Multiprocess paramiko patch for transport.py

I stumbled upon this bug when creating a parallel SSH utility with paramiko:

‘PID check failed. RNG must be re-initialized after fork()’ AssertionError from Crypto’

I found this fix here, but I still seemed to randomly get the same error. I moved the Crypto.Random.atfork() call to the top of the run() function, and it seems to work 100% now:

patch:

--- /opt/paramiko-1.7.4/paramiko/transport.py	2008-07-07 01:12:55.000000000 +0000
+++ transport.py	2011-04-27 17:41:10.000000000 +0000
@@ -52,7 +52,7 @@
 #     http://nitace.bsd.uchicago.edu:8080/hashtar
 from Crypto.Cipher import Blowfish, AES, DES3
 from Crypto.Hash import SHA, MD5
-
+from Crypto.Random import atfork as rand_atfork

 # for thread cleanup
 _active_threads = []
@@ -1473,6 +1473,7 @@
         # GC'd.  it's a bug in Thread.)

         # active=True occurs before the thread is launched, to avoid a race
+        rand_atfork()
         _active_threads.append(self)
         if self.server_mode:
             self._log(DEBUG, 'starting thread (server mode): %s' % hex(long(id(self)) & 0xffffffffL))

diff of original versus patched:

55c55
<
---
> from Crypto.Random import atfork as rand_atfork
1475a1476
>         rand_atfork()

Here is an example of applying this patch to the 1.7.4 paramiko/transport.py source:

patch --verbose --backup transport.py < /tmp/paramiko_transport.py.patch
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- /opt/paramiko-1.7.4/paramiko/transport.py	2008-07-07 01:12:55.000000000 +0000
|+++ transport.py	2011-04-27 17:41:10.000000000 +0000
--------------------------
Patching file transport.py using Plan A...
Hunk #1 succeeded at 52.
Hunk #2 succeeded at 1473.
done
352 views
2011
04/27
CATEGORY
Coding
TAGS


Write comment

SSL guide for sendmail and apache

Just finished acquiring my new SSL certificate from DynDNS, and what follows is a guide based on my recent adventures in certificate installation.

