Notes « Difficiles Nugae Labs

Archive for the ‘Notes’ Category

NO_PUBKEY error in apt-get update

Wednesday, January 25th, 2012

After editing Your /etc/apt/sources.list file, probably you will get a warning message in the output of the apt-get update command. The warning message will be like this:

W: GPG error: http://ppa.launchpad.net natty Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY E9DDA5AAC586799E

You can remove this message in two step:

root@myhost:~# gpg —-keyserver pgpkeys.mit.edu —-recv-key 2E2BCDBCB38A8516

gpg: requesting key B38A8516 from hkp server pgpkeys.mit.edu

gpg: /root/.gnupg/trustdb.gpg: trustdb created

gpg: key B38A8516: public key “Oracle OSS group (Open Source Software group) ” imported

gpg: Total number processed: 1

gpg: imported: 1

root@myhost:~# gpg -a —-export 2E2BCDBCB38A8516 | sudo apt-key add –

OK

Tags:apt-get, debian
Posted in Notes | No Comments »

winexe to interact from linux to windows hosts

Thursday, November 24th, 2011

With pstools You can run any command from your Windows PC to any other one. A valid command line alternative to pstools for the linux operating system is winexe.

To install winexe un a natty-ubuntu host (maybe it will work on a quite new debian too), You can add theese twho lines to your sources.list file:

deb http://ppa.launchpad.net/jdthood/winexe/ubuntu natty main

deb-src http://ppa.launchpad.net/jdthood/winexe/ubuntu natty main

then

apt-get update && apt-get install winexe

Once installed winexe, you can do useful things like

winexe //myserver1 –user “DOMAIN\\user” “tasklist /FI \”CPUTIME gt 00:00:10\””

or simply

winexe //myserver2 –user “Administrator” cmd

and many others! 🙂

Tags:samba, winexe
Posted in Notes | 1 Comment »

shrew, an alternative to Cisco VPN Client

Tuesday, November 8th, 2011

Recently I had to install an IPsec Remote Access VPN client on a Windows7 64-bit system.

If You are looking for an alternative to the usual Cisco client, in my opinion shrew is a good alternative. You can download the client software for free (obviously donations are welcome).

Yesterday I get the error
“session terminated by the gateway”
and my end-point logged a

“Mismatch: Overriding phase 2 DH Group(DH group 0) with phase 1 group(DH group 2)”

after giving my username/password

I solved this issue setting to “group 2” the Phase 2->PFS exchange value in my settings.

Tags:64-bit, shrew, vpn, windows 7
Posted in Notes | 1 Comment »

DHCP available address value monitored with nagios

Wednesday, September 14th, 2011

I have a DHCP server that sometime has no free IP addresses to assign. What can I do to monitor how many IP are still available?

Well, perl and NSClient++ installed on my Micro$oft DHCP server, I wrote a simple program to execute and parse the command

netsh dhcp server show mibinfo

that gives some output containing the data I need. The source is quite simple: it assume the DHCP server is on a 10.20.x.y network and prints a list of comma separated numbers: the network (30 means 10.20.30.0/24), the assigned address number, the free address number.

#!/bin/perl
# the output will be a list like this:
# (30,74,95) (31,139,7) (32,110,1)

$mystr=””;
@myoutput=`netsh dhcp server show mibinfo`;
foreach $myrow (@myoutput) {
if ( $myrow =~ /Subnet = 10\.20\.(.*)\.0\./ ) {
$mystr = $mystr . “($1,”;
}
if ( $myrow =~ /(.*) Addresses in use = (.*)\./ ) {
$mystr = $mystr . “$2,”;
}
if ( $myrow =~ /(.*) free Addresses = (.*)\./ ) {
$mystr = $mystr . “$2) “;
}
}
print “$mystr”;

Then I needed to add this line to the nsc.ini file, in order to run my perl script remotely

check_dhcp=C:\NSClient++\scripts\check_dhcp.pl

Once restarted the NSClient service, from my nagios server it’s possible to get the result from command line:

