Rudder and in-file text replacement

At work, we use Rudder to take care of configuration automation.

Today, I was trying to update a small script that we use on all our SMTP gateways, which does an LDAP request.
That LDAP request needed to be updated and instead of connecting to 40+ servers, I made a new Directive in Rudder. Using a regexp, I was trying to replace:




With the help of, I used this regexp at first:


But for some reason it wasn’t working, and I would get:
Error: Because the regular expression '\(objectCategory=group\)' still matches the replacement string

The explanation, of course, is that the regexp I used would still match the replacement line, which means that every time rudder ran, it would be applied.

Thank you rudder for saving my script 🙂


Proftpd on CIFS share

For several of our clients, we provide an FTP server on a linux server, with the files hosted on a windows 2008r2 server and authentication being handled by active directory through proftpd-ldpap.

The windows share are automatically mounted on access with autofs in a /srv/ftp subfolder, and users are jailed in yet another level of subdirectory using proftpd.

I hit a bit of a wall recently with this setup, as everything seemed to be in order, autofs mounted the directory, proftpd allowed login with ldap auth, but for some reason I couldn’t write anything.

If I pointed proftpd at a local directory however, write was fine.


I finally found out that proftpd was trying to use “chmod” on every write, and with SMB < 3, it failed, resulting in a “permission denied” error and nothing whatsoever in the logs.


I fixed it by mounting the CIFS share with the “noperm” option:

homes -fstype=cifs,rw,credentials=/etc/cifscredentials,gid=nogroup,uid=proftpd,vers=2.1,noperm ://SERVER/SHARE\$/SFTP


A few Zabbix templates

We are in the process of moving our monitoring platform from a non working whatsup’gold to Zabbix.

Among other things, we wanted to monitor our domains at OVH (expiration date, essentially) and Eset Nod32 remote management server.

Here are the templates I designed, along with the necessary scripts:


Fortigate backup script using SCP

At work, we have a whole bunch of fortigate firewalls, and we like to backup them.

I found several scripts to do that, but none of them worked in the way I wanted them to, so I made mine.

It backs up a list of fortinet, using a read only admin of the firewall that is only allowed to log in from the backup server IP, stores it in a date based directory, and zips yesterday’s folder so as to save space.
Afterwards, it sends an email containing the logs to a specified email address.

Here it is: