Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
vms:debian [2018/11/24 06:05] admin [SMART] |
vms:debian [2018/11/25 04:30] admin [SMART] |
||
---|---|---|---|
Line 540: | Line 540: | ||
</Code> | </Code> | ||
- | === Automating Actions === | ||
- | We can run ''smartmontools'' as a system Deamon in order to have the tests run automatically, to do this we'll edit the ''smartmontools'' config file: | ||
- | <Code:bash> | ||
- | > sudo nano /etc/default/smartmontools | ||
- | ... | ||
- | # uncomment to start smartd on system startup | ||
- | start_smartd=yes | ||
- | ... | ||
- | </Code> | ||
- | Now, ''smartd'' will be launched at boot time. | ||
- | To define how SMART will scan the disk and what actions are to be taken if SMART returns any error: | + | === Sending Mail === |
- | <Code:bash> | + | It would be nice to have ''smartd'' automatically sending us emails whenever SMART detects something worth notifying.\\ |
- | > sudo nano /etc/smartd.conf | + | This could be achieved by installing and configuring a MTA like a ''postfix'' server. |
- | ... | + | |
- | # CHECK THAT THE FOLLOWING IS UNCOMMENTED | + | |
- | DEVICESCAN -a -H -l error -l selftest -f -s(S/../..././02|L/../../1/00)-m tech@tacticz.com -M exec /usr/share/smartmontools/smartd-runner... | + | |
- | </Code> | + | |
- | ( -a) This enables some common options. You almost certainly want to use it. To check the SMART health status (-H). To report increases in both SMART error logs (-l). To check for failure of any Usage Attributes (-f) . "-s (S/../.././02|L/../../1/00)" This schedules the short and long self-tests. In this example, the short self-test will run daily at 2:00 A.M. The long test will run on every Monday at 0:00. For more information, see [[https://www.freebsd.org/cgi/man.cgi?query=smartd.conf&manpath=ports&sektion=5|the smartd.conf man page]]. | + | Although, as we don't need (want) this server to become an smtp relay, we'll rather install the ''heirloom-mailx / s-nail'' package and configure it to use an external smtp relay, see the [[https://www.systutorials.com/1411/sending-email-from-mailx-command-in-linux-using-gmails-smtp/|this article @systurials.com]]. |
- | + | ||
- | To test that everything works as expected, an specifically that an email gets sent to the destination address, add ''-M test'' right after the ''DEVICESCAN'' keyword and restart smartd: | + | |
- | <Code:bash> | + | |
- | > nano /etc/smartd.conf | + | |
- | ... | + | |
- | DEVICESCAN -M test -a -H -l error -l selftest -f -s (S/../..././02|L/../../1/00) -m tech@tacticz.com -M exec /usr/share/smartmontools/smartd-runner | + | |
- | ... | + | |
- | + | ||
- | > systemctl restart smartd | + | |
- | </Code> | + | |
- | + | ||
- | Watching the ''var/log/deamon.log'' file will let you know if a problem occurs: | + | |
- | <Code:bash> | + | |
- | > lnav /var/log/ | + | |
- | ... | + | |
- | Nov 24 01:00:16 stock smartd[21081]: Your system does not have /usr/bin/mail. Install the mailx or mailutils package | + | |
- | Nov 24 01:00:16 stock smartd[21081]: run-parts: /etc/smartmontools/run.d/10mail exited with return code 1 Nov 24 01:00:16 stock smartd[21081]: Test of /usr/share/smartmontools/smartd-runner to tech@tacticz.com: failed (32-bit/8-bit exit status: 256/1) | + | |
- | ... | + | |
- | </Code> | + | |
- | + | ||
- | We need to install a package to allow emails to be sent... | + | |
- | + | ||
- | === Sending Mail === | + | |
- | To avoid having to configure a local ''postfix'' server, we'll install the ''heirloom-mailx'' package and configure it to use an external smtp relay, see the [[https://www.systutorials.com/1411/sending-email-from-mailx-command-in-linux-using-gmails-smtp/|whole article @systurials.com]]. | + | |
<Code:bash> | <Code:bash> | ||
Line 592: | Line 554: | ||
We need to create the ''mailx'' symbolic link in order to have it available as such under the command line. | We need to create the ''mailx'' symbolic link in order to have it available as such under the command line. | ||
+ | As is stated in the [[https://linux.die.net/man/1/mailx|mailx man page]]: | ||
+ | <WRAP box 90%> | ||
