:::: MENU ::::

Posts Categorized / Linux

  • Mar 21 / 2021
  • Comments Off on Use rsyslog omprog with a Python script
Linux

Use rsyslog omprog with a Python script

If you want to filter some specific logs and redirect them to another server or to another file, you can use the module provided with rsyslog called “omprog”.

Thanks to that module, you can just ask rsyslog to execute a script on every logs you have from a specific application and process it with your own rules.

Let’s go with a simple example, I want to filter my logs from postfix and only extract few specific information.

Below is the configuration I will now push to /etc/rsyslog.d/rsyslog_postfix.conf in order to:

  1. Redirect the current log to /var/log/maillog as a default path (to keep the raw log)
  2. Process every log line with my python script in order to extract only some specific informations that I will write in /var/log/rsyslog_postfix.log
module(load="omprog")

mail.* {
    action(type="omfile" 
        file="/var/log/maillog")
    action(type="omprog"
        name="rsyslog_postfix"
        binary="/usr/bin/python3 /opt/rsyslog_postfix.py"
        queue.type="LinkedList"
        queue.size="20000"
        queue.saveOnShutdown="on"
        queue.workerThreads="4"
        queue.workerThreadMinimumMessages="5000"
        action.resumeInterval="5"
        output="/var/log/rsyslog_postfix.log")
    stop
}

Rsyslog script

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# python_version  :3.6
#===========================

import sys
import traceback
import datetime

if __name__ == '__main__':
    data = {}
    while True:
        try:
            line = sys.stdin.readline()
            msg = line.strip()
            if msg != "":
                data.clear()
                timestamp = msg.split(' ')[0]
                proc= msg.split(' ')[2].split('[')[0]
                pid = msg.split(' ')[2].split('[')[1].split(']')[0]
                log = msg.split(' ', 3)[3]
                if proc.startswith("postfix/"):
                    data = { 
                        "Timestamp": timestamp,
                        "Process": proc,
                        "PID": pid,
                    }
                    data["PostfixID"] = log.split(' ')[0].split(':')[0]
                print(data)
        except Exception as e:
            err = traceback.format_exc()
            print(err)

Now, I just need to restart rsyslogd process and the logs will start to be processed as expected, and you should get the raw logs in /var/log/maillog and the filtered ones in /var/log/rsyslog_postfix.log

systemctl restart rsyslog
  • Feb 10 / 2021
  • Comments Off on Disable FIPS mode on CentOS 7
Linux

Disable FIPS mode on CentOS 7

FIPS (Federal Information Processing Standard) can be enabled (by default or not) on linux kernels to enable the FIPS kernel cryptographic features.
But in some case, this can also lead to some issues with openssl, or any cryptographic tool that you can use within any code.

You can check if FIPS is enabled with that command:

# cat /proc/sys/crypto/fips_enabled
1

If you need to turn this feature off, you will have to first remove any dracut-fips package that you have installed:

# yum -y remove dracut-fips* 

Then, take a backup of the FIPS initramfs and recreate a new file:

# cp -p /boot/initramfs-$(uname -r).img /opt/initramfs-$(uname -r).backup
# dracut -f 

Once the file creation is complete, update your GRUB configuration to disable fips flag and rebuild grub configuration

# perl -pi -e 's/fips=1/fips=0/g' /etc/default/grub 
# grub2-mkconfig -o /boot/grub2/grub.cfg
# grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg

Now, reboot the server and if you check FIPS status again, it should return a value of 0 indicating that FIPS is disabled:

# cat /proc/sys/crypto/fips_enabled
0
  • Jul 17 / 2019
  • 0
Linux

Add timestamp on each line of bash output

When analyzing the output of a bash script, it can be useful to prepend timestamp before each line to see how long it’s taking to do a specific action.

For this, you can use the ‘ts‘ command:

# echo -e "this\nis\na\ntest" | ts '[%Y-%m-%d %H:%M:%S]'
[2019-05-13 09:14:28] this
[2019-05-13 09:14:28] is
[2019-05-13 09:14:28] a
[2019-05-13 09:14:28] test

If the command ‘ts‘ is not available, you might need to install the package moreutils.

  • Apr 23 / 2019
  • Comments Off on Apache/HTTPd Permissions are missing on a component of the path
Linux

Apache/HTTPd Permissions are missing on a component of the path

Seeing that error in HTTPd/Apache logs when trying to GET some pages?

(13)Permission denied: [client xxxxx]: access to /html/myfile.html denied because search permissions are missing on a component of the path

This is because of some SELinux policies blocking the calls. If you don’t want to turn SELinux off, a simple workaround is:

chcon -R --type=httpd_sys_rw_content_t /html/
  • Feb 04 / 2019
  • Comments Off on Fix the NO_PUBKEY error with apt on Ubuntu
Linux

Fix the NO_PUBKEY error with apt on Ubuntu

When updating or installing a package on a Debian-based distribution, you can face that alert:

W: GPG error: http://ppa.launchpad.net trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY C2518248EEA14886

This just means that a signing GPG key is missing or expired on your system. The error is giving you the ID of the missing key that you can use for looking for it on the Ubuntu website:

http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xC2518248EEA14886

Copy the key that you just got from the website above into a file – mykey.txt, for example – and import it with the apt-key command:

apt-key add mykey.txt

Try to install/update the package again, and the error should not appear anymore.

  • Sep 27 / 2018
  • 0
Linux

Extract certificate and/or key from a PKCS12 file

The PKCS12 format is replacing the old PFX format from Microsoft. This format will allow storage of X.509 private keys and the associated public certificates in a single encrypted file.

So you can extract the key and the certificate in a single common PEM file, you can use this openssl command:

openssl pkcs12 -in myCertificate.pfx -out myCertificateAndMyKey.pem

If you want to extract the key and the certificate independently, you can also use the options nocerts/nokeys along with openssl, to extract only one part:

openssl pkcs12 -in myCertificate.pfx -nocerts -out myCertificate.key
openssl pkcs12 -in myCertificate.pfx -nokeys -out myCertificate.pem
Pages:1234567...14
Question ? Contact