Tuesday, November 25, 2008

Turbocharge PuTTY with 12 Powerful Add-Ons - Software for Geeks

PuTTY is hands-down the best, free, and lightweight SSH client for Windows. I have provided list of 12 powerful PuTTY add-ons with screenshots, that will solve few shortcomings of the original PuTTY. Play around with these add-ons and choose the one that suites your need.

1. PuTTY Connection Manager

PuTTYCM gives a nice feature to arrange several PuTTY sessions in tabs . While starting PuTTYCM for the first time, you should specify the location of the original PuTTY. This requires .NET 2.0 to be installed on the windows system. Following screen-shot displays three putty sessions in tabs within the same window.

Note: If the PuTTY Connection Manager opens the original PuTTY in a separate window, instead of opening as a TAB, please go to Tools -> Options -> Select the check-box “Enable additional timing for PuTTY capture (ms)” -> set the value to 300 ms. This will open the PuTTY window inside the TAB as shown below.

PuTTY Connection Manager - Multiple Tab
Fig - PuTTY Connection Manager with multiple Tabs

2. PuTTYcyg

Cygwin users will absolutely love PuTTYcyg. This lets you use PuTTY as a local cygwin terminal. If you use cygwin on your windows, I’m sure you’ll hate the default MS-DOS looking cygwin window. Using PuTTYcyg, you can run cygwin inside PuTTY. I love this add-on and use it for my cygwin on Windows.

On PuTTYcyg, click on cygterm radio button in the Connection type. Enter - (hyphen) in the “Command (use - for login shell“, to connect to the cygwin on the windows laptop using PuTTY as shown below.

PuTTYcyg Cygterm radio-button
Fig - PuTTYcyg with Cygterm option

3. PuTTYtray

Using PuTTYtray, you can minimize the PuTTY window to the system tray on windows. By default, original PuTTY stores the session information in the registry. This is painful, when you want to transfer PuTTY sessions from one laptop to another. In PuTTYtray, there is an additional radio button “Sessions from file” as shown below, that will let you store session information in a file.

PuTTYtray
Fig - PuTTYtray with “Session from file” option

4. PuttyTabs

PuttyTabs provides a floating bar, that will display the open PuTTY sessions in TABs. Clicking on one of the tabs will bring the respective PuTTY session to the foreground. While starting PuTTYTabs for the first time, you should specify location of the original PuTTY. It reads the windows registry to get all the available PuTTY sessions. This also requires .NET 2.0 to be installed on the windows system. Following screen-shot displays three putty sessions arranged in tab.

PuTTYTabs Screenshot
Fig - PuTTYTabs with multiple Tabs

5. Quest PuTTY

Quest Software modified the PuTTY to add Active Directory (GSSAPI Kerberos) single sign-on feature. Quest PuTTY uses Microsoft’s Security Service Provider Interface (SSPI), which is Microsoft’s version of the GSSAPI, with which it is wire compatible. This version of PuTTY adds a new menu-item called GSSAPI, under Connection -> SSH, as shown below.

Quest PuTTY with GSSAPI
Fig - Quest PuTTY with GSSAPI option

6. Modified PuTTY

This modified PuTTY stores the PuTTY sessions in folder instead of storing it in the registry. If you already have sessions stored in the registry, it will display those also. The sessions stored in registry will be marked as [registry] as shown below. When you create a session using this PuTTY, this creates a sub-folder called session in the same folder where putty.exe is located, to store all the sessions in the file.

Modified Putty
Fig - Modified Putty displaying both registry and file sessions

7. PocketPuTTY

PocketPuTTY runs on Windows Mobile 2003/5.0 operating system. After I got my blackberry, I have dumped my Dell Axim that was running on Windows Mobile. So, I have not tried PocketPuTTY myself. If you’ve used PocketPuTTY or other mobile version of PuTTY, please leave your feedback.

PocketPuTTY UI
Fig - PocketPuTTY for Windows Mobile

8. portaPuTTY

portaPuTTY is a modified version of the PuTTY that stores the session information in a file by default, instead of storing it in the windows registry. The session files are stored under .putty/sessions folder. The .putty folder is created under the same directory where the putty.exe is located.

9. PuTTY Portable

PuTTY Portable is part of PortableApps suite. Use this to launch PuTTY from the USB drive and carry the sessions along with you.

10. PuTTY Launchy Plugin

If you are using Launchy, the open source keystroke launcher for windows, you can use Putty Launchy Plugin, to launch putty sessions from Launchy very easily. i.e you can type “ssh” or “putty” followed by tab or space to list all of your PuTTY sessions. Once you select a particular session, Launchy will automatically launch that particular PuTTY session.

