Thursday, 18 October 2012

nagios script to watch linux log file

This is an example nagios (nrpe) script that will watch /var/log/secure log file, and respond with exit code 0 (OK) or exit code 2 (critical) if "Invalid user" string is found (GREPSTRING variable, this can be easily changed). Few tricky bits, first is how to compare two timestamps in bash, so I choose to convert hour and minute and use timestamp, i.e. number of hours * 60 gives the number of minutes + actual minute. Then it's just simple sub to calculate time difference in minutes between event and current time. Second trick is how to add current minute to our timestamp, because bash doesn't like to add values that has zero (0), so when current minute is 08 (as an example, same for 09 as well), it throw error: "value too great for base (error token is '08')". Solution is quite simple (if you know it, heh), use 10# before 0X minute, i.e. 10#`date +%M` did the trick. It's pretty flexible script, as you can use it to watch any linux log file that has usual linux format, and you can search (or grep, if you prefer to call it that way) for any string you want. And here's the script:


#!/bin/bash

LOGDIR="/var/log"
LOGFILE="secure"
#GREPSTRING="that what you're searching for"
GREPSTRING="Invalid user"
TIMENOW=$((`date +%H` * 60 + 10#`date +%M`))
DATENOW=`date +%b" "%d`
LASTRUN=`grep "${GREPSTRING}" ${LOGDIR}/${LOGFILE} | grep "${DATENOW}" | tail -1 | cut -d" " -f3`
TIMELASTHOUR=`echo ${LASTRUN} | cut -d":" -f1`
TIMELASTMINUTE=`echo ${LASTRUN} | cut -d":" -f2`
TIMELAST=$((${TIMELASTHOUR}*60+${TIMELASTMINUTE}))

TIMEDIFF=$((${TIMENOW}-${TIMELAST}))

if [ ${TIMEDIFF} -le 1 ]
then
          echo "CRITICAL: last ${GREPSTRING} occurs in log ${LOGFILE} about ${TIMEDIFF} minutes ago"
          exit 2
else
          echo "OK: no ${GREPSTRING} in log ${LOGFILE} in last minute"
          exit 0
fi

Saturday, 1 September 2012

bash script - move content from one directory to another

Here's a script that move content from one directory to another, as soon as soon some new files arrive in source directory.


#!/bin/bash
SOURCE="/home/ftp/dropzone"
DEST="/home/backup/ftp_files_storage"
if [ `find ${SOURCE} -type f` ]
then
        echo Files found in ${SOURCE}
        echo Moving files to ${DEST}
        find ${SOURCE} -type f -ls
        mv -f ${SOURCE}/* ${DEST}/
else
        echo ${SOURCE} is empty, nothing to do...
fi


and finally crontab entry to run script every minute:
* * * * * /usr/bin/movefiles.sh > /var/log/movefiles.log 2>&1

Friday, 27 July 2012

Bash script - curl and analyse http response code

Basic bash script that use curl and analyse http response code. Script returns 0 (ok) or error (1) bash exit code status, so that it can be used / called from another, more complicated script.
script code name: curl-head.sh

# -----------------------------------------

#!/bin/bash
CURL_URL=$1
DTIME=`date +%Y%m%d%M%S`
CURL_TMP="/tmp/curl-head-bash-script-${DTIME}.tmp"

curl -I -s ${CURL_URL} > ${CURL_TMP}
CURL_TST=`cat ${CURL_TMP} | grep -c "200 OK"`

if [ ${CURL_TST} -eq 1 ]
then
        STATUS=0
else
        STATUS=1        # http header response non 200, error
fi

if [ -f ${CURL_TMP} ]; then
        rm -f ${CURL_TMP}
fi

exit ${STATUS}

# -----------------------------------------

Saturday, 9 June 2012

how to test PHP 5 compilation with sybase 15

While back I had to recompile PHP 5.x with Sybase 15 support. It wasn't difficult, but after compilation was finished, I had to test it somehow... and here's a small and basic piece of PHP code to test connection from PHP 5 to ASE 15 (Adaptive Server Enterprise).

----------

<?php
$db = sybase_connect("SERVER", "username", "password") or die("Could not connect !");
echo "Connected successfully<br>";
echo "handler: $db<br>";
$res = sybase_query("select column from table", $db);
 if($res)
 {
         echo "rows: sybase_num_rows($res)";
         while ($data = sybase_fetch_array($res)) {
          print("db: $data[0]\n");
         }
 sybase_free_result($res);
 } else  {
         echo "<br><br>false<br><br>";
         }
 echo "<br><br>last message from server:<br>";
 echo sybase_get_last_message();
 sybase_close($db);
?>

how to debug linux bash script

bash - GNU Bourne-Again SHell. Bash is an sh-compatible command language interpreter that executes commands read from the standard input or from a file.  Bash also incorporates useful features from the Korn and C shells (ksh and csh).

-x parameter puts bash into debug mode, so if you would like to execute your bash script in debug mode, you can do it this way:

# bash -x yourscriptname.sh

another solution is to add "set -x" line into your script, but you have to remember that this will make your script produce debug output every time it's executed. If you prefer this way, just add "set -x" line at the begining of script:

#!/bin/bash
set -x
...

The #1 programmer excuse for legitimately slacking off




The #1 programmer excuse for legitimately slacking off: "My code's compiling."

