Posted: May 9th, 2018 | Author: jordan | Filed under: Uncategorized | No Comments »
A lot of our users have can go weeks or months without a reboot. Then they write in to ask for support on their slow Mac. Well…. reboot man! How would you feel if you didn’t sleep for a couple days? To mitigate this we’ve leveraged munkireport and google sheets to automate this process. We’ve created a google sheet with three four columns; USER NAME SERIAL NUMBER COMPUTER NAME ASSOCIATED EMAIL. Then we wrote a python script to pull this information in and cross reference it against computer records that report an uptime greater than 7 days. At the end of the script we email all of those users and ask them to please reboot.
#!/usr/bin/python
# munkireport integration to alerts users of 7 day uptime.
import re
import gspread
from oauth2client.service_account import ServiceAccountCredentials
import sqlite3
conn = sqlite3.connect('db.sqlite')
import smtplib
from email.MIMEMultipart import MIMEMultipart
from email.MIMEText import MIMEText
## use creds to create a client to interact with the Google Drive API
scope = ['https://spreadsheets.google.com/feeds']
creds = ServiceAccountCredentials.from_json_keyfile_name('client_secret.json', scope)
client = gspread.authorize(creds)
#
# Find a workbook by name and open the first sheet
# Make sure you use the right name here.
sheet = client.open("copiousUsers").sheet1
humanname = sheet.col_values(2)
humanname = filter(None, humanname)
serialnumber = sheet.col_values(3)
serialnumber = filter(None, serialnumber)
emailaddress = sheet.col_values(5)
emailaddress = filter(None, emailaddress)
hostname = sheet.col_values(4)
hostname = filter(None, hostname)
# Now find hosts on the shitlist
c = conn.cursor()
#c.execute('SELECT hostname FROM machine INNER JOIN reportdata ON machine.id=reportdata.id WHERE reportdata.uptime>604800;')
c.execute('SELECT serial_number FROM reportdata WHERE uptime>604800;')
shitlist = c.fetchall()
conn.close()
# clean up the list and make ascii unicode
newlist = []
for tup in shitlist:
newlist = newlist + [item.encode('ascii','backslashreplace') for item in tup]
# get rid of anything after the first (.)
newlist = [i.split('.', 1)[0] for i in newlist]
# loop the list and search for matches against the googlesheet, get the details of each user and make a list of lists.
userlist = []
for line in serialnumber:
if line in newlist:
indexNumber = (serialnumber.index(line))
user=(humanname[indexNumber])
email=(emailaddress[indexNumber])
host=(hostname[indexNumber])
x = [user, email, host]
userlist.append(x)
for line in userlist:
## user is line[0] and email is line[1] and the host is line[2]
msg = MIMEMultipart('alternative')
msg['From'] = 'yourEmail'
msg['To'] = line[1]
msg['Subject'] = 'Reboot Reminder, Over 7 Days Uptime Detected'
text = """\
Hello %s,
We have noticed that your computer, %s, has been up for 7 days without a reboot. Please reboot your computer when you can. Having a computer left on for too long without a reboot can lead to memory leaks and overall performance issues.
Best Regards,
Automatic Watchdog
""" % (line[0],line[2])
html = """\
Hello %s,
We have noticed that your computer, %s, has been up for 7 days without a reboot. Please reboot your computer when you can. Having a computer left on for too long without a reboot can lead to memory leaks and overal performance issues.
""" % (line[0],line[2])
part1 = MIMEText(text, 'plain')
part2 = MIMEText(html, 'html')
msg.attach(part1)
msg.attach(part2)
server = smtplib.SMTP('smtp.gmail.com', 587)
server.starttls()
server.login("emailaddress", "password")
text = msg.as_string()
server.sendmail("emailaddress", line[1], text)
server.quit()
Posted: February 29th, 2016 | Author: jordan | Filed under: Uncategorized | No Comments »
This is a follow up post to my previous article about how to setup RADIUS on Server 5.x
In my Open Directory user list I have a user called scanner with a password of, you guessed it, scanner. Now I know this isn’t the most secure thing ever but the user only has very limited access. Recently I wanted to implement RADIUS so that the VPN concentrator could authenticate against Open Directory but I certainly don’t want the scanner user to be able to authenticate. Previously I would fire up WorkGroup Manager and build a service access control list, SACL. However with WGM now gone I have to do it on the command line. After some hacking I figured it out.
First, you’ll need to make a group in OD called VPN and put the users you would like to have VPN access in it. Then whip open a terminal and get the GUID of that group.
dscl localhost read /LDAPv3/127.0.0.1/Groups/VPN
You’re looking for the “GeneratedUID” record this somewhere. Next edit the following script and put your GeneratedUID into the line where it says NestedGroups
dscl localhost create /Local/Default/Groups/com.apple.access_radius
dscl localhost create /Local/Default/Groups/com.apple.access_radius RealName com.apple.access_radius
dscl localhost create /Local/Default/Groups/com.apple.access_radius passwd "*"
dscl localhost create /Local/Default/Groups/com.apple.access_radius gid 260
dscl localhost create /Local/Default/Groups/com.apple.access_radius NestedGroups PASTE_GUID_HERE
Then reboot radius with a serveradmin stop/start radius and you should be good to go!
