Showing My Geek

UserOnline

, 3 Guests, 2 Bots

Archives

Print This Post Print This Post

Perl Ping Monitor Script

PerlLinux

 

I was busy writing different scripts for image installation when I had the idea to create a script would query the network and make a web page for viewing. This script is a ping monitor, it currently doesn’t use any other protocols. I wrote this to allow me to see systems that were up without having to VPN into the network to see what Nagios was saying. I had never wrote anything in Perl before and wanted to give it a try. Today with Google and other online resources there is no reason that almost everyone can write a script, program, or some kind of code with no experience in that language. It is also dependant on whether you understand the basics of programs and how they should flow. So once you look at my script you will see some of my inexperience with Perl in the way some of the code is system calls verses a all Perl syntax.

Anyhow back to my script.  The script was written on a Linux system and I have had it running for a good 3 months on a VM just pinging away.  It can currently only do one sub-net but if I don’t get bored with it I may expand it.  It is started with a shell script but doesn’t have to be.  I did this so I could add a start/stop entry into the log file that it creates.  So if you don’t care for it you can start it without the shell script.

The script has a few text based menus that I put in to allow a person to select certain things like what subnet, where to write the index.html file, and how many machines to put in a row on the web page.  I have alway done these little menus to help people use the script without really understanding what it is doing.

Once the script has started you have to leave the terminal open or send it to the background with Linux commands.  I have thought of a ways to make it go to the background once it starts but have not been motivated enough to change it.  The script will will do a full scan of the network every 5 to 10 minutes depending on what you enter for check times.  Meaning that is will ping everything at the time you specify but will do a full network rescan 5 or 10 minutes to catch systems that have just come online and to keep systems that have went offline on the webpage.  So lets go through the flow of the script.

You will have to untar the file and keep the folders that are in there. I am planing to have the script itself do the folder creation just have not gotten to it yet.  So with the files in place the script will run out of the folder you untar’d it to.  You will start the script in a bash terminal using  ./start.sh or perl ./PATH/NetMon.pl.  Now I will run you through the menus.  The first one on the left is the menus you end the sub-net.  You will simple enter the first 3 octets.  The next menus will be the location if the web page.  It defaults to the web folder inside the installation directory but can be changed.  This is so you can send it to a share or a web servers directory for others to look at.  Last will be the number of icons in a row on the web page.  This was put into place to help with systems with different resolution and to keep symmetry in the look.  Once these configs are done the script will begin pinging the sub-net.term

The web page is created by the script by simply writing text to a file.  The file is then has a symlink to the index.html at the location put into the location menu.  The web page will refresh every 15 seconds to allow for timely information update even if the script only checks systems every 10 minutes.

Webpage

As you can tell I made this page.  I just copied syntax to create more icons for the pic.  The most systems I have monitored with this was around 70.  Just because I don’t have a ton of systems on my network.  So I understand that it doesn’t have features of programs like nagios, but this is a script that can run in a terminal.  Plus the most network bandwidth I have seen this use is 35 Kbps and that was when it was scanning.

I am currently adding the ability to scan more than one sub-net and I want it to be able to notify someone if you are not watching the screen.  I have also considered changing the initial discovery to use ARP but the Perl plugin for that feature isn’t being developed anymore and I have nothing but problems with it.  I also want the script to move to the back ground once it hit a certain point in the script.  But you can run it with the nohup command and you can close the terminal and it stays running.

Finally I have been working on the script creating the directories that it needs once you run it the first time.  Then it will just check anytime it is restarted.  This is just something that I play with theses days to see how well I can get this to work.  It may not be useful for large networks but it is something simple that can be run as a process on a Linux machine that can publish the web page to a web server to monitor systems from anywhere.  I will add the files for download so anyone can download if they want.

Print This Post Print This Post

Protect you network with IPFire

ipfire_brix

Through out my attempts to build implement a firewall I went through quite a few different possibilities.  So what will I do purchase of a commercial firewall appliance, a higher end router with extended firewall features, or building my own on a computer?  After a great deal of research and debate I decided to build my own firewall using one of the open source Linux distros.  So I tested several Pfsense, Endian, IPCop, Smoothwall, and IPFire.  I primarily did this with virtual machines to start with and then would progress on to hardware and testing.

