Archive

Archive for the ‘Scripts’ Category

Understanding traceroute using Scapy

April 18, 2015 Leave a comment

 

Scapy is a packet generator/sniffer and in this post we will be discussing the use of scapy to understand the working of traceroute. And the best part is that, its pythonic 😀

 

Assumptions made:

 

1) I am having a test vm with following details,

Hostname: client1.jackal.com
IP : 192.168.122.101
interface: eth0
Gateway: 192.168.122.1

2) tcpdump is installed on the test vm
3) We are doing a traceroute to google open dns ip 8.8.8.8

 

Explanation:

 

Open two command prompts on your test VM in which one interface contains the traceroute running with the following options,

 

root@client1:~# tcpdump -v -i eth0 -n -t icmp and port not 22

On the other prompt type “scapy” which will open up an interpreter,

 

root@client1:~# 
root@client1:~# scapy
>>> 

Now follow the steps outlined below,

1) Send packet 1 with ttl set as 1,

>>> send(IP(dst='8.8.8.8', ttl=1)/ICMP())
.
Sent 1 packets.
>>> 

In tcpdump output you will see the following(step 2,3, etc. also contains tcpdump output shown after packet send operation),

IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0xc0, ttl 64, id 18982, offset 0, flags [none], proto ICMP (1), length 56)
    192.168.122.1 > 192.168.122.101: ICMP time exceeded in-transit, length 36
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8

 
2) Send packet 2 with ttl set as 2,

>>> send(IP(dst='8.8.8.8', ttl=2)/ICMP())
.
Sent 1 packets.
>>> 

tcpdump output,

IP (tos 0x0, ttl 2, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 253, id 51505, offset 0, flags [none], proto ICMP (1), length 56)
    10.111.44.1 > 192.168.122.101: ICMP time exceeded in-transit, length 36
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8

 
3) Send packet 3 with ttl set as 3. Here you won’t get “ICMP time exceeded in-transit” message. That means that router have either disabled icmp responses or not accessible. You usually see “3 * * *” as responses in such cases of traceroute. Retry 3 times and if you are receiving the same response then display ” * * *”

>>> send(IP(dst='8.8.8.8', ttl=3)/ICMP())
.
Sent 1 packets.
>>> send(IP(dst='8.8.8.8', ttl=3)/ICMP())
.
Sent 1 packets.
>>> send(IP(dst='8.8.8.8', ttl=3)/ICMP())
.
Sent 1 packets.
>>> 
IP (tos 0x0, ttl 3, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 3, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 3, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8

 
4) Send packet 4 with ttl set as 4.

>>> send(IP(dst='8.8.8.8', ttl=4)/ICMP())
.
Sent 1 packets.
>>> 
IP (tos 0x0, ttl 4, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 252, id 62907, offset 0, flags [none], proto ICMP (1), length 96)
    182.73.11.177 > 192.168.122.101: ICMP time exceeded in-transit, length 76
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8

 
5) Send packet 5 with ttl set as 5,

>>> send(IP(dst='8.8.8.8', ttl=5)/ICMP())
.
Sent 1 packets.
>>> 
IP (tos 0x0, ttl 5, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 250, id 25844, offset 0, flags [none], proto ICMP (1), length 96)
    182.79.247.9 > 192.168.122.101: ICMP time exceeded in-transit, length 76
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8

 
6) Send packet 6 with ttl set as 6,

>>> send(IP(dst='8.8.8.8', ttl=6)/ICMP())
.
Sent 1 packets.
>>> 
IP (tos 0x0, ttl 6, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 247, id 0, offset 0, flags [none], proto ICMP (1), length 56)
    72.14.223.230 > 192.168.122.101: ICMP time exceeded in-transit, length 36
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8

 
7) Send packet 7 with ttl set as 7,

>>> send(IP(dst='8.8.8.8', ttl=7)/ICMP())
.
Sent 1 packets.
>>> 
IP (tos 0x0, ttl 7, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0xc0, ttl 246, id 31013, offset 0, flags [none], proto ICMP (1), length 56)
    72.14.237.3 > 192.168.122.101: ICMP time exceeded in-transit, length 36
	IP (tos 0x80, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8

 
8) Send packet 8 with ttl set as 8,

>>> send(IP(dst='8.8.8.8', ttl=8)/ICMP())
.
Sent 1 packets.
>>> 
IP (tos 0x0, ttl 8, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 54, id 23662, offset 0, flags [none], proto ICMP (1), length 28)
    8.8.8.8 > 192.168.122.101: ICMP echo reply, id 0, seq 12535, length 8

This means that the source server is able to identify the destination host in the 8th hop. By default the traceroute program performs upto 30 hops and if its unable to find the destination in 30 hops, it will print a host unreachable message.

