I have attached the example script. Explanation to follow!
Python 3 sftp and unzip in Windows using pscp and 7zip
September 16th, 2011Python Script for checking if a Process is running, and/or Restarting Server
March 29th, 2010Hello all,
This is just a quick post with a script that I recently wrote to run a command on a Debian server if a process is no longer running. You can change the top variables to change the process, where the log is written, or the server action. Make sure to chmod 755 the script for it to work.
——
#! /usr/bin/env python
# This script checks if an application is running in ps -A, and writes to a log file at the designated path
# comment
import commands
import time
import os
# Get the time and format it for writing to the log
timenow = time.strftime("%a %m/%d/%y %H:%M:%S", time.localtime())
#HERE ARE THE VARIABLES THAT YOU MAY WANT TO CHANGE
processname = "squid"
isrunningstring = "\n" + timenow + ' - ' + processname + " is still running..."
notrunningstring = "\n" + timenow + ' - ' + processname + " is no longer running..."
pathtologfile = "/usr/local/squid/var/logs/cache.log"
notrunningcommand = "/sbin/shutdown -r now"
#run ps -A to get a list of all processes
output = commands.getoutput('ps -A')
#check if the process we are looking for was in the ps -A
if processname in output:
print isrunningstring
fileHandle = open ( pathtologfile, 'a' )
fileHandle.write (isrunningstring)
fileHandle.close()
#if it wasn't there, epic fail, restart
else:
print notrunningstring
fileHandle = open ( pathtologfile, 'a' )
fileHandle.write (notrunningstring)
fileHandle.close()
#restart the server!!!!
os.system(notrunningcommand)
Hot Chai Recipe
January 24th, 2010I love Chai!
I don’t like the ‘bucks style Chai because I find it way too sweet and you can’t even taste the tea. My philosophy on flavor is: if you can’t taste it, why bother putting it in there. Below is my Chai recipe that I have been working on for a couple of weeks now.
Ingredients:
- 4 Cups Lowfat 1% Milk (Light Plain Soy will also work, rice milk isn’t really creamy enough) **edit** Silk Almond Milk is DIVINE with this recipe.
- 3 Cups water
- 3 Bags of Lipton Premium Black Pearl tea (unmixed and plain Ceylon, Darjeeling, or other black tea should work, do not use “breakfast” teas or pre-blended chai)
- 2 teaspoons fresh ginger *or 5-6 thin-cut slices* (do not use dry ginger unless absolutely necessary as it tastes different, substitute 1/8 tsp. dry)
- 3-4 whole cloves (add one or two more for more tongue-numbingness)
- 1 stick cinnamon (or 1/2 tsp ground cinnamon)
- 1/2 teaspoon Cardamom powder
- 2 teaspoons honey (add more to your taste)
- Optional: 1/2 teaspoon Vanilla
- Optional: 1/4 teaspoon Fenugreek (Meth seeds)
Directions:
Boil water with 3 bags of tea, cloves, (optional fenugreek), and cinnamon for about 4 minutes. Add honey, (optional vanilla) cardamom, and ginger, and simmer for 2 minutes. Strain into another pot and add milk, simmer for 2-3 minutes, stirring constantly. Remove from heat and serve immediately. Serves 2 “Large” glasses or 4-5 “Small” glasses.
Enjoy!
OpenSWAN/IPSec to Netgear FVS318_V3
August 12th, 2009I tested this with a ClarkConnect Home/Office Ed 3.2 and 4.0; both worked.
Netgear configuration
I just used the VPN wizard, choosing gateway-gateway, then changed the settings.
ClarkConnect Configuration
Create a new ipsec config.
# nano /etc/ipsec.newsitename.conf
Create the new connection configuration in this format:
| #Beginning of config conn fvs318 type=tunnel left= xx.xx.xx.xx #WAN ip address of local CC router leftsubnet=192.168.x.x/24 #ip address of CC LAN subnet leftnexthop=xx.xx.xx.xx #ip address of local CC’s internet gateway leftid=xx.xx.xx.xx.xx #WAN IP right=xx.xx.xx.xx #WAN ip address of remote netgear fvs318 rightnexthop=xx.xx.x.x #ip address of remote netgear’s internet gateway rigthsubnet=192.168.x.x/24 #ip address of netear LAN subnet rightid=xx.xx.xx.xx #WAN IP ike=3des-sha1-modp1024 #ike policy settings, could not get aes128 or aes256 to work |
Create the secrets file:
nano /etc/ipsec.newsitename.secrets
Enter the remote WAN, then the local WAN, a colon “:” then ‘PSK “yourpskhere”’
Example:
| 60.11.11.11 61.11.12.13 : PSK “testtest” |
Notes
You can restart ipsec on ClarkConnect or Red Hat(Centos, Fedora, etc) using this command: /etc/init.d/ipsec restart
Squid Reverse Proxy for OWA and RPC over HTTPS
August 11th, 2009This method was tested on Debian 5.0 Lenny in SBS 2003 and Server 2003 environments.
Why use Squid?
- It is free in most ways (GPL) – M$ ISA is not free
- Apache can’t do RPC Reverse Proxying (yet?)
The Basics
Install Lenny using the net install disc with internet access available, when it prompts for what type of installation, you only need the base package. You can add the “Desktop Environment”, but I haven’t tested adding any other functions at base install. Installing the Desktop is not recommended as it will create overhead (if you let it start on boot).
Make sure that you set up the apt repositories to use the http and ftp resources before you try apt-get. (Uncomment the lines in “/etc/apt/sources.list”)
OWA and/or RPC should be tested and working before you try the proxy.
