• Download: github.com/ljunkie/plexWatch
•            WIKI: rarforge.com/w/index.php/PlexWatch
•         Forum: forums.plexapp.com

Notify and Log Now Playing content from a Plex Media Server

Suported Push Notifications

• https://pushover.net (not fully tested - want to gift me the app for iOS/android?)
• https://prowlapp.com (tested)

What it does

• Checks if a video has been started or stopped - log and notify
• Notifies via prowl, pushover and/or a log file
• backed by a sqlite DB (for state and history)
• cli to view history and stats

Perl Requirements

• LWP::UserAgent
• WWW::Curl::Easy
• XML::Simple
• DBI
• Time::Duration;
• Time::ParseDate;
• Pod::Usage; (perl base on rhel/centos)
• Fcntl qw(:flock); (perl base)
• Getopt::Long; (perl base)

Install

1) sudo wget -P /opt/plexWatch/ https://raw.github.com/ljunkie/plexWatch/master/plexWatch.pl

2) sudo chmod 755 /opt/plexWatch/plexWatch.pl

3) sudo nano /opt/plexWatch/plexWatch.pl

”Modify Variables as needed”:

1
2
3
4

$server = 'localhost';   ## IP of PMS - or localhost
$port   = 32400;         ## port of PMS
$notify_started = 1;   ## notify when a stream is started (first play)
$notify_stopped = 1;   ## notify when a stream is stopped

1
2
3
4
5

## Give a user a more friendly name. I.E. REAL_USER will now be Frank
## OPTIONAL
my $user_display = {'REAL_USER1' => 'Frank',
                    'REAL_USER2' => 'Carrie',
};

1
2
3
4
5
6
7

$notify = {...

* to enable a provider, i.e. file, prowl, pushover
   set 'enabled' => 1, under selected provider

* Prowl: required you fill in 'apikey'
* PushOver: required to fill in 'token' and 'user'

4) Install Perl requirements

• Debian/Ubuntu - apt-get

1
2
3
4
5
6
7
8
9
10
11
12
13

sudo apt-get install libwww-perl

sudo apt-get install libwww-curl-perl

sudo apt-get install libxml-simple-perl

sudo apt-get install libtime-duration-perl

sudo apt-get install libtime-modules-perl

sudo apt-get install libdbd-sqlite3-perl

sudo apt-get install perl-doc

• RHEL/Centos - yum

1
2

yum -y install perl\(LWP::UserAgent\) perl\(WWW::Curl::Easy\) perl\(XML::Simple\) \
               perl\(DBI\) perl\(Time::Duration\)  perl\(Time::ParseDate\)

5) run the script manually to verify it works: /opt/plexWatch/plexWatch.pl

• start video(s)

run /opt/plexWatch/plexWatch.pl

• stop video(s)

run /opt/plexWatch/plexWatch.pl

6) sudo nano /etc/crontab

1

* * * * * root cd /opt/plexWatch && /opt/plexWatch/plexWatch.pl

I have been using wget for ages without ever questioning it. Today I had to install FC18 on a dedicated server, so I found the link over at http://fedoraproject.org/en/get-fedora-options#formats. The url for FC18 is http://download.fedoraproject.org/pub/fedora/linux/releases/18/Fedora/x86_64/iso/Fedora-18-x86_64-DVD.iso. The FQDN download.fedoraproject.org is a CNAME pointing wildcard.fedoraproject.org which in turns resolved to other random IPs. Sometimes the IP you will get is not always the best possible connection, so your download speeds will vary. We can help fix this issue with axel using more download threads.

wget vs. axel

• wget - Downloads ~1MB/s

1
2

wget http://download.fedoraproject.org/pub/fedora/linux/releases/18/Fedora/x86_64/iso/Fedora-18-x86_64-DVD.iso
0% [                                      ] 4,243,464   1.24MB/s  eta 58m 39

• axel - Downloads ~40MB/s with 10 connections (-n 10)

1
2
3
4
5
6
7
8
9
10
11
12
13

 axel -n10 http://download.fedoraproject.org/pub/fedora/linux/releases/18/Fedora/x86_64/iso/Fedora-18-x86_64-DVD.iso
 Initializing download: http://download.fedoraproject.org/pub/fedora/linux/releases/18/Fedora/x86_64/iso/Fedora-18-x86_64-DVD.iso
 File size: 4573888512 bytes
 Opening output file Fedora-18-x86_64-DVD.iso
 Starting download
 [  0%]  .......... .......... .......... .......... ..........  [14556.7KB/s]
 ...
 ...
 [ 99%]  .......... .......... .......... .......... ..........  [42171.2KB/s]
 [100%]  .......... .......... .......... .......... ..........  [42160.6KB/s]
 [100%]  .......... .......... .......... ........

Downloaded 4362.0 megabytes in 1:45 seconds. (42157.83 KB/s)

Version

• Requires 2.x
• freeradius2-2.1.12-5.el5

1
2
3
4
5
6
7
8

#centos 5.x (must specify freeradius2 otherwrite 1.1.x will be installed)
yum install freeradius2 freeradius2-utils

#centos 6.x (2.x branch is default)
yum install freeradius freeradius-utils

# ubuntu
apt-get install freeradius freeradius-utils

Reason

• To allow an offsite vendor control of radius, but limit their ability to supply bad radius attribuites.
• MAIN issue: ”’Protect your network”’ from disallowing the vendor to supply a misconfigured ”’FRAMED-IP-ADDRESS”’ and/or ”’FRAMED-ROUTE”’ that could be injected into OSPF or whatever routing protocol you might use.

