RSYSLOG: Send email notifications

I want to monitor my log files for a specific line, and if found send an e-mail alert. Rsyslog has this built in, and it works great. I put the following config in /etc/rsyslog.g/dhcp-watch.conf and now I get an email if a specific DHCP subnet is used.

# If we give out DHCP for a specific network send an alert email
$ModLoad ommail

$ActionMailSMTPServer mail.domain.com
$ActionMailFrom       rsyslog@domain.com
$ActionMailTo         me@domain.com

$template mailSubject,"DHCP Poll activity on %hostname%"
$template    mailBody,"DHCP Activity on the VLAN 873 pool\r\n\r\n%msg%"

$ActionMailSubject mailSubject

# Only send an email every 15 minutes
$ActionExecOnlyOnceEveryInterval 900

# This if/then must all be on one line
if $msg contains 'DHCPOFFER on 10.1.9.' then :ommail:;mailBody
Leave A Reply

PHP: Quote Word

I needed a function similar to Perl's qw. If you pass a string to this function it will return an array of the words stripped of separating whitespace. If you pass the true as the second parameter you will instead get a hash returning each word in a key/value pair.

function qw($str,$return_hash = false) {
    $str   = trim($str);
    $words = preg_split("/\s+/",$str);

    if ($return_hash) {
        $ret = array();
        $num = sizeof($words);

        // Odd number of elements, can't build a hash
        if ($num % 2 == 1) {
            return array();
        } else {
            // Loop over each word and build a key/value hash
            for ($i = 0; $i < $num; $i += 2) {
                $word1 = $words[$i];
                $word2 = $words[$i + 1];

                $ret[$word1] = $word2;
            }

            return $ret;
        }
    } else {
        return $words;
    }
}

This is useful in the following scenarios:

$str   = "Leonardo    Donatello    Michelangelo    Raphael";
$array = qw($str);

$str = "
    Leonardo       Blue
    Donatello      Purple
    Michelangelo   Orange
    Raphael        Red
";
$turtles = qw($str,true);
Leave A Reply

Books of 2015

Also see the list of 2014. The date indicated denotes the date I started reading the book.

2014-01-08 - Ogre, Ogre - 307 pages
2014-01-14 - Divergent - 489 pages
2014-01-23 - Protector - 218 pages
2014-02-09 - Gone Girl - 415 pages

Leave A Reply

CentOS 6.6 Major Package versions

CentOS 6.6 ships with these versions of some core packages:

Package Version
Perl 5.10.1 (bleh)
PHP 5.3.3
Vim 7.2.411
Firefox 31.2.0
Apache 2.2.15
Leave A Reply

ISC DHCP: Specific lease time for a given host

I needed to test lease timeout for a specific host. Rather than lowering the lease time globally for all clients I was able to target a specific MAC address using the following configuration block:

host shortlease_9b7d {
    hardware ethernet 00:5f:16:36:9b:7d;

    default-lease-time 900;
    max-lease-time 900;
    min-lease-time 900;
}
Leave A Reply

Linux: Block DNS queries for specific zone with IPTables

I have been seeing a lot of weird/bogus DNS traffic (thousands of queries a second) hitting our servers lately and I decided to try and block it. Specifically I saw tons of requests coming in for proxypipe.net with a bunch of random hosts prepended. Things like: 6Gdb1QlP.f.proxypipe.net., mhl00ULG.e.proxypipe.net., clacqxlG.f.proxypipe.net., etc. I decided I would block all DNS requests that contained the "proxypipe.net" anywhere in the packet.

