Tag: EngPost

Log bash history to syslog on CentOS 6

I think you should notice the new feature of Bash 4.1: log the bash history to syslog.

If you don’t, try to find it yourself in the official change logs here: http://tiswww.case.edu/php/chet/bash/CHANGES

There is a new configuration option (in config-top.h) that forces bash to
forward all history entries to syslog.

There is little information about it, you may not know how to use the fancy feature. This post will show you how to enable it.

There is no configurable option to enable it, and it is disable by default on CentOS 6, so, we must recompile the BASH to make it work. In order to take the less change to the system, we are going to recompile the BASH with the src rpm package.

1) Download the SRPM package, and verify the file.

From here: http://vault.centos.org/6.4/os/Source/SPackages/bash-4.1.2-14.el6.src.rpm

And always keep a good behavior habit to verify the file download from internet, especially this one, it’s your SHELL !

$ sha1sum bash-4.1.2-14.el6.src.rpm
da020835947d7098cf8c07d49b61dd2e6c482f6b bash-4.1.2-14.el6.src.rpm

If the sha1 checksum of the srpm file shows you “da020835947d7098cf8c07d49b61dd2e6c482f6b” , you get the correct file. The strings comes from the file: http://vault.centos.org/6.4/os/Source/repodata/primary.xml.gz 

2) Prepare your rpmbuild environment

Remember this rule [1] :

Building RPMs should NEVER be done with the root user. It should ALWAYS be done with an unprivileged user

$ sudo yum install -y rpm-build make gcc
 
$ mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
 
$ echo '%_topdir %(echo $HOME)/rpmbuild' > ~/.rpmmacros

3) Install the SRPM package

$ rpm -i bash-4.1.2-14.el6.src.rpm

So many warnings like:

warning: user mockbuild does not exist – using root
warning: group mockbuild does not exist – using root
warning: user mockbuild does not exist – using root
warning: group mockbuild does not exist – using root
warning: user mockbuild does not exist – using root
warning: group mockbuild does not exist – using root
warning: user mockbuild does not exist – using root
warning: group mockbuild does not exist – using root
warning: user mockbuild does not exist – using root
warning: group mockbuild does not exist – using root

….

As you did before, just ignore the warnings. :-)

The command will unpacke some files from SRPM and put them into the directory “rpmbuid” you created just now.

4) Rebuild the SRPM

You will follow this instruction [2]:

  1. cd ~/rpmbuild/SPECS/
  2. rpmbuild -bp mypackage.spec
  3. cd ~/rpmbuild/BUILD/
  4. cp existing_directory existing_directory.orig
  5. cd existing_directory
  6. find the file you wish to change, modify it.
  7. cd ~/rpmbuild/BUILD/
  8. diff -Npru existing_directory.orig exiting_directory > name_of_your_patch_file.patch
  9. cp name_of_your_patch_file.patch ~/rpmbuild/SOURCES/
  10. cd ~/rpmbuild/SPECS/
  11. edit the mypackage.spec file to add the definition of name_of_your_patch_file.patch and the application of your_patch_file — please look in the file to see how that is done.
  12. rpmbuild -ba mypackage.spec

 

$ cd ~/rpmbuild/SPECS/
 
$ rpmbuild -bp bash.spec
 
$ cd ~/rpmbuild/BUILD/
 
$ cp -r bash-4.1 bash-4.1.orig
 
$ cd bash-4.1

Now, it’s hack time !

$ vim config-top.h

Find the following comment out line:

/* #define SYSLOG_HISTORY */

Uncomment it:

#define SYSLOG_HISTORY

And make the next few lines:

#if defined (SYSLOG_HISTORY)
# define SYSLOG_FACILITY LOG_USER
# define SYSLOG_LEVEL LOG_INFO
#endif

Change to:

#if defined (SYSLOG_HISTORY)
# define SYSLOG_FACILITY LOG_LOCAL1
# define SYSLOG_LEVEL LOG_DEBUG
#endif

LOG_USER and LOG_INFO means that bash history will use the “user” facility and “info” level. By default, if we don’t change the facility and level of syslog, the bash history will fill with the /var/log/messages …

Available facility: kern, user, info, mail, daemon, auth, syslog, news, uucp, lpr, ftp, cron, local0-7

Available level: emerg, alert, crit, err, notice, info, debug

So I choose the unusual facility “local1″ and level “debug”.

