This post is essentially an updated guide to my previous post on monitoring pfSense logs using the ELK stack. Part 1 will cover the instillation and configuration of ELK and Part 2 will cover configuring Kibana 4 to visualize pfSense logs.

So what's new?

• Full guide to installing & setting up ELK on Linux
• Short tutorial on creating visualizations and dashboards using collected pfSense logs

OK. So the goal is to use ELK to gather and visualize firewall logs from one (or more) pfSense servers.

This Logstash / Kibana setup has three main components:

• Logstash: Processes the incoming logs sent from pfSense
• Elasticsearch: Stores all of the logs
• Kibana 4: Web interface for searching and visualizing logs (proxied through Nginx)

(It is possible to manually install the logstash-forwarder on pfsense, however this tutorial will only cover forwarding logs via the default settings in pfSense.)

For this tutorial all three components (ElasticSearch, Logstash & Kibana + Nginx) will be installed on a single server.

Prerequisites:

1. For CentOS 7, enable the EPEL repository

# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

2. Make sure wget is installed

CentOS 7

# sudo yum -y install wget

Ubuntu 14.xx

$ sudo apt-get -y install wget

3. Install the latest JDK on your server:

CentOS 7

Download Java SDK:

# wget --no-check-certificate -c --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u60-b27/jdk-8u60-linux-x64.tar.gz

# tar -xzf jdk-8u60-linux-x64.tar.gz

# mv jdk1.8.0_60/ /usr/

Install Java:

# /usr/sbin/alternatives --install /usr/bin/java java /usr/jdk1.8.0_60/bin/java 2

# /usr/sbin/alternatives --config java

There is 1 program that provides 'java'.

  Selection    Command
-----------------------------------------------
*+ 1           /usr/jdk1.8.0_60/bin/java

Enter to keep the current selection[+], or type selection number:

Press ENTER

Verify Java Verison:

# java -version

java version "1.8.0_60"
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)

Setup Environment Variables:

# export JAVA_HOME=/usr/jdk1.8.0_60/

# export JRE_HOME=/usr/jdk1.8.0_60/jre/

Set PATH variable:

# export PATH=$JAVA_HOME/bin:$PATH

To set it as a permanent, place the above three commands in the /etc/profile (All Users) or .bash_profile (Single User)

Ubuntu 14.xx

Remove the OpenJDK from the system, if you have it already installed.

$ sudo apt-get remove --purge openjdk*

Add repository.

$ sudo add-apt-repository -y ppa:webupd8team/java

Run the apt-get update command to pull the packages information from the newly added repository.

$ sudo apt-get update

Issue the following command to install Java jdk 1.8.

$ sudo apt-get -y install oracle-java8-installer

While installing, you will be required to accept the Oracle binary licenses.

Verify java version

$ java -version
 
java version "1.8.0_60"
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)

Configure java Environment

$ sudo apt-get install oracle-java8-set-default

Install ElasticSearch

Download and install the public GPG signing key:

CentOS 7

# rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch

Ubuntu 14.xx

$ wget -qO - https://packages.elasticsearch.co/GPG-KEY-elasticsearch | sudo apt-key add -

Add and enable ElasticSearch repo:

CentOS 7

# cat <<EOF >> /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-1.7]
name=Elasticsearch repository for 1.7.x packages
baseurl=http://packages.elastic.co/elasticsearch/1.7/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1
EOF

Ubuntu 14.xx

$ echo "deb http://packages.elastic.co/elasticsearch/1.7/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-1.7.list

Install ElasticSearch

CentOS 7

# yum -y install elasticsearch

Ubuntu 14.xx

$ sudo apt-get update && sudo apt-get install elasticsearch

Configure Elasticsearch to auto-start during system startup:

CentOS 7

# /bin/systemctl daemon-reload
# /bin/systemctl enable elasticsearch.service
# /bin/systemctl start elasticsearch.service

Ubuntu 14.xx

$ sudo update-rc.d elasticsearch defaults 95 10

Now wait, at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. ElasticSearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response.

# curl -X GET http://localhost:9200
{
  "status" : 200,
  "name" : "Alex",
  "cluster_name" : "elasticsearch",
  "version" : {
    "number" : "1.7.1",
    "build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",
    "build_timestamp" : "2015-07-29T09:54:16Z",
    "build_snapshot" : false,
    "lucene_version" : "4.10.4"
  },
  "tagline" : "You Know, for Search"
}

Install Logstash

Add the Logstash repo, enable & install

CentOS 7

# cat <<EOF >> /etc/yum.repos.d/logstash.repo
[logstash-1.5]
name=Logstash repository for 1.5.x packages
baseurl=http://packages.elasticsearch.org/logstash/1.5/centos
gpgcheck=1
gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearch
enabled=1  
EOF 

# yum install logstash -y

Ubuntu 14.xx

$ echo "deb http://packages.elasticsearch.org/logstash/1.5/debian stable main" | sudo tee -a /etc/apt/sources.list

$ sudo apt-get update && sudo apt-get install logstash

Create SSL Certificate (Optional)*

*You can skip this step if you don't intend to use your ELK install to monitor logs for anything other than pfSense (or any TCP/UDP forwarded logs).

(pfSense forwards it's logs via UDP, therefore there's no requirement to set up a Logstash-Forwarder environment. Having said that, it's still good practice to set it up, since you'll most likely be using your ELK stack for more than collecting and parsing only pfSense logs.)

Logstash-Forwarder (formerly LumberJack) utilizes an SSL certificate and key pair to verify the identity of your Logstash server.

