While reading over a few articles I came across a rather nice peice of code by Pivotial Labs’ Jason Noble that did a article on Verifying hosts are active in the load balancer pool with capistrano. This got me to thinking what if I can go one step further and have it pushed to my android device. Plus do it all in pure ruby [plus a gem or to].
So for my weekend hack I wrote up this little bit of code plus started work on creating a gem that supports jabber, android, and iPhone.
Related articles
deploy.rb
require 'httparty'
require 'ruby-notify-my-android'
set :application, "example"
set :repository, ""
set :scm, :none
role :web, "localhost"
role :web, "example.tld"
role :app, "example.tld"
role :db, "db.example.tld", :primary => true
def push_notify(hostname)
NMA.notify do |n|
n.apikey = YAML.load_file('nmaapi.yml')['apikey']
n.application = application
n.event = "Check Load Balencer Status"
n.description = message
end
end
desc "Retrieves the check.txt file to see if the host is in the load balancer"
task :check_load_balancer do
roles[:web].map(&:host).each do |hostname|
url = "http://#{hostname}/check.txt"
response = HTTParty.get url
message = "Retrieving #{url}: #{response.message}"
puts message
push_notify message
end
end
#--
# (C)2012 Dwight Spencer
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
#++
nmaapi.yaml
---
apikey: SECRET_KEY_FROM_NOTIFY_MY_ANDROID.COM
Related resources
Related articles
Reciently while working on a Develnet EC2 node I had to deal with a headache beyond all belief, turning on SELinux for Amazon AMI.
How Do I Enable SELinux under Redhat / Fedora, CentOS, and AMI Linux Systems?
What is SELinux
SELinux is a kernel security extension, which can be used to guard against misconfigured or compromised programs. It comes with Mandatory Access Control (MAC) system that improves the traditional UNIX/Linux DAC (Discretionary Access Control) model.
Installing SELinux
sudo yum install -Y sel*
Turning on SELinux
~% sudo $EDITOR /etc/selinux/config
SELINUX=permissive SELINUXTYPE=targted
~% sudo $EDITOR /etc/sysconfig/config
Setting Policies
sudo touch /.autorelabel
sudo restorecon -Rv -n /home
sudo genhomedircon
Reboot
sudo shutdown -r now “Enabling SELinux policies “
Troubleshooting
egrep -i ‘selinux=0|enforcing=0’ /boot/grub/*
We have been doing some prep work for an upcoming project launch. For those of you not in the know; Zero1 Nation has been working in the shadows to build a Hackerspace Magazine one that is in the style of 2600 magazine but geared to the hackerspace community as a whole. Our goal is to make this magazine a companion to 2600 and Maker and thus we have one rule.
- if you can publish it in 2600 or Maker then please do so first.
As we stand we have been in contact with several hacker spaces around the world and are looking to collaberate with a few of thier members to push out a first issue.
Some Details:
Articles: Do you have something related to hackerspaces, diy projects or technology? Well then if you have an intelligent article on something interesting you think we’d like to publish, send it to media@denzuko.co.cc. If one of your articles gets printed, you’ll get either a free shirt or a one year subscription.
Letters: Immortalize yourself! Letters to the editor can be sent to media@denzuko.co.cc. If we print your letter, you can bask in the glory of the fact that your letter got printed.
Subscriptions: Subscriptions, back issues and other merchandise will be available from our online store, CompuTEK Industries’ Marketplace, the Zine’s web & mobile apps and amazon.
Payments: Subscriptions can be paid either viva paypal or bitcoins.
Further details to follow..
We just got the stuff donated from MUNGlabs in today, tomorrow we’re heading over there to help with the last of the clean up and to give them a big thanks. Next week we will be needing to inventory everything, set things up and clean up the space.
While we all know Linux is very secure, I have been looking into how to really tighten it down while still having full access to my ssh server. This is a big thing for us at CompuTEK Industries and the Zero1 Hackerspace since we use ssh for just about everything from our NX desktops, git repos, rsync backups, system administration, and deploying our ruby apps.
So in preparation for setting up the hacker space servers I had to think how we can lock down the server and still allow all those goodies to our members. Since I already use denyhosts to block out bruteforce attacts along with rc.firewall. We had to figure out a easier way of setting things up since it is a bad idea to have python or any other language on a ruby only app server. That meant denyhosts had to go. Plus, I also needed to setup fine grained settings on running processes and available resources so the decision was made to look into using PAM as a means of strengthening the security layers on the server.
Currently I am testing pam_sheild and pam_captcha to secure down various services and will be posting further results later. Now on with the build;
pam_captcha installed very well. With a simple command line fu:
sudo aptitute -y install lib{pam0g,gdbm}-dev
curl http://semicomplete.googlecode.com/files/pam_captcha-1.5.tar.gz | tar zxv
cd pam_captcha-1.5 && make && sudo install *.so /lib/security
Then we added the following to the top of our /etc/pam.d/sshd:
auth requisite pam_captcha.so randomstring math
Next up is pam_shield, which is just as easy:
curl http://www.heiho.net/pam_shield/pam_shield-0.9.5.tar.gz | tar zxv
cd pam_shield-0.9.5 && make
$EDITOR shield.conf
sudo make install
Then it was a simple to add the pam rules detailed in the READMe to /etc/pam.d/sshd
One thing to note, make sure you fully setup shield.conf and the trigger script before doing the make install. Otherwise you could lock yourself out.
An area of improvement would be rewriting the scripts for pam_shield to use a /etc/defaults file and to also to offer tcpwrapper policies.
Related articles
