Computerglitch Research Project

Public IP

furiousrabbit — Wed, 18 Aug 2010 18:36:02 +0000

It seems as though every time I try to get my public IP address from a website I’m shown a slew of ads, messy formats and otherwise unattractive pages. I was looking for a VERY simple way get my public IP address added into a script I was creating and got frustrated with the options available.

I decided to create a very simplistic web page that cleanly displays IP addresses and also supports a back-end for displaying public addresses to the command line as needed. I also worked in a small proxy detector to test if the client is coming from a proxy and display what information it could gather from the client about the proxy.

I will be adding more one line commands to the page as I stumble across them, trying to keep the format of the commands as simple as possible.

My IP Address – Computerglitch Public IP Address Display

Port Relay With Relayd

furiousrabbit — Fri, 06 Aug 2010 14:19:03 +0000

I recently had a project where I needed to move an internal web server to the the external DMZ of the network. The setup originally was using PF to redirect all external connections to port 80 to the internal webserver on port 80. The decision was made to move the internal webserver to the external DMZ for security.

I had originally planned on setting up the new server in the DMZ giving it a public IP address, updating the DNS record and going happily about my business but I decided to try something a little different. OpenBSD has a very cool load balancing program named Relayd (which used to be called hoststated). It can be setup to forward, reverse, redirect or accelerate packets.

For my use I wanted Relayd to act as a tcp port relay and redirect all www packets bound for my public IP to be redirected to my webserver in the DMZ, you can see the traffic flow below:

internet –> relayd forward (box1) –> server (box2)

To achieve this I edited my /etc/relayd.conf as follows:

box1_addr=”10.1.1.2″
box1_port=”80″
box2_addr=”10.1.1.3″
box2_port=”80″

## TCP port relay and forwarder
#
protocol “tcp_service” {
tcp { nodelay, socket buffer 65536 }
}

relay “tcp_forwarder” {
listen on $box1_addr port $box1_port
protocol “tcp_service”
forward to $box2_addr port $box2_port
}

Once my /etc/relayd.conf setting was in place I started relayd with the following command:

relayd -f /etc/relayd.conf

Additionally to make sure Relayd starts at boot time I added the following to my /etc/rc.conf.local file:

relayd_flags=”"

And with that, all web traffic bound for my network is being successfully relayed to my external webserver in the DMZ, no changes to DNS were made.

References: http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&sektion=8&format=html | https://calomel.org/relayd.html | http://www.openbsd.org/cgi-bin/man.cgi?query=relayd.conf&sektion=5&format=html

Synergy

furiousrabbit — Wed, 14 Jul 2010 14:14:36 +0000

Many of the Synergy instructions I found were redundant and not to the point. I have a CentOS box and a Windows XP box I wanted to be able to easily switch between. Instead of using a KVM switch I decided to use Synergy to switch between two monitors (I do a lot of monitoring from my Linux box and like to be able to view my graphs and charts 24/7).

To setup Synergy I first installed it on CentOS:

# yum install synergy

You may need to install the RPMforge repository. Details on how to do this are here:
http://wiki.centos.org/AdditionalResources/Repositories/RPMForge

Once Synergy is installed you must configure it. First edit /etc/synergy.conf
For reference my systems are: xp=WindowsXP Box | despina=CentOS Box (replace xp and despina with your system names)

#vi /etc/synergy.conf

section: screens
xp:
despina:

end

section: links

xp:
right = despina

despina:
left = xp

end

This tells Synergy that to access my Windows XP system, move the mouse off the right side of the screen on my CentOS system.

To make Synergy start at bootup I added the following to my /etc/rc.local file:

# vi /etc/rc.local

#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don’t
# want to do the full Sys V style init stuff.

/usr/bin/synergyc -f xp &

This tells Synergy to connect to my Windows XP system at startup. I also wanted to have Synergy start at the very initial login page, to do that I had to do the following:

Edit /etc/gdm/Init/Default and add the following line at the very end but before exit 0 line:

/usr/bin/synergyc -f xp &

Now add the following to the very top (after the #!/bin/sh line) of the /etc/gdm/PreSession/Default file:

/usr/bin/synergyc -f xp &

Now to configure my Windows XP system. I simply downloaded and installed from http://synergy2.sourceforge.net/

Once it was installed I hit the Configure button and setup my screens like the following screenshot:

And that’s it. I can now move between systems simply by moving my mouse to the edge of the screen.

