Monday, 26 November 2007

Checking your round-robin DNS with nagios

Nagios comes with a plugin, check_dns, that allows you to perform DNS-based checks. It is really useful to check that your DNS server is responding and, with option switch "-a", that it is providing the expected IP address to specified queries.
$ ./check_dns -H -a
DNS OK: 0.157 seconds response time. returns|time=0.157327s;;;0.000000
If your host name has more than one IP address associated with it - no problem -, just add it to the command line. For example:
./check_dns -H -a,
DNS OK: 0.157 seconds response time. returns,|time=0.157327s;;;0.000000
However, if your host name is using a round-robin DNS configuration you can't predict the response reliably. Try, for instance.
$ dig
;; ANSWER SECTION: 230 IN A 230 IN A 230 IN A

Then check_dns will only work 1/3 of the time:
./check_dns -H -a,,
DNS OK: 0.035 seconds response time. returns,,|time=0.035388s;;;0.000000
The other 2/3 you will see:
$ ./check_dns -H -a,,
DNS CRITICAL - expected ',,' but got ',,'
I thought that really sucked because it stopped me from using this very nice feature of check_dns. So I patched check_dns.c in Nagios Plugins 1.4.10 to include the command line option "-o". When you specify this option, check_dns will sort the DNS response so you can still use -a.
$ ./check_dns -H -o -a,,
DNS OK: 0.112 seconds response time. returns,,|time=0.111538s;;;0.000000
I've sent the patch to the Nagios developers list - hopefully it will get incorporated into future releases. If not, you can download the patch here and the patched source here.

Wednesday, 21 November 2007

"Bad user" on Solaris 10 crontab

An account used for an application could not run its cron jobs. In /var/cron/log all I could see was:

! bad user (wondapp) Tue Nov 13 03:23:00 2007

I checked /etc/cron.allow (which didn't exist) and the user's shell in /etc/passwd but the problem turned out to be in /etc/shadow. The user was listed as:


This was because a password was never set for it. I just edited it to read:


Which still doesn't make a valid password but doesn't lock-out the account either. Cron jobs for wondapp work now.

Monday, 12 November 2007

Nagios check_http SSL check

Nagios plugin check_http has a -C option that allows you to be warned when the SSL certificate is about to expire. It always annoyed me, however, that the expiry date was printed in crazy-ass US date format (which doesn't make any sense).

I've altered the source code so that it prints the expiry date in human readable format.

The changes were made to file plugins_sslutils.c. You can download a patch for version 1.4.10 here. Or just download the changed file; it might work for other versions too.

Friday, 12 October 2007


Error says: "You cannot open two documents with the same name, even if the documents are in different folders."

Wednesday, 26 September 2007

Mongrel on Solaris 10, no C compiler

I've installed Coolstack's Ruby package and some gems on a T2000 box, including Mongrel and its dependencies. However, when I tried to start Mongrel it failed with an error:
in `require__': no such file to load -- http11 (LoadError)
It took me a while to figure-out what was wrong because `gem install mongrel' shows a false success message:
Successfully installed mongrel, version 1.0.1

Searching around, some threads pointed to a problem with rbconfig.rb, but this was not my problem; there was a library missing:

# ls -al
/opt/coolstack/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/ No such file or directory
This box doesn't have make, a C compiler or other build tools so, obviously, the installation wasn't able to create I just wish it had failed instead of giving me false hope.

I got around it by building it on another machine with the same architecture (sparc, in my case) and compiling tools:
  1. Copy to your build host the directory /opt/coolstack/lib/ruby/gems/1.8/gems/mongrel-1.0.1/ext/http11
  2. To the same destination, copy /opt/coolstack/lib/ruby/1.8/sparc-solaris2.10/*.h and /opt/coolstack/lib/
  3. On the build host, under the http11 directory, run `make'.
  4. You should now have a on the build host. Copy it to the original machine under /opt/coolstack/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib
Another option, if you have root access to the build host, is simpy installing mongrel over there and then copying the library over to the other host. YMMV.

This guy has a neat guide to installing Mongrel on a shared host. It may also help you. G'luck.