Posted: November 10th, 2014 | Author: jordan | Filed under: Uncategorized | No Comments »
Recently, I was granted access to the Windows beta agent. In a word, amazing. Truly, Allen and the guys at watchman have done an amazing job. Now, I have most of my clients enrolled in Meraki Systems Manager and I wanted to be able to push this agent to them without getting in the user’s face. I came up with the following and please keep in mind, I’m NOT a Windows sysadmin.
mkdir C:\temp
bitsadmin.exe /transfer "MSI" http://www.yourdomain.com/path/to/MonitoringClient.msi C:\temp\MonitoringClient.msi
bitsadmin.exe /transfer "regfile" http://www.yourdomain.com/path/to/monitoringclient.reg C:\temp\MonitoringClient.msi C:\temp\monitoringclient.reg
Regedit /s C:\temp\monitoringclient.reg
Msiexec.exe /I C:\temp\MonitoringClient.msi
I take this code and paste it line by line into the “Command Line” feature of Meraki Systems Manager.
For more info on Watchman Monitoring Windows Beta go here.
For Meraki Systems Manager go here.
Posted: April 7th, 2013 | Author: jordan | Filed under: Uncategorized | No Comments »
Great article on Apple’s support page outlining how to migrate the wiki service from 10.7 Lion Server to 10.8 Mountain Lion Server, aka OSX Server 2.2
http://support.apple.com/kb/HT5697
Posted: February 13th, 2013 | Author: jordan | Filed under: Uncategorized | No Comments »
After a long while I’ve decided to bring my personal blog back to the net. I took it offline originally so I could redirect the web traffic to a company website that I started. However I quickly learned that nerds do not buy IT services, this is why they’re nerds – Nerds do IT themselves. (Get it?)
Hopefully the wizardry that is Google will be able to figure out that I moved the blog back, originally I did a 403 redirect, however this time I redesigned my company website without moving the wordpress content any where. I checked my pagerank and at a whopping 3/10 I’d have to say that I lost the traffic. Looking to future, I’m hopefully going to be adding a lot of content here, currently looking into FOSS AD/OD replacements, as well as some outdoor adventures!
Thanks for reading.
Jordan
Posted: July 19th, 2010 | Author: jordan | Filed under: Uncategorized | No Comments »
Jealous?
So this going to be my last post for a while. Probably till the end of summer. I’m going on a european vacation with my lady. It’s going to be an epic adventure full of battles, conquests, and amazing sites. If you want to follow our adventure please
check out our new tumblr blog.
Posted: July 15th, 2010 | Author: jordan | Filed under: Uncategorized | No Comments »
A little bird told me Free Geek Vancouver is having a crazy sale this saturday! Check it out!
Posted: June 17th, 2010 | Author: jordan | Filed under: Uncategorized | No Comments »
Here’s an old but great trick. I had a server that was dying on me, I wanted to clone the computer but didn’t want to have the hassle of taking it apart. By using netcat and the dd command I was able to clone the computer over the network.
First on the destination computer, but up off of Ubuntu 10.04 Desktop liveCD and execute the command:
nc -l 10000 | dd of=/dev/sda
Then on the source
dd if=/dev/sda | nc 10000
Wait for the dd command to finish. Then reboot the new hardware, if you’re lucky it should just boot and you’re done! Yay! If not boot the destination up off of the liveCD once more and mount the drive. Edit any changes in drives (sda/sdb/hda) in /etc/fstab as well as grub. As well as any other changes you have to do, perhaps your modprobe.conf file needs editing. Once done make a new initrd and you’re happy!
/sbin/mkinitrd -v -f /boot/initrd-new.img 2.6.21
Posted: June 15th, 2010 | Author: jordan | Filed under: Uncategorized | 1 Comment »
Free Geek Vancouver (FGV) is a non-profit computer reuse and recycling centre. They accept all computers, old and new as well as related electronics whether they are working or not! FGV is comprised of volunteers who breathe new life into these electronics to create functioning and useable computers. These born again computers are then either sold at low costs or are granted to various non-profit organizations in need. The computers that cannot be salvaged are disassembled properly and sent to various ethical recycling plants. Free Geek follows a strict recycling code of conduct set in place by the Basel Action Network. This ensures that our electronic waste is safely and locally disposed rather than shipped to developing nations where it often contaminates air and water.
You can help Free Geek by bringing your used computer down to be recycled! They’re located at 1820 Pandora St in Vancouver. Or if you are interested in lending a hand the please come down this Saturday at either 2 or 4pm for one of our infamous tours!
In today’s world we are becoming attached to our technology. For many computers are the first things we see in the morning, and the last thing we see before we sleep. They take our daily abuse now if only when we could give them the proper ending they deserve!
Posted: May 24th, 2010 | Author: jordan | Filed under: Uncategorized | No Comments »
X authentication over SSH is based on magic cookies! The problem though is that when you change users via sudo the new user is not aware of these magic cookies.
Before you issue the su (but after having ssh’ed into the remote
system), request the cookie for the current DISPLAY that’s connecting
to your X server:
bart:~ jordan$ xauth list $DISPLAY
hostname.hq.calltitan.com:10 MIT-MAGIC-COOKIE-1
4d22408a71a55b41ccd1657d377923ae
Then, after having done su, tell the new user what the cookie is:
bart:~ root# xauth add hostname.hq.calltitan.com:10 MIT-MAGIC-COOKIE-1
4d22408a71a55b41ccd1657d377923ae
Just cut’n-paste the output of the above ‘xauth list’ onto ‘xauth add’
That’s it.