References: http://synergy2.sourceforge.net/ | http://wiki.centos.org/AdditionalResources/Repositories/RPMForge

Disk IO

furiousrabbit — Wed, 30 Jun 2010 14:45:13 +0000

I recently had some disk IO issues with ESXi using a iSCSI datastore for VM’s. The storage device was a Buffalo Tech Terastation IS Model TS-RIGL/R5 F/W 1.01. This storage device was being used to house our VM’s including our production email server.

We started noticing high loads on the email server and noted that the processes weren’t causing high CPU usage and the memory available was more than enough. Once we ran various tests and eliminated a CPU or memory bottleneck we turned to disk IO. We knew we went out on a limb using cheaper hardware for our storage but had no idea the IO would be this terrible.

A good test to see what kind of write speeds you are getting is to write a file to the disk in question such as:

# time dd if=/dev/zero of=testfile bs=8192 count=488281

This command will write a 4GB file named ‘testfile’ to the current location. A good write should come off looking something like this:

# time dd if=/dev/zero of=testfile bs=8192 count=488281
488281+0 records in
488281+0 records out
3999997952 bytes (4.0 GB) copied, 103.593 seconds, 38.6 MB/s

real 1m46.786s
user 0m0.197s
sys 0m7.446s

However when I ran this command against our Terastation I was getting the following results:

We have since moved off of the Terastations and are using them solely for backup storage. For backup storage these systems fit the bill perfectly (cheap large capacity, sacrificing disk IO). We moved our production VM’s to a Dell Powervault MD3000i and performance has improved 10 fold.

You get what you pay for.

Helpful links:
http://www.linux.com/archive/feature/131063
http://it.toolbox.com/blogs/database-soup/testing-disk-speed-the-dd-test-31069

Nagios NRPE on Solaris 8

furiousrabbit — Fri, 22 Jan 2010 17:33:43 +0000

First off I installed the nagios plugins on the Solaris server so all of the commands I would need to monitor the server with remotely would be available. The package I found worked was nagios-plugins-1.3.1_3-sol8-sparc-local.

Make sure you add the user and group “nagios” to the system before beginning.

With the package in hand I simply issued the following command on the Solaris server:

# pkgadd -d nagios-plugins-1.3.1_3-sol8-sparc-local

The following packages are available:
1 UVTngsplg nagios-plugins

The package installed all of the plugins to: /usr/local/lib/nagios/plugins

Once the nagios plugins were installed I began the NRPE installation. NRPE allows a remote server to receive commands from a Nagios server for monitoring. This allows you to monitor things like disk, cpu and memory usage remotely and setup alerts as needed. NRPE can be downloaded from the Nagios addon page.

Once the package is downloaded unzip the tarball:

# gzip -dc nrpe-2.12.tar.gz | tar xvf -

Next enter the directory and configure the source. When you configure the code you may get the following the error shown below:

# ./configure
….
checking for SSL headers… SSL headers found in /usr/local/ssl
checking for SSL libraries… configure: error: Cannot find ssl libraries

To fix this you will need to tell figure where to find the ssl libraries. In my case the libraries were located in: /usr/local/ssl/lib
The full command can be seen below:

# ./configure –with-ssl=/usr/local/ssl/lib
…
checking for SSL headers… SSL headers found in /usr/local/ssl
checking for SSL libraries… SSL libraries found in /usr/local/ssl/lib

*** Generating DH Parameters for SSL/TLS ***
Generating DH parameters, 512 bit long safe prime, generator 2
This is going to take a long time

Once the configure is complete it’s time to “make”. When I issued “make” I was getting the following error seen below.

# make
nrpe.c: In function `get_log_facility’:
nrpe.c:617: error: `LOG_AUTHPRIV’ undeclared (first use in this function)
nrpe.c:617: error: (Each undeclared identifier is reported only once
nrpe.c:617: error: for each function it appears in.)
nrpe.c:619: error: `LOG_FTP’ undeclared (first use in this function)
*** Error code 1
make: Fatal error: Command failed for target `nrpe’
Current working directory /tmp/nrpe-2.12/src
*** Error code 1
make: Fatal error: Command failed for target `all’

To fix this issue you need to edit the file in src/nrpe.c on lines 616-619 and replace them with the following:

else if(!strcmp(varvalue,”authpriv”))
log_facility=LOG_AUTH;
else if(!strcmp(varvalue,”ftp”))
log_facility=LOG_DAEMON;

Once you make this change you should be able to successfully “make”