+ | Normally, mailx invokes ''sendmail(8)'' directly to transfer messages. If the ''smtp'' variable is set, a SMTP connection to the server specified by the value of this variable is used instead. If the SMTP server does not use the standard port, a value of ''server:port'' can be given, with port as a name or as a number. | ||
+ | </WRAP> | ||
- | Let's test our external smtp server using an all-in-one command: | + | Let's test an external smtp server using an all-in-one command: |
<Code:bash> | <Code:bash> | ||
> echo "My message body" | mailx -v \ | > echo "My message body" | mailx -v \ | ||
Line 600: | Line 566: | ||
-S ssl-verify=ignore \ | -S ssl-verify=ignore \ | ||
-S smtp-auth=login \ | -S smtp-auth=login \ | ||
- | -S smtp=smtp://smtp.gmail.com:587 \ | + | -S smtp=smtp.gmail.com:587 \ |
-S from="*******@gmail.com(System Watch)" \ | -S from="*******@gmail.com(System Watch)" \ | ||
-S smtp-auth-user=*******@gmail.com \ | -S smtp-auth-user=*******@gmail.com \ | ||
-S smtp-auth-password=******* \ | -S smtp-auth-password=******* \ | ||
- | name@domain.com | + | recipient@domain.com |
Resolving host "smtp.gmail.com:587" ... done | Resolving host "smtp.gmail.com:587" ... done | ||
Connecting to "2a00:1450:400c:c06::6c:587" ...connected. | Connecting to "2a00:1450:400c:c06::6c:587" ...connected. | ||
</Code> | </Code> | ||
- | When this works, and you effectively receive the email at the ''name@domain.com'' address, it's time to configure the default smtp relay for ''mailx'' and send a last test: | + | You'll probably need to allow //Less secured apps access// in you gmail account for this to work ([[https://myaccount.google.com/lesssecureapps|here]]) |
+ | |||
+ | Once this works, and you effectively receive the email at the ''recipient@domain.com'' address, it's time to configure a system wide smtp configuration for ''mailx'' and send a last test.\\ | ||
+ | Note that, although the usage of the user specific ''~/.mailrc'' config file was quite obvious, it was much more tricky to determine the correct location (and name) of the global configuration file used by the ''mailx'' command. Having seen a lot of references to ''/etc/mail.rc'', it took a peak at the source code of ''s-nail'' to finally establish that, for v14.8.16, the correct location for the general configuration file was ''/etc/s-nail.rc''! | ||
<Code:bash> | <Code:bash> | ||
- | > nano ~/.mailrc | + | > nano /etc/s-nail.rc |
TYPE | TYPE | ||
- | set smtp-use-starttls | + | account gmail { |
- | set ssl-verify=ignore | + | set smtp-use-starttls |
- | set smtp=smtp://smtp.gmail.com:587 | + | set ssl-verify=ignore |
- | set smtp-auth=login | + | set smtp=smtp.gmail.com:587 |
- | set smtp-auth-user=thibaut.demuynck@gmail.com | + | set smtp-auth=login |
- | set smtp-auth-password=H3rcul35 | + | set smtp-auth-user=*******@gmail.com |
- | set from="thibaut.demuynck@gmail.com(System Watch)" | + | set smtp-auth-password=******* |
+ | set from="*******@gmail.com(System Watch)" | ||
+ | } | ||
- | > echo "Configured mailx defaults" | mailx -v -s "Mailx Defaults" tech@tacticz.com | + | > echo "Global mailx configuration file was used here." | mailx -v -A gmail -s "Sent with global configuration" recipient@domain.com |
Resolving host "smtp.gmail.com:587" ... done | Resolving host "smtp.gmail.com:587" ... done | ||
Connecting to "2a00:1450:400c:c0b::6d:587" ...connected. | Connecting to "2a00:1450:400c:c0b::6d:587" ...connected. | ||
</Code> | </Code> | ||
+ | |||
+ | When this works, we're ready to automate SMART reports... | ||
+ | |||
+ | |||
+ | === Automating SMART Reports === | ||
+ | |||
+ | First we'll need to run ''smartmontools'' as a system Deamon in order to have SMART tests run automatically, to do this we'll edit the ''smartmontools'' config file: | ||
+ | <Code:bash> | ||
+ | > sudo nano /etc/default/smartmontools | ||
+ | ... | ||
+ | # uncomment to start smartd on system startup | ||
+ | start_smartd=yes | ||
+ | ... | ||
+ | </Code> | ||
+ | Now, ''smartd'' will be launched at boot time. | ||
+ | |||
+ | Next, to define how SMART will scan the disk and what actions are to be taken if SMART returns any error, we'll configure ''smartd''.\\ | ||
