BigSmoke

Smokes your problems, coughs fresh air.

Author: halfgaar (Page 14 of 26)

Halfgaar is Wiebe. Wiebe is a contributing author on this weblog. He also has a lot of stuff (such as long, in-depth articles) on his personal website.

Wiebe's day job is as a senior software developer and system administrator at YTEC.

In his free time, he built the free, open-source FlashMQ software. Together with Jeroen and Rowan, he is now building a managed MQTT hosting business around his open masterpiece.

Making mysqldump work on a zimbra installation

October 8, 2010 /

Zimbra installs its own mysql and there is no workable mysqldump command. There is a mysql command wrapper script (/opt/zimbra/bin/mysql) that loads an environment to set password and such, but there is no such thing for mysqldump. I copied that wrapper script to /usr/local/bin/mysqldump so that user zimbra can no run mysqldump. This is it: 

#!/bin/bash
# I, halfgaar, copied this script from /opt/zimbra/bin/mysql and adjusted to so that I can do mysqldump.
 
source /opt/zimbra/bin/zmshutil || exit 1
zmsetvars mysql_directory mysql_socket zimbra_mysql_user zimbra_mysql_password
 
exec ${mysql_directory}/bin/mysqldump -S ${mysql_socket} \
    -u ${zimbra_mysql_user} --password=${zimbra_mysql_password} "$@"

Malware in PDFCreator

October 5, 2010 /

On one of our computers, some websites behaved very weird; pages could not be found and they were redirected to mybrowserbar.com. I found this on Wikipedia about PDFCreator:

Starting with version 0.9.7 (February 2009), PDFCreator has included a new toolbar application that is considered by many to be malicious software. The end-user-license agreement for Pdfforge Toolbar by Spigot, Inc. (versions prior to 0.9.7 have a different, optional toolbar called “PDFCreator Toolbar”), states that the software will: modify your Microsoft Internet Explorer and/or Mozilla Firefox browser settings for the default search engine, address bar search, “DNS error” page, “404 error” page, and new tab page to facilitate more informative responses as determined by The Toolbar.

The opt out procedure is difficult, but possible:

The opt-out procedure during installation is confusing. There are two separate screens where the user must take action if they do not wish to install the toolbar, one of which is not clearly labeled. This confusing process leads many users to believe they have opted-out of the installation when they have not. Some users erroneously report that it is not possible to opt-out of the toolbar installation, which is not true. If one reads the instructions carefully and follows them, it IS possible to install PDFCreator without also installing the unwanted toolbar, even if the process is confusing.

I may want to consider another PDF printer.

Checking 3ware raid controllers over ssh with nagios

October 4, 2010 /

First check this to see how you enable a host to be checked with nagios over SSH.

Create a command in /etc/nagios3/commands.cfg: 

# This command needs this in /etc/sudoers on the target:
# nagios ALL = NOPASSWD: /usr/local/sbin/check_3ware.sh
define command {
       command_name     check_3ware
       command_line     /usr/lib/nagios/plugins/check_by_ssh -H $HOSTADDRESS$ -i /etc/nagios3/id_rsa -l nagios -t 25 -C 'sudo check_3ware.sh'
}

Run visudo and add this line: 

nagios ALL = NOPASSWD: /usr/local/sbin/check_3ware.sh

Then install the script from here. Last time I did that I needed to fix bugs in it, so beware. I submitted a patch, which will be accepted I guess.

Then go download the tw_cli tool.

Then create a hostgroup for your 3ware hosts: 

define hostgroup {
        hostgroup_name  3ware-machines
        alias           3Ware machines
        members         boxen
}

Then a service: 

define service {
        hostgroup_name                  3ware-machines
        service_description             3Ware status
        check_command                   check_3ware
        use                             generic-service
        notification_interval           0
}

That should be it.

Configuring nagios checks over SSH

October 4, 2010 /

I had to do a lot of fiddling before I got nagios over ssh working. I used this article as source, mostly, even though I did it differently.

First add some commands to commands.cfg: 

define command{
        command_name    check_remote_disk
        command_line    /usr/lib/nagios/plugins/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -i /etc/nagios3/id_rsa -H $HOSTADDRESS$ -C '/usr/lib/nagios/plugins/check_disk -w $ARG2$ -c $ARG3$ -p $ARG4$'
}
 
define command{
        command_name    check_remote_load
        command_line    /usr/lib/nagios/plugins/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -i /etc/nagios3/id_rsa -H $HOSTADDRESS$ -C '/usr/lib/nagios/plugins/check_load -w $ARG2$ -c $ARG3$'
}
 
define command{
        command_name    check_remote_swap
        command_line    /usr/lib/nagios/plugins/check_by_ssh -p $ARG1$ -l nagios -t 30 -o StrictHostKeyChecking=no -i /etc/nagios3/id_rsa -H $HOSTADDRESS$ -C '/usr/lib/nagios/plugins/check_swap -w $ARG2$ -c $ARG3$'
}

The file referenced by -i is an SSH secret key. You can create this key by running ssh-keygen and giving the right path. You can’t store anything in the nagios home dir, because that is in /var/run, which is cleared after a reboot. So, you can’t use the default key file.

The -t 30 is necessary because sometimes there is network lag, causing the service to be reported as failure. The default of 10 is not enough…

Next you need to create a user nagios on the target machine and add the .pub file of the key to the authorized_keys. Creating the user should be done like: 

useradd --system --shell /bin/bash nagios

Then install the nagios plugins on the target host: 

aptitude -P install nagios-plugins-basic

The nagios host needs to be able to log in with user nagios. On Debian, the user that runs nagios (also called ‘nagios’) doesn’t have a shell by default. So, give it a shell.

Then you can create a hostgroup (for example). You can do: 

define hostgroup {
        hostgroup_name  nagios-enabled
        alias           Nagios enabled
        members         host1, host2
}

Then create services: 

define service {
        hostgroup_name                  nagios-enabled
        service_description             Root partition space
        check_command                   check_remote_disk!22!20%!10%!/
        use                             generic-service
        notification_interval           0
}
 
define service {
        hostgroup_name                  nagios-enabled
        service_description             Swap space
        check_command                   check_remote_swap!22!50%!30%
        use                             generic-service
        notification_interval           0
}
 
define service {
        hostgroup_name                  nagios-enabled
        service_description             Load
        check_command                   check_remote_load!22!5.0,4.0,3.0!10.0,6.0,4.0
        use                             generic-service
        notification_interval           0
}

This will check load, swap and root space on all your standard nagios enabled hosts. Next you can define custom services: 

define service {
        host_name                       piet
        service_description             Some partition
        check_command                   check_remote_disk!22!40%!30%!/mnt/dinklefat
        use                             generic-service
        notification_interval           0
}

Apache rewrite rule to rewrite to sub dir

September 27, 2010 /

One one particular site, I wanted to rewrite all requests to a sub dir. It took me over an hour, because of some obscure problem I haven’t been able to identify. 

# The main site located in the /site dir. The .* after the ^ is weird, but without it, it wouldn't work.
RewriteCond %{REQUEST_URI} !^.*/site/.*
RewriteRule ^(.*)$ site$1 [L,R=permanent]

My guess is it has to do with: 

AddHandler php-cgi-script .php
Action php-cgi-script /php5/php5-cgi
« Older posts Newer posts »

© 2024 BigSmoke

Theme by Anders NorenUp ↑