sâmbătă, 23 martie 2024

Adapt the strace command to trace all processes belonging to a specific user


To adapt the strace command to trace all processes belonging to a specific user, you can use the -u option to specify the user. However, strace itself doesn't directly support tracing all processes of a user at once. You'll need to combine ps or pgrep with a loop to achieve this. Here's how you can do it:



#!/bin/bash

get_user_pids() {
    pgrep -u "$1"
}

start_strace() {
    strace -Z -p "$1" &
}

# Main loop
user="username"
while true; do
    pids=$(get_user_pids "$user")
    if [ -z "$pids" ]; then
        echo "No processes found for user: $user"
        sleep 10
        continue
    fi
    for pid in $pids; do
        if ! pgrep -f "strace.*-p $pid" > /dev/null; then
            echo "Tracing PID: $pid"
            start_strace "$pid"
        fi
    done
    sleep 10
done

-Z  Print only syscalls that returned with an error code.
Use man strace to adapt for your needs.

Save this script in a file, for example, monitor_username_activity.sh, and make it executable using the command chmod +x monitor_username_activity.sh.

sudo ./monitor_username_activity.sh

Replace "username" with the actual username of the user whose processes you want to trace. This script will find all processes belonging to that user and trace them using strace.

Make sure to run this script with appropriate permissions, as strace might require elevated privileges to trace some processes. Also, keep in mind that tracing all processes of a user can generate a significant amount of output and may impact system performance.

luni, 2 mai 2022

CAN YOU MAKE A WSL (UBUNTU) FILE SYSTEM VISIBLE FROM WINDOWS FILE EXPLORER?

Yes, in powershell, do (for example)


..user > subst W: '\\wsl$\Ubuntu-20.04\home\username\'


And you're in business. But, yes, I know what you're thinking - you don't want to do this manually. 

You want to fire up WSL TTY (mintty) and have this DONE for you!


In your Ubuntu filesystem, maintain a file ending in a .ps1 extension and containing :


subst W: '\\wsl$\Ubuntu-20.04\home\analog\'


Then, in your .profile, just have :


powershell.exe -File /path/to/subst_cmd.ps1


(FYI, Thanks Thanh Phu, do delete this mapping, you'd do subst W: /D )


And you're through. Now, here's something trickier :


Without ever leaving WSL, how would you get Windows Firewall to allow communication between WSL 

and the X-server you set up (follow Thomas Ward's excellent page to set up vcxsrv)


The answer : 


Put this command in a file somewhere on windows (not Ubuntu) :


Set-NetFirewallProfile -DisabledInterfaceAliases "vEthernet (WSL)"


Then, all you do is :


powershell.exe -Command "Start-Process powershell.exe -ArgumentList \"-File C:\path\to\ps_fw_setting_WSL.ps1\" -Verb RunAs"


Which is something you could stick in your .profile 

miercuri, 2 februarie 2022

Installing Linux - Ubuntu WSL - Apache Openmeeting Cluster - MSSQL as db



server-1:100.112.2.56

server-2:100.112.2.57

Network:100.112.2.0/24

In this setup is used MSSQL Cluster as db, if u will want to use another type of db should be sync,replicated ... 

For this setup, location for records/stream/audio of openmeeting should be same for both servers, later u will see path /opt/openmeetings/openmeetings-server/target/apache-openmeetings-7.0.0-SNAPSHOT/webapps/openmeetings/data/streams which is an windows path as ( in this setup ) C:\Linux\ubuntu\rootfs\opt\openmeetings\openmeetings-server\target\apache-openmeetings-7.0.0-SNAPSHOT\webapps\openmeetings\data\streams




Fallow indications of actions on server-1, server-2 and on both server

On both servers.

Invoke-WebRequest -Uri https://aka.ms/wsl-ubuntu-1804 -OutFile ubuntu.appx –UseBasicParsing

 





Rename-Item .\ubuntu.appx .\ubuntu.zip



 

Re-open Windows PowerShell ISE as Administrator



$userenv =[System.Environment]::GetEnvironmentVariable("Path","User")

 



Open CMD as administrator

 



 

Enter the new user for your system

New CMD window, enter in location D:\Linux\ubuntu

Run command ubuntu1804.exe will enter you in the system with root privilegies.