# make
cd ./src/; make ; cd ..
gcc -g -O2 -I/usr/local/ssl/include/openssl -I/usr/local/ssl/include -DHAVE_CONFIG_H -o nrpe nrpe.c utils.c -L/usr/local/ssl/lib -lssl -lcrypto -lnsl -lsocket ./snprintf.o -liberty
gcc -g -O2 -I/usr/local/ssl/include/openssl -I/usr/local/ssl/include -DHAVE_CONFIG_H -o check_nrpe check_nrpe.c utils.c -L/usr/local/ssl/lib -lssl -lcrypto -lnsl -lsocket -liberty

*** Compile finished ***

Next, install the included nrpe.cfg sample config file to /usr/local/nagios/etc

# make install-daemon-config
./install-sh -c -m 775 -o nagios -g nagios -d /usr/local/nagios/etc
./install-sh -c -m 644 -o nagios -g nagios sample-config/nrpe.cfg /usr/local/nagios/etc

I edited the nrpe.cfg file to allow my Nagios server’s IP access. Replace 192.168.0.14 with the IP of your Nagios server. The line edited can be seen below:

# vi /usr/local/nagios/etc/nrpe.cfg

# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon.
#
# Note: The daemon only does rudimentary checking of the client’s IP
# address. I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port
# you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd

allowed_hosts=192.168.0.14

Next I copied the src/nrpe binary to the same directory as the ssl libraries /usr/local/ssl/lib. I did this so nrpe would have no problem finding the libraries it needed to start. I’m sure there are many other ways of doing this but this was the easiest for me.

# cp /tmp/nrpe-2.12/src/nrpe /usr/local/ssl/lib

Once the binary was copied I simply fired it from the /usr/local/ssl/lib directory and specified where my config file was:

# cd /usr/local/ssl/lib
# ./nrpe -c /usr/local/nagios/etc/nrpe.cfg -d

Now I have NRPE listening on my Solaris 8 server happily accepting commands from Nagios server for status monitoring. Some of the commands I’m issuing to monitor the status can be seen in the excerpt of my nrpe.cfg file below:

command[check_disk]=/usr/local/lib/nagios/plugins/check_disk -w 30% -c 20% -p /
command[check_disk_usr]=/usr/local/lib/nagios/plugins/check_disk -w 7% -c 6% -p /usr
command[check_disk_var]=/usr/local/lib/nagios/plugins/check_disk -w 20% -c 15% -p /var
command[check_disk_users]=/usr/local/lib/nagios/plugins/check_disk -w 9% -c 6% -p /users
command[check_disk_docs]=/usr/local/lib/nagios/plugins/check_disk -w 10% -c 5% -p /docs
command[check_disk_opt]=/usr/local/lib/nagios/plugins/check_disk -w 20% -c 10% -p /opt
command[check_disk_opt1]=/usr/local/lib/nagios/plugins/check_disk -w 20% -c 10% -p /opt1
command[check_memory]=/usr/local/lib/nagios/plugins/check_memory
command[check_cpu]=/usr/local/lib/nagios/plugins/check_cpu 35 25

Nagios Monitoring

furiousrabbit — Fri, 22 Jan 2010 17:33:27 +0000

I use Nagios at work to monitor all of my critical production servers. We have a older Solaris 8 SPARC server that quietly sits handling database queries using Informix. Most of the time this server never needs to be touched but recently it has had some performance issues. Once we discovered the problem I decided to also add it to the pool of servers Nagios monitors. Needless to say, monitoring Solaris 8 with Nagios had its challenges to get setup.

I wrote up a detailed paper explaining the process and how to get around some of the problems I encountered while trying to get NRPE to play nicely with Solaris 8.

My Setup

furiousrabbit — Wed, 16 Dec 2009 21:53:28 +0000

I changed a couple of things around on my work setup I thought I’d share. First of all I moved to Fluxbox as my windowmanager on my Linux box. Fluxbox is lightweight, highly customizable and since I’m usually using a terminal to get things done it fits the bill perfect. I’m using conky as a lightweight system monitor to keep tabs on things like CPU usage, memory usage, network load, etc.

Below you can see my current Linux desktop. Conky is running on the bottom left of the screen with my customizations. My .conkyrc file can be found here.

As you can see I’m using two programs with conky. One to check my gmail account and another to check the current weather conditions. The perl script I’m using to check gmail can be found here. To keep up with local weather conditions I’m using a script that can be found here.

I also replaced my KVM setup in favor of having another monitor and using synergy to hop between systems. I’ll be writing a short paper on configuring synergy with a Linux and Windows system in the near future.

