Posts Tagged ‘description’

Filter messages in Qmail with unwanted words, get rid of the Viagra annoying spam with Qtrap

Sunday, September 4th, 2011

Drop qmail received mail containing banned / unwanted words to get rid of Viagra and Sex related spam

Recently the annoying Viagra spam has emerged again. Therefore I decided to clean up some of the mails received to one of the qmail servers to protect users emailbox from this viagra peril.

To do so I’ve remember about an old script which used to be part of qmailrocks.org qmail install, the script is called qtrap and is able to filter emails based on list of specific mail contained words.
Since qmailrocks.org is gone (down) for some time and its still available only on few mirrored locations which by the way are not too easy to find I decided to write a little post on how qtrap.sh could be integrated quick & easy with any Qmail + Vpopmail install out there.

Hereby I include the description for qtrap.sh given by the script author:

“qtrap.sh script is applied on a per domain basis and serves as a “bad word” scanner to catch any spam that Spamassassin may have missed. This filter serves as the last defense against SPAM before it arrived in your inbox. I like this filter because it helps to get rid of any SPAM that happens to make it by Spamassassin. Without any protection at all, my mailbox gets a shit ton of SPAM every day. Within the first 3 months I enacted the Qtrap filter, Qtrap logged over 9,000 deleted SPAM messages, none of which were legitimate e-mails. My keyboard’s delete key was very appreciated the extra rest.

Any emails that are scanned and contain a banned word will be automatically deleted and logged by the qtrap script. A whitelist feature now exists so that individual addresses or domains can be exempt from the qtrap scan.”

Now as one might have general idea on what the script does. Here is the step by step qtrap.sh integration;

1. Create necessery qtrap directory and logs and set proper permissions

If the vpopmail is installed in /home/vpopmail , issue the following commands.

debian:~# cd /home/vpopmail
debian:~# mkdir -p qtrap/logs
debian:/home/vpopmail/qtrap# cd qtrap
debian:/home/vpopmail/qtrap# wget https://www.pc-freak.net/files/qtrap.sh
...
debian:/home/vpopmail/qtrap# cd ~
debian:~# touch /home/vpopmail/qtrap/logs/qtrap.logdebian:~# chown -R vpopmail:vchkpw /home/vpopmail/qtrapdebian:~# chmod -R 755 /home/vpopmail/qtrap

On older qmail installations it could be vpopmail is installed in /var/vpopmail if that’s the case, link /var/vpopmail to /home/vpopmail and go back to step 1. To link:

debian:~# ln -sf /var/vpopmail/ /home/vpopmail

2. Edit qtrap.sh to whitelist email addresses and build a ban words list

a) Include the email addresses mail arriving from which would not be checked by qtrap.sh

Inside qtrap.sh in line 63, there is a shell function whitelist_check(), the function looks like so:

whitelist_check () {
case $WHITELIST in
address@somewhere.com|address@somewhereelse.com)
echo $SENDER found in whitelist on `date "+%D %H:%M:%S"` >> /home/vpopmail/qtrap/logs/qtrap.log
exit 0;;
*)
;;
esac
}

By default the script has just two sample mails which gets whitelisted this is the line reading:

address@somewhere.com|address@somewhereelse.com

The whitelisted emails should be separated with a pipe, thus to add two more sample emails to get whitelisted by script the line should be changed like:

address@somewhere.com|address@somewhereelse.com|hipod@mymailserver.com|hipo@gmail.com

In order to whitelist an entire domain let’s say yahoo.com add a line to the above code like:

address@somewhere.com|address@somewhereelse.com|hipod@mymailserver.com|hipo@gmail.com|*yahoo.com

b) Defining the bad words ban list, mails containing them should not be delivery by qmail

The function that does check for the ban word list inside the script is checkall();, below is a paste from the script function:

checkall () {
case $BANNED_WORDS in
porn|PORN|Sex|SEX)
printout $BANNED_WORDS
echo MESSAGE DROPPED from $SENDER because of $BANNED_WORDS on `date "+%D %H:%M:%S"` >> /home/vpopmail/qtrap/logs/qtrap.log
exit 99;;
*)
;;
esac
}

checkall(); is located on line 74 in qtrap.sh, the exact list of banned words which the script should look for is located on line 76, the default qtrap.sh filters only mails containing just 4 words, e.g.:

porn|PORN|Sex|SEX)

To add the Viagra and VIAGRA common spam words to the list, modify it and expand like so:

porn|PORN|Sex|SEX|viagra|Viagra)

The delimiter is again | , so proceed further and add any unwanted spam words that are not common for any legit mails.

3. Install qtrap.sh to process all emails delivered to vpopmail

If its necessery to install the dropping of mails based on word filtering only to a single vpopmail virtualdomain do it with cmd:

debian:~# cd /home/vpopmail/domains/yourdomain.com
debian:/home/vpopmail/domains/yourdomain.com# touch .qmail-default.new
debian:/home/vpopmail/domains/yourdomain.com# echo '| /home/vpopmail/qtrap/qtrap.sh' >> .qmail-default.new
debian:/home/vpopmail/domains/yourdomain.com# echo "| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox" >> .qmail-default.new
debian:/home/vpopmail/domains/yourdomain.com# chown vpopmail:vchkpw .qmail-default.new
debian:/home/vpopmail/domains/yourdomain.com# cp -rpf .qmail-default .qmail-default.bak; mv .qmail-default.new .qmail-default
If however qtrap.sh needs to get installed for all existing vpopmail virtualdomains on the qmail server, issue a one liner bash script:

debian:~# cd /home/vpopmail/domains
debian:/var/vpopmail/domains# for i in *; do cd $i; echo "| /home/vpopmail/qtrap/qtrap.sh" >> $i/.qmail-default.new;
echo "| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox" >> $i/.qmail-default.new;
chown vpopmail:vchkpw .qmail-default.new; mv .qmail-default .qmail-default.old; mv .qmail-default.new .qmail-default; cd ..; done

This for loop will add ‘| /home/vpopmail/qtrap/qtrap.sh’ to all .qmail-default for all vpopmail domains.

