Category Archives: Linux

The Linux Category actually encompasses *BSD, RH, Fedora, Ubuntu, and the like.

Linux, Miscellaneous, Troubleshooting

Error in SQL syntax

Leave a comment

Man, I’m not very good at this PHP stuff in terms of starting from scratch. I can decipher what is going on, but my troubleshooting skills for editing my own work… suck.

I put up a survey site with very simple post of data into a mysql database from a PHP front-end. My boss tried it out and put an apostrophe in his comments section, which threw up the standard:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'm working hard')' at line 37

Ut oh. Showing SQL errors can lead to problems – injections, giving away data, etc. Since this was an internal-only site, it didn’t really matter quite as much, but I’d still like to allow people to utilize the apostrophe.

Add this into the inserting php page:

 foreach ($_POST as $key => $value) {
    $_POST[$key] = mysql_real_escape_string($value);
  }

It is right after my “mysql_select_db(“dbname”, $con); statement.

Linux

FreeNAS Rebuilding

Leave a comment

We decided to test pulling out a HD and sticking it back in to see how the FreeNAS would react.

Specs:
FreeNAS 0.7.2 (5543)
Areca ARC-1222 w/ Battery
Hotswap ICYDock drives
Hitachi 2TB SATA HD’s (QTY 8 )
RAID 50 (so a stripe of 2x RAID 5’s, 12TB unformatted)

Pulled out the HD, put the HD back in. Drive lights on 7 of the drives turned to orange (means data was being accessed/changed) and the drive we pulled out and put back was green (only power).

Logged into the Areca Web Panel and added the HD as a hot spare. The RAID controller instantly tried to rebuild the array. After 15 minutes the rebuild process was still at 0.0% so something was definitely wrong.

Checked the FreeNAS and HD space was rapidly being used up (about 100MB/sec). Checked “top” to see what the problem was – fsck_ufs was running full tilt.

FreeBSD was checking the HD for errors after a forced reboot earlier in the day. So there was little free time for the RAID controller to rebuild.

Unfortunately the kill PID command was not working. Kill -9 PID also failed. I would have to reboot.

Edit this file to make sure this doesn’t happen again:

vi /etc/rc.conf
i
background_fsck="NO"
Escape
:wq!

Reboot. Now, due to the HD’s being run full tilt, we had to manually reboot the server. It might have worked out OK if we just left it after issuing the reboot command, but I’m not a patient man.

Linux, Miscellaneous

Image For Linux

Leave a comment

We’re using a utility called Image for Linux (IFL) to image systems (ghost/backup/whatever). It’s not free, but it’s not expensive either – and it works pretty well.

However, IFL uses nmblookup to connect to network shares. So, if you’re on a separate VLAN or network as your destination, you will not be able to find the storage device.

In my case I have a NAS on a 10.1.0.0/24 and the end users are on a 10.2.0.0/24 – with Layer 3 switches.

Boot off of IFL
Alt + F2
mkdir /mnt/share
/sbin/mount.cifs //servername_orip/sharename /mnt/share

Linux

Install Nagiosgraph

Leave a comment

Install NagiosGraph

First of all, this is running on Ubuntu 10.04.1 LTS x32. I installed Nagios 3.2.0 from the source packages (see another post on this site), and will be installing NagiosGraph 1.4.3. I’ve also installed Nagios-Plugins-1.4.15.

This will probably be a lot of writing, but in the end it was definitely worth my time.

Update System and Install SNMPD:

su root
apt-get install update
apt-get install upgrade
apt-get install snmpd
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.org
nano /etc/snmp/snmpd.conf
rocommunity public
syslocation “MyLocation”
syscontact email@domain.tld
Save and close
nano /etc/default/snmpd
Change From:
# snmpd options (use syslog, close stdin/out/err).
SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1′
To:
# snmpd options (use syslog, close stdin/out/err).
#SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1′
SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf’
Save and close
/etc/init.d/snmpd restart

Test SNMPD:

snmpwalk -v 1 -c public -O e IP_OF_YOUR_MACHINE
You can use Localhost (127.0.0.1) in lieu of another IP address

Download Required Files:

cd /home/nagios
wget http://voxel.dl.sourceforge.net/project/nagiosgraph/nagiosgraph/1.4.3/nagiosgraph-1.4.3.tar.gz
apt-get install rrdtool perl libcgi-pm-perl librrds-perl libgd-gd2-perl

Extract Required Files:

tar xzvf nagiosgraph-1.4.3.tar.gz
cd nagiosgraph-1.4.3

Copy Files:

mkdir /etc/nagiosgraph
cp etc/* /etc/nagiosgraph

Edit Perl Scripts With FilePath:

nano cgi/*.cgi lib/insert.pl
Find “use lib” line (definitely on the first page of text) and edit it to be /etc/nagiosgraph
Save all files