Reinstall openssh-server and create Schedule-Task, on both server

 



On both servers.

visudo

%sudo ALL=NOPASSWD: /usr/sbin/sshd

service ssh --full-restart

Install prerequisites, on both server

 

#apt install imagemagick ghostscript libxt6 libxrender1 ffmpeg vlc sox openjdk-11-jdk openjdk-11-jdk-headless libjpeg62 zlib1g-dev openssl maven

 

#vim /etc/ImageMagick-6/policy.xml

...and comment the two follow lines, near to bottom file:

<policy domain="coder" rights="none" pattern="PS" />

<policy domain="coder" rights="none" pattern="PDF" />

 

...to:

 

<!-- <policy domain="coder" rights="none" pattern="PS" /> -->

<!-- <policy domain="coder" rights="none" pattern="PDF" /> -->

 

Fallow install steps of kurento media server – on both servers.

https://doc-kurento.readthedocs.io/en/stable/user/installation.html#local-installation

#vim /etc/default/kurento-media-server

replace

DAEMON_USER="kurento"

...to

DAEMON_USER="nobody"

 

 

After Kurento Media Server – install coturn STUN/TUN server if behind a NAT

https://doc-kurento.readthedocs.io/en/stable/user/faq.html#faq-coturn-install

or

Install Coturn (Turn server), on both server:

#apt install coturn

...we edit the following file so that the Turn server can work:

# vim /etc/default/coturn

...and we uncomment the line:

#TURNSERVER_ENABLED=1

….leaving it like this:

TURNSERVER_ENABLED=1

Now we'll set up Turn. Created a folder where turn server store the logs:

#mkdir -p /var/log/turnserver

...create a password that we'll need to put it in the configuration file of the turn server and later in an

OpnMeetings file. We created it:

#openssl rand -hex 32

...will generate something similar to this:

751c45cae60a2839711a94c8d6bf0089e78b2149ca602fdXXXXXXXXXXXXXXXXX

…copy that long password and paste it into a text file by saving it.

Edit the turn configuration file:

#vim /etc/turnserver.conf

...in this file we will have to uncomment (delete #) only the following lines:

use-auth-secret

static-auth-secret=751c45cae60a2839711a94c8d6bf0089e78b2149ca602fdXXXXXXXXXXXXX

(on the above line put the long password we just saved in a text file)

realm=your_real_domain ...change company.org to your real domain

stale-nonce=0 ...change 600 to 0 (zero)

log-file=/var/log/turnserver/turnserver.log .

(above change /var/log/turnserver.log to /var/log/turnserver/turnserver.log)

 

 

Install LibreOffice 7.2.3.2 – both servers

#add-apt-repository ppa:libreoffice/ppa
#apt update
#apt install libreoffice

Install MariaDB 10.1 ( if no other database engine ) – excluded from this setup. Is MSSQL used.

( No install, on both servers )

#apt install install mariadb-server
#mysql_secure_installation

Create database and user for openmeeting

#mysqladmin -u root password colanda1

 

MariaDB [(none)]> CREATE DATABASE open620 DEFAULT CHARACTER SET 'utf8';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON open620.* TO 'openmeeting'@'localhost' IDENTIFIED BY '1a2B3c4D' WITH GRANT OPTION;
MariaDB [(none)]> FLUSH PRIVILEGES;

* open620 ......is the database name.

* openmeeting ………is the user name for this database.

* 1a2B3c4D ..is the password for this user.

 

Install Openmeeting 6.2.0 ( 7.0.0 released 3 ) – on both servers.

 

#cd /opt

...get and build from source the OpenMeetings:

#cd /opt
#git clone https://github.com/apache/openmeetings.git


...build it:

#cd openmeetings 
#mvn clean install -P allModules




...untar archive:

#cd /opt/openmeetings/openmeetings-server/target/


#tar -zxvf apache-openmeetings-7.0.0-SNAPSHOT.tar.gz


 

We make some folders for the recordings we´ll make at the different OpenMeetings rooms:

#mkdir -p /opt/openmeetings/openmeetings-server/target/apache-openmeetings-7.0.0-SNAPSHOT/webapps/openmeetings/data/streams/{1,2,3,4,5,6,7,8,9,10,11,12,13,14}
#mkdir -p /opt/openmeetings/openmeetings-server/target/apache-openmeetings-7.0.0-SNAPSHOT/webapps/openmeetings/data/streams/hibernate

...restrict the access to these folders:

#chmod -R 750 /opt/openmeetings/openmeetings-server/target/apache-openmeetings-7.0.0-SNAPSHOT/webapps/openmeetings/data/streams

...and we do to “nobody” user ownner of OpenMeetings installation folder:

#chown -R nobody:nogroup /opt/openmeetings/openmeetings-server/target/apache-openmeetings-7.0.0-SNAPSHOT


Download and install the connector between OpenMeetings and MariaDB ( if no other database engine ):

#cd /opt
#wget https://repo1.maven.org/maven2/mysql/mysql-connector-java/8.0.27/mysql-connector-java-8.0.27.jar

...and copy it to where must be:

#cp /opt/mysql-connector-java-8.0.27.jar /opt/openmeetings/openmeetings-server/target/apache-openmeetings-7.0.0-SNAPSHOT/webapps/openmeetings/WEB-INF/lib

 

Script to launch Tomcat-OpenMeetings – on both servers.

