Fedora nowadays doesn't have the ssh server by default, if you want it here's how (fedora no longer uses /etc/init.d):
yum install openssh
service sshd start
service sshd enable
note: if you want to start/enable other services on fedora you can replace sshd with the name of the other service.
Friday, April 26, 2013
Wednesday, April 24, 2013
proxmox tips
To force a vm to shutdown you can't do it from the web interface so instead you'll have to ssh in and use your root username and password. Once you're ssh'd in type:
qm shutdown <vmid> -forceStop
more details at: http://pve.proxmox.com/wiki/Manual:_qm
Proxmox is a nice setup overall, but the java vnc interface to view the desktop of the vm is just lousy. A way around that is to ssh in and go to the /etc/pve/nodes/proxmox/qemu-server directory. In the 1##.conf file (where 1## is the id of the VM), put the following lines:
args: -vnc 0.0.0.0:10
You can do this with each vm, just make sure the change the number after the last colon, as
each vnc connection has to be on it's own port. Then you can vnc using your favorite vnc viewer, and use the ip address/hostname of the proxmox server followed by a : and the number that's at the end of the line you put in the VM's config file. In this case it would be "vncviewer proxmox-machine:10"
More details on your vnc options and proxmox are at: http://pve.proxmox.com/wiki/Vnc_2.0
For tips on how to deal with the screen resolution of linux in a VM (both X and console):
http://thescriptingadmin.blogspot.com/2013/04/fedora-too-high-resolution-in-vm.html
qm shutdown <vmid> -forceStop
more details at: http://pve.proxmox.com/wiki/Manual:_qm
Proxmox is a nice setup overall, but the java vnc interface to view the desktop of the vm is just lousy. A way around that is to ssh in and go to the /etc/pve/nodes/proxmox/qemu-server directory. In the 1##.conf file (where 1## is the id of the VM), put the following lines:
args: -vnc 0.0.0.0:10
You can do this with each vm, just make sure the change the number after the last colon, as
each vnc connection has to be on it's own port. Then you can vnc using your favorite vnc viewer, and use the ip address/hostname of the proxmox server followed by a : and the number that's at the end of the line you put in the VM's config file. In this case it would be "vncviewer proxmox-machine:10"
More details on your vnc options and proxmox are at: http://pve.proxmox.com/wiki/Vnc_2.0
For tips on how to deal with the screen resolution of linux in a VM (both X and console):
http://thescriptingadmin.blogspot.com/2013/04/fedora-too-high-resolution-in-vm.html
Friday, April 5, 2013
ssh-agent in cygwin
If you do command line work like I do, and remote into a linux machine via ssh, you may or may not be aware of ssh keys. If you use an ssh key you can log into the machine without a password. However to keep things secure, you really should use a password on your ssh key, but if you had to type in the password every time you used the key, that would sort of defeat the purpose of the ssh key. So they have ssh-agent for linux and cygwin (if you're using putty use pagent instead).
Normally you first run ssh-agent, then run ssh-add (or just have it loaded via kde, gnome, or .bash_profile if you don't use a gui at all on linux). On cygwin though you might encounter the error message "Could not open a connection to your authentication agent" when you type in ssh-add. The solution is apparently to run the following command: "exec ssh-agent bash", and once you get a new bash shell then type ssh-add.
Normally you first run ssh-agent, then run ssh-add (or just have it loaded via kde, gnome, or .bash_profile if you don't use a gui at all on linux). On cygwin though you might encounter the error message "Could not open a connection to your authentication agent" when you type in ssh-add. The solution is apparently to run the following command: "exec ssh-agent bash", and once you get a new bash shell then type ssh-add.
enable remote registry service on windows 7
Windows 7 by default disables the remote registry service (probably for security reasons). To enable it from the command line type the following:
sc \\computername config remoteregistry start= auto
make sure you have a space between the = sign and auto
if you're doing this on your local computer you can drop the \\computername part
you can also replace "remoteregistry" with the name of another service to enable or disable it.