$ /usr/lib/nagios/plugins/check_nrpe -H myserverdhcp -c check_dhcp
(31,75,94) (32,144,2) (33,111,0)

A simple bash script plugin can be written to parse the result and getting nagios able to monitor the DHCP free address number value. E.g. this

#!/bin/bash
MYHOST=$1
MYNET=$2
ThresholdWARN=$3
ThresholdCRIT=$4
# Return values
RET_OK=”0″
RET_WARN=”1″
RET_CRIT=”2″
RET_UNKN=”3″

checkdata () {
VAL=`echo $2 | wc | awk ‘{print $2}’`
if [ $VAL -eq 0 ]; then
echo $1 is not set
exit $RET_UNKN
fi
}

# MAIN
checkdata “Remote IP” $MYHOST
checkdata “Network number” $MYNET
checkdata “Threshold WARN” $ThresholdWARN
checkdata “Threshold CRIT” $ThresholdCRIT

MYRETSTRING=`/usr/lib/nagios/plugins/check_nrpe -H $MYHOST -c check_dhcp`
MYFREEADDR=`echo $MYRETSTRING | sed -e “s/.*($MYNET,//” | sed -e “s/).*//” | sed -e “s/.*,//”`
checkdata “IP number” $MYFREEADDR

EXTRAMESSG=”|’DHCPfreeAddr’=$MYFREEADDR$MYNET””;$ThresholdWARN;$ThresholdCRIT”
if [ $MYFREEADDR -lt $ThresholdCRIT ]; then
echo “CRITICAL – Only $MYFREEADDR IP Available for $MYNET network$EXTRAMESSG”
exit $RET_CRIT
fi
if [ $MYFREEADDR -lt $ThresholdWARN ]; then
echo “WARNING – Only $MYFREEADDR IP Available for $MYNET network$EXTRAMESSG”
exit $RET_WARN
fi
echo “OK – $MYFREEADDR IP Available for $MYNET network$EXTRAMESSG”
exit $RET_OK

Then nagios has to be set up with the usual lines in the command configuration file

define command{
command_name check_nt_dhcp
command_line /usr/lib/nagios/plugins/check_nt_dhcp.sh $HOSTADDRESS$ $ARG1$ $ARG2$ $ARG3$

And in the services file:

define service{
use                             generic-service         ; Name of service template to use

host_name                       dhcpserver
service_description             Free IP on 10.20.33.0 network
is_volatile                     0
check_period                    24×7
max_check_attempts              10
normal_check_interval           30
retry_check_interval            30
contact_groups                  admins
notification_interval           240
notification_period             24×7
notification_options            c,r
check_command                   check_nt_dhcp!33!10!5
}

Tags:dhcp, nagios, NSCLient++
Posted in Notes | No Comments »

How to mount a windows share under AIX

Thursday, September 8th, 2011

To mount a windows share from an AIX server it’s needed the CIFS support to be installed.

If Your server /sbin/helpers directory contains a file called mount_cifs no problem

ls -l /sbin/helpers
total 488
-r-xr-xr-x    1 root     system        33198 Jul 13 2010 aufsmnthelp
drwxrwxr-x    2 root     system         4096 Apr 15 2010 jfs2
-r-xr-xr-x    1 root     system        23224 Jul 13 2010 mount_cifs
-r-xr-xr-x    1 root     system        35638 Jul 13 2010 nfsmnthelp
-r-xr-xr-x    1 bin      bin            6268 Dec 18 2009 udfmnthelp
-r-xr-xr-x    1 bin      bin          138292 Dec 18 2009 v3fshelper

Otherwise You need to install it.