 

Create file /etc/init.d/tomcat4 with …

 
#!/bin/sh
 
# set the environment
# JAVA_OPTS="-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom"
# CATALINA_OPTS=""
export JAVA_OPTS="-Djava.awt.headless=true"
CATALINA_HOME=/opt/openmeetings/openmeetings-server/target/apache-openmeetings-7.0.0-SNAPSHOT
 
#set TIMEOUT values
#TIMELIMIT=10
#SLEEPTIME=40
 
# Function to wait until all Tomcat processes are killed
waitForTomcatToDie()
{
  PROCESSES=`ps auxwww | grep $HOME | grep 'java' | grep 'tomcat' | grep -v 'grep'`
  while [ ! -z "${PROCESSES}" ] && [ ${SECONDS} -lt ${TIMELIMIT} ] && [ ${TIMELIMIT} -ne 0 ]; do
    echo -n "."
    sleep ${SLEEPTIME}
    PROCESSES=`ps auxwww | grep $USER | grep 'java' | grep 'tomcat' | grep -v 'grep'`
  done
  echo ""
  if [ ! -z "${PROCESSES}" ]; then
    PROCESS_ID=`echo ${PROCESSES} | awk '{ print $2 }'`
    echo "Killing process: ${PROCESS_ID}"
    kill -9 ${PROCESS_ID}
  fi
}
 
# See how we were called.
case "$1" in
start)
  #$CATALINA_HOME/bin/startup.sh
  cd ${CATALINA_HOME}
  sudo --preserve-env=CATALINA_HOME --preserve-env=JAVA_OPTS -u nobody ${CATALINA_HOME}/bin/startup.sh
  ;;
#debug)
  #DEBUG_PORT=10001
  #;;
stop)
  cd ${CATALINA_HOME}
  sudo --preserve-env=CATALINA_HOME -u nobody ${CATALINA_HOME}/bin/shutdown.sh
  waitForTomcatToDie
  echo "...Tomcat stopped."
  ;;
restart)
  $0 stop
  echo "...Restarting..."
  sleep 8
  $0 start
  ;;
status)
  status ${PROG} -p ${PIDFILE}
  RETVAL=$?
  ;;
*)
  echo "Usage: $0 {start|stop|restart|status}"
  RETVAL=1
esac
 
exit ${RETVAL}
 
 

...and concede permission of execution:

#chmod +x /etc/init.d/tomcat4

Run Tomcat-OpenMeetings

Start MariaDB, if still it is not ( if no other database engine ): ( No need in this setup )

# /etc/init.d/mysql start

...and now start tomcat-OpenMeetings, only server-1:

#/etc/init.d/tomcat4 start


 

Openmeeting link: https://localhost:5443/openmeetings

Configuration with MSSQL – server-1 ( only one server –first node )

 

 














 

Configure Cluster node between server-1 and server-2

On server-1 and server-2 stop service of opemeeting.

#/etc/init.d/tomcat4 stop

Application might not stop and check

#ps –aux | grep tomcat
Ex:


Take pid id and kill it

#kill -9 21887 21684 21510 21030 19655


 

Configure persistence.xml server-1

#vim /opt/openmeetings/openmeetings-server/target/apache-openmeetings-7.0.0-SNAPSHOT/webapps/openmeetings/WEB-INF/classes/META-INF/persistence.xml

Add

<property name="openjpa.RemoteCommitProvider" value="tcp(Addresses=100.112.2.56;100.112.2.57)" />

Comment

  <!--property name="openjpa.RemoteCommitProvider" value="tcp(Addresses=100.112.2.56)" /-->



 

Configure hazelcast.xml server-1:

#vim /opt/openmeetings/openmeetings-server/target/apache-openmeetings-7.0.0-SNAPSHOT/webapps/openmeetings/WEB-INF/classes/hazelcast.xml

Add cluster name

<cluster-name>production</cluster-name>



Instance name must be unique

<instance-name>server-1</instance-name>



Attribute name must be same as Instance name

<attribute name="name">server-1</attribute>



Server URL

<attribute name="server.url">https://100.112.2.56:5443/openmeetings</attribute>



 

