HBSpy's Hexo

发表于 更新于 Disqus:

pyOpenSSL

  1. Cannot import pyOpenSSL

这是一次我认为并不常见的Cannot import pyOpenSSL的问题的处理

1
2
3
4
5
6
7
8
9
10
11
12
[root@NMS winrm]# python test.py 
Traceback (most recent call last):
  File "test.py", line 1, in <module>
    import winrm
  File "build/bdist.linux-x86_64/egg/winrm/__init__.py", line 6, in <module>
  File "build/bdist.linux-x86_64/egg/winrm/protocol.py", line 11, in <module>
  File "build/bdist.linux-x86_64/egg/winrm/transport.py", line 42, in <module>
  File "/usr/local/lib/python2.7/site-packages/requests_credssp/__init__.py", line 1, in <module>
    from .credssp import HttpCredSSPAuth
  File "/usr/local/lib/python2.7/site-packages/requests_credssp/credssp.py", line 8, in <module>
    raise Exception("Cannot import pyOpenSSL")
Exception: Cannot import pyOpenSSL

尝试手动执行

1
2
3
4
5
6
7
8
9
10
11
12
13
[root@NMS OpenSSL]# python /usr/local/lib/python2.7/site-packages/OpenSSL/__init__.py
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/usr/local/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/usr/local/lib/python2.7/site-packages/OpenSSL/rand.py", line 12, in <module>
    from OpenSSL._util import (
  File "/usr/local/lib/python2.7/site-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
  File "/usr/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 14, in <module>
    from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: /usr/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so: undefined symbol: EC_GROUP_new_curve_GF2m

EC_GROUP_new_curve_GF2这东西应该是openssl提供的

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@NMS OpenSSL]# ldd /usr/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so
        linux-vdso.so.1 =>  (0x00007ffe68b58000)
        libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f179b317000)
        libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f179af33000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f179ad15000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f179a981000)
        libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f179a73d000)
        libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f179a455000)
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f179a251000)
        libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f179a025000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f1799e20000)
        libz.so.1 => /usr/lib64/libz.so.1 (0x00007f1799c0a000)
        /lib64/ld-linux-x86-64.so.2 (0x000000321cc00000)
        libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f17999ff000)
        libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f17997fb000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f17995e1000)
        libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f17993c1000)

libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f179af33000)

1
2
[root@NMS OpenSSL]# nm /usr/lib64/libcrypto.so.10
nm: /usr/lib64/libcrypto.so.10: no symbols

问题应该出在libcrypto.so.10上,由于这系统不是我亲自一点点编译的,所以暂时不知道为什么

但重新编译openssl是少不了的

而且要注意加-fPIC shared

1
./config -fPIC shared

再nm一下

1
2
[root@NMS openssl-1.0.1e]# nm libcrypto.so | grep EC_GROUP_new_curve_GF2m 
00000000000bb960 T EC_GROUP_new_curve_GF2m

XXX: 需要注意,openssl相关的太底层,与许多基础功能相关,尤其是你SSH到这台服务器上进行操作,一不小心sshd就会跪,就再也SSH不上了,处理的时候一定要小心再小心

发表于 更新于 Disqus:

PyWinRM

  1. Double Hop/Second Hop
1
2
3
4
5
6
7
8
9
Active Directory ?  ????????'EXCHANGE\administrator'????????
At line:3 char:1
+ Get-Mailbox
+ ~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [], ADInvalidCredentialExcepti 
on
+ FullyQualifiedErrorId : [Server=WIN-2KOQERQDJNK,RequestId=1cdf09dc-9711- 
4dbb-99a7-555fbf562855,TimeStamp=2016/12/20 6:38:06] [FailureCategory=Cmdl  
et-ADInvalidCredentialException] E5C063D1

登录到本机的PowerShell执行一些命令是没问题的,当需要加载Exchange的PowerShell时,就会遇到Double Hop或者叫Second Hop问题
目前PyWinRM提供的支持Double Hop的方式是起用WinRM CredSSP

https://github.com/diyan/pywinrm#enabling-winrm-on-remote-host

Enable WinRM CredSSP authentication. This allows double hop support so you can authenticate with a network service when running command son the remote host. This command is run in Powershell.

