Category Archives: Fun

Repacking an RPM from files on the system

Have you ever had an RPM installed on the system that you needed installed on another system, but didn’t have the .rpm file for it? Or, have you wanted to make a .rpm file with just a minor change without having to completely rebuilt it? Or perhaps forge an RPM with some naughty scripts or binaries in it? 😉

Check out my rpm-repack script. Simply run it with the package name that’s installed on the system:

Continue reading Repacking an RPM from files on the system

nagios snmp check all disks plugin

Having to manage a wide array of servers with vastly different disk configurations, I found that things began to be very tedious with the nagios configuration file for disks checks. It seemed as if no two server disk configuration was the same, and coming up with a scheme to have different partitions be a consistent index number across systems was proving to be difficult.

Continue reading nagios snmp check all disks plugin

How to hook into (hijack) linux kernel functions via LKM

It’s about time I post a detailed explanation about how my tpe-lkm module is able to enforce its security policy. This post is very technical, readers beware. Note that this writeup is based on the code as it was the latest commit, which was of this writing, was the one on Dec 10th, 2011. I’ll keep all the links relative to that date.

Continue reading How to hook into (hijack) linux kernel functions via LKM

Kidnapping a process’s pwd and root

This evening I wrote a chunk of code that, given a PID, goes and does the chdir() and chroot() calls on it to a given directory. That process suddenly finds itself isolated while it’s running. It’s kind of like pulling the carpet pulled out from under it, but so quickly it doesn’t notice.

In other words, I’m kidnapping a process, and stuffing it into a chroot.

Continue reading Kidnapping a process’s pwd and root

Added “ps” extras feature to tpe-lkm

Since I already had my hands in the tpe-lkm code yesterday, I decided to spend my lunch break coding a feature I’ve been meaning to add in for a while now.

I added a new ps extras feature. Since it doesn’t have to do with the “trusted path”, I added it to the “extras” in the configuration. It’s similar to grsecurity’s “Proc restrictions” where “the permissions of the /proc filesystem will be altered to enhance system security and privacy”. Basically, non-root users won’t be able to view the processes they don’t own.

Continue reading Added “ps” extras feature to tpe-lkm

nagios snmp memory and swap plugin

Since I’m on a nagios and snmp kick this week, here’s a nagios snmp plugin I wrote to check memory and swap. The real difference between this script and the standard nagios plugins for memory / swap, is it takes buffered and cached memory into account, giving the real % free.

Here is the check_snmp_memory.pl script, and it’s usage is pretty simple:

Continue reading nagios snmp memory and swap plugin

A nagios snmp plugin that obeys snmp.conf

So there is a currently unresolved issue with the check_snmp nagios plugin where it doesn’t use the snmp.conf file. I use v3 of the protocol, and don’t want to have to put the big long string everywhere in the nagios configuration file:

define command{
  command_name check_snmp_cpu
  command_line $USER1$/check_snmp -H $HOSTADDRESS$ -w 2 -c 4 -u "cpu" -P 3 -L authPriv -a MD5 -U snmpmonitor -A "have a look at what I have to offer" -x des -X "have a look at what I have to offer" -o .1.3.6.1.4.1.2021.11.10.0
}

Continue reading A nagios snmp plugin that obeys snmp.conf

How to use the Ksplice raw utilities

Disclaimer: I have no affiliation with ksplice, I’m just a guy who knows something about hot-patching the linux kernel and figured out how this ksplice thing works. I strongly agree with the sentiment that the ksplice raw utilities is not for general use. In fact, Ksplice says in the distribution of these tools:

Without the appropriate expertise and safety infrastructure, the raw utilities can create subtly incorrect rebootless updates, which can have serious consequences.

Continue reading How to use the Ksplice raw utilities