Linux: user command logging in bash 
Log user's activity/commands to secure log.

PROMPT_COMMAND='WHO=$(who am i); KDO=${WHO%% *};echo "as `whoami` `history 1`"|logger -t"command[${KDO}]" -p authpriv.info'
readonly PROMPT_COMMAND
export PROMPT_COMMAND


you should add the lines above to system's bashrc.

[ add comment ]   |  [ 0 trackbacks ]   |  permalink
CentOS/RHEL: instalace USB modemu Huawei E1750, O2 (alfa) 
Momentalne mi usb modem Huawei E1750 funguje bez jakehokoli dalsiho nastaveni, tj. nepouzivam zadny zaznam v udev.rules (default v CentOS pouzivajici /lib/udev/modem-modeswitch, pravidlo je definovano v /lib/udev/rules.d/61-option-modem-modeswitch.rules, radka pro ATTRS{idVendor}=="12d1", ATTRS{idProduct}=="1446") ani usb_switchmode pro prepnuti zarizeni do modu modemu. V systemu se identifikuje po priopojeni bez jakychkoli nastaveni jako:

[root@blackstone ~]# lsusb 
Bus 002 Device 005: ID 12d1:1436 Huawei Technologies Co., Ltd.


Pripojeni bylo konfigurovano pomoci utility wvdialconf (v balicku wvdial), nejdrive spustenim wvdialconf a nasledne upravenim konfigu nasledovne:

[root@blackstone ~]# cat /etc/wvdial.conf 
[Dialer Defaults]
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Modem Type = Analog Modem
ISDN = 0
Init1 = ATZ
Modem = /dev/ttyUSB0
Baud = 9600

[Dialer Internet]
Stupid Mode = 1
Phone = *99#
Username = o2
Password = o2


Spojeni se vytvori

[root@blackstone ~]# wvdial Internet


Je mozne, ze v prubehu laborovani s modemem jsem zmenil nastaveni zarizeni pres AT command a tak pouziti usb_switchmode neni nutne.

AT^U2DIAG=276
(http://3g-modem.wetpaint.com/page/Huawe ... Huawei)

Obecne, modem Huawei E1750 pouziva ZeroCD (http://www.abclinuxu.cz/hardware/pripojeni-na-sit/cdma-umts/huawei-e1750), defaultne by mel byt USB dongle zapnut jako CD/Storage a pro prepnuti do rezimu modemu by jste meli potrebovat usb_modeswitch:

# rpm -qa | grep usb_
usb_modeswitch-1.1.5-1.el6.rf.x86_64
usb_modeswitch-data-20101202-1.el6.rf.noarch


Balicek usb_modeswitch je nutne nakonfigurovat nasledovne:

 # cat /etc/usb_modeswitch.conf | grep -v "^#" | strings 
DisableSwitching=0
EnableLogging=0
DefaultVendor= 0x12d1
DefaultProduct=0x1446
TargetVendor= 0x12d1
TargetProductList="1001,1406,140c,14ac"
CheckSuccess=20
MessageContent="55534243123456780000000000000011060000000000000000000000000000"


Pozor, v pravidlech udev je v defaultni instalaci rhel/centos 5.x kolize/lib/udev/rules.d/61-option-modem-modeswitch.rule (/lib/udev/rules.d/61-option-modem-modeswitch.rules), protoze mam pocit, ze se zpocatku modem hlasil v # lsusb jako ATTRS{idVendor}=="12d1", ATTRS{idProduct}=="1446", zkontrolujte jak se modem identifikuje pres lsusb a dle toho postupujte. V mem pripade bylo nutno zakomentovat konfliktni radek, protoze jsem pouzil pro prepnuti usb_modeswitch nakonfigurovany nasledovne.

# cat /lib/udev/rules.d/61-option-modem-modeswitch.rules  | grep "^#"

#ATTRS{idVendor}=="12d1", ATTRS{idProduct}=="1446", RUN+="modem-modeswitch -v 0x%s{idVendor} -p 0x%s{idProduct} -t option-zerocd"


Prikaz usb_modeswitch ze stejnojmenneho balicku je nutne spustit po detekci usb zarizeni Huawei systemem, automatizovane to muze delat udev. Po spusteni prikazu dojde k prepnuti zarizeni do modu modemu.

