Frequently Asked Questions

adolsign (4)

FAQ

By default, Outlook 2013/2016 behaves differently regarding the linked images.  While previous versions of Outlook embed those into the message, Outlook 2013/2016 keeps them linked.

A registry change is required to make sure that Outlook 2013/2016 behaves similar to previous versions:

For Outlook 2013:

Key: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Options\Mail
Value type: REG_DWORD
Value name; Send Pictures With Document
Value: 1

For Outlook 2016:

Key: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options\Mail
Value type: REG_DWORD
Value name; Send Pictures With Document
Value: 1

See Inline images may display as a Red X in Outlook for more information.

 

 FAQ

Conditional fields are a convenient way to handle empty values. It is often desireable to drop leading or trailing texts in signatures if a field is not defined or empty in Active Directory. Adolsign supports five directives in field definitions:



--prefix text Adds text in front of the field if it is not empty
--postfix text Adds text at the end of the field if it is not empty
--ignoreline Drops the whole line if the field is empty. NB! option ignoreline has limited support for html signatures (removes br / tag only) and rtf signatures (remove \par tag only).
--default text Use text as default if the field is empty
--case directive[,...] ... Use directive for case manipulation. Allowed directives are lowercase, uppercase, lowerfirst, upperfirst. Multiple directives are allowed and they will be processed in the specified order.
--anchor type Generate HTML code for dynamic links. As an example --anchor http creates an http link.
--format format Formats the value according to the format. As an example, --format "%s%s *** %s%s" produces 12 *** 34 for the value 1234.


Conditional directives can be defined by using the following syntax:

scancode( one or more conditional directives )scancode 

Examples:

field_telephone( --prefix "Tel: " )field_telephone

Produces Tel: +11111111 if the telephone number is +11111111. Produces nothing if it is empty.

field_department( --prefix "Department: " --ignoreline )field_department

Produces Department: Sales if the department is Sales. Produces nothing and removes the whole line if it is empty.

field_homepage( --default "www.default.com" --case lowercase )field_homepage

Converts the homepage to lowercase. Produces www.default.com if the homepage is not defined.

FAQSometimes it might be necessary to make signatures available by other means than login/startup scripts or group policies. You may have users with occasional access to your corporate network, or you want to distribute signatures by e-mail or a web site. Adolsign's makepackage can be useful for offline distribution.

adolsign --makepackage --user myuser --sig standard --addfile corporate.jpg --vcard


The command above

  • creates the signature files standard.txt, standard.htm or standard.rtf (at least one!), by mapping scan codes to Active Directory properties for the user myuser
  • picks up the image file corporate.jpg, assuming that it is used in the standard.htm
  • creates the vcard file standard.vcf
  • packs all of the files above into a tiny installer called myuser_signature_NNNN.exe


You can then make the signature installer available to your user. The signature standard will be available in Outlook, when the installer is run on his/her PC.

 

FAQYes. You can use the configuration file adolsign.config for that purpose:


.....
[Field Mappings]

field_login = SamAccountName
field_fullname = FullName
field_firstname = FirstName
.....

You can simply add your mappings to the list above. As an example, if you want to use ipPhone value from Active Directory, simply add the line below:

field_ipphone = ipPhone


You can now use field_ipphone in your signature templates.

cixwin (1)

 

Probably, there is an uncontrolled X instance running at the background.

Terminate it via Task Manager or by using the taskkill command: TASKKILL /F /IM Xwin.exe /T

and start ciXwin connect wizard again.

 

copssh (20)

The problem can be related to address changes of Windows DLLs after a Windows update operation. That behaviour may create collisions for more static Cygwin DLLs, especially in a 32-bit environment. We suggest to reboot the system as a first measure. You may need to install Copssh again by using our recipe which allows to keep an existing configuration intact. Consider to install the 64-bit version (available only in the product edition) if the problem still persists.

You can use our Win2ban which is a Fail2ban implementation for Windows with Elastic Winlogbeat as the eventlog shipper. Check the related Win2ban FAQ for details: How can I configure Win2ban for brute force attacks against Copssh ?

FAQ

  • Create an ordinary domain user with a non-expiring complex password (example svccopssh)
  • Run the Copssh installer and specify domain\svccopssh as the service account with the password.

 

 

FAQ

 

By default, Copssh uses Windows event log for ssh logging. Sftp logging for isolated home sftp directories doesn't work as expected however. Follow steps below to activate a syslog based logging which works for both ssh and sftp logging:

  • Download SyslogServer-addon-bundle here
    • SHA256: 09d764f24f3698dd1c8bde606478ca8770a52295110d65873a1b6b2aec1d8642, PGP Signature - Our PGP public key is available here.
  • Run the installer appropriate for your installation (x86/32-bit, x64/64-bit). It will automatically update your Copssh installation by installing a syslog service.
  • Start SyslogServer service (it will create the socket /dev/log for syslog operations)
  • Make sure that both ssh and sftp logging are set to eventlog via Copssh Control Panel
  • Restart the service via Copssh Control Panel
  • Default syslog configuration sends all log messages to /var/log/messages. Syslog configuration file is located at /etc.

FAQ

The problem may be related to the potentially incompatible changes introduced in OpenSSH 6.7 (link is external) (included in Copssh 5 and higher) to remove unsafe algorithms.

If you run Copssh 5.8.1 or higher, you can update the configuration via GUI:

Copssh Control Panel with advanced server options

  • Alternatively, you can add following line to the [server] section of the configuration file bin/copsshcp.config before starting Copssh Control Panel:

Ciphers=+aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

  • Restart the service via Copssh Control Panel

FAQ

The problem may be related to the potentially incompatible changes introduced in OpenSSH 6.7 (included in Copssh 5 and higher) to remove unsafe algorithms.

