:::: MENU ::::

Home

  • Feb 24 / 2017
  • 0
Linux

Reset root password on Linux

Who never forgot a root password on a running machine that you can’t reinstall totally?

Most of the linux distributions do have a recovery partition that you can use for that on startup (I won’t detail this here). But if you don’t have this partition, you can still reset it using generic commands thanks to grub capabilities.

Here is the procedure for resetting root password on most of the linux distros using GRUB:

  1. Reboot the machine
  2. When you get the GRUB menu, go to edit page by pressing e when highlighting the correct line you want to modify (generally it’s the first one, no need to change)
  3. Go to the kernel line and enter again for editing
  4. Remove the quiet word at the end of the line and replace with that:
    init=/bin/bash
  5. Press enter to validate your changes
  6. Press b to boot (that way, changes will only be temporary)
  7. You’re now getting a root bash prompt for your machine
  8. The root filesystem is mounted as readonly by default, you have to mount it as read/write by typing
    mount -n -o remount,rw /
  9. Use the passwd command to create a new root password (pay attention to keyboard layout that can be different!)
    passwd
  10. Reboot and log into your server with your freshly created password

You should now be able to connect perfectly to your server with your new password!

  • Jan 26 / 2017
  • 0
Linux

Some Apache servers do activate the DirectoryIndex so you can easily go through the directories listing over HTTP and download some files. It’ s often used for giving possibility to people to download multiple releases for a package/software.
But in some cases, it can be useful to download the content of a full tree view.

This can be done by using a simple tool available by default on Linux (can be downloaded on Windows/Mac): wget

Let’s take an example!

Without proxy

We want to download all the files on https://pkg.mywebsite.eu/releases/ which contains all the latest releases of our preferred soft.

wget -r -np -nH --cut-dirs=1 -l 15 -R index.html https://pkg.mywebsite.eu/releases/

Here, we are using many options to say to wget what we want to do:

  • -rTurn on recursive retrieving (max 5)
  • -np : Do not ever ascend to the parent directory when retrieving recursively
  • -nH –cut-dirs=1 : Disable generation of host-prefixed directories, and remove 1 level (here, remove “pkg.mywebsite.eu” and create a “releases” dir)
  • -l 15 Change default depth for downloading to 15 levels (default is 5)
  • -R index.html : Specify comma-separated lists of file name suffixes or patterns to reject

With proxy

Let’s now add a complexity, this server is only available through a proxy to protect the content. The proxy is available on your localhost (127.0.0.1) on port 3128 (default port for Squid Proxy):

wget -r -np -nH --cut-dirs=1 -l 15 -R index.html  -e use_proxy=yes -e http_proxy=127.0.0.1:3128 https://pkg.mywebsite.eu/releases/

Here, we just added 2 options to be able to send exactly the same request but using proxy:

  • -e use_proxy=yesExecute command to enable proxy
  • -e http_proxy=127.0.0.1:3128Execute command to give URL to use for HTTP proxy

 

  • Jan 02 / 2017
  • 0
Uncategorized

iTerm – Automatic mutliple panes with AppleScript

It’s often very useful to automate opening of multi panes with iTerm to execute many commands or getting access to many servers at the same time. This can be done through AppleScript.

You can copy this script and save it as multi-panes.scpt

#! /usr/bin/osascript

-- List actions to perform
set actions to {¬
	{action:"echo 'I am the window 1'"}, ¬
	{action:"echo 'I am the window 2'"}, ¬
	{action:"echo 'I am the window 3'"}, ¬
	{action:"echo 'I am the window 4'"}, ¬
	{action:"echo 'I am the window 5'"}, ¬
	{action:"echo 'I am the window 6'"}, ¬
	{action:"echo 'I am the window 7'"}, ¬
	{action:"echo 'I am the window 8'"} ¬
		}
-- Count number of actions
set num_actions to count of actions

-- Set cols and lines
set num_cols to round (num_actions ^ 0.5)
set num_lines to round (num_actions / num_cols) rounding up

-- Start iTerm
tell application "iTerm"
	activate
	
	# Create new tab
	tell current window
		create tab with default profile
	end tell
	
	-- Prepare horizontal panes
	repeat with i from 1 to num_lines
		tell session 1 of current tab of current window
			if i < num_lines then
				split horizontally with default profile
			end if
		end tell
	end repeat
	