PuTTY Launchy Plugin
Fig - PuTTY Launchy Plugin. Type ssh followed by tab.

11. PuTTY Session Manager

PuTTY Session Manager will let you organize the PuTTY sessions into folders and assign hotkeys. This requires Microsoft .NET 2.0. Right click on the PSM icon in the system track and select “Session Hotkeys” to assign hot-keys for PuTTY session as shown below.

PuTTY Session Manager Hot Key Assignment
Fig - PuTTY Session Manager with session hot-key

To create a folder, right click on a particular PuTTY session -> Session Management -> New Folder. To move a existing session to a folder, just drag the session and drop to the corresponding folder.

PSM Session List with folders
Fig - PuTTY Session Manager with sessions inside sub-folder

12. PuTTY Command Sender

PuTTYCS is very helpful little tool that can boost your productivity by eliminating repetitive tasks performed on different servers. Using PuTTYCS, you can send a unix command to multiple PuTTY windows at the same time. You can use this to backup files, view log files, start and stop processes, copying file etc., on multiple servers, just by executing the command once, as shown below.

PuTTY Command Sender
Fig - PuTTYCS sends unix command to multiple PuTTY session

How To Monitor VPN Active Sessions and Temperature Using Nagios

In this article, let us review how to monitor active sessions and temperature of VPN device using Nagios. You can monitor pretty much anything about a hardware using the nagios check_snmp plug-in.

1. Identify a cfg file to define host, hostgroup and services for VPN device

You can either create a new vpn.cfg file or re-use one of the existing .cfg file. In this article, I’ve added the VPN service and hostgroup definition to an existing switch.cfg file. Make sure the switch.cfg line in nagios.cfg file is not commented as shown below.

# grep switch.cfg /usr/local/nagios/etc/nagios.cfg

cfg_file=/usr/local/nagios/etc/objects/switch.cfg

2. Add new hostgroup for VPN device in switch.cfg

Add the following ciscovpn hostgroup to the /usr/local/nagios/etc/objects/switch.cfg file.

define hostgroup{

hostgroup_name ciscovpn

alias Cisco VPN Concentrator

}

3. Add new host for VPN device in switch.cfg

In this example, I’ve defined two hosts–one for primary and another for secondary Cisco VPN concentrator in the /usr/local/nagios/etc/objects/switch.cfg file. Change the address directive to your VPN device ip-address accordingly.

define host{

use generic-host

host_name cisco-vpn-primary

alias Cisco VPN Concentrator Primary

address 192.168.1.7

check_command check-host-alive

max_check_attempts 10

notification_interval 120

notification_period 24x7

notification_options d,r

contact_groups admins

hostgroups ciscovpn

}



define host{

use generic-host

host_name cisco-vpn-secondary

alias Cisco VPN Concentrator Secondary

address 192.168.1.9

check_command check-host-alive

max_check_attempts 10

notification_interval 120

notification_period 24x7

notification_options d,r

contact_groups admins

hostgroups ciscovpn

}

4. Add new services to monitor VPN active sessions and temperature in switch.cfg

Add the “Temperature” service and “Active VPN Sessions” service to the /usr/local/nagios/etc/objects/switch.cfg file.

define service{

use generic-service

hostgroup_name ciscovpn

service_description Temperature

is_volatile 0

check_period 24x7

max_check_attempts 4

normal_check_interval 10

retry_check_interval 2

contact_groups admins

notification_interval 960

notification_period 24x7

check_command check_snmp!-l Temperature -o .1.3.6.1.4.1.3076.2.1.2.22.1.29.0,.1.3.6.1.4.1.3076.2.1.2.22.1.33.0 -w 37,:40 -c :40,:45

}



define service{

use generic-service

hostgroup_name ciscovpn

service_description Active VPN Sessions

is_volatile 0

check_period 24x7

max_check_attempts 4

normal_check_interval 5

retry_check_interval 1

contact_groups admins

notification_interval 960

notification_period 24x7

check_command check_snmp!-l ActiveSessions -o 1.3.6.1.4.1.3076.2.1.2.17.1.7.0,1.3.6.1.4.1.3076.2.1.2.17.1.9.0 -w :70,:8 -c :75,:10

}

5. Validate the check_snmp from command line

Check_snmp plug-in uses the ’snmpget’ command from the NET-SNMP package. Make sure the net-snmp is installed on your system as shown below. If not, download it from NET-SNMP website.

# rpm -qa | grep -i net-snmp

net-snmp-libs-5.1.2-11.el4_6.11.2

net-snmp-5.1.2-11.el4_6.11.2

net-snmp-utils-5.1.2-11.EL4.10

Make sure the check_snmp works from command line as shown below.