  • Add following line to the [server] section of the configuration file bin/copsshcp.config:

KexAlgorithms=curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

  • Restart the service via Copssh Control Panel

FAQ

 

In some situations, it may be necessary to make a clean install to make an upgrade work. You can do it by following steps below:

  • Backup your host keys in etc directory (etc/ssh_host*)
  • Uninstall the existing version of Copssh
  • Remove remnants of the installation directory except home directories if they exist
  • Make sure that the service account and the sshd account are removed
  • Install new Copssh
  • Restore host keys back to etc directory
  • Start Copssh Control Panel and verify that the service is running
  • Activate your users again and specify their existing home directories as the home directory during the activation

Creation of a dedicated service account for Copssh became necessary when the built-in SYSTEM account lost some required privileges as of Windows 2003. By default, the Copssh installer creates the local account SvcCOPSSH  (24-char complex password, no password expiration) with following privileges:

  • Member of local Administrators group
  • User rights for proper operation:
    • SeCreateTokenPrivilege
    • SeAssignPrimaryTokenPrivilege
    • SeIncreaseQuotaPrivilege
    • SeServiceLogonRight
  • User rights for better security:
    • SeDenyBatchLogonRight
    • SeDenyInteractiveLogonRight
    • SeDenyNetworkLogonRight

Copssh installer will also try to apply all those above, if you have specified an existing account during the setup.

More info:

SSHD, Cygwin and Windows 2003

 

**NB: This FAQ doesn't apply to Copssh 4.3.1 and up as they handle the problem automatically.

By default, normal users are not allowed to log on locally on domain controllers. Same restrictions may also apply for other Windows systems . User right Allow log on locally needs to be delegated for proper login.

One-time procedure:

  1. Create a security group for COPSSH users.
  2. Add your group to the list of authorized credentials for the required user right:

Administrative Tools--> Domain Controller Security Policy for domain controllers or Local Security Policy for other Windows systems) --> Local Policies--> User Rights Assignment--> Allow Log on locally

For every ordinary copssh user:

  1. Make the user a member of the group mentioned above.
  2. Activate user in Copssh control panel

 

  • Activate a user via Copssh control panel
  • Import your public key via Control Panel:

Import a public key via Copssh control Panel

  •  Your Copssh server is ready to accept PKA based on your keys.

There will be a shortcut in the user's copssh home directory, pointing to the user's windows home.The way it's done is using a soft link:

  1. Start a bash shell, locally or remotely
  2. Change to the user's home directory if it is not already done
  3. Link a directory or network share to a local name by using ln command


Examples:

ln -s "/cygdrive/d/pub/" "pub"

 creates a link from D:\pub to pub in the user's home directory.

 ln -s "//myserver/netdata" "netdata"

 creates a link from \\myserver\netdata to netdata in the user's home directory.


Now, the user can use pub and netdata to access D:\pub and/or \\myserver\netdata respectively.

Can I change the location of my home directory?

Copssh Control Panel User activation wizard allows you to specify a home directory of your own choice:

 

Copssh Control Panel User Activation Wizard Home Directory

 

 

 

  • Activate a user and create a PKA key pair with empty passphrase via Copssh control panel:

Create a PKA key pair with empty passphrase via Copssh Control Panel

 

  • You can take your private key with you and initiate passwordless connections from other machines. An example to start ssh shell:

ssh -i privatekey user@copssh_host

 

NB! Your private key is NOT protected by a passphrase and can be used by anyone. Keep it safe!

How can I limit users' access to their home directories only ?

  • Activate a user and select access type Sftp via Copssh control panel:

Copssh Control Panel User Activation Wizard Sftp access

 

  • Access type Sftp instructs Control Panel to make required arrangements for a chrooted environment. You can also specify an alternative home directory.

**UPDATED** Copssh Control Panel introduced in version 4 has solved that problem. Previous Copssh versions and copsshadm command line tool still have that problem.

This is a known error related to the localized names of the groups administrators and users. There is no solution yet. However, You can use the workaround below:

  •  Rename localized equivalents of the groups administrators and users to something readable in latin (can be done via Administrative Tools->Computer Management->Local Users and Groups for example)
  • Run copssh installer
  • Rename the groups above back to their original values.

**UPDATED ** Sometimes it may be necessary to see directly how the openssh daemon reacts to startup or connection requests, to be able to locate daemon-related problems. 

 

  • Stop Openssh SSHD (system name:OpenSSHServer) service
  • Right click Start a Unix Bash Shell from Copssh start menu (assuming that you have admin privileges)
  • Enter the following command from the bash prompt:

/bin/sshd -p <listening port> -D -d -e

This will start openssh daemon in standalone debug mode and messages will be displayed on the screen. You may specify up to three -d for increased output verbosity.

  • Try to initate a putty session and watch messages at the server side.

 

 Dependent on software or configuration issues on your PC, copssh service may sometimes not start properly. The problem can be a service, a device helper, anti virus, firewall and so on, interferencing operations of the copssh service.

 A possible solution is to delay the service startup until the problem services are started successfully. You can use the procedure below to make copssh service dependent on MyService:

 

  • Create the following REG_MULTI_SZ value in the registry if it doesn't exist before:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OpenSSHServer\DependOnService

  • Add MyService to the registry value created above. It is possible to specify multiple entries separated by space.
  • Restart your PC.

 

Copssh can be installed silently by using the switches below:

Copssh_x.x.x_Installer.exe /u=user /p=password /S

where user/password specify the service account credentials

 

You can also specify a new installation directory by the /D switch:

Copssh_x.x.x_Installer.exe /u=user /p=password /S /D=C:\test\copssh

Some recommendations (not all of them can be applicable in your case, no sorting by importance):


 

Recommendation Benefits/Side effects How
Change port 22 to something non-standard Reduces your vulnerability surface dramatically by taking a well-known parameter out of equation, not applicable if you have a general purpose server. Security by obscurity ? Yes. However, there are many script kiddies out there bombing port 22 wherever they find. Conf.file etc\sshd_config: port
Reduce the maximum number of concurrent unauthenticated con-
nections
Reduces your vulnerability surface by allowing a smaller number of potentialy dangerous attacks simultaneously. Conf.file etc\sshd_config: MaxStartups (default 10)
Turn off authentication by password. Use public key authentication instead. Eliminates the most widely used technique of potential attacks: cracking passwords.

Conf.file etc\sshd_config: PasswordAuthentication no

PubkeyAuthentication
(default yes)

Restrict access by host Use your firewall setting to limit hosts authorized for access

 

Restrict access by user/group  

Conf.file etc\sshd_config:

AllowUsers
AllowGroups

 

I am fond of fancy and short names :-))

 

Cygwin + OPENSSH is a qualified guess !!

cwrsync (20)

 

Try to remove /etc/fstab and use the option --no-perms  option instead. The problem can also be related to real-time anti-virus scanning. Consider file/folder exclusion if possible.