  1. Log into your host as root or switch to root (sudo su -) and switch to your certs installation directory.  This is usually something like /etc/mail/certs or /etc/pki/tls/certs in my case on a Fedora 14 system: 
    [root@slice ~]# cd /etc/pki/tls/certs
[root@slice certs]#
  2. Now we create the SSL server.key (2048 bits is the most recent secure standard, notice we don’t secure this key file with a pass-phrase for max app compatibility): 
    [root@slice certs]# openssl genrsa -out server.key 2048
  3. Now using the server.key we just created, we make the server.csr needed to submit to the SSL certificate provider: 
    [root@slice certs]# openssl req -new -key server.key -out server.csr
  4. Now submit the server.csr contents to your certificate provider.  In my case this is geotrust.com for DynDNS.  Your provider should either email you the certificate or give you a website to download it from.  Collect the certificate in X.509 Certificate file format.  Save it to server.crt in the certs directory we have been working in.  Make a copy of it called sendmail.pem in that same directory: 
    [root@slice certs]# ls -l server.crt
-rw------- 1 root root 1903 Apr 16 07:29 server.crt
[root@slice certs]# ls -l sendmail.pem
-rw------- 1 root root 1903 Apr 16 07:30 sendmail.pem
  5. To prevent a sendmail error from popping up (STARTTLS: CRLFile missing), we need to download a revoke.crl file to our certs directory too: 
    [root@slice certs]# wget http://www.cacert.org/revoke.crl
  6. For my installation my issuer has an additional .crt file that is required (certificates now require the installation of the new GeoTrust Intermediate CA along with your SSL certificate. The new Intermediate CA MUST be installed in order for your SSL certificate to be fully trusted in all browsers.)  So I downloaded intermediate.crt into the certs directory with everything else.
  7. Now make sure your permissions are good, should mirror these, everything we made or retrieved should be 600 except for intermediate.crt, which you may not have: 
    [root@slice certs]# ls -l
total 5236
-rw-r--r-- 1 root root  578465 Apr  7  2010 ca-bundle.crt
-rw-r--r-- 1 root root  658225 Apr  7  2010 ca-bundle.trust.crt
-rw-r--r-- 1 root root    2754 Dec 17 11:40 intermediate.crt
-rwxr-xr-x 1 root root     610 Feb 10 15:04 make-dummy-cert
-rw-r--r-- 1 root root    2242 Feb 10 15:04 Makefile
-rw------- 1 root root 4077988 Apr 16 07:26 revoke.crl
-rw------- 1 root root    1903 Apr 16 07:30 sendmail.pem
-rw------- 1 root root    1903 Apr 16 07:29 server.crt
-rw------- 1 root root    1082 Apr 16 07:24 server.csr
-rw------- 1 root root    1675 Apr 16 07:23 server.key
  8. Apply changes to /etc/mail/sendmail.mc: 
    define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/intermediate.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/server.key')dnl
define(`confCRL', `/etc/pki/tls/certs/revoke.crl')
  9. Rebuild the sendmail.mc into sendmail.cf and restart sendmail: 
    [root@slice certs]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
[root@slice certs]# service sendmail restart
  10. Apply changes to /etc/httpd/conf.d/ssl.conf or /etc/httpd/conf/httpd.conf, adjust SSLCACertificateFile as needed for your CA: 
    SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/certs/server.key
SSLCACertificateFile /etc/pki/tls/certs/intermediate.crt
  11. Restart apache and test in a browser or use openssl s_client -connect host:port: 
    [root@slice certs]# openssl s_client -connect slice.digital-artz.com:443
CONNECTED(00000003)
depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority
verify return:1
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = GeoTrust Inc., OU = Domain Validated SSL, CN = GeoTrust DV SSL CA
verify return:1
depth=0 serialNumber = dF-gEULEd997dX5OCzRuRlNlWQs1ZAu3, C = US, O = slice.digital-artz.com, OU = GT85463314, OU = See www.geotrust.com/resources/cps (c)11, OU = Domain Control Validated - QuickSSL(R) Premium, CN = slice.digital-artz.com
