Courtesy:
- cdpinfo - display Cisco CDP packet info via tcpdump or snoop
- createVgCloneScript - duplicate a volume group, volume, and filesystem structure
- lvinfo - a script to help document Logical Volume Manager information on an AIX system.
- wackVG - Delete the contents of a volume group, including all all files and volumes.
- pstree - this script analyzes "ps" command output and displays the parent / child relationships of the running processes.
- dumpall - a set of scripts to backup Solaris and Digital Unix systems.
- vgbackup - a very basic script for doing backups on AIX systems.
- mtfcount - count the file marks on a tape.
- vmlog - a script that records time stamped vmstat output to a file.
- hogs - A script to show the top CPU or Memory users on a system.
- rex - An rexec client for executing commands on remote systems.
- syslog maintenance scripts.
- webcat and webload - These two scripts can be used to fetch web pages from the command line or generate system load on web servers.
- logroll - A script to manage old log files.
- format_clone - A script to copy Solaris disk format layouts from one disk to another.
- inetd_cleanup - A script to tighten up the security of Solaris inetd configurations.
- ping_scan - A script to ping IP addresses in sequence.
- hostbyname - Get IP address for a host name via gethostbyname
- hostbyaddr - Reverse lookup of hostnames by IP address, using gethostbyaddr
- hostxcheck - Forward and reverse lookup cross check
- rc4 - A perl implementation of the "crypt" rc4 encryption command.
- repack - Recreate a Solaris package file from an installed package
- makePackage - create a simple package through through simple prompts.
- sh_ex - This Bourne shell script doesn't do anything, it just has a series of syntax examples to jog your memory when coding.
- perl_ex - This Perl script doesn't do anything, it is just a series of syntax examples like sh_ex.
lvinfo
This script is handy for documenting the logical volume manager configuration for an AIX system. Having this information all in one place can be useful when trying to analyze disk utilization. It can also be valuable as part of the disaster recovery documentation for a system. Click here to see the script.
Platforms supported: IBM AIX 4.x
#======================lvinfo=================================#
#!/bin/ksh## Simple script to document LVM configurations.## Andy Welter# www.the-welters.com#exec 2>&1printf "AIX DISK AND LVM INFORMATION\n"printf "*********************************************************\n" printf "\nDF\n"printf "==========================\n"df -k printf "\nVOLUME GROUPS:\n"printf "==========================\n"lsvg printf "\n\nPHYSICAL VOLUMES:\n"printf "==========================\n"lspv printf "\n\nPVs BY VOLUME GROUP\n"printf "==========================\n"lsvg | while read VG; doVGLIST="$VGLIST $VG"
printf "\n$VG\n"printf "--------------------------\n"
lspv | grep $VGdone printf "\n\nPV INFORMATION:\n"printf "==========================\n"lspv | while read PV; do printf "\n$PV\n" printf "--------------------------\n" lspv $PVdone printf "\n\nVG INFORMATION\n"printf "==========================\n"for VG in $VGLIST; do printf "\n$VG\n" printf "--------------------------\n" lsvg $VG lsvg -l $VGdone printf "\n\nLV INFORMATION\n"printf "==========================\n"for VG in $VGLIST; do printf "\nVolume Group: $VG\n" printf "--------------------------\n" lsvg -l $VG | egrep -v "^$VG:" | egrep -v "^LV NAME" | while read LV JUNK; do printf "\nLogical Volume: $LV\n" printf "--------------------------\n" lslv $LV donedone #=======================lvinfo================================#
cdpinfo
Display Cisco Discovery Protocol packet information via tcpdump or snoop. This information includes the name of the network switch the network interface is connected to, plus the port number, vlan, and duplex of the port. Click here for the script.
Platforms supported: IBM AIX, Sun Solaris
#=======================cdpinfo===============================#
#!/usr/bin/perl## Listen for Cisco Discovery Protocol (CDP) packets# and print out key values such as switch, port, vlan, and duplex.## This script depends on either "snoop" (Solaris) or # "tcpdump" (AIX, and others). Both of those programs generally # must be run as root.## It has been tested on Solaris 10 and AIX 5.3.## Andy Welter# Version 1.1# July 2007# Support timeout values while waiting on the cdp packet.# Version 1.0# December 2006# Initial Version. ## $usage="cdpinfo -i <ethernet interface> [-t timeoutvalue] [-v]\n-i use the enX device name for the interface to watch\n-t timeout value in seconds. Don't wait for a cdp packet longer than this. default is 60 seconds. zero means no limit.\n-v verbose output\n";use Getopt::Std;if ( getopts ('i:t:v') == 0) { print "$usage"; exit 1;}; $idev=$opt_i; if ($opt_i) { $iface="-i $opt_i";};$verbose=$opt_v;$timeout=$opt_t; ## convert string data to hex characters.#sub hexprint { my ($string)=@_; my $hex=""; my $ii,$len; $len=length ($string); $ii=0; @bytes=unpack "C*",$string; foreach $byte (@bytes) { $hex=$hex . sprintf "%02x ",$byte; $ii++; };return $hex;}; ## Parse TCP dump output to acquire a CDP packetsub tcpdump {my ($cmd)=@_;# tcpdump omits the first 14 bytes of a packet in the hex dump# so put some filler in the packet stringmy $packet="01234567890123"; open (GETPACKET, "$cmd") || die "cannot open $cmd\n";while ( $_ = <GETPACKET> ) { chomp; # # look a line that starts with white space, followed by at least # 2 hex characters if (m/^\s+([\da-fA-F]+ )/) { s/^\s+//; @data=split /\s+/,$_,8; foreach $bytes (@data) { $verbose && print "$bytes "; $packet=$packet . pack "H4", $bytes; }; $verbose && print "\n"; } ;};close GETPACKET;return $packet;}; ## Parse "snoop" output for the packetsub snoop {my ($cmd)=@_;my $packet="";open (GETPACKET, "$cmd") || die "cannot open $cmd\n";while ( $_ = <GETPACKET> ) { chomp; print "-- $_\n"; if (/^\s+\d+:/) { s/^\s+//; @data=split /\s+/,$_,10; shift @data; pop @data; foreach $bytes (@data) { $packet=$packet . pack "H4", $bytes; }; };};close GETPACKET;return $packet;}; ## Parse the acquired CDP packet for key values.#sub decodePacket {my ($packet)=@_;my $plen,$string,$ii,$flength,$switchName,$switchPort,$ftype,$vlan,$duplex;# decode the packet# ethernet layout:# 0-7 8 byte preamble# 8-13 6 byte dest mac addr# 14-19 6 byte source mac addr# 20-21 2 byte type field# 22-23 2 byte check sum# 24-25 2 byte ???# 26-27 2 byte first CDP data field# 28-29 2 byte field length (including field type and length)# 30-- Variable data.# 4 byte CRC field.## Field type indicators# Device-ID => 0x01# Version-String => 0x05# Platform => 0x06# Address => 0x02# Port-ID => 0x03# Capability => 0x04# VTP-Domain => 0x09# VLAN-ID => 0x0a# Duplex => 0x0b# AVVID-Trust => 0x12# AVVID-CoS => 0x13); $verbose && printf "packet len=%d\n",length($packet);## The CDP packet data starts at offset 26$ii=26;$plen=length ($packet);while ( $ii < $plen-4) { $ftype=unpack "S", substr ($packet, $ii, 2); $flength=unpack "S", substr ($packet, $ii+2, 2); if ( $ftype == 1 ) { $switchName=substr ($packet,$ii+4,$flength-4); } elsif ( $ftype == 3 ) { $switchPort=substr ($packet,$ii+4,$flength-4); } elsif ( $ftype == 10 ) { $vlan=unpack "s",substr ($packet,$ii+4,$flength-4); } elsif ( $ftype == 11 ) { $duplex=unpack "c",substr ($packet,$ii+4,$flength-4); }; $string=substr ($packet,$ii+4,$flength-4); $fvalue=hexprint ($string); $string=~s/\W/./g; $verbose && printf "\noffset=%d, type 0x%04x, length 0x%04x\nHex Value:\n%s\nASCII value:\n%s\n\n", $ii,$ftype, $flength-4,$fvalue,$string; if ($flength == 0 ) { $ii=$plen; }; $ii=$ii+$flength;};return sprintf "\"%s\",\"%s\",\"%d\",\"0x%02x\"", $switchName,$switchPort,$vlan,$duplex;}; ## MAIN ROUTINE## determine whether we are a snoop or tcpdump kinda system$cmd=`which tcpdump`;chomp $cmd;if ( $cmd ne "" ) { $cmd= "$cmd $iface -s 1500 -x -c 1 'ether [20:2] = 0x2000' 2>/dev/null |";} else { $cmd=`which snoop`; chomp $cmd; if ( $cmd ne "" ) { $cmd="$cmd $iface -s 1500 -x0 -c 1 'ether[20:2] = 0x2000' 2>/dev/null |"; } else { print "ERROR: neither snoop nor tcpdump in my path\n"; exit 1; };}; sub timeout { die "TIMEOUT";};$SIG{ALRM}=\&timeout; eval {alarm ($timeout);## use tcpdump or snoop to get a CDP packetif ( $cmd=~m/snoop/ ) { $packet=snoop ($cmd);} elsif ( $cmd=~m/tcpdump/ ) { $packet=tcpdump($cmd);} else { print "ERROR: snoop or tcpdump not found\n"; exit 1;};alarm(0);};if ($@ =~ "TIMEOUT") { $packet="";}; ## Decode the acquired packet and print the results.print '"' . $idev . '",' . decodePacket ($packet) . "\n";#=======================cdpinfo===============================#
CreateVgCloneScript:
This script can used in disaster recovery to rebuild the non-rootvg volume groups and volumes on a system. The output of this script is a script that will run the required mklv and crfs commands needed to duplicate a systems file system structure. This script needs to be run prior to a disaster in order to produce the volume creation script. The volume creation script requires some manual editing in order to adapt to the specific hardware being used for recovery. In the event of a real recovery the disk names and sizes will differ from the original system configuration, which requires that the mklv commands be manually edited. Click hereto see the script.