The traceroute program actually sends/forwards an ICMP packet with source address set as the machine’s ip in which traceroute is run, and it also sets the TTL value to 1 initially. So when the packet reaches the immediate next router, it reduces the packets TTL by 1 and finds the TTL has reached 0. So it returns a message ICMP time exceeded in-transit to the sender address in packet header. Next time, the sender again increments the TTL value by 1(TTL is now 2) and sends the packet to the destination which will fail on the second router because the TTL of packet will be 0 after it reaches the second router and hence it won’t forward it, but instead reply back to sender with the same message as before. This same logic is applied for subsequent hops, until the packet reaches the destination.
 

 

To Send all 8 packets at once,

>>> send(IP(dst='8.8.8.8', ttl=(1,8))/ICMP())
........
Sent 8 packets.
>>> 

 

IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0xc0, ttl 64, id 18988, offset 0, flags [none], proto ICMP (1), length 56)
        192.168.122.1 > 192.168.122.101: ICMP time exceeded in-transit, length 36
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 2, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 253, id 55537, offset 0, flags [none], proto ICMP (1), length 56)
        10.111.44.1 > 192.168.122.101: ICMP time exceeded in-transit, length 36
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 3, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 4, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 5, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 6, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 250, id 29640, offset 0, flags [none], proto ICMP (1), length 96)
        182.79.247.9 > 192.168.122.101: ICMP time exceeded in-transit, length 76
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 252, id 14334, offset 0, flags [none], proto ICMP (1), length 96)
        182.73.11.177 > 192.168.122.101: ICMP time exceeded in-transit, length 76
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 7, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 8, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 247, id 0, offset 0, flags [none], proto ICMP (1), length 56)
        72.14.223.230 > 192.168.122.101: ICMP time exceeded in-transit, length 36
	IP (tos 0x0, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0xc0, ttl 246, id 40140, offset 0, flags [none], proto ICMP (1), length 56)
        72.14.237.3 > 192.168.122.101: ICMP time exceeded in-transit, length 36
	IP (tos 0x80, ttl 1, id 1, offset 0, flags [none], proto ICMP (1), length 28)
    192.168.122.101 > 8.8.8.8: ICMP echo request, id 0, seq 0, length 8
IP (tos 0x0, ttl 54, id 28109, offset 0, flags [none], proto ICMP (1), length 28)
        8.8.8.8 > 192.168.122.101: ICMP echo reply, id 0, seq 14816, length 8
Advertisements

Sync svn repo commits to website documentroot in Cpanel Server

June 8, 2013 Leave a comment

 

SITUATION: Customer has a cpanel server with one domain hosted on a shared ip and wants to setup svn repository for this domain in such a way that whenever the svn commit operation takes place, the contents of the repository is exported to the documentroot. Thus all updates to files inside documentroot can be done over svn instead of via ftp. Also use ‘svnserve’ daemon for setup and don’t use ‘mod_dav’.

 

ASSUMPTIONS:
1) Cpanel Server is used.
2) Domain is setup on a shared ip
3) Suphp is the php handler used
4) ‘username’ is the username of the website

 

SOLUTION:

1) Install subversion in cpanel server

yum install subversion.x86_64 -y

2) Create a directory named ‘repos’ inside the default documentroot of apache(ie, /usr/local/apache/htdocs/) and start the ‘svnserve’ daemon from that directory. Also make sure that the port 3690 is opened in firewall and you are starting the service as root user.

mkdir /usr/local/apache/htdocs/repos
svnserve -d -r /usr/local/apache/htdocs/repos

3) Create a repository named ‘username’ and import its home directory(/home/username/public_html) to the repository,

cd /usr/local/apache/htdocs/repos
svnadmin create username
cd ~
svn import /home/username/public_html file:///usr/local/apache/htdocs/repos/username -m "username"

4) Now open up the svn repository configuration file “/usr/local/apache/htdocs/repos/username/conf/svnserve.conf” and disable anonymous access and specify the user authentication and authorization files,