# cat /etc/udev/rules.d/15-huawei-e1750.rules 

SUBSYSTEM=="usb",
SYSFS{idProduct}=="1446",
SYSFS{idVendor}=="12d1",
RUN+="/usr/sbin/usb_modeswitch"


Nasledne by mel byt modem Huawei videt v systemu:

# lsusb  | grep Huawei

Bus 002 Device 009: ID 12d1:1436 Huawei Technologies Co., Ltd.




[ 13 comments ]   |  [ 0 trackbacks ]   |  permalink
Predpoved pocasi 
http://www.treking.cz/sluzby/pocasi-pod ... endare.htm

[ add comment ]   |  [ 0 trackbacks ]   |  permalink
Linux: simple bash capabilities (array, eval, argv, argc, read, case) 
The bash knows one dim array, suprisingly. So this is a valid construct:

# area=( zero one two three four )
# echo ${area2[2]}
two


The other example shows array cleverly combined with the eval, not evil, function:

#!/bin/bash
# fake argv and argc in bash
argc=$#; argv[0]=$0 # argv[0] is a prog name
for foo in $( seq $argc )
do
eval "argv[${foo}]=\$${foo}"
echo "argv[${foo}] is:" ${argv[$foo]}
done


# ./argv_argc.sh jedna dve honza de
argv[1] is: jedna
argv[2] is: dve
argv[3] is: honza
argv[4] is: de


Notice the argv[0] is missing as seq generates sequention from 1.

The bash also knows how to parse this, no need to parse fields in extra:

Another array example, non continuous array:

event_dest=( [293]="bsafe" [326]="console" [296]="dlo" [300]="dlo" [314]="ftp" \
[315]="ftp" [297]="ifs" [301]="ifs" [299]="outq" [303]="outq" [298]="qsys" \
[302]="qsys" [320]="smtp" [321]="smtp" )


# cat > resto
what classid tag resto
what classid tag resto

# while read a b c d; do echo $a "_" $b "_" $c "_" $d; done < resto
what _ classid _ tag _ resto
what _ classid _ tag _ resto


That's quite obvious, but still a nice case of case

verb=$1
noun=$2
case "${verb}-${noun}" in
find-horse)
echo "searching for a horse...";;
spray-*)
case "$noun" in
horse) echo "fine, let's do it";;
*) echo "i'll spray only a horse";;
esac
esac


Here is a sample..

# ./doit.sh spray horse
fine, let's do it
# ./a.tmp spray car
i'll spray only a horse


[ add comment ]   |  [ 0 trackbacks ]   |  permalink
Linux: HTB shaping script (alpha) 
#!/bin/bash
#
# shape program for performing traffic shaping
#
# chkconfig: 2345 80 30
# description: shape is a script which sets the HTB traffic shaping \
# parameters and uses simple text configuration file. \
# htb stands for Hierarchical Token Bucket
#
# processname: shape
# config: /etc/sysconfig/htb.conf
#
# 17/08/11: first version xxxxxxxxxxxxxx{}fsit.cz

# Source function library.
. /etc/rc.d/init.d/functions

CONFIG="/etc/sysconfig/htb.conf"

if [ ! -f $CONFIG ]; then
echo "No config in $CONFIG"
echo "Sample config is included at end of this script. See $0"
exit 1
fi

start() {
echo -n $"Starting $prog: "
init
#check13 || exit 1
#RETVAL=$?
#echo
#[ $RETVAL = 0 ] && touch ${lockfile}
#return $RETVAL
}

init() {
echo
echo "# setup parent 1:0 for upload"

count=0
for foo in $( seq $( cat $CONFIG | grep WAN_NAME | wc -l ) )
do
WAN_NAME=$( cat $CONFIG | grep WAN_NAME_${count} | sed -n 's/.*="\([^"]*\).*/\1/p' )
WAN_IFACE=$( cat $CONFIG | grep WAN_IFACE_${count} | sed -n 's/.*="\([^"]*\).*/\1/p' )
WAN_SPEED=$( cat $CONFIG | grep WAN_SPEED_${count} | sed -n 's/.*="\([^"]*\).*/\1/p' )