Platforms supported: IBM AIX 5.x
#====================Createvg Clone============================#
#!/usr/bin/perl## This script is used in disaster recovery to rebuild the # non-rootvg volume groups and volumes on a system. The output# of this script is a script that will run the required mklv and# crfs commands needed to duplicate a systems file system structure.## This script needs to be run prior to a disaster in order to # produce the volume creation script. The volume creation script# requires some manual editing in order to adapt to the specific # hardware being used for recovery. In the event of a real recovery# the disk names and sizes will differ from the original system # configuration, which requires that the mklv commands be manually # edited.## Andy Welter - ajw8# MeadWestvaco# February 2005# Version 1.4# v1.4 NOTE: use "lsfs" to get nbpi, frag size, bf, and other file system parms.# v1.3 NOTE: added jfslog and jfs2log volume support. Fixed $lps vs $pps bug.# v1.2 NOTE: fixed file system type error with mklv. Changed output comments.#sub getfsparms {## Use lsfs to determine the parameters used in creating the file system.my ($fsname)=@_;my $commandOptions="";my $parms=`lsfs -cq $fsname | tail -1`; chomp $parms;$parms=~s/[\(\)]//g;@parmList=split /:/,$parms;foreach $option (@parmList) { @parsed=split /\s+/,$option; if ($parsed [0] eq "frag" ) {$commandOptions=$commandOptions . " -a frag=$parsed[2]";
} elsif ( $parsed [0] eq "nbpi" ) {$commandOptions=$commandOptions . " -a nbpi=$parsed[1]";
} elsif ( $parsed [0] eq "compress" ) { $commandOptions=$commandOptions . " -a compress=$parsed[1]"; } elsif ( $parsed [0] eq "ag" ) {$commandOptions=$commandOptions . " -a ag=$parsed[1]";
} elsif ( $parsed [0] eq "logname" ) {$commandOptions=$commandOptions . " -a logname=$parsed[1]";
};}; return $commandOptions;}; $scriptOutput=$ARGV[0]; if ( $scriptOutput ne "" ) { if ( -f $scriptOutput ) { rename ($scriptOutput,"$scriptOutput.old"); }; open (SCRIPT, ">$scriptOutput") || die "cannot write output file $scriptOutput\n"; select SCRIPT;}; open (LSVG, "lsvg |") || die "cannot get vglist\n"; while ( $_ = <LSVG>) { chomp; if ( $_ ne "rootvg" ) { push (@vglist, $_); };};close LSVG; print "#!/usr/bin/ksh\n";print "## ## This script auto generated by /root/createVgCloneScript## Edit this script as needed, and run it to recreate## non-rootvg volume groups and file systems.##\n";($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime (time);printf ("## Created: %02d/%02d/%04d %02d:%02d:%02d \n", $mon+1, $mday, $year+1900, $hour, $min, $sec); print "echo 'script to clone volume groups:'\n";print "echo \"@vglist\"\n\n"; print "echo 'Create Volume groups:'\n";print "echo 'edit script to add physical volumes to each mkvg command'\n";print "echo 'ex: mkvg -f -y myvgname hdisk1 hdisk2'\n";print "\n";print "echo 'NOTE: once this script has been edited with the proper hdisks,'\n";print "echo ' remove the exit statement from the script so it will run'\n";print "#################################################\n";print "## REMOVE THIS EXIT AFTER EDITING MKLV COMMANDS:\n";print "#################################################\n";print "exit 1\n\n\n";foreach $vg (@vglist) { print "# volume group: $vg\n"; open (VGINFO, "lsvg $vg |") ||die "cannot get vginfo for $vg\n"; while ($_ = <VGINFO> ) { chomp; @info=split (/\s+/); if ( m/^VG STATE/ ) { $ppSize{$vg}=$info[5]; } elsif ( m/^ACTIVE PVs/) { $vgActive{$vg} = $info[5]; } elsif ( m/TOTAL PPs/) { $vgSize{$vg}="$info[5] $info[6] $info[7]"; } elsif ( m/USED PPs/) { $vgUsed{$vg}="$info[4] $info[5] $info[6]"; }; }; if ( $vgActive {$vg} ne "yes" ) { $noStart="-n"; } else { $noStart=""; }; print ("#####################\n"); print ("# CREATE $vg\n"); print ("# ORIGINAL SIZE: $vgSize{$vg}\n"); print ("# ORIGINAL USED: $vgUsed{$vg}\n"); print ("# mkvg -f -s $ppSize{$vg} $noStart -y $vg <INSERT HDISK LIST>\n"); close VGINFO;}; foreach $vg (@vglist) { # # Create jfs and jfs2 log volumes. Need to do this before we # create the file systems. # open (LVLIST, "lsvg -l $vg | tail +3 |") || die "cannot get lvlist for $vg\n"; while ( $_ = <LVLIST> ) { ($volname, $type, $lps, $pps, $pvs, $state, $mount) = split /\s+/; if ($type eq "jfslog" || $type eq "jfs2log") {$logType=$type;
$logType=~s/log//;print "#\n# $logType log file.\n";
print "mklv -t $type -y $volname $vg $lps\n";
print "logform -V $logType /dev/$volname\n";};
}; close LVLIST; open (LVLIST, "lsvg -l $vg | tail +3 |") || die "cannot get lvlist for $vg\n"; while ( $_ = <LVLIST> ) { ($volname, $type, $lps, $pps, $pvs, $state, $mount) = split /\s+/; if ($type eq "jfs" || $type eq "jfs2" || $type eq "paging") { push (@fsList, $mount); $lvInfo {$vg} = "$type $lps $mount"; if ( $type eq paging ) { print "mkps -s $lps -t lv $vg\n"; } else { $fsParms=getfsparms($mount); # convert number of PPs to number of # 512 byte blocks $fsSize=$lps * $ppSize{$vg} * 2048; print "#\n# $mount file system size = $fsSize bytes\n"; print "lsfs $mount 2> /dev/null >&2\n"; print "if [ \$? -eq 0 ]; then\n\trmfs $mount\nfi\n";print "mklv -t $type -y $volname $vg $lps\n";
print "crfs -v $type -A yes -d $volname $fsParms -m $mount\n"
}; }; }; close LVLIST;};## Sort the file systems by mount point name. Mount points# need to be created, and hierarchical file systems need to # be mounted in the proper order in order to create the # sub directory mount points. print "\n##\n## Create mount points and mount file systems\n##\n";@fsList=sort @fsList;foreach $fs (@fsList) { print "if [ ! -d $fs ]; then\n"; print " mkdir -p $fs\n"; print "fi\n"; print "mount $fs\n";};#====================Createvg Clone============================#
wackVG:
This script performs a basic cleanup of a volume group in order to provide a somewhat secure remove of data. This is obviously not DOD or financial system grade data erasure, but may be sufficient for many enviroments when turning systems over to a recycling company or at the end of an offsite disaster recovery test. The script does the following actions: For each volume in the indicated volume group: - kill any processes using file systems in the volume group - recursively remove all files in the volume - remove the file system with rmfs - once all the volumes are removed, remove the volume group via reducevg. For best results, follow up the deletion of the volume group with a creation of a new volume group re-using the PVs. Click here to see the script.