Friday, 7 September 2007

Foundry: the unhelpful company

I don't know why some companies insist on requiring logins to download user manuals for their products. What good is the manual of a ServerIron XL to me if I don't own an appliance or am not planning to buy one?

This is what you get from Foundry if you, like me, try to quickly study their equipment in order to do some network planning:
Thank you for registering for the Foundry KP. Unfortunately we are unable to complete your registration at this time. A valid support contract is required to access this valuable tool and our records indicate that your contract has expired. If this is a mistake please notify us as soon as possible to have the issue corrected.

We value you as a customer and as such we will notify your local account team and they will be contacting you shortly regarding obtaining a new support contract for your systems.
That translates to: give us more money or else we don't really care about you - we're just saying that because it sounds nice.

In time: my company does own Foundry appliances. Even if I knew where to get all the information they are requesting me, you still have to wait up to 48 hours for an account. In this day and age it is absolutely pathetic.

[UPDATE 10h53]: even if a company is unhelpful I'm glad to see there are helpful people within it. David White, systems engineering manager, was kind enough to send me the manual I needed. Thanks.

Wednesday, 29 August 2007

CruiseControl as a windows service

CruiseControl 2.7 comes with a wrapper that enables it to run as a native windows service. However, the default configuration does not start the web HTTP service, only the JMX stuff.

To enable it just edit the existing wrapper.conf in your CruiseControl install directory (C:\Program Files\CruiseControl\wrapper.conf) and add the following lines just below the similar ones:

Change 8080 to whatever port you want CC's web server to listen.

Thursday, 23 August 2007

Specifying MySQL port on MediaWiki

MySQL listens on port 3306/tcp by default. MediaWiki's 1.7.1 configuration is a bit misleading when it comes to specifying the database port. This excerpt is from LocalSettings.php:
$wgdBserver = "localhost";
$wgDBname = "mw0";
$wgDBuser = "my_user";
$wgDBpassword = "my_pass";
$wgDBprefix = "mw_";
$wgDBtype = "mysql";
$wgDBport = "3308"; // <--- DOES NOT work for MySQL
The value in $wgBDport is only used with PostgreSQL. To specify a MySQL connection port different than 3306, use the syntax server:port on $wgdbServer. For instance:
$wgdBserver = "localhost:3308";
BUT! there's another catch: when the server is defined to "localhost", MySQL will default to connecting via socket. If you are changing the port in hopes of getting WikiMedia to connect to another running instance of MySQL, chances are that it will still connect to the "default" one. To force a TCP connection use the loopback IP address instead of "localhost":
$wgdBserver = "";
It took me nearly an hour to figure this bitch out so please say thank you if it works for you.

[Update 24/08/2007]: on Solaris my trick didn't work. To fix it, I had to add the following line to LocalSettings.php:
ini_set("mysql.default_socket", "/tmp/mysql5.sock");
Adjust the path to the location where your MySQL writes the socket and off you go!

Saturday, 21 July 2007

Recording TV programs

With my new nVidia card installed I can now actually watch the videos I record. Capturing DVB-T streams is as easy as reading from /dev/dvb/adapter0/dvr0, at least with my CX23880 DVB card (cx88_dvb kernel module).

My next obstacle was finding a good scheduler. I tried DVR (Ubuntu's Feisty binary core dumps every time) and MythTV (can't get it to scan channels). Out of frustration I wrote an ugly hack to schedule and record some programs. I call it ("tive" is a pun on Tivo, but only works in Portuguese):

function usage() {
echo Missing parameters.
echo Usage:
echo $0 '"starting date/time" "seconds to record" "channel name"'

TZAP='tzap -r'

if [ -z "$WHEN" ]; then

at $WHEN >> __EOP__
# Sometimes /dev/dvb/adapter0/dvr0 "locks-up". Uncommenting the lines
# below will force the driver to be reloaded, thus ensuring that the
# device can be read.
#sudo /sbin/rmmod cx88-dvb cx8802 cx88xx cx88_vp3054_i2c
#sudo /sbin/modprobe cx88-dvb

