[HN Gopher] Bash HTTP Monitoring Dashboard ___________________________________________________________________ Bash HTTP Monitoring Dashboard Author : todsacerdoti Score : 119 points Date : 2020-12-27 13:04 UTC (9 hours ago) (HTM) web link (raymii.org) (TXT) w3m dump (raymii.org) | krat0sprakhar wrote: | This is really excellent! I just deployed it to monitor our | services running in the cloud. Took me all of 5 mins! Thanks a | lot for sharing! | cle wrote: | > only dependencies are curl and bash | | This isn't really true, from an strace it also execs cat, wc, | date, echo, mkdir, mktemp, and rmdir. | [deleted] | jandeboevrie wrote: | Those you might expect on a modern Linux system when bash is | there (coreutils will be there 99% of the time as well). Not | all distros ship curl by default | cle wrote: | Bash runs on a lot more than Linux. | | I ran a Docker container and copied a statically-linked curl | and bash onto a scratch image and ran it, it does not work: | $ docker run -it --rm $(docker build -q .) | /srvmon.sh: line 162: date: command not found $ | cat Dockerfile FROM scratch COPY bash | /usr/bin/bash COPY curl /usr/bin/curl COPY | srvmon.sh /srvmon.sh CMD ["/usr/bin/bash", | "/srvmon.sh"] | | I'm not pointing this out to be pedantic. I'm pointing it out | because there is a common misconception that all these things | like "date" and "cat" and "mkdir" are part of Bash, but | they're not, they're part of coreutils and there are | dramatically different versions of coreutils on different | installations of Linux, macOS, BSD, etc., and some | environments (like barebones Docker containers) don't have | coreutils at all. | noja wrote: | This is any monitoring system's check_http | timkeller wrote: | Really useful! Is there a way to set multiple HTTP codes as safe? | jandeboevrie wrote: | No not in this version. When would that occur? | bonestamp2 wrote: | I'm guessing they want to monitor API endpoints where you can | monitor if the service is reachable but it still may not | return 200 (ex. if it's not authenticated). | gpapilion wrote: | All old is new. There was a monitoring system written in shell in | the 90s called big brother. Its didn't scale very well. | | https://en.m.wikipedia.org/wiki/Big_Brother_(software) | arminiusreturns wrote: | Big brother was a life saver for me a few times on small | projects as a temporary measure. Xymon is the modern fork and | is still maintained. | | Another one that I really liked and even have this crazy idea | of reviving as a side project mayhaps is Argus (tcp4me)... it | was written in perl and was my main intro to the beautiful hell | that is perl. These days though between sensu, prometheus, | zabbix, and nagios, we really have plenty of good monitoring | options. | cemthrowa wrote: | This reminds me of a throwaway monitoring project[0][1] we made | for CCDC[2] (a 2-3 day IT security competition with extremely | limited access to internet resources), long ago. It wasn't | especially structured / beautiful -- just a bunch of copy paste | with some HTML slapped around it. But it worked well enough. We | caught an intrusion / defacement and had restored the site from | backup before the red team called us to gloat, which was amusing. | | (Aside: most of the teams in this competition were from | IT/sysadmin programs. Our team was entirely computer science | students, with no formal sysadmin training. We managed to win the | national CCDC in 2011 and 2012.[3]) | | [0]: https://github.com/cemeyer/ghettonagios | | [1]: | https://github.com/cemeyer/ghettonagios/blob/master/SCREENSH... | | [2]: https://www.nationalccdc.org/ | | [3]: https://www.nationalccdc.org/index.php/competition/about- | ccd... | reacharavindh wrote: | Nostalgia. I was part of the team that came second in 2012. Our | fun trick was accidentally marking C: as read only on the | active directory server. The red team thought we did something | great that they could not get their payloads in ;-) | cemthrowa wrote: | Yeah, lot of nostalgia. We did a lot of random shenanigans | that might be less viable in the real world. Firewalling | _all_ outbound TCP connections, moving IIS-served webpages to | Apache on a Linux server, moving everything off the Solaris | box and just turning it off. The fact that we even had a | backup to restore after we noticed the defacement I mentioned | earlier was a fluke. | UI_at_80x24 wrote: | This is awesome! I've been thinking of doing something like this | myself lately. I've mostly done CLI output when testing sites, | but a GUI like this is enough to keep the management happy. | | Related; here's an alias that I frequently use: | alias hstat="curl -o /dev/null --silent --head --write-out | '%{http_code}\n'" $1 | | Example: | | $ hstat www.google.com | | 200 | yegle wrote: | Here's the command I use: curl -s -w 'Testing | Website Response Time for :%{url_effective}\n\nLookup | Time:\t\t%{time_namelookup}\nConnect | Time:\t\t%{time_connect}\nAppCon | Time:\t\t%{time_appconnect}\nRedirect | Time:\t\t%{time_redirect}\nPre-transfer | Time:\t%{time_pretransfer}\nStart-transfer | Time:\t%{time_starttransfer}\n\nTotal Time:\t\t%{time_total}\n' | -o /dev/null https://google.com | | Here's the explanation of each timestamp: | https://blog.cloudflare.com/a-question-of-timing/ | 1vuio0pswjnm7 wrote: | no curl, only bash hstat(){ exec | 3<>/dev/tcp/$1/80; echo -e "GET / | HTTP/1.1\r\nhost: http://$1\r\nconnection: close\r\n\r\n" >&3; | sed -n '1s/^HTTP\/1\.[01] //;s/ .*//;p' <&3;} | | no bash, only busybox hstat(){ echo -e "GET / | HTTP/1.1\r\nhost: http://$1\r\nconnection: close\r\n\r\n" \ | |busybox nc $1 80|busybox sed "1s/^HTTP\/1\.[10] //;s/ | .*//;q";} ___________________________________________________________________ (page generated 2020-12-27 23:01 UTC)