Softpanorama (slightly skeptical) Open Source Software Educational Society

May the source be with you, but remember the KISS principle ;-)

Perl Admin Tools and Scripts

Perl is probably the most friendly to Unix system administrators scripting language and other things equal Perl tools are preferable.  Also Perl is available now by default on all major flavors of Unix, so you do not need to install anything to run Perl scripts.

Because UNIX sysadmin can use Perl on almost daily bases he can understand better the quality and tradeoffs in the open source tools that he try to use.  With languages that are not used regularly both understanding of the quality of the tool and maintenance are much more difficult.

Dr. Nikolai Bezroukov

Notes: Those pages are written by people for whom English is not a native language. Some amount of grammar and spelling errors should be expected. This is a Spartan WHYFF (We Help You For Free) site. It cannot replace the best teachers and the best books. The site contain some obsolete pages as it develops like a living tree... Some links on older pages are broken. Please try to use Google, Open directory, etc. to find a replacement link (see HOWTO search the WEB for details). We would appreciate if you can mail us a correct link. Search Amazon by keywords:     Open directory Research Index

Old News ;-)

[May 6, 2008] freshmeat.net Project details for check_logfiles

Perl plugin

check_logfiles 2.3.3 (Default)
Added: Sun, Mar 12th 2006 15:09 PDT (2 years, 1 month ago) Updated: Tue, May 6th 2008 10:37 PDT (today) About:

check_logfiles is a plugin for Nagios which checks logfiles for defined patterns. It is capable of detecting logfile rotation. If you tell it how the rotated archives look, it will also examine these files. Unlike check_logfiles, traditional logfile plugins were not aware of the gap which could occur, so under some circumstances they ignored what had happened between their checks. A configuration file is used to specify where to search, what to search, and what to do if a matching line is found.

[Jan 24, 2008] freshmeat.net Project details for cgipaf

The package also contain Solaris binary of chpasswd clone, which is extremely useful for mass changes of passwords in corporate environments which include Solaris and other Unixes that does not have chpasswd utility (HP-UX is another example in this category).   Version 1.3.2 now includes Solaris binary of chpasswd which works on Solaris 9 and 10.

cgipaf is a combination of three CGI programs.

• passwd.cgi, which allow users to update their password,
• viewmailcfg.cgi, which allows users to view their current mail configuration,
• mailcfg.cgi, which updates the mail configuration.

All programs use PAM for user authentication. It is possible to run a script to update SAMBA passwords or NIS configuration when a password is changed. mailcfg.cgi creates a .procmailrc in the user's home directory. A user with too many invalid logins can be locked. The minimum and maximum UID can be set in the configuration file, so you can specify a range of UIDs that are allowed to use cgipaf.

[Jan 15, 2008] freshmeat.net Project details for SLACK

SLACK (Sysadmins' Lazy Auto-Configuration Kit) is a configuration management system designed to appeal to lazy system administrators. It's an evolution from the fairly common practice of putting files in some central directory. It's descended from an earlier system called "subsets", and uses a multi-stage rsync to fix some of the problems in that system.

Release focus: N/A

Changes:
slack.conf is now installed without the execute bit. A bunch of changes from the Debian patch were merged in, with a few changes to preserve permissions on /var/lib/slack and /var/cache/slack and a few changes to the way debs are built. The --rsh option is now propagated to backends, so the option actually works.

[Dec 30, 2007] freshmeat.net Project details for ns4

ns4 is a configuration management tool which allows the automated backup of node configurations. Commands are defined within a configuration file, and when they are executed, the output is sent to a series of FTP servers for archiving. As well as archiving configurations, it allows scripts to be run on nodes; this allows configurations to be applied en masse and allows conditional logic so different bits of scripts are run on different nodes.

Webmin by Jamie Cameron

User accounts setup is nice thing...

Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms, you can setup user accounts, internet services, DNS, file sharing and so on.

Release focus: Minor feature enhancements

Changes:
The default Blue Framed theme has been improved. There are user interface cleanups in various modules. Perl modules can be installed from YUM and APT. Status notification via SMS has been added. The HTML editor widget has been replaced with Xinha. Linux quotas are now set with the setquota command. There are optimizations to speed up getting the hostname and Postfix config settings. YUM and Redhat Network support has been improved.