# /usr/local/nagios/libexec/check_snmp -H 192.168.1.7 \

-P 2c -l Temperature -w :35,:40 -c :40,:45 \

-o .1.3.6.1.4.1.3076.2.1.2.22.1.29.0,.1.3.6.1.4.1.3076.2.1.2.22.1.33.0



Temperature OK - 35 38 | iso.3.6.1.4.1.3076.2.1.2.22.1.29.0=35

iso.3.6.1.4.1.3076.2.1.2.22.1.33.0=38



# /usr/local/nagios/libexec/check_snmp -H 192.168.1.7 \

-P 2c -l ActiveSessions -w :80,:40 -c :100,:50 \

-o 1.3.6.1.4.1.3076.2.1.2.17.1.7.0,1.3.6.1.4.1.3076.2.1.2.17.1.9.0



ActiveSessions CRITICAL - *110* 20 | iso.3.6.1.4.1.3076.2.1.2.17.1.7.0=110

iso.3.6.1.4.1.3076.2.1.2.17.1.9.0=20

In this example, following parameters are passed to the check_snmp:

  • -H, –hostname=ADDRESS Host name, IP Address, or unix socket (must be an absolute path)
  • -P, –protocol=[1|2c|3] SNMP protocol version
  • -l, –label=STRING Prefix label for output from plugin. i.e Temerature or ActiveSessions
  • -w, –warning=INTEGER_RANGE(s) Range(s) which will not result in a WARNING status
  • -c, –critical=INTEGER_RANGE(s) Range(s) which will not result in a CRITICAL status
  • -o, –oid=OID(s) Object identifier(s) or SNMP variables whose value you wish to query. Make sure to refer to the manual of your device to see all the supported and available oid’s for your equipment. If you have more than two oid’s, separate them with comma.

In the ActiveSessions example, two OID’s are getting monitored. i.e one for VPN LAN-2-LAN tunnels (iso.3.6.1.4.1.3076.2.1.2.17.1.7.0) and another for PPTP sessions (iso.3.6.1.4.1.3076.2.1.2.17.1.9.0). In the above example, VPN LAN-2-LAN active sessions has exceeded the critical limit of 100.

Object Identifier (OID) is arranged in a hierarchical Management Information Base (MIB) tree with roots and branches based on the internet standard.

6. Validate configuration and restart nagios

Verify the nagios configuration to make sure there are no warnings and errors.

# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg



Total Warnings: 0

Total Errors: 0

Things look okay - No serious problems were detected during the pre-flight check

Restart the nagios server to start monitoring the VPN device.

# /etc/rc.d/init.d/nagios stop

Stopping nagios: .done.



# /etc/rc.d/init.d/nagios start

Starting nagios: done.

Verify the status of the ActiveSessions and Temperature of the VPN device from the Nagios web UI (http://{nagios-server}/nagios) as shown below.

Nagios Web UI with Cisco VPN device

Fig - Nagios Web UI showing VPN Device Status

7. Troubleshooting

Issue: check_snmp works without any issues from Linux command line, but Nagios web UI displays following error:

Status Information:	SNMP problem - No data received from host

CMD: /usr/bin/snmpget -t 1 -r 5 -m '' -v 1 [authpriv] 192.168.1.7:161

Solution: Make sure the check_command definition for check_snmp plugin in the switch.cfg file is properly defined. The arguments to the check_snmp command should match the check_snmp definition in the /usr/local/nagios/etc/commands.cfg

check_command check_snmp!Temperature!.1.3.6.1.4.1.3076.2.1.2.22.1.29.0,.1.3.6.1.4.1.3076.2.1.2.22.1.33.0!37,:40!:40,:45

[Note: This is wrong, as it is passing 4 arguments to check_snmp command

The value after the exclamation is considered as one argument. !{argument1}!{argument2}]




check_command check_snmp!-l Temperature -o .1.3.6.1.4.1.3076.2.1.2.22.1.29.0,.1.3.6.1.4.1.3076.2.1.2.22.1.33.0 -w 37,:40 -c :40,:45

[Note: This is correct, as it is passing 1 argument to check_snmp command

The value after the exclamation is considered as one argument. !{argument1}]

In the check_snmp command definition shown below, there is only one $ARG1$ argument. So, in the switch.cfg, while defining the check_snmp, you need to pass only one argument as shown above.