$TZAP "$CHAN" > /dev/null 2>&1 &

echo tzap running under pid $PIDTZAP
cat $DVB > "$CHAN$WHEN.mpeg" &
echo Channel $CHAN being recorded under pid \$PIDCAT
echo Sleeping for $DURATION seconds
echo Stopping recording
kill \$PIDCAT
echo Stopping tzap
kill \$PIDTZAP
echo Finished

Say I want to record The Simpsons. I run

$ ./ "18:00 30.07.07" 2000 "TEN Digital"
warning: commands will be executed using /bin/sh
job 26 at Mon Jul 30 18:00:00 2007

The first parameter, "18:00 30.07.07", will be passed to at directly. The second, 2000, is how long to record for, around 33 minutes (probably not enough for TEN's crappy time-keeping). Finally, "TEN Digital" is the name of the channel, as expected by tzap and listed in ~/.tzap/channels.conf.

Some programs, The Simpsons included, are on 3:4 format, however the DVB-T stream is on 16:9 format (I don't know if this is always true). This causes the video to be captured with a pair of black bars on its side, which is annoying because it wastes space on your screen and hard-disk. One solution is to use mencoder to crop the video; I've put the (long) command in

if [ -z "$1" ]; then
echo Usage
echo $0 INPUT_FILE
echo File Cropped-INPUT_FILE will be created in the same path.

# Uncomment to preview cropped video
#mplayer -vf rectangle=530:576:95:0 "$1"

mencoder -msglevel all=4 -of mpeg -mpegopts format=dvd \
-srate 48000 -ofps 25 -ovc lavc -oac lavc -lavcopts \
keyint=15 -vf crop=530:576:95:0 "$1" -o Cropped-"$1"

Only one task remains: ad removal. I was hoping to use MythTV's commercials remover but at this point I was already quite frustrated with it so I went around looking for a video editing tool. And boy, did I try a lot of them - Lives seemed to be able to do what I wanted but it was unbearably slow for the big (~2-3Gb) mpeg files.

It took me a lot of time to finally find GOPDIT which, by the way, has Ubuntu binaries, works fine and fast. It is a bit hard to reach the right cut position because the scroller skips too much and the "go back frame" button stops working after a few clicks. However, given this was the only app I could find that did what I wanted, I was more than happy to donate some money to the author.

Friday, 20 July 2007

ATI driver (fglrx) on Ubuntu Linux

It was a fruitless 3-day battle: I could not get the ATI RV370 (Radeon X300) on my desktop Dell to work with Xorg. I tried the pre-packaged fglrx driver, I tried rebuilding it with modules-assistant, I tried installing the latest version from ATI's support site.

The kernel module would load fine but X would core dump after initialising the driver, DRI could not be enabled or X would freeze whenever any OpenGL application was run. I went through heaps of support forums and saw many users having similar problems.

In the end I got myself a nVidia 7300LE and, let me tell you, it was the best $AU70 I have ever spent. I simply wanted to be able to watch DVB-T on my computer, so this low-end card was more than enough.

The installation was effortless and it worked on the first try, even with "Composite" enabled; it's true that it didn't update the device description on xorg.conf but I did that manually just to be neat.

I should have given up on ATI years ago after my all-in-wonder died on me shortly after a year.

Friday, 22 June 2007

Power button event on gnome

On my Debian etch, I configured gnome-power-manager to ask me what to do when the power button is pressed. However, when I did, I could see the GPM prompt followed by the system immediately shutting down.

This is caused by the script /etc/acpi/, which, I believe, was written to work with KDE. I have changed mine to look like this:

# /etc/acpi/
# Initiates a shutdown when the power putton has been
# pressed.

# If powersaved is running, let it process the acpi event
if pidof powersaved; then
exit 0

# Commented-out the following line
#if ps -Af | grep -q '[k]desktop' && test -f /usr/bin/dcop

if ps -Af | grep -q 'gnome-power-manager'
# Commented-out the following line and added "exit 0"
# dcop --all-sessions --all-users ksmserver ksmserver logout 0 2 0 &amp;& exit 0

exit 0
/sbin/shutdown -h now "Power button pressed"
Quick-and-dirty, but it works. Maybe I should be running powersaved but I couldn't bother.

