2007 February - TroubleNow.org

BigBrother SNMP users

Posted in: linux, Xymon/Hobbit/BB | February 23, 2007 0 Comments

Quick way of getting the amount of logged in users on a windows 2003 terminal server, from BigBrother. this is not a howto just a quick reference for myself, if someone try’s this and has problems just let me know, mayb I forgot something here.

Using larrd and rrdtool you can get the info into a nice graph.
* note that this does not work on windows 2003 SP1.

First create the snmpusers bigbro script to monitor snmp, this is a modified script of Gavin Goes

trouble@sun:$ mkdir $bbhome/ext/snmp
trouble@sun:$ vi snmpusers.sh

#!/bin/sh
 
# snmpusers v0.1
# this wil monitor the hrSystemNumUsers.0 from a win2k3 box.
#
#######################
# Original header
#######################
# BIG BROTHER - SCRIPT TO SUCK OUT CPU UTILIZATION FROM A
# WINDOWS 2000 Server running SNMP with MIB-II
# Gavin Goes - Cymple Solutions [gavin @ cymplesolutions.com]
#
# Please note that this is a very crude hack of the snmp v0.5 script
# by Sean Macguire. The script can be modified to check any OID on a
# host for comparison... (see OID check section)
#
# This program is under a BSD-style license, you may change it at
# will and redistribute, but giving credit is good manners...
 
# TO RUN THE SNMPCPU TEST ADD THE KEYWORD snmpusers TO THE "BBEXT"
# VARIABLE OF $BBHOME/ext/bbdef.sh.  THIS IS FOR SECURITY.
 
# THE EASIEST INSTALLATION OF THIS SCRIPT INVOLVES PLACING THE
# SCRIPT IN THE $BBHOME/ext directory, and adding the line:
#
#       : : snmpusers.sh
#
# TO THE $BBHOME/etc/bb-bbexttab FILE. TRY ADDING A HOST TO YOUR
# $BBHOME/etc/bb-hosts FILE FOLLOWING THIS EXAMPLE:
#
#  10.50.50.1   deadcat.domain.org # snmpusers
#
 
# BBPROG SHOULD JUST CONTAIN THE NAME OF THIS FILE
# USEFUL WHEN YOU GET ENVIRONMENT DUMPS TO LOCATE
# THE OFFENDING SCRIPT...
#
BBPROG=snmpusers; export BBPROG
 
TEST="snmpusers"
 
# BBHOME CAN BE SET MANUALLY WHEN TESTING.
# OTHERWISE IT SHOULD BE SET FROM THE BB ENVIRONMENT
#
BBHOME=/home/bigbro/bb/; export BBHOME  # FOR TESTING
 
if test "$BBHOME" = ""
then
        echo "BBHOME is not set... exiting"
        exit 1
fi
 
if test ! "$BBTMP"                      # GET DEFINITIONS IF NEEDED
then
         # echo "*** LOADING BBDEF ***"
        . $BBHOME/etc/bbdef.sh          # INCLUDE STANDARD DEFINITIONS
fi
 
#
# SET UP THE SNMP COMMANDS WE'LL NEED (AS WELL AS THE MIB DEFINITIONS
# WHICH USUALLY ARE IN /usr/local/share/snmp/mibs
# IF NOT, ACQUIRE THEM AND PLACE IN THERE
#
MIBS=ALL; export MIBS
SNMPGET="/usr/bin/snmpget"
SNMPWALK="/usr/bin/snmpwalk"
SED="/bin/sed"
 
if test ! -x "$SNMPGET"
then
        echo "Can't find snmpget! [$SNMPGET]... exiting"
        exit 1
fi
if test ! -x "$SNMPWALK"
then
        echo "Can't find snmpwalk! [$SNMPWALK]... exiting"
        exit 1
fi
 
#
# LOOK FOR THE snmpusers KEYWORD IN THE etc/bb-hosts FILE
# BUT MAKE SURE TO IGNORE COMMENTS
#
$GREP snmpusers $BBHOME/etc/bb-hosts | grep -v "^#" |
while read line
do
        set $line                       # GET ALL THE LINE ARGS
        HOST="$1"
        MACHINEMASK="$2"; export MACHINEMASK
 
        if test "$HOST" = "0.0.0.0"     # SUPPORT USING NAMES...
        then
                HOST="$MACHINEMASK"
        fi
 
        if test "$FQDN" != "TRUE"
        then
                OLDIFS="$IFS"
                IFS="."
                set $MACHINEMASK
                MACHINEMASK="$1"
                IFS="$OLDIFS"
        fi
 
