A geek's thoughts – Page 2 – A place to store a few things, in case I need them (or anyone else does)

Rudder and in-file text replacement

Post author By edzilla
Post date June 25, 2015
No Comments on Rudder and in-file text replacement

At work, we use Rudder to take care of configuration automation.

Today, I was trying to update a small script that we use on all our SMTP gateways, which does an LDAP request.
That LDAP request needed to be updated and instead of connecting to 40+ servers, I made a new Directive in Rudder. Using a regexp, I was trying to replace:

(objectCategory=msExchDynamicDistributionList)(objectCategory=group)(objectCategory=publicFolder)))",

with

(objectCategory=msExchDynamicDistributionList)(objectCategory=group)(objectCategory=publicFolder)))",

With the help of https://regex101.com, I used this regexp at first:

\(objectCategory=group\)

But for some reason it wasn’t working, and I would get:
Error: Because the regular expression '$objectCategory=group$' still matches the replacement string

The explanation, of course, is that the regexp I used would still match the replacement line, which means that every time rudder ran, it would be applied.

Thank you rudder for saving my script 🙂

linux

Proftpd on CIFS share

For several of our clients, we provide an FTP server on a linux server, with the files hosted on a windows 2008r2 server and authentication being handled by active directory through proftpd-ldpap.

The windows share are automatically mounted on access with autofs in a /srv/ftp subfolder, and users are jailed in yet another level of subdirectory using proftpd.

I hit a bit of a wall recently with this setup, as everything seemed to be in order, autofs mounted the directory, proftpd allowed login with ldap auth, but for some reason I couldn’t write anything.

If I pointed proftpd at a local directory however, write was fine.

I finally found out that proftpd was trying to use “chmod” on every write, and with SMB < 3, it failed, resulting in a “permission denied” error and nothing whatsoever in the logs.

I fixed it by mounting the CIFS share with the “noperm” option:

homes -fstype=cifs,rw,credentials=/etc/cifscredentials,gid=nogroup,uid=proftpd,vers=2.1,noperm ://SERVER/SHARE\$/SFTP

Zabbix

A few Zabbix templates

We are in the process of moving our monitoring platform from a non working whatsup’gold to Zabbix.

Among other things, we wanted to monitor our domains at OVH (expiration date, essentially) and Eset Nod32 remote management server.

Here are the templates I designed, along with the necessary scripts:

https://github.com/Edzilla2000/ZABBIX-Eset-Nod32

https://github.com/Edzilla2000/zabbix-ovh

Tags Eset, monitoring, NOD32, OVH, zabbix

Fortigate

Fortigate backup script using SCP

Post author By edzilla
Post date April 16, 2014
No Comments on Fortigate backup script using SCP

At work, we have a whole bunch of fortigate firewalls, and we like to backup them.

I found several scripts to do that, but none of them worked in the way I wanted them to, so I made mine.

It backs up a list of fortinet, using a read only admin of the firewall that is only allowed to log in from the backup server IP, stores it in a date based directory, and zips yesterday’s folder so as to save space.
Afterwards, it sends an email containing the logs to a specified email address.

Here it is: