rubysecurity.org

Cloud Architect / DevOps Engineer / SRE / Developer | /root

Home About Books Blog Portfolio Archive

    Tag Cloud


    Currently Reading

    Certified Kubernetes Administrator (CKA) Study Guide
    Certified Kubernetes Administrator (CKA) Study Guide
    38 / 155 Pages


    Latest Book Reviews

    Latest Posts

    November 10, 2013

    Enabling SMART on a hard drive

    by Alpha01

    Error

    [root@backup ~]# smartctl -H /dev/sdb
smartctl 5.43 2012-06-30 r3573 [x86_64-linux-2.6.32-358.23.2.el6.x86_64] (local build)
Copyright (C) 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net

SMART Disabled. Use option -s with argument 'on' to enable it.

    Fix

    [root@backup ~]# smartctl -s on /dev/sdb
smartctl 5.43 2012-06-30 r3573 [x86_64-linux-2.6.32-358.23.2.el6.x86_64] (local build)
Copyright (C) 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net

=== START OF ENABLE/DISABLE COMMANDS SECTION ===
SMART Enabled.
    Tags: [ monitoring ]
    October 28, 2013

    Nuking GPT partition table

    by Alpha01

    Error

    WARNING: GPT (GUID Partition Table) detected on '/dev/sdb'! The util fdisk doesn't support GPT. Use GNU Parted.

    Fix

    parted /dev/sdb
mklabel msdos
quit
    Tags: [ gparted ]
    October 27, 2013

    Black background in all desktops after Ubuntu 13.10 upgrade

    by Alpha01

    So I just upgraded my Dell XPS 13 laptop from Ubuntu 13.04 to 13.10, and immediately the first thing I noticed that all of my desktops had a black background. and manually changing the background wallpaper took no effect. Turns out this is a common problem. In my case it turned out to be related to Gnome, which I found it to be rather interesting giving that a Gnome specific setting will cause this problem in Unity.

    Fix

    gsettings set org.gnome.settings-daemon.plugins.background active true

    Resources

    Tags: [ ubuntu ]
    September 18, 2013

    Monitoring TFTPd server

    by Alpha01

    So I just spent the last two hours of my life trying to figure why PXE booting was not working in my home network. Turned out the root cause was my fault completely since, I forgot to add a firewall rule on my dhcp/PXE server to allow incoming UDP connections on port 69.

    Fix

    iptables -A INPUT -p udp -m udp --dport 69 -j ACCEPT

    As with just about any other service, this service can be monitored using Nagios. Originally, I had problems using the check_tftp.pl and check_tftp plugins that are available from on Nagios Exchange repo, mainly because of the way I have setup my machines.

    • check_tftp - This plugin was useless in my environment because this plugin all it does, is send out an status command to the TFTP server. Since I’m using the BSD tftp client, all status commands sent to any host will always show up as being connected regardless. http://exchange.nagios.org/directory/Plugins/Network-Protocols/TFTP/check_tftp/details

    • check_tftp.pl - This plugin was not opted to work in my environment. Mainly because it uses Net::TFTP, unlike the tftp client application, Net::TFTP does not support specifying a custom reverse connection port (or port ranges). By default, when connecting to a TFTP server, the TFTP server will dynamically choose a random non-standard port to connect back to the client machine and proceed with the TFTP download. My Nagios machine (like all of my machines) are set to drop all incoming packets except for specific ports and related/established connections. http://exchange.nagios.org/directory/Plugins/Network-Protocols/TFTP/check_tftp-2Epl/details

    This lead me to the path of writing my own custom solutions. So I wrote a simple Nagios plugin that monitors TFTP. All it simply does, is download a non-empty file called test.txt.