Helpful Administrative Scripts

• lvinfo - a script to help document Logical Volume Manager information on an AIX system.
• createVgCloneScript - duplicate a volume group, volume, and filesystem structure
• wackVG - Delete the contents of a volume group, including all all files and volumes.
• pstree - this script analyzes "ps" command output and displays the parent / child relationships of the running processes.
• dumpall - a set of scripts to backup Solaris and Digital Unix systems.
• vgbackup - a very basic script for doing backups on AIX systems.
• createVgCloneScript - creates a script that replicates the volume group, logical volumes, and file systems for a system.
   
• mtfcount - count the file marks on a tape.
• vmlog - a script that records time stamped vmstat output to a file.
• hogs - A script to show the top CPU or Memory users on a system.
• rex - An rexec client for executing commands on remote systems.
• syslog maintenance scripts.
• webcat and webload - These two scripts can be used to fetch web pages from the command line or generate system load on web servers.
• logroll - A script to manage old log files.
• format_clone - A script to copy Solaris disk format layouts from one disk to another.
• inetd_cleanup - A script to tighten up the security of Solaris inetd configurations.
• ping_scan - A script to ping IP addresses in sequence.
• hostbyname - Get IP address for a host name via gethostbyname
• hostbyaddr - Reverse lookup of hostnames by IP address, using gethostbyaddr
• hostxcheck - Forward and reverse lookup cross check
• rc4 - A perl implementation of the "crypt" rc4 encryption command.
• repack - Recreate a Solaris package file from an installed package
• makePackage - create a simple package through through simple prompts.
   
• sh_ex - This Bourne shell script doesn't do anything, it just has a series of syntax examples to jog your memory when coding.
• perl_ex - This Perl script doesn't do anything, it is just a series of syntax examples like sh_ex.
   

freshmeat.net Project details for NetAlert 0.2

The netalert daemon checks the avaibility of network services by initiating cyclic TCP and/or UDP connection attempts. It's also capable of validating received sequences (using extended regular expressions) and even triggering those sequences by sending sequences itself. It's pretty easy to setup due to its clean XML-based configuration file. The responsible admin receives an email when a service goes down.

Release focus: Major feature enhancements

Changes: The ability to check userland by grabbing banners or other sequences was added. The ability to trigger those sequences was added. The netalert.xml config file was changed slightly. A manpage was written for netaltert.xml (5). 

freshmeat.net Project details for Host Grapher

About: Host Grapher is a very simple collection of Perl scripts that provide graphical display of CPU, memory, process, disk, and network information for a system. There are clients for Windows, Linux, FreeBSD, SunOS, AIX and Tru64. No socket will be opened on the client, nor will SNMP be used for obtaining the data.

Changes: A small bugfix was made to the Unix client, so now it is possible to have more than one graph for the disk plugin. Two new separate plugins were created for Bind (DNS) and MySQL.

[Infrastructures] Is cfengine a good tool

Tim Writer tim@starnix.com 21 Feb 2003 19:27:28 -0500

• Previous message: [Infrastructures] Is cfengine a good tool?
• Next message: [Infrastructures] Is cfengine a good tool?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

"Luke A. Kanies" <luke@madstop.com> writes:

> On Fri, 21 Feb 2003, Tim Writer wrote:
> 
> > Perhaps some of you who have used cfengine succesfully
> > could share your configuration.
> 
> I'll share my config, for what it's worth.  It's still a work in progress,
> but you should be able to find it at
> http://luke.madstop.com/cfengine/config.

Thanks.

> > One thing I find very frustrating with cfengine is the quirkiness of the
> > language.  Variables are expanded in some places and not in others.  This,
> > for example, doesn't work:
> >
> >     control:
> >
> >         actionsequence = ( copy )
> >
> >         prefix = ( /u/adm )
> >         source = ( ${prefix}/etc/ssh )
> >
> >     copy:
> >
> >       any::
> >         ${source}
> >           dest=/etc/ssh
> >           ...
> 
> I believe that quoting the variable there will get you what you want.

Okay, I'll try that.  Wierd though.

> > Without consistent variable expansion, how do you prevent cfengine config
> > files from becoming unmaintainable.
> 
> Even with consistent expansion, the files quickly become unmaintainable,
> or close to that, in my opinion.

Nice to know I'm not alone.

> I think that cfengine provides some functionality all in one place that's
> really hard to duplicate manually, but the hoops you have to jump through
> to get there are not very fun.