1
2
Enable-WSManCredSSP -Role Server -Force
Set-Item -Path "WSMan:\localhost\Service\Auth\CredSSP" -Value $true

同时需要pip install requests-credssp和pip install pywinrm[credssp]

但是目前pip库中的pywinrm是有问题的,是不提credssp组件的。所以需要从git源码python setup.py install

然后在winrm.Session的时候添加transport=“credssp”

credssp: Will use CredSSP authentication for both domain and local accounts. Allows double hop authentication. This only works over a HTTPS endpoint and not HTTP.

发表于 更新于 Disqus: 
1
-bash: ./dronline: /lib/ld-linux.so.2: bad ELF interpreter: No such file or directory

是因为64位系统中安装了32位程序
解决方法:

1
yum install glibc.i686

发表于 更新于 Disqus:

Can’t locate ExtUtils/MakeMaker.pm

1
yum install perl-ExtUtils-CBuilder perl-ExtUtils-MakeMaker

发表于 更新于 Disqus:

CentOS 升级 gcc 和 g++ 的方法

  1. 使用 redhat developer toolset 1.1 的repo,安装GCC
1
2
3
cd /etc/yum.repos.d
wget http://people.centos.org/tru/devtools-1.1/devtools-1.1.repo 
yum --enablerepo=testing-1.1-devtools-6 install devtoolset-1.1-gcc devtoolset-1.1-gcc-c++
  1. 替换系统中原来的GCC
1
2
ln -s /opt/centos/devtoolset-1.1/root/usr/bin/* /usr/local/bin/
hash -r

发表于 更新于 Disqus:

命令或脚本

  1. extTable .1.3.6.1.4.1.2021.8
    只可以SNMP查询出单行(首行)返回结果

  2. exec/extend 指定MIBOID
    可以SNMP查询出多行(全部)返回结果)

exec无效

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# Extensible sections.
# 

# This alleviates the multiple line output problem found in the
# previous executable mib by placing each mib in its own mib table:

# Run a shell script containing:
#
# #!/bin/sh
# echo hello world
# echo hi there
# exit 35
#
# Note:  this has been specifically commented out to prevent
# accidental security holes due to someone else on your system writing
# a /tmp/shtest before you do.  Uncomment to use it.
#
# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest

# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
# enterprises.ucdavis.50.1.1 = 1
# enterprises.ucdavis.50.2.1 = "shelltest"
# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
# enterprises.ucdavis.50.100.1 = 35
# enterprises.ucdavis.50.101.1 = "hello world."
# enterprises.ucdavis.50.101.2 = "hi there."
# enterprises.ucdavis.50.102.1 = 0

# Now the Output has grown to two lines, and we can see the 'hi
# there.' output as the second line from our shell script.
#
# Note that you must alter the mib.txt file to be correct if you want
# the .50.* outputs above to change to reasonable text descriptions.

# Other ideas:
# 
# exec .1.3.6.1.4.1.2021.51 ps /bin/ps 
# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq

snmpd -v 5.5以上使用extend

1
extend .1.3.6.1.4.1.2021.51 ps /bin/ps

发表于 更新于 Disqus:

python升级引起的版本不兼容

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
There was a problem importing one of the Python modules
required to run yum. The error leading to this problem was:

   No module named yum

Please install a package which provides this module, or
verify that the module is installed correctly.

It's possible that the above module doesn't match the
current version of Python, which is:
2.7.12 (default, Aug 17 2016, 09:41:51) 
[GCC 4.4.7 20120313 (Red Hat 4.4.7-17)]

If you cannot solve this problem yourself, please go to 
the yum faq at:
  http://yum.baseurl.org/wiki/Faq

修改执行yum的python至系统默认版本

1
2
3
4
5
6
7
whereis yum
yum: /usr/bin/yum /etc/yum.conf /etc/yum /usr/share/man/man8/yum.8.gz

whereis python
python: /usr/bin/python2.6 /usr/bin/python /usr/bin/python2.7

vim /usr/bin/yum
1
2
3
4
5
6
#!/usr/bin/python 	// 修改为原系统自带的python: #!/usr/bin/python2.6
import sys
try:
	import yum
except ImportError:
	print >> sys.stderr, ""\"
0%