You have two options when generating this SSL certificate.

1. Hostname/FQDN (DNS) Setup

2. IP Address Setup

Option 1

If you have DNS setup within your private/internal network, add a DNS A record pointing to the private IP address of your ELK/Logstash server. Alternatively add a DNS A record with your DNS provider pointing to your ELK/Logstash servers public IP address. As long as each server you're gathering logs from can resolve the Logstash servers hostname/domain name, either is fine.

Alternatively you can edit the etc/hosts file of the servers you're collecting logs from by adding an IP address (Public or Private) and hostname entry pointing to your Logstash server (Private IP 192.168.0.77 in my case).

# nano /etc/hosts

192.168.0.77 elk.mydomain.com elk

Now to generate the SSL certificate and key pair. Go to OpenSSL directory.

CentOS 7

# cd /etc/pki/tls

Ubuntu 14.xx

Use the following commands to create the directories that will store you certificate and private key.

$ sudo mkdir -p /etc/pki/tls/certs
$ sudo mkdir /etc/pki/tls/private

Execute the following command to create a SSL certificate, replace “elk” with the hostname of your real logstash server.

# cd /etc/pki/tls
# openssl req -x509 -nodes -newkey rsa:2048 -days 3650 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt -subj /CN=elk

The generated logstash-forwarder.crt should be copied to all client servers who's logs you intend to send to your Logstash server.

N.B. If you've decided to go with the above described Option 1, please ignore Option 2 below, and skip straight to the 'Configure Logstash' section.

Option 2

If for some reason you don't have DNS setup and/or can't resolve the hostname of your Logstash server, you can add the IP address of your Logstash server to the subjectAltName (SAN) of the certificate we're about to generate.

Start by editing the OpenSSL configuration file:

$ nano /etc/pki/tls/openssl.cnf

Find the section starting with [ v3_ca ] and add the following line, substituting the IP address for that of your own Logstash server.

subjectAltName = IP: 192.168.0.77

Save & exit

Execute the following command to create the SSL certificate and private key.

# cd /etc/pki/tls
# openssl req -config /etc/pki/tls/openssl.cnf -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt

The generated logstash-forwarder.crt should be copied to all client servers you intend to collect logs from.

Configure Logstash

Logstash configuration files are JSON-Format files located in the /etc/logstash/conf.d/ directory. A Logstash server configuration consists of three sections; input, filter and output, all of which can be placed in a single configuration file. However in practice is it's much more practical to place these sections into separate config files.

Create an input configuration:

# nano /etc/logstash/conf.d/01-inputs.conf

Paste the following:

#logstash-forwarder [Not utilized by pfSense by default]
#input {
#  lumberjack {
#    port => 5000
#    type => "logs"
#    ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
#    ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
#  }
#}

#tcp syslog stream via 5140
input {
  tcp {
    type => "syslog"
    port => 5140
  }
}
#udp syslogs tream via 5140
input {
  udp {
    type => "syslog"
    port => 5140
  }
}

Create an syslog configuration:

# nano /etc/logstash/conf.d/10-syslog.conf

Paste the following:

filter {
  if [type] == "syslog" {

    #change to pfSense ip address
    if [host] =~ /192\.168\.0\.2/ {
      mutate {
        add_tag => ["PFSense", "Ready"]
      }
    }

    if "Ready" not in [tags] {
      mutate {
        add_tag => [ "syslog" ]
      }
    }
  }
}

filter {
  if [type] == "syslog" {
    mutate {
      remove_tag => "Ready"
    }
  }
}

filter {
  if "syslog" in [tags] {
    grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at", "%{@timestamp}" ]
      add_field => [ "received_from", "%{host}" ]
    }
    syslog_pri { }
    date {
      match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM  dd HH:mm:ss" ]
      locale => "en"
    }

    if !("_grokparsefailure" in [tags]) {
      mutate {
        replace => [ "@source_host", "%{syslog_hostname}" ]
        replace => [ "@message", "%{syslog_message}" ]
      }
    }

    mutate {
      remove_field => [ "syslog_hostname", "syslog_message", "syslog_timestamp" ]
    }
#    if "_grokparsefailure" in [tags] {
#      drop { }
#    }
  }
}

Create an outputs configuration:

# nano /etc/logstash/conf.d/30-outputs.conf

Paste the following:

output {
elasticsearch { hosts => localhost index => "logstash-%{+YYYY.MM.dd}" }
stdout { codec => rubydebug }
}

Create your pfSense configuration:

# nano /etc/logstash/conf.d/11-pfsense.conf

Paste the following:

filter {
  if "PFSense" in [tags] {
    grok {
      add_tag => [ "firewall" ]
      match => [ "message", "<(?<evtid>.*)>(?<datetime>(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|Jun(?:e)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?)\s+(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9]) (?:2[0123]|[01]?[0-9]):(?:[0-5][0-9]):(?:[0-5][0-9])) (?<prog>.*?): (?<msg>.*)" ]
    }
    mutate {
      gsub => ["datetime","  "," "]
    }
    date {
      match => [ "datetime", "MMM dd HH:mm:ss" ]
      timezone => "UTC"
    }
    mutate {
      replace => [ "message", "%{msg}" ]
    }
    mutate {
      remove_field => [ "msg", "datetime" ]
    }
}
if [prog] =~ /^filterlog$/ {
    mutate {
      remove_field => [ "msg", "datetime" ]
    }
    grok {
      patterns_dir => "/etc/logstash/conf.d/patterns"
      match => [ "message", "%{PFSENSE_LOG_DATA}%{PFSENSE_IP_SPECIFIC_DATA}%{PFSENSE_IP_DATA}%{PFSENSE_PROTOCOL_DATA}",
		 "message", "%{PFSENSE_LOG_DATA}%{PFSENSE_IPv4_SPECIFIC_DATA_ECN}%{PFSENSE_IP_DATA}%{PFSENSE_PROTOCOL_DATA}" ]
    }
    mutate {
      lowercase => [ 'proto' ]
    }
    geoip {
      add_tag => [ "GeoIP" ]
      source => "src_ip"
      # Optional GeoIP database
      database => "/etc/logstash/GeoLiteCity.dat"
    }
  }
}