[general]
anon-access = none
auth-access = write

password-db = /usr/local/apache/htdocs/repos/username/conf/passwd
authz-db = /usr/local/apache/htdocs/repos/username/conf/authz
realm = Project
logfile = /tmp/svn.log

5) Create a new user in user database file “/usr/local/apache/htdocs/repos/username/conf/passwd”

[users]
jackal777 = pnity29#@I

6) Set authorization for user created in password file via “/usr/local/apache/htdocs/repos/username/conf/authz”

[/]
jackal777 = rw

7) Now finally create post commit hook inside the repository directory “/usr/local/apache/htdocs/repos/username/hooks/post-commit” and set execute permission for that file. Paste the following contents to that file,

#!/bin/bash
svn export --force file:///usr/local/apache/htdocs/repos/username/ /home/username/public_html/
chown -R username:username /home/username/public_html/

The post commit script will export the contents of the repository to the website documentroot and assigns the proper permission to the directory.

 

TESTING:

 

Now checkout the repository to your local directory,

svn co svn://37.71.13.54/username --username=jackal777

Make modifications with the files and then commit to the repository,

cd username
svn commit

Now login to the server and check whether the commit made to repository are shown inside “/home/username/public_html”.

That’s it 🙂

Script to Monitor file creation under all cpanel users documentroot

May 11, 2013 1 comment

 

SITUATION: Customer wants to get the list of all newly created files under all cpanel users documentroot(/home/*/public_html).

 

ASSUMPTIONS: The ‘inotifywait’ command is installed. This command comes with the inotify-tools package.

 

SOLUTION: The following script spawns multiple ‘inotifywait’ processes into background, with each of these processes recursively monitoring and recording file creation events in each cpanel users documentroot. Newly created files under each users home directory are saved in location “/root/monitor/” with the filenames as each users name.

Save the script as “/etc/init.d/inotifywaitd” and grant execute permission to this script.

 

/etc/init.d/inotifywaitd

#!/bin/bash

DESTDIR="/root/monitor"
INOTIFY_CMD="/usr/bin/inotifywait"

if [ $# != 1 ];then
   echo "Usage: /etc/init.d/inotifywaitd {start|stop}"
   exit 1
fi

if [ ! -d ${DESTDIR} ];then
   mkdir ${DESTDIR}
fi


case $1 in

   start)

      for i in `ls -d /home/*/public_html`
      do
         user=$(echo "${i}"|cut -d\/ -f3)
         ${INOTIFY_CMD} -m -r -e create --format '%f' ${i} > ${DESTDIR}/${user}&
      done

   ;;

   stop) pkill inotifywait ;;

   *) echo "Usage: /etc/init.d/inotifywaitd {start|stop}" ;;

esac

 

ERRORS: Sometime you may get the following error while running this script,

Please increase the amount of inotify watches allowed per user via `/proc/sys/fs/inotify/max_user_watches'.

To resolve this issue, increase the filesystem inotify maximum user watches system variable as follows,

1) Get the current value of max_user_watches,

# sysctl -e fs.inotify.max_user_watches
fs.inotify.max_user_watches = 524288
#

2) Open up /etc/sysctl.conf and set value of “fs.inotify.max_user_watches” higher than 524288.

fs.inotify.max_user_watches = 924288

3) Reload sysctl configuration,

# sysctl -p /etc/sysctl.conf
Categories: Cpanel/WHM, Scripts

Java ‘Robot’ class for emulating mouse movement

March 14, 2013 2 comments

 

SITUATION: In your workstation/office-machine someone(probably your local admin) have implemented screen locking program which automatically locks your screen if you have been idle for a few min’s, and you don’t have ‘root’ level access to that machine; so you are not able to help yourself 😦 . The default lock time which was set on my local system(by my admin) was 1min. So, if I’ve been idle for 1min, then it will lock my screen using ‘xlock’ command and I’ve to retype my password to login again(which is pretty much annoying sometimes).

 

 

ASSUMPTIONS: JDK is installed and the java compiler(javac) and java runtime environment(java) are accessible to normal users.

 

 

SOLUTION: You can compile the following ‘java‘ program and run it to avoid yourself getting locked from your desktop continuously. This program uses java ‘Robot‘ class for emulating mouse movement. This program runs in an infinite ‘for‘ loop. It gets the current location of the mouse pointer(gets both ‘x’ and ‘y’ co-ordinates) using class “MouseInfo.getPointerInfo” and set the mouse position as the same, thus creating a movement which bypasses the screen lock.

