Step 1:先到https://github.com/Cougar/lg ,先照網站上面的介紹,捉取程式
yum install git
git config --global url."https://".insteadOf git://
git clone https://github.com/Cougar/lg.git
Step 2:安裝必要的環境程式
yum install wget perl-Net-Telnet perl-Net-Telnet-Cisco perl-XML-Parser httpd
yum install gcc* perl-CPAN
yum install perl*
yum install mtr
yum install perl-DB_File
安裝perl的外掛,要用cpanm 安裝,後面CGI程式會到用,沒安裝會無法執行主程式,會一直跳Perl執行錯的error log
cpanm Net::SSH::Perl
cpanm Net::Telnet::Perl
Step 3:將git捉下來的程式放到WEB執行的目錄,並設定好對應的Apache的權限
mkdir /var/www/html/lg
cd /var/www/html/lg
cp /root/lg-1.9/lg.cgi .
cp /root/lg-1.9/favicon.ico .
cp /root/lg-1.9/lg.conf .
Step 4:確保/var/www/html/lg可讀,並且lg.cgi這支程式可以執行
chmod 644 *
chmod 755 lg.cgi
另外修改一下/var/www/html/lg/lg.cgi這支程式的第26行,原作者這個地方少了my 兩個字,導致未來執行lg.cgi會有錯,先修正如下
my $configfile = "lg.conf";
Step 5:調整Apache設定
vi /etc/httpd/conf/httpd.conf
加入以下設定
Alias /lg/favicon.ico "/var/www/html/lg/favicon.ico"
ScriptAlias /lg "/var/www/html/lg/lg.cgi"
AllowOverride None
AddHandler fcgid-script cgi-script .fcgi .cgi
Options +ExecCGI
AddHandler cgi-script .cgi
DirectoryIndex lg.cgi
Step 6:依照實際需求調整Looking Glass設定檔,加入需要的Router IP登入資訊
vi /var/www/html/lg/lg.conf
建議另外開一個專用的ssh帳號,並限制好可以輸入的指令權限,以免有資安上的疑慮
以下為Junos的限制方式
set system login class looking-glass permissions view-configuration
set system login class looking-glass allow-commands "(show)|(ping)|(traceroute)"
set system login class looking-glass deny-commands "(clear)|(file)|(file show)|(help)|(load)|(monitor)|(op)|(request)|(save)|(set)|(start)|(test)"
set system login user Test uid 2000
set system login user Test class looking-glass
set system login user Test authentication encrypted-password "$XfnbAZ60Iq8375TmTU0"
Step 7:原本cgi程式裡面的內容是給JunOS、Zebra、Cisco IOS的Router使用,為了要把Linux主機的MTR的traceroute與ping整合進去Looking Glass,需要稍微修改一下原本的CGI 程式裡面的zebra的指令,改成給不同台的Linux主機使用,並加入Junos可以用loopback IP做Ping與Traceroute的來源IP
"zebra" => {
"ipv4" => {
"bgp" => "show ip bgp %s",
"advertised-routes" => "show ip bgp neighbors %s advertised-routes",
"summary" => "show ip bgp summary",
"ping" => "ping %s -c 15 -w 1000",
"trace" => "mtr %s --report -c 5 --report-wide --no-dns"
},
"ipv6" => {
"bgp" => "show bgp ipv6 %s",
"advertised-routes" => "show bgp ipv6 neighbors %s advertised-routes",
"summary" => "show bgp ipv6 summary",
"ping" => "ping ipv6 %s",
"trace" => "traceroute ipv6 %s"
}
},
"junos" => {
"ipv4" => {
"trace" => "traceroute %s as-number-lookup interface lo0 inet"
},
"ipv6" => {
"trace" => "traceroute %s interface lo0 inet"
},
"ipv46" => {
"bgp" => "show bgp %s",
"advertised-routes" => "show route advertising-protocol bgp %s ",
"summary" => "show bgp summary",
"ping" => "ping %s interface lo0 inet count 50 rapid"
}
}
改成my $remotecmd = "$command; exit";
另外再把MTR與Traceroute的權限打開給受限制的低權限的ssh帳號
setcap cap_net_raw=pe /bin/traceroute
setcap cap_net_raw=pe /usr/sbin/mtr
ln -s /usr/sbin/mtr /usr/local/bin/mtr
chmod o+s /usr/sbin/mtr
Step 8:最後調整一下lg.conf裡面的一些網頁顯示的方式與圖片與Log位置
vi /var/www//html/lg/lg.conf
mkdir /var/www/html/images
cp logo.png /var/www/html/images/logo.png
指定好程式的log目錄
touch /var/log/lg.log
chown apache:apache /var/log/lg.log
Step 9:打開網頁測試 http://IP/lg.cgi
後記:實際建置時遇到不少的perl問題,可以到APACHE的error log裡面去找出異常的CGI執行行數的error log,然後再安裝對應的perl 套件
cat /var/log/httpd/error_log
cat /var/log/lg.log
1 回應:
Hi,
I have tried to build the LG on centos using the given procedure/steps but the html page does not appear. Can you please guide about it.specially about the step 5 in which section of httpd.conf the required lines needs to be pasted.
Step 5: Adjust Apache settings
vi /etc/httpd /conf/httpd.conf
add the following settings
Alias /lg/favicon.ico "/var/www/html/lg/favicon.ico"
ScriptAlias /lg "/var/www/html/lg/lg.cgi"
AllowOverride None
AddHandler fcgid-script cgi-script .fcgi .cgi
Options +ExecCGI
AddHandler cgi-script .cgi
DirectoryIndex lg.cgi
張貼留言