echo "tc qdisc add dev $WAN_IFACE root handle 1:0 htb default 1"
tc qdisc add dev $WAN_IFACE root handle 1:0 htb default 1

echo "tc class add dev $WAN_IFACE parent 1:0 classid 1:1 htb rate $WAN_SPEED burst 512k"
tc class add dev $WAN_IFACE parent 1:0 classid 1:1 htb rate $WAN_SPEED burst 512k

count=$(( $count + 1 ))

count2=0
htb_class=2

echo "# now setup all the local networks for upload"

for foo2 in $( seq $( cat $CONFIG | grep LAN_NAME | wc -l ) )
do
LAN_NAME=$( cat $CONFIG | grep LAN_NAME_${count2} | sed -n 's/.*="\([^"]*\).*/\1/p' )
LAN_IFACE=$( cat $CONFIG | grep LAN_IFACE_${count2} | sed -n 's/.*="\([^"]*\).*/\1/p' )
LAN_RATE=$( cat $CONFIG | grep LAN_RATE_${count2} | sed -n 's/.*="\([^"]*\).*/\1/p' )
LAN_CEIL=$( cat $CONFIG | grep LAN_CEIL_${count2} | sed -n 's/.*="\([^"]*\).*/\1/p' )
LAN_IP_ORIG=$( cat $CONFIG | grep LAN_IP_ORIG_${count2} | sed -n 's/.*="\([^"]*\).*/\1/p' )
LAN_IP_MASQ=$( cat $CONFIG | grep LAN_IP_MASQ_${count2} | sed -n 's/.*="\([^"]*\).*/\1/p' )

echo "# setup network/host $LAN_NAME ($LAN_IP_ORIG) for upload, rate is $LAN_RATE, ceil is $LAN_CEIL"

echo " tc class add dev $WAN_IFACE parent 1:1 classid 1:${htb_class} htb rate $LAN_RATE ceil $LAN_C
EIL"
tc class add dev $WAN_IFACE parent 1:1 classid 1:${htb_class} htb rate $LAN_RATE ceil $LAN_CEIL

echo " tc filter add dev $WAN_IFACE protocol ip parent 1:0 handle ::$(( ${count2} + 100 )) prio 1 u
32 match ip src $LAN_IP_MASQ flowid 1:${htb_class}"
tc filter add dev $WAN_IFACE protocol ip parent 1:0 handle ::$(( ${count2} + 100 )) prio 1 u32 match
ip src $LAN_IP_MASQ flowid 1:${htb_class}
echo

count2=$(( $count2 + 1 ))
htb_class=$(( $htb_class + 1 ))
done
done

echo "# setup parent 1:0 for download"

for foo in $( cat $CONFIG | grep LAN_IFACE | sed -n 's/.*="\([^"]*\).*/\1/p' | sort | uniq )
do
WAN_SPEED=$( cat $CONFIG | grep WAN_SPEED_0 | sed -n 's/.*="\([^"]*\).*/\1/p' )

echo "tc qdisc add dev ${foo} root handle 1:0 htb default 1"
tc qdisc add dev ${foo} root handle 1:0 htb default 1

echo "tc class add dev ${foo} parent 1:0 classid 1:1 htb rate $WAN_SPEED ceil $WAN_SPEED"
tc class add dev ${foo} parent 1:0 classid 1:1 htb rate $WAN_SPEED ceil $WAN_SPEED
done
echo


htb_class=2
count2=0
for foo in $( seq $( cat $CONFIG | grep LAN_NAME | wc -l ) )
do
LAN_NAME=$( cat $CONFIG | grep LAN_NAME_${count2} | sed -n 's/.*="\([^"]*\).*/\1/p' )
LAN_IFACE=$( cat $CONFIG | grep LAN_IFACE_${count2} | sed -n 's/.*="\([^"]*\).*/\1/p' )
LAN_RATE=$( cat $CONFIG | grep LAN_RATE_${count2} | sed -n 's/.*="\([^"]*\).*/\1/p' )
LAN_CEIL=$( cat $CONFIG | grep LAN_CEIL_${count2} | sed -n 's/.*="\([^"]*\).*/\1/p' )

echo "# setup network/host $LAN_NAME ($LAN_IP_ORIG) for download, rate is $LAN_RATE, ceil is $LAN_CEIL"

