Fri Jan 22 17:14:45 EST 2016

OpenLDAP to AD Passthru

Ever wanted/needed to setup an OpenLDAP Server that can passthrough the password portion of authentication to a Windows DC LDAP Server? Well recently I happened to set something up to do just that so we could accomplish a single sign on solution for our Linux/BSD/Unix systems and AD systems. What was most interesting is the group I work in only supports and maintains Linux/BSD/Unix systems. We actually did not need to directly access a single DC we only needed a service account.


Fri Nov 13 08:48:06 EST 2015

netstr-0.16 Release

The network strings utility has a new release. A few changes, one pretty significant one: scan --ping is no longer supported, instead scan --isup does something similar. I found a bug in the ping code that essentially rendered it useless. Additionally, it was not a true ping, the code was doing a fast port check which really isn't correct. The new code tries to do one very fast, very arbitrary connect, blurts out a response then bags out. The rest of the changes are either related or not a big deal:

  • Removed buggy `scan --ping` and replaced it with `scan --isup` it isn't really a ping it is a single fast connect() attempt.
  • Mega update to the TODO there is a lot of work that needs done
  • Very minor formatting changes
  • Updated manual page to reflect how `scan --isup` really works
  • Updated info print to reflect how `scan --isup` really works

The manual page and help print had a major error. Runing netstr scan --isup TARGET is not compatible with any other scan options (there is a good reason for this, mucking with the timers will cause false positives). So one can do either isup with target only or a regular scan without the isup option.

The formatting changes, actually, are kind of a big deal. I went through the code and hand formatted as much of it as I could to make it easy to read. In addition to formatting I added a ton of comments for anyone who might want to make changes to it. Also if you would like to make changes check out the TODO file. There is a lot of work I'd like to do over the winter so I can get it to a production release and switch to maintenance mode (as I've another project I'd like to get going soon).


Sat Oct 15 19:47:33 EDT 2015

Example QEMU Shell Lib

Where I work we have the need to convert vmdk virtual machine image files as well as clone qcow2, raw and/or vmdk image files. The management software we use (as of the writing of this post) cannot do either of those (although it does a good job handling DWM, HA, templates, VDC and IaaS... so it is ok..) Hence I wrote my own shell lib with routines to do cloning and converting. Here is a very small example shell script that calls my library:

# Clone a CentOS 6 QCOW2 image 
source /usr/local/lib/qlib
if [ $1 == -u ]; then
    echo Usage: $0 source-image destination-image
    exit 0

clone_img $1 $2
prep_centos_vm $2 6

There is no license. As with everything YMMV, there is configuration to do and there are limitless improvements to be made since it is such a limited use case.


Sat Apr 4 12:15:41 EST 2015

OpenLDAP Server

I really had hoped to have some coding stuff to put up but not this time around. Instead I got side tracked onto a LDAP project and decided since I had such a difficult time mining data on how to set it up; why not share the fun? It isn't really all that bad and for those in the know or are recklessly confident I tacked on a quickstart guide at the end of the text.


Mon Feb 2 08:51:58 EST 2015

MySQL Status Page Nagios Check 2

Part one of this series introduced the concept of using a web status page for nagios checks and how to setup a mysql and php status page. In part two the nagios check itself is detailed along with what other interesting things could one do. For simplification I will follow what seems to be the systhread standard and first break the script down into pieces and at the end put it all together.


Tue Dec 09 18:00:00 EDT 2014

Using the timeout Command

Ever had an automated secure copy hang on you? Or, better yet, how about a crond secure copy job that hangs each time it is called and you happen to be out of the office for a couple days while it is called once an hour? Sure that never happens.... well it did and the fix, hopefully, was relatively simple.


Tue Sep 30 23:00:00 EDT 2014

Network String Development Release 0.15

Due to certain commercial products a network utility program had to be renamed. Since that was going on it was renumerated and labeled development release so it could get pushed out. netstr-0.15 is a collection of small network tools put together to compliment the network toolkit. The tools are modules that are called at run time and managed by the netstr main program. The modules are:

  • scan: simple small ipv4 portscanner
  • scan6: by port ipv6 scanner
  • passive: passive ipv4 port watcher & recorder
  • tcpdump: mini tcpdumper
  • arpsniffer: watches for arp traffic

Invoking netstr is similar to the dnet utility:

$ ./netstr                                                                        
Usage: netstr <command> <args> ...
netstr scan --ping --conn --dgram --port n-N --time \
            --extra -V {target}
netstr scan6 --dgram --port N {ipv6addr}
netstr passive --if dev --threshold n --polls count \
               --extra --no-verify {pcap-expr}
netstr tcpdump --if dev --polls count --decode {pcap-expr}
netstr arpsniff --if dev --polls count --decode {pcap-expr}

Please note that netstr is experimental and was just recently actively developed again. Your mileage may vary ... a lot.