The certificate on the external interface of your Proxy machine needs to be signed by a recognized CA or RPC will not work properly (and you should do this anyway). The Certificates between the Exchange server and the Proxy do not need to be signed by a recognized CA (for it to work). I used an inexpensive cert from GoDaddy (~$30) for the working example.
This method uses TWO certificates. RPC/Browser -> SSL -> proxy – SSL -> Exchange
Update apt, install OpenSSL
As root, update the local apt database.
#apt-get update
Now, install OpenSSL and essential ssl development libraries.
#aptitude install build-essential openssl libssl-dev
You shouldn’t have to do this, but you can also make sure g++ is installed (this is a compiler).
#apt-get install g++
Installing Squid
Go to http://squid-cache.org and download the 3.0 Stable version in tar.gz format.
Move the file to a directory that you can remember the path to, in this document, I’m going to download to the /home/exampleuser/ directory because I have access to that directory without being root.
I will assume that you can download and move the file without instruction.
NOTE: While Squid is in the apt repository, the apt installer will not enable SSL support; this is why we are compiling from source. Please note this also means you will not be able to update Squid using the apt repositories.
Once the file is downloaded, open a console and login as root, change directory to where we downloaded Squid and unpack the tar.
# cd /home/exampleuser/
# tar xvfz squid-3.0.STABLE16.tar.gz
NOTE: “squid-3.0.STABLE16” is the name of the current Squid 3 stable release, yours may be a different number, so make sure to use the file name of your file, don’t assume it is still 16.
Now, lets get to the compiling, first we will change directories “cd”, then we will configure, compile, and install Squid.
# cd /home/exampleuser/squid-3.0.STABLE16
# ./configure –enable-ssl –with-openssl=/usr/include/openssl/
# make
# make install
After the Install, you will need to create the squid cache.
# /usr/local/squid/sbin/squid –z
Squid Configuration
Replace the text in squid.conf with the below template. (Use whatever editor you want, nano is just easiest for newbies).
# nano /usr/local/squid/etc/squid.conf
Squid.conf Template - items in Green are specific to your environment and need to be assigned:
| visible_hostname owa.examplecompany.net
extension_methods RPC_IN_DATA RPC_OUT_DATA https_port 443 cert=/path/to/external/cert key=/path/to/external/cert.key defaultsite=external.owa.domain.name cache_peer ip.address.of.exchange parent 443 0 no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER sslcert=/path/to/exchange/cert.crt sslkey=/path/to/exchange/certkey.pem name=owaServer acl OWA dstdomain external.owa.domain.name cache_peer_access owaServer allow OWA never_direct allow OWA http_access allow OWA http_access deny all miss_access allow OWA miss_access deny all |
Certificate Notes
Getting the certificates organized and prepared is sometimes the most daunting part of the setup.
For the internet-facing certificate, you will need to get a certificate from a certificate authority. I used GoDaddy. If they ask you what type of server you want it for, choose “Apache”.Make sure the “Simple Name” is the same as the external web address to access the OWA server, in our case it is “owa.examplecompany.net”.
After you order it from GoDaddy and initiate the process per their directions, you will get to a point where it asks you to paste your certificate request.
Generate the request on the proxy server.
# mkdir /usr/local/squid/certs/
# cd /usr/local/squid/certs/
# openssl genrsa –des3 –out owa.examplecompany.net.key 1024
# openssl req –new –key owa.examplecompany.net.key –out owa.examplecompany.net.csr
Copy the contents of owa.examplecompany.net.csr to the request form.
Once you get the certificate files from the CA, you will most likely get a bundle or intermediate cert and the public cert.
You will need to add gd_bundle.crt to the owa.examplecompany.net.crt. First, backup the owa.examplecompany.crt file, then we will append it with gd_bundle.crt.
# cp /usr/local/squid/certs/owa.examplecompany.net.crt /usr/local/squid/certs/certsexampleuser/owa.examplecompany.net.backup
# cat /usr/local/squid/certs/gd_bundle.crt >> /usr/local/squid/certs/owa.examplecompany.net.crt
For the exchange server communication, you can use a self-signed certificate.
If you generate a self-signed certificate on your Exchange server, you can export it as a PFX and use openssl on your proxy to convert it into the usable format. First, move the PFX file to the proxy (this example assumes it is in “/usr/local/squid/certs/”.
# cd /usr/local/squid/certs/
# openssl pkcs12 –in exchangecert.pfx –nocerts –out exchange.key
# openssl rsa –in exchange.key –out nopassexchange.key
# openssl pkcs12 –in exchangecert.pfx –nokeys –out exchange.crt
Now you have the key and the crt; move these to the path that you specify in the squid.conf file.
Final Notes:
You have to forward the 443 traffic from your router to the proxy for this to work, and you have to make sure that 443 traffic is being allowed to your proxy. This involves iptables, which I will not get into.
I tested in the live environment before changing the forwarding on my router by changing my local hosts file to forward owa.examplecompany.net to the local address of the proxy. This worked fine for OWA testing.
Also, you should either set the ip address on the proxy or create a reservation for its MAC on your DHCP server.
References/Bibliography/Special Thanks:
The Squid Cache Project – http://www.squid-cache.org
The Debian Project - http://www.debian.org
Owen Campbell – http://www.tanti.org.uk/index.php/blogs/owencampbell/3-tech/3-proxy
Squid Cache Wiki – http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess
Laurent Brichet - http://www.brichet.be/how-to-setup-a-reverse-proxy-server-over-ssl-squid-debian
Why Blog?
August 11th, 2009Hello World! 
I’m just using this blog as an outlet for sharing some of my interests.
I love computers, especially if they have Linux on them.
I also love to cook, write, and play guitar.
Hopefully, I will have some music recordings and new recipes up soon, for now I have a couple techie posts!