Platforms supported: IBM AIX 5.x
#==================== wackVG================================#
#!/bin/ksh## This script performs a basic cleanup of a volume group in # order to provide a somewhat secure remove of data. This is # obviously not DOD or financial system grade data erasure, # but may be sufficient for many enviroments when turning # systems over to a recycling company or at the end of an # offsite disaster recovery test. ## The script does the following actions:# For each volume in the indicated volume group:# - kill any processes using file systems in the volume group# - recursively remove all files in the volume# - remove the file system with rmfs# - once all the volumes are removed, remove the volume group# via reducevg.## For best results,# follow up the deletion of the volume group with a creation# of a new volume group re-using the PVs.## Andy Welter# January 2005# VG=$1TESTRUN=$2if [ "$VG" = "" ]; then print "ERROR: must specify a volume group" exit 1fi print "!!!!!!!! WARNING !!!!!!!"print "!!! This script will !!!"print "!!! delete all data !!!"print "!!! on the following !!!"print "!!! volume group: !!!"printlsvg -l $VGprint "Whack $VG ?\n\n"read ANScase $ANS in y|Y) print "Ok, here we go" sleep 2 ;; *) print "Quitting." exit 1 ;;esaclsvg -l $VG | sort -b +6r| egrep "jfs |jfs2 " | grep -v "^LV NAME" | \ while read LVNAME TYPE LP PP PV STATE MOUNT; do print "removing $MOUNT..." >&2 if [ "$TESTRUN" = "" ]; then fuser -ck $MOUNT find $MOUNT -xdev -depth -exec rm {} \; ls -alR $MOUNT umount $MOUNT rmfs $MOUNT else print "test: $MOUNT" fidonelspv | while read PVNAME VOLID CURVG STATUS; do case $CURVG in $VG) print "remove $PVNAME from $VG" if [ "$TESTRUN" = "" ]; then reducevg -df $VG $PVNAME fi ;; *) print "ignore $PVNAME... belongs to $CURVG" ;; esacdone #==================== wackVG================================#
Pstree:
This script can be handy to visualize the parent child relationships of processes running on your system. When analyzing performance or other system problems, you often want to find out who belongs to who. This script uses a really handy feature in newer "ps" commands. The "-o" option. this command line option is used to control specifically what output fields you are interested in from "ps" and specifically what order you want them to appear in. This makes it much much easier to pick apart the output of "ps" in a script. When issued without any parameters, it displays the ancestry of all processes running on the system relative to the "schd" process. (pid 0). You can also supply a specific pid, and only the ancestry of that process will be shown.
This script is kinda interesting in that it is a Bourne shell script that uses recursion. But because of this, it is really inefficient (recursive calls require a new process be spawned off). It would be much better off written in Perl, but I originally wrote it before I knew Perl very well.
click here to see the script.
Platforms supported: Unixs who's "ps" command supports the "-o" option. (ie, Solaris, Digital Unix, AIX, but not Linux)
#======================Pstree=================================#
#!/bin/sh## Author: Andy Welter# www.the-welters.com# January 15, 2000## Display a parent child relationship for a process or all processes# on a system.## This script uses recursive calls to itself in a bourne shell script# which is kinda cool, but is really inefficient.# # It takes advantage of the "-o" option on the PS command to put# the PS output into a more easily parsed format and this also# makes it more portable between Unix flavors. Linux does not# support this option, so unfortunately it doesn't work on Linux.# lookup_ancestors () { # # Find parent of current process, then recursively call this # script to display it's line of anscestors. # # Note that Orphan processes show pid 1 as their parent. # PID=$1 PROC=`cat $FILE | grep "^$PID "` PPID=`echo "$PROC" | (read pid ppid user args;echo $ppid)` if [ -n "$PPID" ]; then if [ $PID -ne 0 ]; then $0 -p $PPID fi fi} lookup_descendents () { # # Find list of children of the current process, and recursively # call this script for each of the children found to display # their children. cat $FILE | grep " $1 " | \ while read PID PPID USER ARGS; do if [ "$PID" != "$PPID" ]; then $0 -c $PID "$indent" fi done } display_process () { # # display the ps info of the indicated process. # (can be used for parents or children) # $1 is the pid to display # $indent is the amount of indentation to display before the process # cat $FILE | grep "^$1 " | while read PID PPID USER ARGS; do echo "$indent$USER $PID $PPID $ARGS" done} step=" " PS="ps -ea -o pid -o ppid -o user -o args" if [ "$1" = "-p" ]; then # # look up parent pid then display the current process. # anscestors will be in oldest to newest order. # # don't bother indenting for parents. #indent="$3" lookup_ancestors $2 #indent="$indent$step" display_process $2 elif [ "$1" = "-c" ]; then # # lookup child pid # indent=$3 display_process $2 indent="$indent$step" lookup_descendents $2else if [ "$1" = "" ]; then START=0 else START=$1 fi # # This is the initial call to the script. # Display ancestors and descendents # # echo echo "=================" echo "= Looking up information for process $START" echo "=================" # Get the output to ps and normalize it's output FILE=/tmp/pstree.$$ export FILE indent="" $PS | tail +2 | sed 's/^ *//g' > $FILE display_process $START # echo echo "=================" echo "= Ancestors of process $START" echo "=================" lookup_ancestors $START # echo echo "=================" echo "= Descendents of process $START" echo "=================" lookup_descendents $START /bin/rm $FILEfi#======================Pstree=================================#
Vmlog:
This script provides a simple way to log performance data to a file. Running accounting or installing a full shrink wrap package like HP Perfview can obviously provide you with more information. But if you want something cheap and easy, this can be a good start. The first step on solving performance complaints is to know what the system has done in the past. And the first steps in justifying hardware upgrades is to show that the system is busy and that usage has increased. The way I install this script is to run it via cron at midnight. By default, it reports 24 hours worth of observations, 60 seconds apart. Command line options can be used to alter the interval between observations or alter the number of observations. - The vmlog script
- A clean up script, vmlog_cleanup , to remove old log files.
#======================Vmlog================================#
#!/bin/sh## This script records "vmstat" information for a defined period of time, # (default of 1 day) and records it to a file with a time stamp for each # line. when the script is done running each day, it compresses the log file.## This script would typically be called from cron at just after midnight # each day.## Usage:USEAGE="vmlog [-i interval] [-c count] [-l logfile]"## Logfile - If not specified, this defaults to /var/tmp/vmlog with a # date and time stamp appended to the end.# Interval - If not specified, this defaults to 60 seconds.# Count - If not specified, this defaults to 24 hours worth of # observations, the number of which depends on the interval # chosen.## Andy Welter# www.the-welters.com# 9/28/98#if [ $# -eq 1 ]; then echo $USAGE exit 1fi while [ $# -ge 2 ]; docase $1 in -c) COUNT=$2 shift 2 ;; -i) INTERVAL=$2 shift 2 ;; -l) LOG=$2 shift 2 ;; *) echo $USAGE exit 1 ;;esacdone if [ -z "$INTERVAL" ]; then INTERVAL=60fiif [ -z "$COUNT" ]; then # Number of seconds in a day = 24x60x60=86400 COUNT=`expr 86400 / $INTERVAL`fiif [ -z "$LOG" ]; then LOG=`date +"/var/tmp/stats/vmlog.%y%m%d"`
else LOG=`date +"$LOG.%y%m%d"`fi vmstat $INTERVAL $COUNT | while read LINE; do date +"%H:%M:%S $LINE" >> $LOGdone compress $LOG#======================Vmlog================================#
#======================Vmlog Clearnup=========================#
#!/bin/sh## This program deletes vmlog output files.## Andy Welter 10/01/98# www.the-welters.com### TIMELIMIT is used to control how long a file is kept by the system.# every time this script runs, it will delete files that are greater # than the specified number of days.## TIMELIMIT must start with a "+" in order to function properly.#TIMELIMIT="+30"LOGDIR=/var/tmp/statsDATE=`date +"%y%m%d"`if [ -d $LOGDIR ]; then find $LOGDIR -type f -name 'vmlog.*' -mtime $TIMELIMIT -exec rm {} \;fi#======================Vmlog Clearnup=========================#
vgbackup
This script needs to be reworked, it isn't the greatest right now. It does a few things for you, so it is a starting point, but it doesn't send results via email, or warn you if you are not backing up a volume group or anything like that. All it does is do a mksysb, followed by a dump of the volumes in each additional volume group you specify. It maintains a log file, and can automatically print it out, but it doesn't send the results in email. Click here to see the script.
Platforms supported: AIX 3.x and 4.x.