once you've enabled the service you can either reboot the computer, or just start it now with:
sc \\computername start remoteregistry
If you want to know why we want to enable this service, it's so that you can pull up the registry of a remote computer that's currently in use (normally hkey_local_machine) via regedit on your local machine. This way you don't have to interrupt whoever is currently at the computer by using RDP, VNC, or kicking the user out of their chair, at most you may have to tell them to reboot their machine at some point.
sc \\computername config remoteregistry start= auto
make sure you have a space between the = sign and auto
if you're doing this on your local computer you can drop the \\computername part
you can also replace "remoteregistry" with the name of another service to enable or disable it.
once you've enabled the service you can either reboot the computer, or just start it now with:
sc \\computername start remoteregistry
If you want to know why we want to enable this service, it's so that you can pull up the registry of a remote computer that's currently in use (normally hkey_local_machine) via regedit on your local machine. This way you don't have to interrupt whoever is currently at the computer by using RDP, VNC, or kicking the user out of their chair, at most you may have to tell them to reboot their machine at some point.
Thursday, March 21, 2013
printer statistics via SNMP
At work we have some multi-function copiers that do the whole print, scan, copy, deal. What do you do if you want to track printer usage?. You can either enable monitoring of print jobs on the print server, if your users go through a print server, or you can track the page counts on the printers themselves, if they are network printers.
In addition to tracking page counts, this script tracks how many sheets of paper are left in each of the trays (if your network printer is advanced enough to do that), and dumps all the information to a csv file. Right now I'm running the script every hour or so to track what happens if I adjust some default settings.
For this you will need net-snmp, which you can get at: http://sourceforge.net/projects/net-snmp/files/net-snmp%20binaries/ if you're using windows, if you're using linux do apt-get install snmp or yum install net-snmp depending on your distro so that you get snmpwalk installed.
For linux you'll probably need to create a bash script of your own, based on the nagios script I used at: http://exchange.nagios.org/directory/Plugins/Hardware/Printers/SNMP-Printer-Check/details
Without further ado here's my batch script (for windows):
@echo off
set snmpexe=c:\usr\bin\snmpwalk.exe
rem make sure to include the .exe at the end
rem netsnmp binaries are available from:
rem http://sourceforge.net/projects/net-snmp/files/net-snmp%20binaries/
rem shouldn't need to change anything between this and ":appendfile"
set prnip=%1
echo checking on the amount of paper left in the trays for printer %prnip%
for /f "tokens=2" %%W in ('date /t') do set dater=%%W
for /f "tokens=1,2 delims=:" %%t in ('echo %time%') do set timer=%%t:%%u
for /f "tokens=1-3 delims=/" %%d in ('echo %dater%') do set curdate=%%f%%d%%e
for /f "tokens=3 delims=/" %%y in ('echo %dater%') do set curyear=%%y
rem reset variables for when we run this multiple times (usually on different printers),
rem in the same enviroment (don't want previous valuse affecting this run).
