Category Archives: General

Feelings, Thoughts, Musings, and more on my life and experiences.

Should you use a VPN? And other resources

A good friend of mine recently emailed me with the following question:

I’ve been working out of coffee shops a good bit and I think it would be a good idea to use a VPN for a more secure connection. Can you point me to a good resource on how I can do that?

As I was responding to his email, I realized that this short, introductory information on VPNs (and why you SHOULD use one) could be helpful as a blog post. So without further ado, here is (an edited) version of the email I sent in response to the above question:

Short answer:
I would definitely and strongly recommend that you use a VPN.

Longer answer:
While you’re thinking about a VPN for your computer, you might also consider a VPN for your phone as well – that is, if you connect your phone to coffee shop WiFi.

Personally, I run my own VPN server because I don’t trust (nor am very familiar with) 3rd party VPN providers. There’s a ton of services out there that offer VPN for a small fee (usually, monthly). My VPN server sits here in my home office and routes my internet connection completely through my home internet when I use it. So, I’m sitting in a coffee shop, I connect to my VPN, the traffic between my computer and my house is encrypted and secure, and then from the perspective of the websites I visit, it “looks” like I’m sitting at my desk at home.

Obviously I don’t expect you or the average person to know how to setup your own VPN server. But if you’re going to choose to go with a VPN service, you need to make sure you go with a reputable source. Generally speaking, VPN technology can be very weak (if configured improperly), or very secure (if configured properly).

Lots of 3rd party providers don’t do a good job with security (hence the reason I distrust 3rd party providers by default). I use an open source technology called OpenVPN (https://openvpn.net/) for my software, and then as I mentioned earlier, the server itself is located at my house. So I have fully configured and secured my own server.

This looks like a really good place to start, in terms of searching for 3rd party providers. I generally trust CNET, and like most of the things they put out: https://www.cnet.com/best-vpn-services-directory/. Another resource that looks like a good introduction is:  https://www.pcmag.com/article2/0,2817,2403388,00.asp

Based on the above resources, and (briefly) reviewing their websites, NordVPN or StrongVPN would probably be my recommendation. I don’t know anything about these guys, but this looks like a reasonable option, that is also based on the OpenVPN software: https://www.privatetunnel.com/pricing/

It looks to me like you’d be paying about $5/month for the above services.

Do you use a VPN? If so, is it self-hosted, or do you use a 3rd party VPN service? Who is your service through, and why do you use it? Let me know in the comments!

Share

Monitoring Linux Systems with Nagios

17 February 2016

I don’t blog over here very much, partly because I try to keep the blog at Develop CENTS updated on a regular basis (although admittedly, I still don’t even blog over there nearly as often as I should). My topics on this website are more personal in nature, including my feelings on public policy (NSA Surveillance, anyone?), requests for public help (I’m looking for some missing family wedding photos taken in Germany in 1946), and posts on computer security that wouldn’t be a great fit for the Develop CENTS blog.

Nagios is extremely versatile, and can monitor just about anything. I first tasted Nagios when I worked as an Operations Intern for Acquia, a Drupal services company in Boston. This was after I spent a year in AmeriCorps working with a Boston nonprofit as a web developer and one of their server administrators.

In today’s post, I’m going to share some of my accumulated knowledge in using Nagios to monitor the infrastructure we manage through Develop CENTS. I recently (in December 2015) gave a presentation to the ChaDevOps Meetup Group on a Basic Introduction to Nagios. You can view all of my workshops & presentations at https://developcents.com/knowledge-base/#past-workshops.

Up until recently, I only used Nagios to monitor public services (namely, does a URL properly load, and is the server responsive to ICMP pings). Within the last 2 months, I’ve expanded my basic Nagios implementation to using NRPE for monitoring server load, memory usage, and postfix mail queues on various servers.

The Setup

I run all of my infrastructure on CentOS. Most of the servers I manage are running either CentOS 6 or 7, although I still have a couple legacy CentOS 5 machines under my control. Instead of compiling Nagios from source (who wants to maintain that?), I’ve opted to use the EPEL repository.

Here’s my setup:

  • EPEL Repo (For CentOS 7, you can install it with `rpm -iUvh http://ftp.linux.ncsu.edu/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm`)
  • After you do a `yum install nagios nagios-plugins-all nagios-nrpe`, you can find the relevant Nagios files as follows:
    • Main config and conf.d directory is in /etc/nagios/
    • Plugins are located in /usr/lib64/nagios/plugins
    • NRPE config is at /etc/nagios/nrpe.conf

The Monitoring

Here’s some of the things that I’m monitoring:

  • Checking for correct DNS values on various hosts
    • check_dns -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit] — http://nagios-plugins.org/doc/man/check_dns.html
    • This doesn’t require NRPE, and is a simple check from the monitoring server. Here’s my service definition:

      define service{     host_name ns1.developcents.com     service_description DNS Check     check_command check_dns!ns1.developcents.com     contact_groups admins     max_check_attempts 3     check_interval 10     retry_interval 5     check_period 24×7     notification_interval 30     notification_period 24×7}

  • Checking to see if server load is reasonable
    • check_load [-r] -w WLOAD1,WLOAD5,WLOAD15 -c CLOAD1,CLOAD5,CLOAD15 — http://nagios-plugins.org/doc/man/check_load.html
    • This does require NRPE. Here’s my service definition on the monitoring server:

      define service{ host_name mail.developcents.com service_description Server Load contact_groups admins check_command check_nrpe!check_load check_interval 4 retry_interval 1 max_check_attempts 3 check_period 24×7 notification_period 24×7 }

    • And here’s my NRPE command (found in nrpe.conf) on the server that is being monitored:command[check_load]=/usr/lib64/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
  • Checking the Mail Queue to make sure it’s not clogged
    • This is a 3rd party plugin not included in the default nagios-plugins-all package provided by EPEL. The plugin information is at https://exchange.nagios.org/directory/Plugins/Email-and-Groupware/Postfix/check_postfix_queue/details.
    • Here’s my service definition on the monitoring server:

      define service{ host_name mail.developcents.com service_description Mail Queue contact_groups admins check_command check_nrpe!check_queue check_interval 4 retry_interval 1 max_check_attempts 3 check_period 24×7 notification_period 24×7 }

    • And here’s my NRPE command (again, note that this goes into nrpe.conf on the server that is actually being monitored):command[check_queue]=/usr/lib64/nagios/plugins/check_postfix_queue -w 15 -c 30

I hope that this information is useful to someone! You can also find some of my Nagios-related questions & answers on ServerFault and StackOverflow:

  • My Question and answer on how to monitor URLs: http://stackoverflow.com/questions/9246557/monitoring-urls-with-nagios/
  • My Question and answer on how to monitor hosts with check_ping: http://stackoverflow.com/questions/26746404/nagios-monitoring-hosts-with-check-ping
  • My Answer to How to run a check from the CLI: http://serverfault.com/questions/339968/how-can-i-manually-run-a-nagios-check-from-the-command-line/339969#339969 (See my answer)

Want to share some of your Nagios knowledge? Leave me a comment.

Want me to help you with your Nagios – or other sysadmin – needs? Get a hold of me through Develop CENTS.

Share