<!--
Gnucomo - Gnu Computer Monitoring Tutorial
Original author : Peter Roozemaal
- Version : $Revision: 1.4 $
+ Version : $Revision: 1.6 $
This document is prepared for XMLDoc. Transform to HTML,
LaTeX, Postscript or plain text with XMLDoc utilities and
</verbatim>
<para>
-With the default installation of PostgreSQL on RedHat 8.0,
-you will probably encounter an authentication problem when you try to
-use the Gnucomo web interface. The problem will look somewhat like this:
-</para>
-
-<para>
-<strong>
-Warning: pg_connect() unable to connect to PostgreSQL server:
-FATAL 1: IDENT authentication failed for user "arjen"
-</strong>
-</para>
-
-<para>
-Refer to PostgreSQL Administrator's guide, Chapter 4: Client Authentication.
-You probably have this line in the /var/lib/pgsql/data/pg_hba.conf:
-</para>
-
-<verbatim>
- local all ident sameuser
-</verbatim>
-
-<para>
-(I know RedHat 8.0 does this). You need to change this into:
-</para>
-
-<verbatim>
- local all password
-</verbatim>
-
-<para>
-This tells PostgreSQL to allow any UNIX user to log into the database
-as any database user on a local socket, using his database password.
+[TODO] How to set up database security is yet to be described.
</para>
</section>
<para>
The most useful application of the abuse list is to maintain a firewall
and block all IP addresses that have the 'dropped' status.
-A short shell script will do this job:
+To do this automatically, you need to provide access to the database from
+a script that is probably run by root.
+A special user 'firewall' that can only read the abuse list can be created
+with the following SQL commands:
+</para>
+<verbatim>
+CREATE USER firewall WITH PASSWORD 'secret';
+GRANT SELECT ON object_abuse TO firewall;
+</verbatim>
+<para>
+When the Gnucomo database runs on a different system than the one
+on which the firewall is maintained, the database server needs to
+provide access from external systems. This implies setting up the
+PostgreSQL configuration and firewall rules.
+The following script then augments the firewall with the information
+from the Gnucomo abuse list:
</para>
<verbatim>
#!/bin/sh
# Create a firewall script from the gnucomo abuses table
#
-psql -h samos -t gnucomo arjen -c "select source from object_abuse
+psql "sslmode=require host=server.gnucomno.org dbname=gnucomo user=firewall password=secret"
+ -c "select source from object_abuse
where status='dropped' and objectid=$1"|grep -v '^$'>/tmp/gnucomo-abuses
while read ADDRESS
echo " <gcmt:parameters gcmt:class='systemload'>"
-PROCESSES=`ps ax|wc -l`
-LOADAV=` uptime|cut -d ' ' -f 13|tr -d ,`
+PROCESSES=`ps ax|wc -l|awk ' {print $1}'`
+LOADAV=` uptime|awk ' { print $11 }' | tr -d ,`
echo "<gcmt:parameter name='Load'>"
echo " <gcmt:description>System processing load</gcmt:description>"
input for <strong>gcm_input</strong>.
You need to strip off two siffixes off the filenames to make it look like
a <code>rpm -qa</code> output.
-The following script will do just that:
-</para>
-
-<verbatim>
-
-#!/bin/sh
-#
-# Turn an 'ls' listing of RPM files into an 'rpm -qa' listing
-# Reads a list of filenames, possibly preceeded by a directory and
-# strips the directory path from the beginning and the two suffices
-# from the end of each filename. For example, the name
-# "/mnt/cdrom/RedHat/RPMS/kernel-2.4.20-13.7.i686.rpm" gets turned
-# into a simple "kernel-2.4.20-13.7".
-
-while read filename
-do
- case $filename in
- *.src.rpm)
- ;;
-
- *)
- filename=`basename $filename .rpm`
- case $filename in
- *.athlon)
- rpm=`basename $filename .athlon`
- ;;
- *.i386)
- rpm=`basename $filename .i386`
- ;;
- *.i486)
- rpm=`basename $filename .i486`
- ;;
- *.i586)
- rpm=`basename $filename .i586`
- ;;
- *.i686)
- rpm=`basename $filename .i686`
- ;;
- *.noarch)
- rpm=`basename $filename .noarch`
- ;;
- esac
- echo $rpm
- ;;
- esac
-done
-
-</verbatim>
-
-<para>
-Suppose this script is stored as <code>ls-rpm</code>, you can apply it
-like this:
+Futhermore, a repository of updates often contains multiple versions of a package
+file.
+You want to make sure that the latest version of each package is recorded in the
+Gnucomo database.
+The (python) script <code>report_repository.py</code> will perfom these tasks:
</para>
<verbatim>
- ls /mnt/cdrom/RedHat/RPMS | ls-rpm | sort | uniq | gcm_input -h redhat-7.3
+ python report_repository.py /mnt/cdrom/RedHat/RPMS | gcm_input -h redhat-7.3
</verbatim>
<para>