The easiest way is to use iptables to block packets that contain a specific string. The problem with this approach is that DNS packets do not contain the actual string. Instead they are encoded in this manner: X domain Y TLD

Where X is the number of bytes in the domain portion, and Y is the number bytes of characters in the TLD portion. This makes your iptables rules look like this:

iptables -A INPUT -i eth0 -p udp --dport 53 -m string --hex-string "|09|proxypipe|03|net" --algo bm -j DROP
iptables -A INPUT -i eth0 -p udp --dport 53 -m string --hex-string "|06|kitten|02|ru" --algo bm -j DROP
iptables -A INPUT -i eth0 -p udp --dport 53 -m string --hex-string "|03|www|07|puppies|04|woof" --algo bm -j DROP

Advanced:

Technically the query looks like X domain Y TLD 0 where the zero indicates that there are no more parts of the domain. This is immediately followed by two bytes indicating the type of query.

This allows you to get fancy and only block specific types of queries for a domain while allowing others:

Type Code
Any 00ff
A 0011
CNAME 0005
MX 000f
AAAA 001c
NS 0002
SOA 0006

If you wanted to block all MX requests for domain.com you would do a rule like this:

iptables -A INPUT -i eth0 -p udp --dport 53 -m string --hex-string "|06|domain|03|com|00000f|" --algo bm -j DROP

IPTables converts your string rules to hex, so it is helpful to add a comment so you can read them later using iptables -vnL. You can use the iptables comment module to document your rules.

iptables -A INPUT -i eth0 -p udp --dport 53 -m string --hex-string "|06|domain|03|net|00000f|" \
--algo bm -j DROP -m comment --comment 'Block domain.net MX'
Leave A Reply

Fedora 21: Major package versions

Fedora 21 looks like it will ship with following package versions:

Package Version
Perl 5.18.4
PHP 5.6.2
Vim 7.4.475
Firefox 33.0
Apache 2.4.10
Leave A Reply

Git: Show changes made today or yesterday

I found two cool Git aliases that will show you all the commits that have been made today or yesterday. It's a simple way to figure out what you accomplished.

Define the aliases:

git config --global alias.today "log --since=midnight --oneline --graph --decorate"
git config --global alias.yesterday "log --after=yesterday.midnight --before 0am --oneline --graph --decorate"

Then run it with:

git today
git yesterday

I borrowed the idea from Coderwall.

Leave A Reply

Piers Anthony - Xanth Series

Here is a list of all the Xanth books currently available.

  1. A Spell for Chameleon (1977)
  2. The Source of Magic (1979)
  3. Castle Roogna (1979)
  4. Centaur Aisle (1982)
  5. Ogre, Ogre (1982)
  6. Night Mare (1983)
  7. Dragon on a Pedestal (1983)
  8. Crewel Lye (1984)
  9. Golem in the Gears (1986)
  10. Valey of the Vole (1987)
  11. Heaven Cent (1988)
  12. Man from Mundania (1989)
  13. Isle of View (1990)
  14. Quesiton Quest (1991)
  15. Color of her Panties (1992)
  16. Demons Don't Dream (1993)
  17. Harpy Time (1994)
  18. Geis of the Gargoyle (1995)
  19. Roc and Hard Place (1995)
  20. Yon Ill Wind (1996)
  21. Faun and Games (1997)
  22. Zombie Lover (1998)
  23. Xone of Contention (1999)
  24. The Dastard (2000)
  25. Swell Foop (2001)
  26. Up in a Heaval (2002)
  27. Cube Route (2003)
  28. Currant Events (2004)
  29. Pet Peeve (2005)
  30. Stork Naked (2006)
  31. Air Apparent (2007)
  32. Two to the Fifth (2008)
  33. Jumper Cable (2009)
  34. Know Gneiss (2010)
  35. Well-Tempered Clavicle (2011)
  36. Luck of the Draw (2013)
  37. Esrever Doom (2104)
  38. Board Stiff (2014)
  39. Five Portraits (2014)
  40. Isis Orb (TBD)
Leave A Reply - 1 Reply

Perl: remove empty elements from array

I have an array with a bunch of empty strings, and other "empty" items, that I want to remove. Perl's grep() command makes this very simple:

@a = ("one", "", "three", "four", 0, "", undef, "eight");

@b = grep($_, @a);

# @b = ("one","three","four","eight");

The first argument to grep is an expression which evaluates whether $_ is a truthy value. This could easily also have been $_ ne "" so we don't also filter out false and 0.