 

 

FAQ

From Windows Developer network:

“In the Windows API (with some exceptions discussed in the following paragraphs), the maximum length for a path is MAX_PATH, which is defined as 260 characters. A local path is structured in the following order: drive letter, colon, backslash, name components separated by backslashes, and a terminating null character. For example, the maximum path on drive D is "D:\some 256-character path string<NUL>" where "<NUL>" represents the invisible terminating null character for the current system codepage. (The characters < > are used here for visual clarity and cannot be part of a valid path string.)

The Windows API has many functions that also have Unicode versions to permit an extended-length path for a maximum total path length of 32,767 characters. This type of path is composed of components separated by backslashes, each up to the value returned in the lpMaximumComponentLength parameter of the GetVolumeInformation function (this value is commonly 255 characters). To specify an extended-length path, use the "\\?\" prefix. For example, "\\?\D:\very long path".”

 

Even if the underlying APIs may have support for really long paths, the problem occurs due to user interface tools like Windows Explorer, Cmd prompt and PowerShell which don't support Unicode variants of the Windows APIs. The result is then path names up to 256 chars. As of version 1.7, Cygwin uses unicode Windows APIs, you can use tools like bash shell or nano editor for management of files/paths with long names.

Log example for cwRsync transfer with long path names:

...
2014/03/25 22:08:42 [1784] >f+++++++++ backup/0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
/0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
/0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
/0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789/testfile
...

Assuming that you want to pull directory c:\backup on Windows machine to /var/backup on Linux machine:

On Windows machine :

  • Install Cwrsync Server
  • Start RsyncServer service
  • Add a new module to the configuration file rsyncd.conf :

[backup]
path = /cygdrive/c/backup
read only = true
transfer logging = yes


On Linux machine :

  • Use the command below to initiate rsync:

rsync -vrt windows_machine::backup /var/backup


NB! Keep in mind that the recipe above is suitable for operations within a secure network.

As of version 2.6.7, rsync server can kick scripts before and after transfers. You can use the recipe below to implement this very handy functionality in cwrsync server:

  1. Install Copssh and Cwrsync Server.
  2. Start a windows command shell from cwrsync start menu and make a copy of bash.exe as sh.exe in the bin directory.

    copy bin\bash.exe bin\sh.exe
  3. Create two script files in the bin directory for pre-exec operations:

    c:\program files\ICW\bin\pre-exec.sh



    # Shell script for your pre-exec operations
    cmd /c "c:\program files\ICW\bin\pre-exec.cmd"
    exit 0




    c:\program files\ICW\bin\pre-exec.cmd




    @ECHO OFF
    .....
  4. Create two script files for post-exec operations as described above.
  5. Update your rsyncd.conf file:




    # Module definitions
    [test]
    path = .....
    ......
    pre-xfer exec = /bin/pre-exec.sh
    post-xfer exec = /bin/post-exec.sh

 

NB! The recipe below applies to Windows 2003 Server only.
 

I recently had the issue of running rsync to backup up files that are "in use". A good example was backing up documents and settings and the ntuser.dat file would always fail.along with several other system locked files.

Resolution was to download the VSS SDK from Microsoft's web site. The SDK has an executable vshadow.exe which will allow you to create volume shadow copies that are mapped to a drive, allowing rsync to use the VSS drive where no files are locked.

 

An example command set would be:

rem create a permanent shadow copy
vshadow.exe -p -nw -script=vars.bat
call vars.bat
rem drive H: is assigned to the permanent shadow copy created
vshadow.exe -el=%SHADOW_ID_1%,H:
rem perform your rsync operation, use drive H: (shadow drive) as source
rsync.exe -ruztiv '/cygdrive/h/xxxxxxx' myrsyncserver::myrsyncuser
rem remove the permanent shadow copy
vshadow.exe -ds=%SHADOW_ID_1%

 

-- Contributed by Rob Bosch

You may also visit this link for more detailed information.

Use switch /S during installation:

 

cwRsync_x.x.x_Installer.exe /S

cwRsync_Server_x.x.x_Installer.exe /u=user /p=password /S

 

where user/password specify the service account credentials

 

You can also specify a new installation directory:


cwRsync_x.x.x_Installer.exe /S /D=C:\test\cwrsync

cwRsync_Server_x.x.x_Installer.exe /u=user /p=password /S /D=C:\test\cwrsync_server

 

Use of vocals would be inappropriate (!) as the word rsync has no vocals in it, and this package is also dependent on cygwin:

 

CYGWIN + RSYNC

**UPDATED 17.03.2014 **

Assuming that you want to synchronize c:\documents and settings\user on WINCLIENT to c:\backup on WINSERVER :

On WINSERVER:
 

  • Install Copssh and cwRsync server. Use the same service account.
  • Start RsyncServer and OpenSSHD services
  • Activate a user and create a PKA key pair via Copssh control panel:

Create a PKA key pair with empty passphrase via Copssh Control Panel

 

  • Transfer user's private key file to WINCLIENT.
  • Make sure that the user and the service account has write access to c:\backup
  • Add a new module to rsyncd.conf :

[backup]
path = /cygdrive/c/backup
read only = false
transfer logging = yes

 

on WINCLIENT :

  • Install cwRsync with Secure Channel Wrapper
  • Start Secure Channel Wizard and specify private key file location, WINSERVER and rsync command:

cwRsync Secure Channel Wizard - screen 1

 

  • Click next and replace SvcwRsync by the user activated at the server side via Copssh Control Panel:

cwRsync Secure Channel Wizard - screen 2

  • Save contents as a batch for further operations and/or scheduling.


NB! You must forward ssh port 22 to WINSERVER at the edge of your secure network (your router/firewall). I recommend strongly to tighten security further by using options available in rsync and openssh (host limitations, secrets file ...).

cwRsync itself has no support for it. However, after an rsync operation, you can use Robocopy (standard in more recent Windows versions), to transfer all windows specific file information (NTFS security, timestamps, attributes, ownership, auditing info):


ROBOCOPY source destination /XO /XN /XC /E /COPY:ATSOU

 

options /XO (exclude older), /XN (exclude newer) and /XC (exclude changed) assure that only existing files are targeted. Option /E is for recursive directory operation including empty ones. Option /COPY:ATSOU instructs Robocopy to copy only attributes (A), timestamps (T), NTFS security information (S), Ownership O) and auditing (U).