The above configuration uses a pattern file. Create a patterns directory:

# mkdir /etc/logstash/conf.d/patterns

And download the following pattern file to it:

# cd /etc/logstash/conf.d/patterns
# wget https://gist.githubusercontent.com/elijahpaul/3d80030ac3e8138848b5/raw/abba6aa8398ba601389457284f7c34bbdbbef4c7/pfsense2-2.grok

(Optional) Download and install the MaxMind GeoIP database:

$ cd /etc/logstash
$ sudo curl -O "http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz"
$ sudo gunzip GeoLiteCity.dat.gz

Now restart the logstash service.

CentOS 7

# systemctl restart logstash.service

Ubuntu 14.xx

$ sudo service logstash restart

Logstash server logs are stored in the following file,

# cat /var/log/logstash/logstash.log

Logs retrieved from pfSense (once setup is complete) can be viewed via,

# tail -f /var/log/logstash/logstash.stdout

these will help you troubleshoot any issues you encounter.

Configuring pfSense for remote logging to ELK

Login to pfSense and check the dashboard to ensure you're running pfSense 2.2.x

Now go to the settings tab via Status > System Logs. Check 'Send log messages to remote syslog server', enter your ELK servers IP address and custom port (port 5140 in this case), and check 'Firewall events' (or 'Everything' if you wish to send everything pfSense logs to ELK).

That's it for pfSense!

Configure Kibana4

Kibana 4 provides visualization of your pfSense logs. Use the following command to download it in terminal.

wget https://download.elastic.co/kibana/kibana/kibana-4.1.2-linux-x64.tar.gz

# tar -zxf kibana-4.1.2-linux-x64.tar.gz

# mv kibana-4.1.2-linux-x64 /opt/kibana4

Enable PID file for Kibana, this is required to create a systemd init file.

# sed -i 's/#pid_file/pid_file/g' /opt/kibana4/config/kibana.yml

Kibana can be started by running /opt/kibana4/bin/kibana, to run kibana as a server we will create a systemd file.

# nano /etc/systemd/system/kibana4.service

[Unit]
Description=Kibana 4 Web Interface
After=elasticsearch.service
After=logstash.service
[Service]
ExecStartPre=rm -rf /var/run/kibana.pid
ExecStart=/opt/kibana4/bin/kibana
ExecReload=kill -9 $(cat /var/run/kibana.pid) && rm -rf /var/run/kibana.pid && /opt/kibana4/bin/kibana
ExecStop=kill -9 $(cat /var/run/kibana.pid)
[Install]
WantedBy=multi-user.target

Start and enable kibana to start automatically at system startup.

# systemctl start kibana4.service

# systemctl enable kibana4.service

Check to see if Kibana is working properly by going to http://your-ELK-IP:5601/ in your browser.

You should see the following page where you have to map Logstash index to use Kibana. From the Time-field name dropdown menu select @timestamp.

Spot any mistakes/errors? Or have any suggestions? Please make a comment below.

Part 2: Configuring Kibana 4 visualizations and dashboards. (Coming soon)...

Introduction

Exchange 2013 maintains a detailed record of messages sent between the transport services within an Exchange organization via message tracking logs.

The default location for these logs is; C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\MessageTracking.

Exchange generates 3 main log files (there is a 4th, but its use is negligible):

• MSGTRKMSyyyymmddhh-nnnn.log; traffic events (sent messages)
• MSGTRKMDyyyymmddhh-nnnn.log; traffic events (received messgaes)
• MSGTRKyyyymmddhh-nnnn.log; Transport service events (message flow)

More detailed information regarding Exchange Server 2013 message tracking logs can be found here

Setup

Enable Message Tracking in Exchange 2013

Message tracking in Exchange 2013 should be enabled by default. If it's not, you can use either the Exchange Admin Centre (EAC) or the Exchange Management Shell (EMS) to enable/configure it.

EAC

In the EAC, navigate to Servers > Servers.

Select the Mailbox server you want to configure, and then click Edit

On the server properties page, click Transport Logs.

Make sure the Enable message tracking log checkbox is checked.

Click Save.

EMS

Start the EMS and run the following command:

Set-TransportService <ServerIdentity> -MessageTrackingLogEnabled <$true | $false> -MessageTrackingLogMaxAge <dd.hh:mm:ss> -MessageTrackingLogMaxDirectorySize <Size> -MessageTrackingLogMaxFileSize <Size> -MessageTrackingLogPath <LocalFilePath> -MessageTrackingLogSubjectLoggingEnabled <$true|$false>

e.g.

Set-TransportService CASMBX01 -MessageTrackingLogPath "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\MessageTracking" -MessageTrackingLogMaxFileSize 20MB -MessageTrackingLogMaxDirectorySize 1.5GB -MessageTrackingLogMaxAge 45.00:00:00

Sets the location of the message tracking log files to C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\MessageTracking. Note that if the folder doesn't exist, it will be created for you.