Leave A Reply

Perl: assign a regexp search/replace to a variable

Often I will want to assign a variable to be a search and replace of another variable. Logically you might write it like this:

$str = "foofoofoobar";
$new = $str =~ s/foo/FOO/g;

# $new contains 3 because three things were replaced in the string
print "$new\n";

This will not work because you are assigning the number of replacements made to $new. This is not what we wanted. Instead we want the search and replace to return the new string:

$str = "foofoofoobar";
$new = $str =~ s/foo/FOO/gr;

print "$new\n";

Note the /r after the regular expression. Documentation on /r is in Perlop

Leave A Reply

Reddit: School funding

It's not about priorities. It's about budget allocation and constraints. There is a common misunderstanding between many governmental systems, charities, and other non-profit organizations.

The public tends to think that their school has X amount of money and that money is in one big pile that they can spend on anything. The public assumes that teachers, overhead, and operating costs should get paid first, then schools can buy fancy new computers, renovate buiildings, etc...

Unfortunately, that's not how budgets work 99% of the time. School districts often receive large gifts and grants from individuals and organizations that they are contractually obligated to spend on certain goals/objects. Joe Schmo didn't give Y school district $1,000,000 to spend on anything; he gave them $1,000,000 under the conditions that the money is spent on school equipment for the kids (i.e. laptops, desktops, textbooks, playground equipment, etc...). He can exclude or include any specific item or place for the funds to be used. School districts occasionally have local taxes levied for them. For example, my area (about three school districts) imposes a 1% additional sales tax on its citizens. The 1% collected HAS to be used on school renovations, period. The money cannot be used for anything else. In a similar manner, one of the three school districts is putting to vote a tax that would raise property assessment tax by $0.20/$1,000. That money HAS TO BE spent on upgrading school playground equipment, and the school has outlined a 7+ year plan of fund implementation for specific schools within the district.

Borrowed from MisfitMonk on Reddit

Leave A Reply

Coreutils Viewer

I just found Coreutils Viewer, which gives you a progress meter for Linux coreutils. Specifically it can give status on cp, mv, dd, tar, gzip, and cat. It's great for doing a big dd to a flash drive or SD card.

I've used it with good success on Raspberry Pi SD card images.

Leave A Reply

PHP: is_ip() to test if a string is a valid IP address

I needed to test if a string was a valid IP address or not. PHP has filter_var() which tests for a lot of common things (email addresses, urls, etc) but I can never remember the syntax. Here is a simple wrapper function to match IPv4 and IPv6 addresses.

function is_ip($str) {
    $ret = filter_var($str, FILTER_VALIDATE_IP);

    return $ret;
}

If you just want to match IPv4 addresses:

function is_ipv4($str) {
    $ret = filter_var($str, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);

    return $ret;
}
Leave A Reply

PHP: fakepath() to clean up a file path

Needed a quick function to remove relative elements from a path. Similar to PHP's realpath() but doesn't require the file to exist on the local filesystem. This also works for URLs.

function fakepath($url) {
    $split = preg_split("|/|",$url);
    $first = substr($url,0,1);

    foreach ($split as $item) {
        if ($item === "." || $item === "") {
            // If it's a ./ then it's nothing (just that dir) so don't add/delete anything
        } elseif ($item === "..") {
            // Remove the last item added since .. negates it.
            $removed = array_pop($ret);
        } else {
            $ret[] = $item;
        }
    }

    // Rebuild the string
    $ret = join("/",$ret);

    // Remove dupe /
    $ret = preg_replace("!/+!","/",$ret);

    // Restore the double / after the HTTP:
    $ret = preg_replace("!(https?:/)!","$1/",$ret);

    if ($first === '/') {
        $ret = "/$ret";
    }

    return $ret;
}
Leave A Reply