Afterwards the .qmail-default file should contain the following two lines:

| /home/vpopmail/qtrap/qtrap.sh
| /home/vpopmail/bin/vdelivermail '' delete

A very important thing here you should consider that adding some common words, as let’s say hello or mail etc. could easily drop almost all the emails the qmail hands in to vpopmail.

Caution!! Never ever implement common words in the list of words !!
Always make sure the banned words added to qtrap.sh are words that are never enter an everyday legit email.

Another thing to keep in mind is that qtrap.sh doesn’t make a copy of the received message ,though it can easily be modified to complete this task.
Any mail that matches the banned words list will be dropped and lost forever.

4. Check if qtrap.sh is working

To check, if qtrap is working send mail to some mailbox located on the qmail server containing inside subject or mail message body the unwanted word defined inside qtrap.sh.

The mail should not be received in the mailbox to which its sent, if qtrap is working moreover qtrap.sh should log it inside it’s log file:

debian:~# cat /home/vpopmail/qtrap/logs/qtrap.log
MESSAGE DROPPED from hipo@mytestmail.com because of viagra on 09/03/11 11:34:19
MESSAGE DROPPED from support@mymailserver.com because of Viagra on 09/03/11 11:39:29

If the qtrap.log contains records similar to the one above, and the mail matching the banned word is not delivered, qtrap.sh is properly configured. If any issues check in qmail logs, they should have a good pointer on what went wrong with qtrap.sh invokation.

Note that I’ve integrated qtrap.sh to custom qmail install running on Debian Lenny 5.0 GNU/Linux.
If I have time I’ll soon test if its working fine on the latest stable Debian Squeeze and will report here in comments.
If however someone is willing to test if the script works on Debian Squeeze 6.0 or have tested it already please drop a comment to report if it works fine.
qtrap.sh, is a bit oldish and is not written to work too optimal therefore on some heavy loaded mail servers it can create some extra load and a bit delay the mail delivery. Thus when implementang one needs to consider the downsides of putting it in.

Also I was thinking tt might be nice if the script is rewritten to read the ban words and whitelist mails from files instead of as it is now as the words are hard coded in the script.
If I have some free time, I’ll probably do this, though I’m not sure if this is a too good idea as this might have a negative performance impact on the script execution time, as each instance of the script invoked should do one more operation of reading a file storing the ban words.

Well that’s pretty much it, enjoy 😉

The Legend of the Christmas Tree and Why do we put Christmas trees at home in Christmas time? :)

Thursday, January 12th, 2012

Why we put Pine tree / Fir in Christmas origins of Christmas tree / Legends for the Christmas Tree
 

Christmas has just passed away. As a Christian I was curious what is the reason in so many Christian countries, we decorate Pine trees and I did a quick research on the topic. In this small article, I'll present my findings.

Observing the Christmas Pine Tree tradition has been quite ancient and probably according to many sources dates back to the XIIth century.
The first written records of a Christmas tree are of an anonymous Frenchman who visited Strasbourg, Germany in 1601. His description of the decoratd pine tree says like "wafers and golden sugar-twists (Barley sugar), roses cut out of many-colored paper, apples, gold foil and sweets."

Later in the 1800s, the local German Christmas pine tree tradition was spread across America by German emmigrants.
In UK the Pine tree decorating tradition appeard in 1841, where a royalty (Prince Albert) decorated his castle (Winston Castle).

A little later after the Queen Victoria adopted the pine tree, United Kingdom citizens started to decorate pine trees for themselves, folliwng the highly regarded Queen.
Usually the pine tree has historically been decorated with gifts as well as an Bright star is put atop.

One of the Christian interpretations for the Christmas tree is that it represents the same Cross (tree) on which Christ was crucifixed. Then after Christ's resurrection because of (or through that) tree, the humanity received the Lord big spiritual blessings. These blessings are represented by the gifts decorated on the Fir tree. The pine tree itself is in Christianity a reference for the symbol of Salvation that we received came from the Holy Cross, where our saviour was crucified.

The Fir is decorated with lights to represent the joy and the lights of Christmas (that burns in our hearts), the star atop the tree is a reminder of the Star that rised in the East during the night of Christ's birth as we read in the gospels.

Roman Catholic Church Christmas Pine Trees
Decorating Pine trees is commonly observed mostly in Roman Catholic Church and often followed by some protestant denominations and less used in Orthodox Church (though this is changing nowdays).

In Eastern Europe, the Christmas tree appeared quite Legends about the Christmas Fir Treelate and the whole concept was unknown in the Orthodox Christian countries, just until the end of the 19th century.

With the recent severe globalization the pine tree was silenty adopted in almost all parts of the world, including even communist countries and even sometimes in muslim ones.
Enormous Fir Tree in Tarnovo city hill Bulgaria

Unfortunately, the relation between the Fir tree and our Christian faith is little known today and with the years to come it will be less and less associated with Christianity.

