource: Sun Java System Directory Server

Tools for Reading and Mounting ISO Image File in Windows

What tools are you usually use for reading and mounting ISO image file? There are many alternatives, two of them are as following, WinISO and PowerISO. These are actually not completely free tools. However, the good thing is, their free offers are more than enough if the need is just for reading and mounting the ISO image.

WinISO Capture
PowerISO capture

Other than ISO file, those tools also support other types of image file, such as Cue sheets, Nero Burning, Alcohol 120%, CloneCD, Virtual Drive Images, Mac Images, so on.

Supported Image Files by WinISO
PowerISO supported images

Using “Expect” in UNIX Script

There is a request to create script. The idea is to send some commands to the routers (around 16 routers in total) from remote Unix server and save the outputs to file.

The problem is, this routers haven’t had capability yet for password less setup by using key exchange which is more secure.

There were several options, but all of them are using password “hardcoded”, meaning the password of the router must be written inside the script.

Finally, “expect” is chose, since it is already installed in the remote Unix server. Moreover, according to rule in the company, any additional software package can not be installed unless there is approval.

Below are codes. Let’s name it as getoutput and make it to be executable.

#!/usr/local/bin/expect -f

set uu "<username>"
set pp "<password>"

set hh [lindex $argv 0]

spawn ssh -oStrictHostKeyChecking=no -oCheckHostIP=no $uu@$hh

expect "*password*"
send -- "$pp\r"
expect "*>*"
send -- "<1st command >"
send -- "\r"
expect "*>*"
send -- "<2nd command>"
send -- "\r"
expect "*>*"
send -- "<3rd command>"
send -- "\r"
send -- "<4th command>"
send -- "\r"

# done
expect eof

Then loop above script to be executed for all routers.

#!/bin/bash
for router in `cat routers_ip_file`; do getoutput $router > $router.outputfile.log; done

Note:

There are StrictHostKeyChecking and CheckHostIP parameters whose value as “no” inside above script. Actually the purpose is to avoid host checking prompt, if the ssh session is performed for the first time to destination host.

How to Avoid Host Checking While Performing SSH Session

Usually when ssh session is performed for the first time to destination host, the prompt message will be appeared to confirm whether connection should be continued or not. It is due to the destination host has not defined yet inside known_hosts file.

The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established.
RSA key fingerprint is 90:e8:5f:59:7e:87:e4:33:35:60:77:10:a1:af:62:b0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'xxx.xxx.xxx.xxx' (RSA) to the list of known hosts.
Password:
Last login: Tue Jan 19 21:47:16 2016 from xx.xx.xx.xx

To avoid this message, parameters StrictHostKeyChecking and CheckHostIP can be put and set value as “no” in ssh connection as below example:

usersource@sourcehost> ssh -oStrictHostKeyChecking=no -oCheckHostIP=no userdest@destinationIP

How to Configure SMTP Sendmail in UNIX

Before starting to configure SMTP Sendmail in UNIX, firstly, the connection from UNIX server has to be opened to SMTP mail server (in our trial port being used is 25). Once its opened, kindly continue with following steps:

1# Backup the hosts (/etc/inet/hosts) file

2# Edit hosts file by adding new entry (replace 10.10.10.10 with your SMTP mail server, and smtpserver.company.com with your SMTP mail server’s FQDN)

10.10.10.10 mailhost smtpserver.company.com

3# Edit following lines in sendmail.cf file (replace smtpserver.company.com with your SMTP mail server’s FQDN)

# "Smart" relay host (may be null)
DSsmtpserver.company.com

4# Restart smtp:sendmail service

svcadm restart smtp:sendmail

Now sending mail can be tested from UNIX server, below simple test is an example

echo "This is body of my mail. Regards" | mailx -s "Subject of My Testing Mail over SMTP" recipient@mymail.com

How to Configure Enterprise Authentication Policy in SAP BusinessObjects Business Intelligence (BI)

Here are steps to configure Enterprise Authentication Policy in SAP BusinessObjects Business Intelligence (BI)

1- Go to Authentication on menu, with one of following ways: Under CMC Home, go to Manage section on right side then click Authentication, or choose Authentication in drop down list menu, or scroll down on icons list in left side then click padlock icon.
2- Double click on Enterprise
3- Fill respective fields as per needed then Apply

Enterprise Authentication in SAP BusinessObjects BI platform 4.1 SP5 versus 4.1 SP7

Above steps have been tried in SAP BusinessObjects BI 4.1 SP5 and SP7. Just as additional info, there is slight difference for Enterprise Authentication between 4.1 SP5 and 4.1 SP7 which in newer version, it has two additional parameters under Password Restrictions Section which are Enforce numeral in passwords and Enforce special characters in passwords.

Suggestion Before Applying Policy

First, if the policy will be implemented for the first time, better to change the password of predefined account or system account (like Administrator) to comply with Password Restrictions rules.

For instance, if Enforce special characters in passwords parameter will be enabled, then better to reset the password of predefined account or system account (like Administrator) to make sure there is special character in it’s password. It will avoid problem toward system account once policy is activated.

Second, if Disable account after N failed attempts to log on under Logon Restrictions section will be activated, then kindly consider to set Re-enable account after N minute(s) parameter with acceptable value.

Let’s say, the value for Disable account after N failed attempts to log on is set to 3. There is big chance Administrator is getting locked by mistake. In this case, by putting Re-enable account after N minute(s) not too high will make Administrator password recovery becoming faster. Or, there is another suggestion which is to set another user as part of Administrators Groups. So, in case Administrator is getting locked, this user can unlock it directly.