verify return:1
---
Certificate chain
 0 s:/serialNumber=dF-gEULEd997dX5OCzRuRlNlWQs1ZAu3/C=US/O=slice.digital-artz.com/OU=GT85463314/OU=See www.geotrust.com/resources/cps (c)11/OU=Domain Control Validated - QuickSSL(R) Premium/CN=slice.digital-artz.com
   i:/C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA
 1 s:/C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgIDAa2wMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQLExREb21haW4gVmFsaWRh
dGVkIFNTTDEbMBkGA1UEAxMSR2VvVHJ1c3QgRFYgU1NMIENBMB4XDTExMDQxNDE4
NDcwM1oXDTEzMDQxNzE4NTczM1owgfsxKTAnBgNVBAUTIGRGLWdFVUxFZDk5N2RY
NU9DelJ1UmxObFdRczFaQXUzMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWc2xpY2Uu
ZGlnaXRhbC1hcnR6LmNvbTETMBEGA1UECxMKR1Q4NTQ2MzMxNDExMC8GA1UECxMo
U2VlIHd3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL2NwcyAoYykxMTE3MDUGA1UE
CxMuRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkIC0gUXVpY2tTU0woUikgUHJlbWl1
bTEfMB0GA1UEAxMWc2xpY2UuZGlnaXRhbC1hcnR6LmNvbTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALL97WIUvkmR+cA6zvS8QiT0PAkaD+Vu8jausCfi
/bfr+9TNQ7liCbB4x81D/UD2nEuBCLTooBg7sg+tSVeZUIHKVAIeAwmpGLjnWGIJ
Eic+kKFsVvJI0ORYvx8wGxGKojhdCh12LEyqvG5Te1swvxGdXnTqN7DL/LaoJCoc
tE5iI2af1KLu6FOsJtmhmApEJsBHREgdT481aprysIRWzrssKYbqkK/R2J4uWhSw
OSYSKrEuWW0HYorhuSSwDyvdXoBe7n1taaRZaAcngFaLPrmcV4fsvOx3LynbRXWP
MhORtLOHjRU5KyEAx/kTdOL0sdInOb+MyIjpEfEg50/ndFECAwEAAaOCAXMwggFv
MB8GA1UdIwQYMBaAFIz02ZMKR7wAoErOS3VuoLawsn78MA4GA1UdDwEB/wQEAwIF
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwZAYDVR0RBF0wW4IUZnRw
LmRpZ2l0YWwtYXJ0ei5jb22CFHd3dy5kaWdpdGFsLWFydHouY29tghVtYWlsLmRp
Z2l0YWwtYXJ0ei5jb22CFnNsaWNlLmRpZ2l0YWwtYXJ0ei5jb20wQQYDVR0fBDow
ODA2oDSgMoYwaHR0cDovL2d0c3NsZHYtY3JsLmdlb3RydXN0LmNvbS9jcmxzL2d0
c3NsZHYuY3JsMB0GA1UdDgQWBBQx2mo0+IcrqDE41lu4mChMgk+FNzAMBgNVHRMB
Af8EAjAAMEcGCCsGAQUFBwEBBDswOTA3BggrBgEFBQcwAoYraHR0cDovL2d0c3Ns
ZHYtYWlhLmdlb3RydXN0LmNvbS9ndHNzbGR2LmNydDANBgkqhkiG9w0BAQUFAAOC
AQEAc0tU6PDWF+UjHADsDXXlZXwqFumAMv92DV8Ei/8VhvpEnbRJLQgAcHA7tMpI
J4RNDSYCLdIB0zGPdW5+SSk1jSPAGqvfVRjv+bMmGq2J01z3clhHuRRsmpHnpWU4
ZRWDKvLbA0NmU24zn8qHkG4gaxp57n/ka0tVZRt0n23uuGJF8Yegz4ugxM6vb7uz
8iQAJdujGlEAN0cSU4Acm2vvFQpEdhxbcVBQSVKj2gzGWLpDCgWA58ZK1iZ8NsuJ
5LukitjzQ9uY4unsUKBJzf5LFLIYJBUH8H+Fy97s2yVT+YRTjq8/JGYG/APAP1NC
tMVED3t0eiQ8/bm359DfZYIzGQ==
-----END CERTIFICATE-----
subject=/serialNumber=dF-gEULEd997dX5OCzRuRlNlWQs1ZAu3/C=US/O=slice.digital-artz.com/OU=GT85463314/OU=See www.geotrust.com/resources/cps (c)11/OU=Domain Control Validated - QuickSSL(R) Premium/CN=slice.digital-artz.com
issuer=/C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA
---
No client certificate CA names sent
---
SSL handshake has read 4166 bytes and written 311 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 9DB54DD492D88D28D6300C3C5AFE7368A442DB656FC488E1CB0044057D4CC5B9
    Session-ID-ctx:
    Master-Key: B4385EC57EC14211CD93755E51CAC9A76357B556F57F8EE87EDC87620D5918185183CF24AE3BE5DE89B10F8E149826C9
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket:
    0000 - c4 dc 00 cd 77 d1 44 c9-5d b3 c9 f6 4b ad e7 0d   ....w.D.]...K...
    0010 - 05 ec 3d d6 d0 22 2f cd-ca 53 91 ad 46 2f ac db   ..=.."/..S..F/..
    0020 - a6 db 6f 94 51 bb d7 9e-86 78 dd 56 c6 e3 65 6d   ..o.Q....x.V..em
    0030 - ea 3f d7 50 47 8f 31 1f-15 7c 32 10 c3 45 b5 a1   .?.PG.1..|2..E..
    0040 - 4a 49 d2 d6 16 20 f9 e0-6f 27 fe 51 9e 71 d4 bf   JI... ..o'.Q.q..
    0050 - d3 21 06 9d 4d e7 76 0b-82 8e 51 0c cc 6d 46 5f   .!..M.v...Q..mF_
    0060 - a5 fd f8 7d 9d d9 c3 21-5e 95 a1 dc 0c 2e 93 85   ...}...!^.......
    0070 - 12 2f 3d fe 4f e7 61 e5-ba e6 bb 25 9a 17 43 6d   ./=.O.a....%..Cm
    0080 - 02 92 de ca 4e e6 bd 63-6f 5d 3c d0 35 8f 08 cc   ....N..co]<.5...
    0090 - df cf 55 12 ef 20 3d 18-f0 ca 3f 2c 4e b4 1d 70   ..U.. =...?,N..p
    00a0 - 18 b4 f0 d7 78 8c 5a f5-56 72 8f fa a4 27 55 ed   ....x.Z.Vr...'U.
    00b0 - 33 c8 a6 a8 66 7c 09 07-b8 fe 18 2d 28 65 33 dc   3...f|.....-(e3.

