Monday, December 12, 2016

netapp mibs changes or curse you snmp

 i have a netapp.  
   
 the mibs are all new all the time since it is an enclosure.  
   
 i am using nagios.  
   
 my old nagios scripts do not work with my netapp.  
   
 here are some variables and here are some snmp oid changes:  
   
 FAN  1.3.6.1.4.1.789.1.21.1.2.1.18  
 PS  1.3.6.1.4.1.789.1.21.1.2.1.15  
 TEMP 1.3.6.1.4.1.789.1.21.1.2.1.27  
   
 thanks:   
 http://www.mibdepot.com/cgi-bin/getmib3.cgi?win=mib_a&r=netapp&f=netapp_2_2_2.mib&v=v2&t=tree  
   

Thursday, December 8, 2016

openvas is having a bad day on debian 8.2

 openvas is having a bad day on debian 8.2  
   
 i am seeing:  
   
 Operation: Start Task  
 Status code: 503  
 Status message: Service temporarily down  
   
 and to make things worse:  
   
 lib serv:WARNING:2016-12-07 10h00.00 UTC:4546: Failed to shake hands with peer:   
 The TLS connection was non-properly terminated.  
 lib serv:WARNING:2016-12-07 10h00.00 UTC:4546: Failed to shutdown server socket  
 event task:MESSAGE:2016-12-07 10h00.00 UTC:4546: Task could not be started by admin  
   
 great.  
   
 that means my certs are out of date. guess i need to update them.  
   
 # systemctl stop openvas-scanner  
 # systemctl stop openvas-manager  
 # openvas-mkcert -f  
 # openvas-mkcert-client -i -n  
 # openvasmd --get-scanners  
   
 08b69003-5fc2-4037-a479-93b440211c73 OpenVAS Default <- unique to each install  
   
 # ls -la /usr/local/var/lib/openvas/private/CA/  
   
 yes. that's where the keys are located.  
   
 # openvasmd --modify-scanner "08b69003-5fc2-4037-a479-93b440211c73" \  
 --scanner-ca-pub /usr/local/var/lib/openvas/CA/cacert.pem \  
 --scanner-key-pub /usr/local/var/lib/openvas/CA/clientcert.pem \  
 --scanner-key-priv /usr/local/var/lib/openvas/private/CA/clientkey.pem  
   
 # openvas-nvt-sync  
 # openvasmd --rebuild  
 # systemctl start openvas-manager  
 # systemctl start gsa  
   
 done  

Thursday, December 1, 2016

backup /etc on ubuntu 12.04

because i need /etc .
 
 etc_backup.sh

 #!/bin/bash  
   
 # Script to backup the /etc heirarchy  
 #  
 # Written 4/2002 by Wayne Pollock, Tampa Florida USA  
 #  
 # $Id: backup-etc,v 1.6 2004/08/25 01:42:26 wpollock Exp $  
 #  
 # $Log: backup-etc,v $  
 #  
 # Revision 1.6 2004/08/25 01:42:26 wpollock  
 # Changed backup name to include the hostname and 4 digit years.  
 #  
 # Revision 1.5 2004/01/07 18:07:33 wpollock  
 # Fixed dots routine to count files first, then calculate files per dot.  
 #  
 # Revision 1.4 2003/04/03 08:10:12 wpollock  
 # Changed how the version number is obtained, so the file  
 # can be checked out normally.  
 #  
 # Revision 1.3 2003/04/03 08:01:25 wpollock  
 # Added ultra-fancy dots function for verbose mode.  
 #  
 # Revision 1.2 2003/04/01 15:03:33 wpollock  
 # Eliminated the use of find, and discovered that tar was working  
 # as intended all along! (Each directory that find found was  
 # recursively backed-up, so for example /etc, then /etc/mail,  
 # caused /etc/mail/sendmail.mc to be backuped three times.)  
 #  
 # Revision 1.1 2003/03/23 18:57:29 wpollock  
 # Modified by Wayne Pollock:  
 #  
 # Discovered not all files were being backed up, so  
 # added "-print0 --force-local" to find and "--null -T -"  
 # to tar (eliminating xargs), to fix the problem when filenames  
 # contain metacharacters such as whitespace.  
 # Although this now seems to work, the current version of tar  
 # seems to have a bug causing it to backup every file two or  
 # three times when using these options! This is still better  
 # than not backing up some files at all.)  
 #  
 # Changed the logger level from "warning" to "error".  
 #  
 # Added '-v, --verbose' options to display dots every 60 files,  
 # just to give feedback to a user.  
 #  
 # Added '-V, --version' and '-h, --help' options.  
 #  
 # Removed the lock file mechanism and backup file renaming  
 # (from foo to foo.1), in favor of just including a time-stamp  
 # of the form "yymmdd-hhmm" to the filename.  
 #  
 PATH=/bin:/usr/bin  
   