Sets the maximum size of a message tracking log file to 20 MB.

Sets the maximum size of the message tracking log directory to 1.5 GB.

Sets the maximum age of a message tracking log file to 45 days.

Configure Logstash to parse Exchange 2013 message tracking logs

On your ELK server, add the following input & filter to your logstash.conf file in the /etc/logstash/conf.d/ configuration directory, or in separate config files (depending on your setup) e.g. 01-inputs.conf & 12-exchange_msg_trk.conf.

input

#udp syslogs stream via 5141
input {
  udp {
    type => "Exchange"
    port => 5141
  }
}

filter

filter {
  if [type] == "Exchange" {
	csv {
            add_tag => [ 'exh_msg_trk' ]
            columns => ['logdate', 'client_ip', 'client_hostname',  'server_ip', 'server_hostname', 'source_context', 'connector_id', 'source', 'event_id', 'internal_message_id', 'message_id', 'network_message_id', 'recipient_address', 'recipient_status', 'total_bytes', 'recipient_count', 'related_recipient_address', 'reference', 'message_subject', 'sender_address', 'return_path', 'message_info', 'directionality', 'tenant_id', 'original_client_ip', 'original_server_ip', 'custom_data']
	    remove_field => [ "logdate" ]
	    }
	grok {      
        match => [ "message", "%{TIMESTAMP_ISO8601:timestamp}" ]
	    }
	mutate {
    	convert => [ "total_bytes", "integer" ]
	    convert => [ "recipient_count", "integer" ]
	    split => ["recipient_address", ";"]
	    split => [ "source_context", ";" ]
	    split => [ "custom_data", ";" ]
  	    }
	date {
        match => [ "timestamp", "ISO8601" ]
        timezone => "Europe/London"
	    remove_field => [ "timestamp" ]
	    }
	if "_grokparsefailure" in [tags] {
	      drop { }
	    }
	}
}

output

output {
  elasticsearch { host => localhost }
  stdout { codec => rubydebug }
}

Run the following command to test the validity of your configuration:

# /opt/logstash/bin/logstash --configtest -f /etc/logstash/conf.d/logstash.conf

Once you get a 'Configuration OK' message. Restart the Logstash service for the configuration to take effect.

Install & Configure NXLog on your Exchange Server

NXLog is a popular open source log management tool for collecting and forwarding logs from Windows (as well as GNU/Linux) platforms. It also happens to be dead simple to install and configure.

1. Logon to your Exchange server as Administrator. Next, download and run the latest version of the NXLog installer. Follow through the on screen prompts.


2. Open the configuration file C:\Program Files (x86)\nxlog\conf\nxlog.conf, (or on 64bit installs C:\Program Files\nxlog\conf\nxlog.conf).


3. Edit your nxlog.conf to look like the following:

   ## This is a sample configuration file. See the nxlog reference manual about the
   ## configuration options. It should be installed locally and is also available
   ## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html
   
   ## Please set the ROOT to the folder your nxlog was installed into,
   ## otherwise it will not start.
   
   #define ROOT C:\Program Files\nxlog
   define ROOT C:\Program Files (x86)\nxlog
   
   Moduledir %ROOT%\modules
   CacheDir %ROOT%\data
   Pidfile %ROOT%\data\nxlog.pid
   SpoolDir %ROOT%\data
   LogFile %ROOT%\data\nxlog.log
   
   <Extension syslog>
       Module      xm_syslog
   </Extension>
   
   define BASEDIR C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\MessageTracking
   
   <Input in_exchange>
      Module     im_file
      File       '%BASEDIR%\MSGTRK????????*-*.LOG' # Exports all logs in Directory
      SavePos    TRUE
      Exec       if $raw_event =~ /HealthMailbox/ drop();
      Exec       if $raw_event =~ /^#/ drop();
   </Input>
   
   <Output out_exchange>
       Module    om_udp
       Host      192.168.0.2 # Replace with your Logstash hostname/IP
       Port      5141        # Replace with your desired port
       Exec      $SyslogFacilityValue = 2;
       Exec      $SourceName = 'exchange_msgtrk_log';
       Exec      to_syslog_bsd();
   </Output>
   
   <Route exchange>
       Path      in_exchange => out_exchange
   </Route>
   

   N.B. Replace the Host IP and Port value with those you configured on your Logstash server earlier.
   
   

   Exchange uses the health mailboxes to establish that email connectivity exists to the various databases in the system by sending artificial messages to and from the mailboxes every five minutes or so. For my use case, I had no need to export the message tracking logs associated with these health messages. The line Exec if $raw_event =~ /HealthMailbox/ drop(); drops these log entries from those being exported to Logstash. You can of course comment out or remove this line if you require these entries for your own analysis.



4. In Powershell or a Command Prompt run net start nxlog to start NXLog.

Kibana

Once your logs are successfully flowing to your logstash server, you can use queries and filters in Kibana to create panels like these:

Message Volumes


Top Senders & Message Percentage Breakdown

Link to Exchange message tracking Dashboard; Gist: 4b9cd98715c0ba2a75de

If using my dashboard;

1. In the Gist, replace my (Outbound) Send Connector name ('Outbound Internet Mail') with that of your own (or at least with that of the Send Connector you wish to analyse).

You can find the name of your Send Connector via the EAC; Click mail flow > send connectors and you'll see your Send Connectors name listed in the table. Alternatively, you can run Get-SendConnector in the EMS. Your send connector name(s) will be listed under the Identity column.