    Compression: 1 (zlib compression)
    Start Time: 1302946222
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
DONE
[root@slice certs]# openssl s_client -connect slice.digital-artz.com:465
CONNECTED(00000003)
depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority
verify return:1
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = GeoTrust Inc., OU = Domain Validated SSL, CN = GeoTrust DV SSL CA
verify return:1
depth=0 serialNumber = dF-gEULEd997dX5OCzRuRlNlWQs1ZAu3, C = US, O = slice.digital-artz.com, OU = GT85463314, OU = See www.geotrust.com/resources/cps (c)11, OU = Domain Control Validated - QuickSSL(R) Premium, CN = slice.digital-artz.com
verify return:1
---
Certificate chain
 0 s:/serialNumber=dF-gEULEd997dX5OCzRuRlNlWQs1ZAu3/C=US/O=slice.digital-artz.com/OU=GT85463314/OU=See www.geotrust.com/resources/cps (c)11/OU=Domain Control Validated - QuickSSL(R) Premium/CN=slice.digital-artz.com
   i:/C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA
 1 s:/C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgIDAa2wMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQLExREb21haW4gVmFsaWRh
dGVkIFNTTDEbMBkGA1UEAxMSR2VvVHJ1c3QgRFYgU1NMIENBMB4XDTExMDQxNDE4
NDcwM1oXDTEzMDQxNzE4NTczM1owgfsxKTAnBgNVBAUTIGRGLWdFVUxFZDk5N2RY
NU9DelJ1UmxObFdRczFaQXUzMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWc2xpY2Uu
ZGlnaXRhbC1hcnR6LmNvbTETMBEGA1UECxMKR1Q4NTQ2MzMxNDExMC8GA1UECxMo
U2VlIHd3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL2NwcyAoYykxMTE3MDUGA1UE
CxMuRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkIC0gUXVpY2tTU0woUikgUHJlbWl1
bTEfMB0GA1UEAxMWc2xpY2UuZGlnaXRhbC1hcnR6LmNvbTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALL97WIUvkmR+cA6zvS8QiT0PAkaD+Vu8jausCfi
/bfr+9TNQ7liCbB4x81D/UD2nEuBCLTooBg7sg+tSVeZUIHKVAIeAwmpGLjnWGIJ
Eic+kKFsVvJI0ORYvx8wGxGKojhdCh12LEyqvG5Te1swvxGdXnTqN7DL/LaoJCoc
tE5iI2af1KLu6FOsJtmhmApEJsBHREgdT481aprysIRWzrssKYbqkK/R2J4uWhSw
OSYSKrEuWW0HYorhuSSwDyvdXoBe7n1taaRZaAcngFaLPrmcV4fsvOx3LynbRXWP
MhORtLOHjRU5KyEAx/kTdOL0sdInOb+MyIjpEfEg50/ndFECAwEAAaOCAXMwggFv
MB8GA1UdIwQYMBaAFIz02ZMKR7wAoErOS3VuoLawsn78MA4GA1UdDwEB/wQEAwIF
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwZAYDVR0RBF0wW4IUZnRw
LmRpZ2l0YWwtYXJ0ei5jb22CFHd3dy5kaWdpdGFsLWFydHouY29tghVtYWlsLmRp