 

 

RobotMouse.java

import java.awt.AWTException;
import java.awt.Robot;
import java.awt.event.KeyEvent;
import java.awt.MouseInfo;

public class RobotMouse {
    /* DELAY constant defines the time in milliseconds, which the for loop 
     should wait before initiating a mouse movement
     */
    public static final int DELAY = 50000; 
    
    public static void main(String[] args) {
       for(;;){ 
        try {
            
            Robot robot = new Robot();
            // Creates the delay of 50 sec 
            // Robot start moving mouse 
            robot.delay(DELAY);
            robot.mouseMove(MouseInfo.getPointerInfo().getLocation().x,MouseInfo.getPointerInfo().getLocation().y);
            robot.delay(DELAY);
            robot.mouseMove(MouseInfo.getPointerInfo().getLocation().x,MouseInfo.getPointerInfo().getLocation().y);
            
            } catch (AWTException e) {
                    e.printStackTrace();
              }
       }
    }
}

 

 

NOTE:
1) The default time delay set in the program is 50seconds(50000 ms). You can adjust the variable ‘DELAY‘ to set the time duration during which ‘Robot’ class initiates a mouse movement.
2) You have to save the java file in the same name as the main java class. Here it’s ‘RobotMouse.java‘.

 

 

COMPILATION & SAMPLE RUN:
First compile the program using ‘javac’ and then run it using ‘java’ command with ‘nohup’ prefix which runs the the program in background. So, even if you close the console it will still run in background.

reynold@jackal777~# javac RobotMouse.java 
reynold@jackal777~# ls
RobotMouse.class  RobotMouse.java
reynold@jackal777~# nohup java RobotMouse &
[1] 7143
reynold@jackal777~# nohup: ignoring input and appending output to `nohup.out'
reynold@jackal777~# jps
7232 Jps
7143 RobotMouse
reynold@jackal777~#

 

Categories: Scripts

Automate ssh sudo using Expect

March 7, 2013 Leave a comment

SCENARIO: In most of the linux servers as part of securing the ssh service we will be disabling direct root ssh access and will create a wheel user for ssh login and after logging in as that wheel user, we will switch to root user using “sudo su“.

USAGE: The intention is to avoid typing “sudo su” after logging in to the node. The two scripts pasted below can be used for this purpose. The first script “expect.ex” is an ‘expect‘ script which will be called from the bash script “ssh2.sh“. You need to put these two files inside the same directory.

ASSUMPTIONS:
1) ‘expect‘ program is installed
2) The wheel user’s password is the same to be given after typing “sudo su“.
3) In ‘ssh2.sh‘ the username is mentioned directly in ‘USERNAME‘ variable. So, before using this script replace it with your username.

INPUTS:
1) IP Address of the server
2) Wheel users password

expect.ex

log_user 0
set NODEIP [lrange $argv 0 0]
set USERNAME [lrange $argv 1 1]
set PWD [lrange $argv 2 2]
spawn ssh ${USERNAME}@${NODEIP}
expect "(yes/no)?" { send -- "yes\r"; expect "password:" { send -- "${PWD}\r" } } \
"password:" { send -- "${PWD}\r" }
expect "${USERNAME}@"
send -- "sudo su\r"
expect "password" { send -- "${PWD}\r" }
expect "root@"
send -- "\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n"
expect "root@"
send -- "cd /\r"
expect "root@"
send -- "\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r"
expect "root@"
send -- "cat /proc/loadavg\r"
expect "root@"
interact

 

 

ssh2.sh

#!/bin/bash
USERNAME="username"

if [ $# -ne 1 ];then
echo "Usage: ssh2.sh "
exit 1
fi

NODEIP=$1
echo "NODEIP" $NODEIP

read -p "Enter node password:" -s PWD
expect -f expect.ex $NODEIP $USERNAME $PWD
unset PWD

SAMPLE OUTPUT

username@hostname:~$ ssh2.sh node.server.com
NODEIP node.server.com
Enter node password:
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# cd /
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]#                                                                                                                                                                              
[root@node /]#                                                                                                                                                                              
[root@node /]#                                                                                                                                                                              
[root@node /]#                                                                                                                                                                              
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]#                                                                                                                                                                                  
[root@node /]# cat /proc/loadavg                                                                                                                                                                
3.53 4.43 10.30 3/5586 43792                                                                                                                                                                    
[root@node /]#                                                                                                                                                                                  
[root@node /]# 

Script for ssh login to Virtuozzo vps using expect and bash

February 8, 2013 Leave a comment

 

 

OBJECTIVE: Automate login to Virtuozzo vps

 

INPUT :
1) Linux Virtuozzo vps IP address
2) User’s password of node.

