<!--
Gnucomo - Gnu Computer Monitoring Tutorial
Original author : Peter Roozemaal
- Version : $Revision: 1.5 $
+ Version : $Revision: 1.6 $
This document is prepared for XMLDoc. Transform to HTML,
LaTeX, Postscript or plain text with XMLDoc utilities and
<para>
The most useful application of the abuse list is to maintain a firewall
and block all IP addresses that have the 'dropped' status.
-A short shell script will do this job:
+To do this automatically, you need to provide access to the database from
+a script that is probably run by root.
+A special user 'firewall' that can only read the abuse list can be created
+with the following SQL commands:
+</para>
+<verbatim>
+CREATE USER firewall WITH PASSWORD 'secret';
+GRANT SELECT ON object_abuse TO firewall;
+</verbatim>
+<para>
+When the Gnucomo database runs on a different system than the one
+on which the firewall is maintained, the database server needs to
+provide access from external systems. This implies setting up the
+PostgreSQL configuration and firewall rules.
+The following script then augments the firewall with the information
+from the Gnucomo abuse list:
</para>
<verbatim>
#!/bin/sh
# Create a firewall script from the gnucomo abuses table
#
-psql -h samos -t gnucomo arjen -c "select source from object_abuse
+psql "sslmode=require host=server.gnucomno.org dbname=gnucomo user=firewall password=secret"
+ -c "select source from object_abuse
where status='dropped' and objectid=$1"|grep -v '^$'>/tmp/gnucomo-abuses
while read ADDRESS
input for <strong>gcm_input</strong>.
You need to strip off two siffixes off the filenames to make it look like
a <code>rpm -qa</code> output.
-The following script will do just that:
-</para>
-
-<verbatim>
-
-#!/bin/sh
-#
-# Turn an 'ls' listing of RPM files into an 'rpm -qa' listing
-# Reads a list of filenames, possibly preceeded by a directory and
-# strips the directory path from the beginning and the two suffices
-# from the end of each filename. For example, the name
-# "/mnt/cdrom/RedHat/RPMS/kernel-2.4.20-13.7.i686.rpm" gets turned
-# into a simple "kernel-2.4.20-13.7".
-
-while read filename
-do
- case $filename in
- *.src.rpm)
- ;;
-
- *)
- filename=`basename $filename .rpm`
- case $filename in
- *.athlon)
- rpm=`basename $filename .athlon`
- ;;
- *.i386)
- rpm=`basename $filename .i386`
- ;;
- *.i486)
- rpm=`basename $filename .i486`
- ;;
- *.i586)
- rpm=`basename $filename .i586`
- ;;
- *.i686)
- rpm=`basename $filename .i686`
- ;;
- *.noarch)
- rpm=`basename $filename .noarch`
- ;;
- esac
- echo $rpm
- ;;
- esac
-done
-
-</verbatim>
-
-<para>
-Suppose this script is stored as <code>ls-rpm</code>, you can apply it
-like this:
+Futhermore, a repository of updates often contains multiple versions of a package
+file.
+You want to make sure that the latest version of each package is recorded in the
+Gnucomo database.
+The (python) script <code>report_repository.py</code> will perfom these tasks:
</para>
<verbatim>
- ls /mnt/cdrom/RedHat/RPMS | ls-rpm | sort | uniq | gcm_input -h redhat-7.3
+ python report_repository.py /mnt/cdrom/RedHat/RPMS | gcm_input -h redhat-7.3
</verbatim>
<para>