Perl - Connect using SSH with Perl & CPAN module

It has been weeks since the last time blogging about Perl. My day to day job has been tying most of my free time and blah blah blah excuses ... :p

My job deals with FreeBSD server, 90% of my time. Daily routines includes checking server health status. FreeBSD has these periodic scripts that will report server health status to sysadm daily, but the emails are always being "ignore" as the info in it are too vast. So, i decided to cough out a simple Perl script that will use SSH to connect to the servers and pull some health status report. This post will talk about using cpan module's, NET::SSH::Perl, to execute commands then print out the results.

Purpose of this script :

• connect to server using ssh
• authenticate only using public key
• run a command and print out the result

Perl modules used :

1. Perl::Critic = perl's best practice
2. Net::SSH::Perl = the basic of using ssh in perl
3. Net::SSH::Perl::Key::RSA = authenticate using public key
4. Class::ErrorHandler = needed by Net::SSH::Perl::Key::RSA module

To reduce the hiccups, install the modules listed above by using CPAN client.

Here is the script :

Ubuntu - How to change default menu for Net Book Remix

Net Book Remix is another spin off of Ubuntu. It's strength is to make Ubuntu to run on Netbook, miniature laptop which target for internet applications users. Typically, the screen size are small (from 9" - 12"), thus it is light (0.8kg - 1.5kg) and runs on Atom processor. The kernel and programs on NBR (Net Book Remix) are tune to run leaner, to accommodate the limited processor speed. The limited processor is in fact a good thing, less heat generated and generally, NBR are quite "cool".

The most notable difference about NBR and the usual Ubuntu linux distribution is, it's menu. The "Ubuntu NetBook Desktop" is the menu that covers the whole desktop with menu items. But people like me, still prefer the "Classic Desktop", with the menu panel on top and windows panel at bottom. Most desirably is the desktop are visible with the frequent access files and programs in it.

So, how do we change the "Ubuntu NetBook Desktop" to the usual "Classic Desktop"? Here is how to do it :

FreeBSD - For the love of all

For the love of the world, please do this.

Step 1 :

cd /usr/src

Step 2 :

make love

Enjoy the output :)

World Peace !!!

FreeBSD - Download ports simultaneously with multiple connections

By default, ports uses 1 connection to download and thus unbearably slow when a server rate limit the connection. Alternatively, we can tell ports to use external utility in order to open multiple connections and download simultaneously.

vim - Commenting multiple lines, block comment

Perl does not have block comment feature. The Acme::Comment module was the easiest way to make Perl do block commenting, with additional features, it allows customization of open & close punctuation mark.

Until yesterday, my first Perl code got some problem and had to seek help from the IRC channel perl-help @ irc.perl.org (these guys are really helpful, thanks dudes!). Just when they were helping me to solve the problem, Caelum tip me on how to block comment in Perl using vim. I thought it was a good idea as it doesn't need to load additional module to handle the block comment thing, which save some CPU processing.

Here it is :

Network IP address calculator - for subnet and range of host

One of the task installing a new FreeBSD box was dealing with IP addresses. Usually, google a web based calculator would do the trick. But today's task is a bit different.

IPv6. A whole row of hexadecimal spinning in front of my eyes, just to figure out what is the range of IP that is usable. Web based IP calculator (based on java script) are not accessible using console based internet browser (links & lynx).

Spontaneously, searching the apt repository return some very interesting stuff.

Console based IP calculator. sipcalc.

Not only it is intelligent enough to figure out the input but also it is intelligent enough to generate useful output. Surprisingly, the output is scripting friendly (using grep and sed will parse the output).

These are the steps to install it under FreeBSD & Debian based distribution (e.g. Ubuntu) :

Perl - How to install Perl module using CPAN shell

One of Perl's strength is it's repository of modules, thousands of modules. No need to re-invent the wheel, just think of what you wanna do and search for it (http://cpan.perl.org).

The CPAN modules are available through the CPAN shell. In this post, we will talk briefly about how to install the CPAN shell and show an example of installing a module.

The Perl Ironman Challenge

Ironman Challenge. An effort to promote Perl within its community.

Accidentally stumble upon the challenge while searching for Perl's mailing lists and blogs.

I have always wanted to pick up a programming language. To buck up my system administration skill by scripting daily routines and system monitoring. And most importantly, write some web application with this much fascinated programming language that is well known for its TMTOWTDI (There's more than one way to do it !!!) flexibility.

This is my first post on the Ironman Challenge.

Why did I pick up the Challenge? A way to force myself to document what i have learn and also reminder myself to practice more. 1 post every week but no more then 10 days in between. I'll have to cough up with something i've learn, and i must learn. :p

At the same time, hopefully someone can spot what i have been missing or did wrong during my learning process. All constructive comments and suggestion is much appreciated.

Currently, i am working on converting the bash scripts i have, to perl. Reason to do so is getting a chance to familiarize myself with perl, with a goal. With this purpose, at least i don't bang around like a headless fly. Also, i think my bash scripts are some fast & dirty approach to accomplish things, which i think "use strict;" & "use warnings;" can fix/correct most of it. After a few days or so meddling around, manage to try out some condition & loop statements, date/time functions, database connections modules & some array operations. Huh, this is one topic for blogging.