2. You may have to adjust the default pinned queries depending on how you differentiate between internal and external communication in your Exchange organization setup.

Sources:

Configure Message Tracking: http://technet.microsoft.com/en-us/library/aa997984(v=exchg.150).aspx

Spot any mistakes? Or have any suggestions? Please make a comment below.

Originally created by Phil Matthews almost 5 years ago, this set of payment icons is still my favourite:

I needed a 'bitcoin' payment icon to match this set for a project I'm working on, so decided to create one.


Once I created the template, I thought I may as well update a few of the outdated icons from the original pack that I also needed.

• Visa (2014 logo)
• PayPal (2014 logo)
• Skrill (formerly moneybookers)
• Sage (inverted)

Like the original set, I've included 32px, 64px, 128px, PNG curved & straight in the zip download below.

[download these updates free](http://bit.ly/payment-icon-set-updates) (zip, 148KB)

Source: http://www.smashingmagazine.com/2010/10/21/free-png-credit-card-debit-card-and-payment-icons-set-18-icons/


Three lines!:

# wget https://github.com/elijahpaul/install-transmission/raw/master/install-transmission.sh

# chmod u+x install-transmission.sh

# ./install-transmission.sh

Done.

You can now use the transmisson-remote-gui front-end app to access your install remotely, or access the web interface via the web URL http://<YOUR-SERVER-IP>:9091

Go ahead and try downloading a torrent:
Ubuntu 14.04 LTS Server (64bit)

EDIT: What's updated from the original?

• Added xz to the install on line 9 to enable tar to untar the transmission-2.84.tar.xz file
• ~~Updated the libevent package from version libevent-2.0.19-stable.tar.gz to libevent-2.0.21-stable.tar.gz
  And switched the download URL from github to sourceforge (due to SSL handshake errors with some versions of wget and the orignal URL)~~
• 9th July 2015: Updated libevent to version libevent-2.0.22-stable.tar.gz & URL from dead sourceforge link to github (see here)
• Updated the CSF firewall restart command from service csf restart to csf -r

If you spot any errors or have any issues, please do leave a comment here or on GitHub

source: http://transmissionseedbox.blogspot.de/2012/01/creating-seedbox-in-centos-6.html

Password protecting your folders using htaccess protection involves two files, .htaccess and .htpasswd.

1. Use the following command in Linux to create the .htpasswd file (by the way the .htpasswd file can be named anything, doesn't have to be named '.htpasswd'). Replace username with the username you wish to use:

htpasswd -c /path/to/.htpasswd username

The files contents will look something like this:

username:dGRkPurkuWmW2

Alternatively you can use an online .htpasswd generator to create the password(s) you require and manually write them to your .htpasswd file.

Ensure that the webserver has access permissions to your .htpasswd file (and the parent folder it's located in). And be sure to create the .htpasswd file outside of a publicly accessible directory.

Each line in the .htpasswd file can contain a username and password combination, so add as many combinations as you require.

2. Now create a plane text file in Windows or Linux inside the folder you wish to password protect with the following contents:

AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user

Replace /path/to/.htpasswd with the full path to your .htpasswd file.

Your directory is now password protected.

Download the script

# wget -O mk-agent-install.sh http://pastie.org/pastes/9233120/download

Make the script executable and run it. Important: you must be using CentOS 6 (64bit) and you must be root, otherwise this will not work.

# chmod u+x mk-agent-install.sh

# ./mk-agent-install.sh
Enter the IP address(es) of your OMD/Nagios server(s) (separated by spaces): 

Enter the IP address(es) of your OMD/Nagios server(s) separated by spaces.

That's it.

Nagios' plugin check_http can also be used to verify the validity/expiration of an SSL certificate.

However if your webserver uses SNI (multiple SSL certificates on the same IP address), you have to use the --sni switch. Otherwise information for the wrong (default) SSL certitificate will be shown:

./check_http -H reddit.com -S -C 30,14
OK - Certificate 'notreddit.com' will expire on Thu May 29 00:59:00 2014.

Note the wrong certificate common name.

For SNI enabled webservers, the switch --sni is a must:

./check_http -H reddit.com -S --sni -C 30,14
OK - Certificate 'reddit.com' will expire on Thu Apr 23 00:59:00 2015.

Source: check_http and SNI SSL certificates

Shortcut link to permanently close your Amazon Web Services account:

Login as normal, use the link below.

https://console.aws.amazon.com/billing/home?#/account

Scroll down to the cancel option;

Tick the checkbox and click on 'Close Account'

GitLab 7 (Omnibus)

Edit the /etc/gitlab/gitlab.rb file to match your SMTP servers settings and credentials. e.g.:

gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.server"
gitlab_rails['smtp_port'] = 456
gitlab_rails['smtp_user_name'] = "smtp user"
gitlab_rails['smtp_password'] = "smtp password"
gitlab_rails['smtp_domain'] = "example.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true

# If your SMTP server does not like the default 'From: gitlab@localhost' you
# can change the 'From' with this setting.
gitlab_rails['gitlab_email_from'] = 'gitlab@example.com'

Now run:

gitlab-ctl reconfigure

Done.