echo " tc class add dev $LAN_IFACE parent 1:1 classid 1:${htb_class} htb rate $LAN_RATE ceil $LAN_CEIL"
tc class add dev $LAN_IFACE parent 1:1 classid 1:${htb_class} htb rate $LAN_RATE ceil $LAN_CEIL

echo " tc filter add dev $LAN_IFACE protocol ip parent 1:0 handle ::$(( ${count2} + 100 )) prio 1 u32 match
ip dst $LAN_IP_ORIG flowid 1:${htb_class}"
tc filter add dev $LAN_IFACE protocol ip parent 1:0 handle ::$(( ${count2} + 100 )) prio 1 u32 match ip dst $
LAN_IP_ORIG flowid 1:${htb_class}
echo

count2=$(( $count2 + 1 ))
htb_class=$(( $htb_class + 1 ))
done

exit
}

stop() {
delete_filters
delete_qdiscs
}

delete_qdiscs() {
# delete Qdisc WAN
for foo in $( cat $CONFIG | grep WAN_IFACE | sed -n 's/.*="\([^"]*\).*/\1/p' | sort | uniq )
do
echo "Stopping shaping on interface $foo"
echo "tc qdisc del dev $foo root"
tc qdisc del dev $foo root
done


# delete Qdisc LAN
for foo in $( cat $CONFIG | grep LAN_IFACE | sed -n 's/.*="\([^"]*\).*/\1/p' | sort | uniq )
do
echo "Stopping shaping on interface $foo"
echo "tc qdisc del dev $foo root"
tc qdisc del dev $foo root
done
}

delete_filters() {
# delete all the upload filters for network on WAN_IFACE(s)
for foo in $( cat $CONFIG | grep WAN_IFACE | sed -n 's/.*="\([^"]*\).*/\1/p' | sort | uniq )
do

count2=0
for foo2 in $( seq $( cat $CONFIG | grep LAN_NAME | wc -l ) )
do
echo "tc filter del dev $foo parent 1: protocol ip prio 1 handle 800::$(( ${count2} + 100 )) u32" -
tc filter del dev $foo parent 1: protocol ip prio 1 handle 800::$(( ${count2} + 100 )) u32
count2=$(( $count2 + 1 ))
done
done

# delete all the download filters for LAN interfaces
count2=0
for foo in $( seq $( cat $CONFIG | grep LAN_NAME | wc -l ) )
do
LAN_IFACE=$( cat $CONFIG | grep LAN_IFACE_${count2} | sed -n 's/.*="\([^"]*\).*/\1/p' )
echo "tc filter del dev $LAN_IFACE parent 1: protocol ip prio 1 handle 800::$(( ${count2} + 100 )) u32"
tc filter del dev $LAN_IFACE parent 1: protocol ip prio 1 handle 800::$(( ${count2} + 100 )) u32
count2=$(( $count2 + 1 ))
done
}


status() {
echo ": upload --------------------------------------------"
for foo in $( cat $CONFIG | grep WAN_IFACE | sed -n 's/.*="\([^"]*\).*/\1/p' | sort | uniq )
do
echo
echo "Queing discipline for $foo"
tc qdisc show dev $foo
echo "Classes for device $foo"
#tc -s class show dev $foo
tc -s class show dev $foo
echo "Filter for device $foo"
tc filter show dev $foo
echo
done

echo ": download ------------------------------------------"
for foo in $( cat $CONFIG | grep LAN_IFACE | sed -n 's/.*="\([^"]*\).*/\1/p' | sort | uniq )
do
echo
echo "Queing discipline for $foo"
tc qdisc show dev $foo
echo "Classes for device $foo"
#tc -s class show dev $foo
tc -s class show dev $foo
echo "Filter for device $foo"
tc filter show dev $foo
echo
done
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
#status -p ${pidfile} $httpd
#RETVAL=$?
status
;;
restart)
stop
start
;;
*)
echo $"Usage: $prog {start|stop|restart|status}
"
exit 1
esac

exit $RETVAL

------------------ sample config file ----------------------
/etc/sysconfig/htb.conf
------------------------------------------------------------
WAN_NAME_0="Internet"
WAN_IFACE_0="eth0"
WAN_SPEED_0="8192Kbit"