Download netstr dr15

Mon Aug 4 19:06:28 EDT 2014

MySQL Status Page Check using Nagios Part 1

Nagios can check anything anyone is willing to write it to check. In other words if there is a way to reap results then Nagios can act on those results whether they be a set of strings, numbers or some combination therein. This two part series goes over setting up a very rudimentry MySQL status page check using common tools found on a BSD-Unix, Unix or Linux system (and it not, generally easy enough to install). This first part goes over requisites, assumptions and the status pages themselves. The second part is the Nagios end of things and of course the "other cool stuff" the creative mind can do with it all.


Fri Feb 14 21:43:49 EST 2014

pwutils-0.6 Available

The single line print format for pwutils never worked right. Well now it does. The pwutils collection are some very small programs written in C, Perl, Python and Bash that do, among other things:

  • Userinfo print similar to BSD systems
  • Group report
  • Various user reports
  • A kinda sorta like the pw utility pwutil front end.

Should build and run on almost any Unix/Linux/BSD system.

Coding Download

Sat Oct 26 18:53:41 EDT 2013

Using Payloads to Probe UDP Ports

With no lubricant! A few years ago I was involved in an effort to move the payloads that were embedded in the Nmap code (and hence, compiled into the executable) to a file. I learned a lot, especially that I am a lousy C++ coder (my work basically had to be rewritten from scratch... but it was still fun!). I did learn one thing though, Maps in C++ are really friggin cool and if I were a C++ programmer I would probably use them every chance I could. They kinda sorta remind me of anon hashes in Perl ... but not exactly the same. Regardless, here is a short text on why we did it and an overview of how it works:


Wed Aug 28 12:01:55 EDT 2013

Vignette Effects using The GiMP

Ever wanted to process your own photos so they look older (for some strange reason)? A quick down and dirty how to add some vignette and edge shading effects to images using the GNU Image Manipulation tool or GiMP. Enjoy, have fun and if you find mistakes... I might fix them!


Tue Sep 20 21:46:26 EDT 2011

Wrapping a Program with Scripts and Libs

Ever have to run a program with a variety of options over and over again? If your a Unix, Linux, BSD, Mac etc. programmer and/or sysadmin then... yes you have. The key to success of course is my favorite sysadmin attribute: laziness. In this text a look at one simple wrapper for cron and a Perl library script wrapper.


Tue Jun 21 20:12:47 EDT 2011

C Program with Registered Modules: dnet

Many programs come with modules that can registered and loaded. Some are on demand, others compiled in while still others are precompiled and can be loaded on demand (several Operating System kernels come to mind that have such a capability). In this text, an example of a program that allows a module to be written and compiled onto a program with relative ease. The example program is the dnet test program which ships with libdnet written by Dug Song.


Sat Mar 26 18:16:12 EDT 2011

Nagios Configuration Auto Generation Script

Ever had to setup nagios monitoring for a group of very similar systems? Say, perhaps, high performance compute nodes? Well, I have. And being a lazy system admin, I decided instead of having to make (N) changes to the config file I would prefer to simply autogenerate the configurations. Ideally, one might use a base configuration file. Of course, even that was too much work for me, I just jammed it into two shell scripts. Regardless, here is a simple method for quickly generating nagios configurations that should scale quite nicely.


Sat Jan 1 09:07:15 EST 2011

RAD Infrastrcture

Taken from wikipedia, software prototyping is:

Software prototyping,
refers to the activity of creating prototypes of software applications, i.e., incomplete versions of the software program being developed. It is an activity that occurs during certain software development and is comparable to prototyping as known from other fields, such as mechanical engineering or manufacturing.

While rapid application development is:

Rapid Application Development (RAD)
refers to a type of software development methodology that uses minimal planning in favor of rapid prototyping. The "planning" of software developed using RAD is interleaved with writing the software itself. The lack of extensive pre-planning generally allows software to be written much faster, and makes it easier to change requirements.

Can these same methods be applied to infrastructure? Or does infrastructure always have to be engineered? The real answer is of course (as usual per my essays) it depends. Instead of conjecturing when it might work this text will look at three examples. One where it did not work, one where it kind of worked until it went off the rails and one where it worked like a champ.


After several years of procrastination I finally sat down and created a personal website. Okay in reality I was bored on a snowy winter day but either way it did finally get done. I don't think the two or three longtime readers of this site will learn anything new. So if you are bored out of your skull please do feel free to visit my personal site to help burn away what would be otherwise productive milliseconds.


Previous Articles

The News Page only goes back a few years. All previous texts that were kept can be found in the texts section of the website. Software releases and changes can be found in the changelog file of the source distributions in the coding section.