Assuming that you want to synchronize from directory c:\srcdir on machine WINCLIENT to directory c:\destdir on machine WINSERVER :

On WINSERVER :

  • Install cwRsync Server
  • Start RsyncServer service
  • Make sure that the service account has write access to c:\destdir. You can use Prep a Dir for Upload wizard from start menu.
  • Add a new module to rsyncd.conf :

[wintest]
path = /cygdrive/c/destdir
read only = false
transfer logging = yes

 

On WINCLIENT :

  • Install cwRsync client.
  • Use the command below to initiate rsync communication:

"c:\Program Files\cwRsync\bin\rsync" -av /cygdrive/c/srcdir/ WINSERVER::wintest


NB! Keep in mind that the recipe above is suitable for operations within a secure network.

Assuming that you want to synchronize from directory /home/user on *nix machine to directory c:\backup on Windows machine :

On Windows:
 

  • Install Copssh and cwRsync server. Use the same service account.
  • Start RsyncServer and OpenSSHD services
  • Activate a user and create a PKA key pair via Copssh control panel:

Create a PKA key pair with empty passphrase via Copssh Control Panel

 

  • Transfer user's private key file to Linux client.
  • Make sure that the user and the service account has write access to c:\backup
  • Add a new module to rsyncd.conf :

[backup]
path = /cygdrive/c/backup
read only = false
transfer logging = yes

On Linux:

  • Use shell script below after having it updated according to your needs:
#!/bin/bash
# Secure Channel Wrapper for connection to cwRsync servers from Linux/Unix clients
# v1.0 - Initial version, Sep 2005, Tevfik K., http://itefix.no

# Customize variables below according to your needs

# identity: private key file for user winuser
identity='winuser.key'

# localport: local port for forwarding
localport=9119

# remoteport: termination port (this should be the port rsync daemon listens to)
remoteport=873

# remotehost: cwRsync Server name/ip-adress
remotehost=192.168.2.26

# your rsync module at server side
rsyncmodule=backup

# Function to terminate secure tunnel processes
TerminateTunnel ()
{
ps ax | grep "ssh -i $identity -L $localport" | awk '{print $1}' | xargs -i kill {} 2&>/dev/null
}

# Clean up ... terminate zombie tunnels
TerminateTunnel

echo Establishing secure channel ...
ssh -i $identity -L $localport:127.0.0.1:$remoteport winuser@$remotehost -T -N -f

# your rsync command, you can edit:
# - rsync options (-av)
# - source files (temp/)
# - exchange source and destination
# - and more :-) Try and tell me!
rsync -vrt /home/user/ rsync://winuser@localhost:$localport/$rsyncmodule

echo Terminating secure channel ...
TerminateTunnel


NB! You must forward ssh port 22 to Windows machine at the edge of your secure network (your router/firewall). I recommend strongly to tighten security further by using options available in rsync and openssh (host limitations, secrets file ...).

Rsync server uses port 873 by default. You can add port directive to the configuration file rsyncd.conf to specify an alternative port.

 

port new-port-number

 

Don't forget to restart the service.

Here is a simple recipe ( NB! This is not a very secure solution, since we use null passphrase during generation of public key pairs, use it at your own risk):

  • cwRsync client. Generate key pairs :

ssh-keygen -q -t rsa -f cwrsync -N ""


Files cwrsync and cwrsync.pub will be generated.

  • Transfer cwrsync.pub to your *nix machine.
  • *nix machine. Run following commands:

mkdir -p ~$user/.ssh
cat cwrsync.pub > ~$user/.ssh/authorized_keys
chmod 755 ~$user ~$user/.ssh
chmod 644 ~$user/.ssh/authorized_keys
chown $user ~$user ~$user/.ssh ~$user/.ssh/authorized_keys

  • cwRsync client. Update your rsync commands in your batch file by specifying option -e "ssh -i cwrsync".

cwRsync has all ssh binaries you need to establish ssh communication.


Use batch file example in the cwRsync client package to set up communication correctly.
 

It's trying to fire up ssh because your target has a single colon in it.

server:/path/to/stuff means "fire up ssh or rsh and make me a tunnel to
server"

server::module/path/to/stuff means "try to access an rsync daemon on
server and access path/to/stuff on module"

/path/to/stuff means "access /path/to/stuff on the local machine"

Hope that helps.

by Jim Salter

Windows paths may contain a colon (:) as a part of drive designation and backslashes (example c:\, g:\). However, in rsync syntax, a colon in a path means searching for a remote host.

Solution: use absolute path 'a la unix', replace backslashes (\) with slashes (/) and put -/cygdrive/- in front of the drive letter.

Example :

 

C:\WORK\*

    • -->

/cygdrive/c/work/*

If you're setting up cwrsync to run as a Service on a Windows machine ensure the .conf file has the line:

strict modes = false

otherwise rsync passwords will not work in Windows.

YES: Cygwin 1.7 binaries used by Cwrsync allow co-existence of multiple Cygwin implementations.

If you run into permissions problems or your directories' security ACLs are populated by some unwanted groups/users, you need to make sure that:

  • File ../etc/fstab  exists with at least the content below (with Unix line endings even if the file has only one line!):

none /cygdrive cygdrive binary,posix=0,user,noacl 0 0
  

That will instruct Cygwin not to touch permissions.

 

NB! You may experience very slow transfer rates and/or building the file list may take long time. You can remove /etc/fstab and use the option --no-perms  option instead. The problem can also be related to real-time anti-virus scanning. Consider file/folder exclusion if possible.

 

More information:

The Cygwin Mount Table

The cygdrive path prefix

Assuming that you want to pull directory c:\backup on machine WIN_SOURCE to directory /var/backup on machine LINUX_DEST :

On WIN_SOURCE :

- Install cwRsync Server (without openssh component)
- Start RsyncServer service
- Add a new module to rsyncd.conf :

    • [backup]

 

    • path = /cygdrive/c/backup

 

    • read only = true

 

  • transfer logging = yes


On LINUX_DEST :

- Use the command below to initiate rsync:

  • rsync -av WIN_SOURCE::backup /var/backup


NB! Keep in mind that the recipe above is suitable for operations within a secure network.

elkwin (2)

Elkwin Logstash uses <inst.dir>/logstash/logstash.conf as the configuration file. If you want to arrange your Logstash configuration as multiple files, you can create a directory with the same name and copy your files into it. Keep in mind that they will be processed in alphabetical order and a kind of numbering/sorting mechanism can be necessary.

You can use Logstash plugin-manager to install/manage plugins:

 

SET JAVA_HOME=<Elkwin inst.dir>\java

CD <Elkwin inst.dir>\logstash

bin\logstash-plugin.bat install <plugin-name>

 

More information about plugin-manager can be found here.

