Sunday 30 September 2018

Customize Debian Package

#!/bin/bash

mkdir -p buildirectory/sourcecode
cd buildirectory/sourcecode
dh_make -i -n -p rash_$1 -y
rm -f debian/*.EX debian/*.ex debian/README*
mkdir files/
touch files/nrpe.cfg.default
touch debian/install debian/postinst debian/postrm
printf "files/* tmp" > debian/install
printf "files/etc/* etc" > debian/install
 > debian/postrm

cat >>debian/postrm <<EOF
#!/bin/bash
rm -fr /etc/nagios/nrpe.cfg.installed
EOF

 > debian/changelog

cat>>debian/changelog <<EOF
rash ($1) stable; urgency=medium

  * Initial build

 -- Naveed Sheikh <naveed@nash.com>  $(date -R)
EOF

 > debian/control

cat >>debian/control <<EOF
Source: rash
Section: installation
Priority: optional
Maintainer: Naveed Sheikh <naveed@nash.com>
Build-Depends: debhelper (>= 10)
Standards-Version: 4.1.2
Homepage: www.home.com

Package: rash
Architecture: all
Pre-Depends: nagios-nrpe-server
Depends: \${misc:Depends}
Description: Installing nrpe config file
EOF

 > debian/postinst

cat >>debian/postinst<<EOF
#!/bin/sh
after_upgrade() {
    :
#!/bin/bash
if [ -e /etc/nagios/nrpe.cfg.installed ]
then
    rm -fr /tmp/nrpe.cfg.default
    exit 0
else
    cd /etc/nagios/
    cat /tmp/nrpe.cfg.default > nrpe.cfg
    mv /tmp/nrpe.cfg.default nrpe.cfg.installed
    rm -fr /tmp/nrpe.cfg.default
fi
}

after_install() {
    :
#!/bin/bash
    cd /etc/nagios/
    mv nrpe.cfg nrpe.original.backup
    cat /tmp/nrpe.cfg.default > nrpe.cfg
    mv /tmp/nrpe.cfg.default nrpe.cfg.installed
    rm -fr nrpe.original.backup /tmp/nrpe.cfg.default
}

if [ "${1}" = "configure" -a -z "${2}" ] || \
   [ "${1}" = "abort-remove" ]
then
    # "after install" here
    # "abort-remove" happens when the pre-removal script failed.
    #   In that case, this script, which should be idemptoent, is run
    #   to ensure a clean roll-back of the removal.
    after_install
elif [ "${1}" = "configure" -a -n "${2}" ]
then
    upgradeFromVersion="${2}"
    # "after upgrade" here
    # NOTE: This slot is also used when deb packages are removed,
    # but their config files aren't, but a newer version of the
    # package is installed later, called "Config-Files" state.
    # basically, that still looks a _lot_ like an upgrade to me.
    after_upgrade "${2}"
elif echo "${1}" | grep -E -q "(abort|fail)"
then
    echo "Failed to install before the post-installation script was run." >&2
    exit 1
fi
EOF

chmod 755 debian/post*
dpkg-buildpackage -uc -us
exit 0
Posted by at No comments:

Friday 28 September 2018

Building Nagios packages for pi

sudo su

nano /etc/apt/sources.list.d/debian-stretch.list

# Debian Stetch - New Zealand
deb http://ftp.nz.debian.org/debian/ stretch main contrib non-free
deb-src http://ftp.nz.debian.org/debian/ stretch main contrib non-free

nano /etc/apt/sources.list.d/eyemagnet-raspbian-stretch.list

# Eyemagnet [Stable] for Raspberry Pi
#deb https://eyemagnet.com/repo/raspbian-stretch stable/

nano /etc/apt/sources.list.d.off/raspi.list

deb http://archive.raspberrypi.org/debian/ stretch main ui
# Uncomment line below then 'apt-get update' to enable 'apt-get source'
deb-src http://archive.raspberrypi.org/debian/ stretch main ui

nano /etc/apt/sources.list.d.off/sources.list

deb http://raspbian.raspberrypi.org/raspbian/ stretch main contrib non-free rpi
# Uncomment line below then 'apt-get update' to enable 'apt-get source'
deb-src http://raspbian.raspberrypi.org/raspbian/ stretch main contrib non-free rpi