 

ASSUMPTIONS:
1) Package for ‘expect’ application is installed in your local machine
2) The linux vps is running
3) The USERNAME variable in bash script is set as “username”. Change it to your Virtuozzo node username which is used for logging in.
4) Both scripts “smtpvpscheck.sh” and “expect.ex” are put under the same directory.

 

LOGIC:
1) The bash script accepts the linux VPS ip address as input. From vps ip it finds the node ip using ‘mtr’ command. After that it requests the users password to be entered. Here, the username is hard coded to the script “smtpvpscheck.sh”. If you want to change it to yours, then modify it directly in the script.

 

At the final section of the bash script, it calls the expect script “expect.ex” and pass the node’s ip, username(for ssh), password and the VPS ip to it.

 

 

Bash script: smtpvpscheck.sh

#!/bin/bash

USERNAME="username"

if [ $# -ne 1 ];then 
 echo "Usage: smtpvpscheck.sh "
 exit 1
fi

VPSIP=$1
echo "VPSIP" $VPSIP

NODEIP=`mtr -nr ${VPSIP}|tac|sed -n 2p|awk '{print $2}'`
echo "NODEIP" $NODEIP

read -p "Enter node password:" -s PWD

expect -f expect.ex $NODEIP $USERNAME $PWD $VPSIP

unset PWD

 

2) The expect script “expect.ex“, logs into the node using the username and password(passed on as arguments) and then switches as root user(using sudo su). After that from the VPS ip address it finds out the container ID(CTID) and then enters to it using “vzctl” command.

 

 

Expect script: expect.ex

log_user 0
set NODEIP [lrange $argv 0 0]
set USERNAME [lrange $argv 1 1] 
set PWD [lrange $argv 2 2]
set VPSIP [lrange $argv 3 3]

spawn ssh ${USERNAME}@${NODEIP}
expect "password"
send -- "${PWD}\r"
expect "${USERNAME}@"
send -- "sudo su\r"
expect "password" { send -- "${PWD}\r" }
expect "root@"
#send -- "/usr/sbin/vzctl enter `/usr/sbin/vzlist -o ctid,ip|grep ${VPSIP}|sed "s/\([0-9]\{1,9\}\).*/\1/"|sed -e "s/^\s*//"`\r"
send -- "/usr/sbin/vzctl enter `grep -il ${VPSIP} /etc/vz/conf/*.conf|cut -d\/ -f5|cut -d\. -f1`\r"
expect "CT-14748-bash"
send -- "\r\n"
interact

SAMPLE RUN

 

reynoldp@w10:~/scripts/$ ./smtpvpscheck.sh 16.24.74.67
VPSIP 16.24.74.67
NODEIP 16.24.74.8
Enter node password:

CT-15160-bash-4.1#

 

 

SITUATIONS FOR USAGE

Normally for troubleshooting SMTP spam abuses we first find the node of vps, then logs in to the node and then from there we switch to root user and then we find out the vps CTID from ip address and finally enters to the CTID using “vzctl” command. This will typically take some minutes, and using this script this time frame is reduced to a minute or two.

Script to rotate IP of a cpanel domain

August 26, 2012 10 comments

 

 

SITUATION: One of my customers wants to change ip address of his cpanel account every 10mins. The TTL of the domain was reduced and the following script was created for this purpose. The script uses sqlite database for holding details.

 

 

SOLUTION

 

1) Create a sqlite database to hold the ipaddress and set active flag for only one ip as described below.