 REPOSITORY=/opt/etc_backups/  
 TIMESTAMP=$(date '+%Y%m%d')  
 HOSTNAME=$(hostname -s)  
 FILE="$REPOSITORY/$HOSTNAME-$TIMESTAMP.tgz"  
   
 ERRMSGS=/tmp/backup-etc.$$  
 PROG=${0##*/}  
 VERSION=$(echo $Revision: 1.6 $ |awk '{print$2}')  
 VERBOSE=off  
   
 usage()  
 { echo "This script creates a full backup of /etc via tar in $REPOSITORY."  
   echo "Usage: $PROG [OPTIONS]"  
   echo ' Options:'  
   echo '  -v, --verbose  displays some feedback (dots) during backup'  
   echo '  -h, --help   displays this message'  
   echo '  -V, --version  display program version and author info'  
   echo  
 }  
   
 dots()  
 { MAX_DOTS=50  
   NUM_FILES=`find /etc|wc -l`  
   let 'FILES_PER_DOT = NUM_FILES / MAX_DOTS'  
   bold=`tput smso`  
   norm=`tput rmso`  
   tput sc  
   tput civis  
   echo -n "$bold(00%)$norm"  
   while read; do  
    let "cnt = (cnt + 1) % FILES_PER_DOT"  
    if [ "$cnt" -eq 0 ]  
    then  
      let '++num_dots'  
      let 'percent = (100 * num_dots) / MAX_DOTS'  
      [ "$percent" -gt "100" ] && percent=100  
      tput rc  
      printf "$bold(%02d%%)$norm" "$percent"  
      tput smir  
      echo -n "."  
      tput rmir  
    fi  
   done  
   tput cnorm  
   echo  
 }  
   
 # Command line argument processing:  
 while [ $# -gt 0 ]  
 do  
   case "$1" in  
    -v|--verbose) VERBOSE=on; ;;  
    -h|--help)   usage; exit 0; ;;  
    -V|--version) echo -n "$PROG version $VERSION "  
            echo 'Written by Wayne Pollock <pollock@acm.org>'  
            exit 0; ;;  
    *)       usage; exit 1; ;;  
   esac  
   shift  
 done  
   
 trap "rm -f $ERRMSGS" EXIT  
   
 cd /etc  
   
 # create backup, saving any error messages:  
 if [ "$VERBOSE" != "on" ]  
 then  
   tar -cz --force-local -f $FILE . 2> $ERRMSGS  
 else  
   tar -czv --force-local -f $FILE . 2> $ERRMSGS | dots  
 fi  
   
 # Log any error messages produced:  
 if [ -s "$ERRMSGS" ]  
 then logger -p user.error -t $PROG "$(cat $ERRMSGS)"  
 else logger -t $PROG "Completed full backup of /etc"  
 fi  
   
 exit 0  
   
i have it running in system cron. prior to it executing, i have dpkg
run to output installed packages... this helps with system restore, if
needed.
 50 22  * * *  root  /usr/bin/dpkg --get-selections > /etc/package-list.txt  
 00 23  * * *  root  /usr/local/scripts/etc_backup.sh  
   