Kickstart Installations

furiousrabbit — Wed, 09 Dec 2009 14:51:24 +0000

This is a small paper on setting up a Kickstart server. I used CentOS in this paper. A quick over view on Kickstart installations can be found here: Kickstart Installation

First configure a NFS server that will store your Kickstart configuration files, and the install ISO’s. This is what my /etc/exports file looks like:

/kicks/ *(rw,sync)
/nfs-shares/CentOS_5.3_i386 *(ro,no_root_squash)

The /kicks/ directory stores the kickstart configuration.
The /nfs-shares/CentOS_5.3_i386 stores the install ISO’s.

This is an example of my ks.cfg file for Kickstart installation, this is a very simple configuration. Many more options can be configured as can be seen here: Kickstart Options

Example ks.cfg stored in /kicks/ks.cfg:

# Kickstart file automatically generated by anaconda.
install
nfs –server=nfs-serve.mydomain.com –dir=/nfs-shares/CentOS_5.3_i386
lang en_US.UTF-8
keyboard us
xconfig –startxonboot
network –device eth0 –bootproto dhcp –hostname station.mydomain.com
rootpw –iscrypted $KxSiDWLjnyp10lqty$
firewall –enabled –port=22:tcp
authconfig –enableshadow –enablemd5
selinux –enforcing
timezone –utc America/New_York
bootloader –location=mbr –driveorder=sda –append=”rhgb quiet”
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
clearpart –all –drives=sda
part /boot –fstype ext3 –size=100 –ondisk=sda
part pv.2 –size=0 –grow –ondisk=sda
volgroup VolGroup00 –pesize=32768 pv.2
logvol swap –fstype swap –name=LogVol01 –vgname=VolGroup00 –size=256 –grow –maxsize=512
logvol / –fstype ext3 –name=LogVol00 –vgname=VolGroup00 –size=1024 –grow
%packages
@development-libs
@editors
@text-internet
@gnome-desktop
@dialup
@core
@base
@ftp-server
@network-server
@base-x
@web-server
@smb-server
@mail-server
@server-cfg
@admin-tools
@development-tools
kexec-tools
bridge-utils
device-mapper-multipath
vnc-server
xorg-x11-server-Xnest
xorg-x11-server-Xvfb
imake
-sysreport

Next I’ll boot the system to be kickstarted with the netinstall.iso for the CentOS 5.3 distro. (CentOS-5.3-i386-netinstall.iso)

Once the system is booted from the netinstall ISO enter the following a the boot prompt to begin the Kickstart installation.

linux ks=nfs:192.168.4.17:/kicks/ks.cfg

(replace 192.168.4.17 with your NFS server)

Sit back and enjoy the automated installation.

Reverse Shell

furiousrabbit — Tue, 08 Dec 2009 18:04:00 +0000

I was recently researching a simple way to create a reverse shell on a remote machine without having to install any additional tools. A general overview of what a reverse shell is may be in order, this page explains the process: http://www.plenz.com/reverseshell

While researching I stumbled upon a great discussion on various methods for doing this. My goal was to start a listener on my system using netcat, then connect to the remote system and establish a reverse shell to my system without using any installed tools on the remote system.

The discussion on the subject can be seen here: http://www.gnucitizen.org/blog/reverse-shell-with-bash/. As you can see many interesting ways of achieving this goal have been posted.

The method I ended up using can be seen in the screenshot below.

On the right you see I started netcat on my machine “despina” listening on port 8181. On the left I connect to the remote machine “backup” with an IP of 192.168.4.10. Once I’m on the remote machine I connect back to my machine “despina” using the bash command on the left. Once the command is executed I’m immediately greeted with a shell on my machine.

Observing

furiousrabbit — Mon, 30 Nov 2009 16:50:57 +0000

I had a client that needed to monitor multiple computers at the same time from one central location. Cost was a issue, so I started to research ways to do this “on the cheap”.

The first thing I stumbled upon was SmartCode VNC Manager. This looked like a nice product but was cost prohibitive. Digging further I found a project that was started by a teacher for his students computer lab. The projects website is http://thetechnologyteacher.wordpress.com/vncthumbnailviewer/. Once I got VNC installed on all of the client computers, setting up VncThumbnailViewer on the monitoring computer was simple.

Below is a screen shot of the thumbnail viewer with six workstations active and a example of the simple configuration file that can be used to load multiple workstations quickly.

If you’re looking for a cheap alternative to monitor multiple workstations from one central system I’d recommend giving this project a try.