In my testing I came across an IPFire image for a Raspberry Pi.  Me being an R Pi enthusiast I decided to test it out.  I know the R Pi only has a 10/100 and only has on NIC but was willing to give it a try.  Believe it or not I installed the image and used a USB Gigabite NIC for the internal network interface.  I ran this for about 2 months and it worked well.  The only thing I couldn’t run was Snort because it made my R Pi lockup.  Then my ISP was going to increase the speed of my WAN connection so the R Pi just didn’t have enough horse power to handle the 300Mbps speeds.  It would only allow 30Mbps through.  So I had to get new hardware to make this work.  I am all about saving electricity so I was not willing to run a full desktop, and I didn’t want to dedicate one of my laptops to this.  Finally at one of my favorite computer store I found a Gigabyte Brix micro computer in the clearance bin.  I thought this would be worth a shot for the new firewall hardware.  I know the store part if this is long so I will get into the build now.

The Brix doesn’t come with a hard drive and I found that the SATA connector inside the machine will not spin a standard hard drive.  So you will need an SSD plus you will want the improved speed to keep the bandwidth loss to a minimum.  Here is the specs of the device I picked up.

  • Features 22nm Intel® Celeron N2807 to deliver to the most intuitive and integrated operating systems in the world
  • Supports 2.5” thickness 7.0/9.5mm Hard Drives (1 x 3Gbps SATA2)
  • Ultra compact PC design – 0.69L(56.1x 107.6 x 114.4mm)
  • 1x SO-DIMM DDR3L 1.35V Slots (1333 MHz)
  • Preinstall IEEE 802.11 b/g/n Wi-Fi / Bluetooth 4.0 Mini-PCIe card
  • Supports dual displays via a VGA and a HDMI port
  • Gigabit LAN
  • Audio jack (Headphone/MIC)
  • VESA mounting bracket (75 x 75mm + 100 x 100mm)
  • Supports Fan less design

So this device needs a hard drive,a memory stick, and a USB NIC to make it work for a firewall.  I had all of these parts laying around so it was nothing for me but should be remembered if you are going to do something similar.  I already had experience with IPFire and I liked it so I used the same OS for this firewall build.  Here are the requirements for IPFire.

  • Intel Pentium I (i586)
  • 512MB RAM and
  • 2GB hard drive space
  • 2 NICs

So I installed an 60G SSD and 4 Gigs of memory into my micro PC to do my testing.    I also needed and external CDROM drive to install the OS.  IPFire’s current version at the time I am writing this is 2.17 update 93.  Installation is pretty straight forward and you can get all the help you need from their wiki at http://wiki.ipfire.org/en/start .

Once the OS is installed it will finish with a setup script that It has you picj which adapter are for the Red and Green side of the network.  I chose the USB NIC to be the Red interface because if it failed I would still have internal network.  The USB is also on a USB 3 interface so I have more than enough speed for the WAN connection.  I know that it is better to have a machine with 2 internal NICs but that would increase my expense from around $200 to closer to 3 or 4 hundred dollars.  Here is what the install script looks like.

install_network_selection1installer_netcard_address02

If you have a the need for additional interfaces such as a DMZ or WiFi interface, IPFire does support this as well.

Red WAN External network, Connected to the Internet (typically a connection to your ISP)
Green LAN Internal/Private network, connected locally
Orange DMZ The DeMilitarized Zone, an unprotected/Server network accessible from the internet
Blue WLAN Wireless Network, A separate network for wireless clients

You can re-run this setup at anytime if you want to make NIC changes by typing setup in a terminal on the firewall itself.  Once you are up and running you can log in to the web interface by typing https://<green NIC IP>:444 .  Here you can access all of the additional settings and information that the firewall has.  I like the reports that it has and the fact that you can expand the function of the firewall if you want. The interface has themes as well but I use the default on.  More specifics on the interface and setup can be found her http://wiki.ipfire.org/en/configuration/start .  Below are pics of the web interface.

interface1ipfire.localdomain-iptables-Mozilla-Firefox_005

 

The only additions I made was activating SNORT and using the Guardian script to make it more of an IPS not an IDS.  I also install the email addon to have the firewall email me reports and when it blocks or unblocks things.  All I did was add a statement into the scripts that would make it email me when it was executed.  So I get a lot ofemails from the firewall but I like it that way.  You install addons using pakfire.  The list is quite extensive and can be found at the at http://wiki.ipfire.org/en/addons/start .

Guardian is a perl script that goes through the SNORT logs and the blocks IPs that have 5 violations.  It blocks them for 24 hours.  This is where setting up the SNORT rules becomes important.  If you don’t you may find yourself locked out of you own firewall or blocking good traffic as well as unwanted traffic.   You need to realize that all addons require processor time and may cause some loss of bandwidth going through the firewall.  My WAN connection from the modem is 329Mbps.  Going through the firewall with SNORT running I get 242Mbps.  My Brix micro PC is idle 96% of the time so I am not coming even close to maxing out this system.  But hardware and addons need to be thought through to insure you get as much bandwidth as possible.  If I disable SNORT my bandwidth increase to around 260Mbps.