The bash history has the same effect like this command: logger -p local1.debug “helloworld” .

$ vim bashhist.c
void
bash_syslog_history (line)
const char *line;
{
char trunc[SYSLOG_MAXLEN];
 
if (strlen(line) < SYSLOG_MAXLEN)
syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY: PID=%d UID=%d %s", getpid(), current_user.uid, line);
else
{
strncpy (trunc, line, SYSLOG_MAXLEN);
trunc[SYSLOG_MAXLEN - 1] = '\0';
syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY (TRUNCATED): PID=%d UID=%d %s", getpid(), current_user.uid, trunc);
}
}

Change to:

void
bash_syslog_history (line)
const char *line;
{
char trunc[SYSLOG_MAXLEN];
 
if (strlen(line) < SYSLOG_MAXLEN)
syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY: PPID=%d PID=%d SID=%d UID=%d User=%s %s", getppid(), getpid(), getsid(getpid()), current_user.uid, current_user.user_name, line);
else
{
strncpy (trunc, line, SYSLOG_MAXLEN);
trunc[SYSLOG_MAXLEN - 1] = '\0';
syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY (TRUNCATED): PPID=%d PID=%d SID=%d UID=%d User=%s %s", getppid(), getpid(), getsid(getpid()), current_user.uid, current_user.user_name, trunc);
}
}

Because we want to know the current user’s name not hist uid. SID and PPID is for more information about the command.

When you finish the above hacking, let’s continue the recompiling.

diff -Npru bash-4.1.orig bash-4.1 > bash_history_syslog.patch
 
$ cp bash_history_syslog.patch ~/rpmbuild/SOURCES/
 
$ cd ~/rpmbuild/SPECS/
 
$ vim bash.spec

edit the spec file, add these 2 lines to the right place:

Patch117: bash-setlocale.patch
Patch118: bash-tty-tests.patch
Patch119: bash_history_syslog.patch

%patch117 -p1 -b .setlocale
%patch118 -p1 -b .tty_tests
%patch119 -p1 -b .history_syslog
%patch123 -p1 -b .nobits
%patch124 -p1 -b .examples

All done. Let’s rebuild it.

$ rpmbuild -ba bash.spec

After a long wait, the command should end without any error. And it will generate a rpm file named bash-4.1.2-14.el6.x86_64.rpm located in ~/rpmbuild/RPMS/x86_64/ .

5) Install the custom bash rpm. ( force )

$ sudo rpm -Uvh --force bash-4.1.2-14.el6.x86_64.rpm

Let’s see the new “bash” :

$ ll /bin/bash
 
-rwxr-xr-x 1 root root 1030434 Jul 27 02:38 /bin/bash

 

6) Testing 

I use syslog-ng as my syslog server.

Add the following lines to the config file: /etc/syslog-ng/syslog-ng.conf

filter f_bash { facility(local1) and level(debug); };
destination d_bash { file(“/var/log/bash”); };
log { source(s_sys); filter(f_bash); destination(d_bash); };

Restart the syslog-ng:

$ sudo /etc/init.d/syslog-ng restart

Then, you will see your command occurs in /var/log/bash:

Jul 27 02:59:06 alpha -bash: HISTORY: PPID=16253 PID=16254 SID=16254 UID=1001 User=hello sudo cat /var/log/bash

Of course, you can log to the remote syslog server.

 

Enjoy !

 

Reference:

[1] http://wiki.centos.org/HowTos/SetupRpmBuildEnvironment

[2] http://wiki.centos.org/HowTos/RebuildSRPM

 

Automatic build xcode project and distribute to testers using Testflight

Here is my repo in Github:

https://github.com/hellosa/autobuild-upload-testflight

The script is help you build and archive your xcode project from command line, upload to testflight and notify your team members after finishing.

You can create an empty xcode project, read my README of the project and complete the configuration to go through it.

Enjoy !

Configure multiple default gateways in Linux box

Assume that you have a Linux machine which has 3 network interface cards, named eth0, eth1, and eth2. eth0 is 221.237.x.253/24, eth1 is 221.237.x.251/24, and eth2 is 172.16.200.1/22. Because there can be only one default gateway in Linux, the default gateway is 221.237.x.1 via eth0. Although eth0 and eth1 seem to be in the same network, and sharing the same gateway, but actually each of these 2 ip addresses has its own speed rate limit: 10Mb/s. We get total 20Mb/s ideally, but we can’t reach the max speed rate with the only one default gateway, that’s the problem. Let me solve it.

eth0 : 221.237.x.253/24
eth1 : 221.237.x.251/24
eth2 : 172.16.200.1/22 (for intranet, as the router of the local LAN network)
default gateway : 221.237.x.1 via eth0

Here is the situation, this Linux server, as the gateway of the office, I want to use it to route the traffic to the 2 network interfaces.