# 'check_snmp' command definition

define command{

command_name check_snmp

command_line $USER1$/check_snmp -H $HOSTADDRESS$ $ARG1$

}

Tuesday, November 18, 2008

Use EL4 rpm in EL5 by using yum

Server

Initial setup

  • Install regular RHEL5
  • Install mrepo and createrepo packages for “el5”
  • If you do have access to a RHEL4 system:
    • Copy the contents from rhel4_system:/usr/share/rhn to rhel5_system:/usr/share/mrepo/rhn
  • If you do not have access to a RHEL4 system:
    • Fetch the up2date RPM package from CD 2 in the RHEL4 set
      • rhel4_system# mount -oloop RHEL4-U4-i386-ES-disc2.iso /mnt
      • rhel4_system# scp /mnt/RedHat/RPMS/up2date-4.4*rpm rhel5_system:/tmp
      • rhel5_system# rpm2cpio up2date-4.4*rpm | cpio -ivmud
      • rhel5_system# mkdir -p /usr/share/mrepo/rhn ; cp -r ./usr/share/rhn/* /usr/share/mrepo/rhn/
    • Alternatively, use the tarfile mentioned on the RPM-tools mailing list
  • You need to change the paths in /usr/bin/rhnget to point to the RHEL4 up2date. This can be done easily with the following command:
    sed -i s,/usr/share/rhn/,/usr/share/mrepo/rhn/,g /usr/bin/rhnget

Configuration

Create the file /etc/mrepo.conf.d/rhel5-server.conf and configure a repository for RHEL5 i386 and x86_64:

[rhel5-server]
name = Red Hat Server $release ($arch)
release = 5
arch = i386 x86_64
metadata = repomd yum repoview

### ISO images
iso = rhel-$release-server-$arch-disc?.iso

### Additional repositories
### Your mileage may vary, depending on your entitlements
### If you try any other channel than updates, you might also need to make sure you have the proper entitlements on RHN
updates = rhns:///rhel-$arch-server-$release
#fastrack = rhns:///rhel-$arch-server-fastrack-$release
#supplementary = rhns:///rhel-$arch-server-supplementary-$release
#virtualization = rhns:///rhel-$arch-server-vt-$release
#rhn-tools = rhns:///rhn-tools-rhel-$arch-server-$release

[Server] name= Server baseurl=http://192.168.100.209/dump/file enabled=1 gpgcheck=0

Usage

  • You need a systemid file to get access to RHN. You have three possibilities:
    • Enter your RHN username and password when running mrepo for the first time
    • or fetch a systemid file from a running server with has a RHN entitlement for the proper version and architecture and put it in /var/mrepo/rhel5-server-$arch/systemid
    • or use /usr/bin/gensystemid to create an entitlement and systemid file
  • Populate your repository with the command mrepo -uvvv (u is for update, vvv is for extra verbosity)
  • If you want to save some time downloading from RHN, and already have the ISOs for RHEL5, you can copy the contents of the CD /RedHat/RPMS/*.rpm to the /var/mrepo/rhel5-server-$arch/updates folder before running mrepo
  • When your repository has been populated, use mrepo -gvvv to generate the yum repository structure at /var/www/mrepo

Troubleshooting

CentOS 5

If you get an error like: rhnget: “Unknown error that needs more debugging occured with channel rhel-i386-server-5. Skipping.\n'up2date'”

Make sure /etc/sysconfig/rhn/sources is not empty and has an “up2date default” line as a minimum.

# CentOS NOTE: This file is deprecated and no longer used, all system management
# is now handled via yum, look at yum's configs to manage repositories etc
#
#

up2date default

# EOF

SElinux

You might have an issue with the web server not being able to show you the files in the yum repository. This is not due to a missing FollowSymlinks in your Apache config, but due to SElinux enforcements. Verify this with a peek at your Apache error log at /var/log/httpd/error.log. If it's trying to tell you that the symlinks doesn't exist, then try this:

chcon -Rh --reference /var/www/html /var/www/mrepo

This has been documented in /usr/share/doc/mrepo*/docs/selinux.txt.

RHEL 5.1

You may have the CentOS5 issue reported above, and may need to generate the up2date-uuid file.

  • Find unique uuid of your system:
        # uuidgen
    XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX

The file /etc/sysconfig/rhn/up2date-uuid should read:

uuid[comment]=Universally Unique ID for this server
rhnuuid=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

Client

Configuration

  • Modify /etc/yum/pluginconf.d/rhnplugin.conf and change enabled=1 to enabled=0.
  • Create the file /etc/yum.repos.d/mrepo.conf and configure RHEL to update through your new yum repository:
    [rhel-debuginfo]
    name=Red Hat Enterprise Linux $releasever - $basearch - Debug
    baseurl=http:///mrepo/rhel-$basearch-server-$releasever
    enabled=1
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-KEY-redhat-release

Usage

Yum update, yum install and other yum commands should work as you should be used to now.