GitLab 6 & 7 (Manual Install)

First edit the config/environments/production.rb file, to configure GitLab to use SMTP by default; change the line:

config.action_mailer.delivery_method = :sendmail

to

config.action_mailer.delivery_method = :smtp

Now make a copy of the smtp_settings.rb.sample file:

# cp config/initializers/smtp_settings.rb.sample config/initializers/smtp_settings.rb

And edit the appropiate settings (address, port, username, password, etc...):

# To enable smtp email delivery for your GitLab instance do next:
# 1. Rename this file to smtp_settings.rb
# 2. Edit settings inside this file
# 3. Restart GitLab instance
#
if Rails.env.production?
  Gitlab::Application.config.action_mailer.delivery_method = :smtp

  ActionMailer::Base.smtp_settings = {
    address: "email.server.com",
    port: 465,
    user_name: "smtp",
    password: "123456",
    domain: "gitlab.company.com",
    authentication: :login,
    enable_starttls_auto: true
  }
end

Here are a couple of example settings:

Gmail####

config.action_mailer.smtp_settings = {
  :address              => "smtp.gmail.com",
  :port                 => 587,
  :domain               => 'gmail.com',
  :user_name            => 'account@gmail.com',
  :password             => 'password',
  :authentication       =>  :plain,
  :enable_starttls_auto => true
}

Mailgun####

config.action_mailer.smtp_settings = {
  :address              => "smtp.mailgun.org",
  :port                 => 587,
  :domain               => 'gitlab.mydomain.com',
  :user_name            => 'user@mydomain.org',
  :password             => 'password',
  :authentication       =>  :plain,
  :enable_starttls_auto => true
}

Restart GitLab & nginx:

# service gitlab restart
# service nginx restart

That's it, you're done.

GitLab CE (Community Edition) is essentially a self-hosted opensource clone of the online Git code repository service GitHub.

The main installation guide for GitLab was written for installation on Ubuntu/Debian operating systems.

This guide covers the steps required for a fresh install of GitLab production server on CentOS 6.5 with Percona Server 5.6 (drop-in replacement for MySQL®).

1. Install the EPEL and RPMForge packages,and update CentOS 6.5.

# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

# rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

# yum -y update

2. Enable the RPMForge Extras. Open the RPMForge repo.

nano /etc/yum.repos.d/rpmforge.repo

and change enabled = 0 under [rpmforge-extras] to enabled = 1

3. Add the EPEL SCL (Software Collections) repo to your CentOS installation.

# wget -P /etc/yum.repos.d http://people.redhat.com/bkabrda/scl_ruby193.repo

4. Then install the Development tools.

# yum -y groupinstall 'Development Tools'

5. Install the Percona repo and Percona Server 5.6

# rpm -Uhv http://www.percona.com/downloads/percona-release/percona-release-0.0-1.x86_64.rpm
# yum -y install Percona-Server-client-56 Percona-Server-server-56 Percona-Server-devel-56

6. Ok. Now install ruby193, git, redis and nginx (as well as a few other required packages). And start all the services.

(* The install command below should cover all the packages required to enable a smooth install of GitLab. However, depending on your base install of CentOS 6.5, you may require some extra packages not listed below. The installation process is pretty good at making clear what you're missing if anything.)

# service mysql start 
# service redis start 
# service nginx start 
# chkconfig mysql on
# chkconfig redis on
# chkconfig nginx on

7. Add the user git and set the git globals.

# adduser -r -s /bin/bash -c 'Gitlab user' -m -d /home/git git
# chmod o+x /home/git
# su - git
[git@gitlab ~]$ git config --global user.name "GitLab"
[git@gitlab ~]$ git config --global user.email "gitlab@localhost"
[git@gitlab ~]$ git config --global core.autocrlf input

8. Still as the git user, clone the git repos.

[git@gitlab ~]$ git clone https://github.com/gitlabhq/gitlab-shell.git
[git@gitlab ~]$ git clone https://github.com/gitlabhq/gitlabhq.git gitlab

9. Extend your .bashrc ( [git@gitlab ~]$ nano .bashrc ) to have the following content which will load our scl environment for us when we login.

# .bashrc

# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi

source /opt/rh/ruby193/enable

# User specific aliases and functions

10. Make sure the paths are right. You can test this by executing env.

11. Logout and login again as user gitlab ( su - git ). If everything went fine you should be able to do this.

[git@gitlab ~]$ which ruby
/opt/rh/ruby193/root/usr/bin/ruby
[git@gitlab ~]$ ruby --version
ruby 1.9.3p327 (2012-11-10 revision 37606) [x86_64-linux]

12. As git, cd into the git-shell dir and checkout version 1.7.1

[git@gitlab ~]$ cd gitlab-shell/
[git@gitlab gitlab-shell]$ git checkout v1.8.0

13. Copy the file config.yml.example to config.yml in the git-shell directory

cp config.yml.example config.yml

14. Install gitshell.

[git@gitlab gitlab-shell]$ ./bin/install

15. IMPORTANT. Do this still as the git user! Checkout gitlab 6.

[git@gitlab ~]$ cd gitlab
[git@gitlab gitlab]$ git checkout 6-6-stable

16. Now configure Gitlab and install the gems.

[git@gitlab gitlab]$ gem install json
[git@gitlab gitlab]$ gem install charlock_holmes --version '0.6.9.4'

17. Time to configure GitLab. Copy the example GitLab config and set the necessary file permissions, ownership, and create the required directories using the following commands.

