Custom snmpd extension for port checking

As weird as it sounds, recently I had a task to accomplish port checks without access to the LAN on which daemons listen for connections. Speaking of a monitoring solution, the obvious choice was SNMP, which is the most widespread means of getting health information from network-attached devices, anyway. We perform an “indirect” port check, meaning that it’s sufficient for us to know that a process is listening on a given port without trying to communicate with it. Continue reading “Custom snmpd extension for port checking”

Advertisements

Starting and keep running reboot persistent autossh on unix-like systems without root rights

Basic scenario

There are systems:

  • – which can’t be accessed from the public internet. E.g. behind ipv4 NAT and DMZ isn’t an option.
  • – which shouldn’t be access directly from the public internet. So firewal or other access control not suitable.

Solution

I wrote a simple shell script securing continuous running of autossh on unix-like systems.
The script is started by cron in every minutes, so no root rights is required. Allowed cron is necessary for your local user. I didn’t used @reboot because this crontab directive isn’t implemented on many Unix systems.
Autossh secures monitored ssh connection which opens a reversed ssh tunnel. If the connection losts it will be restarted by autossh.

The sshd is listening on the 22022 local port ot the host “sage”. So the my systems can be accessed only via local account of server “sage” which can be accessed from everywhere on the net.

The script

#!/bin/bash
#set -x

HOST=”sage”

AUTOSSH_PATH=”/usr/bin/ssh”
export AUTOSSH_PATH

AUTOSSH_PIDFILE=”/home/miam/bin/autossh.pid”
export AUTOSSH_PIDFILE

PIDFILE=”$AUTOSSH_PIDFILE”
AUTOSSH_CMD=”/usr/bin/autossh”

call_autossh ()
{
“$AUTOSSH_CMD” -M 22023 -N -R 22022:localhost:22 -f “$HOST”
}

self_check ()
{
if [ -f “$PIDFILE” ]; then
PID=`cat “$PIDFILE”`
kill -0 $PID
if [ $? -eq 1 ]; then
return 1
else
return 0
fi
else
return 1
fi
}

self_check
if [ $? -eq 1 ]; then
call_autossh
fi

The crontab entry

* * * * * /home/miam/bin/autossh.sh >> /home/miam/bin/autossh.log 2>&1

The repo

The code can be cloned from github:
https://github.com/miam/keeprun/tree/v0.1

Mailman permission errors

During a fresh install of mailman on Debian squeeze, there are some unresolved errors from check_perms which -f doesnt solve:

root@mail:# check_perms -f

/var/lib/mailman/icons bad group (has: root, expected list) (fixing)
 /var/lib/mailman/bin bad group (has: root, expected list) (fixing)
 /var/lib/mailman/scripts bad group (has: root, expected list) (fixing)
 /var/lib/mailman/logs bad group (has: root, expected list) (fixing)
 /var/lib/mailman/locks bad group (has: root, expected list) (fixing)
 /var/lib/mailman/cron bad group (has: root, expected list) (fixing)
 /var/lib/mailman/templates bad group (has: root, expected list) (fixing)
 /var/lib/mailman/cgi-bin bad group (has: root, expected list) (fixing)
 /var/lib/mailman/mail bad group (has: root, expected list) (fixing)
 /var/lib/mailman/Mailman bad group (has: root, expected list) (fixing)
 Problems found: 10

Re-run as list (or root) with -f flag to fix

Reruning the command gives same output and doesnt solve the problem. The problem is that these files are symlinks to folders, which need an extra argument to solve the problem:

root@mail:# chgrp -h list /var/lib/mailman/*

Afterwards the check_perms is run without error:

root@mail:# check_perms -f
No problems found

Using workflow management system for some sysadmin tasks

Processes in large environments

In large production environments practically everything must be controlled by oracularly defined processes. These computing environments are too complex to know by some system admins or even group of them. This complexity requires dividing operation into separate group of tasks carried out by different groups of specialists.
Orchestration of operation is achieved by processes defined on the basis of recommendations and rules formulated in ITIL V3. These processes are described in series of documents which must be well-known by groups concerned.
This document describes a possible solution which can help employees to keep up with these processes, considerably speed up some of them, minimize human errors and avoid situations when processes disintegrate due to changes in human resources.

Continue reading “Using workflow management system for some sysadmin tasks”