Then You can try to mount the Windows share using the mount command, specifying the cifs filesystem, the node name/IP, username, password and so on…

mount -v cifs -n node/username/passw [-o options] /winshare /directory

e.g.

mount -v cifs -n 192.168.1.28/george/HareKrishna \
-o wrkgrp=BEATLES,fmode=755 \
IndiaPics /opt/holidays/meditation/india1967

Tags:aix, samba
Posted in Notes | No Comments »

Nagios monitoring imap active connections

Wednesday, June 15th, 2011

To monitor with nagios the number of imap sessions running on a mail server, I used this way.

First, the command definition

define command {
command_name check_imapd_conn
command_line /usr/lib/nagios/plugins/check_imap_conn $HOSTADDRESS$ $ARG1$
}

Second, the check definition

define service{
use                             generic-service
host_name                       myimapserver
service_description             IMAP Connections
is_volatile                     0
check_period                    24×7
max_check_attempts              3
normal_check_interval           5
retry_check_interval            1
contact_groups                  admins
notification_interval           240
notification_period             24×7
notification_options            c,r
check_command                   check_imapd_conn!public
process_perf_data               1
}

The script is this:

#!/bin/bash

HOSTNAME=$1
COMMUNITY=$2

RET_OK=”0″
RET_WARN=”1″
RET_CRIT=”2″
RET_UNKN=”3″

checkdata () {
VAL=`echo $2 | wc | awk ‘{print $2}’`
if [ $VAL -eq 0 ]; then
echo $1 is not set
exit $RET_UNKN
fi
}

# MAIN
checkdata “HOSTNAME” $HOSTNAME
checkdata “COMMUNITY” $COMMUNITY

STR=`/usr/bin/snmpget -v 2c -c $COMMUNITY $HOSTNAME .1.3.6.1.4.1.2021.8.1.101.5 | sed -e “s/.*STRING: //” | awk ‘{print $1}’`
NCONN=`echo $STR|sed -e “s/of.*//”`

# The Maximum number taken from imap configuration file after the “of” in output string
CRITVAL=`echo $STR|sed -e “s/.*of//”`

# warning at the 85%
WARNVAL=`expr $CRITVAL \* 85 / 100`

PERFSTR=”‘IMAP Connections’=$NCONN;$WARNVAL;$CRITVAL”
if [ “$NCONN” -gt “$CRITVAL” ]; then
echo “ERROR: Too much IMAPD connections ($NCONN) max is $CRITVAL.|”$PERFSTR
exit $RET_CRIT
fi

if [ “$NCONN” -gt “$WARNVAL” ]; then
echo “WARNING: $NCONN IMAP connections (max is $CRITVAL).|”$PERFSTR
exit $RET_WARN
else
echo “$NCONN concurrent IMAP connections (max is $CRITVAL).|”$PERFSTR
exit $RET_OK
fi

on my IMAP server I wrote this simple script:

#!/bin/sh
IMAPSRVIP=10.11.12.13
CONNATT=`sudo netstat -natp|grep $IMAPSRVIP:143|wc -l`
CONNMAX=`grep imap /etc/cyrus.conf|grep -v \#|sed -e “s/.*maxchild=//”|awk ‘{print $1}’`

RETVAL=”$CONNATT”of”$CONNMAX”
echo $RETVAL

the script full path is in the server snmpd.conf

# Arbitrary extension commands
exec IMAPConn /bin/sh /usr/local/snmpd-scripts/cnt_imap.sh

The sudo for netstat command in the script is needed to avoid an output line this

(No info could be read for “-p”: geteuid()=2002 but you should be root.)

Off corse, to make the sudo works as expected it’s needed to add a line like

snmp ALL=NOPASSWD: /bin/netstat

in sudo configuration.