   

bash scripts to backup svn server

there is nothing nearer and dearer to my heart than my svn server. if i lost it i would be unhappy for a very long time.
i have a bunch of scripts here:
/nfserver/bin
why? because if i lost my nfs mounts, my scripts would not work and i would not have to deal with my fs filling up.
yes, i could check for the mount being active, but why bother? i like keeping all my eggs in one basket.
 
 svn_backup.sh
  
 #!/bin/bash  
   
 # set values  
 repos=( repo1 repo2 repo3 )  
 rpath=/var/svn/repositories  
 opath=/nfsmount/svn  
 tpath=/tmp/svn  
 suffix=$(date +%Y-%m-%d)  
   
     #check if we need to make output path  
     if [ -d $opath ]  
     then  
         # directory exists, we are good to continue  
         filer="just some action to prevent syntax error"  
     else  
         #we need to make the directory  
         echo Creating $opath  
         mkdir -p $opath  
     fi  
   
     # remove contents of tmp  
     rm -rf $tpath  
     mkdir -p $tpath  
   
 for (( i = 0 ; i < ${#repos[@]} ; i++ ))  
 do  
   
     svnadmin hotcopy $rpath/${repos[$i]} ${tpath}/${repos[$i]}_$suffix.hotcopy  
   
     #now compress them  
     tar -czf ${opath}/${repos[$i]}_$suffix.hotcopy.tar.gz -C ${tpath}/${repos[$i]}_$suffix.hotcopy .  
   
     if [ -s error ]  
     then  
         printf "WARNING: An error occured while attempting to backup %s \n\tError:\n\t" ${repos[$i]}  
         cat error  
         rm -f er  
     else  
         printf "%s was backed up successfully \n\n" ${repos[$i]} $SVNDUMP  
     fi  
 done  
   
let's backup the individual hooks and conf directories. and apache conf, too.
 hotcopy will backup db, and that's about it.  
 we need confs. hooks. and stuff. logs meh.  
   
 the svn server has the following layout:  
   
 > hookscripts  
  mailer.conf  
  no-archives.py  
  post-commit  
  pre-commit  
  pre-revprop-change  
  readme.txt  
  svnperms.conf  
  svnperms.py  
   
 > logs  
  commit-email.log  
  repo-pre-commit  
  svn_logfile  
   
 > repositories  
  > repo  
   > conf  
   > dav  
   > db  
   > format  
   > hooks  
    > locks  
 
svn_apacheconf_backup.sh

#!/bin/bash  
   
 # set values  
 apacheconf=( /etc/apache2 )  
 svnconf=( /var/svn/hookscripts )
 repos=( repo1 repo2 repo3 )  
 confdirs=( conf hooks )  
 rpath=/var/svn/repositories  
 opath=/nfsmount/svn  
 suffix=$(date +%Y-%m-%d)  
   
 #check if we need to make path  
 if [ -d $opath ]  
 then  
     # directory exists, we are good to continue  
     filler="just some action to prevent syntax error"  
 else  
     #we need to make the directory  
     echo Creating $opath  
     mkdir -p $opath  
 fi  
   
 #now do the apache backup  
 APACHECONFDUMP=${opath}/apacheconf_$suffix.tar.gz  
   
 tar -zcvf $APACHECONFDUMP $apacheconf 2>&1  
   
 if [ -s error ]  
 then  
     printf "WARNING: An error occured while attempting to backup %s \n\tError:\n\t" $apacheconf  
     cat error  
     rm -f er  
 else  
     printf "%s was backed up successfully \n\n" $APACHECONFDUMP  
 fi  
 

 #now do the svn conf backup
 SVNCONFDUMP=${opath}/svnconf_$suffix.tar.gz

 tar -zcvf $SVNCONFDUMP $svnconf 2>&1

 if [ -s error ]
 then
        printf "WARNING: An error occured while attempting to backup %s  \n\tEr$
        cat error
        rm -f er
 else
        printf "%s was backed up successfully \n\n" $SVNCONFDUMP
 fi

