Wednesday 25 January 2012

Full path of service and service temporary directory when running


Execute the following command to view all processes and do a search of a service name (The service your searching for)
Code Snippet
  1. ps auxwwwe | grep SERVICENAMEHERE
End of Code Snippet

This will give you back some info about the service. We are really only interested in the ProcessID (PID). This will be an integer.

Example return
root 24466 0.0 0.0 1476 280 ? S 2009 0:00 supervise sshd

PID will be: 24466

So now navigate to /proc and view the contents. You will see a directory for your PID. View the contents of this directory to see the info for the service.

The file path is located @ exe in this example: exe -> /usr/sbin/servicename

Monday 23 January 2012

proftpd - Adding FTPS Support (mod_tls module)


This guide assumes you have proftpd installed with OpenSSL libs. If not, follow this guide

Firstly, I will quickly say....

FTPS or SFTP

People intend to mix FTPS and SFTP together, but both are actually completely differend.

FTPS is a normal FTP server but using SSL encrytion.
SFTP is a ftp kind of session over SSH (so everything is encrypted just like in SSH).


Notes
Users Guide: http://proftpd.org/localsite/Userguide/linked/userguide.html

Steps

*** Ensure mod_tls module is available within your proftpd installation.
*** Ensure you are a root user


1. Open proftpd.conf and add an include to a config file we are going to create (tls.conf). Add the following line below...
Code Snippet
  1. Include         /etc/proftpd/tls.conf
End of Code Snippet

2. Now use vi to create the config file in the specified location...
Code Snippet
  1. vi /etc/proftpd/tls.conf
End of Code Snippet

3. Enter the following information into the file (How to use vi)

Code Snippet
  1. <IfModule mod_tls.c>
  2.  
  3.         TLSEngine                               on
  4.         TLSLog                                  /var/log/proftpd/tls.log
  5.         TLSProtocol                             SSLv23
  6.         TLSRSACertificateFile                   /etc/proftpd/ssl/proftpd.cert.pem
  7.         TLSRSACertificateKeyFile                /etc/proftpd/ssl/proftpd.key.pem
  8.        
  9.         #
  10.         # Avoid CA cert and allow client renegotiation (to overcome 1.3.2c bug 3324)
  11.         #TLSOptions                             NoCertRequest AllowClientRenegotiation
  12.         #
  13.         # Authenticate clients that want to use FTP over TLS?
  14.         #
  15.        
  16.         TLSVerifyClient                         off
  17.        
  18.         #
  19.         # Are clients required to use FTP over TLS when talking to this server?
  20.         #
  21.        
  22.         TLSRequired                             on
  23.        
  24.         #
  25.         # Allow SSL/TLS renegotiations when the client requests them, but
  26.         # do not force the renegotations.  Some clients do not support
  27.         # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
  28.         # clients will close the data connection, or there will be a timeout
  29.         # on an idle data connection.
  30.         #
  31.        
  32.         TLSRenegotiate                          required off
  33.        
End of Code Snippet

4. Generate certificate using OpenSSL
Code Snippet
  1. openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/ssl/proftpd.cert.pem -keyout /etc/proftpd/ssl/proftpd.key.pem
End of Code Snippet

5. Save and close the file.

6. Now restart proftpd for the changes to take effect.
Code Snippet
  1. /etc/init.d/proftpd restart
End of Code Snippet

7. Test FTPS connectivity with the server. See below...
Note: if there are any issues with the connection process, check the log file within the tls.conf file we created: /var/log/proftpd/tls.log


Testing FTPS with lftp

1. Execute following command
Code Snippet
  1. lftp -u USERNAMEHERE -e 'set ftp:ssl-force true,ftp:ssl-protect-data true' SERVERNAMEHERE
End of Code Snippet

2. Enter password for user.

3. Perform a simple command...
Code Snippet
  1. ls -l
End of Code Snippet

Tuesday 17 January 2012

Solaris 9 [SunOS 5.9] - Installing Python from Source with SSL [This example uses 2.7.2]


This is a simple guide on how to install python on a Solaris 9 system. There are a few gotcha's which I am sharing and writing for future use.

1. Download Python. I took the compressed source tarball (.tgz). You are essentially compiling the source on your system.