#======================vgbackup==============================#
#!/bin/ksh ## Simple backup script for a list of volume groups. All filesystems# in each of the volume groups specified will be backed up using the# "backup" command.## Andy Welter# www.the-welters.com# February 17, 1999## parms:# -log If this parm is used, script output will be logged to # /var/adm/logs/backup.YYMMDD.log. Otherwise script output# will be written to the screen.# <vglist> A list of additional volume groups to backup. If not present, the # The script defaults to backing up "rootvg" only.# DEV=/dev/rmt0.1PRINT="" while [ "$1" != "" ]; docase $1 in "-log") # Redirect output to the log file LOG=`date +"/var/adm/logs/backup.%y%m%d.log"` exec 2> $LOG >&2 ;; "-print") PRINT="yes" ;; *) VGLIST="$VGLIST $1" esacshiftdone if [ "$VGLIST" = "" ]; then VGLIST=""fi# Get list of mount pointsfor VG in $VGLIST; do lsvg -l $VG | grep " jfs " | \ while read LV FSLIST="$FSLIST $FS" donedoneif [ "$FSLIST" = "" ]; then echo "NOTE: No extra file systems specified." echo "NOTE: Only rootvg will be backed up."fiRC=0date +"begin backup at %y/%m/%d %H:%M"echo "Performing a mksysb and backing up the following file systems: $FSLIST"echo "Run mksysb..."mkszfile && mksysb -m -i -X $DEVRC2=$?RC=`expr $RC + $RC2`date +"mksysb complete at %y%m%d %H:%M" for FS in $FSLIST; do date +"backup $FS %y/%m/%d %H:%M" /etc/backup -0 -f $DEV $FS RC2=$? RC=`expr $RC + $RC2` if [ $RC -eq 0 ]; then echo "SUCCESS: done with $FS" else echo "ERROR: Backup of $FS failed" fi echodone# eject the tape if [ $RC -eq 0 ]; then echo "ejecting the tape..." mt -f $DEV offlineelse echo "ERROR: at least one backup had errors."fi date +"done with backup at %y/%m/%d %H:%M" if [ "$PRINT" = "yes" ]; then lp $LOGfi #======================vgbackup==============================#
mtfcount
This script counts the number of file marks on a tape. It can optionally position the tape just past the last file mark when it is done. This can be handy when trying to figure out what is on an unmarked tape, when verifying that a backup worked correctly, or when you want to append additional backups on the end of a tape that has been rewound already. click here to see the script.
Platforms supported: Most Unix flavors
#======================mtfcount==============================#
#!/bin/sh## Count file marks on a tape. It can optionally position the tape# after the last mark so you can append to the end of it.## Andy Welter# www.the-welters.com#USAGE="mtfcount [-f <devname>] [-append|-a]"if [ "$TAPE" = "" ]; then DEV=/dev/rmt/0nelse DEV=$TAPEfiwhile [ $# -ge 1 ]; do case $1 in -f) DEV=$2 shift 2 ;; -append|-a) APPEND=yes shift ;; *) echo "$USAGE" exit 1 ;; esacdonemt -f $DEV rewindCOUNT=0RC=0while [ $RC -eq 0 ]; do echo "Skipping file $COUNT..." mt -f $DEV fsf 1 RC=$? if [ $RC -eq 0 ]; then COUNT=`expr $COUNT + 1` fidone echo "$COUNT files found on tape"echo "rewinding tape..."mt -f $DEV rewindif [ "$APPEND" = "yes" ]; then if [ $COUNT -ge 1 ]; then echo "positioning tape to the end..." mt -f $DEV fsf $COUNT fifi #======================mtfcount==============================#
hogs
This simplistic script uses the "-o" parameter to the ps command to put the ps output format into a more easily parsed format. This is a handy technique for any script that has to parse "ps" output. Unfortunately, not all ps commands support this option. Linux is one of the systems that does not support it. The "top" program available elsewhere on the net is a more powerful way of monitoring CPU utilization, but I still like this simple tweak to a ps command. click here to see the script
Platforms supported: Versions of Unix that support the "-o" option for "ps" (ie not Linux)
#=========================hogs==============================#
#!/bin/ksh## Display the top memory users or CPU users via ps. ## Andy Welter# www.the-welters.com# # BUGS:# This script doesn't sort CPU time properly for processes using # more than 24 hours of CPU time. Re-writting this in perl is the # most practical way to fix this bug since that will give me a lot# better string manipulation and pattern matching control.#USAGE="hogs [-mem|-cpu]" if [ $# -ge 1 ]; then OPT=$1else OPT="-mem"fi case $OPT in -c*) # The long string of sed commands is used to normalize the elapsed CPU time field so # that the processes are sorted by time properly. echo "Top CPU users" echo "cputime vsize started pid user command" ps -ea -o time -o vsz -o stime -o pid -o user -o comm | \ tail +2 | \ sed 's/ *..:.. / ZZ:&/' | sed 's/ *ZZ: */ 00:/' | sed 's/^ */ /' | sed s'/00:0:/00:00:/' | sort -rn | head -20 ;;-m*) echo "Top Memory users" echo "vsize cputime started pid user command" ps -ea -o vsz -o time -o stime -o pid -o user -o comm | \ tail +2 | sort -rn | head -20 ;;*) echo "$USAGE" exit 1esac#=========================hogs==============================#
Rex”’
This Perl script acts as a "rexecd" client. The rexec protocol is a is a method for executing commands on a remote system using a username and password for authentication. This differentiates rexec from rsh. Rsh commands use .rhosts and hosts.equiv files to set up trust relationships between systems, and allow command execution without a separate password challenge. There are security drawbacks to each approach.
Trust relationships can be used to compromise other systems once one system is breached. And rexec has no logging for failed login attempts. This allows it to be used as a conduit for dictionary password guessing attacks on a system. Systems directly exposed to the Internet should not run the execd. Systems on controlled networks should use software such as TCP Wrappers or "logdaemon" in order to put logging in place on this service. Future enhancements will include sending standard error and standard to different file descriptors and changing the command's ARGV list so that the command line options (ie password) are not visible via "ps" while the script is running.
inetd listens for rexec requests via TCP connections on port 512. rexec format as documented in the man page for rexec: The input stream consists of null separated values.
"port for standard error\0username\0password\0command and args\0"
Click here to see the script.
#=========================Reg==============================#
#!/usr/local/bin/perl## Andy Welter# www.the-welters.com# January 10, 2000# # This script acts as a "rexec" client. The rexec protocol is a # is a method for executing commands on a remote system using a # username and password for authentication. This diffentiates# rexec from rsh. Rsh commands use .rhosts and hosts.equiv files# to set up trust relationships between systems, and allow command# execution without a seperate password challenge.## There are security drawbacks to each approach. Trust relationships# can be used to compromise other systems once one system is breached.# And rexec has no logging for failed login attempts. This allows it# to be used as a conduit for dictionary password guessing attacks on # a system. # # Systems exposed to the internet should not run the execd. Systems on# controlled networks should use software such as TCP Wrappers in order# to put logging in place on this service. inetd listens for rexec requests# via TCP connections on port 512.# # rexec format as documented in the man page for rexec: The input stream# consists of null separated values. # port for standard error\0username\0password\0command and args\0#use Socket; sub sendcmd {$sockaddr = 'S n a4 x8';($name, $aliases, $proto) = getprotobyname('tcp');($name, $aliases, $type, $len, $thisaddr) = gethostbyname($host);$thisport = pack($sockaddr, &AF_INET, 0, $thisaddr);$thatport = pack($sockaddr, &AF_INET, $port, $thisaddr); socket(S, &PF_INET, &SOCK_STREAM, $proto) || die "cannot create socket\n"; connect(S,$thatport) || die "cannot connect socket\n"; # Set socket to write after each printselect(S); $| = 1; select(STDOUT); ## Send command#printf S "0\0%s\0%s\0%s\0",$user,$passwd,$command;## Read responses from server and print them out #while ( $_ = <S> ) { printf ("$_");};close(S);}; ## MAIN##$port=512;$host=$ARGV[0];$user=$ARGV[1];$passwd=$ARGV[2];$command=$ARGV[3];sendcmd; exit 0;#=========================Reg==============================#
Syslog Configuration:
Syslog is a standard Unix utility for reporting system messages. Messages can be kept on the local system, or forwarded to central loghost machines. Many network devices such as routers and firewalls can utilize syslog as a reporting mechanism. Messages are processed by the "syslod" daemon process, and are sent to the daemon process either through the logger system call, or through the "logger" command. Syslog configuration is generally controlled via the /etc/syslog.conf file.
Syslog configuration checklist:
- Create an /etc/syslog.conf file with the desired syslog rules. If you are using a central syslog server, ensure that the rules on the server send the syslog output to the desired files.
- Ensure that the destination file names are valid for the syslog.conf rules. Create empty files if needed.
- Refresh the syslogd configuration by either sending a "SIGHUP" signal to the syslogd process, or by restarting the process.