set tray0=x
set tray1=x
set tray2=x
set tray3=x
set tray4=x
set pgcount=x
if "%1" == "" goto usage
if NOT exist %snmpexe% goto usage
if exist prn-%prnip%-%curyear%.csv goto appendfile
:newfile
echo this tells you how many sheets are still in each input tray/cassette in a printer
echo date ,time ,envelope ,tray1 ,tray2 ,tray3 ,tray4 ,pagecount >> prn-%prnip%-%curyear%.csv
:appendfile
rem this is for a printer with 4 regular trays and a "multi-purpose" tray, you
rem many need to change this a bit if your printer hardware is a little different
rem this is based on code from
rem http://exchange.nagios.org/directory/Plugins/Hardware/Printers/SNMP-Printer-Check/details
for /f "tokens=4" %%c in ('%snmpexe% -v1 -c public %prnip% 1.3.6.1.2.1.43.8.2.1.10.1.1') do set tray0=%%c
for /f "tokens=4" %%c in ('%snmpexe% -v1 -c public %prnip% 1.3.6.1.2.1.43.8.2.1.10.1.2') do set tray1=%%c
for /f "tokens=4" %%c in ('%snmpexe% -v1 -c public %prnip% 1.3.6.1.2.1.43.8.2.1.10.1.3') do set tray2=%%c
for /f "tokens=4" %%c in ('%snmpexe% -v1 -c public %prnip% 1.3.6.1.2.1.43.8.2.1.10.1.4') do set tray3=%%c
for /f "tokens=4" %%c in ('%snmpexe% -v1 -c public %prnip% 1.3.6.1.2.1.43.8.2.1.10.1.5') do set tray4=%%c
for /f "tokens=4" %%c in ('%snmpexe% -v1 -c public %prnip% 1.3.6.1.2.1.43.10.2.1.4.1.1') do set pgcount=%%c
echo %date% ,%timer% ,%tray0% ,%tray1% ,%tray2% ,%tray3% ,%tray4% ,%pgcount% >> prn-%prnip%-%curyear%.csv
goto end
:usage
echo usage: input-tray-count.bat ip-of-printer
echo this requires snmpwalk in the specified location
echo this will tell you how many sheets you have left in each input tray/cassette in a printer
:end
In addition to tracking page counts, this script tracks how many sheets of paper are left in each of the trays (if your network printer is advanced enough to do that), and dumps all the information to a csv file. Right now I'm running the script every hour or so to track what happens if I adjust some default settings.
For this you will need net-snmp, which you can get at: http://sourceforge.net/projects/net-snmp/files/net-snmp%20binaries/ if you're using windows, if you're using linux do apt-get install snmp or yum install net-snmp depending on your distro so that you get snmpwalk installed.
For linux you'll probably need to create a bash script of your own, based on the nagios script I used at: http://exchange.nagios.org/directory/Plugins/Hardware/Printers/SNMP-Printer-Check/details
Without further ado here's my batch script (for windows):
@echo off
set snmpexe=c:\usr\bin\snmpwalk.exe
rem make sure to include the .exe at the end
rem netsnmp binaries are available from:
rem http://sourceforge.net/projects/net-snmp/files/net-snmp%20binaries/
rem shouldn't need to change anything between this and ":appendfile"
set prnip=%1
echo checking on the amount of paper left in the trays for printer %prnip%
for /f "tokens=2" %%W in ('date /t') do set dater=%%W
for /f "tokens=1,2 delims=:" %%t in ('echo %time%') do set timer=%%t:%%u
for /f "tokens=1-3 delims=/" %%d in ('echo %dater%') do set curdate=%%f%%d%%e
for /f "tokens=3 delims=/" %%y in ('echo %dater%') do set curyear=%%y
rem reset variables for when we run this multiple times (usually on different printers),
rem in the same enviroment (don't want previous valuse affecting this run).