LAN_NAME_0="wifi1"
LAN_IFACE_0="eth1"
LAN_IP_ORIG_0="192.168.1.0/24"
LAN_IP_MASQ_0="30.20.40.100/32"
LAN_RATE_0="1024Kbit"
LAN_CEIL_0="2048Kbit"

LAN_NAME_1="wifi2"
LAN_IFACE_1="eth2"
LAN_IP_ORIG_1="192.168.2.0/24"
LAN_IP_MASQ_1="30.20.40.101/32"
LAN_RATE_1="2048Kbit"
LAN_CEIL_1="4092Kbit"
------------------------ end -------------------------------


[ add comment ]   |  [ 0 trackbacks ]   |  permalink
Linux: sort directory by size, easily 
[root@gw log]# du -k --max-depth=1 | sort -nr
988596 .
31264 ./httpd
3984 ./audit
60 ./cups
36 ./prelink
16 ./mail
12 ./pm
8 ./vbox
8 ./ppp
8 ./iptraf
8 ./conman



[root@gw log]# du -sk /home/* | sort -rn




[ add comment ]   |  [ 0 trackbacks ]   |  permalink
Linux: grubby; useful command to manipulate kernel configuration from command line 
To get the inforamtion which is the default kernel use this command:

# grubby --default-kernel
/boot/vmlinuz-2.6.18-274.el5


To update the default kernel with a parameter you can do this:
grubby --update-kernel="$( grubby --default-kernel )" --args="crashkernel=512M@16M"



[ add comment ]   |  [ 0 trackbacks ]   |  permalink
http://www.despair.com/ 


[ add comment ]   |  [ 0 trackbacks ]   |  permalink
Linux RHEL: reset HP server remotely with ilo (fence_ilo) 
To use the script below to remotely reset HP server vith ILO, you have to create the fence user in ILO and assign permission to remotely reset the server.

#!/bin/bash

# name: fence_server
# desc: the script resets the server remotely via iLO2 (HP servers)
# if the server is not pingable. the script tries to ping
# the server several times before issuing reset.
#
# req: package cman must be installed (includes /sbin/fence_ilo)

SCRIPT_NAME=`basename $0`
TMP_FILE=/tmp/$$.tmp

SYSLOG_FACILITY="user"
SYSLOG_SEVERITY="info"

# server to ping
#SERVERNAME="xxxx"
SERVERNAME="xx.xx.xx.xx"

# ilo to server
ILO_HOSTNAME="xxxx-console"
ILO_ACCOUNT="fence"
ILO_PASSWD="xxxx"

# retries before kill
WAIT_ROUNDS=3 # 3 retries
WAIT_TIME=600 # 10 minutes

# try to ping the server
for waits in $( seq 1 $WAIT_ROUNDS )
do
ping -q -c 3 $SERVERNAME > /dev/null
[ $? -eq 0 ] && exit
sleep $WAIT_TIME
done

# server is not reachable via ICMP, perform reset
> $TMP_FILE
echo "$SCRIPT_NAME is trying to reset the server $SERVERNAME via $ILO_HOSTNAME" >> $TMP_FILE

# do the fence
/sbin/fence_ilo -a $ILO_HOSTNAME -l $ILO_ACCOUNT -p $ILO_PASSWD -v >> $TMP_FILE

# log the output to syslog
while read line
do
logger -t "$SCRIPT_NAME[$$]" -p "$SYSLOG_FACILITY.$SYSLOG_SEVERITY" "$line"
done < $TMP_FILE

rm $TMP_FILE


[ 1 comment ]   |  [ 0 trackbacks ]   |  permalink
OpenVPN clietn setup and tun/tap OpenVPN routing explanation 
http://www.linuxexpres.cz/blog/openvpn-poprve

http://openvpn.net/index.php/access-ser ... ients.html

http://www.secure-computing.net/wiki/in ... PN/Routing

ccd/client file must contain:
iroute 10.10.3.0 255.255.255.0

where the 10.10.3.0 is the LAN beyond the client (ie.router)


[ add comment ]   |  [ 0 trackbacks ]   |  permalink

<<First <Back | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | Next> Last>>