- Test the syslog configuration using the "logger" command.
- Implement automatic log pruning and cleanup to prevent old syslog messages from filling up file systems.
Syslog scripts
- sample syslog.conf file
- sample syslog.conf file for loghost client
- logmaint - Script to periodically roll over to new syslog files. Can also be used to initially create syslog output files.
- logdel - Deletes syslog files over the specified age.
- logtest - Tests syslog configuration with the "logger" command by writing a test message to each facility for each priority.
#=========================Logmaint===========================#
#!/bin/sh## This program rolls over old log files and creates new ones.## The program loops through the list of files used by syslog, copies# the old data to a date and time stamped file, then truncates the # active log file.## This program supports one command line option "-compress" or "-nocompress",# which controls whether or not the program compresses the archived log # file. The default behavior is controlled by the COMPRESS variable at the# start of the program.## Andy Welter 9/23/98# www.the-welters.com#COMPRESS="yes"USAGE="logroll [-compress|-nocompress]"LOGDIR=/var/adm/syslogFILES="auth.log daemon.log kern.log user.log syslog.log local0.log messages" DATE=`date +"%y%m%d"` case $1 in "-compress") COMPRESS=yes ;;"-nocompress") COMPRESS=no ;;*) echo $USAGE exit 1 ;;esac for F in $FILES; do FF="${LOGDIR}/${F}" if [ -f $FF ]; then while [ -f ${FF}.${DATE} ]; do DATE=`date +"%y%m%d.%H%M%S"` done cp -p $FF $FF.$DATE chgrp adm $FF.$DATE chmod 660 $FF.$DATE if [ "$COMPRESS" = "yes" ]; then /usr/bin/compress $FF.$DATE fi fi cat /dev/null > $FF chgrp adm $FF chmod 660 $FFdone #=========================Logmaint===========================#
#===========================Logdel===========================#
#!/bin/sh## This program deletes old syslog files## Andy Welter# www.the-welters.com### TIMELIMIT is used to control how long a file is kept by the system.# every time this script runs, it will delete files that are greater # than the specified number of days.## TIMELIMIT must start with a "+" in order to function properly.#TIMELIMIT="+14"LOGDIR=/var/adm/syslogDATE=`date +"%y%m%d"`if [ -d $LOGDIR ]; then find $LOGDIR -type f -name '*.log.*' -mtime $TIMELIMIT -exec rm {} \;fi#===========================Logdel===========================#
#===========================Logtest===========================#
#!/bin/sh## This is a test of the "logger" and syslog configuration.# It will loop through all the possible facillities and severity levels# and send a syslog message for each one.## Andy Welter 9/23/98# www.the-welters.com#FACILITIES="auth daemon kern lpr mail news user syslog uucp local0"SEV="debug info notice warn err crit alert emerg"DATE=`date +"%D %T"` for F in $FACILITIES; do for S in $SEV; do echo "$F.$S ..." logger -p$F.$S "syslog test $DATE $F.$S" donedone #===========================Logtest===========================#
webcat and webload
Webcat is a perl program that takes URLs as input and fetches the specified web page. It can also be used to execute CGI Programs that use the GET method and URL encoding for their parms. When when given an URL on the command line, the script fetches a single web page. When no URL is specified on the command line, the program will read URLs from stdin, one URL per line. The script does no parsing of the file returned and does not fetch images or URLs listed in frames.
Webload is a simple Bourne shell script that uses webcat in order to retrieve lists of URLs, and reports the amount of time needed to retrieve the page. Webload can save the files to a specified directory or send them to /dev/null. It can also loop through the list and download them repeatedly.
Click here to see webcat
Click here to see webload
Platforms supported: Most Unixs, requires perl5. webcat should work on NT with a good perl port.
#===========================Webcat===========================#
#!/usr/bin/perl ## This script is a command line program for fetching web pages.# It takes URLs as input and then connects to the specified web # server and retrieves the specified page using an HTTP/1.0 GET# request. It does not parse the resulting web page, and does# not retrieve any associated images, included files, or source# files for embedded frames.## A single URL can be given on the command line, or the program# will read URLs from stdin, one URL per line.# ## Andy Welter# www.the-welters.com# 9/1/1999# use Socket;if ( "$ARGV[0]" ne "" ) { $url="$ARGV[0]";} else { $interactive=1; chop ($url = <STDIN>);};## quiet means don't print prompts and diagnostics#$quiet=1; ## Read std in and write it to the server# Open a socket for each command#printf ("url: ") unless $quiet;while ( $url ) {$url=~s.http://..;($host,$filename)=split /\//, $url, 2;($host,$port)=split /:/,$host;if ($port eq "") { $port=80;};$filename="/$filename"; printf ("set up socket to $host:$port\n") unless $quiet;$sockaddr = 'S n a4 x8';($name, $aliases, $proto) = getprotobyname('tcp');($name, $aliases, $type, $len, $thisaddr) = gethostbyname($host);$thisport = pack($sockaddr, &AF_INET, 0, $thisaddr);$thatport = pack($sockaddr, &AF_INET, $port, $thisaddr); printf ("Opening socket...\n") unless $quiet; socket(S, &PF_INET, &SOCK_STREAM, $proto) || die "cannot create socket\n"; connect(S,$thatport) || die "cannot connect socket\n"; # Set socket to write after each print select(S); $| = 1; select(STDOUT); # # Send command # printf ("Sending $filename") unless $quiet; print S "GET $filename HTTP/1.0\n\n"; # # Read responses from server # while ( $_ = <S> ) { printf ("$_") unless $opt_n; }; close(S); if ($interactive) { printf ("url: ") unless $quiet; chop ($url=<STDIN>); } else { $url=""; };}; exit 0;#===========================Webcat===========================#
#===========================Webload==========================#
#!/bin/sh ## Andy Welter# www.the-welters.com## This script uses the webcat program to download a list of URLs.# It can be used to repeatadly download the list of files in order to # generate a steady traffic load on a web server, and can also save# the resulting files in a directory.## Options:# -file <filename> # The file name containing the list of URLS to retrieve.# -delay <seconds> # The number of seconds to pause between GET requests# by default, there is no delay between requests.# -save <dirname> # The name of an existing directory where the output will# be saved# -loop <count> # The number of times that the script will loop through the file list. # The default is 1. A negative number will cause an infinite loop.# #USAGE="webload -file <filename> [-loop <count>] [-save <dirname>] [-delay <seconds>]" DELAY=0LOOP=1 while [ $# -gt 1 ]; docase $1 in -file|-f) URLS=$2 ;;-delay|-d) DELAY=$2 ;;-save|-s) SAVEDIR=$2 ;;-loop|-l) LOOP =$2 ;;*) echo $USAGE exit 1 ;;esacshift 2done COUNT=0echo $URLSwhile [ $COUNT -ne $LOOP ]; do cat $URLS | while read URL; do echo $URL date if [ -n "$SAVEDIR" ]; then FILE=`echo $URL | sed 's,[ /],.,g` webcat $URL > $SAVEDIR/$FILE else webcat $URL > /dev/null fi date echo --------------------- sleep $DELAY doneCOUNT=`expr $COUNT + 1`done #===========================Webload==========================#
logroll
This script is used to manage log files on a system. It will maintain a specified number of log file copies, renaming the old ones in a format "logfilename", "logfilename.0", "logfilename.1", with "logfilename.0" being the most recent archived log file. Click here to see the script.
Platforms supported: Most Unixs.
#===========================logroll==========================#
#!/bin/ksh ## Roll log files.# This script will maintain a specified number of old log files,# named by appending a number to the end of it, with the older# files having higher numbers. Numbering will start at zero.## Andy Welter# www.the-welters.com# 1/4/2001# stat_check () {RC=$1MSG="$2" if [ "$RC" != "0" ]; then print "ERROR: $MSG" exit $RCfi} FILE=$1if [ ! -f "$FILE" ]; then stat_check 1 "No such log file $FILE"fi if [ $# -eq 1 ]; then COUNT=6else COUNT=`expr $2 - 1`fi CUR=$COUNT while [ $COUNT -ge 1 ]; do NEXT=`expr $COUNT - 1` if [ -f $FILE.$COUNT ]; then rm $FILE.$COUNT stat_check $? "Removing $FILE.$COUNT" fi if [ -f $FILE.$NEXT ]; then mv $FILE.$NEXT $FILE.$COUNT stat_check $? "Moving $FILE.$NEXT" fi COUNT=`expr $COUNT - 1`done## Copy then truncate the active log file to avoid problems with# open file descriptors cp -p $FILE $FILE.0stat_check $? "Moving $FILE.$NEXT"cat /dev/null > $FILE#===========================logroll==========================#
format_clone
This script is used to copy the disk partitioning from one disk to another. This does not copy any data, it simply replicates the partition layout as you could do using the "format" program. This script comes in handy when setting up a batch of new disk drives, or when setting up disk mirroring using Solstice Disk Suite. NOTE: the source and destination disks must have the same geometry. (size, cylinders, sectors, etc). This script does not check to see if the destination disk is in use, but it does save a backup copy of the old disk partitioning in /tmp/format.dat.<diskname>.bak.