Brightness control on notebooks

# cat /proc/acpi/video/VGA/LCD/brightness
levels: 100 37 12 25 37 50 62 75 87 100
current: 50

# echo "any of the above numbers" > /proc/acpi/video/VGA/LCD/brightness
/proc/acpi/video/VGA/LCD/brightness does not exist? Try:
# modprobe video
To load automatically:
# echo video >> /etc/modules
Works on my Dell Inspiron 1501 running Debian Etch (kernel 2.6.18-4-k7).

Wednesday, 13 June 2007

Network UPS Tools

A while ago I ranted about the installation of APC's Powerchute Network Shutdown for Linux. While I got it working, the 60Mb+ of memory footprint used by the Java VM always seemed ridiculous to me, specially for a daemon that doesn't do much more than wait for a shutdown command.

Today I needed those 67Mb of RAM because the kernel on an old-timer began oomkill'ing my processes. A quick search yielded NUT, that works just fine with the Network Management card of Smart-UPS 3000, using the SNMP module.

Here's what I did on the Debian machine.

1. Install packages nut and nut-snmp
# aptitude install nut nut-snmp
2. Create /etc/nut/ups.conf:
driver = snmp-ups
port = apc1.mydomain
desc = "APC1 UPS Network Management Card"
Notice that "port" is the hostname or IP of your APC network card.

3. Start the UPS driver to see if it is working:
# upsdrvctl start

Network UPS Tools - UPS driver controller 2.0.4
Network UPS Tools - Multi-MIBS SNMP UPS driver 0.41 (2.0.4)
Warning: This is an experimental driver.
Some features may not function correctly.

detected Smart-UPS 3000 RM on host apc1.mydomain
4. Create an empty upsd.users file for now:
 echo "" > /etc/nut/upsd.users
5. Create upsd.conf:
ACL all
ACL localhost

ACCEPT localhost
6. Start the server:
# upsd
Network UPS Tools upsd 1.5.12
Connected to UPS [apc1]: snmp-ups-apc1.mydomain
7. Run the upsc utility to test the daemon:
# upsc apc1@localhost ups.status
TRIM # OBS: Should have been "OL" but it seems Energy Australia wasn't cooperating.

# upsc apc1@localhost
battery.charge: 100.0
battery.charge.low: 120
battery.charge.restart: 30
battery.runtime: 840.0 snmp-ups
driver.parameter.mibs: apcc
driver.version: 2.0.4
driver.version.internal: 0.41
input.frequency: 050.0
input.sensitivity: 4
input.transfer.high: 253
input.transfer.low: 208
input.voltage: 250.0
output.current: 000.0
output.voltage: 221.0 230
ups.delay.shutdown: 180
ups.delay.start: 0
ups.firmware: 666.6.I
ups.load: 042.0
ups.mfr: APC 09/26/06
ups.model: Smart-UPS 3000 RM
ups.serial: JS0640013695
ups.status: TRIM
ups.temperature: 025.0
ups.test.result: 1
8. At this point it seems that all is working fine. Edit the upsd.users file:
password = mypass
allowfrom = localhost
upsmon master
9. Edit your upsmon.conf file and remember to set a MONITOR line:
MONITOR apc1@localhost 1 monuser mypass master
Check the examples for the other configuration directives.

10. Restart using the init script to make sure:
# /etc/init.d/ups-monitor restart
Restarting Network UPS Tools: upsdrvctl upsdrvctl upsd upsmon.
Check that the processes are running:
# ps auwx | grep ups
nut 22030 0.0 3.6 4540 2260 ? Ss 16:19 0:00 /lib/nut/snmp-ups -a apc1
nut 22032 0.0 1.1 1732 728 ? Ss 16:19 0:00 /sbin/upsd
root 22034 0.0 1.1 1724 680 ? Ss 16:19 0:00 /sbin/upsmon
nut 22035 0.0 1.2 1724 736 ? S 16:19 0:00 /sbin/upsmon
Have a look at the log files; they should look similar to:
# tail /var/log/syslog
Jun 13 15:52:08 localhost snmp-ups[22030]: Startup successful
Jun 13 15:52:08 localhost upsd[22031]: Connected to UPS [apc1]: snmp-ups-apc1.mydomain
Jun 13 15:52:08 localhost upsd[22032]: Startup successful
Jun 13 15:52:08 localhost upsmon[22034]: Startup successful
Jun 13 15:52:08 localhost upsd[22032]: Connection from
Jun 13 15:52:08 localhost upsd[22032]: Client monuser@ logged into UPS [apc1]
If that didn't work, have a look at your /etc/default/nut file - make sure the "START_" variables are set to yes.

