Saiweb

RedHat Cluster OID’s

Buzz — Wed, 03 Mar 2010 16:05:56 +0000

Following on from the python bindings post I found myself with a real problem,

the netsnmp bindings I could not for the life of me get to take the redhat cluste MIB files, so what did that leave me with, walking the entire parent cluster OID, manually matching the returned OID’s to their MIB names based on the value returned as I couldn’t find a decent mib browser or script to convert them …

At any rate here is a subset of OID’s for polling the redhat cluster service using snmp, please note that are more OID’s but these vary on your cluster config.

Python code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

rhc_oid = '.1.3.6.1.4.1.2312.8'
data_oids = {
'rhcMIBVersion':'.1.1',
'rhcClusterName':'.2.1',
'rhcClusterStatusCode':'.2.2',
'rhcClusterStatusDesc':'.2.3',
'rhcClusterVotesNeededForQuorum':'.2.4',
'rhcClusterVotes':'.2.5',
'rhcClusterQuorate':'.2.6',
'rhcClusterNodesNum':'.2.7',
'rhcClusterNodesNames':'.2.8',
'rhcClusterAvailNodesNum':'.2.9',
'rhcClusterAvailNodesNames':'.2.10',
'rhcClusterUnavailNodesNum':'.2.11',
'rhcClusterUnavailNodesNames':'.2.12',
'rhcClusterServicesNum':'.2.13',
'rhcClusterServicesNames':'.2.14',
'rhcClusterRunningServicesNum':'.2.15',
'rhcClusterRunningServicesNames':'.2.16',
'rhcClusterStoppedServicesNum':'.2.17',
'rhcClusterStoppedServicesNames':'.2.18',
'rhcClusterFailedServicesNum':'.2.19',
'rhcClusterFailedServicesNames':'.2.20'}

for item in data_oids:
oid = '%s%s' % (rhc_oid,data_oids[item])
print item,oid

net-snmp python bindings

Buzz — Wed, 03 Mar 2010 14:26:09 +0000

Having spent a few hours trying to get this working on CentOS 5.4 x64 I am posting this blog entry for others to reference:

Download and complie net-snmp >= 5.4.2.1 http://net-snmp.sourceforge.net/

1
2
3
4
5

./configure --with-python-modules
make && make install
cd /path/to/net-snmp-src/python/
python ./setup.py build
python ./setup.py test

You may get ImportError: libnetsnmp.so.20, this is due to x64 build creating as /usr/lib64/libnetsnmp.so.10

1 2	ln -s /usr/lib64/libnetsnmp.so.10.0.3 /usr/lib64/libnetsnmp.so.20 python ./setup.py install

And you are done, you can now use the netsnmp python bindings, I’d recomend seeing the examples here: http://www.ibm.com/developerworks/aix/library/au-netsnmpnipython/

All quiet on the front ….

Buzz — Mon, 01 Mar 2010 13:45:52 +0000

No I have not faded into cyber oblivion, things have just been way to busy on the work front to post any updates.

Such is the case with project deadlines, and frankly I’d rather be rushed off my feet than unemployed at the moment

That said I do have a few projects in the works first and foremost is the Wordpress-Flowplayer 2.1.0.0 release,

I have secured the latest version of flowplayer courtesy of the guys over at flowplayer.org,
I am working on integrating the mediamelon CDN service, which will be bundled with 2.1.0.0
With any luck provided I can get the code right this will also allow the use of 3rd party plugins
Working on an advance ’scripting’ area to allow you to embed your own syntax in the plugin hook.

I am also redeveloping Froomi at present to add in some additional features, which will be served using a RESTful API, more on that soon,

Lastly there will be a new blog appearing soon geared mainly toward security and pen testing, following a nickname I have now picked up from work ‘the sith admin’ I’ve registered an appropriate domain and will be setting up on there soon.

