Saturday, October 20, 2007

Python Scripting Tutorial, Part two

Here is my second part of the hands on tutorial on basic python script. It works in an interactive mode just like adduser on a linux system, only
it sets a very strong random password (using a little utility called pwgen - you can install it from /usr/ports/sysutils/pwgen2) for the user, gives you
the ability of making a system user, a ftp user or both. My pure-ftpd is based on MySQL table auth. It also makes a public_html for the user and
build a virtual host for the user. Check the script out because I think it is pretty straightforward. Tweak it a bit so you can use it as your own.
On the next tutorial we'll the users a mail with the password and also add them to an LDAP directory.
PS: I'm aware that some things could be done more easily by using hefty tricks, but hey, I aimed for easy understanding.



#/usr/local/bin/python

import os
import getopt
import sys
import MySQLdb

# Where should i write the vhost details?
VHOSTS_CONFIG = "/usr/local/etc/apache22/extra/httpd-vhosts.conf"

# Init the variables
user_flag = -1
ftp_flag = -1

# MySQL authentification variables
mysql_user = "user"
mysql_pass = "password"
mysql_host = "localhost"
mysql_database = "pureftpd"

# The usage() function that gets used when we call the script with the -h option
def usage():
print """
Usage: sudo python create_python.py : create a user in the system.
You can create a ftp user only, a system user or both.
It also adds the corresponding vhost to the configuration and builds the
home directory. If run with no arguments it will go into interactive mode.

create_user.py [-h]

-h print this help
"""

# Parse the command line arguments
# Basicly this looks for the -h argument only but could be
# easily extended to something else

o, a = getopt.getopt(sys.argv[1:], 'h')
opts = {}
for k,v in o:
opts[k] = v
if opts.has_key('-h'):
usage();
sys.exit(0)

# Check to see if we're running as superuser
uid = `os.getuid()`
if uid != "0":
print "You must be superuser in order to run this program"
sys.exit(1)

# Make a system user?
user_input = raw_input("Do you want to add a system user [n/Y]: ")
if user_input.lower() == "y":
user_flag = 1
if user_input.lower() == "n":
user_flag = 0
else:
user_flag = 1

# Make a ftp user?
ftp_input = raw_input("Do you want to add a ftp user [n/Y]: ")
if ftp_input.lower() == "y":
ftp_flag = 1
if ftp_input.lower() == "n":
ftp_flag = 0
else:
ftp_flag = 1

# If you do not want a system user or a ftp user then ... you don't want anything
if ftp_flag == 0 and user_flag == 0:
print "Come back when you know what you want"
sys.exit()

# How do you want to name your user?
user_name = raw_input("Username: ")

# Try to figure out the shell or input another shell
# something like /usr/local/bin/rssh
if user_flag == 1:
user_shell = raw_input("Shell [/usr/local/bin/bash]: ")
# Make /usr/local/bin/bash the default shell if the user presses enter
if user_shell == "":
user_shell = "/usr/local/bin/bash"

# Basicly we have to types of accounts
# Those that are the system users with ssh account and those with only ftp access
# System users have the /home/user directory
# whilst the ftp users have /home/ftpusers/user

if user_flag == 1:
home = "/home/" + user_name
else:
home = "/home/ftpusers/" + user_name

# But if you want you can input another directory as the home directory
# We are making this script a little more interactive
home_dir = raw_input("Home directory [" + home + "]: ")
if home_dir == "":
home_dir = home