2. Optional: Transferring it to the server. I had to transfer it to the server to install, so if you need to do that, see my previous post

3. Unzip the package using the following command. It will unzip, then untar.
Code Snippet
  1. gunzip -c PYTHONFILENAME.tgz |tar xvf -
End of Code Snippet

4. You now need to configure the source. This will produce a Makefile based on your system. Navigate to the Python source directory, and execute the following command...
Code Snippet
  1. ./configure --prefix=/usr/local
End of Code Snippet

5. Now we need to compile our Makefile that has been created.
Code Snippet
  1. make
End of Code Snippet

6. Ensure you are a root user before this step ("su root" - to change). Execute the following command to install Python.
Code Snippet
  1. make -i install
End of Code Snippet

7. If everything went well (it probably didn't - see below!). Add Python to your system PATH variable. This way, you don't need to refer to /usr/local everytime you execute a script. See my previous blog post on how to do this.

8. Simply execute the following command to check Python has set itself up correctly... Do this outside of the source directory, so you can test the PATH variable aswell.
Code Snippet
  1. python --version
End of Code Snippet

9. Get an ice cold beerski in!


Troubleshooting

During the make procedure, you receive the following...

./Parser/asdl_c.py -c ./Python ./Parser/Python.asdl
/usr/bin/env: No such file or directory
make: *** [Python/Python-ast.c] Error 127


Simply touch the libraries it requires (see below), and re-try... (Run make clean before re-try)
Code Snippet
  1. touch Include/Python-ast.h Python/Python-ast.c
End of Code Snippet


During the install procedure, you receive the following...

make: ar: Command not found

You need to add ar to your PATH variable. This is located in /usr/ccs/bin. See my previous blog post on how to do this.

Note: If you are receiving an error while re-trying or you wish to remove temporary install files, simply execute the following command... "make clean"


Optional: Adding SSL Support to Python
Python needs to be compiled with SSL support... You can enable this by firstly installing the OpenSSL development libraries (libssl-dev download here) before the initial Python installation. Ensure you can open the OpenSSL console by typing openssl... If not, add it to your PATH. You then uncomment a few lines from the Modules/Setup.dist file.

Open the 'Modules/Setup.dist' file for editing, and uncomment the following lines (Assuming you installed OpenSSL to the default location)...

Code Snippet
  1. 204: # Socket module helper for SSL support; you must comment out the other
  2. 205: # socket line above, and possibly edit the SSL variable:
  3. 206: SSL=/usr/local/ssl
  4. 207: _ssl _ssl.c \
  5. 208:     -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
  6. 209:     -L$(SSL)/lib -lssl -lcrypto</pre>
End of Code Snippet


Save and close the file... then copy the file to /Setup. Otherwise Python will warn you this this file is newer than the Setup copy. You can now proceed to install Python with the instructions as above.

You can verify the installation by running the following test script...

Code Snippet
  1. python /usr/local/lib/python2.5/test/test_socket_ssl.py
End of Code Snippet


Module Errors
If you experience any errors with modules... then execute python's setup.py file. This will install all of the modules by default.

Code Snippet
  1. python setup.py install
End of Code Snippet

Bash/sh/csh/tcsh - Updating PATH environment variable in session and on logon


When updating your PATH varible, it's usually because an installation requires programs and utilities within a directory, and the knowledge of the full path is not known. Either that, or you would like to refer to a command program within specifying the full path. You will usually receive the following error message if a program cannot be found...

xxx: Command not found

So lets check our current PATH using the following command...
Code Snippet
  1. echo $PATH
End of Code Snippet

We can now view the current directories included in our PATH variable.
Example: /usr/sysmgr/bin:/bin:/usr/sbin:/usr/bin:/usr/ucb:/usr/sysmg/bin:/etc:/usr/local/bin:.

For example, we may wish to install a program, and it requires the ar tool (A tool to aid archiving). It is unaware of the full system path, so we need to add the directory it resides in to our environment variable.

We can either do this temporarily or permanently... It also depends on which shell you are using.


