Thursday, May 20, 2010

SSL Certificates from the Command-Line

If you've ever wondered how to easily inspect a certificate from the command line, look no further than openssl.

openssl s_client -connect hostname:port

If you ever need to look up several hosts at once and want to report the ones which will expire before a given date, try this script:

hostFile="/tmp/ssl_hostnames"
thresholdDate="June 30, 2010"
(for hostAndPort in $(< $hostFile )
do
  dateStr="\
               $(date -d "\
                              $(echo blah |\
                                 openssl s_client -connect $hostAndPort 2> /dev/null |\
                                 sed "1,/Server certificate/ {d}; /subject/,$ {d;};"|\
                                 openssl x509 -text 2> /dev/null|\
                                 grep "Not After"|\
                                 sed "s/.* : //"\
                                )"\
                  )"
  if (( $( date -d "$dateStr" +%s ) <= $( date -d "$thresholdDate" +%s ) ))
  then
    echo ${hostAndPort%:*}\|$dateStr
  fi
done)| column -s "|" -t

Right now, there's not much error checking in this script. And, I'm not doing any TLS stuff. The hostFile just contains host:port pairs, one host per line.

Friday, May 7, 2010

Moving from MyWeb to Live@Edu

The personal webhosting service offered to all UGA affiliates is called MyWeb. It offers only 200mb of storage. The advantage is that javascript, iframes, etc. are allowed, which is not the case for many free website hosting tools, especially the fancy WYSIWIG ones. So, I haven't convinced you that MyWeb has value? Well, consider redirecting your myweb page to your live@edu profile,Spaces page, or other site that you do maintain. Here's how:

<html>
<head>
<meta http-equiv="refresh" content="0;url=http://YOUR_CID_HERE.profile.live.com/">
</head>
</html>
  • Save the file on your computer with a name of index.html
  • Log into your MyDrive web interface at https://mydrive.uga.edu/NetStorage/
  • Navigate to the Home@UGA->www folder
  • From the File menu on the right, select Upload
  • Click Choose File and select your newly created index.html file
  • Click Upload

You could also choose to only redirect certain directories of your site by adding a similar index.html file in the subdirectories that you desire to redirect.

Making Linux Talk Microsoft live@edu

Overview

Our new mail solution will be Exchange 2010 in the form of Microsoft's Live@edu hosted environment. Sounds swell for Microsoft lovers. But, what about us Linux folk? What clients can we use to have as rich an experience as the Microsoft crowd? What to do? Sometimes, the best or only answer for users of any operating system is to use the web interface. Mostly, we'll explore the thick client options in this article.

Email

Evolution hacks seemed to work against Exchange 2007. But, all webdav has been yanked from 2010. I almost lost hope.

The best solution I've come across is Thunderbird + Lightning + xdata-provider. Lightning adds calendar functionality to Thunderbird. The xdata-provider add-on extends the Lightning to interact with the Exchange 2010 calendar. Thunderbird will speak IMAP to Exchange to fetch mail. Lightning/xdata-provider will handle the calendar.

What you'll need

  • Thunderbird
  • the Lightning add-on (available as the "lightning-extension" package in Ubuntu)
  • xdata-provider add-on for Thunderbird

Caveats

Thus far, I've had trouble editing Exchange calendar events in Thunderbird. Nor have I been able to reply (accept/decline) event invitations. Essentially, it has proven useful only for adding new events. I don't even think it has alerted me

Instant Messaging

Empathy provides Instant Messaging capabilities for your live (MSN) account.

Cloud Storage / Collaboration

As for SkyDrive, the best solution is to forget about it (until a Linux client comes along) and use DropBox. Same goes for Office Live Workspace, which will greet you with an "Windows users only" error anyhow.

A couple nice features of SkyDrive is that you can do light editing on Office documents without downloading them. The other is the SSO (single-sign-on), which saves you a click or two.

Blog / Simple Web Site.

I see no point in using Spaces, since there are better blog tools out there and this tool is in no way branded to affiliate one to UGA or any easier to use because of our agreement. Your spaces account must be unique in the spaces.live.com namespace, which already has millions of users.

Tuesday, April 13, 2010

Update Twitter With PHP

There are many API's to interact with Twitter using a variety of languages. I tried twitterlibphp by Justin Poliey, giving him a vote of confidence just for using git. Plus the documentation is clear. I was up and running within 10 minutes with only three lines of code! Thanks Justin!