[git@gitlab gitlab]$ cp /home/git/gitlab/config/gitlab.yml{.example,}
[git@gitlab gitlab]$ sed -i 's/localhost/gitlab.local.domb.com/g' /home/git/gitlab/config/gitlab.yml
[git@gitlab gitlab]$ chown -R git /home/git/gitlab/log/
[git@gitlab gitlab]$ chown -R git /home/git/gitlab/tmp/
[git@gitlab gitlab]$ chmod -R u+rwX /home/git/gitlab/log/
[git@gitlab gitlab]$ chmod -R u+rwX  /home/git/gitlab/tmp/
[git@gitlab gitlab]$ mkdir /home/git/gitlab-satellites
[git@gitlab gitlab]$ mkdir /home/git/gitlab/tmp/pids/
[git@gitlab gitlab]$ mkdir /home/git/gitlab/tmp/sockets/
[git@gitlab gitlab]$ chmod -R u+rwX /home/git/gitlab/tmp/pids/
[git@gitlab gitlab]$ chmod -R u+rwX /home/git/gitlab/tmp/sockets/
[git@gitlab gitlab]$ mkdir /home/git/gitlab/public/uploads
[git@gitlab gitlab]$ chmod -R u+rwX /home/git/gitlab/public/uploads

18. Update your /home/git/gitlab/config/gitlab.yml file with your host (e.g. mygitlab.example.com), and email address ( email_from ).

19. Copy the /home/git/gitlab/config/unicorn.rb.example to /home/git/gitlab/config/unicorn.rb and configure it by uncommenting the follow section.

 72    old_pid = "#{server.config[:pid]}.oldbin"
 73    if old_pid != server.pid
 74      begin
 75        sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
 76        Process.kill(sig, File.read(old_pid).to_i)
 77      rescue Errno::ENOENT, Errno::ESRCH
 78      end
 79    end

20. Change the user and password in the /home/git/gitlab/config/database.yml file (create this file or rename the existing database.yml.mysql file).

  production:
  adapter: mysql2
  encoding: utf8
  reconnect: false
  database: gitlabhq_production
  pool: 5
  username: gitlab
  password: "mysql_password_here"
  # host: localhost
  # socket: /tmp/mysql.sock

21. Create a MySQL User in Percona

[git@gitlab gitlab]$ mysql -u root
# Create a user for GitLab. (change 'mysql_password_here' to a real password)
CREATE USER 'gitlab'@'localhost' IDENTIFIED BY 'mysql_password_here';

# Create the GitLab production database
CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;

# Grant the GitLab user necessary permissions on the table.
GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `gitlabhq_production`.* TO 'gitlab'@'localhost';

22. Check you can login as the gitlab user.

[git@gitlab gitlab]$ mysql -u gitlab -p -D gitlabhq_production

23. As root, create a gitlab.conf nginx config file # nano /etc/nginx/conf.d/gitlab.conf, and add the following to it.

upstream gitlab {
  server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
}
 
server {
  listen *:80 default_server;  # e.g., listen 192.168.1.1:80; In most cases *:80 is a better
  server_name gitlab.local.domb.com;  # e.g., server_name mygitlab.example.com;
  server_tokens off;     # don't show the version number, a security best practice
  root /home/git/gitlab/public;
 
  # individual nginx logs for this gitlab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;
 
  location / {
    # serve static files from defined root folder;.
    # @gitlab is a named location for the upstream fallback, see below
    try_files $uri $uri/index.html $uri.html @gitlab;
  }
 
  # if a file, which is not found in the root folder is requested,
  # then the proxy pass the request to the upsteam (gitlab unicorn)
  location @gitlab {
    proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_redirect     off;
 
    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   Host              $http_host;
    proxy_set_header   X-Real-IP         $remote_addr;
 
    proxy_pass http://gitlab;
  }
}

24. (You may need to) Disable the nginx default.conf config file, and restart nginx.

# mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/defualt.conf.off
# service nginx restart

25. From the gitlab dir execute the below to enable support with MySQL/Percona.

[git@gitlab gitlab]$ bundle install --deployment --without development test postgres
[git@gitlab gitlab]$ bundle exec rake gitlab:setup RAILS_ENV=production

# Type 'yes' to create the database tables.

26. If everything installed without any errors you'll see:

Administrator account created:

login.........admin@local.host
password......5iveL!fe

27. As root get the init script.

# cp /home/git/gitlab/lib/support/init.d/gitlab /etc/init.d/gitlab
# chmod +x /etc/init.d/gitlab

28. If you want you can now configure the mail server. Open /etc/mail/sendmail.mc and add or modify the following lines.

Add:
define(`SMART_HOST', `smtp.example.com')dnl
Comment
dnl EXPOSED_USER(`root')dnl

29. Restart sendmail # service sendmail restart

30. Forward all email to a central mail address.

# echo adminlogs@example.com > /root/.forward
# chown root /root/.forward
# chmod 600 /root/.forward
# echo adminlogs@example.com > /home/git/.forward
# chown git /home/git/.forward
# chmod 600 /home/git/.forward

31. Your done. Start up your server

# service gitlab start
# service nginx restart

32. You can now browse to your GitLab URL http://yourgitlabserver.com and login using the username and password presented during the installation.

Sources:
GitLab 6.0 (6.x) installation instructions with SCL for RHEL 6.4 and CentOS 6.4

GitLab.org - installation.md

If you spot any errors above, please do drop me a comment below.

Note to self:

When generating a new private key using openssl_pkey_new(), and specifying the private_key_bits parameter as a variable.

Be sure to cast the variable to an integer!

e.g.