Here are few interesting legends which I found explaining, some of the possible roots of the Christmas tree decoration:

Legends about the Christmas Fir Tree

1. Legend of the Pine Tree Saving the Holy Family

When the Holy family was pursued by Herod's soldiers, many plants offered to provide them with shelter.
One such plant was the Pine tree. With Mary too weary to travel any longer, the family stopped at the edge of a forest to rest.
A gnarled old Pine which had grown hollow with the years invited them to rest within its trunk.
Then, it closed its branches down upon them, keeping the family safe until the soldiers had passed.
Upon leaving, the Christ Child blessed the Pine and the imprint of his tiny hand was left forever in the tree's fruit… the Pine cone.
If a cone is cut lengthwise, the hand may still be seen.

2. Pine tree and Easter Legend
 

Pine tree on cones on Easter forms Cross shape

There is a legend that pine trees "know" when it's Easter.
The pine trees start their new growth in the weeks before Easter.
If you look at the tops of the pine trees two weeks before Easter you'll see the yellow shoots.
As the days get closer to Easter Sunday, the tallest shoot will branch off and form a cross.
By the time Easter Sunday comes around, you will see that most of the pine trees will have small yellow crosses on all of the tallest shoots.
This really happens we live where there are lots of pines,
and each year this actually happens, it is amazing to watch,
and the process of the new growth appears as crosses on the ends
of each branch.

I've not personally observed that, but according to people who live in pine tree forest areas this is a fact.

3. Legend about M. Luther and the Pine tree

Martin Luther, founder of the Protestant religion, was taking a stroll through the woods late one night.
The sky was clear and many stars were shining through the branches of the trees,
giving the impression of twinkling lights.
Luther was so captivated and inspired by the beautiful brilliance of the sight
that he cut down a small evergreen and brought it home.
He recreated the stars by placing candles upon the tree's branches to imitate
their radiance and presented it to his children.

This story explains why, the pine tree become so wide spread initially in the "western world", as it gives some connection between the Pine tree and Protestant Christianity.

4. The Children Legend of the Fir Tree (Kids Story)

On the night of the Christ Child's birth, all living creatures, both flora and fauna, traveled to Bethlehem bearing gifts.
The Olive tree, for example, brought its fruit and the Palm tree its dates.
But the little Fir tree had no gift and was so tired that it was unable to resist when the larger trees pushed it into the background and hid it from view.
But then, a nearby Angel took pity and commanded a cluster of stars to descend and rest upon its delicate boughs.
When the Baby Jesus beheld this lovely lighted tree, he smiled and blessed it,
declaring henceforth that Fir trees should always be filled with lights at
Christmastime to please little children.
When Christianity first came to Northern Europe, three personages representing
virtues were dispatched from Heaven to place lights on the original Christmas tree.
These personages were Faith, Hope and Charity.
Their search was long, since they were required to find a tree as high as hope, as great as love and as sweet as charity.
In addition, the tree had to bear the sign of the cross on every bough.
Their search finally ended in the forests of the North where they found the Fir.
Lit by the radiance of the stars, it became the first Christmas tree.
The triangular design of the Fir has also been usedto describe the Holy Trinity of God the Father, The Son and The Holy Spirit.
Eventually, converts began to revere the Fir as God's Tree…as they had once revered the Oak.
By the Twelfth Century it was being hung, upside-down, from ceilings at Christmastime
in Central Europe, as a symbol of Christianity.

5. The Paradise Tree Legend

A very old and delightful European custom centers around decorating a Fir tree with apples and small white wafers which represents the Holy Eucharist.
These wafers were later replaced by small pieces of pastry cut into the shapes of stars, angels, hearts, flowers and bells.
Eventually additional pastries were introduced bearing the shapes of men, birds, roosters and other animals.

During the middle Ages, around the Eleventh century, religious theater was born.
One of the most popular plays …
The German mystery play concerned Adam and Eve and their fall and expulsion from the Garden of Eden, represented by a Fir tree hung with apples.
This tree was symbolic of both the Tree of Life and the Tree of Discernment of Good and Evil, which stood in the center of Paradise.
The play ended with the prophecy of a coming Saviour. For this reason, it was often enacted during Advent.

The one piece of scenery, the "Paradeisbaum" or "Paradise Tree" become a popular object and was often set up in churches.
Eventually it also found its way in private homes and became symbol of the Saviour.
Since the tree was representative not only to Paradise and the fall of man, but also the premise of salvation.
It was hung not merely with apples, but with bread of wafers (Holy Eucharist) and often sweet to represent the sweetness of redemption.
In some areas of Bavaria, fir branches and little trees decorated with lights, apples and tinsel are still called "Paradeis".

According to some other Christian legends, it was a Fir tree that grew as the Tree of Life in the Garden of Eden.
When Eve plucked its fruit, the foliage and flowers shrank to nothing but needles.
Only on the night of Nativity would the Fir tree bloom again a moment marked perhaps by the Christmas tree we Christians use.

Of course these are just legends and as with every legend there is plenty of romantism included.
Nevertheless I consider most legends similar to proverbs contain deep truth and contain truthful facts. Moreover knowing the legends of our forefathers connect us to who and what we are and from antropological point of view is precious knowledge, we should try to sustain and spread to our children.
 