set tray0=x
set tray1=x
set tray2=x
set tray3=x
set tray4=x
set pgcount=x
if "%1" == "" goto usage
if NOT exist %snmpexe% goto usage
if exist prn-%prnip%-%curyear%.csv goto appendfile
:newfile
echo this tells you how many sheets are still in each input tray/cassette in a printer
echo date ,time ,envelope ,tray1 ,tray2 ,tray3 ,tray4 ,pagecount >> prn-%prnip%-%curyear%.csv
:appendfile
rem this is for a printer with 4 regular trays and a "multi-purpose" tray, you
rem many need to change this a bit if your printer hardware is a little different
rem this is based on code from
rem http://exchange.nagios.org/directory/Plugins/Hardware/Printers/SNMP-Printer-Check/details
for /f "tokens=4" %%c in ('%snmpexe% -v1 -c public %prnip% 1.3.6.1.2.1.43.8.2.1.10.1.1') do set tray0=%%c
for /f "tokens=4" %%c in ('%snmpexe% -v1 -c public %prnip% 1.3.6.1.2.1.43.8.2.1.10.1.2') do set tray1=%%c
for /f "tokens=4" %%c in ('%snmpexe% -v1 -c public %prnip% 1.3.6.1.2.1.43.8.2.1.10.1.3') do set tray2=%%c
for /f "tokens=4" %%c in ('%snmpexe% -v1 -c public %prnip% 1.3.6.1.2.1.43.8.2.1.10.1.4') do set tray3=%%c
for /f "tokens=4" %%c in ('%snmpexe% -v1 -c public %prnip% 1.3.6.1.2.1.43.8.2.1.10.1.5') do set tray4=%%c
for /f "tokens=4" %%c in ('%snmpexe% -v1 -c public %prnip% 1.3.6.1.2.1.43.10.2.1.4.1.1') do set pgcount=%%c
echo %date% ,%timer% ,%tray0% ,%tray1% ,%tray2% ,%tray3% ,%tray4% ,%pgcount% >> prn-%prnip%-%curyear%.csv
goto end
:usage
echo usage: input-tray-count.bat ip-of-printer
echo this requires snmpwalk in the specified location
echo this will tell you how many sheets you have left in each input tray/cassette in a printer
:end
Monday, March 18, 2013
company CA without a cert server
For those who administer a network, sometimes you need to create a root certificate. This can be for an internal web-server, or for deploying internal software, or for other reasons. In many places you have a server setup who's sole purpose it get generate SSL and maybe other certificates for the company. If you don't wan't to dedicate an entire server to this task though because you don't need to be constantly generating new certificates there is an alternative.
OpenSSL is an open source program (hence the Open part), that allows you to generate SSL certificates, everything from a root certificate (for your company root CA), to a regular certificate that's signed by the root CA.
If you're on a linux machine do your usual apt-get install openssl or yum install openssl, and skip the next paragraph for windows.
If you're on windows, you'll need to go to: http://www.openssl.org/related/binaries.html, and follow the links till you can download the openssl binary (full version) for window at http://slproweb.com/products/Win32OpenSSL.html (you may need to download and install the visual C++ redistrutable). You'll also want to add c:\openssl-win32\bin to your system's path or have the DLL's installed to the c:\windows\system32 directory.
To create a root certificate go to the c:\openssl-win32\bin directory and type:
openssl req -nodes -new -x509 -keyout my-ca.key -out my-ca.crt -days 3650 -config openssl.cfg
-leave the e-mail address blank.
-the above root ca will be valid for 13 years.
make the following directories, demoCA, demoCA\newcerts, and demoCA\private
under c:\openssl-win32\bin?
so you should have c:\openssl-win32\bin\demoCA\newcerts as one of your paths
move the *-ca.crt file to demoCA
the *-ca.key file to demoCA\private
in the openssl.cnf file go to the CA_default section and make sure that private_key = $dir/private/my-ca.key
and change certificate = $dir/my-ca.crt
(change my-ca.key to whatever you typed in the openssl command above)
type echo 01 > \demoCA\serial
and in explorer navigate to the demoCA folder and create a new text file
and name it index.txt (don't put anything in it).
to create server certificates for wsus:
openssl req -nodes -new -keyout servername.key -out servername.csr -days 1825 -config openssl.cfg
for Common Name enter servername.company.com
leave email address blank, and hit enter for challenge password and optional company name.
then sign it using the ca (certifies for 5 yesrs)
openssl ca -out server.crt -in server.csr -days 1825 -config openssl.cfg
then export it to pfx format for iis:
openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfile my-ca.crt
type in a password for the pfx
ignore message about "unable to write 'random state'
OpenSSL is an open source program (hence the Open part), that allows you to generate SSL certificates, everything from a root certificate (for your company root CA), to a regular certificate that's signed by the root CA.
If you're on a linux machine do your usual apt-get install openssl or yum install openssl, and skip the next paragraph for windows.
If you're on windows, you'll need to go to: http://www.openssl.org/related/binaries.html, and follow the links till you can download the openssl binary (full version) for window at http://slproweb.com/products/Win32OpenSSL.html (you may need to download and install the visual C++ redistrutable). You'll also want to add c:\openssl-win32\bin to your system's path or have the DLL's installed to the c:\windows\system32 directory.