 #now to do the config backups  
 for (( i = 0; i < ${#repos[@]} ; i++ ))  
 do  
     for (( j = 0 ; j < ${#confdirs[@]} ; j++ ))  
     do  
         CONFDUMP=${opath}/${repos[i]}_${confdirs[j]}_$suffix.tar.gz  
         CONFDIR=${rpath}/${repos[i]}/${confdirs[j]}  
   
         tar -zcvf $CONFDUMP $CONFDIR 2>&1  
   
         if [ -s error ]  
         then  
             printf "WARNING: An error occured while attempting to backup %s \n\tError:\n\t" $CONFDIR  
             cat error  
             rm -f er  
         else  
             printf "%s was backed up successfully \n\n" $CONFDUMP  
         fi  
     done  
 done  
   
   
let's purge our old backups. i keep a week of them.
 
 svn_purgebackups.sh 

 #!/bin/bash  
   
 #this script will run through all nested directories of a parent just killing off all matching files.  
   
 ######  
 ### Set these values  
 ######  
   
 ## default days to retain (override with .RETAIN_RULE in specific directory  
 DEFRETAIN=7  
   
 #want to append the activity to a log? good idea, add its location here  
 LOGFILE=/nfsmount/svn/removed.log  
   
 # enter the distinguishing extension, or portion of the filename here (eg. log, txt, etc.)  
 EXTENSION=gz  
   
   
 #the absolute path of folder to begin purging  
 #this is the top most file to begin the attack, all sub directories contain lowercase letters and periods are game.  
 DIRECTORY=/nfsmount/svn  
   
 #####  
 ##  End user configuartion  
 #####  
   
   
 #this note will remind you that you have a log in case your getting emails from a cron job or something  
 echo see $LOGFILE for details  
   
 #jump to working directory  
 cd $DIRECTORY  
   
 #if your sub-dirs have some crazy characters you may adjust this regex  
 DIRS=`ls | grep ^[a-z.]*$`  
   
   
 TODAY=`date`  
   
 printf "\n\n********************************************\n\tSVN Purge Log for:\n\t" | tee -a $LOGFILE  
 echo $TODAY | tee -a $LOGFILE  
 printf "********************************************\n" $TODAY | tee -a $LOGFILE  
   
 for DIR in $DIRS  
 do  
     pushd $DIR >/dev/null  
     HERE=`pwd`  
     printf "\n\n%s\n" $HERE | tee -a $LOGFILE  
     if [ -f .RETAIN_RULE ]  
     then  
         printf "\tdefault Retain period being overridden\n" | tee -a $LOGFILE  
         read RETAIN < .RETAIN_RULE  
     else  
         RETAIN=$DEFRETAIN  
     fi  
   
     printf "\tpurging files older than %s days\n" ${RETAIN} | tee -a $LOGFILE  
   
     OLDFILES=`find -mtime +${RETAIN} -regex .*${EXTENSION}.*`  
   
     set -- $OLDFILES  
   
    if [ -z $1 ]  
     then  
         printf "\tNo files matching purge criteria\n" | tee -a $LOGFILE  
     else  
         printf "\tDump Files being deleted from $HERE\n" | tee -a $LOGFILE  
         printf "\t\t%s\n" $OLDFILES | tee -a $LOGFILE  
     fi  
   
     rm -f $OLDFILES  
     if [ $? -ne 0 ]  
     then  
         echo "Error while deleting last set" | tee -a $LOGFILE  
         exit 2  
     else  
         printf "\tSuccess\n" | tee -a $LOGFILE  
     fi  
     popd >/dev/null  
 done  
   
   
in priv user crontab, i have these entries:
   
 15 0  * * *  /nfsmount/bin/svn_backup.sh | mail -s "svn hotcopy report" me@there.com 2>&1  
 25 0  * * *  /nfsmount/bin/svn_apacheconf_backup.sh | mail -s "svn apacheconf report" me@there.com 2>&1  
 45 1  * * *  /nfsmount/bin/svn_purgebackups.sh | mail -s "purge archive report" me@there.com 2>&1