If some people on the local network want to access a specific IP address (e.g. 61.135.255.144), all the traffic flow through the eth1, all the other situations, through eth0.

1) Linux box, Debian 7, no matter which distro, just use the distro you like. I like Debian most.

2) iproute2, a powerful network utility package. I don’t like the old tools like “route” or “netstat” or something. iproute2 has integrated all the above network tools together. iproute2 is the swiss army knife for System Administrator.

In order to use “ip rule”, you have to make sure that,  the kernel configuration item, “CONFIG_IP_MULTIPLE_TABLES” should be set.

CONFIG_IP_MULTIPLE_TABLES=y

If your kernel doesn’t support this feature, bad luck, you have to recompile the kernel to accomplish the requirement.

Debian 7 ( 3.2.0-4-amd64 ) already has the feature, let’s skip to next step.

First of all, you must understand a concept: routing table.

$ ip rule show
0: from all lookup local
32766: from all lookup main
32767: from all lookup default

There are 3 routing tables here, by default, we are in the table main ( remember, not the table default !), and the other 2 tables are empty.

$ ip r s
default via 221.237.x.1 dev eth0
172.16.200.0/22 dev eth2 proto kernel scope link src 172.16.200.1
221.237.x.0/24 dev eth0 proto kernel scope link src 221.237.x.253
221.237.x.0/24 dev eth1 proto kernel scope link src 221.237.x.251

is the same as

$ ip r s table main
default via 221.237.x.1 dev eth0
172.16.200.0/22 dev eth2 proto kernel scope link src 172.16.200.1
221.237.x.0/24 dev eth0 proto kernel scope link src 221.237.x.253
221.237.x.0/24 dev eth1 proto kernel scope link src 221.237.x.251

“ip r s” is short for “ip route show”.

Now, let me do the job.

ip route add 221.237.x.0/24 dev eth1 src 221.237.x.251 table 163
ip route add default via 221.237.x.1 dev eth1 table 163
ip rule add to 61.135.255.144 table 163

Let me explain the above commands.

The routing table 163 has been created when the first command is executed. 163 is the number I like, you can choose yours, 99, perhaps. The table main, and the table 163, they are totally unrelated to each other.

1)The first command is to provide the information about the subnet.

2)The second command is to define the default gateway of the table 163. This is our SECOND default gateway.

3)The third command is to specify a rule to tell the OS when to use the table 163. Without this command, the table 163 is useless.

 

Now, if someone of the subnet wants to access 61.135.255.144, he use the router’s eth1 to communicate with 61.135.255.144.

Let’s have a look at the “ip rule show” again.

0:	from all lookup local
32765:	from all to 61.135.255.144 lookup 163
32766:	from all lookup main
32767:	from all lookup default

If someone has the LAN ip : 172.16.200.55 also wants to use the SECOND default gateway, we can use the following command:

ip rule add from 172.16.200.55 table 163

It’s pretty easy to understand, right?

0:	from all lookup local
32764:	from 172.16.200.55 lookup 163
32765:	from all to 61.135.255.144 lookup 163
32766:	from all lookup main
32767:	from all lookup default

If you want to clear the record of a table, just run the command:

ip route flush table 163

And remember, never run the command ” ip rule flush” when you ssh to this machine, because it will clear all the route rules, you will lost your connection.

HOWTO Configure L2TP VPN server on Linode Gentoo VPS

Linode announced a new facility in Tokyo, Japan at September 20, 2011. It’s a big good news for us inside the wall. The download speed, and latency, is pretty awesome!!

I migrated my linode(actually it belongs to my boss) from USA to Tokyo with no doubt. And rebuild it from Ubuntu to Gentoo. As a desktop, Ubuntu plays so good so far.But as a server, Ubuntu sucks !!

OK, everything is ready, all we need is a L2TP VPN server.

Here is my L2TP VPN configuration.

First of all, choose a faster mirror server, this is my selection: gentoo.channelx.biz, chosen from mirrorselect (emerge mirrorselect). And add it to /etc/make.conf, replace the original one.