I managed to get it running using NUT's install instructions. These are the basic things to get it running; I recommend reading the rest of the documentation to finish your set-up.

Wednesday, 30 May 2007

Synctoy: path too long problem

The error message goes something like this: "The path is too long after being fully qualified".

If you can't rename your folders or map a network drive to shorten the path, FORGET IT. This problem has been around for years and still hasn't been fixed. It will most likely never be fixed.

A couple of alternatives from the top of my head: rsync and robocopy. Here:

cwRsync download.
Robocopy download.
Rsync howto and alternatives.

They are not as cute as Synctoy but, on the other hand, they are not toys and will get the job done.

Monday, 7 May 2007

APC UPS shutdown client

UPDATE 24/06/07: installing APC java UPS client on Linux? Have a look at NUT first.

Vendor support for Linux gets better everyday but sometimes they miss the point. I'm happier they do a somewhat sloppy job than not do it at all but there is room for improvement.

Case in point: APC's Powerchute Network Shutdown for Linux 2.2.1. For a daemon whose only job is listening for a "power will be out soon" notice and shutting down the machine, this implementation based on Java is a resource hog.

Many admins will try to install the application via remote console and puzzle at the enigmatic error message:
$ sudo ./pcns221lnx.bin
Preparing wizard...
Searching for JVM...
Starting the wizard...
Exception in main class "JExpressLoader"

See errors.log for other possible causes.out of disk space?
The log file doesn't help in figuring out that you need X to install the application. On Debian, install the xbase-clients packages and its dependencies; do the same for package sun-java5-jre (it's in the non-free group) if you still haven't done so.

The installer also assumes a RedHat SysV structure (with /etc/rc.d/...). Create this directory if it doesn't exist or you will not have the init script after the install is finished. After a successful installation move the created scripts and links to the correct location on your system.

On a few of my installations, the script (in /usr/local/bin/PowerChute) was broken; it seemed that some variables weren't substituted by the installer. The correct one looks like this:

#fixes bug id #4059472 too many files open
ulimit -n 256
nohup /usr/lib/jvm/java-1.5.0-sun- -Xrs -cp \
./comp/shutdownerlets/OSshutdownerlet.jar: com.apcc.m11.arch.application.Application \
1>/dev/null 2>/dev/null &
Last but not least, if you are installing over SSH, make sure your X11 connections are forwarded. The option X11Forward option must be set to "yes" in the server's /etc/ssh/sshd_config. Also, use "-X" when calling ssh, to enable forwarding on the client side (or muck around with your options in ~/.ssh/).

Friday, 27 April 2007

Restoring NTFS partitions with partimage

There are plenty of articles out there describing how to use partimage to backup and restore your servers. Most of them assume you are using Linux but the process can be used with Windows servers without much hassle. Except for one big hassle, which is the raison d'ĂȘtre of this post.

I have managed to use partimage version 0.6.4 to backup and restore Windows 2000 servers. Partimage will nag about the experimental status of NTFS support but it works fine, at least it did for me, as long as the MBR (Master Boot Record) was intact.

If you have lost the MBR (for example, you are restoring to a new hard-disk), then you have, most likely, tried partimage's option that says:
( ) Restore an MBR from the imagefile
Only to be presented with an error message:
Can't read block 0 from image (0)
If you have already tried Dave Farquhar's solution without success, or if, like me, you didn't backup the MBR, there might still be hope. You will need your Windows 2000 installation CD, though.
  1. Start the windows installation by booting up with your Windows 2000 CD.
  2. Have the installer re-create the partitions. If you use "restore" methods the installer will not create a new MBR for you.
  3. When the installer reboots to finish the installation, quickly replace the CD in the drive with your Linux emergency boot disk. I used Knoppix v5.1.1.
  4. Restore your data using partimage as describe in one of the many tutorials on the Internet.
This method assumes that you have created the partitions in the windows installer based on your previous partitions. When you create your image, make sure you also back-up your partition information.