# We generate a new random password. This is based on the pwgen port
# Please install it before if you don't have it:
# cd /usr/ports/sysutils/pwgen2 && sudo make search install
newpassword = os.popen("pwgen -s -n -B -c 12 1").readline().split()[-1]
if user_flag == 1:
# Add the new user using the randomly generated password earlier
# This command enters:
# echo pass | pw user add -d /home/user -m -s /usr/local/bin/bash -n user -g users -h 0
# -d - home directory
# -m - builds the home directory if it doesn't exist
# -s - the shell to user
# -n - the name of the user
# -g - the original group for the user
# -h 0 - get the password from stdin
cmd = "echo " + newpassword + " | pw user add -d " + home_dir + " -m -s " + user_shell + " -n " + user_name + " -g users -h 0"
os.system(cmd)
# Save the new password somewhere as you don't want an inactive account or manually input another pasword
f = open("/root/accounts", "a+")
line = user_name + " " + newpassword + " " + `user_flag` + " " + `ftp_flag` + "\n"
f.write(line)
f.close()
print "Details have been saved to /root/accounts. Please mail the information to the user and then delete the file"
# Make the /home/user/public_html directory so the user can have his own web server
# at the http://host/~user address
os.mkdir(home_dir + "/public_html")
# Change the vhost configuration to a new entry so
# http://host/~user is mapped as http://user.host/
# This is much more professional in my opinion
f = open(VHOSTS_CONFIG, "a")
vhost = """<VirtualHost *:80>
ServerAdmin email@mail.com
DocumentRoot """ + home_dir + """/public_html
ServerName """ + user_name + """.host
ErrorLog /var/log/httpd/""" + user_name + """-error_log
CustomLog /var/log/httpd/""" + user_name + """-access_log combined
</VirtualHost>
"""
f.write(vhost)
f.close()
# Restart the Apache Webserver
os.system("apachectl graceful")
# For the ftp users only you should manage their accounts using the system account ftpusers
if user_flag == 0 and ftp_flag == 1:
group = "ftpusers"
uid = "ftpusers"
else:
uid = user_name
group = "users"
# Add the ftp user to the existing MySQL table (I do MySQL auth to my ftp server)
# with the same use
so if you give ftp access to a system user he can login with
# the same password
You should only give a user access to the system with no ftp
# access if you want him to make transactions
only with ssh (through scp)
if ftp_flag == 1:
# Open the MySQL database
db = MySQLdb.connect(mysql_host,mysql_user,mysql_pass,mysql_database)
# Make a cursor (a pointer to that database)
cursor = db.cursor()
# Execute an insert query
cursor.execute("INSERT INTO `pureftpd`.`users` (`User`, `Password`, `Uid`, `Gid`, `Dir`, `QuotaSize`) VALUES (\'%s', MD5(\'%s\'), \'%s\', \'%s\', \'%s\', \'%s\');" % (user_name,newpassword,uid,group,home_dir,100))
cursor.close()
if ftp_flag == 1 and user_flag == 0:
os.mkdir(home_dir)


Powered by ScribeFire.

Monday, October 15, 2007

Solved the PHP Segmentation Fault

Ha. I figured it all out. After some exhausting work my apache+php installation is working okay.
What I did is comment all lines in /usr/local/etc/php/extensions.ini and then uncommented line by line and testing php over and over again in cli mode. This took about 15 minutes of RSI-proof work. My error was due to the recode extension. I just commented the line and everything works okay. Unfortunately, reinstalling the extension just won't do the trick. As I see, there are some topics on this to be found on google but none have a solution. I'll have to look into it.

Note to self: Stop installing every god damn tidbit in extensions. Use only what necessary fool!

PHP annoying error

I just installed apache on a new box using freebsd. Everything seems to work just fine. But i then tried to install php5 and php5 extensions and apache won't even start. /var/log/messages says something about a segmentation fault. php in the command line says core dumped. I'm getting frustated as this is surely an error related to the updated ports collection I have (as everything worked perfectly a few weeks ago).

Saturday, October 13, 2007

How to keep your FreeBSD box up to date

Here is a quick but time-consuming way of keeping your ports up to date. First we will install portaudit to see what ports need upgrading because of vulnerability issues. Than we will install portupgrade which is a program for upgrading your system.

Portaudit
portaudit provides a system to check if installed ports are listed in a
database of published security vulnerabilities.
cd /usr/ports/ports-mgmt/portaudit
make install clean
portaudit -Fda



Portupgrade
Portupgrade is a tool to upgrade installed packages via ports or
packages. You can upgrade installed packages without having to
reinstall depending or dependent packages. It can automatically trace
dependency chains up and down upgrading packages recursively.
cd /usr/ports/ports-mgmt/portupgrade
make install clean

Let's now update the ports collection using the built in portsnap.

portsnap fetch
portsnap update



After your ports collection update is completed you should run the following command and building a new database for the portupgrade program. Beware as this takes a LOT.

portsdb -Uu

The actual upgrading is done with:

portupgrade -arR

By the way to see what packages are outdated type at the command prompt:
pkg_version -l "<"

That's it. You should now have an up to date system. All you need to do now is automate this task by adding all the commands in a shell file and throwing it at cron.