How to encrypt files with GPG and OpenSSL on GNU / Linux

Friday, November 25th, 2011

Encrypt files and directories with OpenSSL and GPG (GNUPG), OpenSSL and GPG encryption logo

I have just recently found out that it is possible to use openssl to encrypt files to tighten your security.
Why would I want to encrypt files? Well very simple, I have plain text files where I write down my passwords for servers or account logins for services I use on the internet.

Before this very day I use gpg to encrypt and decrypt my sensitive information files and archives. The way to encrypt files with GPG is very simple, here is an example:

server:~# ls -al test.txt
-rw-r--r-- 1 root root 12 Nov 25 16:50 test.txt
server:~# gpg -c test.txt > test.txt.gpg
Enter passphrase:
Repeat passphrase:

Typing twice the same password produces the encrypted file test.txt.gpg . In order to later decrypt the gpg password protected file I use cmd:

server:~# gpg -d test.txt.gpg >test.txt
Enter passphrase:
Repeat passphrase:
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected

As one can see from above output by default gpg uses the CAST5 algorithm to encrypt the data. For all those curious on what kind of encryption does CAST5 provide and where the CAST5 origins are, in short CAST5 is a GNU invented cryptographic algorithm, the short description of the algorithm is as follows:

“…a DES-like Substitution-Permutation Network (SPN) cryptosystem which appears to have good resistance to differential cryptanalysis, linear cryptanalysis, and related-key cryptanalysis. This cipher also possesses a number of other desirable cryptographic properties, including avalanche, Strict Avalanche Criterion (SAC), Bit Independence Criterion (BIC), no complementation property, and an absence of weak and semi-weak keys.”

Anyways, for all those who trust more the DES128 encryption as an encryption algorithm to keep your data secret, the openssl command tool provides another mean to encrypt sensitive data.
To encrypt a file using the openssl’s DES encryption capabilities:

server:~# openssl des -salt -in test.txt -out test.txt.des
enter des-cbc encryption password:
Verifying - enter des-cbc encryption password:

As you can see to encrypt with the DES-CBC its necessery to type twice the secret password “salt” keyword which will be used as an encryption key.

To decrypt later on the DES encrypted file the cmd is:

server:~# openssl des -d -salt -in file.des -out file

In order to encrypt a whole directory earlier compressed with tar zip:

server:~# tar -czf - directory | openssl des -salt -out directory.tar.gz.des

Where directory is the name of directory which will be tarred and crypted.

To later decrypt with openssl the above encrypted tar.gz.des file:

server:~# openssl des -d -salt -in directory.tar.gzdes | tar -x
 

How to find out which processes are causing a hard disk I/O overhead in GNU/Linux

Wednesday, September 28th, 2011

iotop monitor hard disk io bottlenecks linux
To find out which programs are causing the most read/write overhead on a Linux server one can use iotop

Here is the description of iotop – simple top-like I/O monitor, taken from its manpage.

iotop does precisely the same as the classic linux top but for hard disk IN/OUT operations.

To check the overhead caused by some daemon on the system or some random processes launching iotop without any arguments is enough;

debian:~# iotop

The main overview of iostat statistics, are the:

Total DISK READ: xx.xx MB/s | Total DISK WRITE: xx.xx K/s
If launching iotop, shows a huge numbers and the server is facing performance drop downs, its a symptom for hdd i/o overheads.
iotop is available for Debian and Ubuntu as a standard package part of the distros repositories. On RHEL based Linuxes unfortunately, its not available as RPM.

While talking about keeping an eye on hard disk utilization and disk i/o’s as bottleneck and a possible pitfall to cause a server performance down, it’s worthy to mention about another really great tool, which I use on every single server I administrate. For all those unfamiliar I’m talking about dstat

dstat is a – versatile tool for generating system resource statistics as the description on top of the manual states. dstat is great for people who want to have iostat, vmstat and ifstat in one single program.
dstat is nowdays available on most Linux distributions ready to be installed from the respective distro package manager. I’ve used it and I can confirm tt is installable via a deb/rpm package on Fedora, CentOS, Debian and Ubuntu linuces.

Here is how the tool in action looks like:

dstat Linux hdd load stats screenshot

The most interesting things from all the dstat cmd output are read, writ and recv, send , they give a good general overview on hard drive performance and if tracked can reveal if the hdd disk/writes are a bottleneck to create server performance issues.
Another handy tool in tracking hdd i/o problems is iostat its a tool however more suitable for the hard core admins as the tool statistics output is not easily readable.

In case if you need to periodically grasp data about disks read/write operations you will definitely want to look at collectl i/o benchmarking tool .Unfortunately collect is not included as a packaget for most linux distributions except in Fedora. Besides its capabilities to report on servers disk usage, collect is also capable to show brief stats on cpu, network.

Collectl looks really promosing and even seems to be in active development the latest tool release is from May 2011. It even supports NVidia’s GPU monitoring 😉 In short what collectl does is very similar to sysstat which by the way also has some possibilities to track disk reads in time.  collectl’s website praises the tool, much and says that in most machines the extra load the tool would add to a system to generate reports on cpu, disk and disk io is < 0.1%.  I couldn’t find any data online on how much sysstat (sar) extra loads a system. It will be interesting if some of someone concluded some testing and can tell which of the two puts less load on a system.

Monitoring Windows hosts with Nagios on Debian GNU/Linux

Tuesday, August 30th, 2011

Nagios logo install and configure nagios to monitor Windows hosts with on Debian GNU/Linux

In this article in short, I’ll explain how I configured Nagios on a Debian GNU/Linux release (Squeeze 6) to monitor a couple of Windows hosts running inside a local network. Now let’s start.