nano /home/gpgkey.sh

#!/bin/bash

apt-get update 2> /tmp/keymissing; for key in $(grep "NO_PUBKEY" /tmp/keymissing |sed "s/.*NO_PUBKEY //"); do echo -e "\nProcessing key: $key"; gpg --keyserver pgpkeys.mit.edu --recv $key && gpg --export --armor $key | apt-key add -; done
apt-get update 2> /tmp/keymissing; for key in $(grep "NO_PUBKEY" /tmp/keymissing |sed "s/.*NO_PUBKEY //"); do echo -e "\nProcessing key: $key"; gpg --keyserver subkeys.pgp.net --recv $key && gpg --export --armor $key | apt-key add -; done

chmod 700 /home/gpgkey.sh

/home/gpgkey.sh

apt update && apt upgrade -y

apt install dh-systemd libssl1.0-dev libwrap0-dev

apt-get install build-essential fakeroot dpkg-dev devscripts dh-make git

mkdir sourcebuild

cd sourcebuild

apt search nrpe

apt-get source nagios-nrpe

cd nagios-nrpe-3.0.1

su pi

dpkg-buildpackage -uc -us -rfakeroot

cd ..

ls -l *.deb

-rw-r--r-- 1 root root  28804 Sep 28 10:51 nagios-nrpe-plugin_3.0.1-3+deb9u1_armhf.deb
-rw-r--r-- 1 root root  52262 Sep 28 10:51 nagios-nrpe-plugin-dbgsym_3.0.1-3+deb9u1_armhf.deb
-rw-r--r-- 1 root root 345196 Sep 28 10:51 nagios-nrpe-server_3.0.1-3+deb9u1_armhf.deb
-rw-r--r-- 1 root root  71484 Sep 28 10:51 nagios-nrpe-server-dbgsym_3.0.1-3+deb9u1_armhf.deb

rm -fr nagios-nrpe-plugin-dbgsym_3.0.1-3+deb9u1_armhf.deb nagios-nrpe-server-dbgsym_3.0.1-3+deb9u1_armhf.deb

mkdir -p servernewpack serveroldpack/DEBIAN

dpkg-deb -x nagios-nrpe-server_3.0.1-3+deb9u1_armhf.deb serveroldpack/

dpkg-deb -e nagios-nrpe-server_3.0.1-3+deb9u1_armhf.deb serveroldpack/

nano serveroldpack/DEBIAN/control

Package: eyemagnet-monitoring-nagios
Source: nagios-nrpe
Version: 1.0

nano serveroldpack/etc/nagios/nrpe.cfg

(As per your liking)

dpkg-deb -Z xz -b serveroldpack/ servernewpack/

ls -l servernamepack/

-rw-r--r-- 1 root root 346420 Sep 27 14:42 eyemagnet-monitoring-nagios_1.0_armhf.deb

mkdir -p pluginnewpack pluginoldpack/DEBIAN

dpkg-deb -x nagios-nrpe-plugin_3.0.1-3+deb9u1_armhf.deb pluginoldpack/

dpkg-deb -e nagios-nrpe-plugin_3.0.1-3+deb9u1_armhf.deb pluginoldpack/

nano pluginoldpack/DEBIAN/control

Package: eyemagnet-monitoring-nagios-plugin
Source: nagios-nrpe
Version: 1.0

nano pluginoldpack/etc/nagios/nrpe.cfg

(As per your liking)

dpkg-deb -Z xz -b pluginoldpack/ pluginnewpack/

ls -l pluginnamepack/

-rw-r--r-- 1 root root 346420 Sep 27 14:42 eyemagnet-monitoring-nagios_1.0_armhf.deb

git clone ssh://username@urlofyourwebsite/git/repo.git

Move serveroldpack and pluginoldpack contents to approprite directory into the local repo clone.

Move newly built packages file to the approprite location in the local git repo

git add.

git commit -m "my push"

git push origin master

Job Complete!
Posted by at No comments:

Monday 24 September 2018

Ansible user with pre-existing keys

This is the main task file:

---
- name: Create a login user with group
  user:
   name: '{{item.name}}'
   groups: '{{item.group}}'
   append: yes
   state: present
  when: item.group is defined
  with_items: '{{sshusers}}'

- name: Create a login user w/o group
  user:
   name: '{{item.name}}'
   state: present
  when: item.group is not defined
  with_items: '{{sshusers}}'

- name: Setting sudo permissions
  lineinfile:
   path: /etc/sudoers
   state: present
   regexp: '^%sudo'
   line: '%sudo ALL=(ALL) NOPASSWD: ALL'
   backrefs: yes