        # echo "DOING HOST $MACHINEMASK"
        BOX=`echo $MACHINEMASK | $SED "s/./,/g"`
 
        # COMMUNITY WILL DEFAULT TO "public" UNLESS OTHERWISE
        # STATED IN $BBHOME/etc/bb-smtptab
 
        COMMUNITY="public"
 
        if test -f $BBHOME/etc/bb-snmptab       # IF NOT "public"
        then
                # SEARCH BY IP ADDRESS
                COMMUNITY=`grep "$HOST" $BBHOME/etc/bb-snmptab`
                if test "$COMMUNITY" != ""
                then
                        set $COMMUNITY
                        COMMUNITY="$2"
                else    # SEARCH BY NAME
                        COMMUNITY=`grep "$MACHINEMASK" $BBHOME/etc/bb-snmptab`
                        if test "$COMMUNITY" != ""
                        then
                                set $COMMUNITY
                                COMMUNITY="$2"
                        else
                                COMMUNITY="public"
                        fi
                fi
        fi
 
### OID Check section
### Modify the appropriate setting and OID to suit your needs for
### your specific device... Use a utility like GetIF to find out
### what OIDs your device can monitor
 
        # GET THE AMOUNT OF USERS FOR THIS DEVICE...
        SYSTEMUSERS=`$SNMPGET -v2c -c$COMMUNITY $HOST hrSystemNumUsers.0 2&gt;&amp;1`
 
                set $SYSTEMUSERS
                echo "1= $*" #just for debugging
                shift; shift; shift;
                echo "2 =$*" #just for debugging
                SYSTEMUSERS=`echo $* | $SED "s/\"//g"`
                REALUSERS="`/usr/bin/expr $SYSTEMUSERS - 1`"
 
        # Check if the value of the number of users is greater then
        # or equal to a specific value...
        if [ "$REALUSERS" -ge "50" ]
        then
                # SEND USERS MESSAGE AND EXIT
                $BB $BBDISP "status ${BOX}.${TEST} red `date` The number of users is $REALUSERS"
                continue;
        else
                COLOR="green"; TEST="snmpusers";
                $BB $BBDISP "status ${BOX}.${TEST} $COLOR `date` $LINE The number of users is $REALUSERS"
        fi
 
done

* don’t forget to chmod 755 the file.

Then add it to the bbconfig file:

trouble@sun:$ vi $bbhome/etc/bb-bbexttab

1	: :snmp/snmpusers.sh

To get graphs create a file for larrd:

trouble@sun:$ cd /usr/local/larrd
trouble@sun:$ vi snmpusers-larrd.pl

#!/usr/bin/perl -w -w
#
# Set a path to the rrd tool lib
# Set as and $ENV and see what is up
use lib $ENV{'RRDPM'};
use RRDs;
 
$ds = "snmpusers";
 
@ds = ("DS:snmpusers:GAUGE:600:0:U",
       );
 
##################################
# Start of script
##################################
 
if( not $ENV{'BBHOME'} ) {
        print "$0: BBHOME is not setn";
        exit(1);
}
 
if( not -d $ENV{'BBHOME'} ) {
        print "$0: BBHOME is invalidn";
        exit(1);
}
 
if( not -d $ENV{'BBRRDS'} ) {
        print "$0: BBRRDS is not setn";
        exit(1);
}
 
##
# real work begins here
##
# go to the logs area for simplication of the list
#chdir "$ENV{'BBLOGS'}";
chdir "/home/bigbro/bbvar/logs";
 
# Glob the logs
LOG: while (  defined ($log = &lt;*.$ds&gt;)  ) {
        $host=$log;
        # create some handy vars
        $host =~ s/.$ds//;
        $host =~ s/,/./g;
        ($ctime) = (stat($log))[10];
 
        $colour_check="notok";
 
        # Grab lines
        open(LOG,"$log");
        while ( defined ($line = <log>) ) {
          chomp $line;
 
          # ensure colour is valid - ie don't graph purple results
          if($line =~ /green|yellow|red/) {
            $line =~ /users iss+(d+)/o;
            $users=$1;
            $colour_check="ok";
 
          } # end line colour check
 
          if ($colour_check ne "ok") {
                print "$0: WARN $host is not showing red, yellow, or green. $log skipped.n" if ($ENV{'WARN'});
                next LOG;
          }
 
        } # end while
        close(LOG);
 
        print "$0: DEBUG users: $usersn" if $ENV{'DEBUG'};
 
        # RRD for users
 
        $RRD="$ENV{'BBRRDS'}/$host.snmpusers.rrd";
 
        # if it doesn't exist, make it
        if ( not -f $RRD ) {
                        # RRAS defined in larrd.pl
                        @rras = split " ",$ENV{'RRAS'};
                        RRDs::create($RRD,@ds,@rras);
                        $ERR=RRDs::error;
                        if($ERR) {
                                print "$0: ERROR creating $RRD: $ERRn" if ($ENV{'ERROR'});
                                next;
                        }
                $ctime="N";
                print "$0: STATUS did not find $RRD, created.n" if ($ENV{'STATUS'});
        }
 