Wordpress Flowplayer subject of a study

Buzz — Thu, 04 Feb 2010 11:40:02 +0000

I was a bit taken back today after stumbling across this pdf by Dr. Wolf-Fritz Riekert http://share.ieservices.de/downloads/documents/Wordpress_Flowplayer_Plugin_pash-m_recent_version.pdf

Google translated version

Seems my plugin and the code therein has been the subject of a study, after perusing the google translation of the document I can see some very interesting concepts on how to improve the plugins integration with wordpress itself, I have sent an email Dr. Wolf-Fritz Riekert, asking if I can take his concepts and apply them to my code, so have a read and check back for version 2.1.0.0 soon,

Also of note the authors at Flowplayer.org have also granted me permission to use the latest verison of flowplayer, this will be rolled into 2.1.0.0

Remember to request features please use my Trac system.

Update:Dr. Wolf-Fritz Riekert has gotten back to me, this study is in fact the work of a group of students, the project leader of which was Martin Wörz, of ieservices.de, I’ll be liaising with him over the concepts in the study.

/bin/sh: bad interpreter

Buzz — Mon, 01 Feb 2010 11:41:58 +0000

For security newer distros of RHEL and their derivatives an mounting /tmp with the noexec option.

Now if you have ever had to clean up a compromised web app you can see why this makes a lot of sense, and if not here’s a quick example.

Yours/Clients web app becomes compromised, running kernel has a buffer overflow that can lead to privilege escalation, attack writes out their code and compiles in /tmp, then runs said app from /tmp creating a pseudo root level shell, aka you’ve just been root kitted.

However there are legitimate reasons for using /tmp to compile, well I say legitimate, what I in fact mean is things like pecl, which you use to install extensions like APC require this …

workaround:

1	export TMPDIR='/a/paTh/your/user/can/write/to'

Failing that:

service httpd stop

DO NOT ALLOW ANY WEBAPP ACCESS WHILE NOEXEC IS IN USE!

1
2
3

mount -o,remount,rw,exec /tmp
pecl install apc
mount -o,remount,rw,noexec /tmp

DO NOT REMOVE THE NOEXEC OPTION IN /ETC/FSTAB PERMANENTLY YOU WILL REGRET DOING SO

Apache 2.2.3 dual extention vulnerability

Buzz — Tue, 05 Jan 2010 11:33:17 +0000

Redhat bug 537535

Take for instance this code saved as test.php.png

1
2
3

print_r($_POST);
?>

Low and behold this will render out the entire post array! and will interpret the php itself, now lets be clear here the proper use of selinux and directory structures to prevent UGC from being allowed to be access directly and / or run arbitrary code would of prevented this, however as is often the case the setup is such that the preventative conditions could not / are not deployed.

At any rate this bug comes courtesy of the apache AddHandler directive,

1	AddHandler x-httpd-php .php

The statement above seems to ‘loose’ match the .php extension meaning a file simply only contain .php anywhere in it’s filename to be interpreted as PHP.

The suggested work around for this is as follows:

1
2
3
4
5

#Workaround for bug here: https://bugzilla.redhat.com/show_bug.cgi?id=537535
<FilesMatch \.php$>
SetHandler x-httpd-php
ForceType text/html
FilesMatch>

Note this does not effect the AddType directive, after testing on the same version using:

1	AddType application/x-httpd-php .php

Is not effected by this ‘bug’.

Simple measures to a faster PHP app – Part 1 Double Quotes

Buzz — Fri, 20 Nov 2009 10:25:06 +0000

In some situations using a double quotes string is required i.e. “this\nstring\nappears\over\nmany\nlines” …

However in 99% of cases it is used without even thing about in implications of doing so … PHP will infact evaluate any string wrapped in double quotes, this adds a processing overhead, but it seems people do not actually reliase how much in comparrison to using single quotes for the same string.