At this stage, I am still trying to get around the documentation, perldoc. Most of the time, i'll be browsing "perldoc perltoc" to find out which functions and/or modules i can use. Still trying to figure out how to search for modules or functions.

CPAN. Comprehensive Perl Archive Network. There's definitely something for me to use, so that i don't have to "re-invent" the wheel. This is another nature of me, laziness. Re-using other people's code not only fulfill my laziness, but also make me write shorter code to accomplish my task.

The next post i will be talking about how to install & use modules.

That's all for now...

Adios !!!

BIND - name server error "the working directory is not writable"

Recently, there has been a few incident on vulnerabilities of DNS server being exploited. Fortunately, Bind have release patches soon enough for the rest of us to start covering up the loop holes.

After an upgrade or installations of ISC Bind DNS server 9.6 on a FreeBSD box, we will need to stop and start "named" service. As usual, running the below command will restart it :

/etc/rc.d/named stop
/etc/rc.d/named start

During the restart of the service, a few lines of text pops up saying that the permission of some directories in "/var/named" was altered. By default, the named files will need to be owner and group of "bind" in order for it to run properly. But the script in "/etc/rc.d/named" seems to change some directories ownership to "root" and group ownership to "wheel". This actually causes some errors reported in the log file :

Sep  3 02:44:26 nameserver named[9999]: the working directory is not writable

Naturally, we would issued the command :

chown -R bind:bind /var/name/etc

to fix the permission problem. But after another restart of "named" service using the command :

/etc/rc.d/named restart

the permission revert back to "root" and "wheel". This causes problem when the DNS server transfer zone files from the Master DNS server. The "named" service would not be able to write the latest zone info into the file in the directories "/var/named", then it would create some temporary files.

After some investigation, it seems like the ownership define in "/etc/mtree/BIND.chroot.dist" was set in this way. We will need to redefine the ownership of the directories so that it stop changing the directories ownership back to "root" whenever the "named" service is started so that "named" service owner, "bind" user, which runs the DNS server will be able to write the zones files in "/var/named".

Technorati blog claim fail error

This post is to record how to claim your blog in Technorati. The instruction received was to create a post with the codes provided then the claim process should complete. But it does not. The error below was showed when checking the status :

There was a problem finding your claim code.
If you have already verified above, please contact Technorati support with the following information :

* Please include the following error code: 400
* URL you are claiming : http://scratching.psybermonkey.net
* The name of your blog : Scratching My Needs
* Your contact info : myself@psybermonkey.net
* A short description of your blog and the type of content you like to write about. : This blog is all about Open Source, specifically about Freebsd, Linux and Perl.
* Does your blog have a RSS feed? Please see if you can supply us with an example URL of your feed. : Yes, the url is http://feeds2.feedburner.com/ScratchingMyNeeds

The instruction given from technorati when the codes was provided, did not work. There is a alternative way to claim the blog. That is, create a link on the post with the below html example :

<a href="http://technorati.com/claim/<the blog claim codes>" rel="me">Technorati Profile</a>

Which the "the blog claim codes" is the codes from Technorati, without the angle brackets (<>).

e.g.

<a href="http://technorati.com/claim/abc123xyx" rel="me">Technorati Profile</a>

Technorati should correct its instruction on how to claim the blog. Also, the support should actually buck up. If there wasn't any human(s) behind the support link, don't even put it up there. This confusion wasted 1 week of my time trying all kinds of post with the codes and figuring why the process does not work. Technorati, are you hearing???

FreeBSD - How to use Meta Ports to install group of ports

Often, after a fresh new installation of FreeBSD, we have a set of programs we want to install. The conventional method would be installing it one by one in /usr/ports. Today, we will use meta ports to install the set of applications by just one "make install clean" rather then "cd" into individual directories and do "make install clean" for every ports.

Meta ports are, as the name implies, ports file that describe about the program we are installing. The ports file describe where & what to install for this ports to work. A sample of "where" would be "where to download the source", "where to install it" and so on. As for "what", it would be "what to install to fulfill the dependencies". In this post, we will take advantage of this "what". We will define the dependencies as the list of programs we want to install so that the ports will install it.

This is an example of how to do it :

Apache - [warn] _default_ VirtualHost overlap on port 80, the first has precedence

Virtual Host. A feature that enables Apache to configure multiple domain into one web (http) server. This feature saves the need to run multiple instances of web server and thus saves resources.

After configuring the <VirtualHost> directives, some may encounter an error message :

Error : [warn] _default_ VirtualHost overlap on port 80, the first has precedence

This is due to the missing of a parameter, before any <VirtualHost> directives:

NameVirtualHost

MySQL - Passwordless login within bash script

As like the previous post about passwordless login within Bash script, this post is about how to connect to MySQL database server using Bash script without MySQL client prompting for login.