Note: To find out which shell you are using, execute the following command.
Code Snippet
  1. echo $SHELL
End of Code Snippet


Temporarily

tcsh/csh Shell (Seperate by spaces and use set command)
set path=(/usr/sysmgr/bin /bin /usr/sbin /usr/bin /usr/ucb /usr/sysmg/bin /etc /usr/local/bin .)

bath/sh Shell (Seperate by colon and use export command)
export PATH=$PATH:/path/to/dir1:/path/to/dir2


Permanently

Bash Shell (Edit /.bash_profile or /.bash_profile files)
http://www.cyberciti.biz/faq/change-bash-profile/

tcsh/csh Shell (Edit /.login or /.cshrc files)
http://osr507doc.sco.com/en/OSUserG/_The_C-shell_login_and_cshrc.html

In both cases, you are simply adding the command into a login/shell startup script to that the variable is always set with the extra paths. To edit these files, I recommend using vi (text editor).

vi Help
vi in Solaris help
vi in Unix help

Transfer Files From One UNIX Server To Another using scp


In Unix, you can use the scp command to copy files and directories securely between remote hosts without starting an FTP session or logging into the remote systems explicitly. The scp command uses SSH to transfer data, so it requires a password or passphrase for authentication. Unlike rcp or FTP, scp encrypts both the file and any passwords exchanged so that anyone snooping on the network can't view them.

Warning: Be careful when copying between hosts files that have the same names; you may accidently overwrite them.

From Server to Local
Code Snippet
  1. scp -r user@server1:/directory/files /localDirectory
End of Code Snippet

From Local to Server
Code Snippet
  1. scp -r /localDirectory user@server1:/directory/files
End of Code Snippet

Wednesday 4 January 2012

Python SUDS (SOAP API) full example with WSSE and complex types


I began this task in Perl originally, then decided to switch to Python and have an easier ride. I will upload the Perl example when I sort out a few minor issues with the SOAP::Lite library.

Anyway, in this example, you can specify a WSDL and WSSE (Web Service Security Extensions) username and password (sent in clear text btw), and it will send a SOAP request out and get a sample response back.

I have purposely consumed a service that has some complex types available (basically not just strings and ints). You can see how it is to work with the library and consume your own methods with this example.


Here are some useful things to note
- There have been problems with SUDS generating empty tags for optional properties for complex types. If this is the case, you will receive this error in your SOAP Body's response... "Server was unable to read request. ---> There is an error in the XML document. ---> Instance validation error: '' is not a valid value for PROPERTY_HERE."... To get around this, simply specify those properties (example below)

- client.factory.create() is used to let Python know about the complex types.

- "print client" (Using the example below) will tell you everything you need to know about your service (namespaces, types, methods, properties etc).

- The logger is your friend! Don't be a hero! Start out small and go big! The technique is to analyze the SOAP response and query the errors. If you can get a hold of what the correct SOAP envelope should look like, then compare this against the SOAP request you are sending out. This is the easiest way to solve any problems.

- Coming from a .NET background, I added a service reference and made a simple call with C#. You can then write more code to analyze the SOAP Request, or simply install Fiddler2 (If you haven't got it already, only 600kb and very useful!) to get the correct SOAP envelope to compare against.