+ | By default, ''smartd'' will run ''/usr/share/smartmontools/smartd-runner'', which will create a temporary report file, and in turn, will run scripts located in ''/etc/smartmontools/run.d/''. As we'd like to modify this behavior, well create our own copy of those scripts: | ||
+ | |||
+ | <Code:bash|As root do:> | ||
+ | > mkdir -p ~/.smartd/run.d | ||
+ | > cp /usr/share/smartmontools/smartd-runner ~/.smartd/ | ||
+ | > cp /etc/smartmontools/run.d/10mail ~/.smartd/run.d/10mailx | ||
+ | |||
+ | > nano ~/.smartd/smartd-runner | ||
+ | #!/bin/bash -e | ||
+ | |||
+ | run-parts --report --lsbsysinit --arg="$1" \ | ||
+ | --arg="$2" --arg="$3" -- /root/.smartd/run.d | ||
+ | |||
+ | > nano ~/.smartd/run.d/10mailx | ||
+ | #!/bin/bash -e | ||
+ | |||
+ | # Send mail if /usr/bin/mailx exists | ||
+ | if ! [ -x /usr/bin/mailx ]; then | ||
+ | echo "Your system does not have /usr/bin/mailx. Install the mailx package" | ||
+ | exit 1 | ||
+ | fi | ||
+ | |||
+ | echo "$SMARTD_FULLMESSAGE" | /usr/bin/mailx -A gmail -s "$SMARTD_FAILTYPE - $SMARTD_MESSAGE" $SMARTD_ADDRESS | ||
+ | </Code> | ||
+ | |||
+ | These two scripts should now work together and generate a SMART report that gets emailed to a defined email address. In order to achieve this, we still need to configure the ''smartd'' service through the ''/etc/smartd.conf file''. Open it and uncomment the first line starting with ''DEVICESCAN'', replacing it as follow: | ||
+ | |||
+ | <Code:bash> | ||
+ | > sudo nano /etc/smartd.conf | ||
+ | ... | ||
+ | DEVICESCAN -M test -a -H -l error -l selftest -f -s (S/../..././02|L/../../1/00) -m tech@tacticz.com -M exec /root/.smartd/smartd-runner | ||
+ | ... | ||
+ | </Code> | ||
+ | |||
+ | OPTIONS:\\ | ||
+ | * -M test : specifies that a test run should be executed the next time the ''smartd'' service is restarted | ||
+ | * -a : This enables some common options. You almost certainly want to use it as it checks the SMART health status (-H). Reports increases in both SMART error logs (-l). To check for failure of any Usage Attributes (-f) . | ||
+ | * -s (S/../.././02|L/../../1/00) : This schedules the short and long self-tests. In this example, the short self-test will run daily at 2:00 A.M. The long test will run on every Monday at 0:00. | ||
+ | |||
+ | For more information, see [[https://www.freebsd.org/cgi/man.cgi?query=smartd.conf&manpath=ports&sektion=5|the smartd.conf man page]]. | ||
+ | |||
+ | |||
+ | To test that everything works as expected, specifically that emails get sent, and since we have set the ''-M test'' option, we'll restart ''smartd''. As we restart the service, it is a good idea to have an eye on the log files so to get a feedback of the operations: | ||
+ | |||
+ | <Code:bash: Watch logs in one terminal> | ||
+ | > lnav /var/log/ | ||
+ | </Code> | ||
+ | |||
+ | <Code:bash| Restart smartd from another terminal> | ||
+ | > systemctl restart smartd | ||
+ | </Code> | ||
+ | |||
+ | You should see something like this in the logs: | ||
+ | <Code> | ||
+ | ... | ||
+ | Nov 25 03:06:09 cloud smartd[433]: Opened configuration file /etc/smartd.conf | ||
+ | ... | ||
+ | Nov 25 03:06:09 cloud smartd[433]: Device: /dev/sda [SAT], state read from /var/lib/smartmontools/smartd.HGST_HUS726020ALA610-N4G3M6DY.ata.state | ||
+ | ... | ||
+ | Nov 25 03:06:09 cloud smartd[433]: Monitoring 3 ATA/SATA, 0 SCSI/SAS and 0 NVMe devices | ||
+ | Nov 25 03:06:09 cloud smartd[433]: Executing test of /root/.smartd/smartd-runner to recipient@domain.com | ||
+ | Nov 25 03:06:09 cloud smartd[433]: Test of /root/.smartd/smartd-runner to recipient@domain.com: successful | ||
+ | ... | ||
+ | </Code> | ||
+ | |||
+ | Test emails should be delivered to the target mailbox.\\ | ||
+ | When it works, remove the ''-M test'' option in ''/etc/smartd.conf'' and restart the deamon with ''systemctl restart smartd''. | ||
+ | |||
=== FAIL2BAN === | === FAIL2BAN === | ||
Line 630: | Line 687: | ||
[[https://upcloud.com/community/tutorials/install-fail2ban-debian/]] | [[https://upcloud.com/community/tutorials/install-fail2ban-debian/]] | ||
+ | |||
===== Install VirtualBox guest additions ===== | ===== Install VirtualBox guest additions ===== | ||