Tuesday, 17 April 2007

Rsync + SSH ServerAliveInterval

Did you ever leave scp running overnight to copy a file from a remote server over some slow WAN link? And only to find the dreaded message on the console (I was using port 2222):

scp -c blowfish -P 2222 user@remote_host:huge_remote_file .
huge_remote_file 43% 182MB 0.0KB/s - stalled -
Yeah - "stalled". At 43%. So you pull out rsync to, at least, re-start from where it stopped:

rsync --progress -e 'ssh -c blowfish -p 2222' user@remote_host:huge_remote_file .
But what if it stalls again? You will not be around to re-start the transfer.

You can use ssh's ServerAliveInterval option and rsync's exit value to solve this problem. The remote host will need to accept public key authentication but this is easy to set-up, even if only temporarily.

This is the command that does the trick:

while rsync --progress -e 'ssh -o ServerAliveInterval=300 -c blowfish -p 2222' \
user@remote_host:huge_remote_file . ; do sleep 1; done
Explaining: if there is no traffic through ssh in 300 seconds, the client will request a ping reply from the ssh server and drop the connection in case none is received. Rsync will then exit with a non-zero status (probably 20), which will allow the loop condition to run again.

Thus, when the transfer is successfully finished, rsync will exit with status 0, ending the loop. And the file will be waiting for you in the morning. Nice.

By the way, I use blowfish as the cipher algorithm because it is faster than the default, 3des. In my case it doesn't matter too much since the connection was being tunnelled through a VPN but you should use a stronger cipher if that's not your case.

Saturday, 31 March 2007

I hate spammers

They are all fat, ugly, small-dick miserables who can't get laid. So they send their shit to us thiking we are all like them. They don't even know where sperm is produced.

From: Nola Delores
Subject: build more SPERM in yourPENIS, 500% more after taking this pill along break

Friday, 30 March 2007

NTP offset graphs

I solved a NTP problem a few days ago. I didn't really solve it because instead of fixing Windows 2003 W32Time service we simply substituted it with the Meinberg NTP port.

Graphs created with gnuplot were crucial in convincing the network admin that his windows box was the problem. I was able to show that my machine agreed with the other chimers in the network while the Windows 2003 chimer was jumping back and forth.

The red line represents the time offset to the W2K3 chimer, while the others refer to the remaining NTP chimers. It is clear that the client is struggling to sync with the lower-strata Windows 2003 NTP server but it keeps travelling in time. You can also notice in the graph how the offset to the other servers remains close to zero, indicating they agree on the correct time.

To create these graphs I used the peerstats files the NTP daemon creates in /var/log/ntp (path may be different on your distro or not be enabled at all), a perl script, gnuplot and some patience.

The peerstats files are full of lines like this:
54188 331.225 a.b.c.d 9614 -0.001258450 0.002503000 0.014872032 0.001373005
I was interested in the first, second, third and fifth fields: date in modified Julian Day (MJD), seconds from midnight UTC, peer IP address and offset in seconds.

To convert the MJD to a time format accepted by gnuplot I created the script


use DateTime::Format::Epoch::MJD;
while (<STDIN>) {
if ( /^(.*) (.*) (.*)$/) {
my $dt = substr(DateTime::Format::Epoch::MJD->parse_datetime( $1 ), 0,10);
print "$dt,";
print int(($2/(60*60))%24);
print ":";
print int(($2/60)%60);
print ($2%60);
print " $3\n";
The script doesn't deserve any style points and it doesn't consider time zones (although the MJD module might; go check yourself if you are worried). You will need the DateTime::Format::Epoch perl module (Debian users have it easy).

After that you can prepare you peerstats file(s) to be used with Gnuplot:
cat peerstats1 | grep 'a.b.c.d' | cut -d" " -f1,2,5 | ./ > stats1
Your grep parameters may vary but make sure you select only peer at a time because the gnuplot configuration I use below expects only 2 axes (date/time and offset).