 

Upon a successful registration, you will be sent an activation e-mail with a download link. Please follow steps below:

 

  • Unzip archive contents to a dedicated directory (/var/mon/freemon in our example)
  • Make sure that the server.key is readable only by the owner:

chmod 400 server.key

  • Make sure that data collection scripts are executable:

chmod 750 pnacssh.pl bin/check_linux_stats

  • Add the following ling to the crontab file (rund data collection script every 5 minutes):

*/5 * * * * cd "/var/opt/freemon"; ./pnacssh.sh

  • Check if the file servername.result is created in the script directory and monitoring results are shown at monitor.itefix.net.
 

 

Upon a successful registration, you will be sent an activation e-mail with a download link. Please follow steps below:

  • Download the archive file and unzip to a directory (c:\freemon for example)
  • Open a command prompt and run the command below to setup a scheduled task:

schtasks /create /ru SYSTEM /sc minute /mo 5 /tn freemon /tr "c:\freemon\pnacssh.cmd"

A scheduled task named freemon running the data collection script c:\freemon\pnacssh.cmd every 5 minutes.

  • Start the scheduled task for the first time by using the command below:

schtasks /run /tn freemon

  • Check if the file servername.result is created in the script directory and monitoring results are shown at monitor.itefix.net.

gitwin (2)

Gitwin's Nginx web server has built-in support for LDAP authentication allowing you to use AD authentication. Follow steps below:

  • Create a dedicated AD service account for LDAP queries (say ldapreq, domain example.local)
  • Start a text editor capable of editing a text file with Unix line endings (Wordpad or Notepad++ for example)
  • Edit file <Gitwin installation directory>\etc\nginx\nginx.conf
http {
....
ldap_server DCGC1 {
    url ldap://192.168.0.1:3268/DC=example,DC=local?sAMAccountName?sub?(objectClass=person);
    binddn "EXAMPLE\\ldapreq";
    binddn_passwd password;
    group_attribute uniquemember;
    group_attribute_is_dn on;
    require valid_user;
}
 
ldap_server DCGC2 {
    url ldap://192.168.0.2:3268/DC=example,DC=local?sAMAccountName?sub?(objectClass=person);
    binddn "EXAMPLE\\ldapreq";
    binddn_passwd password;
    group_attribute uniquemember;
    group_attribute_is_dn on;
    require valid_user;
}
 
server {
listen       9610;
server_name  localhost;
 
auth_ldap "Restricted";
auth_ldap_servers DCGC1,DCGC2;
 
 ....
 
  • Restart Gitwin_Nginx service
 
Useful links:
 

Gitwin's Nginx web server has a built-in support for SSL communications. Assuming that you have required certificate files located at the etc/nginx/ssl directory, you may follow steps below to enable secure communications:

  • Start a text editor capable of editing a text file with Unix line endings (Wordpad or Notepad++ for example)
  • Edit file <Gitwin installation directory>\etc\nginx\nginx.conf:
.....
server {
       listen         9610;
       server_name    your.server.name;
       return         301 https://$server_name$request_uri:9643;
}
 
server {
listen 9643 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/your.server.name.crt;
ssl_certificate_key /etc/nginx/ssl/your.server.name.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
 server_name  your.server.name;
.....
  • Setup above will automatically redirect http requests to https on port 9643, making your server communicate securely all the time. NB! SSLv3 are excluded from the supported list of protocols (ssl_protocols directive) to avoid Poodle security vulnerabilitiy.
  • Restart Gitwin_Nginx service
Useful links:
 

nagwin (9)

You need to increase the number of php-cgi processes (default is 1, parent process, terminates under heavy load)

  • run the following command from a command window (run as administrator):

setx PHP_FCGI_CHILDREN 2 /M

  • Restart Nagwin_Phpfcgi service
This will increase the number of working php-cgi processes to 2 (You may see up to three php-cgi processes in the task list as the one is parent process managing the others) and should be enough for most uses. You may increase it if your implementation still suffers.

Related background information FastCGI PHP:

There are a few tuning parameters that can be tweaked to control the
performance of FastCGI PHP. The following are environment variables that can
be set before running the PHP binary:

PHP_FCGI_CHILDREN  (default value: 0)

This controls how many child processes the PHP process spawns. When the
fastcgi starts, it creates a number of child processes which handle one
page request at a time. Value 0 means that PHP willnot start additional
processes and main process will handle FastCGI requests by itself. Note that
this process may die (because of PHP_FCGI_MAX_REQUESTS) and it willnot
respawned automatic. Values 1 and above force PHP start additioanl processes
those will handle requests. The main process will restart children in case of
their death. So by default, you will be able to handle 1 concurrent PHP page
requests. Further requests will be queued. Increasing this number will allow
for better concurrency, especially if you have pages that take a significant
time to create, or supply a lot of data (e.g. downloading huge files via PHP).
On the other hand, having more processes running will use more RAM, and letting
too many PHP pages be generated concurrently will mean that each request will
be slow.

PHP_FCGI_MAX_REQUESTS (default value: 500)

This controls how many requests each child process will handle before
exitting. When one process exits, another will be created. This tuning is
necessary because several PHP functions are known to have memory leaks. If the
PHP processes were left around forever, they would be become very inefficient.

As you use Nagwin to monitor other hosts, you may wonder how the Nagwin itself can be monitored. This can be achieved by checking status.dat file age and existence of key processes. Here is a recipe to establish an out-of-band monitoring of Nagwin:

  • Make sure that your Nagwin installation is configured to send notifications. See FAQ for instructions.
  • Create bin/check_nagwin.sh script with the content below (Unix-format):
#!/bin/bash
# customize - start
server=smtp.server
# customize - end
 
instroot=$(cygpath -m /)
logdir=/var/log/check_nagwin
mkdir -p $logdir
logfile=$logdir/$(date +"%d").log
echo "***" `date` >> $logfile
 
# Function to report failure, message body as argument
CheckFail ()
{
printf "$1" | /bin/blat - -to $to -f $from -subject "Nagwin is not operational" -server $server >> $logfile
exit 1
}
 
# Function to check a process, process name and expected number of instances as arguments
CheckProcess ()
{
/plugins/check_winprocess --filter "imagename eq $1.exe" --compare lt --critical $2 >> $logfile
if (($? > 0)); then
CheckFail "Must be at least $2 $1 process(es) running."
fi
}
 
# check status.dat age
/plugins/check_winfile --target "$instroot/var/opt/nagios/status.dat" --filter "age lt -15 minutes" --critical 1 --compare eq >> $logfile
if (($? > 0)); then
CheckFail "Nagios status.dat getting old."
fi

# check processes

CheckProcess nagios 4
CheckProcess nginx 2
CheckProcess php-cgi 1
CheckProcess cgi2fcgi-wrapper 1
printf "\n" >> $logfile

You need to customize mail configuration (red) according to your setup. The script above checks if status.dat is updated within the last 15 minutes and if key processes are running with an expected number of intances. It will send an e-mail if any of the criteria are not met. Results from checks will be logged in /var/log/check_nagwin directory in a rotating manner for days of a month.