Tags:imap, nagios, SNMP
Posted in Notes | No Comments »

a nagios plugin to monitor clamav status

Tuesday, April 12th, 2011

To monitor if a clam-av program on my mailserver is up to date, I set up the following trick.

first: I redirected on a file the freshclam output:

# 6 hours period virus definition update
7 1,7,13,19 * * * /usr/local/bin/freshclam > /var/log/clamav/freshcron.latest 2>&1

In case of out of date version, my file should looks like

# cat /var/log/clamav/freshcron.latest
ClamAV update process started at Wed Feb 9 07:07:01 2011
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.96.5 Recommended version: 0.97
DON’T PANIC! Read http://www.clamav.net/support/faq
Connecting via …… etc.

otherwise no line starting with the word worning in uppercase or the string recommended is present.
Second step: a script called by SNMP has set on my mailserver by adding the following line to /etc/snmp/snmpd.conf:

exec ClamVrfy /bin/sh /usr/lib/nagios/plugins/clamd_check.sh

the script source is

#!/bin/sh
PROCRUNNING=`ps -C clamd | wc -l`
VERSIONUPD=`grep Recommended /var/log/clamav/freshcron.latest`
echo $PROCRUNNING \”$VERSIONUPD\”

Third step: congiguration of my nagios setup adding

define command {
command_name check_update_clamd
command_line /usr/lib/nagios/plugins/check_clam_update $HOSTADDRESS$ $ARG1$ $ARG2$ $ARG3$
}

to command definitions, and

define service{
use                             generic-service

host_name                       mymailserver
service_description             CLAM-AV DEFS UPDATE
is_volatile                     0
check_period                    24×7
max_check_attempts              3
normal_check_interval           5
retry_check_interval            1
contact_groups                  admins
notification_interval           240
notification_period             24×7
notification_options            c,r
check_command                   check_update_clamd!public!2!5
process_perf_data               1
}

to services.
My plugin script is:

# cat /usr/lib/nagios/plugins/check_clam_update
#!/bin/bash

# Input parameters
HOSTNAME=$1
COMMUNITY=$2
MYVALWARN=$3
MYVALCRIT=$4

# Return Values
RET_OK=”0″
RET_WARN=”1″
RET_CRIT=”2″
RET_UNKN=”3″

checkdata () {
VAL=`echo $2 | wc | awk ‘{print $2}’`
if [ $VAL -eq 0 ]; then
echo $1 is not set
exit $RET_UNKN
fi
}

# MAIN
checkdata “HOSTNAME” $HOSTNAME
checkdata “COMMUNITY” $COMMUNITY

STR=`/usr/bin/snmpget -v 2c -c $COMMUNITY $HOSTNAME .1.3.6.1.4.1.2021.8.1.101.3 | sed -e “s/.*STRING: //”`

if [ “$STR” -ge “$MYVALCRIT” ]; then
echo “Clamd Antivirus Definition DB is Out of Date”
exit $RET_CRIT
else
if [ “$STR” -ge “$MYVALWARN” ]; then
echo “Clamd Antivirus Definition DB is Quite Old”
exit $RET_WARN
else
echo “Clamd Antivirus Definition DB is Up to Date”
exit $RET_OK
fi
fi

Tags:clamav, nagios
Posted in Notes | No Comments »

I can’t live without vi

Friday, March 25th, 2011

I really like the vi editor.
Today, after installing a new debian linux host, I issued the visudo command to set up some user permission, but I found the usual dreadful surprise: the default editor was “nano”.
Oh dear! Fastly I went out taping ^X and then I wrote my beloved

export EDITOR=vi

to set “correctly” the environment variable before running again visudo

Tags:environment, vi
Posted in Notes | No Comments »

Difficiles Nugae Labs

Archive for the ‘Notes’ Category

NO_PUBKEY error in apt-get update

winexe to interact from linux to windows hosts

shrew, an alternative to Cisco VPN Client

DHCP available address value monitored with nagios

How to mount a windows share under AIX

Nagios monitoring imap active connections

a nagios plugin to monitor clamav status

I can’t live without vi

Pages

Categories

Blogroll

Archive for the ‘Notes’ Category

Pages

Categories

Blogroll

talking about