Take for example this code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

/**
* double-quotes-are-bad.php ~ D.Busby (Saiweb.co.uk)
**/
$start = microtime(true);
$var = "This is a stiring it may not actually have anything to be parse within"
. " However the issue remains that infact php will attempt to evaluate every char"
. " In this string, which in this example may not be so bad, as it's just one string"
. " In one file, buit imagine what happens when every string in your webapp uses double quotes";
$end = microtime(true);
$len = strlen($var);
$res = round($end-$start,10);
echo $len.' Chars evaluated in '.$res.' seconds'."\n";

$start = microtime(true);
$var = 'This is a stiring it may not actually have anything to be parse within'
. ' However the issue remains that infact php will attempt to evaluate every char'
. ' In this string, which in this example may not be so bad, as it\'s just one string'
. ' In one file, buit imagine what happens when every string in your webapp uses double quotes';
$end = microtime(true);
$len = strlen($var);
$res2 = round($end-$start,10);

echo $len.' Chars evaluated in '.$res2.' seconds'."\n";

$speed = round((1 - $res2/$res) * 100,2);

echo 'Single quotes are '.$speed.'% faster'."\n";

?>

Now I am running this on a live server, that is serving in excess of 100 pages a second, take a look at the output:

320 Chars evaluated in 1.40667E-5 seconds
320 Chars evaluated in 3.0994E-6 seconds
Single quotes are 77.97% faster

320 Chars evaluated in 1.28746E-5 seconds
320 Chars evaluated in 3.0994E-6 seconds
Single quotes are 75.93% faster

320 Chars evaluated in 1.3113E-5 seconds
320 Chars evaluated in 2.1458E-6 seconds
Single quotes are 83.64% faster

320 Chars evaluated in 1.19209E-5 seconds
320 Chars evaluated in 2.861E-6 seconds
Single quotes are 76% faster

320 Chars evaluated in 1.3113E-5 seconds
320 Chars evaluated in 2.861E-6 seconds
Single quotes are 78.18% faster

The improvement is consistently in excess of 75%, so the moral of the story? don’t use “” if you do not need to!

Thanks to everyone along the way who’ve discussed and proven development methods along the way with me, and sorry it’s taken so long to get them written up.

Call to undefined function imagettfbbox()

Buzz — Tue, 13 Oct 2009 13:19:20 +0000

Call to undefined function imagettfbbox()

Either you do not have php GD installed (check your phpinfo(); and see if GD has laoded with TTF support)

Or if you are compiling from source add: –with-gd –with-freetype-dir=/lib64 –with-ttf=/lib64 –enable-gd-native-ttf

to your configure line.

Note: you’ll need gd-devel and freetype-devel libs installed, and im using /lib64 as im running a 64bit OS.

Linux – Generating file manifests and then checking them – Improved

Buzz — Tue, 29 Sep 2009 14:14:06 +0000

Following on from Linux – Generating file manifests and then checking them I was always getting the same questions …

How long left on the manifest Buzz ?
How long left on the verification Buzz ?

And I HATE having to turn around an say … I don’t know …

The problem with the usual command line method is that it give no indication of progress, and by extension no indication that it was infact running and not ‘hung’ …

As such I have now added the ‘manifest’ command set to the Sysadmin toolset

The manifest command take two data types, the first is a folder path from which to build the file manifest from, the manifest itself is also compatible with the “md5sum –check” function.

The second is the path to the manifest itself, in this case the manifest command will verify each file against it’s entry in the manifest:

At each point the command give you an indication of it’s current status, however this does come at a small cost, the script has no concept of the size of you console and as such will always render out the same number of character meaning if you console is not wide enough it will not render correctly, in the videos I have the console on a high resolution monitor as can be seen each video itself is 900 pixels wide.

This process is CPU intensive (20-45% on one core of a intel core2duo 2.8GHZ) and uses around 140KB of memory.

Sysamin – iconv update

Buzz — Thu, 10 Sep 2009 10:40:59 +0000

I had a major issue facing the iconv functionality of the sysadmin toolset namely due to rushed coding.

When loading a file to be re-encoded the entire file was loaded into the buffer, encoded as whole and written out to the new file, this of course meant the memory usage was roughly double the size of the file to be converted plus any overheads to do with the encoding itself.

Today I had need to convert a 1.3GB sql file, needles to say the script was crashing out with a memory error.

As such I have now completely re-written the function it now processes the file in 1kb ‘chunks’, moving the load to the CPU, this process is now very cpu intensive the the memory overhead is minimal (during test processed the 1.3GB file using 113kb of memory!!!).

Also I have now added BOM (Byte order mark) detection: