i have a netapp.
the mibs are all new all the time since it is an enclosure.
i am using nagios.
my old nagios scripts do not work with my netapp.
here are some variables and here are some snmp oid changes:
FAN 1.3.6.1.4.1.789.1.21.1.2.1.18
PS 1.3.6.1.4.1.789.1.21.1.2.1.15
TEMP 1.3.6.1.4.1.789.1.21.1.2.1.27
thanks:
http://www.mibdepot.com/cgi-bin/getmib3.cgi?win=mib_a&r=netapp&f=netapp_2_2_2.mib&v=v2&t=tree
Monday, December 12, 2016
netapp mibs changes or curse you snmp
Thursday, December 8, 2016
openvas is having a bad day on debian 8.2
openvas is having a bad day on debian 8.2
i am seeing:
Operation: Start Task
Status code: 503
Status message: Service temporarily down
and to make things worse:
lib serv:WARNING:2016-12-07 10h00.00 UTC:4546: Failed to shake hands with peer:
The TLS connection was non-properly terminated.
lib serv:WARNING:2016-12-07 10h00.00 UTC:4546: Failed to shutdown server socket
event task:MESSAGE:2016-12-07 10h00.00 UTC:4546: Task could not be started by admin
great.
that means my certs are out of date. guess i need to update them.
# systemctl stop openvas-scanner
# systemctl stop openvas-manager
# openvas-mkcert -f
# openvas-mkcert-client -i -n
# openvasmd --get-scanners
08b69003-5fc2-4037-a479-93b440211c73 OpenVAS Default <- unique to each install
# ls -la /usr/local/var/lib/openvas/private/CA/
yes. that's where the keys are located.
# openvasmd --modify-scanner "08b69003-5fc2-4037-a479-93b440211c73" \
--scanner-ca-pub /usr/local/var/lib/openvas/CA/cacert.pem \
--scanner-key-pub /usr/local/var/lib/openvas/CA/clientcert.pem \
--scanner-key-priv /usr/local/var/lib/openvas/private/CA/clientkey.pem
# openvas-nvt-sync
# openvasmd --rebuild
# systemctl start openvas-manager
# systemctl start gsa
done
Thursday, December 1, 2016
backup /etc on ubuntu 12.04
because i need /etc .
run to output installed packages... this helps with system restore, if
needed.
etc_backup.sh
#!/bin/bash
# Script to backup the /etc heirarchy
#
# Written 4/2002 by Wayne Pollock, Tampa Florida USA
#
# $Id: backup-etc,v 1.6 2004/08/25 01:42:26 wpollock Exp $
#
# $Log: backup-etc,v $
#
# Revision 1.6 2004/08/25 01:42:26 wpollock
# Changed backup name to include the hostname and 4 digit years.
#
# Revision 1.5 2004/01/07 18:07:33 wpollock
# Fixed dots routine to count files first, then calculate files per dot.
#
# Revision 1.4 2003/04/03 08:10:12 wpollock
# Changed how the version number is obtained, so the file
# can be checked out normally.
#
# Revision 1.3 2003/04/03 08:01:25 wpollock
# Added ultra-fancy dots function for verbose mode.
#
# Revision 1.2 2003/04/01 15:03:33 wpollock
# Eliminated the use of find, and discovered that tar was working
# as intended all along! (Each directory that find found was
# recursively backed-up, so for example /etc, then /etc/mail,
# caused /etc/mail/sendmail.mc to be backuped three times.)
#
# Revision 1.1 2003/03/23 18:57:29 wpollock
# Modified by Wayne Pollock:
#
# Discovered not all files were being backed up, so
# added "-print0 --force-local" to find and "--null -T -"
# to tar (eliminating xargs), to fix the problem when filenames
# contain metacharacters such as whitespace.
# Although this now seems to work, the current version of tar
# seems to have a bug causing it to backup every file two or
# three times when using these options! This is still better
# than not backing up some files at all.)
#
# Changed the logger level from "warning" to "error".
#
# Added '-v, --verbose' options to display dots every 60 files,
# just to give feedback to a user.
#
# Added '-V, --version' and '-h, --help' options.
#
# Removed the lock file mechanism and backup file renaming
# (from foo to foo.1), in favor of just including a time-stamp
# of the form "yymmdd-hhmm" to the filename.
#
PATH=/bin:/usr/bin
REPOSITORY=/opt/etc_backups/
TIMESTAMP=$(date '+%Y%m%d')
HOSTNAME=$(hostname -s)
FILE="$REPOSITORY/$HOSTNAME-$TIMESTAMP.tgz"
ERRMSGS=/tmp/backup-etc.$$
PROG=${0##*/}
VERSION=$(echo $Revision: 1.6 $ |awk '{print$2}')
VERBOSE=off
usage()
{ echo "This script creates a full backup of /etc via tar in $REPOSITORY."