And network tag should be this

<network>

                <join>

                        <auto-detection enabled="false"/>

                        <multicast enabled="false"/>

                        <tcp-ip enabled="true">

                                <members>100.112.2.56,100.112.2.57</members>

            </tcp-ip>

                        <aws enabled="false"/>

                </join>

                <interfaces enabled="true">

            <interface>100.112.2.*</interface>

        </interfaces>

        </network>



 

hazelcast.discovery.enabled  must be commented like in this image

<!--property name="hazelcast.discovery.enabled">false</property-->

 



 

 

Configure hazelcast.xml server-2:

#vim /opt/openmeetings/openmeetings-server/target/apache-openmeetings-7.0.0-SNAPSHOT/webapps/openmeetings/WEB-INF/classes/hazelcast.xml

Add cluster name

<cluster-name>production</cluster-name>



Instance name must be unique

<instance-name>server-2</instance-name>



Attribute name must be same as Instance name

<attribute name="name">server-2</attribute>



Server URL

<attribute name="server.url">https://100.112.2.57:5443/openmeetings</attribute>



 

And network tag should be this

<network>

                <join>

                        <auto-detection enabled="false"/>

                        <multicast enabled="false"/>

                        <tcp-ip enabled="true">

                                <members>100.112.2.56,100.112.2.57</members>

            </tcp-ip>

                        <aws enabled="false"/>

                </join>

                <interfaces enabled="true">

            <interface>100.112.2.*</interface>

        </interfaces>

        </network>



 

hazelcast.discovery.enabled  must be commented like in this image

<!--property name="hazelcast.discovery.enabled">false</property-->

 



 

 

Configure persistence.xml server-2

Copy from server-1 /opt/openmeetings/openmeetings-server/target/apache-openmeetings-7.0.0-SNAPSHOT/webapps/openmeetings/WEB-INF/classes/META-INF/persistence.xml

Back-ul old file and replace with the content from server-1 file.

#cp /opt/openmeetings/openmeetings-server/target/apache-openmeetings-7.0.0-SNAPSHOT/webapps/openmeetings/WEB-INF/classes/META-INF/persistence.xml /opt/openmeetings/openmeetings-server/target/apache-openmeetings-7.0.0-SNAPSHOT/webapps/openmeetings/WEB-INF/classes/META-INF/persistence.xml.old
#vim /opt/openmeetings/openmeetings-server/target/apache-openmeetings-7.0.0-SNAPSHOT/webapps/openmeetings/WEB-INF/classes/META-INF/persistence.xml

Add content from server-1 file of persistence.xml to look same.

 


 

...and now start tomcat-OpenMeetings, on both servers:

#/etc/init.d/tomcat4 start


 

 

IF coturn got installed, openmeeting behind NAT

 

Edit the openmeetings.properties file of OpenMeetings – on both servers:

#vim /opt/openmeetings/openmeetings-server/target/apache-openmeetings-7.0.0-SNAPSHOT/ /webapps/openmeetings/WEB-INF/classes/openmeetings.properties

...and in the ### Kurento ### section we modify only the following lines:

#### Kurento ###

kurento.turn.url=

kurento.turn.user=

kurento.turn.secret=

...to

kurento.turn.url=Public IP of your server:3478

kurento.turn.user=

kurento.turn.secret=751c45cae60a2839711a94c8d6bf0089e78b2149ca602fdXXXXXXXXXXXXX

 

...above, in:

 

kurento.turn.secret=751c45cae60a2839711a94c8d6bf0089e78b2149ca602fdXXXXXXXXXXXXX

...replace the line: 751c45cae60a2839711a94c8d6bf0089e78b2149ca602fdXXXXXXXXXXXXX

...by the long password that we generated at coturn installation and that we save in a text file

 

Now will make nobody owner of the OpenMeetings installation directory, on both servers:

#chown -R nobody:nogroup /opt/openmeetings/openmeetings-server/target/apache-openmeetings-7.0.0-SNAPSHOT

 

Restart coturn:

#/etc/init.d/coturn restart

Kurento:

#/etc/init.d/kurento-media-server restart

Tomcat-OpenMeetings:

#/etc/init.d/tomcat4 restart

 

Open ports required

3478 TCP-UDP IN

5443 TCP IN

8888 TCP IN

49152:65535 UDP IN-OUT

5701 TCP IN

5080 TCP IN

22 TCP IN

 

Checking cluster status:

Log in on both servers links, server-1 and server-2

Link server-1: https://100.112.2.56:5443/openmeetings/signin

Link server-2: https://100.112.2.57:5443/openmeetings/signin

You can now login really to node1 and node2 of your cluster while those users are loggedin and go to Administration > Connections and check in the column "Server Name" where they are located. They should be on different server.

 



The End