You will also have to setup you firewall access as well.  IPFire uses iptables as the firewall and can be a little tricky to setup if you are not  use to setting up firewall rules.  This can be done with the web interface and a guide to do this can be found at http://wiki.ipfire.org/en/configuration/firewall/rules/start .  I had to do some trial and error to get everything setup correctly, but once it was setup it functioned perfectly.

I know I have been pointing to a lot of web pages for setup info but if I put it all in here this would be about 50 pages long.  I ran this for a few months and am happy with the performance and love the reports that it produces.  It will give you a roll up report of all activity the previous day but it can be a little cumbersome to read through.  But you can go to each of the individual reports in a GUI format and look at activity for any day that the firewall has been running.  Some of the reports are shown below.

configuration_logs_firewall-ip_summary_1

configuration_logs_firewall-ip_summary_2

configuration_logs_firewall-ip_details_1

These are default image I got from the internet not my network but this is what it looks like for the firewall traffic (bottom) and IPs that have connected to the firewall (above).  I truly wanted a firewall so I could get these type of report of network activity on my network.  So this may not be the path that most people want to take but I tried a few commercial router/firewalls that were in my price range and found them to be crap.  The would cause a large bandwidth drop and the firewall was not as configurable.  Plus the logs were all text and you would have to read through them and try to figure out what they were doing.

My cheep hardware setup was pretty simple to put together and works very well.  I like IPFires interface and there forums have a great deal of good information in them.  So if you are looking for a firewall without all of the crazy costs that come with commercial ones.  This may be a good option for you.  It does require some knowledge of Linux but not to expert or even intermediate level.  You can run this from the web interface and never really need to access it through a terminal.  So give it a shot and let me know if I can help in your testing.

 

 

Print This Post Print This Post

Raspberry Pi MineOS Minecraft Server

PiMine

I have built a few Minecraft R Pi servers but wanted more functionality that what the other guides were building their servers.  So I built this several times and it works but isn’t as powerful as any of the x86_64 systems but it is pretty cool to do.  First let me list the stuff I used to create this server.

  1. Raspberry Pi 2
  2. MineOS webpages
  3. SDFormatter
  4. Win32disk
  5. Ubuntu R Pi image
  6. 16 Gig MicroSD card
  7. Putty

The reason I didn’t user Rasbian is due to the overall size of the image.  The Ubuntu 14.04 image is only 1.75G vs 3.05G Rasbian image.  So to prep the OS I did a few things. The Ubuntu image can be downloaded from https://wiki.ubuntu.com/ARM/RaspberryPi .  The default user is ubuntu and a password of ubuntu.  So I used my Windows machine to setup my MicroSD card and write the image to the card.  I used SDFormatter to format the card and Windisk32 to write the image.  You can do this with Linux as well and the Ubuntu webpage has all the directions you need to accomplish this.  Now you should be ready to pop this bad boy into the R Pi.

The first boot will need a monitor and keyboard connected to the R Pi because the OS doesn’t have an ssh server installed by default.    So enter sudo su – to elevate to the root prompt and type apt-get update.  If just tried to install the openssh server from the git go but it kept failing until I ran the update.  You should also follow the following instruction from the Ubuntu webpage.

There are no Raspbian-specific utilities included, specifically no automatic root resizer. However, it’s not hard to do manually. Once booted:

 $ sudo fdisk /dev/mmcblk0

–  You can use fdisk -l to see the available size of your Micro SD before increasing the size.

Delete the second partition (d, 2), then re-create it using the defaults (n, p, 2, enter, enter), then write and exit (w). Reboot the system, then:

$ sudo resize2fs /dev/mmcblk0p2

There is no swap partition/file included. If you want swap, it’s recommended you do:

 $ sudo apt-get install dphys-swapfile

You should have a (resized) SD card at least 8GB, because by default it will want to create a ~2GB swapfile and allow for the actual game files to grow.  This gave me a 1866 Meg swap space.

This will give you the full Micro SD card space and add a swap that the R Pi will need even with the 1G of memory the R Pi 2 has.  Below is a before and after df -h for this server.