echo "Usage: $PROG [OPTIONS]"
echo ' Options:'
echo ' -v, --verbose displays some feedback (dots) during backup'
echo ' -h, --help displays this message'
echo ' -V, --version display program version and author info'
echo
}
dots()
{ MAX_DOTS=50
NUM_FILES=`find /etc|wc -l`
let 'FILES_PER_DOT = NUM_FILES / MAX_DOTS'
bold=`tput smso`
norm=`tput rmso`
tput sc
tput civis
echo -n "$bold(00%)$norm"
while read; do
let "cnt = (cnt + 1) % FILES_PER_DOT"
if [ "$cnt" -eq 0 ]
then
let '++num_dots'
let 'percent = (100 * num_dots) / MAX_DOTS'
[ "$percent" -gt "100" ] && percent=100
tput rc
printf "$bold(%02d%%)$norm" "$percent"
tput smir
echo -n "."
tput rmir
fi
done
tput cnorm
echo
}
# Command line argument processing:
while [ $# -gt 0 ]
do
case "$1" in
-v|--verbose) VERBOSE=on; ;;
-h|--help) usage; exit 0; ;;
-V|--version) echo -n "$PROG version $VERSION "
echo 'Written by Wayne Pollock <pollock@acm.org>'
exit 0; ;;
*) usage; exit 1; ;;
esac
shift
done
trap "rm -f $ERRMSGS" EXIT
cd /etc
# create backup, saving any error messages:
if [ "$VERBOSE" != "on" ]
then
tar -cz --force-local -f $FILE . 2> $ERRMSGS
else
tar -czv --force-local -f $FILE . 2> $ERRMSGS | dots
fi
# Log any error messages produced:
if [ -s "$ERRMSGS" ]
then logger -p user.error -t $PROG "$(cat $ERRMSGS)"
else logger -t $PROG "Completed full backup of /etc"
fi
exit 0
run to output installed packages... this helps with system restore, if
needed.
50 22 * * * root /usr/bin/dpkg --get-selections > /etc/package-list.txt
00 23 * * * root /usr/local/scripts/etc_backup.sh
bash scripts to backup svn server
there is nothing nearer and dearer to my heart than my svn server. if i lost it i would be unhappy for a very long time.
i have a bunch of scripts here:
/nfserver/bin
why? because if i lost my nfs mounts, my scripts would not work and i would not have to deal with my fs filling up.
yes, i could check for the mount being active, but why bother? i like keeping all my eggs in one basket.
i have a bunch of scripts here:
/nfserver/bin
why? because if i lost my nfs mounts, my scripts would not work and i would not have to deal with my fs filling up.
yes, i could check for the mount being active, but why bother? i like keeping all my eggs in one basket.
svn_backup.sh
#!/bin/bash
# set values
repos=( repo1 repo2 repo3 )
rpath=/var/svn/repositories
opath=/nfsmount/svn
tpath=/tmp/svn
suffix=$(date +%Y-%m-%d)
#check if we need to make output path
if [ -d $opath ]
then
# directory exists, we are good to continue
filer="just some action to prevent syntax error"
else
#we need to make the directory
echo Creating $opath
mkdir -p $opath
fi
# remove contents of tmp
rm -rf $tpath
mkdir -p $tpath
for (( i = 0 ; i < ${#repos[@]} ; i++ ))
do
svnadmin hotcopy $rpath/${repos[$i]} ${tpath}/${repos[$i]}_$suffix.hotcopy
#now compress them
tar -czf ${opath}/${repos[$i]}_$suffix.hotcopy.tar.gz -C ${tpath}/${repos[$i]}_$suffix.hotcopy .
if [ -s error ]
then
printf "WARNING: An error occured while attempting to backup %s \n\tError:\n\t" ${repos[$i]}
cat error
rm -f er
else
printf "%s was backed up successfully \n\n" ${repos[$i]} $SVNDUMP
fi
done
hotcopy will backup db, and that's about it.
we need confs. hooks. and stuff. logs meh.