This code will update my status:
<?
require_once("twitterlibphp/twitter.lib.php");
$twitter = new twitter("screen_name","password");
$xml = $twitter->updateStatus("test at " . time(),'556');
//$xml = $twitter->destroyStatus(12120224745);
echo $xml;
?>
The reply you'll get (by default) looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<status>
  <created_at>Tue Apr 13 20:05:23 +0000 2010</created_at>
  <id>12121728569</id>
  <text>test at 1271189121</text>
  <source>&lt;a href=&quot;http://apiwiki.twitter.com/&quot; rel=&quot;nofollow&quot;&gt;API&lt;/a&gt;</source>
  <truncated>false</truncated>
  <in_reply_to_status_id></in_reply_to_status_id>
  <in_reply_to_user_id></in_reply_to_user_id>
  <favorited>false</favorited>
  <in_reply_to_screen_name></in_reply_to_screen_name>
  <user>
    <id>132618355</id>
    <name>UGA Status Page</name>
    <screen_name>uga_status</screen_name>
    <location></location>
    <description></description>
    <profile_image_url>http://s.twimg.com/a/1271107021/images/default_profile_2_normal.png</profile_image_url>
    <url></url>
    <protected>false</protected>
    <followers_count>0</followers_count>
    <profile_background_color>9ae4e8</profile_background_color>
    <profile_text_color>000000</profile_text_color>
    <profile_link_color>0000ff</profile_link_color>
    <profile_sidebar_fill_color>e0ff92</profile_sidebar_fill_color>
    <profile_sidebar_border_color>87bc44</profile_sidebar_border_color>
    <friends_count>0</friends_count>
    <created_at>Tue Apr 13 18:43:15 +0000 2010</created_at>
    <favourites_count>0</favourites_count>
    <utc_offset>-18000</utc_offset>
    <time_zone>Eastern Time (US &amp; Canada)</time_zone>
    <profile_background_image_url>http://s.twimg.com/a/1271107021/images/themes/theme1/bg.png</profile_background_image_url>
    <profile_background_tile>false</profile_background_tile>
    <notifications>false</notifications>
    <geo_enabled>false</geo_enabled>
    <verified>false</verified>
    <following>false</following>
    <statuses_count>1</statuses_count>
    <lang>en</lang>
    <contributors_enabled>false</contributors_enabled>
  </user>
  <geo/>
  <coordinates/>
  <place/>
  <contributors/>
</status>

To delete that new status update, run:
<?
require_once("twitterlibphp/twitter.lib.php");
$twitter = new twitter("screen_name","pass");
$xml = $twitter->destroyStatus(12121728569);
echo $xml;
?>

The return XML looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<status>
  <created_at>Tue Apr 13 20:05:23 +0000 2010</created_at>
  <id>12121728569</id>
  <text>test at 1271189121</text>
  <source>&lt;a href=&quot;http://apiwiki.twitter.com/&quot; rel=&quot;nofollow&quot;&gt;API&lt;/a&gt;</source>
  <truncated>false</truncated>
  <in_reply_to_status_id></in_reply_to_status_id>
  <in_reply_to_user_id></in_reply_to_user_id>
  <favorited>false</favorited>
  <in_reply_to_screen_name></in_reply_to_screen_name>
  <user>
    <id>132618355</id>
    <name>UGA Status Page</name>
    <screen_name>uga_status</screen_name>
    <location></location>
    <description></description>
    <profile_image_url>http://s.twimg.com/a/1271107021/images/default_profile_2_normal.png</profile_image_url>
    <url></url>
    <protected>false</protected>
    <followers_count>0</followers_count>
    <profile_background_color>9ae4e8</profile_background_color>
    <profile_text_color>000000</profile_text_color>
    <profile_link_color>0000ff</profile_link_color>
    <profile_sidebar_fill_color>e0ff92</profile_sidebar_fill_color>
    <profile_sidebar_border_color>87bc44</profile_sidebar_border_color>
    <friends_count>0</friends_count>
    <created_at>Tue Apr 13 18:43:15 +0000 2010</created_at>
    <favourites_count>0</favourites_count>
    <utc_offset>-18000</utc_offset>
    <time_zone>Eastern Time (US &amp; Canada)</time_zone>
    <profile_background_image_url>http://s.twimg.com/a/1271107021/images/themes/theme1/bg.png</profile_background_image_url>
    <profile_background_tile>false</profile_background_tile>
    <notifications>false</notifications>
    <geo_enabled>false</geo_enabled>
    <verified>false</verified>
    <following>false</following>
    <statuses_count>0</statuses_count>
    <lang>en</lang>
    <contributors_enabled>false</contributors_enabled>
  </user>
  <geo/>
  <coordinates/>
  <place/>
  <contributors/>
</status>

Friday, April 9, 2010

Creating Favorite Icons For Your Website

Usually, I have so many browser tabs open that I only see the icons. And, my server logs fill with "favico.ico not found" errors. So, for the sites I manage, I want custom icons for easy identification. But, creating icons is a pain, right? Today, I was fed up with locating a couple of my sites which do not have icons. I thought, "I wonder if Linux's convert tool will make one for me without much effort." Sure enough:

convert --resize 16x16 cribbed_sqare_image.png favicon.ico

scp favicon.ico myserver:/docroot

Done!

Tuesday, March 9, 2010

RHEL patching with yum-security

Our security group is pushing us to install security-related patches within two weeks of their release. While that may not make sense for servers in a production environment, I'll admit that our traditionally infrequent cycle was not optimal either. I recently discovered yum-security, a package which extends the yum command in RHEL5. It allows my shop to appease the security guards while applying other bug fixes and enhancements with more consideration.

