Today I’ve been automating Juniper router configuration assessment. Basically issuing a “show configuration” from the CLI and then using a Nessus .nasl script to parse the results.

The main problem is that JunOS uses multiline config statements, so to check if HTTP is enabled, you end up having to go through this lot:

system {
    services {
        web-management {
            http {
                interface em0.0;
            }
        }
    }
}

So you have to use a combination of functions – ereg() which can look for a multiline regex and return true/false, egrep() which can return a single matching line from a multiline string and eregmatch() which returns just the matching portion of that single line!

I’ve got one of my new VPS’s setup today. Just got to wait for reverse DNS to propagate and get iptables sorted and NTP enabled:

vzctl set <veid> --capability sys_time:on --save
vzctl set <veid> --iptables ipt_state --save 

I’m not going to switch over until I get the German servers up and running though, as the network speed of the American server isn’t so great (a few more hops I guess).

I’m thinking of moving my virtual server to another provider as my current host has quietly sold his business!

Looking around I’ve found a provider that can give me two German servers and a free American one for about 12ukp a month, so I could split off email/spam/webmail onto one server (and re-enable the memory/CPU-hungry ClamAV) and web/database onto another, with the US one for redundancy.

I’ve been playing around with OpenVZ again, and have cloned my existing VPS clone twice, and fiddled with the services, so I effectively have the three server model above running on my local machine inside a VM.

I’ve been playing with OpenVZ, which is an opensource fork of what is now Parallels Virtuozzo, essentially its a container system similar to FreeBSD jails, or Solaris zones.

I have managed to install it inside of VirtualBox running CentOS 5.3 64-bit, using these instructions from the CentOS Wiki, which basically boils down to: disable SELinux, enable IP forwarding, stop yum overwriting the OpenVZ kernel with the CentOS one, then, as root (on the host node):

I wasted most of yesterday morning fiddling with my GPS. It seems the car charger is knackered, or more accurately, the stupid centre-negative “pin-in-hole” socket I guess is iffy as sometimes the red charging LED comes on and sometimes the charging indicator comes on the screen but not the LED, that’s always breaking on these GPS’s, its such a stupid connection.

Anyway, luckily my GPS can also charge by its USB port so I can charge it via the PC, albeit rather slowly as the car adaptor is 6volts 1.5amps and USB is rated at 5v 0.5a, but I’ve ordered (from ebay!) a 5.5v 2a USB-to-cigarette socket charger so hopefully that will charge at least as fast as the car adaptor. I might order another car adaptor too, just in case its the adaptor not the socket.