  • Create a Windows scheduled task by using the following command:

schtasks /create /sc minute /mo 15 /tn check-nagwin /tr "nagwin-inst-dir\bin\bash.exe -c /bin/check_nagwin.sh"

This command will create the scheduled task check-nagwin running the script above each 15 minutes.

Nagwin Product Edition only.

As of version 2.4.0, Nagwin's Nginx web server has built-in support for LDAP authentication allowing you to use AD authentication. Follow steps below:

  • Create a dedicated AD service account for LDAP queries (say ldapreq, domain example.local)
  • Start a text editor capable of editing a text file with Unix line endings (Wordpad or Notepad++ for example)
  • Edit file <Nagwin installation directory>\etc\nginx\nginx.conf
http {
....
ldap_server DCGC1 {
    url ldap://192.168.0.1:3268/DC=example,DC=local?sAMAccountName?sub?(objectClass=person);
    binddn "CN=xxxxx,CN=xxxxx,DC=example,DC=local";
    binddn_passwd password;
    group_attribute uniquemember;
    group_attribute_is_dn on;
    require valid_user;
}
 
ldap_server DCGC2 {
    url ldap://192.168.0.2:3268/DC=example,DC=local?sAMAccountName?sub?(objectClass=person);
    binddn "CN=xxxxx,CN=xxxxx,DC=example,DC=local";
    binddn_passwd password;
    group_attribute uniquemember;
    group_attribute_is_dn on;
    require valid_user;
}
  • Replace every occurence of
auth_basic "Restricted";
auth_basic_user_file htpasswd;
 
by
 
auth_ldap "Restricted";
auth_ldap_servers DCGC1,DCGC2;
 
NB! if you want basic authentication still available, you can simply add the ldap directives above instead of replacement. It is also possible to use groups. Check example configuration link below for more details.
 
  • Make sure that contact information is defined in the Nagios configuration for each AD user
  • Restart Nagwin_Nginx service
 
Useful links:
 

Nagwin's Nginx web server has a built-in support for SSL communications. Assuming that you have required certificate files located at the etc/nginx/ssl directory, you may follow steps below to enable secure communications:

  • Start a text editor capable of editing a text file with Unix line endings (Wordpad or Notepad++ for example)
  • Edit file <Nagwin installation directory>\etc\nginx\nginx.conf:
.....
server {
       listen         80;
       server_name    your.server.name;
       return         301 https://$server_name$request_uri;
}
 
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/your.server.name.crt;
ssl_certificate_key /etc/nginx/ssl/your.server.name.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
 server_name  your.server.name;
.....
  • Setup above will automatically redirect http requests to https, making your server communicate securely all the time. NB! SSLv3 are excluded from the supported list of protocols (ssl_protocols directive) to avoid Poodle security vulnerabilitiy.
  • Restart Nagwin_Nginx service
Useful links:
 

FAQ

 

Yes, you can.

You need to take backup of etc\nagios\nagwin directory and restore it back to retain your existing setup, however.

FAQ

 

That may happen if your account is not properly defined as a user recognizable by the Cygwin layer, which provides user/group facilities. Try steps below:

 

  • Open a bash prompt by clicking <inst. directory>/bin/bash.exe
  • Run following commands:

 

mkpasswd > /etc/passwd

mkgroup > /etc/group

 

 

  • Nagwin has blat smtp mailer included. The first step is to let blat save your smtp server settings for later use:

bin/blat -SaveSettings -f from-address -server your.smtp.server [ -u login -pw password ]

 

  • You need also to specify your e-mail address for the contact nagiosadmin in etc/nagios/nagwin/contacts.cfg:

define contact{
        contact_name   nagiosadmin ; .....
        use generic-contact ; .....
        alias  Nagios Admin ; .....

        email ******@******    ; << CHANGE THIS TO YOUR EMAIL ADDRESS
}

 

  • As a last step, You need to update smtp server information in two notification commands etc/nagios/nagwin/commands.cfg:

# 'notify-host-by-email' command definition
define command{
    command_name    notify-host-by-email
    command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /bin/blat - -to $CONTACTEMAIL$ -subject "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" -server smtp.server
    }

# 'notify-service-by-email' command definition
define command{
    command_name    notify-service-by-email
    command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /bin/blat - -to $CONTACTEMAIL$ -subject "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" -server smtp.server
    }

Replace smtp.server by name/ip of your smtp server (your Exchange server for example). Make sure that your smtp server is configured to accept smtp requests from Nagwin machine.

  • Restart the Nagwin_Nagios service to apply changes.

 

You can issue the command below to test if your mail notification works:

echo "Test message" | bin\blat - -to mail@address -f from@address -subject "Test mail" -server smtp.server

 

You may observe that the Nagios web interface is not available directly via http://localhost, http://hostname or http://ip-address, because of the standard http port 80 is occupied by an other web server (IIS for example). The procedure below helps you to configure Nagwin web server to listen to an alternative port:

  • Start a text editor capable of editing a text file with Unix line endings (Wordpad for example)
  • Edit file <Nagwin installation directory>\etc\nginx\nginx.conf:
....   
server {
 listen 80; <-- replace by a new port, 2080 for example
        server_name  localhost;
....

  • Restart Nagwin_Nginx service.

Default password for the nagiosadmin user is nagios. It is strongly recommended that you change the password by using the procedure below:

  • Open a DOS command prompt
  • Change working directory to the Nagwin installation directory\bin (C:\Program Files\ICW\bin by default)
  • Run the following command to update the password:

htpasswd2 -b /etc/nginx/htpasswd nagiosadmin new-password

nwinx (2)

Nwinx has built-in support for LDAP authentication allowing you to use AD authentication. 

