Random and Useless Thoughts on Everything
Posts tagged Linux
My ghetto dyndns client for powerdns
0I found an excuse to play around with powerdns, I am using it as a shadow master for slashzero.com. Getting it to work as a master to my easydns slave was easy enough, so I was about to call it a day when I realized that my dyndns client for my home ip wouldn’t work anymore. After looking around and reading that there wasn’t a good way to do dynamic dns updates other than the pdns pipe backend, and not thinking I could mix and match the pipe backend with the bind backend for the same domain, I hacked the following together.
On my home linux box:
#!/bin/bash MYIP=$(dig +short myip.opendns.com @resolver1.opendns.com) ssh user@www.example.com "echo $MYIP > /tmp/dynhost.ip"
And on the server:
#!/usr/bin/perl
use strict;
my $date=`date +%s`;
my $oldip=`dig +short dynhost.example.com`;
my $newip=`cat /tmp/dynhost.ip`;
chomp $date;
if ( $oldip != $newip) {
my @template=`cat /etc/bind/pri/zone.template`;
open (ZONEFILE, '>/etc/bind/pri/example.com.zone') or die "Couldn't open file for write";
foreach my $line (@template) {
$line =~ s/SERIAL/$date/g;
$line =~ s/NEWIP/$newip/g;
print ZONEFILE $line or die;
}
close (ZONEFILE);
}
You’ll have to setup a template zone file to run the regex against.
Now there are probably better ways to do it but thats what I came up with quickly. Of course you need ssh keys setup, and configure pdns to rescan the zone file every once in a while. Now I’ll add these to cron and see if it actually works.
Shell session logging
2pam_tty_audit.so
How come no one ever told me about this! A while ago we were tasked to find a way to log all commands executed by root. I know bash_history is easily manipulated so I spent some time on google trying to find a logging shell, then got distracted by something shiny and forgot all about this task. Turns out the linux auditing system has a built-in tty logging accounting module that will log all tty sessions! Just add this to your pam stack (/etc/pam.d/system-auth on redhat and clones):
session required pam_tty_audit.so disable=* enable=root
Then run a few commands as root, and the aureport command will become your friend:
audit]# aureport --tty -ts today
TTY Report =============================================== # date time event auid term sess comm data =============================================== 1. 11/22/2009 00:07:52 132278 1040 ? 4294962295 bash "hello world",<ret>
UPDATE:
You need a newer version of the audit rpm package, tty info will be collected but aureport does not know how to display them.
https://bugzilla.redhat.com/show_bug.cgi?id=497518
Linux commands I can’t live without: screen
0I don’t immagine that Screen needs a big introduction. For those that don’t know, screen is a window-manager. One might ask I use XTerm or Konsole or Terminal in gnome, what do I use this for??? Well one of the big features of screen is that you can detach you session from you current console, go to a different computer, and reconnect to the same screen session. You can start a command process at work, drive home, and reconnect to the still running window.
To start a new screen session just type “screen”. You will see a welcome screen, just start typing away as if you are in a regular terminal session. Need a new window? “CTRL-A c” will create one. “CTRL-A p” goes to your previous screen, “CTRL-A n” goes to your next screen. When you get to the last screen it just goest back to the first one.
So now you are ready to detach, “CTRL-d” detaches. When you want to reconnect, I usually do a “screen -dr”, the d will detach the screen session if I had forgotten to before exiting then connect.
One feature I use a lot, especially when working with network gear, is the screenloging. I connect to my router, type “CTRL-A H” to create a logfile, anything on the screen after that will get logged to the screenlog file. Then if I do a “show run” my router config is saved incase I mess things up.
One final usage of screen that I empoy is as a serial interface, I connect my routers via serial to my linux laptop, then fire up screen like this “screen 9600 /dev/ttyS0″ and voila. Buy a bunch of usb serial dongles and build your own Serial Console server this way. Turn on screenlogging and you can capture router error messages ghetto style.