It has been included in the base install since RHEL 5.1. If it's not on your RHEL system, run

yum install yum-security

To list available security errata, run

yum --security check-update

To install only security-related errata, only up to the latest security errata package, patch using the following command:

yum --security update-minimal

Patching with precision should result in more secure systems with more uptime and more stability. See the yum-security man page for details and examples.

Friday, February 19, 2010

Tell Whether fsck Is About to Check A Filesystem

How can one determine if a disk will be fsck'd at next boot? Basically, use tune2fs. Here's a potentially useful script. We probably also want to know which filesystems are set to never notify. That information is not captured in this script. This type of data will help when planning downtimes.

#!/bin/sh

# intervalwarn sets the number of seconds prior to the check interval that we would like to be notified
# a setting of zero will only warn when the interval has actually been exceeded
# the notification will not be worded properly for values > 0
intervalwarn=0
# mountwarn defines how many mounts before maxmounts we would like to be notified
mountwarn=1

# notice is the message that will be sent if fsck is imminent
notice="Notice: fsck will automatically check /$dev if remounted (or upon server reboot).  Use tune2fs for details."
# noticesubject is the short description (or subject line) of the notice
noticesubject="impending fsck notice"


for dev in $(fsck -AN|sed "s/.* \///"|grep dev)
do

  # will it fsck on remount/reboot due to unchecked mounts exceeding the max mounts setting?
  maxmountcount=$(tune2fs -l /$dev |grep "^Maximum mount count:"|sed -r 's/^.* ([0-9\-]*)$/\1/')
  mountcount=$(tune2fs -l /$dev |grep "^Mount count:"|sed -r 's/^.* ([0-9]*)$/\1/')
  let mountdiff=$maxmountcount-$mountcount
  if [["$mountdiff == "1"]]
  then #do stuff like set a factor fact or this:
    notify=true
  fi

  # will it fsck on remount/reboot due to the time since the last mount?
  # the "Next check after:" field will not be present if "Check interval" is 0
  # (i.e. don't use that field in a script)
  lastcheck=$(tune2fs -l /$dev |grep "^Last checked:"|sed -r 's/^.*d:(.*)$/\1/')
  lastchecksecs=$(date -d "$lastchecked" +%s)
  checkinterval=$(tune2fs -l /$dev |grep "^Check interval:"|sed -r 's/^.*l:(.*)\(.*$/\1/')
  curdate=$(date +%s)
  let secsleft=$curdate-$checkinterval
  if [[ "$secsleft" <= "$intervalwarn" ]]
  then # do stuff like set a factor fact or this:
    notify=true
  fi

done

# send a notice
if [[ "$notify" == "true" ]]
then
  echo $notice | /bin/mail -s "$noticesubject" root
fi

Thursday, February 18, 2010

Configuring Screen for Multiple Remote Sessions

I typically SSH to a single machine at work which serves as a Basion Host. From there, I log into various machines inside the network. Screen allows me to have my sessions persist between logins to the bastion host. Typically, only the process name is shown in the "<ctrl>+a+<">" list of screens. This .screenrc allows me to see the hosts to which I've connected. It doesn't work well for Solaris hosts, though.

windowlist title "Num Hardstatus %80=Title%=Flags"
windowlist string "%3n %h %80=%t%=%f"
shelltitle '$ |bash:'

Screenshot of the 'screens' list

Wednesday, February 17, 2010

Oracle Calendar on 64-bit Ubuntu Karmic

Installation

cd
mkdir lib32
cd lib32
wget ftp://ftp.uga.edu/ubuntu/pool/universe/g/gcc-3.3/libstdc++5_3.3.6-17ubuntu1_i386.deb
dpkg -X libstdc++5_3.3.6-17ubuntu1_i386.deb
mv usr/lib/ to ./
rm -r usr *.deb
cd ..
mkdir lib
wget ftp://ftp.uga.edu/ubuntu/pool/universe/g/gcc-3.3/libstdc++5_3.3.6-17ubuntu1_amd64.deb
dpkg -X libstdc++5_3.3.6-17ubuntu1_amd64.deb
mv usr/lib/ to ./
rm -r usr *.deb
cd ..
mkdir lib
cd
download the oracle calendar client from Oracle or Sitesoft
tar xzvf $thepackage
export LD_LIBRARY_PATH=$HOME/lib:$HOME/lib32
cd OracleCalendar_inst
sudo ./text_install.sh
  • install to /usr/local/lib/oraclecalendar
  • link to /usr/local/lib

To run the app

export LD_LIBRARY_PATH=$HOME/lib:$HOME/lib32
/usr/local/bin/ocal

A script to for a menu launcher

  • create the following script somewhere and chmod 755
#!/bin/sh
export LD_LIBRARY_PATH=$HOME/lib:$HOME/lib32
/usr/local/bin/ocal
  • Use "System->Preferences->Main Menu" to create a menu item for the script

References

http://hsmak.wordpress.com/2009/12/01/how-to-fix-libstdc5-dependency-problem-in-ubuntu-9-10/
http://prowiki.isc.upenn.edu/wiki/Oracle_Calendar_Desktop_Client_for_Linux