$keysize = "2048";
$privateKey = openssl_pkey_new(array(
    'private_key_bits' => $keysize, // ---> This won't work
    'private_key_bits' => (int)$keysize, // ---> Correct
    'private_key_bits' => 2048, // ---> Also correct.
    'private_key_type' => OPENSSL_KEYTYPE_RSA,
));

By default Nagios uses localhost to send email notification alerts to designated admins. You can of course setup DNS records to white list your Nagios IP/Hostname in order to prevent notifications being marked as spam. But it's a lot easier to setup up Nagios to use an external SMTP server.

SendEmail allows Nagios to do just that.

1. Download the SendEmail tar file from http://caspian.dotconf.net/menu/Software/SendEmail/sendEmail-v1.56.tar.gz

# wget http://caspian.dotconf.net/menu/Software/SendEmail/sendEmail-v1.56.tar.gz

 
2. Extract, and copy sendEmail to /usr/local/bin

# tar -xvzf sendEmail-v1.56.tar.gz
# cp sendEmail-v1.56/sendEmail /usr/local/bin

3. SendEmail requires the Net::SSLeay and IO::Socket::SSL perl modules be installed to function, so install these if they're not already:

# yum install perl-Net-SSLeay
# yum install perl-IO-Socket-SSL

4. Now modify the notify-host-by-email and notify-service-by-email commands in Nagios' commands.cfg file as follows:

define command{
command_name notify-host-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/local/bin/sendEmail -f your_email@your_domain.com -s smtp.server.ip_or_hostname:portnumber -u "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" -t $CONTACTEMAIL$
}

define command{
command_name notify-service-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$" | /usr/local/bin/sendEmail -f your_email@your_domain.com -s smtp.server.ip_or_hostname:portnumber -u "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" -t $CONTACTEMAIL$
}

 
Replace your_email@your_domain.com and smtp.server.ip_or_hostname:portnumber with the email address and SMTP server address (and SMTP port number if applicable) with your external SMTP server details.

If your server requires authentication add the following lines to each command:

 -xu your_email_username -xp your_password

 
If your server utilizes TLS add:

 -o tls=yes

5. Check out http://caspian.dotconf.net/menu/Software/SendEmail for more command line options.

6. Check your modified Nagios configuration is ok:

# /etc/init.d/nagios checkconfig

7. Restart your Nagios service:

# /etc/init.d/nagios restart

Your done. Nagios will now send alert notifcations via your external SMTP server.

Source: http://ricochen.wordpress.com/2012/04/18/use-external-smtp-server-to-send-nagios-alerts

Since I couldn't find a straight forward tutorial for installing a RapidSSL (or any other) Commerical Certificate on Zimbra 8.0, I decided to write one for reference if not anything else.

RapidSSL Commercial Certificates offer a cost effective way to add a commercial cert to your Zimbra server.

The easiet method to install a RapidSSL cert is via the CLI as the root user.

1. Start by logging into your Zimbra servers CLI via SSH.

2. As root, begin by generating a Certificate Signing Request (CSR). Below replace 'mail.yourdomain.com' with the FQDN of your Zimbra server.

# /opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize 2048 -subject "/C=GB/ST=England/L=London/O=Company Name/OU=Company Branch Name/CN=mail.yourdomain.com" -subjectAltNames mail.yourdomain.com

The above command includes the following codes:

/C = Country: The Country is a two-digit code -- for the United Kingdom, it's 'GB'. A list of country codes is available here -

/ST = State: State is a full name, i.e. 'California', 'Scotland'.

/L = Locality: Locality is a full name, i.e. 'London', 'New York'.

/O = Organization: The Organization Name is your Full Legal Company or Personal Name, as legally registered in your locality.

/OU = Organizational Unit: The Organizational Unit is whichever branch of your company is ordering the certificate such as accounting, marketing, etc.

/CN = Common Name: The Common Name is the Fully Qualified Domain Name (FQDN) for which you are requesting the ssl certificate. This will be the FQDN of your Zimbra server, e.g. mail.yourdomain.com or zimbra.yourdomain.com

3. Now upload/send the certificate request (Zimbra saves it to '/opt/zimbra/ssl/zimbra/commercial/commercial.csr') to your SSL provider. They will most likely provide you with your Commercial Certificate via an email in the form of text or an attached file.

4. Save your Commercial Certificate in a temporary file. If it was provided as plain text, you can cut and paste it into a new file using
nano

# nano /tmp/commercial.crt

5. Download and save the root Certificate Authority (CA) for RapidSSL certificates to a temporary file. (e.g. /tmp/ca.crt). Again you can cut and paste the CA text into a new file using nano.

# nano /tmp/ca.crt

The root CA for RapidSSL certificates is provided by GeoTrust and can be found here - https://ssltest12.bbtest.net/

6. Download any intermediary CAs from your SSL provider, again to a temporary file. (e.g. /tmp/ca_intermediary.crt). RapidSSL certs usually come with a single intermediary certificate. Once again, if the intermediary certificate is provided as plain text cut and paste it using nano

# nano /tmp/ca_intermediary.crt

7. Combine root and intermediary CAs into a temporary file.

# cat /tmp/ca.crt /tmp/ca_intermediary.crt > /tmp/ca_chain.crt

8. Verify your commercial Certificate:

# /opt/zimbra/openssl/bin/openssl verify -CAfile /tmp/ca_chain.crt /tmp/commercial.crt

9. Deploy your commercial certificate

# /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt

10. To finish, verify the certificate was deployed.

# /opt/zimbra/bin/zmcertmgr viewdeployedcrt

11. Restarting Zimbra services will ensure the new commercial certificate takes effect

# su zimbra
# zmcontrol restart