Gamelinux PassiveDNS RPM (RedHat / Centos)

PassiveDNS, A tool (by GameLinux) to collect DNS records passively to aid incident handling, Network Security Monitoring (NSM) and general digital forensics.

PassiveDNS sniffs traffic from an interface or reads a pcap-file and outputs the DNS-server answers to a log file. PassiveDNS can cache/aggregate duplicate DNS answers in-memory, limiting the amount of data in the logfile without losing the essense in the DNS answer.

I only found some RPM builds, for example by Slava Dubrovskiy at Altlinux but they were out-of-date (release 0.3.3). I’ve created a new RPM which is up-to-date with release 1.2.0 (b94d776). Feel free to download and rebuild the source RPM (passivedns-1.2.0-3.20151019git3e0611d.cgk.el6.src.rpm) if required. 4 packages will be built: passivedns, passivedns-daemon, passivedns-tools, passivedns-debug.

One thing to note, a patch has been added to this RPM which makes passivedns send it’s logs to syslog via the local6 facility, instead of the local7 facility.

— update
I’m going to write some systemd compatible service scripts for passivedns at RedHat / Centos 7. These will be versioned at github.
Continue reading Gamelinux PassiveDNS RPM (RedHat / Centos)

Openstack Jenkins Job Builder RPM

Jenkins Job Builder takes simple descriptions of Jenkins jobs in YAML or JSON format and uses them to configure Jenkins. You can keep your job descriptions in human readable text format in a version control system to make changes and auditing easier. It also has a flexible template system, so creating many similarly configured jobs is easy.

Continue reading Openstack Jenkins Job Builder RPM

Redhat certificate based subscriptions

I ran into some problems trying to fix certificate based subscriptions for rhel6, these two articles were very helpful so I suggest you have a look at them before reading on:

I was able to register the machine and subscribe a valid pool to it, but when listing the available repositories with yum, ‘This system has no repositories available through subscriptions.’ returned. Redhat support informed me I had to install the appropriate product license key myself.

Continue reading Redhat certificate based subscriptions

Simple tunneling for applications that don’t speak IPv6

If you want to access some services that are avaiable only for IPv6 hosts and the application doesn’t support it or you have no time to play with patches, use this tool. Simple `6tunnel 6668 irc6.net 6667′ will do.

I wanted to use a package that has been around quite long and sometimes serves me in a good way. Being not able to find any package prebuild, I’m just going to build it myself.

Continue reading Simple tunneling for applications that don’t speak IPv6

Monitoring Cisco Ironport with Collectd

Collectd is a daemon which collects system performance statistics periodically and provides mechanisms to store the values in a variety of ways. Collectd gathers statistics about the system it is running on and stores this information. Those statistics can then be used to find current performance bottlenecks (i.e. performance analysis) and predict future system load (i.e. capacity planning)

You can’t run collectd directly on the Ironport so we needed to find some other way to pull useful data from Ironport. We could either use SNMP (less data) or some other way (more data). After some searching we found out you can also access your Ironport statistics using the web frontend. A logic choice was to use the cURL-XML plugin.

Another important functionality in our setup is the use of graphite, a tool that provides realtime scalable graphing. You can send your metric to graphite in stead of using a local RRD file. This is done via the AMQP plugin for which we provide packages at our yum repository.

You can access the ironport XML file containing more statistics manually: https:///xml/status?, which will result in:

<status build=”rls” hostname=”hostname” timestamp=”20130429193603″>

I’m only going to cover the gauges in this post, because those seem the most relevant.

<gauges>
<gauge name=”ram_utilization” current=”18″ />
</gauge>

You can pull data from this XML using XPath, it takes some time until you find the correct syntax to pull the data, so here is a small example:

<LoadPlugin curl_xml>
Interval 10
<LoadPlugin>

<Plugin “curl_xml”>
<URL “https://ironport.fqdn/xml/status”>
Host “ironport.fqdn”
Instance “ironport”
User “username”
Password “password”
VerifyPeer false
VerifyHost false
CACert “/etc/pki/tls/certs/ca-bundle.crt”

<xpath “/status/gauges/gauge[@name=\”ram_utilization\”]”>
Type “ram_utilization”
ValuesFrom “@current”
</xpath>
</URL>
</Plugin>

That’s about everything you need to do. Remember, if you want your data to be stored in graphite, you also have to configure the AMQP plugin. There are some fine blogposts about that matter, so I’m not going to duplicate this information. Check: Collectd to graphite.

Packaging puppet 3.1.1 for ARM Raspberry PI

Steps

There are some steps you can follow to create yourself a build host that matches the Raspberry Pi almost identically:

  • Install Qemu
  • Download the latest version of Raspbian
  • Expand the raspbian image with extra disk space (more info here)

When your buildhost is operational you can start packaging:

  • Install the puppetlabs source apt repository
  • Start building the arm deb packages

Prepare the buildhost

raspberry-pi_arm

Start building the packages at the buildhost

  • Add the apt-src repository of puppetlabs to your apt/sources.list: “deb-src http://apt.puppetlabs.com/ wheezy main devel depedencies” and apt-get update
  • Install the puppet sources (you’ll probably need to install & build facter first, because it’s a dependency of puppet): apt-src install facter puppet
  • Build the facter package: apt-src build facter (you’ll probably have to install the new package first)
  • Build the puppet package: apt-src build puppet
  • Continue these steps for all other packages until you built them all

Cegeka puppet apt (arm) repository

Our apt repository contains puppet deb packages for the ARM platform, they are build to manage our raspberry pi farm.
deb http://apt.cegeka.be/puppetlabs/ wheezy main dependencies