Continue Copying Files:

cp lib/insert.pl /usr/local/nagios/libexec
cp cgi/*.cgi /usr/local/nagios/sbin
cp share/nagiosgraph.css /usr/local/nagios/share
cp share/nagiosgraph.js /usr/local/nagios/share

Edit The Nagiosgraph.conf File:

nano /etc/nagiosgraph/nagiosgraph.conf
Set the following:
perflog = /var/nagios/perfdata.log
rrddir = /var/nagios/rrd
mapfile = /etc/nagiosgraph/map
nagiosgraphcgiurl = /nagios/cgi-bin
javascript = /nagios/nagiosgraph.js
stylesheet = /nagios/nagiosgraph.css
logfile = /var/log/nagiosgraph.log
cgilogfile = /var/log/nagiosgraph-cgi.log

Set Permissions For RRD Directory, Log Files, CGI Files:

mkdir /var/nagios/rrd
chown 777 /var/nagios
chown nagios /var/nagios/rrd
chmod 755 /var/nagios/rrd
touch /var/log/nagiosgraph.log
chown nagios /var/log/nagiosgraph.log
chmod 664 /var/log/nagiosgraph.log
touch /var/log/nagiosgraph-cgi.log
chown www-data /var/log/nagiosgraph-cgi.log
chmod 664 /var/log/nagiosgraph-cgi.log

Edit Nagios.cfg:

nano /usr/local/nagios/etc/nagios.cfg
process_performance_data=1
service_perfdata_file=/var/nagios/perfdata.log
service_perfdata_file_template=$LASTSERVICECHECK$||$HOSTNAME$||$SERVICEDESC$||$SERVICEOUTPUT$||$SERVICEPERFDATA$
service_perfdata_file_mode=a
service_perfdata_file_processing_interval=30
service_perfdata_file_processing_command=process-service-perfdata

Edit Commands.cfg (make sure this is enabled/correct):

nano /usr/local/nagios/etc/objects/commands.cfg
define command {
command_name process-service-perfdata
command_line /usr/local/nagios/libexec/insert.pl
}

Restart Nagios:

/etc/init.d/nagios restart

Edit Apache Configuration:

This was already done for me from the Nagios install, but just verify it’s correct.
nano /etc/apache2/conf.d/nagios.conf
ScriptAlias /nagios/cgi-bin /usr/local/nagios/sbin

# SSLRequireSSL
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName “Nagios Access”
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user

There should be more below this, so just leave that alone.

Restart Apache:

apache2ctl restart

Test Your Site:

http://server/nagios/cgi-bin/show.cgi

You shouldn’t get any errors. If you get a 500 internal error, the issue is with Apache. If you get a “no rrd data found” error, then the configuration of nagiosgraph is incorrect OR you haven’t waited long enough.

You can try to run the script directly:

cd /usr/local/nagios/libexec
./insert.pl

Then verify that there is some data in the RRD directory:
ls /var/nagios/rrd/

To get it to work with Windows Clients:

Edit the map file:
nano /etc/nagiosgraph/map
Add the following to the END of the file:
# Service type: memory
# check command: check_nt -H Address -v MEMUSE -w 50 -c 90
#output: Memory usage: tootal:2467.75 Mb – used: 510.38 Mb (21%) – free: 1957.37 Mb (79%)
/perfdata:Memory usage=([.0-9])+Mb;([.0-9+);([.0-9+);([.0-9+);([.0-9]+)/
and push @s, [ntmem,
[memused, GAUGE, $1*1024**2 ]
];
# Service type: ntload
# Check command: check_nt -H Address -v CPULOAD -l1,70,90,5,70,90,30,70,90
# output: CPU Load 9% (5 min average) 11% (30 min average)
#perfdata: ‘5 min avg Load’=9%;70;80;0;100 ’30 min avg Load’=11%;70;90;0;100
/output:.*?(\d+)% .*?(\d+)% /
and push @s, [ ntload,
[ avg05min, GAUGE, $1 ],
[avg30min, GAUGE, $2 ] ];
# Service type: ntdisk
# check command: check_nt -H Address -v USEDDISKSPACE -lc -w 75 -c 90
# output: c:\ – total: 25.87 Gb – used: 4.10 Gb (16%) – free 21.77 Gb (84%)
# perfdata: c:\ Used Space=4.10Gb;19.40;23.28;0.00;25.87
/perfdata:.*Space=([.0-9]+)Gb;([.0-9]+);([.0-9]+);([.0-9]+);([.0-9]+)/
and push @s, [ ntdisk,
[ diskused, GAUGE, $1*1024**3 ],
[ diskwarn, GAUGE, $2*1024**3 ],
[ diskcrit, GAUGE, $3*1024**3 ],
[ diskmaxi, GAUGE, $5*1024**3 ] ];

Save and close the file, then restart nagios (/etc/init.d/nagios restart)

***EDIT***
Updated – had “.conf” instead of “.cfg” under “edit nagios.cfg”
Added chmod 777 for /var/nagios to allow perfdata.log to be written

Linux

Add SNMP To Ubuntu

Leave a comment

I was trying to add an HP printer to the mix and the printer is trying to utilize the service “check_hpjd”. Unfortunately, on my Ubuntu installation, the plugin was not installed in /usr/local/nagios/libexec.