1. Install necessery nagios debian packages

apt-get install nagios-images nagios-nrpe-plugin nagios-nrpe-server nagios-plugins nagios-plugins-basic nagios-plugins-standard
nagios3 nagios3-cgi nagios3-common nagios3-core

2. Edit /etc/nagios-plugins/config/nt.cfg

In the File substitute:

define command { command_name check_nt command_line /usr/lib/nagios/plugins/check_nt -H '$HOSTADDRESS$' -v '$ARG1$' }

With:

define command {
command_name check_nt
command_line /usr/lib/nagios/plugins/check_nt -H '$HOSTADDRESS$' -p 12489 -v $ARG1$ $ARG2$
}

3. Modify nrpe.cfg to put in allowd hoss to connect to the Nagions nrpe server

vim /etc/nagios/nrpe.cfg

Lookup inside for nagios’s configuration directive:

allowed_hosts=127.0.0.1

In order to allow more hosts to report to the nagios nrpe daemon, change the value to let’s say:

allowed_hosts=127.0.0.1,192.168.1.4,192.168.1.5,192.168.1.6

This config allows the three IPs 192.168.1.4-6 to be able to report for nrpe.

For the changes to nrpe server to take effect, it has to be restrarted.

debian:~# /etc/init.d/nagios-nrpe-server restart

Further on some configurations needs to be properly done on the nrpe agent Windows hosts in this case 192.168.1.4,192.168.1.5,192.168.1.6

4. Install the nsclient++ on all Windows hosts which CPU, Disk, Temperature and services has to be monitored

Download the agent from http://sourceforge.net/projects/nscplus and launch the installer, click twice on it and follow the installation screens. Its necessery that during installation the agent has the NRPE protocol enabled. After the installation is complete one needs to modify the NSC.ini
By default many of nsclient++ tracking modules are not enabled in NSC.ini, thus its necessery that the following DLLs get activated in the conf:

FileLogger.dll
CheckSystem.dll
CheckDisk.dll
NSClientListener.dll
SysTray.dll
CheckEventLog.dll
CheckHelpers.dll

Another requirement is to instruct the nsclient++ angent to have access to the Linux installed nagios server again with adding it to the allowed_hosts config variable:

allowed_hosts=192.168.1.1

In my case the Nagios runs on Debian Lenny (Squeeze) 6 and possess the IP address of 192.168.1.1
To test the intalled windows nsclient++ agents are properly installed a simple telnet connection from the Linux host is enough:

5. Create necessery configuration for the nagios Linux server to include all the Windows hosts which will be monitored

There is a window.cfg template file located in /usr/share/doc/nagios3-common/examples/template-object/windows.cfg on Debian.

The file is a good start point for creating a conf file to be understand by nagios and used to periodically refresh information about the status of the Windows hosts.

Thus it’s a good idea to copy the file to nagios3 config directory:

debian:~# mkdir /etc/nagios3/objects
debian:~# cp -rpf /usr/share/doc/nagios3-common/examples/template-object/windows.cfg /etc/nagios3/objects/windows.cfg

A sample windows.cfg content, (which works for me fine) and monitor a couple of Windows nodes running MS-SQL service and IIS and makes sure the services are up and running are:

define host{
use windows-server ; Inherit default values from a template
host_name Windows1 ; The name we're giving to this host
alias Iready Server ; A longer name associated with the host
address 192.168.1.4 ; IP address of the host
}
define host{
use windows-server ; Inherit default values from a template
host_name Windows2 ; The name we're giving to this host
alias Iready Server ; A longer name associated with the host
address 192.168.1.4 ; IP address of the host
}
define hostgroup{
hostgroup_name windows-servers ; The name of the hostgroup
alias Windows Servers ; Long name of the group
}
define hostgroup{
hostgroup_name IIS
alias IIS Servers
members Windows1,Windows2
}
define hostgroup{
hostgroup_name MSSQL
alias MSSQL Servers
members Windows1,Windows2
}
define service{
use generic-service
host_name Windows1
service_description NSClient++ Version
check_command check_nt!CLIENTVERSION
}
define service{ use generic-service
host_name Windows1
service_description Uptime
check_command check_nt!UPTIME
}
define service{ use generic-service
host_name Windows1
service_description CPU Load
check_command check_nt!CPULOAD!-l 5,80,90
}
define service{
use generic-service
host_name Windows1
service_description Memory Usage
check_command check_nt!MEMUSE!-w 80 -c 90
define service{
use generic-service
host_name Windows1
service_description C: Drive Space
check_command check_nt!USEDDISKSPACE!-l c -w 80 -c 90
}
define service{
use generic-service
host_name Windows1
service_description W3SVC
check_command check_nt!SERVICESTATE!-d SHOWALL -l W3SVC
}
define service{
use generic-service
host_name Windows1
service_description Explorer
check_command check_nt!PROCSTATE!-d SHOWALL -l Explorer.exe
}
define service{
use generic-service
host_name Windows2
service_description NSClient++ Version
check_command check_nt!CLIENTVERSION
}
define service{ use generic-service
host_name Windows2
service_description Uptime
check_command check_nt!UPTIME
}
define service{ use generic-service
host_name Windows2
service_description CPU Load
check_command check_nt!CPULOAD!-l 5,80,90
}
define service{
use generic-service
host_name Windows2
service_description Memory Usage
check_command check_nt!MEMUSE!-w 80 -c 90
define service{
use generic-service
host_name Windows2
service_description C: Drive Space
check_command check_nt!USEDDISKSPACE!-l c -w 80 -c 90
}
define service{
use generic-service
host_name Windows2
service_description W3SVC
check_command check_nt!SERVICESTATE!-d SHOWALL -l W3SVC
}
define service{
use generic-service
host_name Windows2
service_description Explorer
check_command check_nt!PROCSTATE!-d SHOWALL -l Explorer.exe
}
define service{ use generic-service
host_name Windows1
service_description SQL port Check
check_command check_tcp!1433
}
define service{
use generic-service
host_name Windows2
service_description SQL port Check
check_command check_tcp!1433
}
The above config, can easily be extended for more hosts, or if necessery easily setup to track more services in nagios web frontend.
6. Test if connectivity to the nsclient++ agent port is available from the Linux server