Friday, 8 June 2012

linux CentOS 6.2 denyhosts installation

Linux Cenos 6.2, base system installed from: CentOS-6.0-x86_64-minimal.iso
# uname -a
Linux xxx 2.6.32-71.el6.x86_64
# yum install denyhosts
Loaded plugins: fastestmirror, presto
Loading mirror speeds from cached hostfile
 * base: mirror01.th.ifl.net
 * extras: mirror01.th.ifl.net
 * updates: mirror01.th.ifl.net
Setting up Install Process
No package denyhosts available.Error: Nothing to do
denyhosts package is not included in Centos repositories, but it's pretty easy to download sources and build it. Sourceforget denyhosts project website: http://sourceforge.net/projects/denyhosts/
# wget http://downloads.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fdenyhosts%2Ffiles%2Fdenyhosts%2F2.6%2F&ts=1320260346&use_mirror=sunet
]# -bash: wget: command not found

ehm... "yum install wget" solved the problem, software downloaded, ungzip, untar.

# python setup.py install
# cd /usr/share/denyhosts
# cp daemon-control-dist /etc/init.d/denyhosts
# cp denyhosts.cfg-dist denyhosts.cfg

I have no idea why, but config specify this location as WORK_DIR, but this directory is not created by setup script by default, so...

# mkdir /usr/share/denyhosts/data

this is where you can create file "allowed-hosts" to white-list your trusted IPs, from denyhosts documentation: "Since it is quite possible for a user to mistype their password repeatedly it may be desirable to have DenyHosts prevent specific IP addresses from being added to /etc/hosts.deny. To address this issue, create a file named allowed-hosts in the WORK_DIR. Simply add an IP address, one per line. Any IP address that appears in this file will not be blocked."

# chkconfig --level 3 denyhosts on

# chkconfig --list denyhosts
make sure it's activated for level 3 and... all done here...

Friday, 1 June 2012

Bash exit status code basics...


bash exit status code basics:

exit status 0
command executed successfully

non-zero exit status
command executed with errors

quick facts about bash exit codes:

variable $?
can be used to determine the exit status of the last executed command.

calling "exit" in bash script without parameter will return the exit code of the last executed command, so "exit" and "exit $?" should return exactly same bash exit code.

Wednesday, 23 May 2012

linux startup script for xvfb

this post has been moved to:
http://www.cliip.net/technology/linux-startup-script-xvfb

ffmpeg 0.6.5 dependiences (rpms) on Centos / Redhat

master package:
ffmpeg-0.6.5-1.el6.rf.x86_64.rpm

dependiences:
ffmpeg-libpostproc-0.6.5-1.el6.rf.x86_64.rpm
a52dec-0.7.4-8.el6.rf.x86_64.rpm
cppunit-1.12.1-3.1.el6.x86_64.rpm
dirac-1.0.2-1.el6.rf.x86_64.rpm
faac-1.26-1.el6.rf.x86_64.rpm
lame-3.99.5-1.el6.rf.x86_64.rpm
libdca-0.0.5-1.el6.rf.x86_64.rpm
librtmp-2.3-1.el6.rf.x86_64.rpm
libva-1.0.6-1.el6.rf.x86_64.rpm
opencore-amr-0.1.2-1.el6.rf.x86_64.rpm
orc-0.4.11-1.el6.rf.x86_64.rpm
schroedinger-1.0.10-1.el6.rf.x86_64.rpm
x264-0.0.0-0.4.20101111.el6.rf.x86_64.rpm

Thursday, 17 May 2012

Thursday, 3 May 2012

Linux SAR - Collect, report, or save system activity information

The sar command writes to standard output the contents of selected cumulative activity counters in the operating system. The accounting system, based on the values in the count and interval parameters, writes information the specified number of times spaced  at  the specified  intervals in seconds.

example output of sar command:

# sar

Linux 2.6.18-164.11.1.el5 (hostname)  05/03/2012
12:00:01 AM       CPU     %user     %nice   %system   %iowait    %steal     %idle
12:10:01 AM       all      0.16      0.00      0.30      0.01      0.00     99.54
12:20:01 AM       all      0.19      0.00      0.41      0.00      0.00     99.40
12:30:01 AM       all      0.26      0.00      0.29      0.01      0.00     99.44
12:40:01 AM       all      0.13      0.00      0.26      0.00      0.00     99.61
12:50:01 AM       all      0.13      0.00      0.26      0.00      0.00     99.61
01:00:01 AM       all      0.17      0.00      0.27      0.00      0.00     99.56
01:10:01 AM       all      0.89      0.00      0.34      0.00      0.00     98.77
01:20:01 AM       all      0.17      0.00      0.26      0.00      0.00     99.57
01:30:01 AM       all      0.14      0.00      0.26      0.00      0.00     99.59
[...]
09:00:01 AM       all      0.67      0.00      0.30      0.01      0.00     99.01
09:10:01 AM       all      0.38      0.00      0.28      0.02      0.00     99.32
09:20:01 AM       all      0.34      0.00      0.28      0.00      0.00     99.37
09:30:01 AM       all      0.42      0.00      0.32      0.01      0.00     99.25
09:40:01 AM       all      2.21      0.00      0.52      0.03      0.00     97.24

-f parameter can be used to view archived stats. Logs are stored (by default) in /var/log/sa/

example:
# sar -f /var/log/sa/sa31

will shows content of log file from 31th day of last month.