	-- Prepare vertical panes
	set sessid to 1
	repeat with i from 1 to num_lines
		if i is not 1 then set sessid to sessid + num_cols
		if i is not num_lines or num_actions is num_cols * num_lines then
			set cols to num_cols - 1
		else
			set cols to (num_actions - ((num_lines - 1) * num_cols)) - 1
		end if
		repeat with j from 1 to (cols)
			tell session sessid of current tab of current window
				split vertically with default profile
			end tell
		end repeat
	end repeat
	
	-- Execute actions
	repeat with i from 1 to num_actions
		tell session i of current tab of current window
			write text (action of item i of actions)
		end tell
	end repeat
end tell

Then, you just have to call the script directly:

# osascript multi-panes.scpt

And here is what you’re getting:

Feel free to add/remove/update the actions as needed!

  • Dec 07 / 2016
  • 0
Linux

Nagios plugin – Error “No such file or directory”

When trying to execute a nagios plugin, you’re getting this error:

# /usr/lib/nagios/plugins/check_procs 
bash: /usr/lib/nagios/plugins/check_procs: No such file or directory

But when checking further, the file does exist:

# ls -l /usr/lib/nagios/plugins/check_procs 
-rwxr-xr-x 1 root root 124929 Jan 19  2016 /usr/lib/nagios/plugins/check_procs

This can be due to some 32 bit libc libraries missing. To fix that, you will have to install the 32-bit shared libraries for AMD64 by installing this package:

libc6-i386

And now, you can try again, error should have gone away!

# /usr/lib/nagios/plugins/check_procs 
PROCS OK: 152 processes|procs=152;-1;-1;0
  • Nov 24 / 2016
  • 0
Linux

NRPE – Enable command args (Jessie, …)

With recent versions of NRPE server, the possibility to enable command args has been disabled.

For example, on a Debian Jessie, you can get this kind of error on console:

CHECK_NRPE: Received 0 bytes from daemon

and in logs:

Error: Request contained command arguments! 

!WARNING! This change can lead to security issue, this is why it has been disabled by default. You have to double check your servers can’t be reached from anywhere with NRPE commands (to avoid execution of unwanted or malicious code).

Once you’re sure there’s no security breach in your infra, you can go on with the installation of source:

cd /tmp
apt-get update
apt-get install -y build-essential devscripts debhelper libssl-dev dpatch libwrap0-dev autotools-dev
ln -s /usr/lib/x86_64-linux-gnu/libssl.so /usr/lib/libssl.so
apt-get source nagios-nrpe-server

Then, you’ll have to change the rules defined in the rules file:

cd nagios-nrpe-2.15/
vi debian/rules

You must add this line –enable-command-args after –libdir=/usr/lib/nagios.
You should so get something like

override_dh_auto_configure:
  ./configure 
    --prefix=/usr 
    --enable-ssl 
    --with-ssl-lib=/usr/lib/$(DEB_HOST_MULTIARCH) 
    --sysconfdir=/etc 
    --localstatedir=/var 
    --libexecdir=/usr/lib/nagios/plugins 
    --libdir=/usr/lib/nagios 
    --enable-comand-args

Finally, you can compile your new configuration and install it:

./configure
make all
cd ..
dpkg -i nagios-nrpe-server_2.15-1.1_amd64.deb

Ensure you set the value for dont_blame_nrpe in /etc/nagios/nrpe.cfg (this is the default path, it can be different depending on your installation).

dont_blame_nrpe=1

And here you go, you can now restart your NRPE server and send any nrpe commands.

  • Nov 21 / 2016
  • 0
Linux

Apache – mod_auth compatibility for 2.2 and 2.4

Since Apache 2.4, mod_auth changed and some directive like

Order allow,deny
Allow from all

that have been replaced with

Require all granted

If you want to automatically handle same configuration for multiple servers where different versions of Apache are installed, you can use this trick:

<IfModule mod_version.c>
  <IfVersion < 2.4>
    Order allow,deny
    Allow from all
  </IfVersion>
  <IfVersion >= 2.4>
    Require all granted
  </IfVersion>
</IfModule>
<IfModule !mod_version.c>
  Order allow,deny
  Allow from all
</IfModule>

Thanks to that change, your configuration will be working whatever version of Apache you’re using.

Question ? Contact