The gnuplot configuration looks like this (stats.conf):
# feel free to change image size
set terminal png size 1600,1024
set xdata time
set timefmt "%Y-%m-%d,%H:%M:%S"
set output "ntp-offset.png"
# if you want to change the scale, uncomment
#set yrange [-0.1:0.1]
set grid
set xlabel "Time"
set ylabel "Offset"
set title "Description: Time Offsets"
set key left box
plot "stats1" using 1:2 index 0 title "NTP client 1" with lines, \
"stats2" using 1:2 index 0 title "NTP client 2" with lines, \
Adjust the file to your own needs and run gnuplot:
$ cat stats.conf | gnuplot 
The file ntp-offset.png will be created. Use your favourite program to view the results.

Wednesday, 28 March 2007

Init script for tshark

I need to capture packets in a network for post-mortem analysis. I wanted tshark to start upon boot on a Debian etch-testing but couldn't find a start script for it. I used snort's as a basis to write my own. Just make sure you change the DAEMON_OPTIONS to suit your own needs.

#!/bin/sh -e

test $DEBIAN_SCRIPT_DEBUG && set -v -x

DAEMON_OPTIONS="-q -i eth0 -b files:80 -b filesize:512000 -w rawcapture"
# tshark does not create pid file

DESC="WireShark packet capture program"

test -x $DAEMON || exit 0

check_log_dir() {
# TODO: get fussy with existing log files
return 0

case "$1" in
echo -n "Starting $DESC: "

if ! check_log_dir; then
echo " will not start $DESC!"

exit 1

fail="failed (check /var/log/daemon.log)"
/sbin/start-stop-daemon --stop --signal 18 --quiet --user root --group root \
--exec $DAEMON >/dev/null &&

fail="already running"

set +e
/sbin/start-stop-daemon --start --background --quiet --chdir $DAEMON_PATH \
--exec $DAEMON -- $DAEMON_OPTIONS >/dev/null

set -e
case "$ret" in
echo "done."

echo "...$fail."
myret=$(expr "$myret" + 1)


exit $myret

echo -n "Stopping $DESC: $NAME"

/sbin/start-stop-daemon --stop --retry 5 --quiet --oknodo \
--user root --group root --exec $DAEMON >/dev/null

echo "."


$0 stop $interface || true
$0 start $interface || true


result="NOT running!"
/sbin/start-stop-daemon --stop --signal 18 --quiet --user root --group root \
--exec $DAEMON >/dev/null && result="running." &amp;& exitval=0

echo $DESC $result
exit $exitval

echo "Usage: $0 {start|stop|restart|status}"
exit 1

exit 0

Tuesday, 27 March 2007

PERL CPAN packages on Debian

Man, I'm really starting to become a fan of the "debian way". What can be easier than running dh-make-perl --build --cpan perl_module to create Debian packages of CPAN's PERL packages? Example:

$ dh-make-perl --build --cpan DateTime::Format::Epoch

Of course you must first install Module::Build but that as available as a Debian package already: libmodule-build-perl. And while you're at it, check that you have package dh-make-perl installed.

And happy scripting!

Monday, 26 March 2007

MUVPN and Cisco VPN Client

If you try to install the Cisco VPN Client on a Windows XP that already has the Watchguard Mobile User VPN client you are in for a treat.

The Cisco VPN client installer will keep telling you must first uninstall the previous version or uninstall a component called IRE (I think that was it). Of course you can't install it because you haven't installed the client yet. That can be quite misleading.

Well, just uninstall Watchguard's MUVPN client, install Cisco's and then reinstall MUVPN. Now you have both installed, MUVPN works but Cisco's client will complain: "IPC socket allocation failed with error -4h (...)".

To be able to use it you must kill MUVPN processes. Just right-click the taskbar, fire up the task manager and kill the following processes (you must be administrator): "SafeCfg.exe", "IreIKE.exe" and "IPSecMon.exe".

If you want to use MUVPN after that you will need to reboot or figure-out a way to re-start those processes. I didn't have patience to find out how; it might be as simple as running the executables. Good luck.

Thursday, 22 March 2007 Tagspace Beta

It means I have no chance of finding anything useful about the Windows 2003 W32Time service log messages.