Re: New version of amandatape script.
On Tue, Feb 14, 2006 at 10:25:07PM +0100, Josef Wolf wrote:
> On Tue, Feb 14, 2006 at 10:10:51PM +0100, Josef Wolf wrote:
> Here comes a new version of the amandatape program I posted about two years
> ago.
Here's a patch to fix following problems:
- Sort logfiles correctly when more than 10 logifles were generated in a
single day.
- Always ignore log.error.X files.
- When using the -d option, search backwards for tapecycle from given date
instead of date of newest logfile.
- Fix filemark counting when output is restricted to specific DLEs.
Please find the patch attached below. Have fun.
Index: bin/amandatape
===
--- bin/amandatape (Revision 1396)
+++ bin/amandatape (Arbeitskopie)
@@ -2,7 +2,7 @@
# amandatape -- a utility to print amanda tape labels for DAT and CD.
#
-# 2004-02-12 Josef Wolf ([EMAIL PROTECTED])
+# 2005-02-15 Josef Wolf ([EMAIL PROTECTED])
#
# Portions of this program which I authored may be used for any purpose
# so long as this notice is left intact.
@@ -295,10 +295,10 @@
sub log_bydate ($$) {
my ($a, $b) = @_;
-$a=~s!^.*?/log.([^/]+)$!$1!;
-$b=~s!^.*?/log.([^/]+)$!$1!;
+my ($ad, $anr) = $a=~m!^.*?/log\.(\d+)\.(\d+)$!;
+my ($bd, $bnr) = $b=~m!^.*?/log\.(\d+)\.(\d+)$!;
-return $a cmp $b;
+return $ad <=> $bd || $anr <=> $bnr;
}
sub add_dumping {
@@ -327,14 +327,18 @@
my %labels;# which tape labels we already have seen
my $lastvol=-1;
-my @logs=reverse sort log_bydate (<$LOGDIR/log.*>, <$LOGDIR/oldlog/log.*>);
+my @logs=reverse sort log_bydate (<$LOGDIR/log.[0-9.]*>,
+ <$LOGDIR/oldlog/log.[0-9.]*>);
splice @logs, 0, $ignore if defined $ignore;
FILE: foreach my $logfile (@logs) {
-if (defined $dignore && &log_bydate("$dignore.0", $logfile) > 0) {
- $dignore = undef;
- splice @logfiles, -$lastvol, $lastvol if $lastvol>0;
- $lastvol = -1;
+if (defined $dignore) {
+if (&log_bydate("/$dignore.0", $logfile) >= 0) {
+$dignore = undef;
+splice @logfiles, -$lastvol, $lastvol if $lastvol>0;
+$lastvol = -1;
+}
+next;
}
open (IN, $logfile) or die "$logfile: $!";
foreach my $l (reverse ) {
@@ -414,7 +418,6 @@
my ($host, $filesystem, $date, $chunk, $level, $rest) =
$2=~/(\S+) (\S+) (\S+) (\S+)? ?(\S+) (\[.*)/;
my $dle="$host:$filesystem";
-next unless &wantdle ($dle);
$dle{$dle} = 1;
$date=~s/()(..)(..)/$1-$2-$3/;
$nr++ if $#curchunk<0 || defined $chunk;
@@ -424,11 +427,13 @@
push (@curchunk, $h);
unless (defined $chunk) {
$taper{$dle}{$date}=[] unless exists $taper{$dle}{$date};
-push (@{$taper{$dle}{$date}}, [EMAIL PROTECTED]);
+push (@{$taper{$dle}{$date}}, [EMAIL PROTECTED]) if &wantdle
($dle);
@curchunk = ();
}
- $tape{$label}{"kb"} += $h->{"kb"};
- $tape{$label}{"count"}{$level}++;
+if (&wantdle ($dle)) {
+$tape{$label}{"kb"} += $h->{"kb"};
+$tape{$label}{"count"}{$level}++;
+}
}
if ($line=~/^INFO taper tape (.*)/) {
my ($t, $d2, $kb, $d3, $fm, $rest) = split (/\s+/, $1, 6);
Re: Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:
Hi Paul
Nah still getting ipnumber of the firewall not tape server.
# tcpdump port 10080
tcpdump: listening on eth0
13:37:12.636083 firewall.my.co.uk.62374 > server.my.co.uk.amanda: udp
117 (DF)
13:37:22.740457 firewall.my.co.uk.62374 > server.my.co.uk.amanda: udp
117 (DF)
13:37:32.800639 firewall.my.co.uk.62374 > server.my.co.uk.amanda: udp
117 (DF)
Thus DF means packets are still fragmented and not getting through.
Any other ideas.
Cheers for your help
Thu, 2006-02-16 at 17:52 +0100, Paul Bijnens wrote:
> On 02/16/2006 05:02 PM, Chuck Amadi Systems Administrator wrote:
> > Hi List sorry for the continuous cries for help.
> >
> > Regarding Amanda and ipchains rules it didn't work Amanda client on server
> > was still
> > forking to secure ports that weren't in my udp range. I run tcpdump
> > port 10080 on server.
>
> > ERROR [host firewall.my.co.uk: port 64524 not secure]
>
> So the firewall does NAT (that is why, from the client's point of view,
> the ipnumber is the firewall itself, and not the amanda server, and the
> portnumber is >6).
