a nagios check to remind me the SSL certificate expiration

March 3rd, 2014

I wrote a quite unuseful check for nagios to remind me to renew my SSL certificate. This is the definition in commands.cfg file

define command{
        command_name check_ssl_expiration
        command_line /usr/lib/nagios/plugins/check_ssl_expiration.sh $ARG1$ $ARG2$ $ARG3$ $ARG4$
}

and this the check_ssl_expiration.sh script

#!/bin/bash
# input parameters
MYSRV=$1
MYPORT=$2
DAYWARN=$3
DAYCRIT=$4
# return values
RET_OK=”0″
RET_WARN=”1″
RET_CRIT=”2″
RET_UNKN=”3″
TEMPFILE=/tmp/.$$certtest.pem

# check data input
checkdata () {
        VAL=`echo $2 | wc | awk ‘{print $2}’`
        if [ $VAL -eq 0 ]; then
                echo $1 is not set
                exit $RET_UNKN
        fi
}

checkdata “HTTPS server name” $MYSRV
checkdata “HTTPS PORT” $MYPORT
checkdata “warning threshold” $DAYWARN
checkdata “critical error threshold” $DAYCRIT

echo | openssl s_client -connect $MYSRV:$MYPORT  2> /dev/null | sed -ne ‘/-BEGIN CERT/,/-END CERT/p’ > $TEMPFILE 2>/dev/null
EXPDATE=`openssl x509 -noout -in $TEMPFILE -dates|grep notAfter|sed -e “s/.*notAfter=//”`
rm $TEMPFILE

EXPSEC=`date “+%s” –date=”$EXPDATE”`
NOWSEC=`date “+%s”`
DAYLEFT=`expr \( $EXPSEC – $NOWSEC \) / 86400`

# $DAYLEFT days left to SSL certificate expiration

if [ $DAYLEFT -le $DAYCRIT ]; then
        echo “ERROR - $DAYLEFT days left to SSL certificate expiration for $MYSRV:$MYPORT”
        exit $RET_CRIT
fi

if [ $DAYLEFT -le $DAYWARN ]; then
        echo “WARNING - $DAYLEFT days left to SSL certificate expiration for $MYSRV:$MYPORT”
        exit $RET_WARN
fi

echo “$DAYLEFT days left to SSL certificate expiration for $MYSRV:$MYPORT”
exit $RET_OK

Off course I scheduled this check once a day.

How to remove the NameVirtualHost *:80 has no VirtualHosts warning

February 17th, 2014

I had a debian squeeze webserver showing me this strange warning at statrup

root@web:/etc/apache2# /etc/init.d/apache2 restart
Restarting web server: apache2[Mon Feb 17 10:27:43 2014] [warn] NameVirtualHost *:443 has no VirtualHosts
[Mon Feb 17 10:27:43 2014] [warn] NameVirtualHost *:80 has no VirtualHosts
 … waiting [Mon Feb 17 10:27:44 2014] [warn] NameVirtualHost *:443 has no VirtualHosts
[Mon Feb 17 10:27:44 2014] [warn] NameVirtualHost *:80 has no VirtualHosts

This was due to a duplicated couple of lines in configuration.

NameVirtualHost *:80
NameVirtualHost *:443

in the /etc/apache2/port.conf and in /etc/apache2/conf.d/virtual.conf too. Commenting out the last file I removed the warning.

Don’t ask me, I don’t know why…

February 7th, 2014

I’m telling You about a Centos 5.10 server joined to an Active Directory environment.
Once I was able to open a ssh session on this server with my A.D. username/password, but some day ago I noticed it was possible only to log in this server using local root account.
I discovered that the wbinfo -i myusername  command retuned a WBC_ERR_WINBIND_NOT_AVAILABLE error.

To fix this problem I issued the following commands:

  # service winbind stop
  # service smb stop
  # net cache flush
  # rm -f /var/lib/samba/*tdb
  # service smb start
  # service winbind start

A nagios plugin to check Tomcat Apps

February 5th, 2014

I wrote a simple nagios plugin to check the status of tomcat webapps.
Instead of looking pages like this one…
click to enlarge
I’d better to use some script like this.
To put the plugin in the nagios environment, add these lines

define command{
command_name check_tomcat_app
command_line /bin/bash /usr/lib/nagios/plugins/check_tomcat_app $ARG1$ $ARG2$ $ARG3$
}

to the commands.cfg file definitions.Then add some line like theese

define service{
use generic-service
host_name myhostname
service_description Examples Web Service
is_volatile 0
check_period 24×7
max_check_attempts 3
normal_check_interval 15
retry_check_interval 1
contact_groups admins
notification_interval 240
notification_period 24×7
notification_options c,r
check_command check_tomcat_app!”http://tomcatserver.my.lan:8080/manager/html/list”!Examples!admin:passw
}

into the services.cfg file.
Off corse username and password has to be set up in tomcat-users.xml file

$ cat /usr/local/apache-tomcat/conf/tomcat-users.xml
<?xml version=’1.0′ encoding=’utf-8′?>
<tomcat-users>
<role rolename=”manager”/>
<role rolename=”admin-gui”/>
<role rolename=”manager-gui”/>
<role rolename=”manager-status”/>
<user username=”admin” password=”passw” roles=”manager,manager-gui,manager-status,admin-gui”/>
</tomcat-users>

How to remove the read failed after 0 of 4096 I/O error

September 18th, 2013

Recently in a very old server I had to remove a disk. My server was composed by two physical volumes: a RAID5 volume, shown as /dev/sda  to the operating system  by the SCSI controller, and a single hard disk as /dev/sdb.