debian:~# telnet 192.168.58.6 12489
Trying 192.168.58.6...
Connected to 192.168.58.6.
Escape character is '^]'.
asd
ERROR: Invalid password.

Another good idea is to launch on the Windows host the NSClient++ (system tray) , e.g.:

Start, All Programs, NSClient++, Start NSClient++ (system tray).

Test Nagios configuration from the Linux host running nagios and nrpe daemons to check if the check_nt, can succesfully authenticate and retrieve data generated from the nsclient++ on the Windows host:

debian:~# /usr/lib/nagios/plugins/check_nt -H 192.168.1.5 -p 12489 -v CPULOAD -w 80 -c 90 -l 5,80,90,10,80,90

If everything is okay and the remote Windows system 192.168.1.5 has properly configured and running NSClient++ the above command should return an output like:

CPU Load 1% (5 min average) 1% (10 min average) | '5 min avg Load'=1%;80;90;0;100 '10 min avg Load'=1%;80;90;0;100

In case of the command returns:

could not fetch information from server

instead this means that probably there is some kind of problem with authentication or handshake of the Linux host’s nagios check_nt to the Windows server’s running on 12489.

This is sometimes caused by misconfigured NSC.ini file, however in other occasions this error is caused by misconfigured Windows Firewall or because the NSClient++ is not running with Administrator user.

By the way important note to make about Windows 2008r2 is that if NSClient++ is running there it’s absolutely required to Login with Windows Administrator and run the NSClient++ /start , if it’s run through the Run As Adminsitrator with an admin privileged user the aforementioned error might appear, so be careful.
I’ve experienced this error myself and it took me about 40 minutes to find that I have to run it directly with Administrator user after logging as Administrator.

7. Create nagios web iface Apache configuration

nagios debian pachage is shipped with a config which is suitable to be set debian:~# cp -rpf /usr/share/doc/nagios3-common/examples/apache2.conf /etc/apache2/sites-avalable/nagios
debian:~# ln -sf /etc/apache2/sites-available/nagios /etc/apache2/sites-enabled/nagios

The /etc/apache2/sites-available/nagios can easily be configured to work on Virtualhost, to do so the above copied file need to be wrapped inside a VirtualHost directive. For that put in the beginning of the file;

<VirtualHost *:80>

and in the end of the file:

<VirtualHost *:80>

8. Restart nagios server and Apache for the new settings to take effect

debian:~# /etc/init.d/apache2 restart
...
debian:~# /etc/init.d/nagios3 restart

If some custom configuration about tracking the Debian Linux nagios host running services needs to be made, its also helpful for one to check in /etc/nagios3/conf.d

Well that’s mostly what I had to do to make the Nagios3 server to keep track of a small Windows network on Debian GNU/Linux Squeeze 6, hope this small article helps. Cheers 😉

Reboot Safely a frozen (hanged up) Linux Server with Magic SysRQ Key combination

Monday, June 20th, 2011

Linux Magic SysRQ Key picture

Being a remote system administrator for many years from now, I’ve experienced many times sudden Linux crashes, mostly caused by system hardware overloads.

This is a common thing especially on busy Web Servers with (Apache/MySQL). Situations like this are really messy and many times in order to bringt the server back online, one has to either physically go to the Data Center or contact the Technical support to request a server reboot.

In this terrible times, data loss might occur if the Server reset button is used to cold reboot it.

Happily in 99% of the cases the data loss which might occur could be prevented with Linux’s kernel capability to support the Magic SysRQ key !

Having the Magic SysRQ key functionality being supported in Linux in past times wasn’t that common, thanksfully these days this has changed andlmost every Linux distrubution supports this handy feature.

Now you might wonder what is the magic with those Magic SysRQ key ?

Let me explain, Magic SysRQ is a kernel level functionality which supports even completely crashed Linux systems with the horrifying:

Kernel Panic
message to be properly shutdown.

Using Magic SysRQ instead of the mostly used indiced cold reboots is really advantageous, as all the opened files by programs on the crashed server which hanged will be properly saved and closed and thus possible data loss caused by the sudden server crash will be minimized.

One other good thing about the Magic SysRQ Key keyboard combination is that initiating the Magic SysRQ could be made blindly (no need for server monitor or display to present any error messages on the failed server).

Now to check if the magic sysrq is enabled on a server one should issue the command:

Here are some Magic SysRQ keyboard combinations one can use in case of server failure:

ALT+SYSRQ+M to dump memory info;
ALT+SYSRQ+P to dump processes states;
ALT+SYSRQ+S to sync disks;
ALT+SYSRQ+U to unmount all mounted filesystems;
ALT+SYSRQ+E to terminate processes;
ALT+SYSRQ+I to kill all processes
ALT+SYSRQ+U to try to unmount once again;
ALT+SYSRQ+B to reboot.

