Next: 3 CVS and RCS
Up: Redhat FAQ
Previous: 1 Amanda
Contents
Subsections
2.1 Initial setup
- Big Brother user:
- bbuser
- Big Brother group:
- bbgroup
- Big Brother Directory:
- /var/bbuser
- Create the group
$ groupadd -g 101 bbgroup
- Create the user
$ useradd -u 201 -g bbgroup -d /var/bbuser -m bbuser
- Leave the account without a login password.
Because we will run Big Brother from its own directory instead of
from the DocumentRoot defined in the Apache configuration, a few changes
have to be made in the installation
- Add bbuser to the Apache web server group.
- Become bbuser.
- Change to the bbuser home directory if necessary
$ cd
- Extract the distribution archive to the bbuser home directory, This
will create a directory called ``bb<ver>''.
- Symlink bb<ver> to bb. This keeps upgrades from breaking scripts.
$ ln -s bb<ver> bb
- Symlink the user web directory - usually public_html - to bb/www
$ ln -s bb/www public_html
- Create a cgi-bin directory for Big Brothers cgi scripts
$ mkdir public_html/cgi-bin
- Run the install script
$ cd bb/install
$ ./bbconfig
- The script will ask a number of questions most of which have reasonable
defaults.
- Be certain that Big Brother is NOT allowed to run as root.
- If paging has not been set up, answer 'no' when asked of the server
is to be used as a BBPAGER. If you are not sure, 'no' is safe.
- The base URL for BB will be /~bbuser.
- The CGI scripts directory will be <BB Home Directory>/public_html/cgi-bin.
- The base URL for CGI scripts is /~bbuser/cgi-bin
- The web server user id is apache.
- Change to the source directory
$ cd ../src
- Add -DDATAMSG to the CFLAGS in the Makefile
- Make and install
$ make
$ make install
- Make sure that the directory bb/www/rep is group writable by the Apache
group. The install script should take care of this but if it doesn't.
$ chgrp apache bb/www/ref
$ chmod g+rw bb/www/ref
- Setup Apache to allow Big Brother to run cgi scripts
# allow cgi scripts for big brother
<Directory "/var/bbuser/public_html/cgi-bin">
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
- If necessary, add .sh to the AddHandler directive for cgi-scripts
AddHandler cgi-script .cgi .sh
The use the automatic scripts to push a new bb-hosts file out to UNIX
clients, a secure shell key pair is needed.
- Become bbuser
- Change the bbuser home directory
$ cd
- If necessary create a .ssh directory
$ mkdir .ssh
$ chmod 700 .ssh
- Create a keypair for authentication. Use an empty passphrase.
- For ssh1:
$ ssh-keygen -t rsa1 -f ~/.ssh/rsa1_pushkey
- For ssh2 using DSA keys
$ ssh-keygen -t dsa -f ~/.ssh/dsa_pushkey
- For ssh2 using RSA keys:
$ ssh-keygen -t rsa -f ~/.ssh/rsa_pushkey
- Copy rsa1_pushkey.pub to authorized_keys
$ cp .ssh/rsa1_pushkey.pub authorized_keys
- Copy dsa_pushkey.pub to authorized_keys2
$ cp dsa_pushkey.pub authorized_keys2
- Or copy rsa_pushkey to authorized_keys2
cp rsa_pushkey.pub authorized_keys2
- Make a tar file of the authorized_keys files
$ tar -cvf bb-publickey.tar authorized_keys*
These are public keys so they do not have to be tightly secured.
- Edit /var/bbuser/bb/bin/bb-cpu.sh script to properly detect
multiple CPU's. (See Sec: 2.5)
- Create the Big Brother user as described in Sect 2.1)
- Become bbuser
$ sudo su - bbuser
- Copy the appropriate client software and public key set using scp
or anonymous ftp.
$ scp <username>@chena:/var/bbuser/client/bb-linux.tar .
$ scp <username>@chena:/var/bbuser/client/bb-publickey.tar
.
If using ftp the files are stored in /pub/BB
- Extract the tar files
$ tar -xvf bb-linux.tar
$ tar -xvf bb-publickey.tar
- If necessary, edit BBHOME in runbb.sh
- You now should be able to log onto the client from the server as bbuser
with no password.
- Add the new client machine to the bb-hosts file on the BBDISPLAY server
and push-hosts.pl.
- Push out the modified bb-hosts file to all clients
As installed, the output from the logwatch scripts sshd and
secure will contain a lot of messages like:
Bad protocol version identification 'Big-Brother-Monitor-1.9c'
These can be eliminated by editing the scripts.
- In the script /etc/log.d/scripts/services/sshd locate the lines:
# Report any unmatched entries...
unless (($ThisLine =~ /fwd X11 connect/))
{
push @OtherList,$ThisLine;
- Edit the middle line above to read
unless (($ThisLine =~ /Big\-Brother\-Monitor/)
or ($ThisLine =~ /fwd X11 connect/)) {
- In /etc/log.d/scripts/services/secure locate the line:
while (defined($ThisLine = <STDIN>)) {
- Right after this add the lines:
if ($ThisLine =~ m/Big\-Brother\-Monitor/)
{
next;
}
- The Big Brother messages in /var/log/secure can be stopped
entirely if the SyslogFacility in /var/ssh/sshd_config
is changes from AUTHPRIV to AUTH. AUTHPRIV is the default configuration
on some installations. Change the logging to:
SyslogFacility AUTH
LogLevel INFO
- Restart sshd
- I strongly suggest the first method.
- Become bbuser
- Put the script in bb/ext
- Add the script name to BBEXT in bbdef.sh
2.5 bb-cpu.sh
Just before the call to bbd add:
#==========================================================
# added to indicate number of processors
#=========================================================
PROCNUM="1 processor"
THISOS=`uname`
export THISOS
TR="/usr/bin/tr -d"
case "$THISOS" in
SunOS)
NP=`/usr/sbin/psrinfo | $WC | $TR "
"`
;;
Linux)
NP=`/bin/grep processor /proc/cpuinfo | $WC
| $TR " "`
;;
AIX)
NP=`lsof | grep Processors: | awk -F":"
'{print $2}' | $TR " "`
;;
*)
NP=1
;;
esac
if test $NP -gt 1; then
PROCNUM="$NP processors"
fi
#============================================================
Then add $PROCNUM to the actual call to bbd:
#
# NOW SEND THIS INFORMATION TO THE BIG BROTHER DISPLAY UNIT
#
$BBHOME/bin/bb-combo.sh add "status $MACHINE.cpu
$COLOR `date` up: $UP, $U users, $P procs, load=${DISPAVG}
($PROCNUM)
$LINE1
$LINE2
`cat $BBTMP/TOP.$$`
"
Next: 3 CVS and RCS
Up: Redhat FAQ
Previous: 1 Amanda
Contents
2005-03-20