To create a root certificate go to the c:\openssl-win32\bin directory and type:
openssl req -nodes -new -x509 -keyout my-ca.key -out my-ca.crt -days 3650 -config openssl.cfg
-leave the e-mail address blank.
-the above root ca will be valid for 13 years.
make the following directories, demoCA, demoCA\newcerts, and demoCA\private
under c:\openssl-win32\bin?
so you should have c:\openssl-win32\bin\demoCA\newcerts as one of your paths
move the *-ca.crt file to demoCA
the *-ca.key file to demoCA\private
in the openssl.cnf file go to the CA_default section and make sure that private_key = $dir/private/my-ca.key
and change certificate = $dir/my-ca.crt
(change my-ca.key to whatever you typed in the openssl command above)
type echo 01 > \demoCA\serial
and in explorer navigate to the demoCA folder and create a new text file
and name it index.txt (don't put anything in it).
to create server certificates for wsus:
openssl req -nodes -new -keyout servername.key -out servername.csr -days 1825 -config openssl.cfg
for Common Name enter servername.company.com
leave email address blank, and hit enter for challenge password and optional company name.
then sign it using the ca (certifies for 5 yesrs)
openssl ca -out server.crt -in server.csr -days 1825 -config openssl.cfg
openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfile my-ca.crt
type in a password for the pfx
ignore message about "unable to write 'random state'
Thursday, March 7, 2013
rrd illegal time fix, and editing xml with sed
And now for some BASHing...
If you use rrd, and do a reboot of your computer, on rare occasion you might run into an error like the following (I put xxx in some places for privacy).
ERROR: Cannot update /var/www/mrtg/xxx/10.x.x.5_xx.rrd with '1359389221:4100149299:563322753' /var/www/mrtg/xxx/10.x.x.5_xx.rrd: illegal attempt to update using time 1359389221 when last update time is 1359402962 (minimum one second step)
That long 10 digit number starting with 1359... is a unix time stamp, which is just the number of seconds that have elapsed since january 1st 1970. If you can't figure out the cause of this error, you can edit the rrd files. Unfortunately they are in a binary format and need to first be exported to xml, edited, and then converted back to binary format. While there is a python script for editing xml files exported from rrd databases, it required a library which I was unable to properly install on my linux machine. So I decided to create a bash script using sed, and not bother with python (or it's libraries)
Remember this is a BASH script, not a BATCH script. So if you're going to run this on a windows machine you'll need to install cygwin first, and run it from inside of cygwin.
#!/bin/bash
# you will probably want to run this as# find . -iname "*.rrd" -print0 |xargs -0 -I {} rrd-fixer.sh {}
#first we convert the rrd file to xml format
rrdtool dump $1 > $1.xml
#we need to figure out the current unix date (epoc format, number of seconds
#since 1970)
udate=`date +%s`
#the heart and soul, take out the bad last update stamp, and replace it with
# one mrtg (or other rrd based tools), won't barf on
sed -e "s/<lastupdate>1[0-9]\{9\}/<lastupdate>$udate/" $1.xml > $1.fixed.xml
#rrdtool won't overwrite the bad rrd file on it's own, so have to remove
#it ourselves
rm $1
#convert the .xml file back to .rrd format
rrdtool restore $1.fixed.xml $1
#cleanup the xml files
rm $1.xml
rm $1.fixed.xml
# ---------- end of bash script --------------------------
note: if you want to run this on a folder with many rrd files (like mrtg or smokeping will often create), you will probably want to run the script in the following manner:
find . -name "*.rrd" -print0 |xargs -0 -I {} rrd-fixer.sh {}
or if you want to simplify it:
ls -1 *.rrd |xargs rrd-fixer.sh
fyi, the python script I came across is at: http://pierre.palatin.fr/old/rrd-repair
Subscribe to:
Posts (Atom)