Code Snippet
  1. #!/usr/bin/python
  2. #
  3. # Sean Greasley. TutorialGenius.com 2012.
  4. #
  5. # Creates a portfolio object using the exacttarget SOAP API. An image must exist at the specified URN
  6. # before alerting the system that the image is ready to be processed,
  7. #
  8. # USAGE:
  9. #    -portfolio <Display Name> <URN> <File Name> <Optional: CustomerKey>
  10. #    -portfoliowsdl <WSDL Address> <WSSE Username> <WSSE Password> <Display Name> <URN> <File Name> <Optional: CustomerKey>
  11. #
  12. #
  13. # Imports
  14. from suds.client import Client
  15. from suds.wsse import *
  16.  
  17. # Logging Options
  18. import logging
  19. logging.basicConfig(level=logging.INFO)
  20. logging.getLogger('suds.client').setLevel(logging.DEBUG)
  21. logging.getLogger('suds.wsdl').setLevel(logging.DEBUG)
  22. logging.getLogger('suds.wsse').setLevel(logging.DEBUG)
  23.  
  24.  
  25. # Define usage options
  26. def printUsage():
  27.     print ""
  28.     print "[USAGE]"
  29.     print "------------------------------------------------------------------------"
  30.     print "    " + sys.argv[0] + " -portfolio <Display Name> <URN> <File Name> <Optional: CustomerKey>"
  31.     print "    " + sys.argv[0] + " -portfoliowsdl <WSDL Address> <WSSE Username> <WSSE Password> <Display Name> <URN> <File Name> <Optional: CustomerKey>"
  32.     print ""
  33.     return
  34.  
  35.  
  36. # Validate argument input
  37. if (len(sys.argv) <= 1):
  38.     print "Invalid usage options..."
  39.     printUsage()
  40.     sys.exit(1)
  41. elif (sys.argv[1] == "-portfolio" and (len(sys.argv) == 5 or len(sys.argv) == 6)):
  42.     print "Setting up a portfolio"
  43. elif (sys.argv[1] == "-portfoliowsdl" and (len(sys.argv) == 8 or len(sys.argv) == 9)):
  44.     print "Setting up a portfolio with WSDL options"
  45. else:
  46.     print "Invalid usage options..."
  47.     printUsage()
  48.     sys.exit(1)
  49.  
  50.  
  51.  
  52. # Setup variables
  53. WSDL_URL = "https://webservice.s4.exacttarget.com/etframework.wsdl"
  54. WSSE_USERNAME = "Username here!"
  55. WSSE_PASSWORD = "Password here!"
  56. PORTFOLIO_DISPLAYNAME = "Test Sean Display Name1"
  57. PORTFOLIO_URN = "http://www.ct4me.net/images/dmbtest.gif"
  58. PORTFOLIO_FILENAME = "dmbtest.gif"
  59. PORTFOLIO_CUSTOMERKEY = ""
  60.  
  61. if (sys.argv[1] == "-portfoliowsdl"):
  62.     WSDL_URL = sys.argv[2]
  63.     WSSE_USERNAME = sys.argv[3]
  64.     WSSE_PASSWORD = sys.argv[4]
  65.     PORTFOLIO_DISPLAYNAME = sys.argv[5]
  66.     PORTFOLIO_URN = sys.argv[6]
  67.     PORTFOLIO_FILENAME = sys.argv[7]
  68.    
  69.     try:
  70.         PORTFOLIO_CUSTOMERKEY = sys.argv[8]
  71.     except:
  72.         print "No Customer key specified. Using default..."
  73. elif (sys.argv[1] == "-portfolio"):
  74.     PORTFOLIO_DISPLAYNAME = sys.argv[2]
  75.     PORTFOLIO_URN = sys.argv[3]
  76.     PORTFOLIO_FILENAME = sys.argv[4]
  77.    
  78.     try:
  79.         PORTFOLIO_CUSTOMERKEY = sys.argv[5]
  80.     except:
  81.         print "No Customer key specified. Using default..."
  82.  
  83.  
  84. # URL Detail
  85. client = Client(WSDL_URL)
  86.  
  87.  
  88. # WSSE Security
  89. security = Security()
  90. token = UsernameToken(WSSE_USERNAME, WSSE_PASSWORD)
  91. security.tokens.append(token)
  92. client.set_options(wsse=security)
  93.  
  94.  
  95. # Build up portfolio
  96. # 'Portfolio' is a complex type... so we use the create method to expose the properties to us. We can then populate the properties as normal.
  97. portfolio = client.factory.create('Portfolio')
  98. portfolio.DisplayName = PORTFOLIO_DISPLAYNAME
  99. portfolio.CustomerKey = PORTFOLIO_CUSTOMERKEY
  100. portfolio.Source = client.factory.create('ResourceSpecification')
  101. portfolio.Source.URN = PORTFOLIO_URN
  102. portfolio.FileName = PORTFOLIO_FILENAME
  103.  
  104.  
  105. # For some reason the SUDS library tends to generate empty SOAP tags for optional properties. Here I have manually specified the defaults here. Just be aware of that!
  106. createOptions = client.factory.create('CreateOptions')
  107. createOptions.RequestType = "Synchronous"
  108. createOptions.QueuePriority= "High"
  109.  
  110.  
  111. # Attach Portfolio to array - Need to set at pos 0, as it returns 1 by default.
  112. apiObject = [client.factory.create('APIObject')]  # Remember [ ], its an array!
  113. apiObject[0] = portfolio
  114.  
  115.  
  116. # Create portfolio
  117. # This method also had 'out' parameters exposed
  118. print client.service.Create(createOptions, apiObject)
  119.  
  120.  
  121. # Uncomment this next line to find out useful information about your service.
  122. # print client
End of Code Snippet