- name: Blocking root password access
  lineinfile:
   path: /etc/ssh/sshd_config
   state: present
   regexp: '^PermitRootLogin'
   line: 'PermitRootLogin without-password'
   backrefs: yes
  notify: reload ssh

- name: Creates directory
  file:
   path: /home/{{item.name}}/.ssh
   state: directory
   owner: '{{item.name}}'
   group: '{{item.name}}'
   mode: 0700
   recurse: yes
  with_items: '{{sshusers}}'

- name: ensure file exists
  copy:
   content: ""
   dest: /home/{{item.name}}/.ssh/authorized_keys
   force: no
   group: '{{item.name}}'
   owner: '{{item.name}}'
   mode: 0600
  with_items: '{{sshusers}}'

- name: copy SSH keys
  authorized_key:
   user: '{{item.name}}'
   key: "{{item.key}}"
   state: present
   exclusive: yes
  when: item.key is defined
  with_items: '{{sshusers}}'


The var file will look like this:

sshusers:
  - name: em_naveed
    group: sudo
    key: ssh-rsa AAAABxxxxxxxxxxxxxxxxx in clear text
  - name: em_hugo
    key: ssh-rsa AAAABxxxxxxxxxxxxxxxx in clear text


The handler file will look like this:

---
- name: reload ssh
  service:
   name: ssh
   state: reloaded
Posted by at No comments:

Wednesday 12 September 2018

AWS ES Access Settings Example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "1",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:ap-southeast-2:389920326251:domain/sharedservices/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "10.130.100.206/32",
            "54.66.242.28/32"
          ]
        }
      }
    },
    {
      "Sid": "2",
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "AIDAIMZ4NDQ4XT3DZRZQC",
          "arn:aws:iam::389920326251:user/scotts"
        ]
      },
      "Action": "*",
      "Resource": "arn:aws:es:ap-southeast-2:389920326251:domain/sharedservices/*"
    },
    {
      "Sid": "3",
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam::389920326251:role/Logstash-SharedServices-APSE2",
          "arn:aws:iam::389920326251:role/Scripts-TicketekProduction-APSE2"
        ]
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:ap-southeast-2:389920326251:domain/sharedservices/*"
    }
  ]
}
Posted by at No comments:

Monday 3 September 2018

Powershell Software installation automation

New-Item -ItemType directory -Path C:\Install\API

$secpasswd = ConvertTo-SecureString "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ("xxxxxxxxx", $secpasswd)
#$env:computername current computer name
$collectorName = $env:computername

$response = iwr "https://api.au.sumologic.com/api/v1/collectors" -Credential $mycreds

$content = ConvertFrom-Json $response.Content
$collector = $content.collectors | Where {$_.name -eq $collectorName} | Select -First 1
Write-Host "Collector: $collector"

$response2 = iwr "https://api.au.sumologic.com/api/v1/collectors/$($collector.id)/sources" -Credential $mycreds
$content2 = ConvertFrom-Json $response2.Content

$sourceName='ProdA BasketsAPI'

$source = $content2.sources | Where {$_.name -eq $sourceName} | Select -First 1
Write-Host "Source: $source"

$gist = iwr "https://api.au.sumologic.com/api/v1/collectors/$($collector.id)/sources/$($source.id)?download=true" -Credential $mycreds | Set-Content C:\Docs\Sumo\testingapi.json




New-Item -ItemType directory -Path C:\Install\Sumo
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Tls,Tls11,Tls12'
Invoke-WebRequest 'https://collectors.sumologic.com/rest/download/win64' -outfile 'C:\Install\Sumo\SumoCollector.exe'
C:\Install\Sumo\SumoCollector.exe -console -q "-VskipRegistration=true" "-Vsumo.accessid=xxxx" "-Vsumo.accesskey=xxxxxxxxxxxxxxxxxxxxx" "-Vsources=C:\\Install\\API\\" + testingapi + ".json"
timeout 150
net start sumo-collector
timeout 150
net start sumo-collector

Brute Calling API


New-Item -ItemType directory -Path C:\Install\API
$acctname = 'xxxxxxxxxxxxxxxx'
$password = 'xxxxxxxxxxxxxxxx'
$auth = @{Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes("${acctname}:${password}"))}
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Tls,Tls11,Tls12'
$gist = Invoke-RestMethod -Method Get -Uri https://api.au.sumologic.com/api/v1/collectors/103320654/sources/122955606?download=true -Headers $auth
$gist | ConvertTo-Json -depth 100 | Set-Content C:\Install\API\testingapi.json
Posted by at No comments:
Subscribe to: Posts (Atom)