Follow steps below:

  • Create a dedicated AD service account for LDAP queries (say ldapreq, domain example.local)
  • Start a text editor capable of editing a text file with Unix line endings (Wordpad or Notepad++ for example)
  • Edit file <Nwinx installation directory>\etc\nginx\nginx.conf
http {
....
ldap_server DCGC1 {
    url ldap://192.168.0.1:3268/DC=example,DC=local?sAMAccountName?sub?(objectClass=person);
    binddn "CN=xxxxx,CN=xxxxx,DC=example,DC=local";
    binddn_passwd password;
    group_attribute uniquemember;
    group_attribute_is_dn on;
    require valid_user;
}
 
ldap_server DCGC2 {
    url ldap://192.168.0.2:3268/DC=example,DC=local?sAMAccountName?sub?(objectClass=person);
    binddn "CN=xxxxx,CN=xxxxx,DC=example,DC=local";
    binddn_passwd password;
    group_attribute uniquemember;
    group_attribute_is_dn on;
    require valid_user;
}
  • Replace every occurence of
auth_basic "Restricted";
auth_basic_user_file htpasswd;
 
by
 
auth_ldap "Restricted";
auth_ldap_servers DCGC1,DCGC2;
 
NB! if you want basic authentication still available, you can simply add the ldap directives above instead of replacement. It is also possible to use groups. Check example configuration link below for more details.
 
  • Restart NginxServer service
 
Useful links:
 

Nwinx has a built-in support for SSL communications. Assuming that you have required certificate files located at the etc/nginx/ssl directory, you may follow steps below to enable secure communications:

  • Start a text editor capable of editing a text file with Unix line endings (Wordpad or Notepad++ for example)
  • Edit file <Nwinx installation directory>\etc\nginx\nginx.conf:
.....
server {
       listen         80;
       server_name    your.server.name;
       return         301 https://$server_name$request_uri;
}
 
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/your.server.name.crt;
ssl_certificate_key /etc/nginx/ssl/your.server.name.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
 server_name  your.server.name;
.....
  • Setup above will automatically redirect http requests to https, making your server communicate securely all the time. NB! SSLv3 are excluded from the supported list of protocols (ssl_protocols directive) to avoid Poodle security vulnerabilitiy.
  • Restart NwinxServer service
Useful links:
 

sales (5)

FAQ

 Our licenses are perpetual, allowing the customer to use the software for an unspecified period of time. The license is paid for once and does not need to be renewed.

The perpetual license also entitles the customer to download software updates and receive technical support for 12, 24 or 36 months, depending on the support option selected during purchasing.

FAQAs a reseller you can buy the product via our webshop. Please select the Reseller option. You will then be asked to provide an e-mail of your customer to setup a dedicated web account for upgrade protection and support. Upon a successful payment, we will provide your customer login instructions and download links.

FAQUpon a successful purchase, you will get access to an itefix.net account with access to register support tickets for the duration you selected during the purshasing. You will also get access to support downloads area with patches, feature packs or trial editions.

Please keep in mind that response times may vary depending on type of the support request: We respond promptly if the case is about an obvious bug/problem in our product. However, you may experience longer response times if you request help about the usage of the product. We hope understanding for that prioritization.

FAQUpon a successful purchase, you will get access to an itefix.net account with access to a download link for the duration you selected during purchasing (Files tab). This link will be updated when a new version is released. That way, you can keep your installations up to date.

FAQUpon a successful purchase, you will be sent up to three e-mails:

 
  • Your order details
  • A one-time download link for instant download
  • Information about the "Support and Upgrade Protection" role
  • One another optional e-mail about your newly created itefix.net account (title An administrator created account for you), giving you access to the following features:
    • Download link via Files tab. By using that link, you will get access to updated versions of the product for the upgrade protection period selected during purchasing (1, 2 or 3 years).
    • Register support cases at a private support ticket system
    • Support downloads like patches, feature packs and trial editions.

win2ban (2)

  • Install Win2ban to a separate directory  
  • Add the jail win2ban-network-logon  to etc/fail2ban/jail.local
[DEFAULT]
backend = polling
maxretry = 2
findtime = 600
bantime = 600
banaction = windows-firewall

.....

[win2ban-network-logon]
enabled  = true
filter   = win2ban-network-logon
logpath  = /winlogbeat/logs/eventlog

  

  • Create the file etc/fail2ban/filter.d/win2ban-network-logon.local with the following content: 
# Fail2Ban filter for win2ban-network-logon

[Definition]
prefregex = ^ \d+ \{"AuthenticationPackageName":"NTLM".+<F-CONTENT>"IpAddress.+</F-CONTENT>\}$

# LogonType = 3: network login, 2: local login
failregex = ^"IpAddress":"<HOST>".+"LogonType":"3".+$

ignoreregex = 

 

  • Start services win2ban_winlogbeat and win2ban_fail2ban

Log files:

Winlogbeat - winlogbeat/logs directory

Fail2ban - var/log directory

Sample /var/log/fail2ban.log:

 