Sunday, October 7, 2007

How-to: Make Firefox default browser for Thunderbird

One thing that bugged the hell out of me was the fact that Thunderbird did not know about Firefox. I get a lot of RSS feeds in my inbox and the damn things just won't open. So what you say? "You just click the link and magically Firefox starts with a new tab and the most sought after page". Wrong. What you have to do is ctrl-click the link, click on "copy link location", do an alt-tab, paste the link in firefox and then press enter while you are controlling yourself from pounding every object that's on your desk . I mean, how hard can it be for the great Mozilla Foundation to integrate the two seamlessly and without any tweaks in the configs? Don't get me wrong. I do love their products. But in my opinion this is one of those cases where some polish (sorry Poland people) will come in handy. So, until they came up for a better way of selecting a default browser here is the way to go:

  • Fire up Thunderbird.
  • Go to Edit - Preferences - Advanced - General - Config editor
  • Make a new string network.protocol-handler.app.http with /opt/mozilla/bin/firefox
  • Same for network.protocol-handler.app.http - /opt/mozilla/bin/firefox

Who in their right mind will use the same application for https and http anyway? Sheesh. Strange f*cking world we're leaving in. :)


Powered by ScribeFire.

Friday, October 5, 2007

Python Scripting Tutorial, Part one

Introduction

Python is a great tool to work with. I like the fact that I can accomplish all sorts of tasks, from socket programming to web development to GUI) in just one language. Python has an incredible standard library, it is very readable and I found it to be very fast. I prefer it over BASH because it seems I just can make the damn thing work.

In this series, we'll first start on with some very simple scripts and then move on, developing on those and adding more features. This is a hands-on tutorial, because you have to write the code and try to understand it. As I always comment my code excessively when writing tutorials, I won't explain the same thing twice.

In this part you will learn how to:
  • find out if a program is running by searching for its pid
  • get simple command line arguments
  • learn what a list is and how to access it
Scenario

As you may already know, I have moved my sshd port to 8722 on my servers (they are all in sync). Also, I use only public/private keys for authentification using ssh-agent and ssh-add. I found it very cumbersome that everytime I want to ssh to see if ssh-agent is already running, then if it's not, ssh-add the key, and type that long command. Here is the command that I actually type to get into one of my hosts:

ssh rsavu@host1 -p 8722

The problem is I don't have any short hosts like host1 in /etc/hosts and I just want to make a script that automates this task (okay, admit I need it just for the sake of argument).

What should the script do? Well, if it receives an argument (user@host is necessary) it should connect to that host using the port 8722. If it doesn't receive any arguments it should print a menu with known hosts.

What to improve on in the next parts

  • check if the format of the first argument is user@host
  • read hosts from /etc/hosts
  • read all other options from a configuration file that can be thrown through a command line argument or be a predefined one
  • suppressing any warnings
The script

#!/usr/bin/python
"""
That thing above is called a shabang line for anyone that did not know that
It instructs the shell what interpreter should be used for the following
lines of code
"""

"""
These are the libraries we are going to work with.
"""
import sys
import os
"""
The main function
"""
def main(argv):
# First let's find out if ssh-agent is working
pid = os.system("pidof -s ssh-agent")
if pid == 256:
os.system("ssh-agent")
os.system("ssh-add")
# Let's see how many arguments we have
argc = len(argv)
# Test if we don't have any argument
if argc == 1:
# This is a list
knownHosts = ["user@host1", "user@host2"]
printTable(knownHosts)
# Request some input from the user and transform it in an integer
option = int(raw_input("Choose an option: "))
remoteHost = knownHosts[option-1]
elif argc == 2:
remoteHost = argv[1]
cmd = 'ssh ' + remoteHost + ' -p 8722'
print cmd

"""
Prints a table with know hosts
"""
def printTable(knownHosts):
i = 1
for host in knownHosts:
# In the next line the statement `i` makes us able concat a string and int
print `i` + ". " + host
i = i+1

"""
This basically means that if this file is ran independently and not included
in any other file it should call function main with that argument.
More on this another time
"""
if __name__ == '__main__':
main(sys.argv[0:])