Here it is :

ssh - How to encrypt/tunnel internet traffic through ssh

When using an insecure internet connection (e.g. wireless), it is a good practice to tunnel internet traffic through ssh. Tunneling through ssh provide encryption of the traffic starting from local computer to the point ends where ssh server is. It is especially important to encrypt the traffic out of the local PC when using un-secure connection as other malicious intent users might be able to sniff packet off the current connection.

How does ssh tunneling works?

SmokePing - How setup logging (or debuging)

SmokePing is an utility to keep track of the network latency from your network to various site. Its output are recorded in graph, for analysis purpose. Its configuration are simple and easy to setup. But some times, logging are needed to debug some probes failed to output to graph. The logging setup will need to edit some files to make sure it rotate itself and syslog needs to be notified.

Here is how you get your hands dirty :

WordPress - wp-cache plugin not working

WordPress plugin wp-cache is a plugin that caches the WordPress post the first time when someone visits it then it uses the cache next time when the same post needs to load again. This saves processing power and also improves user experience as WordPress posts are loaded faster.

For some reason, wp-cache stop working. The "Cache contents" in WP-Cache Manager (accessible from Settings --> WP-Cache) shows both "cached pages" and "expired pages" are "0" (zero) all the time.

The fix is :

FreeBSD - Quick install guide (aka How to install FreeBSD)

Much great have been said on FreeBSD;

• the license has all the freedom you need
• server apps setup are mostly manual. no wizard of oz, no gui. Which makes the administrator have control over everything.
• it boots faster
• its stability is like rock, hard to crash :)
• default installation are lean and mean. Is meant to be built from scratch. Ain't no rubbish you want on the system to trade for vulnerabilities.

Even though some of the above might scare off a normal user, no doubt it is still a great OS that no others can beat. Don't believe me? Try it yourself with the below few pictures (to guide) :

Linux - Shorewall firewall with PPTP VPN dialup client

PPTP VPN uses protocol GRE on two way, both inbound and outbound. Setting up the firewall to allow PPTP VPN dialup client (e.g. Ubuntu's NetworkManager) to use protocol GRE is just a few steps in adding rules and interfaces. This post is based on the previous post "How to set up Shorewall firewall (alternate to FireStarter)", which is a quick tutorial on setting up Shorewall firewall on a single network interface. Here it is :

Linux - How to set up Shorewall firewall (alternate to FireStarter)

There are a few option of firewall interface available on Linux for iptables, both GUI (Graphical User Interface) and CLI (Command Line Interface). FireStarter user interface on GUI is easy to use and configure. The only problem is it does not work properly with PPTP VPN dialup, it blocks protocol GRE. It does provide a workaround (dont ask, it is too painful to remember) but the steps are too tedious and involve the mixture of setup in command line and GUI, and this kind of setup always spells trouble.

Shorewall is another firewall interface that operate on CLI. This is taken from the Shorewall's introduction :

"The Shoreline Firewall, more commonly known as “Shorewall”, is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities."

Shorewall's way of configuring iptables firewall made easy by just describing the rules and interfaces into a few files and the firewall is ready to go. Shorewall's website also provides extensive documentation on how it works and how to setup.

This post's intended to setup Shorewall in a few simple steps and thus, it is not really suitable to implement it on medium to large enterprise. Here it is :

FreeBSD - Error installing KDE4 or Xine

Halfway through installing KDE4 or any ports that is related to Xine, ended fail with the below error message :

===>  Found saved configuration for libxine-1.1.16.3_1
=> xine-lib-1.1.16.3.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from http://superb-east.dl.sourceforge.net/sourceforge/xine/.
xine-lib-1.1.16.3.tar.bz2                     100% of 7293 kB  232 kBps 00m00s
===>  Extracting for libxine-1.1.16.3_1
=> MD5 Checksum OK for xine-lib-1.1.16.3.tar.bz2.
=> SHA256 Checksum OK for xine-lib-1.1.16.3.tar.bz2.
===>   libxine-1.1.16.3_1 depends on file: /usr/local/bin/perl5.8.9 - found
===>  Patching for libxine-1.1.16.3_1
===>   libxine-1.1.16.3_1 depends on file: /usr/local/bin/perl5.8.9 - found
===>  Applying FreeBSD patches for libxine-1.1.16.3_1
1 out of 1 hunks failed--saving rejects to src/combined/ffmpeg/Makefile.in.rej
=> Patch patch-src_combined_ffmpeg_Makefile.in failed to apply cleanly.
=> Patch(es) patch-config.rpath patch-configure patch-misc_Makefile.in patch-misc_libxine.pc.in patch-src:libffmpeg:libavcodec:h263.c patch-src:libffmpeg:libavcodec:mpeg12.c patch-src:libffmpeg:libavcodec:msmpeg4.c patch-src:xine-engine:xine_internal.h patch-src_audio_out_audio_oss_out.c applied cleanly.
*** Error code 1

Stop in /usr/ports/multimedia/libxine.
*** Error code 1

It seems that the patching for ffmpeg in libxine fail for some reason. Checking out the freebsd.org bugs database, it is due to ffmpeg in libxine does not need that patch. The solution to it is :