 

In this example I have used ip address range 192.142.12.12 to 192.142.12.18 and have set the ip 192.142.12.12 as the active one,

 


# /usr/bin/sqlite3 /root/sqlitetesting/iprounding
SQLite version 3.3.6
Enter ".help" for instructions
sqlite> create table iproundrobin(num INTEGER PRIMARY KEY AUTOINCREMENT, ipv4address VARCHAR(16) NOT NULL UNIQUE,activeflag BOOLEAN);
sqlite> insert into iproundrobin(ipv4address,activeflag) values('192.142.12.12',1);
sqlite> insert into iproundrobin(ipv4address,activeflag) values('192.142.12.13',0);
sqlite> insert into iproundrobin(ipv4address,activeflag) values('192.142.12.14',0);
sqlite> insert into iproundrobin(ipv4address,activeflag) values('192.142.12.15',0);
sqlite> insert into iproundrobin(ipv4address,activeflag) values('192.142.12.16',0);
sqlite> insert into iproundrobin(ipv4address,activeflag) values('192.142.12.17',0);
sqlite> insert into iproundrobin(ipv4address,activeflag) values('192.142.12.18',0);
sqlite> select * from iproundrobin;
1|192.142.12.12|1
2|192.142.12.13|0
3|192.142.12.14|0
4|192.142.12.15|0
5|192.142.12.16|0
6|192.142.12.17|0
7|192.142.12.18|0
sqlite> .exit
#

 

2) Schedule the following script using cron to run at a definite interval,

 

#!/bin/bash

CHANGEIP=/usr/local/cpanel/bin/setsiteip
USERNAME=username

#get the currently active ip and its position
curIP=$(/usr/bin/sqlite3 /root/sqlitetesting/iprounding "select ipv4address from iproundrobin where activeflag=1")
curPos=$(/usr/bin/sqlite3 /root/sqlitetesting/iprounding "select num from iproundrobin where activeflag=1")

#Calculate the next position
nextPos=$(/usr/bin/sqlite3 /root/sqlitetesting/iprounding "select num from iproundrobin where num > `echo -n ${curPos}` ORDER BY num limit 1")

if [ "$nextPos" != "" ];then
  # get the ip of nextPos and set it as the new ip
  newIP=$(/usr/bin/sqlite3 /root/sqlitetesting/iprounding "select ipv4address from iproundrobin where num=`echo -n ${nextPos}`")
else
  # get the ip of first pos and set it as active
  newIP=$(/usr/bin/sqlite3 /root/sqlitetesting/iprounding "select ipv4address from iproundrobin where num=(select min(num) from iproundrobin)")
fi

# set activeflag to 0 of current ip and also set activeflag to 1 of newly selected ip
# At a time value of activeFlag will be 1 for only one ipaddress
/usr/bin/sqlite3 /root/sqlitetesting/iprounding "update iproundrobin set activeflag=0 where ipv4address=\"`echo -n ${curIP}`\""
/usr/bin/sqlite3 /root/sqlitetesting/iprounding "update iproundrobin set activeflag=1 where ipv4address=\"`echo -n ${newIP}`\""

#Set site ip
$CHANGEIP -u ${USERNAME} ${newIP} 2>&1 >/dev/null

#Display the contents of table
/usr/bin/sqlite3 /root/sqlitetesting/iprounding "select * from iproundrobin;"

 

OUTPUT ( Sample run )

# ./script.sh 
1|192.142.12.12|0
2|192.142.12.13|1
3|192.142.12.14|0
4|192.142.12.15|0
5|192.142.12.16|0
6|192.142.12.17|0
7|192.142.12.18|0
# ./script.sh 
1|192.142.12.12|0
2|192.142.12.13|0
3|192.142.12.14|1
4|192.142.12.15|0
5|192.142.12.16|0
6|192.142.12.17|0
7|192.142.12.18|0
# ./script.sh 
1|192.142.12.12|0
2|192.142.12.13|0
3|192.142.12.14|0
4|192.142.12.15|1
5|192.142.12.16|0
6|192.142.12.17|0
7|192.142.12.18|0
# ./script.sh 
1|192.142.12.12|0
2|192.142.12.13|0
3|192.142.12.14|0
4|192.142.12.15|0
5|192.142.12.16|1
6|192.142.12.17|0
7|192.142.12.18|0
# ./script.sh 
1|192.142.12.12|0
2|192.142.12.13|0
3|192.142.12.14|0
4|192.142.12.15|0
5|192.142.12.16|0
6|192.142.12.17|1
7|192.142.12.18|0
# ./script.sh 
1|192.142.12.12|0
2|192.142.12.13|0
3|192.142.12.14|0
4|192.142.12.15|0
5|192.142.12.16|0
6|192.142.12.17|0
7|192.142.12.18|1
# ./script.sh 
1|192.142.12.12|1
2|192.142.12.13|0
3|192.142.12.14|0
4|192.142.12.15|0
5|192.142.12.16|0
6|192.142.12.17|0
7|192.142.12.18|0
#
Categories: Scripts