Linux

My ghetto dyndns client for powerdns

0
363 days
by in Linux

I found an excuse to play around with powerdns, I am using it as a shadow master for slashzero.com. Getting it to work as a master to my easydns slave was easy enough, so I was about to call it a day when I realized that my dyndns client for my home ip wouldn’t work anymore. After looking around and reading that there wasn’t a good way to do dynamic dns updates other than the pdns pipe backend, and not thinking I could mix and match the pipe backend with the bind backend for the same domain, I hacked the following together.

On my home linux box:

#!/bin/bash

MYIP=$(dig +short myip.opendns.com @resolver1.opendns.com)

ssh user@www.example.com "echo $MYIP > /tmp/dynhost.ip"

And on the server:

#!/usr/bin/perl

use strict;

my $date=`date +%s`;

my $oldip=`dig +short dynhost.example.com`;
my $newip=`cat /tmp/dynhost.ip`;

chomp $date;

if ( $oldip != $newip) {
        my @template=`cat /etc/bind/pri/zone.template`;
        open (ZONEFILE, '>/etc/bind/pri/example.com.zone') or die "Couldn't open file for write";
        foreach my $line (@template) {
                $line =~ s/SERIAL/$date/g;
                $line =~ s/NEWIP/$newip/g;
                print ZONEFILE $line or die;
        }
        close (ZONEFILE);
}

You’ll have to setup a template zone file to run the regex against.

Now there are probably better ways to do it but thats what I came up with quickly. Of course you need ssh keys setup, and configure pdns to rescan the zone file every once in a while. Now I’ll add these to cron and see if it actually works.

Share

IPv6 experimentation

0
364 days
by in I like stories, Linux

This amazing, content-filled, juggernaut of a website should now be available over IPv6. I can’t actually test it since I don’t have my ipv6 tunnel setup at home anymore, but I trust it works. As a person who does this crap for a living I must admit that ipv6 address are quite ugly to look at. I think thats part of the reason for the slow adoption. My brain almost melted when I looked at the format for the reverse zone files for ipv6 addy’s in bind.

Dhcp6? Router autodiscovery? 6to4?? bleh, I think the world will move back to appletalk before adopting this new setup.

Share

Shell session logging

2
808 days
by in Linux

pam_tty_audit.so

How come no one ever told me about this!  A while ago we were tasked to find a way to log all commands executed by root.  I know bash_history is easily manipulated so I spent some time on google trying to find a logging shell, then got distracted by something shiny and forgot all about this task.  Turns out the linux auditing system has a built-in tty logging accounting module that will log all tty sessions!  Just add this to your pam stack (/etc/pam.d/system-auth on redhat and clones):

session required pam_tty_audit.so disable=* enable=root

Then run a few commands as root, and the aureport command will become your friend:

audit]# aureport --tty -ts today
TTY Report
===============================================
# date time event auid term sess comm data
===============================================
1. 11/22/2009 00:07:52 132278 1040 ? 4294962295 bash "hello world",<ret>

UPDATE:

You need a newer version of the audit rpm package, tty info will be collected but aureport does not know how to display them.

https://bugzilla.redhat.com/show_bug.cgi?id=497518

Share

Linux commands I can’t live without: screen

0
1270 days
by in Linux

I don’t immagine that Screen needs a big introduction.  For those that don’t know, screen is a window-manager.  One might ask I use XTerm or Konsole or Terminal in gnome, what do I use this for???  Well one of the big features of screen is that you can detach you session from you current console, go to a different computer, and reconnect to the same screen session.   You can start a command process at work, drive home, and reconnect to the still running window.

To start a new screen session just type “screen”. You will see a welcome screen, just start typing away as if you are in a regular terminal session. Need a new window? “CTRL-A c” will create one. “CTRL-A p” goes to your previous screen, “CTRL-A n” goes to your next screen.  When you get to the last screen it just goest back to the first one.

So now you are ready to detach, “CTRL-d” detaches.  When you want to reconnect, I usually do a “screen -dr”, the d will detach the screen session if I had forgotten to before exiting then connect.

