Archive - Scripting RSS Feed

GeoIP CSV to Bind ACL

June 1, 2011 in DNS, Scripting with 0 Comments

Simple perl script for converting a GeoIP CSV file (latest version) to Bind ACL definitions.

#!/usr/bin/perl
 
use strict;
use warnings;
 
use Net::CIDR::Lite;
 
# Get files
my $infile  = $ARGV[0];
my $outfile = $ARGV[1];
 
# Open infile for reading
open(FILE, '<', $infile);
 
# Define iplist array
my %iplist;
 
# Loop infile
while(<FILE>) {
        # Set start, end and country variables
        my @line = split(/\"/, $_);
        my $start_ip = $line[1];
        my $end_ip   = $line[3];
        my $country  = $line[9];
 
        # Use the CIDR class to get networks in the range
        my $cidr = Net::CIDR::Lite->new;
        $cidr->add_range("$start_ip-$end_ip");
        my @networks = $cidr->list;
 
        # Put networks in the iplist array
        foreach(@networks) {
                $iplist{$country} .= "\t" . $_ . ';' . "\n";
        }
}
 
# Close the infile file handle
close FILE;
 
# Open outfile for writing
open(FILE, '>', $outfile);
 
# Loop iplist array
foreach my $country (sort keys %iplist) {
        # Write to outfile
        print FILE 'acl "' . $country . '" {' . "\n";
        print FILE $iplist{$country};
        print FILE '};' . "\n";
}
 
# Close the outfile file handle
close FILE;
 
# We're done

Simple usage:

$ ./geoip.pl GeoIPCountryWhois.csv countries.acl

You’ll need the Net::CIDR::Lite extension for Perl, in Debian/Ubuntu the package is called libnet-cidr-lite-perl.

Using Notifo with Nagios

March 24, 2011 in Monitoring, Scripting with 5 Comments

Notifo is a great service for sending notifications, in this case to a phone using the mobile app.

To use Notifo with Nagios there’s two solutions. The first (and the easiest one), is to configure Nagios to send emails to the email address provided by Notify. The other (and the one described here), is to configure Nagios to execute a scripts that sends a POST request to the Notifo API.

I’ll asume that you have a working Nagios setup, a Notify account, the client installed and configured on your phone, and your Notifo API key handy.

Lets start by adding two commands to the Nagios configuration, depending on your setup this can be done in many places. If there’s a commands.cfg file present that’s probably a good place to put it. Open the file and add the following:

define command {
    command_name    notify-host-by-notifo
    command_line    /usr/bin/perl /usr/local/bin/notifo -username="$_CONTACTNOTIFO_USERNAME$" -apikey="$_CONTACTNOTIFO_APIKEY$" -title="Host" -msg="$HOSTNAME$ $HOSTSTATE$ '$HOSTOUTPUT$'"
}

define command {
    command_name    notify-service-by-notifo
    command_line    /usr/bin/perl /usr/local/bin/notifo -username="$_CONTACTNOTIFO_USERNAME$" -apikey="$_CONTACTNOTIFO_APIKEY$" -title="Service" -msg="$HOSTNAME$ $SERVICEDESC$ $SERVICESTATE$ '$SERVICEOUTPUT$'"
}

Then find the file containing the contact you want to use, and add the Notify username and password. Also modify the host and service notification commands. The result should be something like this:

define contact {
    contact_name                    admin
    alias                           Administrator
    service_notification_period     24x7
    host_notification_period        24x7
    service_notification_options    w,u,c,r
    host_notification_options       d,r
    service_notification_commands   notify-service-by-email,notify-service-by-notifo
    host_notification_commands      notify-host-by-email,notify-host-by-notifo
    email                           <EMAIL>
    _notifo_username                <USERNAME>
    _notifo_apikey                  <APIKEY>
}

Of course, make sure you use your own name, email and Notifo credentials.

Then save the following script as /usr/local/bin/notifo (or whatever you want, make sure it’s the same path as the one configured above).

#!/usr/bin/perl
 
use strict;
use warnings;
 
use HTTP::Request::Common qw(POST);
use LWP::UserAgent;
use Getopt::Long;
 
# Get options
my %options = ();
GetOptions(\%options, 'username=s', 'apikey=s', 'title=s', 'msg=s');
 
# URL encode msg
$options{'msg'} =~ s/([^A-Za-z0-9])/sprintf("%%%02X", ord($1))/seg;
 
# The request
my $req = POST 'https://api.notifo.com/v1/send_notification',
	[ 'msg' => $options{'msg'}, 'label' => 'Nagios', 'title' => $options{'title'} ];
 
# Add auth to the request
$req->authorization_basic($options{'username'}, $options{'apikey'});
 
# Do it
my $ua = LWP::UserAgent->new;
$ua->request($req);

Make the script executable.

# chmod +x /usr/local/bin/notifo

Try the script to make sure it works.

# /usr/bin/perl /usr/local/bin/notifo -username=<USERNAME> -apikey=<APIKEY> -title=Test -msg=Test

Reload Nagios, depending on your configuration this can be done in many ways, usually it’s the following command.

# /etc/init.d/nagios3 restart

That’s it.


