IT Knowledge

Archive for the ‘Linux things’ Category

Well the Gentoo DEV team messed up the current world build, i’ve just upgraded the first of 8 servers to the new “CURRENT” version and i’ve already walked into a world of hurt that should never have been necessary.

- syslog-ng updated to 3.0

the config is not backwards compatible so you need to rewrite the whole thing. Now that’s ok, it happens, but the default config supplied by the gentoo team also does not work. They made an error in the init.d file causing the config to always fail the checkconfig statement (just add the -f flag). And for some reason the syslog filter doesn’t exist/work anymore, causing my beautifull scriptings that use that log to fail on me

- open-vm-tools updated to 0.0.20091015.201664

the .la files in /etc/vmware-tools/plugins/common get installed causing vmtoolsd to never start, remove them and it works fine. Furthermore you now need open-vm-tools-kmod and don’t forget to add the modules to the /etc/ modules.autoload.d/kernel.2.x file or you’ll have very poor VMWare performance.

- /bin/setfont moved in the config file, but the file self didn’t move
- /bin/loadkeys moved in the config file, but the file self didn’t move

all in all a very bad world upgrade. Hope they start taking a better look at these things. The gentoo install base isn’t extremely wide like a debian, ubuntu or redhat. But this will give their user unnecessary headaches and make the consider to switch to another distro…

I’ll wait with the other servers until they fixed this stuff…

Now i know there are many solutions to fight against ssh dictionary attacks. I’m adding a null-routing solution to the options. This script searches /var/log/syslog (or any other logfile you specify) for specific keywords (you specify) and then adds the IP to the null route list. Enjoy

*UPDATE* i fixed a bug in the script where the date was one number causing the cut field to get “from” instead of the IP.

#!/bin/bash

# Define variables
WORKDATE=`date | cut -f 2,3 -d ” “`
WORKDAY=`date | cut -f 3 -d ” “`
LOGFILE=/var/log/syslog
TMPFILE=/tmp/ssh_attempts
IPFILE=/etc/nullroute
CMD=/sbin/route
MASK=255.255.255.255
DFGW=127.0.0.1

# Search attempts
if [ -z $WORKDAY ];
then
cat $LOGFILE | grep “$WORKDATE” | grep sshd | grep Invalid | cut -f 11 -d ” ” > $TMPFILE
else
cat $LOGFILE | grep “$WORKDATE” | grep sshd | grep Invalid | cut -f 10 -d ” ” > $TMPFILE
fi

# Add to nullroutes
for IP in `cat $IPFILE`;
do
if [ -z "`cat $TMPFILE | grep $IP`" ];
then
echo $IP >> $TMPFILE
fi
done
uniq < $TMPFILE > $IPFILE

# Add nullroutes to table
for ROUTE in `cat $IPFILE`;
do
if [ -z "`$CMD -n | grep $ROUTE`" ];
then
echo “adding $ROUTE to null routes…”
$CMD add -host $ROUTE gw $DFGW
fi
done

Frederik Vos wrote a nice article on how to install open-vm-tools in ubuntu 9.04

This is a very decent article, however, i prefer not to install X on a server that does not need it, so i rewrote the install part of his manual to remove X from the installation :

aptitude install linux-headers-`uname -r` wget g++ make libglib2.0-dev libfuse-dev libdumbnet-dev libicu-dev

wget “http://downloads.sourceforge.net/project/open-vm-tools/open-vm-tools/2009.07.22/open-vm-tools-2009.07.22-179896.tar.gz”
tar xzvf open-vm-tools-2009.07.22-179896.tar.gz
cd open-vm-tools-2009.07.22-179896

./configure –without-pam –without-x
make
sudo make install

Now create the logon scripts and get running…

cd /etc/modprobe.d/
sudo wget www.l4l.be/download/vmxnet.conf
cd /etc/init.d/
sudo wget www.l4l.be/download/open-vm-tools
sudo chmod +x open-vm-tools
sudo ./open-vm-tools start
sudo update-rc.d open-vm-tools defaults

But then again, in Jaunty the open-vm-tools where properly fixed so you shouldn’t need this anymore

I needed something to simply monitor the availability of my servers without causing much CPU load since it would be running on my DNS-313 which has only a 125Mhz ARM CPU and about 16MB’s of ram. 

I wrote the following script. Just fill in your content, change the e-mail addy, crontab it to run every 10 minutes with the monitor parameter and you’r all set to have your servers monitored.

enjoy

#!/bin/bash

# Variables
KEYWORD=open
NC_CMD=”/bin/nc -zvw 5″
GREP_CMD=”/bin/grep -v”
MAILX_CMD=”/usr/bin/mailx”
SCANLOG=/tmp/svrscan.log
ALARMLOG=/tmp/alarm.log
NOTIFY=my\@mail.com

case $1 in

server1)
        echo
        echo “scanning server1.my.domain…”
        $NC_CMD server1.my.domain 22
        $NC_CMD server1.my.domain 80
        $NC_CMD server1.my.domain 903
        ;;
server2)
        echo
        echo “scanning server2.my.domain…”
        $NC_CMD server2.my.domain 22
        $NC_CMD server2.my.domain 25
        $NC_CMD server2.my.domain 110
        $NC_CMD server2.my.domain 143
        $NC_CMD server2.my.domain 993
        $NC_CMD server2.my.domain 995
        $NC_CMD server2.my.domain 3306
        ;;
server3)
        echo
        echo “scanning server3.my.domain…”
        $NC_CMD server3.my.domain 21
        $NC_CMD server3.my.domain 80
        ;;
all)
        $0 server1
        $0 server2
        $0 server3
        ;;
monitor)
        $0 all 2> $SCANLOG
        $GREP_CMD $KEYWORD $SCANLOG > $ALARMLOG
        exec 3< $ALARMLOG
        while read <&3
        do
                echo $REPLY > /tmp/notify.$$
                $MAILX_CMD -s “$REPLY” $NOTIFY < /tmp/notify.$$
                rm /tmp/notify.$$
        done
        exec 3>&-
        rm $SCANLOG
        rm $ALARMLOG
        ;;
*)
        echo “Usage $0 (<servername> / all / monitor)”
        ;;
esac