Z2l0YWwtYXJ0ei5jb22CFnNsaWNlLmRpZ2l0YWwtYXJ0ei5jb20wQQYDVR0fBDow
ODA2oDSgMoYwaHR0cDovL2d0c3NsZHYtY3JsLmdlb3RydXN0LmNvbS9jcmxzL2d0
c3NsZHYuY3JsMB0GA1UdDgQWBBQx2mo0+IcrqDE41lu4mChMgk+FNzAMBgNVHRMB
Af8EAjAAMEcGCCsGAQUFBwEBBDswOTA3BggrBgEFBQcwAoYraHR0cDovL2d0c3Ns
ZHYtYWlhLmdlb3RydXN0LmNvbS9ndHNzbGR2LmNydDANBgkqhkiG9w0BAQUFAAOC
AQEAc0tU6PDWF+UjHADsDXXlZXwqFumAMv92DV8Ei/8VhvpEnbRJLQgAcHA7tMpI
J4RNDSYCLdIB0zGPdW5+SSk1jSPAGqvfVRjv+bMmGq2J01z3clhHuRRsmpHnpWU4
ZRWDKvLbA0NmU24zn8qHkG4gaxp57n/ka0tVZRt0n23uuGJF8Yegz4ugxM6vb7uz
8iQAJdujGlEAN0cSU4Acm2vvFQpEdhxbcVBQSVKj2gzGWLpDCgWA58ZK1iZ8NsuJ
5LukitjzQ9uY4unsUKBJzf5LFLIYJBUH8H+Fy97s2yVT+YRTjq8/JGYG/APAP1NC
tMVED3t0eiQ8/bm359DfZYIzGQ==
-----END CERTIFICATE-----
subject=/serialNumber=dF-gEULEd997dX5OCzRuRlNlWQs1ZAu3/C=US/O=slice.digital-artz.com/OU=GT85463314/OU=See www.geotrust.com/resources/cps (c)11/OU=Domain Control Validated - QuickSSL(R) Premium/CN=slice.digital-artz.com
issuer=/C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA
---
Acceptable client certificate CA names
/C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
---
SSL handshake has read 4459 bytes and written 323 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: A6CC9542653AE0AC00E6ADF9C6ADFA0FB4EE87B834DEE44D7265F126EA6E37F5
    Session-ID-ctx:
    Master-Key: 3A33782F3AF16D94181C46F5B5805E939C522BBA6DDF97F3B6AD0B5F9B79400CC698B1C0C5DE08106707F49097664D5C
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket:
    0000 - f5 6f 8b 32 5f d6 42 39-7d 2d 02 cc a5 a6 c3 a5   .o.2_.B9}-......
    0010 - de c2 01 51 e6 32 a9 52-f5 0d 9c 8b 7a 07 dc 97   ...Q.2.R....z...
    0020 - c2 aa 88 23 f2 99 b1 fb-03 13 81 07 c4 7e 09 ad   ...#.........~..
    0030 - ed cc c8 d3 b2 69 d8 6c-08 74 9f 3e c6 29 07 34   .....i.l.t.>.).4
    0040 - 2e 4d e3 a2 43 0a d4 e5-e7 1f c9 bf 3a 88 9a 42   .M..C.......:..B
    0050 - ad f8 88 74 25 af 4a 5a-e3 77 3a dd 45 a9 78 64   ...t%.JZ.w:.E.xd
    0060 - 33 5e f3 99 fb c6 91 ca-46 96 fc d0 18 fb 86 0c   3^......F.......
    0070 - fc e9 c9 45 bc 52 af 7f-1b 50 bc d2 e4 51 84 0f   ...E.R...P...Q..
    0080 - b0 1e 3e 4b 4a 73 6a f9-e4 58 4a 97 fb e5 bc 97   ..>KJsj..XJ.....
    0090 - a1 8a 38 a8 8d 3c d3 b5-ec 64 70 9a 3b c7 64 72   ..8..<...dp.;.dr
    00a0 - 6e 8b c6 21 c0 6d be 03-72 28 75 48 5a 30 17 de   n..!.m..r(uHZ0..