I would skip to explain what each of the keyboard combinations will do as I believe the above description explains it well.

One classics of combinations one might want to issue on a failed Linux server supporting the Magic SysRQ would be:

ALT+SYSRQ+R
ALT+SYSRQ+E
ALT+SYSRQ+I
ALT+SYSRQ+S
ALT+SYSRQ+U
ALT+SYSRQ+B

The ALT+SYSRQ+REISUB key combination is very popular among system administrators.
Also Magic SysRQ is heavily used by kernel developers as it includes many handy debugging options.

If you try the Magic SysRQ key on older servers and you realize it doesn’t react you will have to recompile the linux kernel and enable the CONFIG_MAGIC_SYSRQ kernel time compilation option.

The Magic SysRQ can also be initiated remotely on a properly running server 😉 by initiating:

server:~# echo b > /proc/sysrq-trigger

This command would be useful if you want to just have fun and test that magic sysrq works on your system for sure 😉

To sum it up using the Magic SysRQ will guarantee your locked up, server a Safe Reboot and will hopefully save you a lot of time for backups recovery.

A Black and White Story and To Download an Apple a nice artistic videos produced by a friend

Tuesday, April 26th, 2011

Here are two really nice videos produced by Daniela Popova.

One is called Black and White Story and the other one is with the funny name To Download an Apple

The videos was produced for her Graduation assignment in NATFA (National Academy of Theater and Film arts).
Even better the Black and White Story Video has been selected for the Festival of the Orthodox Christian Cinema in Moscow.
The movie was selected by a the jury on the festival (a professor) who realized there is a deeper spiritual meaning behind the Black and White Story

The Black & White Story Video has also an outstanding bulgarian national folklore music combined with some modern day music, just check it out and enjoy.

The second movie To Download an Apple is a humorous one and I believe presents the sometimes stupid and serious efforts we do to follow fake imaginative goals.

Black and White Story

Daniela | Myspace Video

Black and White Story


To Download an Apple

As Daniela is a Christian the movies contain also a hidden Christian messages 😉
I greet her for the great work! Considering the uniqueness of the videos it’s obvious Daniela is really talented!
I’m looking forward to see some more from her works.

How to turn ordinary Linux to a game station / Best Games to install and play on Debian Linux

Thursday, April 14th, 2011

Linux install best Games logo
Hereby in this article I’ll in short give you a quick way to install a number of my favourite linux games. In my view the games I’m going to suggest for installation are actually among the best existent games you could install and play on a Linux Desktop today.

Many people say/believe Linux does not have games, or the games for Linux/BSD are not fully featured and are not comparable to the ones for Windows, most of this sayings and beliefs are actually a fairy tales.
I should admit of course that Linux is still lacking behind in its gaming capabilities, even quite behind any Windows platform (Don’t get me wrong, I’m trying to be as much realistic as possible here in my estimation).

However little by little year by year as time passes by with time the situation for the coming generation of Linux Gamers is gettings better and better!.
The amount of free and non-free games is rising day by day, wheter
many of the large game producing companies like Blizzard, ID Software etc. are producing ports of their proprietary games for Linux.

Along with that the amount of Linux Enthusiast gamers and hobbyist is constantly increasing.

At the present moment probably there are more than 5000 games for Linux!
Many of that games count still requires heavy testing or are not yet production ready and therefore they don’t make it as a packages in the general Linux distributions repositories. These games are instead published on a various websites across the internet and still needs our (the linux hobbyist and daily users) testing and support
Linux has a number of websites which aims at inform interested users into the Linux games development, the major ones as far as I have found are:

  • http://happypenguin.org
  • http://www.linux-gamers.net

In Debian (Squeeze) Linux currently there are an overall of 1815 free and non-free games packages to available for installation
I have a favourite number of games I do install on each and every computer I use as a desktop workstation.

These Linux games are truly a blessing especially in times I’m too tired of reading, scripting or being too overwhelmed of doing my daily system administration duties.

To install my selected games collection on your Debian, Ubuntu or any other debian based Linux with apt-get use the command:

debian:~# apt-get install open-invaders bsdgames-nonfree scummvm
briquolo abuse abuse-frabs dosbox pingus wesnoth brutalchess
dreamchess gnuchess kamefu frozen-bubble bomberclone
lbreakout2 armagetron defendguin dodgindiamond2
rocksndiamonds blobwars wing xgalaga
extremetuxracer planetpenguin-racer
powermanga sauerbraten supertux tecnoballz torus-trooper
trackballs tumiki-fighters zblast-x11 criticalmass xbill
viruskiller snowballz freedoom wormux bugsquish gtetrinet njam
starfighter prboom bb xsoldier xevil gnome-breakout xarchon
moon-lander trophy lincity-ng alienblaster scorched3d ltris
smc foobillard warsow tremulous glest warzone2100 matanza
ace-of-penguins

I have created a small script containing the same apt-get, so I would advice you if you’re keen on Linux gaming like me to use it for yourself and for all your friends who runs Linux.
Download my turn-linux-into-gamestations.sh script here

If you want to install the Linux games list with the turn-linux-into-gamestation.sh use cmds:


debian:~# wget https://www.pc-freak.net/bshscr/turn-linux-into-gamestation.sh
debian:~# chmod +x turn-linux-into-gamestation.sh
debian:~# ./turn-linux-into-gamestation.sh

If you want to take a look a quick look over the gaes description included in
my best linux games to install compilation

Please see my best games collection linux desciption file here

Along with the game desciptions in my recommended games to install description you are about to find also the size of each of the games and the repository filename of the package that installs a games or relates to the linux game.