This is accomplished with the rlm_attr_filter FreeRADIUS Module

The rlm_attr_filter module exists for filtering certain attributes and values in received ( or transmitted ) radius packets. It gives the server a flexible framework to filter the attributes we send to or receive from home servers or NASes. This makes sense, for example, in an out-sourced dialup situation to various policy decisions, such as restricting a client to certain ranges of Idle-Timeout or Session-Timeout.

Config files

• Vendor Name: ”’rarforge.com”’ (we’ll use that for the realm)
• Allowed Framed-IP-Address: ”’10.0.0.x”’ and ”’192.168.5.x”’
• Allowed Framed-Netmask: ”’255.255.255.255”’
• Allowed Framed-Route: ”’NONE”’
• Framed-Filter-ID: ”’NONE”’ – login will fail if access-list doesn’t exist.

/etc/raddb/clients.conf

• Update your clients secret - for now we will just be testing from localhost.

1
2
3
4
5

client localhost {
...
secret = badsecret
...
}

This example works for anyone running ISC BIND

dns attack isc.org any query

I normally do not work with windows too much, but being on call this week I ended up having to fix a problem on a Windows 2008 server. I didn’t find any documentation online, so I figured I’d add this post.

For anyone running Parallels Plesk (unknown version, but I know our web admin always keeps these up to date) make sure you lock down your ISC BIND instance. If not, you will probably run into a DNS amplification attack which will cause named.exe to used ALL your memory and probably even crash.

2013-04-22 Update: Plesk was set to only allow localnets recursion, however the built in localnets acl seems to be broken.

"localnets" - matches all the IP address(es) and subnetmasks of the server on which BIND is running. For example, if the server has a single interface with an IP address of 192.168.2.3 and a netmask of 255.255.255.0 (or 192.168.2.2/24) then localnets will match 192.168.2.0 to 192.168.2.255 and 127.0.0.1 (the loopback is always present and has a single address, that is a netmask of 255.255.255.255). Some systems do not provide a way to determine the prefix lengths of local IPv6 addresses. In such a case, localnets only matches the local IP addresses, just like localhost though in this case it will apply to external and internal (same host) requests.

Are you affected?

tcpdump:

1

12:28:00.121351 IP x.x.x.x.19135 > x.x.x.x.53: 10809+ [1au] ANY? isc.org. (36)

bind logs:

1
2
3
4
5

12:28:00.643 client x.x.x.x#49046: query: isc.org IN ANY +ED (x.x.x.x)
12:28:00.644 client x.x.x.x#25135: query: isc.org IN ANY +ED (x.x.x.x)
12:28:00.645 client x.x.x.x#19771: query: isc.org IN ANY +ED (x.x.x.x)
12:28:00.646 client x.x.x.x#44031: query: isc.org IN ANY +ED (x.x.x.x)
12:28:00.647 client x.x.x.x#31518: query: isc.org IN ANY +ED (x.x.x.x)

I finally gave up on wordpress and switched to octopress. I wanted something simple and clean. There are so many other reasons, but it’s the weekend and I don’t feel like working.

I also rolled out a wiki recently which I started to use a month ago. It will probably have more detailed information about the posts here.

Some of the errors I ran into

• DISPLAY is not set
• Failed to allocate internet-domain X11 display socket
• X11 forwarding request failed on channel 0

1) Make sure you have the X11forwarding enabled.

Server: /etc/ssh/sshd_config

1
2
3

X11Forwarding yes
X11DisplayOffset 10
AllowTcpForwarding yes`

Solution: bash alias - alias ssh="( ssh-add -l > /dev/null || ssh-add ) && ssh"

Normally one would put this in their ~/.bash_profile. However with Ubuntu 11.10, at least with my install,~/.bash_profile is not included. The file to add this line to is:

~/.bash_aliases

1

alias ssh="( ssh-add -l > /dev/null || ssh-add ) && ssh"

More Info: Ubuntu does state if ~/.bash_profile does exists, then ~/.profile will not be read, so I am using what has been setup to work by default.

These changes are stilled needed as of Linux 3.0.0-17. The driver in use is iwlagn and I have seen other posts using the iwlwifi driver (untested).

Turn off Power Managment for wireless
Info: This should already be off when using AC, however we will want to turn this feature off for battery use.

To check you status run the command below and look for Power Management
- check this output on AC and Battery to verify it’s off.

info: : slow ssh authentication, pings slow/timeout when using fqdn

issue: SSH just sits here for a while when trying to connect.

1
2
3

strace ssh myhostname ...
write(5, "RESOLVE-ADDRESS 192.168.1.1n", 27) = 27
...

Reason: mdns listed in nsswitch.conf doesn’t allow reverse dns to return failure immeditately when DNS lookup return NXDOMAIN.

Resolution: modify /etc/nsswitch.conf

1
2

- hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
  hosts: files mdns4_minimal [NOTFOUND=return] dns [NOTFOUND=return] mdns4

Here is a good XBMC stable and unstable/nightly PPA for Ubuntu 11.04 or 11.10

https://launchpad.net/~nathan-renniewaldock/ archive/xbmc-stable

https://launchpad.net/~nathan-renniewaldock/ archive/xbmc-nightly