    Compression: 1 (zlib compression)
    Start Time: 1302946367
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
220 slice.digital-artz.com ESMTP Sendmail 8.14.4/8.14.4; Sat, 16 Apr 2011 09:32:46 GMT
quit
221 2.0.0 slice.digital-artz.com closing connection
closed
[root@slice certs]#
  12. BEER
232 views
2011
04/16
CATEGORY
Sysadmin
TAGS






Write comment

Python tip: checking for variable existence

It is rare that you will come across a proper program in python that is unclear about an object’s existence. But for those times when you do need it, here is how you would check:

if 'myVar' in locals():
  # myVar exists.
if 'myVar' in globals():
  # myVar exists.
if hasattr(obj, 'attr_name'):
  # obj.attr_name exists.

Source: http://stackoverflow.com/questions/843277/python-checking-variable-existing/843293#843293

157 views
2011
04/14
CATEGORY
Coding
TAGS
Write comment

vimrc for python development

My new ~/.vimrc for python development, source can be found at http://svn.python.org/projects/python/trunk/Misc/Vim/vimrc.

" vimrc file for following the coding standards specified in PEP 7 & 8.
"
" To use this file, source it in your own personal .vimrc file (``source
" <filename>``) or, if you don't have a .vimrc file, you can just symlink to it
" (``ln -s <this file> ~/.vimrc``).  All options are protected by autocmds
" (read below for an explanation of the command) so blind sourcing of this file
" is safe and will not affect your settings for non-Python or non-C files.
"
"
" All setting are protected by 'au' ('autocmd') statements.  Only files ending
" in .py or .pyw will trigger the Python settings while files ending in *.c or
" *.h will trigger the C settings.  This makes the file 'safe' in terms of only
" adjusting settings for Python and C files.
"
" Only basic settings needed to enforce the style guidelines are set.
" Some suggested options are listed but commented out at the end of this file.

" Number of spaces that a pre-existing tab is equal to.
" For the amount of space used for a new tab use shiftwidth.
au BufRead,BufNewFile *.py,*.pyw,*.c,*.h set tabstop=8

" What to use for an indent.
" This will affect Ctrl-T and 'autoindent'.
" Python: 4 spaces
" C: tabs (pre-existing files) or 4 spaces (new files)
au BufRead,BufNewFile *.py,*.pyw set shiftwidth=4
au BufRead,BufNewFile *.py,*.pyw set expandtab
au BufRead,BufNewFile *.py,*.pyw set tabstop=4
au BufRead,BufNewFile *.py,*.pyw set softtabstop=4
au BufRead,BufNewFile *.py,*.pyw set autoindent
fu Select_c_style()
    if search('^\t', 'n', 150)
        set shiftwidth=8
        set noexpandtab
    el
        set shiftwidth=4
        set expandtab
    en
endf
au BufRead,BufNewFile *.c,*.h call Select_c_style()
au BufRead,BufNewFile Makefile* set noexpandtab

" Use the below highlight group when displaying bad whitespace is desired.
highlight BadWhitespace ctermbg=red guibg=red

" Display tabs at the beginning of a line in Python mode as bad.
au BufRead,BufNewFile *.py,*.pyw match BadWhitespace /^\t\+/
" Make trailing whitespace be flagged as bad.
au BufRead,BufNewFile *.py,*.pyw,*.c,*.h match BadWhitespace /\s\+$/

" Wrap text after a certain number of characters
" Python: 79
" C: 79
au BufRead,BufNewFile *.py,*.pyw,*.c,*.h set textwidth=79

" Turn off settings in 'formatoptions' relating to comment formatting.
" - c : do not automatically insert the comment leader when wrapping based on
"    'textwidth'
" - o : do not insert the comment leader when using 'o' or 'O' from command mode
" - r : do not insert the comment leader when hitting <Enter> in insert mode
" Python: not needed
" C: prevents insertion of '*' at the beginning of every line in a comment
au BufRead,BufNewFile *.c,*.h set formatoptions-=c formatoptions-=o formatoptions-=r

" Use UNIX (\n) line endings.
" Only used for new files so as to not force existing files to change their
" line endings.
" Python: yes
" C: yes
au BufNewFile *.py,*.pyw,*.c,*.h set fileformat=unix

" ----------------------------------------------------------------------------
" The following section contains suggested settings.  While in no way required
" to meet coding standards, they are helpful.