the svn server has the following layout:
> hookscripts
mailer.conf
no-archives.py
post-commit
pre-commit
pre-revprop-change
readme.txt
svnperms.conf
svnperms.py
> logs
commit-email.log
repo-pre-commit
svn_logfile
> repositories
> repo
> conf
> dav
> db
> format
> hooks
> locks
svn_apacheconf_backup.sh
#!/bin/bash
# set values
apacheconf=( /etc/apache2 )
svnconf=( /var/svn/hookscripts )
repos=( repo1 repo2 repo3 )
confdirs=( conf hooks )
rpath=/var/svn/repositories
opath=/nfsmount/svn
suffix=$(date +%Y-%m-%d)
#check if we need to make path
if [ -d $opath ]
then
# directory exists, we are good to continue
filler="just some action to prevent syntax error"
else
#we need to make the directory
echo Creating $opath
mkdir -p $opath
fi
#now do the apache backup
APACHECONFDUMP=${opath}/apacheconf_$suffix.tar.gz
tar -zcvf $APACHECONFDUMP $apacheconf 2>&1
if [ -s error ]
then
printf "WARNING: An error occured while attempting to backup %s \n\tError:\n\t" $apacheconf
cat error
rm -f er
else
printf "%s was backed up successfully \n\n" $APACHECONFDUMP
fi
#now do the svn conf backup
SVNCONFDUMP=${opath}/svnconf_$suffix.tar.gz
tar -zcvf $SVNCONFDUMP $svnconf 2>&1
if [ -s error ]
then
printf "WARNING: An error occured while attempting to backup %s \n\tEr$
cat error
rm -f er
else
printf "%s was backed up successfully \n\n" $SVNCONFDUMP
fi
#now to do the config backups
for (( i = 0; i < ${#repos[@]} ; i++ ))
do
for (( j = 0 ; j < ${#confdirs[@]} ; j++ ))
do
CONFDUMP=${opath}/${repos[i]}_${confdirs[j]}_$suffix.tar.gz
CONFDIR=${rpath}/${repos[i]}/${confdirs[j]}
tar -zcvf $CONFDUMP $CONFDIR 2>&1
if [ -s error ]
then
printf "WARNING: An error occured while attempting to backup %s \n\tError:\n\t" $CONFDIR
cat error
rm -f er
else
printf "%s was backed up successfully \n\n" $CONFDUMP
fi
done
done
svn_purgebackups.sh
#!/bin/bash
#this script will run through all nested directories of a parent just killing off all matching files.
######
### Set these values
######
## default days to retain (override with .RETAIN_RULE in specific directory
DEFRETAIN=7
#want to append the activity to a log? good idea, add its location here
LOGFILE=/nfsmount/svn/removed.log
# enter the distinguishing extension, or portion of the filename here (eg. log, txt, etc.)
EXTENSION=gz
#the absolute path of folder to begin purging
#this is the top most file to begin the attack, all sub directories contain lowercase letters and periods are game.
DIRECTORY=/nfsmount/svn
#####
## End user configuartion
#####
#this note will remind you that you have a log in case your getting emails from a cron job or something
echo see $LOGFILE for details
#jump to working directory
cd $DIRECTORY
#if your sub-dirs have some crazy characters you may adjust this regex
DIRS=`ls | grep ^[a-z.]*$`
TODAY=`date`
printf "\n\n********************************************\n\tSVN Purge Log for:\n\t" | tee -a $LOGFILE
echo $TODAY | tee -a $LOGFILE
printf "********************************************\n" $TODAY | tee -a $LOGFILE
for DIR in $DIRS
do
pushd $DIR >/dev/null
HERE=`pwd`
printf "\n\n%s\n" $HERE | tee -a $LOGFILE
if [ -f .RETAIN_RULE ]
then
printf "\tdefault Retain period being overridden\n" | tee -a $LOGFILE
read RETAIN < .RETAIN_RULE
else
RETAIN=$DEFRETAIN
fi
printf "\tpurging files older than %s days\n" ${RETAIN} | tee -a $LOGFILE
OLDFILES=`find -mtime +${RETAIN} -regex .*${EXTENSION}.*`
set -- $OLDFILES
if [ -z $1 ]
then
printf "\tNo files matching purge criteria\n" | tee -a $LOGFILE
else
printf "\tDump Files being deleted from $HERE\n" | tee -a $LOGFILE
printf "\t\t%s\n" $OLDFILES | tee -a $LOGFILE
fi
rm -f $OLDFILES
if [ $? -ne 0 ]
then
echo "Error while deleting last set" | tee -a $LOGFILE
exit 2
else
printf "\tSuccess\n" | tee -a $LOGFILE
fi
popd >/dev/null
done
15 0 * * * /nfsmount/bin/svn_backup.sh | mail -s "svn hotcopy report" me@there.com 2>&1
25 0 * * * /nfsmount/bin/svn_apacheconf_backup.sh | mail -s "svn apacheconf report" me@there.com 2>&1
45 1 * * * /nfsmount/bin/svn_purgebackups.sh | mail -s "purge archive report" me@there.com 2>&1
Subscribe to:
Posts (Atom)