        RRDs::update("$RRD","$ctime:$users");
        $ERR=RRDs::error;
        if($ERR) {
               print "$0: WARN updating $RRD: $ERRn" if ($ENV{'WARN'});
        }
 
        # Sloppy
        ($ctime) = (stat($log))[10];
 
}
##############################################
# end of script
##############################################
</log>

Change the data list in larrd-config

trouble@sun:$ vi /usr/local/larrd/larrd-config.pl

1	@DATALIST=("la","disk","bbnet","vmstat","netstat","users","procs","memory","snmpusers");

Find your larrd-grapher.cgi and add the following section somewhere around line: 1470

 snmpusers =&gt; {
    hourly =&gt; {
        start_sec =&gt; "e-48h",
        title =&gt; "$host # of Users Last 48 Hours",
    },
    daily =&gt; {
        start_sec =&gt; "e-12d",
        title =&gt; "$host # of Users Last 12 Days",
    },
    weekly =&gt; {
        start_sec =&gt; "e-48d",
        title =&gt; "$host # of Users Last 48 Days",
    },
    monthly =&gt; {
        start_sec =&gt; "e-576D",
        title =&gt; "$host # of Users Last 576 Days",
    },
    yaxis =&gt; "#",
    lines =&gt; sub {
        my ($RRD,$service,$graph,$p,$color)=@_;
 
        return [
#            qq{DEF:p=$host.snmpusers.rrd:la:AVERAGE},
            qq{DEF:p=$host.snmpusers.rrd:snmpusers:AVERAGE},
            qq{AREA:p#00CC00:Users},
            qq{COMMENT:n},
            qq{GPRINT:p:LAST:Users   : %5.1lf%s (cur)},
            qq{GPRINT:p:MAX: : %5.1lf%s (max)},
            qq{GPRINT:p:MIN: : %5.1lf%s (min)},
            qq{GPRINT:p:AVERAGE: : %5.1lf%s (avg)n},
        ]
    },
  }

Restart bigbro and it should work.

My First CarPC

Posted in: Cars | February 23, 2007 0 Comments

Car

1995 Chevrolet Lumina LS 3.1L V6

PC

mobo: PCChips M825LU micro-atx

CPU: AMD Duron 950 Mhz

Mem: 1GB kingston

HDD1: 80GB Fujitsu laptop HDD

HDD2: 80GB Seagate HDD

WLAN: MSI PC54G2

GPS: usb

Display: 619GL-70NP/C/T

Radio/TV: WinFast TV2000 XP Deluxe

Pics

Click the images for a bigger image.

A 23″ screen and the tiny 7″ touch screen.

The Case

It has been build in the shape of the car (back seat)

The case it pretty big but thats because the JBL GTO will be mounted on the back of the case.

The Car Interior

Installing OpenSSH and OpenSSL from ports*

Posted in: FreeBSD | February 23, 2007 0 Comments

* Note that this is a old article saved from a previous blog.

I had a few FreeBSD machine’s still running a old version of OpenSSH and OpenSSL, so it was about time to upgrade these to the latest version.

These were the current versions of OpenSSH and OpenSSL that I was running:

trouble@sun:$ openssl version
OpenSSL 0.9.7b 04 apr 2004
root@server:~# ssh -V
OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7b 04 apr 2004

There are multiple ways of upgrading these packages on FreeBSD, here I point out the way I like to use. First thing to do is setup telnetd so I can access the server using telnet, this way I won’t be lost if something goes wrong while updating OpenSSH to the latest version (Note that this is not needed if you do the upgrade local, but for me it will save me a 40KM trip to the colo).
Edit /etc/inetd.conf and enable the telnetd server:

trouble@sun:$ vi /etc/inetd.conf
Find the line:
#telnet stream tcp nowait root /usr/libexec/telnetd telnetd
And change it to:
telnet stream tcp nowait root /usr/libexec/telnetd telnetd

Then add inetd to the rc.conf so it will start at boot time (So you can give the server a powerboot if needed and use telnet again).

username@computername:$ vi /etc/rc.conf
Here add:
#-----------------------------------
inetd_enable="YES"
inetd_program="/usr/sbin/inetd"
inetd_flags="-wW -C 60
#-----------------------------------

Now we need to start inetd and see if it works:

trouble@sun:$ /usr/sbin/inetd -wW -C 60

And to see if telnet works from a local machine:

trouble@earth:$ telnet SERVERIP
Trying SERVERIP...
Connected to SERVERIP.
Escape character is '^]'.

FreeBSD/i386 (HOSTNAME) (ttyp7)

login:

Good telnet is working now we can start the upgrade of OpenSSH and OpenSSL. Make sure you have cvsuped your ports tree to the latest version. First I will upgrade OpenSSL:

trouble@sun:$ cd /usr/ports/security/openssl
trouble@sun:$ make -DWITH_OPENSSL_PORT install

In version 5 you can’t upgrade OpenSSl over the base anymore so I backup the original versions so I can go back if anything is wrong and link the new version there.