To extract the games descriptions I have used apt-cache

Here is the exact apt-cache show comman in combination with a little shellscript loop I have used to generate the games desciption file of my favourite Linux games list:

for i in $(echo open-invaders bsdgames-nonfree scummvm briquolo abuse abuse-frabs dosbox pingus wesnoth brutalchess dreamchess gnuchess kamefu frozen-bubble bomberclone lbreakout2 armagetron defendguin dodgindiamond2 rocksndiamonds blobwars wing xgalaga extremetuxracer planetpenguin-racer powermanga sauerbraten supertux tecnoballz torus-trooper trackballs tumiki-fighters zblast-x11 criticalmass xbill viruskiller snowballz freedoom wormux bugsquish gtetrinet njam starfighter prboom bb xsoldier xevil gnome-breakout xarchon moon-lander trophy lincity-ng alienblaster scorched3d ltris smc foobillard warsow tremulous glest warzone2100); do apt-cache show $i |grep -v "Priority:" |grep -v "Section:" |grep -v "Maintainer:" |grep -v "Depends:" |grep -v "Architecture:"|grep -v "SHA1:" |grep -v "SHA256:"|grep -v "Recommends:"|grep -v "MD5sum:" >>games_description.txt;
done

Note that some of the games will require a properly configured opengl / glx configured and will require a bit more solid system hardware in order be able to play some of the games.

Also some of games from my linux favor game list are space demanding, some of the games will require (up to about 300mb of space).

Nevertheless as I presume nowdays most Linux desktops runs some no more than 3, 4 years old hardware I assume the minimal hardware requirements necessery to be able to run and play all the games from the above list won’t be a problem.

On my system all of my selected linux games collection runs without any performance issues, though some of the games has some minor sound problems (for some weird uknown to me reasons).

I’m using an ordinary Thinkpad R61 notebook with a Debian Squeeze 6.0 installation with Gnome on my desktop.
My basic hardware parameters which runs all the linux games smoothly are as follows:

Notebook Thinkpad R61 with

CPU: Intel Core 2 Duo 1.8Ghz
Memory: 2GB
HDD: 160GB

To start up and play the games in a Gnome desktop look up for the games in gnome menus:

Application -> Debian -> Games
or
Application -> Games

If you want to only install only the games which will surely run on lower computer hardware let’s say with: CPU Pentium 166~300 Mhz and some lower amount of memory like 128MB of memory or 128 mbytes of system memory, I would suggest you run the apt-get command:



debian:~# apt-get install bsdgames-nonfree
abuse abuse-frabs pingus brutalchess
gnuchess kamefu frozen-bubble bomberclone lbreakout2 armagetron defendguin dodgindiamond2
rocksndiamonds blobwars xgalaga matanza ace-of-penguins
powermanga supertux tecnoballz
zblast-x11 xbill
viruskiller freedoom wormux bugsquish njam
starfighter prboom bb xsoldier xevil gnome-breakout xarchon
moon-lander trophy lincity-ng

All left is to check out the newly installed linux games and to enjoy them.

How to make Video from your Linux Desktop with xvidcap / Capture desktop output in a video on Linux

Wednesday, April 6th, 2011

If you have wondered on how to create videos aiming at manuals on how you do certain stuff on Linux, let’s say related to programming or system administration.
Then you should definitely check out

xvidcap

Below is the package description as taken from apt-cache show xvidcap

A screen capture enabling you to capture videos off your X-Window desktop
for illustration or documentation purposes. It is intended to be a
standards-based alternative to tools like Lotus ScreenCam.

On Debian based Linux systems (e.g. Debian Ubuntu) xvidcap is available straight from the package repositories. To install and test it you can straight issue:

linux:~# apt-get install xvidcap
...

To start using xvidcap, either by starting it with alt+f2 in gnome or straight launch it from the applications menu via:

Applications -> Sound & Video -> xvidcap

Here is how the xvidcap program looks like right after you start it;
xvidcap screenshot main menu

As you see in the screenshot xvidcap’s menu interface is extraordinary simple.

As you see it only has a stop, pause, rec, back and forward buttons, a capture selector and movie editor.
Pitily xvidcap does not support music capturing, but at least for me that’s not such an issue.

If you click over the field test-0000.mpeg[0000] with your last mouse button, you will notice a drop down menu with an option for preferences of xvidcap.

Take the time to play with the preferences, since there are quite a few of them.

The most important preference that you might like to straightly adjust in my view is in the:

Preferences -> Multi-Frame tab -> File Name:

The default file that xvidcap uses to store it’s content files as you will see in the preferences is utest-%04d.mpeg

If you want to change the type of the output file format to let’s say flv change the File Name: value to utest-%04d.flv
Next time you record with xvidcap, you will have the file stored in flv format.

The red lines which you see in the above screenshot is the capture area, you will have to also tune the screen capture area before you can proceed with recording a video from your desktop.

The way to capture your Desktop in fullscreen is a bit unusual, you first need to mark up all your visible Desktop and before that you will have to select from xvidcap’s preferences from:

Preferences -> General -> Minimize to System Tray

By selecting this option each time you press the xvidcap’s record button the xvidcap’s controller interface will be minimized to tray and capturing the video of the region previously selected with the capture selector will start up.