2018-04-06 15:31:41,113 fail2ban.server         [4040]: INFO    Starting Fail2ban v0.10.2
2018-04-06 15:31:41,193 fail2ban.database       [4040]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2018-04-06 15:31:41,197 fail2ban.jail           [4040]: INFO    Creating new jail 'copssh'
2018-04-06 15:31:41,205 fail2ban.jail           [4040]: INFO    Jail 'copssh' uses poller {}
2018-04-06 15:31:41,205 fail2ban.jail           [4040]: INFO    Initiated 'polling' backend
2018-04-06 15:31:41,207 fail2ban.filter         [4040]: INFO      maxLines: 1
2018-04-06 15:31:41,233 fail2ban.server         [4040]: INFO    Jail copssh is not a JournalFilter instance
2018-04-06 15:31:41,235 fail2ban.filter         [4040]: INFO    Added logfile: '/winlogbeat/logs/eventlog' (pos = 36044, hash = 4bd8f42a7d4b980d2921fe03ed7ffaf1)
2018-04-06 15:31:41,236 fail2ban.filter         [4040]: INFO      maxRetry: 2
2018-04-06 15:31:41,236 fail2ban.filter         [4040]: INFO      encoding: UTF-8
2018-04-06 15:31:41,237 fail2ban.actions        [4040]: INFO      banTime: 600
2018-04-06 15:31:41,237 fail2ban.filter         [4040]: INFO      findtime: 600
2018-04-06 15:31:41,239 fail2ban.jail           [4040]: INFO    Creating new jail 'win2ban-network-logon'
2018-04-06 15:31:41,239 fail2ban.jail           [4040]: INFO    Jail 'win2ban-network-logon' uses poller {}
2018-04-06 15:31:41,239 fail2ban.jail           [4040]: INFO    Initiated 'polling' backend
2018-04-06 15:31:41,242 fail2ban.filter         [4040]: INFO    Added logfile: '/winlogbeat/logs/eventlog' (pos = 0, hash = 4bd8f42a7d4b980d2921fe03ed7ffaf1)
2018-04-06 15:31:41,243 fail2ban.filter         [4040]: INFO      maxRetry: 2
2018-04-06 15:31:41,243 fail2ban.filter         [4040]: INFO      encoding: UTF-8
2018-04-06 15:31:41,243 fail2ban.actions        [4040]: INFO      banTime: 600
2018-04-06 15:31:41,244 fail2ban.filter         [4040]: INFO      findtime: 600
2018-04-06 15:31:41,246 fail2ban.jail           [4040]: INFO    Jail 'copssh' started
2018-04-06 15:31:41,248 fail2ban.jail           [4040]: INFO    Jail 'win2ban-network-logon' started
2018-04-06 15:32:32,709 fail2ban.filter         [4040]: INFO    [win2ban-network-logon] Found 192.168.122.13 - 2018-04-06 15:32:29
2018-04-06 15:32:39,423 fail2ban.filter         [4040]: INFO    [win2ban-network-logon] Found 192.168.122.13 - 2018-04-06 15:32:36
2018-04-06 15:32:40,189 fail2ban.actions        [4040]: NOTICE  [win2ban-network-logon] Ban 192.168.122.13
2018-04-06 15:42:37,563 fail2ban.actions        [4040]: NOTICE  [win2ban-network-logon] Unban 192.168.122.13
  • Install Win2ban to a separate directory  
  • Enable jail copssh in etc/fail2ban/jail.local:
[DEFAULT]
backend = polling
maxretry = 2
findtime = 600
bantime = 600
banaction = windows-firewall

[copssh]
enabled  = true
filter   = copssh-sshd
logpath  = /winlogbeat/logs/eventlog

   

  • Start services win2ban_winlogbeat and win2ban_fail2ban

Log files:

Winlogbeat - winlogbeat/logs directory

Fail2ban - var/log directory

Sample /var/log/fail2ban.log: 

2018-04-05 23:54:28,411 fail2ban.server         [424]: INFO    --------------------------------------------------
2018-04-05 23:54:28,411 fail2ban.server         [424]: INFO    Starting Fail2ban v0.10.2
2018-04-05 23:54:28,442 fail2ban.database       [424]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2018-04-05 23:54:28,446 fail2ban.jail           [424]: INFO    Creating new jail 'copssh'
2018-04-05 23:54:28,447 fail2ban.jail           [424]: INFO    Jail 'copssh' uses poller {}
2018-04-05 23:54:28,447 fail2ban.jail           [424]: INFO    Initiated 'polling' backend
2018-04-05 23:54:28,448 fail2ban.filter         [424]: INFO      maxLines: 1
2018-04-05 23:54:28,467 fail2ban.server         [424]: INFO    Jail copssh is not a JournalFilter instance
2018-04-05 23:54:28,468 fail2ban.filter         [424]: INFO    Added logfile: '/winlogbeat/logs/eventlog' (pos = 19020, hash = c54619552ccd10f356c0810faec6cdba)
2018-04-05 23:54:28,468 fail2ban.filter         [424]: INFO      maxRetry: 2
2018-04-05 23:54:28,469 fail2ban.filter         [424]: INFO      encoding: UTF-8
2018-04-05 23:54:28,469 fail2ban.actions        [424]: INFO      banTime: 600
2018-04-05 23:54:28,470 fail2ban.filter         [424]: INFO      findtime: 600
2018-04-05 23:54:28,472 fail2ban.jail           [424]: INFO    Jail 'copssh' started
2018-04-05 23:55:20,525 fail2ban.filter         [424]: INFO    [copssh] Found 192.168.122.13 - 2018-04-05 23:55:19
2018-04-05 23:55:23,787 fail2ban.filter         [424]: INFO    [copssh] Found 192.168.122.13 - 2018-04-05 23:55:22
2018-04-05 23:55:23,953 fail2ban.actions        [424]: NOTICE  [copssh] Ban 192.168.122.13
2018-04-05 23:58:22,875 fail2ban.actions        [424]: NOTICE  [copssh] Unban 192.168.122.13
2018-04-06 00:54:57,531 fail2ban.server         [424]: INFO    Shutdown in progress...
2018-04-06 00:54:57,531 fail2ban.server         [424]: INFO    Stopping all jails
2018-04-06 00:54:57,532 fail2ban.filter         [424]: INFO    Removed logfile: '/winlogbeat/logs/eventlog'
2018-04-06 00:54:58,328 fail2ban.jail           [424]: INFO    Jail 'copssh' stopped
2018-04-06 00:54:58,332 fail2ban.database       [424]: INFO    Connection to database closed.
2018-04-06 00:54:58,333 fail2ban.server         [424]: INFO    Exiting Fail2ban

winrpe (2)

FAQYou may be interested in using Winrpe without SSL as the NRPE communication flows through other secure channels like vpns or port forwarders.

 

  • On the monitored host with Winrpe: Update file etc\xinetd.d\nrpe and add option -n to server_args parameter:

# default: on
# description: NRPE
service nrpe
{
type = UNLISTED
flags = REUSE
port = 5666
socket_type = stream       
wait = no
user = SvcXinet
server = /bin/nrpe
server_args = -n -c /nrpe.cfg --inetd
log_on_failure += USERID
disable = no
# only_from       = <ipaddress1> <ipaddress2> ...
}

  • On the monitoring host: Add the option -n to your check_nrpe commands.

 

Winrpe can be installed silently by using the switches below:

(Pre-5.2.x) Winrpe_x.x.x_Installer.exe /u=user /p=password /S

where user/password specify the service account credentials

(5.2.x or later) Winrpe_x.x.x_Installer.exe /S

You can also specify a new installation directory by the /D switch:

Winrpe_x.x.x_Installer.exe ..... /D=C:\test\winrpe