Click here to see the script.
Platforms supported: Solaris 2.x.
#======================Format_closnel==========================#
#!/bin/sh## Clone a disk format. This can be useful when setting up# a bunch of new disks, or when setting up a disk that will# be a mirror of an existing disk. ## NOTE: This program assumes that the source and destination# disk drives are the exact same make and model.## Andy Welter# www.the-welters.com# 1/4/2001#SOURCE=$1DEST=$2echo "Copy format from $SOURCE to $DEST"echo "Are you sure that $DEST is not in use? [y|n]"read ANSif [ "$ANS" != "y" ]; then echo "Exiting." exit 1fi if [ ! -h /dev/dsk/${SOURCE}s0 -a \ ! -h /dev/dsk/${SOURCE}s0 ]; then echo "no such disk"fiFORMATDAT="/tmp/format.dat.$$"FORMATBAK="/tmp/format.dat.$DEST.bak"if [ -f $FORMATDAT -o \ -f $FORMATBAK ]; then echo "$FORMATDAT or $FORMATBAK already exists" exit 1fiecho "Saving source format table..."format $SOURCE << EOF > /dev/null 2>&1save$FORMATDATquitEOF ## Get the disk type and partition table name from the fileDNAME=`grep "^disk_type" $FORMATDAT | cut -d'"' -f2`PNAME=`grep "^partition" $FORMATDAT | cut -d'"' -f2` ## Save the old format table for the destination deviceecho "Saving backup copy of $DEST format table in $FORMATBAK..."format $DEST << EOF > /dev/nullsave$FORMATBAKquitEOF ## echo "Copy new format table to $DEST ..."format -x $FORMATDAT -t $DNAME -p $PNAME $DEST << EOF > /dev/null labelyquitEOF rm $FORMATDATecho "done."
#======================Format_closnel==========================#
inetd_cleanup
Most systems ship with an overly permissive inetd.conf file. This eliminates services that are potential security hazards. There are more full fledged security tightening scripts than this such as the Bastille Linux project and Titan amongst others. But this is handy if all you want to do is sweep through a bunch of inetd.conf files.Click hereto see the script.
Platforms supported: Most Unixs, but the service lists are Solaris oriented.
#======================inetd_cleanup==========================#
#!/bin/ksh## Andy Welter# www.the-welters.com# 1/3/2001# # This script is used to tighten up the security of a system's # inetd.conf file, which is used to control what services the inet daemon# will start up on a system.## Most Unix systems ship by default with some services that are better# left disabled. This script has 4 levels of tightening it can do:# Default - Only the worst of the default services are turned off. # Suitable for non-mission critical servers on a relatively # trustworthy internal network.# medium - Slightly more restrictive, internal servers would be a good# candidate for this level.# high - Much more restrictive. Used for systems that are exposed to the# internet either directly, or within a DMZ. Web servers, ftp
# servers, mail gateways, etc.# max - ???## Usage:USAGE='inetd_lockdown [-medium|-high|-max] [-install] [<inetd.conf filename>]'# ## Check return codes, and exit if not zero.rccheck () {RC=$1if [ $RC -ne 0 ]; then print "Error at $2" exit 1fi} ## Define services to disable for each level# Services that have names are defined in the /etc/services file. The services with numbers here# are services that use remote procedure calls. (rpc). Many rpc based services have a history # of buffer overrun security issues.DEFLIST="comsat exec talk uucp tftp name finger systat netstat echo discard chargen rquotad walld rexed ruserd" MEDLIST="$DEFLIST shell login 100232 xaudio"HIGHLIST="$MEDLIST rstatd printer kerbd ufsd timed dtspc 100068 100083 100235 100221 100229 100230"MAXLIST="$HIGHLIST ftp"LIST=$DEFLISTFILE=/etc/inet/inetd.conf while [ $# -ge 1 ]; do case $1 in -medium) LIST=$MEDLIST ;; -hi|-high) LIST=$HIGHLIST ;; -m|-max) LIST=$MAXLIST ;; -i|-install) INSTALL="yes" ;; -v) VERBOSE="yes" ;; -*) print "$USAGE" exit 1 ;; *) FILE=$1 ;; esac shiftdone if [ ! -r $FILE ]; then print "ERROR: No such file or file unreadable - $FILE" exit 1fi if [ $VERBOSE ]; then print "Disabling the following services:" print "$LIST" if [ $INSTALL ]; then print "The new $FILE will be installed automatically" fifi TMPFILE=$FILE.tmpNEWFILE=$FILE.newBAKFILE=`date +"$FILE.%y%m%d"`cp $FILE $BAKFILErccheck $? "backup"cp $FILE $TMPFILEcp $FILE $NEWFILE ## Loop through the list of services and use sed to comment the service outfor SVC in $LIST; do sed "s/^$SVC/#&/" < $TMPFILE > $NEWFILE rccheck $? "sed" cp $NEWFILE $TMPFILE rccheck $? "cp"donerm $TMPFILE ## Install the new file and make inetd re-read it's config fileif [ "$INSTALL" = "yes" ]; then if [ $VERBOSE ]; then print "Installing file now..." fi if [ -w $FILE ]; then cp $NEWFILE $FILE rccheck $? "install" PID=`ps -eaf -o pid -o comm | grep -w "inetd" |\ (read pid cmd; echo $pid)` kill -HUP $PID fifiif [ $VERBOSE ]; then print "Difference between old and new files:" diff $NEWFILE $BAKFILEfi#======================inetd_cleanup==========================#
ping_scan
Sequentially ping a range of IP addresses. This script is not as efficient as using a program such as nmap, but it is a handy exercise for manipulating IP addresses in Perl.Click here to see the script
Platforms supported: Most Unixs.
#======================ping_scan==============================#
#!/usr/local/bin/perl ## This script will ping a range of IP addresses given# a starting and ending address. There are other faster# ways to do this, for example, the nmap program, but this # is also an example on how to manipulate IP addresses in Perl.## Andy Welter# www.the-welters.com# January 2001# use Socket;$packet_count=1;$usage="ping_scan <starting IP address> [ending ip address]\n";($#ARGV >= 0) || die "$usage";$cur_str=$ARGV[0];if ($#ARGV == 0 ) { $end_str=$cur_str;} else { $end_str=$ARGV[1];};## Convert "1.2.3.4" notation address into an integer.$cur_bin= unpack "L", inet_aton $cur_str;$end_bin= unpack "L", inet_aton $end_str; while ( $cur_bin <= $end_bin ) { # # Convert integer into a 1.2.3.4 notation address. $cur_str=inet_ntoa (pack "L", $cur_bin); print "$cur_str ... "; # # Ping the host open (PING , "ping $cur_str $packet_count |") || die "Cannot execute ping command\n"; while ( $_ = <PING > ) { print $_; }; close PING ; $cur_bin++;};#======================ping_scan==============================#
hostbyaddr
This script does a reverse address lookup, returning a host name when given an IP address. It uses the gethostbyname function call, which means it will use whatever name resolution method the host running the program uses. This is meant to provide a more easily parsed format for output than nslookup provides, and is mostly useful inside other scripts.Click here to see the script
Platforms supported: Unix and NT with a good Perl port
#======================hostbyaddr=============================#
#!/usr/local/bin/perl## This script does a reverse address lookup, returning# a host name when given an IP address. It uses the # gethostbyaddr function call, which means it will use # whatever name resolution method the host running the # program uses. This is meant to provide a more easily # parsed format for output than nslookup provides.## Andy Welter# www.the-welters.com# January 16, 2001#use Socket;$addr=$ARGV[0];$hostname=gethostbyaddr(inet_aton ($addr), AF_INET);if ( $hostname ) { print "$hostname\n";} else { exit 1;};#======================hostbyaddr=============================#
hostbyname
When given an IP address, this script does a hostname lookup lookup. It uses the gethostbyaddr function call, which will use whatever name resolution method the host running the program uses. Like the previous script this is meant to provide a more easily parsed format for output than nslookup provides, and is mostly useful inside other scripts.Click here to see the script
Platforms supported: Unix and NT with a good Perl port
#======================hostbyname=============================#
#!/usr/local/bin/perl## Obtain an IP address for a host name# The gethostbyname function uses whatever name service the system# you run it on is configured to use. For example, this may be # local hosts files, NIS , NIS+ # # This output is meant to be easier to use than the information # returned by nslookup.## Andy Welter# www.the-welters.com# January 16, 2001# $host=$ARGV[0];$addr=gethostbyname($host);if ( $addr ) { ($a,$b,$c,$d)=unpack ('C4', $addr); print "$a.$b.$c.$d\n";} else { exit 1;};#======================hostbyname=============================#hostxcheck
When given an IP address or host name, this script will perform a forward and reverse look up using gethostbyaddr and gethostbyname. This is useful for verifying that reverse DNS entries have been set up correctly, or to make sure that an IP address does not have a spoofed reverse entry.Click here to see the script
Platforms supported Unix and NT with a good Perl port.