Now, when something goes wrong, you’ll be notified immediately.

rsnapshot and mysqldump

December 17, 2010 in Backup, Scripting with 0 Comments

rsnapshot is a nifty little perl script for managing rsync backups in an easy way. rsync is great for backing up almost everything, but MySQL databases is an exception, since the files could get corrupted if data is not flushed and locked prior to backup.

To use mysqldump with rsnapshot the following script can be placed on the target machine (the machine being backed up). The script can of course be modified to use mysqlhotcopy instead of mysqldump, the principle is still the same.

#!/bin/bash
 
PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
 
backupdir="/tmp/mysqldump"
 
if [ ! -d $backupdir ]; then
        mkdir -p $backupdir
fi
 
chmod -R 700 $backupdir
 
case $1 in
        run)
                for db in `mysql --defaults-file=.my.cnf -e 'show databases' |tr -d '| ' |grep -v 'Database' |grep -v 'information_schema'`; do
                        mysqldump --defaults-file=.my.cnf $db |gzip > $backupdir/$db.sql.gz
                done
        ;;
 
        clean)
                rm -f $backupdir/*.sql.gz
        ;;
esac

A .my.cnf file also needs to be created on the target machine in the home folder of the backup user (probably root), with the following content. This is because we dont wont to pass the password as a command line argument (visible to other users).

[client]
user=root
password=<password>

Then use the following configuration for rsnapshot.

backup_script   /usr/bin/ssh root@example.com "/root/backup.sh run"   unused0/
backup          root@example.com:/tmp/mysqldump/                      example.com/
backup_script   /usr/bin/ssh root@example.com "/root/backup.sh clean" unused1/

This assumes that SSH key authentication is already configured. Adjust path and user names accordingly.

Optimizing Mac OS X for SSD drives

August 27, 2010 in Other software, Scripting with 63 Comments

Updated for Lion 2011-07-21

SSD drives are very good speed wise. If you have the money, upgrading from a regular hard drives makes a world of difference. There are however some drawbacks compared to spinning hard drives, mainly the limit on how many writes you can do before things get ugly. For most users, this isn’t a problem. But it doesn’t hurt to take some steps to minimize the disk writes.

These tweaks are for Mac OS X 10.6 (Snow Leopard) and 10.7 (Lion) and mainly for laptop users.

1. Sleeping mode
By default, when closing the lid on a MacBook, the content of the ram is saved to disk for safety. The ram is still powered on however, and is used when starting up again. The content saved on disk is only used in case of a power loss. This behavior can be changed, at the cost of some safety, so that memory content is not saved to disk. On the bright side, you also save some disk space (equal to the amount of your RAM).

We can start by checking the current setting, fire up Terminal.app and type the following.

$ sudo pmset -g | grep hibernatemode
hibernatemode	3

3 is the default mode, we want to change this to 0 to disable disk writes.

$ sudo pmset -a hibernatemode 0

Now we can remove the old sleepimage.

$ sudo rm /var/vm/sleepimage

macworld.com has more information on this.

2. Hard drive sleep
Putting SSD hard drives to sleep has no benefit, and some SSD drives has a history of freezing up when put to sleep. This can be disabled under System Preferences -> Energy Saver. Remember to disable it for both Battery and Power Adapter mode.

3. Sudden motion sensor
Having the Sudden motion sensor enabled for a SSD drive makes no sense, this can be disabled with the following command.

$ sudo pmset -a sms 0

4. Enable noatime for SSD filesystems
Every time a file is accessed its access time is modified to reflect it. This can be disabled to save additional writes. To do this for the local filesystem create the file /Library/LaunchDaemons/com.noatime.root.plist with the following content.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>Label</key>
        <string>com.noatime.root</string>
        <key>ProgramArguments</key>
        <array>
            <string>mount</string>
            <string>-uwo</string>
            <string>noatime</string>
            <string>/</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
    </dict>
</plist>

This will execute mount -uwo noatime / upon system startup, remounting the root filesystem with the noatime option. This can be verified after a reboot with the following command.

$ mount |grep noatime
/dev/disk0s2 on / (hfs, local, journaled, noatime)

Note on FileVault: The instructions below are for legacy FileVault only. FileVault 2 users (Lion) doesn’t have to do anything special except the instructions above. Please see Apple article HT4790 on how to upgrade from legacy FileVault to FileVault 2.

For FileVault users as myself it seems to be a little bit trickier. The FileVault filesystem can’t be remounted at startup, since it’s not mounted until the user logs in. We can however create a script and a login hook to be run at login.

Lets start by creating a script called /usr/local/bin/remount_noatime with the following content.

#!/bin/bash
/sbin/mount -uwo noatime /Users/$1

$1 will contain the username when the script is run. Make it executable and create the login hook.

$ sudo chmod +x /usr/local/bin/remount_noatime
$ sudo defaults write com.apple.loginwindow LoginHook /usr/local/bin/remount_noatime

The script is now run with root privileges when a user logs in.

5. Disable Spotlight
If you’re not using Spotlight you should consider disabling it by running this command.

$ sudo mdutil -a -i off

I’ve been using the above settings (except #5) for about 6 months now without any issues.

Private WP suite WordPress plugin

March 4, 2010 in Scripting with 0 Comments

My second WordPress plugin is finished, more info can be found in the links below.

http://poller.se/code/wordpress-plugins/#private-wp-suite
http://wordpress.org/extend/plugins/private-wp-suite/

Page 1 of 3123»