#!/bin/sh
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /lib/libcrypto.so.3 /lib/libcrypto.so.3.bak
mv /usr/lib/libssl.so.3 /usr/lib/libssl.so.3.bak
 
chmod 000 /usr/bin/openssl.bak
chmod 000 /lib/libcrypto.so.3.bak
chmod 000 /usr/lib/libssl.so.3.bak
 
ln -s /usr/local/lib/libssl.so.3 /usr/bin/openssl /usr/bin/openssl
ln -s /usr/local/lib/libssl.so.3 /usr/crypto.so.3 /lib/libcrypto.so.3
ln -s /usr/local/lib/libssl.so.3 /usr/lib/libssl.so.3

Now OpenSSL should be the latest version:

root@server:~# openssl version
OpenSSL 0.9.7g 11 Apr 2005

Good that worked, now its time to upgrade OpenSSH:

trouble@sun:$ cd /usr/ports/security/openssh-portable
trouble@sun:$ make -DOPENSSH_OVERWRITE_BASE=yes install

After the installation you should set NO_OPENSSH=true in your make.conf so it won’t be overwritten if you upgrade your system.

trouble@sun:$ echo "NO_OPENSSH=true" >> /etc/make.conf

The ports version has got its binary’s in /usr/local/bin while the base ssh is installed in /usr/bin/ now you could set your path’s to look in /usr/local/bin first, but I like to backup the old version and link the new version for the original.

#!/bin/sh
mv /usr/bin/ssh /usr/bin/ssh.bak
mv /usr/bin/ssh-keyscan /usr/bin/ssh-keyscan.bak
mv /usr/libexec/ssh-keysign /usr/libexec/ssh-keysign.bak
mv /usr/bin/ssh-agent /usr/bin/ssh-agent.bak
mv /usr/sbin/sshd /usr/sbin/sshd.bak
 
chmod 000 /usr/bin/ssh.bak
chmod 000 /usr/bin/ssh-keyscan.bak
chmod 000 /usr/libexec/ssh-keysign.bak
chmod 000 /usr/bin/ssh-agent.bak
chmod 000 /usr/sbin/sshd.bak
 
ln -s /usr/local/bin/ssh /usr/bin/ssh
ln -s /usr/local/bin/ssh-keyscan /usr/bin/ssh-keyscan
ln -s /usr/local/libexec/ssh-keysign /usr/libexec/ssh-keysign
ln -s /usr/local/bin/ssh-agent /usr/bin/ssh-agent
ln -s /usr/local/sbin/sshd /usr/sbin/sshd

Also the ports version has got a nice start/stop script that you can use, i’m going to use that instead of starting the sshd using rc.conf. First edit /etc/rc.conf and disable the SSH daemon:

trouble@sun:$ vi /etc/rc.conf
Add or edit:
sshd_enable="NO"
sshd_program="/usr/local/sbin/sshd"

Now move the sample sshd script and edit the file to use your old sshd config file:

trouble@sun:$ cd /usr/local/etc/rc.d
trouble@sun:$ mv sshd.sh.sample sshd.sh
trouble@sun:$
trouble@sun:$ vi sshd.sh
--- Find line nr 4 (/usr/local/sbin/sshd)
----And change it to:
/usr/local/sbin/sshd -f /etc/ssh/sshd_config

This will tell the new sshd to look at the config file in /etc/ssh/sshd_config. Now find your current sshd pid and kill it then start ssh using the script.

trouble@sun:$ ps ax | grep ssh
607 ?? Is 0:00.22 /usr/sbin/sshd
trouble@sun:$ kill -9 607
trouble@sun:$ /usr/local/etc/rc.d/sshd.sh start
trouble@sun:$ ps ax | grep ssh
901 ?? Ss 0:00.00 /usr/local/sbin/sshd -f /etc/ssh/sshd_config

So SSH is running again and should be the latest version:

trouble@sun:$ ssh -V
OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005

Now connect from your client again to your server, you should get a warning that the key is changed, add the new key and you should be running using the latest version of ssh.
Now kill the inetd deamon and if you want to remove it from the rc.conf (I keep it in there untill I have rebooted the machine to make sure it is working.

Page 1 of 412 3 4 »

BigBrother SNMP users

My First CarPC

Car

PC

Pics

Installing OpenSSH and OpenSSL from ports*

Categories

Recent Posts

Something usefull

Links

Meta

BigBrother SNMP users

My First CarPC

Car

PC

Pics

Installing OpenSSH and OpenSSL from ports*

Categories

Recent Posts

Tags

Something usefull

Links

Meta