#======================hostxcheck=============================#
#!/usr/local/bin/perl## Cross check the a host name using forward and reverse DNS # lookups. If the name passed in is a "cname" (aka alias), # then the second hostname returned will not match the first.# That is ok. The biggest thing to watch for is that the addresses# match.## The gethostbyname or gethostbyaddr functions use whatever name service # the system you run it on is configured to use. For example, this may be # local hosts files, NIS , NIS+ # # Andy Welter# www.the-welters.com# May 16, 2001# use Socket;## Get the address for the name passed in. If someone # passed us an address, gethostbyname will return the address anyway.$name1=$ARGV[0];$addr1=gethostbyname($name1);if ( $addr1 ) { ($a,$b,$c,$d)=unpack ('C4', $addr1); $addr1txt="$a.$b.$c.$d";} else { die "Lookup failed for name1=$name1\n";};## Do a reverse look up to get the name that goes with this address$name2=gethostbyaddr (inet_aton ($addr1txt), AF_INET);if ( $name2 ) { $addr2=gethostbyname($name2);} else { die "Lookup failed for addr1=$addr1txt\n";};## Now do a forward lookup on the address to get the name.if ( $addr2 ) { ($a,$b,$c,$d)=unpack ('C4', $addr2); $addr2txt="$a.$b.$c.$d";} else { die "Lookup failed for name2=$name2\n";}; printf ("%-32s\t%s\n", "Hostname:","Address:");printf ("%-32s\t%s\n%-32s\t%s\n", $name1, $addr1txt, $name2, $addr2txt);#======================hostxcheck=============================#
rc4
This program is an implementation of the "crypt" rc4 encryption program. It is a simple two way encryption program that can encrypt a file or data stream using a supplied key. When the same key and program are used on an encrypted file, it will decrypt the file.Click here for the script
Platforms supported Unix and NT with Perl.
#===========================RC4============================#
#!/usr/bin/perl ## A perl implementation of the "crypt" program.## This program implements an rc4 encrytion algorythm # using a variable length key single piece key.## It takes a file or data stream and encrypts it using the# provided key. Running the output of the program back# through the program with the same key will decrypt it.## USAGE: rc4 <keyval> [file name]# If no file name is provided, the script will read from # STDIN. ## Andy Welter# www.the-welters.com# May 2001# ## Encrypt a buffer at a type. Encryption is a stateful# process, so we use the "@state" global variable to track# the state.sub rc4 {my ($buf) = @_;my ($ebuf, $char);for(unpack('C*',$buf)) { $x++; $y=($state[$x%=256]+$y)%256; @state[$x,$y]=@state[$y,$x]; #&swap; $char= pack (C, $_^=$state[ ($state[$x] + $state[$y]) %256 ]); $ebuf= $ebuf . $char; };return $ebuf;}; sub prepkey {## Prepare the encryption key#my @key=@_;my @hexkey=unpack('C*',pack('H*',shift @key));my ($x, $y);my @t;my @state;## prepare keyfor(@t=@state=0..255){ $y=($hexkey[$_%@hexkey]+$state[$x=$_]+$y)%256; @state[$x,$y]=@state[$y,$x]; #&swap;}return @state;}; local @state=prepkey("$ARGV[0]");my $x=0;my $y=0;my $file;if ( $ARGV[1] eq "" ) { # If no file name was specified, # use standard-in as the file name $file="<&=0";} else { $file=$ARGV[1];}; open (IN,"$file") || die "error: can not open $file";while (read (IN,$buf, 1024)) { print rc4 ($buf);};#===========================RC4============================#
repack
This script uses the "/var/sadm/install/contents" file in Solaris to recreate a Solaris package file based on the currently installed files on the system. This can be useful as a way of making a backup of a Solaris package prior to removing it, or as a way to recreate a Solaris installation package when you no longer have the package file that it came in. It can also be useful as a way of creating a modified / customized package for installation on other systems. One could change file contents, ownerships, or permissions to suit their needs, repackage the files, and use that package for installation on other systems.Click here for the script
Platforms Supported: Solaris 2.x
#==========================repack============================#
#!/bin/ksh## Re-create a Solaris package installation file from it's installed # components.## Andy Welter# www.the-welters.com## Limitations:# This script will only capture files that have entires in the # /var/sadm/install/contents file. It will not capture other files such# as config files that were added for the package later. It will also # not capture any pre or post install scripts that may have been used# when the package was originally installed.# # The file ownerships and permissions in the new package are will be the# same as the actual file ownerships and permissions, not what they were# when the file was originally installed.#DIR=/tmpUSAGE="repack <package name>"if [ $# -lt 1 ]; then echo "$USAGE" exit 1fiPKG=$1pkginfo $PKGif [ $? -ne 0 ]; then echo "No such package $PKG." exit 1fi TMPDIR=$DIR/$PKG.$$if [ ! -d $TMPDIR ]; then mkdir $TMPDIRelse echo "$TMPDIR already exists. Exiting" exit 1ficd $TMPDIRecho "PKG=$PKG" > pkginfoecho 'BASEDIR="/"' >> pkginfopkginfo -l $PKG | while read KEYWORD VALUE; do case $KEYWORD in NAME:) # make sure the name reflects the fact that this # is a repackaged Solaris package. echo "NAME=$VALUE - repackaged" >> pkginfo ;; CATEGORY:) echo "CATEGORY=$VALUE" >> pkginfo ;; ARCH:) echo "ARCH=$VALUE" >> pkginfo ;; VERSION:) # make sure the version reflects the fact that this # is a repackaged Solaris package. echo "VERSION=$VALUE - repackaged" >> pkginfo ;; VENDOR:) echo "VENDOR=$VALUE" >> pkginfo ;; EMAIL:) echo "EMAIL=$VALUE" >> pkginfo ;; esacdone echo "i pkginfo=./pkginfo" > prototypegrep $PKG /var/sadm/install/contents | cut -f1 -d" "| pkgproto >> prototype if [ -d /var/spool/pkg/$PKG ]; then echo "Package already exists in /var/spool/pkg." echo "Do you want to over write this package? " read ANS if [ "$ANS" = "y" -o \ "$ANS" = "yes" ]; then pkgmk -o -r / else echo "Ok, exiting" exit 1 fielse pkgmk -r / ficd /var/spool/pkgrm -r $TMPDIRecho "Do you want to turn the pkg directory into a single package file? "read ANSif [ "$ANS" = "y" -o \ "$ANS" = "yes" ]; then pkgtrans -s /var/spool/pkg $PKG.pkg rm -r /var/spool/pkg/$PKGfi#==========================repack============================#makePackage
This script creates a simple solaris package by interactively prompting for the basic values of a package. It assumes that you already have the files installed on the system in the proper location, with the desired ownerships and permissions. Click here for the script
Platforms Supported: Solaris 2.x
#========================makepack============================#
#!/usr/bin/ksh## This script creates a simple solaris package by interactively# prompting for the basic values of a package. It assumes that# you already have the files installed on the system in the proper# location, with the desired ownerships and permissions.# # Andy Welter# Version 1.0# 2005# #copyScript () { if [ "$2" = "" ]; then return elif [ -d $1 ]; then cp $1/$2 $TMPDIR print "i $2=./$2" >> prototype elif [ -f $1 ]; then cp $1 $TMPDIR/$2 print "i $2=./$2" >> prototype else print "ERROR! bad file name or path $1" fi}; print "Creating pkginfo file..."print "Enter values for solaris package variables: "print -n "Package name (8 chars or less, no spaces [PKG]: "read pkgTMPDIR="/var/spool/pkg/$pkg.$$"if [ -d $TMPDIR ]; then print "ERROR: $TMPDIR already exists" exit 1else mkdir $TMPDIR cd $TMPDIRfiprint "PKG=$pkg" > pkginfo print -n "\t Package long name [NAME]: "read nameprint "NAME=$name" >> pkginfo print -n "\t package CATEGORY: [ex. utility, application] "read catprint "CATEGORY=$cat" >> pkginfo print "ARCH=sparc" >> pkginfo print -n "\t VERSION: "read versionprint "VERSION=$version" >> pkginfo print -n "\t VENDOR: "read vendorprint "VENDOR=$vendor" >> pkginfo #print -n "\t BASEDIR: "#read basedirbasedir="/"print "BASEDIR=$basedir" >> pkginfo print "EMAIL=" >> pkginfo print "Creating package prototype file..."cat /dev/null > prototypeprint "Solaris packages can run scripts at 3 points"print "= a 'checkinstall' script for checking package dependencies"print "= a 'preinstall' script that prepares a system for the installation of the files"print "= a 'postinstall' script that runs after the other package files have been installed"print "The files must be named checkinstall, preinstall, or postinstall."printprint "Enter the FULL path name to any checkinstall script you wish to run (optional): "read scriptcopyScript $script checkinstall print "Enter the path name to any preinstall script you wish to run (optional): "read scriptcopyScript $script preinstall print "Enter the path name to any postinstall script you wish to run (optional): "read scriptcopyScript $script postinstall print -n "Enter the name of a file containing a list of the package files: "read manifestif [ -f "$manifest" ]; then print "i pkginfo=./pkginfo" >> prototype cat $manifest | pkgproto >> prototype else print "ERROR: Must specify a file listing the contents of the package" exit 1fiif [ -d /var/spool/pkg/$pkg ]; then echo "Package already exists in /var/spool/pkg." echo "Do you want to over write this package? " read ANS if [ "$ANS" = "y" -o \ "$ANS" = "yes" ]; then pkgmk -o -r / else echo "Ok, exiting" exit 1 fielse pkgmk -r / fi cd /var/spool/pkgrm -r $TMPDIRecho "Do you want to turn the pkg directory into a single package file? "read ANSif [ "$ANS" = "y" -o \ "$ANS" = "yes" ]; then pkgtrans -s /var/spool/pkg $pkg.pkg rm -r /var/spool/pkg/$pkgfi #========================makepack============================#
sh_ex
This script doesn't do anything... It is just a file with examples of Bourne shell script syntax. It can be handy if you don't write in sh often and want your memory jogged, or if you can never remember what test operator checks to see if a file is a symbolic link or not. Click here to see the script.