>
> So, as already said, you should patch the client amanda software only
> for that host (i.e. no need to install that version on any other machine
> or amanda server), to disable the check for a udp source port < 1024:
>
> For amanda 2.4.5p1, edit the file common-src/security.c:
>
> You find this section:
>
> 229
> 230 /* next, make sure the remote port is a "reserved" one */
> 231
> 232 if(ntohs(addr->sin_port) >= IPPORT_RESERVED) {
> 233 ap_snprintf(number, sizeof(number), "%d",
> ntohs(addr->sin_port));
> 234 *errstr = vstralloc("[",
> 235 "host ", remotehost, ": ",
> 236 "port ", number, " not secure",
> 237 "]", NULL);
> 238 amfree(remotehost);
> 239 return 0;
> 240 }
>
> and make test test succeed always, by changing line 232:
>
> 232 if(1 || ntohs(addr->sin_port) >= IPPORT_RESERVED) {
>
>
> i.e. add the "1 ||" string to the if statement.
>
--
Unix/ Linux Systems Administrator
Chuck Amadi
The Surgical Material Testing Laboratory (SMTL),
Princess of Wales Hospital
Coity Road
Bridgend,
United Kingdom, CF31 1RQ.
Email chuck.smtl.co.uk
Tel: +44 1656 752820
Fax: +44 1656 752830
Re: Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:
On 2006-02-17 13:23, Chuck Amadi Systems Administrator wrote:
As you stated it's still forking to the firewall ipnumber and not the
tape server.
("...forking..." ???I'm afraid I don't understand that word in
this context...)
Yes, as expected, the client sees the request coming from the
NAT-firewall itself, but is that a problem?
Cheers for your help
On Thu, 2006-02-16 at 17:52 +0100, Paul Bijnens wrote:
On 02/16/2006 05:02 PM, Chuck Amadi Systems Administrator wrote:
Hi List sorry for the continuous cries for help.
Regarding Amanda and ipchains rules it didn't work Amanda client on server was
still
forking to secure ports that weren't in my udp range. I run tcpdump
port 10080 on server.
ERROR [host firewall.my.co.uk: port 64524 not secure]
So the firewall does NAT (that is why, from the client's point of view,
the ipnumber is the firewall itself, and not the amanda server, and the
portnumber is >6).
So, as already said, you should patch the client amanda software only
for that host (i.e. no need to install that version on any other machine
or amanda server), to disable the check for a udp source port < 1024:
For amanda 2.4.5p1, edit the file common-src/security.c:
You find this section:
229
230 /* next, make sure the remote port is a "reserved" one */
231
232 if(ntohs(addr->sin_port) >= IPPORT_RESERVED) {
233 ap_snprintf(number, sizeof(number), "%d",
ntohs(addr->sin_port));
234 *errstr = vstralloc("[",
235 "host ", remotehost, ": ",
236 "port ", number, " not secure",
237 "]", NULL);
238 amfree(remotehost);
239 return 0;
240 }
and make test test succeed always, by changing line 232:
232 if(1 || ntohs(addr->sin_port) >= IPPORT_RESERVED) {
i.e. add the "1 ||" string to the if statement.
--
Paul Bijnens, xplanation Technology ServicesTel +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512
http://www.xplanation.com/ email: [EMAIL PROTECTED]
***
* I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, ^^, *
* F6, quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt, abort, hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e, kill -1 $$, shutdown, *
* init 0, kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... *
* ... "Are you sure?" ... YES ... Phew ... I'm out *
***
Re: Still get ERROR [host fw.my.co.uk: port 62679 not secure] after I added my ipchain rule:
Hi Paul
I'm running 2.4.4p2 on my amanda clients and tape server.
Anyway the file exists in my version,rin make clean > I edited the
common-src/security.c file and added "1 ||" string to the if statement
to line 232.
Thus run make > make clean > make install and run on my server client
that sits on the other side of Firewall.
./configure --with-user=amanda --with-group=disk
--with-configdir=/etc/amanda --with-uspportrange=11000,111030
--with-tcpportrange=11000,11030
Thus tcpdump port 10080 on the amanda client and run amcheck Config on
the tape server.
As you stated it's still forking to the firewall ipnumber and not the
tape server.
Cheers for your help
On Thu, 2006-02-16 at 17:52 +0100, Paul Bijnens wrote:
> On 02/16/2006 05:02 PM, Chuck Amadi Systems Administrator wrote:
> > Hi List sorry for the continuous cries for help.
> >
> > Regarding Amanda and ipchains rules it didn't work Amanda client on server
> > was still
> > forking to secure ports that weren't in my udp range. I run tcpdump
> > port 10080 on server.
>
> > ERROR [host firewall.my.co.uk: port 64524 not secure]
>
> So the firewall does NAT (that is why, from the client's point of view,
> the ipnumber is the firewall itself, and not the amanda server, and the
> portnumber is >6).
>
> So, as already said, you should patch the client amanda software only
> for that host (i.e. no need to install that version on any other machine
> or amanda server), to disable the check for a udp source port < 1024:
>
> For amanda 2.4.5p1, edit the file common-src/security.c:
>
> You find this section:
>
> 229
> 230 /* next, make sure the remote port is a "reserved" one */
> 231
> 232 if(ntohs(addr->sin_port) >= IPPORT_RESERVED) {
> 233 ap_snprintf(number, sizeof(number), "%d",
> ntohs(addr->sin_port));
> 234 *errstr = vstralloc("[",
> 235 "host ", remotehost, ": ",
> 236 "port ", number, " not secure",
> 237 "]", NULL);
> 238 amfree(remotehost);
> 239 return 0;
> 240 }
>
> and make test test succeed always, by changing line 232:
>
> 232 if(1 || ntohs(addr->sin_port) >= IPPORT_RESERVED) {
>
>
> i.e. add the "1 ||" string to the if statement.
>
--
Unix/ Linux Systems Administrator
Chuck Amadi
The Surgical Material Testing Laboratory (SMTL),
Princess of Wales Hospital
Coity Road
Bridgend,
United Kingdom, CF31 1RQ.
Email chuck.smtl.co.uk
Tel: +44 1656 752820
Fax: +44 1656 752830