" Set the default file encoding to UTF-8: ``set encoding=utf-8``
set encoding=utf-8
" Puts a marker at the beginning of the file to differentiate between UTF and
" UCS encoding (WARNING: can trick shells into thinking a text file is actually
" a binary file when executing the text file): ``set bomb``

" For full syntax highlighting:
"``let python_highlight_all=1``
"``syntax on``
let python_highlight_all=1
syntax on
" Automatically indent based on file type: ``filetype indent on``
" Keep indentation level from previous line: ``set autoindent``
filetype indent on
" Folding based on indentation: ``set foldmethod=indent``
194 views
2011
04/10
CATEGORY
Coding
Sysadmin
TAGS

Write comment

Securing sshd with denyhosts

I highly recommend denyhosts to discourage dictionary/brute force ssh hack attempts:

Name        : denyhosts
Arch        : noarch
Version     : 2.6
Release     : 20.fc14
Size        : 263 k
Repo        : installed
From repo   : fedora
Summary     : A script to help thwart ssh server attacks
URL         : http://denyhosts.sourceforge.net/
License     : GPLv2
Description : DenyHosts is a Python script that analyzes the sshd server log
            : messages to determine which hosts are attempting to hack into your
            : system. It also determines what user accounts are being targeted. It
            : keeps track of the frequency of attempts from each host and, upon
            : discovering a repeated attack host, updates the /etc/hosts.deny file
            : to prevent future break-in attempts from that host.  Email reports can
            : be sent to a system admin.

Here are my currently configured options in /etc/denyhosts.conf:

[root@slice ~]# egrep -v "^#" /etc/denyhosts.conf | uniq
       ############ THESE SETTINGS ARE REQUIRED ############

SECURE_LOG = /var/log/secure

HOSTS_DENY = /etc/hosts.deny

PURGE_DENY = 4w

BLOCK_SERVICE  = sshd

DENY_THRESHOLD_INVALID = 5

DENY_THRESHOLD_VALID = 10

DENY_THRESHOLD_ROOT = 2

DENY_THRESHOLD_RESTRICTED = 1

WORK_DIR = /var/lib/denyhosts

SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES

HOSTNAME_LOOKUP=YES

LOCK_FILE = /var/lock/subsys/denyhosts

       ############ THESE SETTINGS ARE OPTIONAL ############

ADMIN_EMAIL = root

SMTP_HOST = localhost
SMTP_PORT = 25

SMTP_FROM = DenyHosts <nobody@localhost>

SMTP_SUBJECT = DenyHosts Report from $[HOSTNAME]

AGE_RESET_VALID=5d

AGE_RESET_ROOT=25d

AGE_RESET_RESTRICTED=25d

AGE_RESET_INVALID=10d

   ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE  ##########

DAEMON_LOG = /var/log/denyhosts

DAEMON_SLEEP = 30s

DAEMON_PURGE = 1h

   #########   THESE SETTINGS ARE SPECIFIC TO     ##########
   #########       DAEMON SYNCHRONIZATION         ##########
166 views
2011
04/07
CATEGORY
Sysadmin
TAGS


Write comment

Backup apache web root

#!/bin/bash

echo "Starting backup of /var/www at `date`"
tar czvf /var/opt/backup/www_`date +%Y-%m-%d_%H-%M-%S`.tgz /var/www 2>&1
echo ""
echo "Completed backup of /var/www at `date`"
echo "**************************************"
211 views
2011
04/06
CATEGORY
Coding
Sysadmin
TAGS


Write comment

MySQL backup on linux

As I rebuild the site and come across useful tools and guides, I will try to post them.  The first one is how to regularly backup one or more MySQL databases on a linux server.  My choice for that this time around is Zmanda Recovery Manager [ZRM] for MySQL, as opposed to my own shell scripts.  It simplifies the process and makes for an easy restore when its needed.

119 views
2011
04/06
CATEGORY
Sysadmin
TAGS


Write comment

So long godaddy, hello slicehost

NoDaddy.com

I have had the digital-artz.com hosting services languishing at godaddy for far too long. Their shitty support and poor performance combined with an annoying ad campaign and a huge asshole as CEO left me with an easy choice when my renewal notices arrived.

I migrated DNS/registration over to DynDNS, as I have used them for home DNS services for years. Their Custom DNS interface is clean/minimalist and allows just about any kind of DNS record to be created. On the hosting side I found Slicehost, the best Linux VPS hosting operation in my opinion. Simple, powerful, and you are rolling in minutes with your very own Linux server. Great for developers and engineers.

DynDNS.comSlicehost.com

146 views
2011
04/06
CATEGORY
Sysadmin
Technology
TAGS






Write comment