Fri Jan 22 17:14:45 EST 2016

OpenLDAP to AD Passthru

Ever wanted/needed to setup an OpenLDAP Server that can passthrough the password portion of authentication to a Windows DC LDAP Server? Well recently I happened to set something up to do just that so we could accomplish a single sign on solution for our Linux/BSD/Unix systems and AD systems. What was most interesting is the group I work in only supports and maintains Linux/BSD/Unix systems. We actually did not need to directly access a single DC we only needed a service account.


Fri Nov 13 08:48:06 EST 2015

netstr-0.16 Release

The network strings utility has a new release. A few changes, one pretty significant one: scan --ping is no longer supported, instead scan --isup does something similar. I found a bug in the ping code that essentially rendered it useless. Additionally, it was not a true ping, the code was doing a fast port check which really isn't correct. The new code tries to do one very fast, very arbitrary connect, blurts out a response then bags out. The rest of the changes are either related or not a big deal:

  • Removed buggy `scan --ping` and replaced it with `scan --isup` it isn't really a ping it is a single fast connect() attempt.
  • Mega update to the TODO there is a lot of work that needs done
  • Very minor formatting changes
  • Updated manual page to reflect how `scan --isup` really works
  • Updated info print to reflect how `scan --isup` really works

The manual page and help print had a major error. Runing netstr scan --isup TARGET is not compatible with any other scan options (there is a good reason for this, mucking with the timers will cause false positives). So one can do either isup with target only or a regular scan without the isup option.

The formatting changes, actually, are kind of a big deal. I went through the code and hand formatted as much of it as I could to make it easy to read. In addition to formatting I added a ton of comments for anyone who might want to make changes to it. Also if you would like to make changes check out the TODO file. There is a lot of work I'd like to do over the winter so I can get it to a production release and switch to maintenance mode (as I've another project I'd like to get going soon).


Sat Oct 15 19:47:33 EDT 2015

Example QEMU Shell Lib

Where I work we have the need to convert vmdk virtual machine image files as well as clone qcow2, raw and/or vmdk image files. The management software we use (as of the writing of this post) cannot do either of those (although it does a good job handling DWM, HA, templates, VDC and IaaS... so it is ok..) Hence I wrote my own shell lib with routines to do cloning and converting. Here is a very small example shell script that calls my library:

# Clone a CentOS 6 QCOW2 image 
source /usr/local/lib/qlib
if [ $1 == -u ]; then
    echo Usage: $0 source-image destination-image
    exit 0

clone_img $1 $2
prep_centos_vm $2 6

There is no license. As with everything YMMV, there is configuration to do and there are limitless improvements to be made since it is such a limited use case.


Sat Apr 4 12:15:41 EST 2015

OpenLDAP Server

I really had hoped to have some coding stuff to put up but not this time around. Instead I got side tracked onto a LDAP project and decided since I had such a difficult time mining data on how to set it up; why not share the fun? It isn't really all that bad and for those in the know or are recklessly confident I tacked on a quickstart guide at the end of the text.


Mon Feb 2 08:51:58 EST 2015

MySQL Status Page Nagios Check 2

Part one of this series introduced the concept of using a web status page for nagios checks and how to setup a mysql and php status page. In part two the nagios check itself is detailed along with what other interesting things could one do. For simplification I will follow what seems to be the systhread standard and first break the script down into pieces and at the end put it all together.


Tue Dec 09 18:00:00 EDT 2014

Using the timeout Command

Ever had an automated secure copy hang on you? Or, better yet, how about a crond secure copy job that hangs each time it is called and you happen to be out of the office for a couple days while it is called once an hour? Sure that never happens.... well it did and the fix, hopefully, was relatively simple.


Tue Sep 30 23:00:00 EDT 2014

Network String Development Release 0.15

Due to certain commercial products a network utility program had to be renamed. Since that was going on it was renumerated and labeled development release so it could get pushed out. netstr-0.15 is a collection of small network tools put together to compliment the network toolkit. The tools are modules that are called at run time and managed by the netstr main program. The modules are:

  • scan: simple small ipv4 portscanner
  • scan6: by port ipv6 scanner
  • passive: passive ipv4 port watcher & recorder
  • tcpdump: mini tcpdumper
  • arpsniffer: watches for arp traffic

Invoking netstr is similar to the dnet utility:

$ ./netstr                                                                        
Usage: netstr <command> <args> ...
netstr scan --ping --conn --dgram --port n-N --time \
            --extra -V {target}
netstr scan6 --dgram --port N {ipv6addr}
netstr passive --if dev --threshold n --polls count \
               --extra --no-verify {pcap-expr}
netstr tcpdump --if dev --polls count --decode {pcap-expr}
netstr arpsniff --if dev --polls count --decode {pcap-expr}

Please note that netstr is experimental and was just recently actively developed again. Your mileage may vary ... a lot.

Download netstr dr15

Mon Aug 4 19:06:28 EDT 2014

MySQL Status Page Check using Nagios Part 1

Nagios can check anything anyone is willing to write it to check. In other words if there is a way to reap results then Nagios can act on those results whether they be a set of strings, numbers or some combination therein. This two part series goes over setting up a very rudimentry MySQL status page check using common tools found on a BSD-Unix, Unix or Linux system (and it not, generally easy enough to install). This first part goes over requisites, assumptions and the status pages themselves. The second part is the Nagios end of things and of course the "other cool stuff" the creative mind can do with it all.


Fri Feb 14 21:43:49 EST 2014

pwutils-0.6 Available

The single line print format for pwutils never worked right. Well now it does. The pwutils collection are some very small programs written in C, Perl, Python and Bash that do, among other things:

  • Userinfo print similar to BSD systems
  • Group report
  • Various user reports
  • A kinda sorta like the pw utility pwutil front end.

Should build and run on almost any Unix/Linux/BSD system.

Coding Download