Platforms supported: generic Bourne shell script syntax.
#!/bin/ksh ## Some script syntax examples: ## reading output from one program to use in a variableps -eaf | grep httpd | while read USER PID PPID THEREST; do grep "error: $PID" /var/adm/somelogfiledone ## The problem with the previous example is that you can't do# something with standard out in the middle of the loop, since # you are already using standard out. Another way to do it is this:ps -eaf | grep httpd | while read USER PID PPID THEREST; do PIDLIST="$PIDLIST $PID"donefor CURPID in $PIDLIST; do grep "error: $PID" /var/adm/somelogfile >> /tmp/someotherlogdone ## You can also format the output of "ps" the way you want using the # "-o" option.ps -eaf -o pid -o comm | grep "httpd" | while read PID CMD; do kill $PIDdone ## You can also use program output this way:# Suppose you want to see what the permissions and ownerships were on some# command that was in your path: ls -al `which su` ## Or suppose you wanted to save a date/time stamp so that you could use # it multiple times:DTIME=`date +"%m%d%y.%H%M"`mv log1 log1.$DTIMEmv log2 log2.$DTIME ## Some examples of the "test" operation:# -r file exists and is readable# -w file exists and is writable# -x file exists and is executable# -f file exists and is a regular file. (not a dir)# -d file is a directory# -h file is a symbolic link# -c file is a character special file# -b block special file# -p named pipe# -u setuid file# -g setgid file# -k sticky bit set# -s file exists and has a size greater than 0# -z test for zero len string# -n non-zero length string## Numeric test operators:# -lt less than# -le less than or equal to# -gt greater than# -ge greater than or equal to# -eq equal to# -ne not equal to## String test operators# = equal# != not equal# > greater than# < less than# # boolean operators# -a and# -o or# ! not#if [ -f /tmp/myfile ]; then cat /tmp/myfilefi ## elif structureif [ ! -f $FILE ]; then echo "No such file $FILE"elif [ ! -r $FILE ]; then echo "$FILE not readable"else echo "File is readable"fi ## Processing command line options:while [ $# -ge 2 ]; do case $1 in -f) FILE=$2 shift 2 ;; -d) DEVICE=$2 shift 2 ;; *) echo "usage: $0 [-f <filename>] [-d <device name>]" exit 1 ;; esacdone ## This is an example of of subroutine definition and callhup_daemon () {DAEMON="$1"ps -e -o pid,comm | grep "$DAEMON" | while read PID COMM; do echo "send HUP to $PID $COMM" kill -HUP $PIDdone}; hup_daemon inetd # Writing data to syslog/usr/local/bin/someCommand > /var/adm/someCommand.logif [ $? -eq 0 ]; then logger -p user.notice "NOTE: someCommand worked just fine"else logger -p user.err "ERROR: someCommand had a problem"fi #sending a file as an attachment in emailuuencode /var/adm/someCommand.log someCommand.log | mailx -s "Log file fromsomeCommand" someUser@somedomain.com#========================sh_ex============================#
perl_ex
This script doesn't do anything... It is just a file with examples of simple Perl syntax. It can be handy if you don't write in perl often and want your memory jogged. Click here to see the script.
Platforms supported: generic Perl syntax.
#========================perl_ex============================#
#!/usr/bin/perl ############################################################################ This is an example Perl script that doesn't do that much. It is mostly an # example of Perl syntax. The last part of the example is a basic web # server log analysis program.########################################################################### ############################################################################ Types of variables############################################################################# Scalar variables always start with a "$" whether they are on the left or# right hand side of an expression. This differs from bourne, korn, # and C-shell scripts.$logDir="/var/log/httpd";$logFile="$logDir/access_log"; ## arrays # Arrays can be referenced two ways, in an array "context", or in a # scalar "context". In an array context, the array name starts with # a %. When referenced with a $, the value of the array is evaluated# as a scalar value. Arrays are referenced as scalars when you are # accessing a single element of the array by its subscript. When the# name of the array is referenced with an $ and no subscript, the # value of the expression is the length of the array.%months=("", "January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November", "December");$mar=$months[3];$monthCount=$months -1; ## Hashes or associative arrays# One of the most useful innovations in Perl. An associative array# is like an array where the index is a string rather than an integer.# When referenced with a @, the variable is an array. When used with # a $ and a subscript, you get the value of the array element. Without# the subscript, you get the %namesAndNicknames ("Andrew", "Andy", "William", "Bill", "James", Jim");$nickname=$namesAndNicknames {"Andrew");$namesAndNicknames {"William"} = "Billy Bob";## Get a list of hash keys@names=keys (%namesAndNicknames);## Get a list of the values in the hash@values=values (%namesAndNicknames); ############################################################################ A subroutine definition and call###########################################################################sub isEqual {my ($parm1, $parm2) = @_;if ( $parm1 eq $parm2) { return 1;} else { return 0;};}; $rc=isEqual ("abc", "def"); ############################################################################ Simple control structures###########################################################################if ( $nickname eq "Billy Bob" ) { nascarfan("true");} elsif ( $nickname eq "Nigel" ) { f1fan("true");}; $length = @names;for ($ii=0; $ii < $length; $ii++) {print ("$names [$ii] aka $namesAndNicknames{$names [$ii]} \n");
}; foreach $name (@names) { printf ("%s aka %s \n", $name, $namesAndNicknames {$name});}; ## open a file for output, read from standard in, and write it to the outfile.open (OUTFILE, "> /var/tmp/junk");while ( $_ = <>) { print (OUTFILE "$_");}; ## The first parm in the open command is the file handle name, File handles# have odd syntax... they do not have any special character in front of them# such as $, %, or &. open (LOG,"<$logFile") || die "error: can not open $LOG";## split the lines of the log file. Ex.# host.someisp.net - someuserid [01/Jan/1998:08:30:15 -0500] "GET /~welter/index.html HTTP/1.1" 304 -while (<LOG>) { ($host,$junk,$userid,$date,$time,$request,$url,$protocol,$junk2) = split (/\s+/); if (($url =~ /welter/) && !($url =~ /jpg/)) { $urls {"$url"} ++; $hosts {"$host"} ++; $dates {"$date"} ++; };}; print "URL Requests by host.\n";while (($key ,$count) = each %hosts) { print "$count\t$key\n";}; print "\nURL Requests by URL.\n";while (($key ,$count) = each %urls) { print "$count\t$key\n";}; # sort some hash by value@sorted = sort { $hash{$a} cmp $hash{$b} } keys %hash; for $key (@sorted) { print $hash{$key}\n;done #========================perl_ex============================#
No comments:
Post a Comment