A short amount of research showed that I had failed to install the required SNMP tools to utilize this plugin. And, because I actually installed Nagios and the plugins from the source rather than binaries, the configuration and make checked to see if the required tools would be available before actually installing them.

Long story short, here’s what I ended up doing (apt-get install net-snmp does not work):
apt-get install libsnmp-base libsnmp-python libsnmp15-dbg libsnmp-dev libsnmp-perl libsnmp15 snmp snmpd tkmib

Edit the SNMPD configuration:
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.org
nano /etc/snmp/snmpd.conf

rocommunity public
syslocation “USA”
syscontact myemail@domain.tld
Save and Close

Edit the SNMPD Daemon:
nano /etc/default/snmpd

Change “SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1′”
To “SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'”

Restart the SNMPD service:
/etc/init.d/snmpd restart

Test the SNMP:
snmpwalk -v 1 -c public -O e host/IPaddress
You should get some sort of feedback

Linux, Microsoft

Add SSL To Apache2 Ubuntu

Leave a comment

This uses a Microsoft Certificate Authority. If you want a self-signed SSL, check the bottom of the post.

I needed to create a way for end users to go to a site (http://callmanager) and be able to login to their Cisco Callmanager page without receiving any certificate errors. Unfortunately the call manager device was named “imcm1”, and cisco won’t let me create a certificate for anything besides the device name. Our users were trained to use “callmanager” as the name. So I had two options:
1.) Re-Train employees to no longer use the easier to remember “callmanager” name
2.) Utilize an Ubuntu webserver to redirect the users where I want them to be
Obviously I chose the much harder route – well it’s harder technically, but… yes.

Using Ubuntu 10.04.1 LTS x32. I installed LAMP and SSH. This is on a domain (company.local) running windows 2003 and AD. There is a Certificate Authority installed on one of the domain controllers (2003 Enterprise). I use Putty and WinSCP.

Update Ubuntu:
I run everything as root. So su to root.
apt-get update
apt-get upgrade
apt-get dist-upgrade

Create the CSR:
mkdir /etc/apache2/ssl
cd /etc/apache2/ssl
openssl genrsa -out callmanager.key 1024
chmod 640 callmanager.key
openssl req -new -key callmanager.key -out callmanager.csr
Provide your information:

Country Name: US
State: IL
City: Chicago
Organization Name: Company
Organization Unit: IT
Common Name: FQDN_Here! I used “callmanager”, but you may be utilizing “callmanager.domain.local”
Email: blank
Challenge password: blank
Optional company: blank

Copy The Certificate To Your Certificate Authority:
cat callmanager.csr

Copy everything from “—–BEGIN CERTIFICATE REQUEST…” to “…END CERTIFICATE REQUEST—–”
Connect to your certificate authority: http://certificateserver/certsrv. My Win7 would not work with a 2003 Server CA so I had to run it local on the server (http://localhost/certsrv)
Click Request A Certificate
Click advanced certificate request
Choose the middle option (PKCS #10 or PKCS#7)
Paste what you copied above into the Saved Request area
Choose the certificate template “Webserver”
Click submit
Click Download certificate (DER encoding!)

Convert And Install The Certificate On Ubuntu:
Copy the .cer file (callmanager.cer) to your linux box in the /etc/apache2/ssl directory
chmod 640 callmanager.cer
openssl x509 -in callmanager.cer -inform d -out callmanager.pem
chmod 640 callmanager.pem

Edit Apache To Support SSL:
a2enmod ssl
apache2ctl restart
cp /etc/apache2/sites-available/default-ssl ../sites-enabled/
nano /etc/apache2/sites-enabled/default-ssl
Scroll down to “SSLCertificateFile /etc/ssl…”
Change the location to be /etc/apache2/ssl/callmanager.pem
Then, scroll down to “SSLCertificateKeyFile /etc/ssl…”
Change the location to be /etc/apache2/ssl/callmanager.key

Finish The Redirect:
Under the SSLCertificate edits, I added the following:
ServerName callmanager
Redirect permanent / https://imcm1/
Save the file
apache2ctl restart

Test! Works for me!

Create A Self-Signed Certificate:
Hopefully coming soon.