    #!/usr/bin/perl -w
# Tony Baltazar. root[@]rubyninja.org

use strict;
use Getopt::Long;

my %options;
GetOptions(\%options, "host|H:s", "port|p:i", "rport|R:s", "file|f:s", "help");

if ($options{help}) {
	usage();
	exit 0;
} elsif ($options{host} && $options{port} && $options{file}) {
	chdir('/tmp');

	my $cmd_str = ( $options{rport} ?  "/usr/bin/tftp -R $options{rport}:$options{rport} $options{host} $options{port} -c get $options{file}" : "/usr/bin/tftp $options{host} $options{port} -c get $options{file}");

	my $cmd = `$cmd_str`;
	if ($? != 0) {
		print "CRITICAL: $cmd";
		system("rm -f /tmp/$options{file}");
		exit 2;
	} else {
		if (! -z "/tmp/$options{file}" ) {
			print "TFTP is ok.\n$cmd";
			system("rm -f /tmp/$options{file}");
			exit 0;
		} else {
			print "WARNING: $cmd";
			system("rm -f /tmp/$options{file}");
			exit 1;
		}
	}

} else {
	usage();
}


sub usage {
print <<EOF;

$0: TFTP monitor check Nagios plugin.

Syntax: $0 [--help|-H=<TFTP server> --port=<TFTP Port> --file=<Test file>]

   --host | -H  : TFTP server.
   --port | -p  : TFTP Port.
   --file | -m  : Test file that will be downloaded.
   --help | -h  : This help message.

Optionally,
   --rport | -R : Explicitly force the reverse originating connection's port.

EOF
}

    check_tftp.pl

    Seeing the plugin in action

    Assuming, we’re using port udp 1069 to allow the TFTP server (192.168.1.2) to connect to the Nagios monitoring machine.

    [root@monitor libexec]# iptables -L -n |grep "Chain INPUT"
Chain INPUT (policy DROP)
[root@monitor libexec]# iptables-save|grep 1069
-A INPUT -s 192.168.1.2/32 -p udp -m udp --dport 1069 -j ACCEPT

    Firewall not allowing TFTP to connect back using port 1066.

    [root@monitor libexec]#  su - nagios -c '/usr/local/nagios/libexec/check_tftp.pl -H 192.168.1.2 -p 69 -R 1066 -f test.txt'
CRITICAL: Transfer timed out.

    Downloading a non-existing file from the TFTP server.

    [root@monitor tmp]#  su - nagios -c '/usr/local/nagios/libexec/check_tftp.pl -H 192.168.1.2 -p 69 -R 1069 -f test.txtFAKESHIT'
WARNING: Error code 1: File not found

    Successful connection and transfer.

    [root@monitor tmp]#  su - nagios -c '/usr/local/nagios/libexec/check_tftp.pl -H 192.168.1.2 -p 69 -R 1069 -f test.txt'
TFTP is ok.
    Tags: [ perl nagios networking ]
    September 16, 2013

    Chef encountered an error attempting to create the client

    by Alpha01

    So I’m finally starting to keep up with modern times and started to learn Chef more in depth. My goal is to completely automate and easily manage all of virtual machine instances running in my home network.

    Upon attempting to bootstrap my very first node, I received the following error:

    ubuntu Creating a new client identity for ubuntu01 using the validator key.
ubuntu
ubuntu ===================================================================
ubuntu Chef encountered an error attempting to create the client "ubuntu01"
ubuntu ===================================================================
ubuntu
ubuntu
ubuntu Resource Not Found:
ubuntu -------------------
ubuntu The server returned a HTTP 404. This usually indicates that your chef_server_url is incorrect.
ubuntu
ubuntu
ubuntu
ubuntu Relevant Config Settings:
ubuntu -------------------------
ubuntu chef_server_url "https://chef.rubyninja.org:443"
ubuntu
ubuntu
ubuntu
ubuntu [2013-09-15T22:25:28-07:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
ubuntu Chef Client failed. 0 resources updated
ubuntu [2013-09-15T22:25:28-07:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

    This essentially means that the node is not able to communicate with the Chef server. In my case, it turned out that the ubuntu01 machine was not using my local DNS servers, thus the chef.rubyninja.org lookup from the machine was failing.

    Tags: [ ubuntu chef ]