Custom snmpd extension for port checking

As weird as it sounds, recently I had a task to accomplish port checks without access to the LAN on which daemons listen for connections. Speaking of a monitoring solution, the obvious choice was SNMP, which is the most widespread means of getting health information from network-attached devices, anyway. We perform an “indirect” port check, meaning that it’s sufficient for us to know that a process is listening on a given port without trying to communicate with it. Continue reading “Custom snmpd extension for port checking”

Advertisements

Starting and keep running reboot persistent autossh on unix-like systems without root rights

Basic scenario

There are systems:

  • – which can’t be accessed from the public internet. E.g. behind ipv4 NAT and DMZ isn’t an option.
  • – which shouldn’t be access directly from the public internet. So firewal or other access control not suitable.

Solution

I wrote a simple shell script securing continuous running of autossh on unix-like systems.
The script is started by cron in every minutes, so no root rights is required. Allowed cron is necessary for your local user. I didn’t used @reboot because this crontab directive isn’t implemented on many Unix systems.
Autossh secures monitored ssh connection which opens a reversed ssh tunnel. If the connection losts it will be restarted by autossh.

The sshd is listening on the 22022 local port ot the host “sage”. So the my systems can be accessed only via local account of server “sage” which can be accessed from everywhere on the net.

The script

#!/bin/bash
#set -x

HOST=”sage”

AUTOSSH_PATH=”/usr/bin/ssh”
export AUTOSSH_PATH

AUTOSSH_PIDFILE=”/home/miam/bin/autossh.pid”
export AUTOSSH_PIDFILE

PIDFILE=”$AUTOSSH_PIDFILE”
AUTOSSH_CMD=”/usr/bin/autossh”

call_autossh ()
{
“$AUTOSSH_CMD” -M 22023 -N -R 22022:localhost:22 -f “$HOST”
}

self_check ()
{
if [ -f “$PIDFILE” ]; then
PID=`cat “$PIDFILE”`
kill -0 $PID
if [ $? -eq 1 ]; then
return 1
else
return 0
fi
else
return 1
fi
}

self_check
if [ $? -eq 1 ]; then
call_autossh
fi

The crontab entry

* * * * * /home/miam/bin/autossh.sh >> /home/miam/bin/autossh.log 2>&1

The repo

The code can be cloned from github:
https://github.com/miam/keeprun/tree/v0.1

Installing nginx web server with php fpm and mysql on CentOS 6

In this article you will find a way to install NGINX web server and add php supporting.
PHP from version 5.3 got php-fpm included so now it’s relatively easy to get it work with nginx without additional scripting.

Continue reading “Installing nginx web server with php fpm and mysql on CentOS 6”

Rubygems PG missing error in debian squeeze

During the weekend while installing Redmine I had a big error with gems, it was missing Postgre libs and headers. I was thinking about excluding it from its gem files, but decided to solve the problem and let it have the header files needed for bundle install:
Continue reading “Rubygems PG missing error in debian squeeze”

Ruby Rmagick error in debian squeeze

One of the other errors I see frequently during ruby install is:

An error occured while installing rmagick (2.13.1), and Bundler cannot continue.
Make sure that `gem install rmagick -v '2.13.1'` succeeds before bundling.

The issue can be solved easily.

apt-get install libmagick++-dev libmagickcore-dev libmagickwand-dev

It will install alot of dependent packages, but all required headers will be present. In my opinion magick is a little to resource heavy, and should be a little less hungry.

Mailman permission errors

During a fresh install of mailman on Debian squeeze, there are some unresolved errors from check_perms which -f doesnt solve:

root@mail:# check_perms -f

/var/lib/mailman/icons bad group (has: root, expected list) (fixing)
 /var/lib/mailman/bin bad group (has: root, expected list) (fixing)
 /var/lib/mailman/scripts bad group (has: root, expected list) (fixing)
 /var/lib/mailman/logs bad group (has: root, expected list) (fixing)
 /var/lib/mailman/locks bad group (has: root, expected list) (fixing)
 /var/lib/mailman/cron bad group (has: root, expected list) (fixing)
 /var/lib/mailman/templates bad group (has: root, expected list) (fixing)
 /var/lib/mailman/cgi-bin bad group (has: root, expected list) (fixing)
 /var/lib/mailman/mail bad group (has: root, expected list) (fixing)
 /var/lib/mailman/Mailman bad group (has: root, expected list) (fixing)
 Problems found: 10

Re-run as list (or root) with -f flag to fix

Reruning the command gives same output and doesnt solve the problem. The problem is that these files are symlinks to folders, which need an extra argument to solve the problem:

root@mail:# chgrp -h list /var/lib/mailman/*

Afterwards the check_perms is run without error:

root@mail:# check_perms -f
No problems found