My /dev/sdb, since there is no way to have a new disk with the same geometry, I decided to remove it.
The bios utility of my SCSI controller is quite strange and I cannot remove my une-disk logical volume without remove all the configuration.

root@arch:~# pvdisplay
  /dev/sdb: read failed after 0 of 4096 at 0: input/output Error
  /dev/sdb: read failed after 0 of 4096 at 146695716864: input/output Error
  /dev/sdb: read failed after 0 of 4096 at 146695774208: input/output Error
  /dev/sdb: read failed after 0 of 4096 at 4096: input/output Error
  — Physical volume —
  PV Name               /dev/sda1
  VG Name               vg_system
  PV Size               838,12 GiB / not usable 2,00 MiB
  Allocatable           yes
  PE Size               4,00 MiB
  Total PE              214559
  Free PE               21184
  Allocated PE          193375
  PV UUID               ZQQwAs-yGgP-LZXk-3cTy-yaOb-gijr-bnUCz4

So I’d better to leave my controller untouched and tell my linux CentOS to forget the /dev/sdb disk.

root@arch:~# echo 1 > /sys/block/sdb/device/delete

x2go

May 3rd, 2013

Thanks to a Sebastian’s post here, I noticed the existence of  x2go. I’ve just tested it and I liked it a lot. X2go is a very nice way to access my linux desktop.

In order to install x2go server-side, on a Centos 6.4 I only needed theese commands:

yum update
wget -O /etc/yum.repos.d/x2go.repo http://download.opensuse.org/repositories/X11:/RemoteDesktop:/x2go/RHEL_6/X11:RemoteDesktop:x2go.repo
yum update
yum install x2goserver

then

vi /etc/group

to add the guys to be allowed to connect to their desktop. E.g.

x2gouser:x:298:joe,jane,jack,jasmine

The x2go windows client can be downloaded from http://code.x2go.org/releases/binary-win32/x2goclient/releases/.

a self-made log statistics with wordpress

August 14th, 2012

It’s not the case of freeshell.de or nic-nac-project.de that kindly is hosting this blog, but in the world there are some low cost hosting profiles where You can’t access your weblog.
Several times the webserver logs nothing at all.
Since I think  it’s a nice thing to have my web access statistics, if Your wordpress blog is on such kind of webserver, I suggest to add some plugin to your wordpress installation, such as myStat.

Once I preferred to write my own the http access log, in order to process it with awstats.
To do this, I changed the footer.php of my wordpress theme adding theese lines after the </html> tag:

<?php wp_footer(); ?>
</body>
</html>
<?php
// kludge to write a sort of access log on a file….
$monthyear = date(“F-Y”);
$remoteip = getenv(‘REMOTE_ADDR’);
$mytimestamp = date(“d/M/Y:G:i:s T”);
$useragent= getenv(“HTTP_USER_AGENT”);
$requri= getenv(“REQUEST_URI”);
$reqmet= getenv(“REQUEST_METHOD”);
$referrer= getenv(“HTTP_REFERER”);
$docroot= getenv(“DOCUMENT_ROOT”);
$logdir= $docroot . “/bloglog”;
$fplog = fopen($logdir .”/accesslog-myblog-”.$monthyear.”.txt”, “a+”);
fprintf ($fplog, “%s – [%s] \”%s %s\” \”%s\” \”%s\” 200\n”,
$remoteip, $mytimestamp,
$reqmet, $requri,
$useragent, $referrer);
fclose ($fplog);
?>

Doing so, a web access to any page of my site will add a log line into the accesslog-myblog-August-2012.txt  file. This file is into a directory named bloglog at the root of the webpages.

Getting this file and putting it on a linux box with awstats installed, it’s easy to generate my web statistics.

 

First I have to create a /etc/awstats/awstats-myblogname.conf telling my LogFile path and my LogFormat

LogFormat = “%host – %time1 %methodurlnoprot %uaquot %refererquot %code”

Then I have to run

 /usr/share/awstats/tools/awstats_updateall.pl now         -configdir=”/etc/awstats”         -awstatsprog=”/usr/share/awstats/wwwroot/cgi-bin/awstats.pl”

in order to read my stats at http://my-awstats-server.local/awstats/awstats.pl?config=myblogname

migrating from Microsoft DHCP to ISC

February 23rd, 2012

I’ve just finished a quick and dirty perl script to help me in moving my DHCP server from a Micro$oft 2003 Server to Linux.

This script reads the dump file created by netsh and writes a dhcpd.conf file.
First step, on the Microsoft DHCP host, dump the configuration:

C:\temp>netsh dhcp server \\servername dump > dhcp.dump

Second step, use the perl script:

perl ./w2ldhcpcfg.txt -i dhcp.dump -o dhcpd.conf

On the net, there is a rexx script too. It can be found here.