BEFORE

before

AFTER

after

 Now that the drive space is ready it is time to download and install the MineOS webpages.  This part is optional but I really like the functionality that it brings to the server.  First thing is to go to http://minecraft.codeemo.com/mineoswiki/index.php?title=MineOS_(apt-get).  This would be the apt-get link for the Ubuntu install we are using here.  If you decide you want to use MineOS you can go the link above and install it.

MineOS makes downloading and setting up the server pretty easy,  if you are not going to use MineOS you can wget the minecraft server from  https://minecraft.net/download .  I personally like Spigot better however with the copyright problems you can’t just download it anymore.  So if you want to use Spigot you can build it using the instructions on their website. The link to setup the MineOS webpage is at the bottom of the post.  Also the link to build instructions for Spigot is at the bottom of the post.

On distributions featuring apt-get, you can install dependencies with these commands:
As root:
apt-get update apt-get -y install -y nodejs nodejs-legacy npm git rdiff-backup screen openjdk-7-jre-headless

rsync

MineOS requires rsync 3.1.0+, which comes default in Ubuntu 14.04 and later. Ensure you have a recent enough version.
Installing MineOS scripts with git
As root:

mkdir -p /usr/games
cd /usr/games git clone https://github.com/hexparrot/mineos-node.git minecraft
cd minecraft
git config core.filemode false
chmod +x service.js mineos_console.js generate-sslcert.sh webui.js npm install –all
ln -s /usr/games/minecraft/mineos_console.py /usr/local/bin/mineos

As updates are made frequently to the MineOS scripts, you should make a habit of updating the webui via git on a regular basis. Updating the web-ui does not require a host or server restart.
Running the MineOS Web Service
Starting the web-ui at boot

This method uses upstart, which is available on Ubuntu 14.04 by default.

Have the web interface start
As root:
cp /usr/games/minecraft/init/upstart_conf /etc/init/mineos.conf start mineos

Using secure HTTPS operation

Before you can start the server, you must generate a self-signed certificate for HTTPS functionality: /etc/ssl/certs/mineos.{pem,crt,key}
As root:
cd /usr/games/minecraft ./generate-sslcert.sh
Starting/Stopping the webui

Remember, you won’t need to do this on subsequent restarts, as the initscript will take care of it.
As root:
start mineos stop mineos

Using the webui

The scripts, by default, will run a server operating on port 8443 and place minecraft data files into /var/games/minecraft.

When creating minecraft servers, it is required to use an unprivileged user to create and manage Minecraft servers. For most distros, this will be with the adduser username command. The password you set during user creation will also be the password used for the web-ui.

In your browser, visit the location: https://xxx.yyy.zzz.aaa:8443

Servers may only be created by unprivileged users, or in other words: not root. Be sure to log in as any unprivileged user to create any servers you wish and leverage group membership to share control of servers with others!

http://minecraft.codeemo.com/mineoswiki/index.php?title=MineOS-node_%28apt-get%29

standalone UI
http://minecraft.codeemo.com/mineoswiki/index.php?title=Installing_MineOS

Spigot
https://www.spigotmc.org/wiki/spigot/

Another reason that I use Spigot is for the plugins that can be added to the server.  The main one I would add is called Dynmap.  This plugin simply draws a map of the areas that you have explored.  This can be opened in a web browser and can be set to very fine detail for map resolution.  It will give you a map like the following.

 dynmap_example

Spigot:  https://www.spigotmc.org/threads/minecraft-1-8-8-release.81138/

Dynmap:  http://dev.bukkit.org/bukkit-plugins/dynmap/

The one thing I did find is that the R Pi works for a Minecraft server but it needs some tweaking to get it to work well.  I think the R Pi 2 has enough power to really run the server as long as it has a small map, but it needs some tweaking to really get it to run well.  I experienced lag and blocks reappearing after you had broken it.  Now you can strip everything out and just run a Minecraft server without any add-on but that is part of what makes the server functional to me.  But running the server by itself in a terminal on the R Pi does work but I still has some lag and performance problems.  So  for the people that will say don’t use an R Pi to build a Minecraft server I say why not.  I understand it is low powered and was not built for this, but what was it built for.  It was built for people to buy and tinker with, program and see what it can do.

  So in closing the R Pi 2 will work as a Minecraft server and the performance isn’t that bad.  It could use some tweaking and once it is figured out I am sure it will be a low power option to a power hungry desktop.  Not that it will out perform it, but it is cheap and can stay on all day without using a Kilowatt of power.  So tinker around see how it goes.  It you have any questions about this setup feel free to leave a comment.

Page 1 of 4812345...102030...Last »