One feature I use a lot, especially when working with network gear, is the screenloging.  I connect to my router, type “CTRL-A H” to create a logfile, anything on the screen after that will get logged to the screenlog file.  Then if I do a “show run” my router config is saved incase I mess things up.

One final usage of screen that I empoy is as a serial interface, I connect my routers via serial to my linux laptop, then fire up screen like this “screen 9600 /dev/ttyS0″ and voila.  Buy a bunch of usb serial dongles and build your own Serial Console server this way.  Turn on screenlogging and you can capture router error messages ghetto style.

Share

ESXi… EPIC FAIL!!!

0
1273 days
by in Linux, VMWare

“This product has expired, Be sure that your host machine’s date and time are set correctly.”

Way to go, I had to set the clock back to last week on my ESXi console. There goes my VMWare consolidation proposal at work.

I wouldn’t want to be the poor developer that forgot to take out the “if date = august 12 2008 then fail” line of code.

Share

Yet another useful Linux Command

0
1284 days
by in Linux

Ever had to run a command on 30 servers at once and are too lazy to write a for loop at the command prompt?  Try Cluster SSH.  What this tool does is open up an xterm to each server specified on the command line and sends what you type to all screens.  It can be a lifesaver sometimes, even if it is no replacement to Cfengine or Puppet or another configuration management solution.

Share

Linux commands I never knew existed: Pipe Viewer

14
1289 days
by in Linux

I have been using linux since about 1995, and it still surprises me how creative the people who contribute code and work on projects are.   The other day I had to image a bunch of machines, they all needed to be 100% identical, so I figured I would just use “dd” and send to output over to each slave machine using netcat.  For anyone who has ever done this before, it can be a bit hard to figure out how fast data is being sent over to the system being imaged.  This is where Pipe Viewer came in handy. Quite simply this app reports the bitrate that the data is sent over a unix pipe. Brilliant.

It is not installed by default in debian, so the following will install the app.


user@slashzero-desktop:~$ sudo aptitude install pv

Once installed, passing the “–help” parameter will list the basic options.


user@slashzero-desktop:~$ pv --help
Usage: pv [OPTION] [FILE]...
Concatenate FILE(s), or standard input, to standard output,
with monitoring.
-p, --progress show progress bar
-t, --timer show elapsed time
-e, --eta show estimated time of arrival (completion)
-r, --rate show data transfer rate counter
-b, --bytes show number of bytes transferred
-f, --force output even if standard error is not a terminal
-n, --numeric output percentages, not visual information
-q, --quiet do not output any transfer information at all
-c, --cursor use cursor positioning escape sequences
-W, --wait display nothing until first byte transferred
-s, --size SIZE set estimated data size to SIZE bytes
-l, --line-mode count lines instead of bytes
-i, --interval SEC update every SEC seconds
-w, --width WIDTH assume terminal is WIDTH characters wide
-H, --height HEIGHT assume terminal is HEIGHT rows high
-N, --name NAME prefix visual information with NAME
-L, --rate-limit RATE limit transfer to RATE bytes per second
-B, --buffer-size BYTES use a buffer size of BYTES
-R, --remote PID update settings of process PID
-h, --help show this help and exit
-V, --version show version information and exit
Please report any bugs to Andrew Wood .

And here is a quick example, this command tar’s up a directory and send the output to gzip, showing a rate of 223MB/s:


user@slashzero-desktop:/home$ tar zcf - user | pv /bin/gzip > /tmp/backup.tar.gz
59.7kB 0:00:00 [ 223MB/s] [===========================================>] 100%

Incredibly useful stuff.

Share

You learn something new everyday

0
1292 days
by in Linux

I recently was in a situation where I wanted to copy a file from one server to another.  The problem was that these two servers could not directly connect to each other, the one server that could talk to both endpoints did not have enough diskspace, and the only port open was ssh.  A collegue dropped a bit of knowledge on me.  Both endpoints of an scp command can be remote.  Who knew so this command from server B:

serverB:/ scp user@serverA:/file user@serverC:/file

Actually works.  I love linux. It’s awesome

Share
Go to Top