So, heartbleed happened. That pretty much ruined the day for most people running mission critical services online. Being a consultant meant helping quite a lot of customers, friends, and colleagues to scan for vulnerable services, which meant that my day (and in fact week) was also ruined by the unexpected interuption.
I found out that the vulnerability script that were found online for nmap and masscan had a lot of false negatives so i decided to wrap up my own vulnerability scanner, meant for scanning and maintaining vulnerability status of Iceland. As a result, the Monitor Iceland Project now has a graph showing in real-time the number of vulnerable servers in Iceland. After doing a fair bit of name and shame the icelandic service providers found great motivation to contact their vulnerable customers. As of this writing there are only 183 vulnerable web servers left in the whole country. Pretty good job if you ask me.
This was bound to happen at some point. Local hard disk was full and google chrome was trying to save a password. End result was a corrupted gnomekeyring which meant i was effectively without any vpn or browser password, or even access to my ssh key.
keyring source repository some code buried within its internal tests called dump-keyring0-format.c which showed partial success in printing most of my passwords. So i had some hope that my keyring was not completely lost. One method available would be to print out all the passwords and store them in a new file. However when i noticed there were python bindings out there i eventually came up with a much nicer solution:
import gnomekeyring for keyring in gnomekeyring.list_keyring_names_sync(): for i in gnomekeyring.list_item_ids_sync(keyring): try: # This will file if the keyring file is corrupted # at that point in the file item = gnomekeyring.item_get_info_sync(keyring, i) #print item.get_display_name(), item.get_secret() except Exception: # Left commented out for obvious reasons #gnomekeyring.item_delete_sync(keyring, i) print "%s: item %s deleted." % (keyring, i)
When monitoring remote services, you use whatever resources you have available, right ?
Some days you are lucky and you get a very nice HTTP error codes or json-data with the status information you need. Some days you have a very nasty SOAP message, and sometimes you get something right in between like status data encoded like a .png image.
We had the challenge of creating a nagios plugins that lets you know if a volcano is currently erupting in iceland or not.
Anyone remotely interesting in nagios plugins that monitor image contents, get mine here.
I have a new project going on right now.. Monitoring everything in Icelandic society with Adagios. Check it out at http://iceland.adagios.org.
Currently we are monitoring most DNS and web servers we know in Iceland and to make things a little more interesting we monitor we non-technical metrics like:
- Is there storm warning ?
- Are there any earthquakes going on ?
- How Many patients are in the emergency room ?
- Are public transportation like buses and airplanes running ?
- Is the local currency stable
There are lots of cool ideas that can be integrated in the project. Sadly all my time is occupied with improving the business intelligence module in Adagios, so that the site runs smoothly and reliably.
Have you ever inherited a nagios setup where the configuration file hierarchy is a complete mess ?
Ever wanted to split that services.cfg with 2000 objects in it into one file per host ?
It is relatively easy to do with pynag. Consider this script which copies all the nagios objects and creates an example hierarchy under /tmp/nagios/conf.d/
#!/usr/bin/env python # # This pynag script will parse all your nagios configuration # And write a copy of every single object to /tmp/nagios/conf.d # # This can be very handy if your configuration files are a mess # or if you are thinking about splitting a big file of services # into one file per host # # The script will only write the copy to /tmp so you will # have to manually remove old objects before you copy this # into your /etc/nagios/conf.d or wherever you want to keep # your objects import pynag.Model from pynag.Model import ObjectDefinition # cfg_file is where our main nagios config file is pynag.Model.cfg_file = '/etc/nagios/nagios.cfg' # pynag_directory is where the new objects will be saved pynag.Model.pynag_directory = '/tmp/nagios/conf.d' all_objects = ObjectDefinition.objects.all # Use this instead if you only want to clean up a single directory # config_file='/etc/nagios/all_the_services.cfg' # all_objects = ObjectDefinition.objects.filter(filename__contains=config_file) for i in all_objects: print "Saving", i.object_type, i.get_description(), "...", # Set a new filename for our object, None means # That pynag decides where it goes new_filename = None # Alternative: # if i.object.type == 'host' and i.host_name is not None: # new_filename = '/tmp/nagios/conf.d/hosts/%s" % i.host_name i.set_filename(new_filename) i.save() print "Saved to", i.get_filename()