U can run this command if u don’t have an original GENTOO_MIRRORS config in /etc/make.conf.

echo 'GENTOO_MIRRORS="http://gentoo.channelx.biz/" ' >> /etc/make.conf

The software we need: openswan , xl2tpd , ppp. We can install them all with the ‘emerge’ command, but I found there’s something wrong with the openswan (v2.4.15-r2), we must upgrade openswan to version 2.6.31, even though this version is masked.

Solve the masked problem:

echo 'EMERGE_DEFAULT_OPTS="--autounmask=n" '  >> /etc/make.conf
 
echo '=net-misc/openswan-2.6.31 ' >> /etc/portage/package.accept_keywords

OK, install it:

emerge =net-misc/openswan-2.6.31

Let’s do some copy and paste.

Configure the ipsec.

copy the content of /etc/ipsec.d/examples/sysctl.conf to /etc/sysctl.conf ,and make sure the rp_filter options are commented.

# Enables source route verification
#net.ipv4.conf.default.rp_filter = 1
# Enable reverse path
#net.ipv4.conf.all.rp_filter = 1

u can run this command:

cat /etc/ipsec.d/examples/sysctl.conf >> /etc/sysctl.conf

and active the sysctl.conf:

sysctl -p

Edit the /etc/ipsec.conf :

echo 'include /etc/ipsec.d/examples/l2tp-psk.conf' >> /etc/ipsec.conf

when ignore the commented line:

#cat /etc/ipsec.conf | egrep -v "^[[:space:]]*#" | grep -v "^$"
 
conn L2TP-PSK-NAT
	rightsubnet=vhost:%priv
	also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
	authby=secret
	pfs=no
	auto=add
	keyingtries=3
	rekey=no
	ikelifetime=8h
	keylife=1h
	type=transport
	left=YourPublicIP 
	leftprotoport=17/1701
	right=%any
	rightprotoport=17/0
conn passthrough-for-non-l2tp
        type=passthrough
        left=YourPublicIP
        leftnexthop=YourGatewayIP
        right=0.0.0.0
        rightsubnet=0.0.0.0/0
        auto=route

and remember to replace the “YourPublicIP” , “YourGatewayIP” to the correct value.

edit /etc/ipsec.secrets :

YourIPAddress  %any: PSK "sharedsecret"

do the same replacement.

Configure the iptables.

iptables -t nat -A POSTROUTING -j MASQUERADE
 
/etc/init.d/iptables save
 
rc-updat add iptables default

Configure xl2tpd :

# cat /etc/xl2tpd/xl2tpd.conf
 
[global] 
ipsec saref = yes
 
[lns default] 
ip range = 172.16.80.128-172.16.80.254 
local ip = 172.16.80.1
require chap = yes 
refuse pap = yes 
require authentication = yes 
name = xl2tpd
ppp debug = yes 
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

Configure PPP :

# cat /etc/ppp/options.xl2tpd
 
ipcp-accept-local
ipcp-accept-remote
ms-dns  8.8.8.8
ms-dns  8.8.4.4
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
# cat /etc/ppp/chap-secrets
 
Username        xl2tpd      Password        *

do some replacement here.

start the services:

/etc/init.d/ipsec start
/etc/init.d/xl2tpd start

Have fun .

PS: ipsec verify failed ?

Pluto listening for IKE on udp 500                          	[FAILED]
  Cannot execute command "lsof -i UDP:500": No such file or directory
Pluto listening for NAT-T on udp 4500                       	[FAILED]
  Cannot execute command "lsof -i UDP:4500": No such file or directory

it’s all right, because the command ‘lsof‘ is missing, just ‘emerge lsof

Reference:

http://riobard.com/blog/2010-04-30-l2tp-over-ipsec-ubuntu/
http://apple4.us/2010/05/setting-up-l2tp-vpn-on-debian-ubuntu.html
http://forums.gentoo.org/viewtopic-t-324500-highlight-openswan.html (the ppp configuration part, it’s different between gentoo and ubuntu)

——————————
update: 2011-09-26
If u can connect successfully at the first time, but failed at the second. Here’s the solution.
Add the following lines to your L2TP-PSK-noNAT connection and restart ipsec (/etc/init.d/ipsec restart )

dpddelay=40
dpdtimeout=130
dpdaction=clear

Reference:
http://lists.openswan.org/pipermail/users/2011-January/019945.html