That's the part I'm not convinced about.  The cfengine docs suggest that it's
superior to Perl and make for example.  While I agree, that the intent of:

    AppendIfNoSuchLine "..."

is clearer than the correpsonding Perl code, I find that its even easier to
write unmaintainable cfengine "code" than Perl.  Perl has its warts, no
question.  But wouldn't it make more sense to write a coherent suite of Perl
modules aimed at performing some of the tasks cfengine does?  IOW, start with
a powerful, widely ported programming language and "tune" it to the task of
infrastructure management, rather than a weak language with some builtin
"knowledge" of system management that you quickly outgrow.

> Cfengine is kind of amazing in that I've never seen a tool used so heavily
> but which has so many people trying to work around it.

So, I'm not completely out to lunch.  That's too bad because I was hoping
cfengine would simplify my life.

-- 
tim writer <tim@starnix.com>                                  starnix inc.
tollfree: 1-87-pro-linux                        thornhill, ontario, canada
http://www.starnix.com              professional linux services & products

freshmeat.net Project details for Process Change Detection System

About:
Process Change Detection System is a script to monitor changes in processes--not to monitor if your Web server is still running, but to see if there are new programs running. When debugging a honeypot logging, you often see that there's an extra inetd running, to open up a backdoor port. Or, less dramatically, people login to a system and "forget" to logout.

Release focus: Minor bugfixes

Changes:
This release removes the first undefined value in the baselist and adds debugging options.

Index of -release-mharc

About: MHArc is a collection of Perl and Bourne shell scripts for generating and managing Web- based searchable archives of mailing lists. Internally, MHonArc is used for processing emails.

Webcon, Inc. - DOBACKUP.PL

About: dobackup.pl is a flexible Perl script to handle unattended incremental backups of multiple servers. It handles multiple media sets with automatic media preparation and rotation, configurable 'what-to-backup', global per-host exclusion patterns, and user settable 'don't-back-this-up' metafiles. Its design goal is zero-maintenance, nothing to do except change the media when told.

Changes: Fixed the options the were broken during the recent Getopt::Long switchover, as well as base-2 numbers and SI (KiB, MiB, etc.) unit reporting. Some previously unimplemented options have had code added, and a usable man page has been included, along with revised documentation.

projects

Accgen

This script is more geared towards the sysadmins out there who need a quick and dirty way to setup new system users. It supports the following services.

1. Apache
2. Postfix
3. Jakarta Tomcat
4. BIND

The script is fairly robust and moduler. You may disable/enable support for any of the services listed above.

AFTPLoader Written by Andreas Henningsson < andreas.henningsson@telia.com >

This is a tool for webdevelopes that need a quick and easy tool to update homepages. AFTPLoader
is written in perl/tk. It's designed to manage homepages but you can use it to transfer what you like.
For the moment it's just a beta but quite stable, feedback in any form is welcome.

NEWS(old ):
Fri 12 Okt
I have stated to clean up this project as much as possible, this is mainly
a bug and useability update.

Sat 6 Okt
Updated the homepage. I have updated with a new screenshot
and added a FAQ to the page.

Sun Sep 30
I have made a preview of 0.4.3. This is something you should
download. Alot of bug's fixed, Read the Changelog.

Fri Sep 28
Finaly things start to work again. Get the new version. Big
changes to the upload engine. Much faster then before or should
be anyway. Used to disconnec after every file before.

REQUIREMENTS:
-Perl
-Net::FTP download at http://search.cpan.org
-Tk download at http://search.cpan.org

FAQ:
I have made a faq , maybe you can find something useful.

SCREENSHOTS: Image1 |image2 |image3

DOWNLOAD( Changelog ):
AFTPloader-0.4.4
AFTPloader-0.4.3
AFTPloader-0.3.2

Ned Konz's Perl Stuff

Algorithm::Diff

This is a module for computing the difference between two files, two strings, or any other two lists of things. It uses an intelligent algorithm similar to (or identical to) the one used by the Unix `diff' program. It is guaranteed to find the *smallest possible* set of differences.

It was originally written by Mark-Jason Dominus, mjd-perl-diff@plover.com and was re-written and is now being maintained by Ned Konz, perl@bike-nomad.com.

Download Algorithm::Diff Perl module

Algorithm-Diff/Algorithm-Diff-1.11.tar.gz via HTTP

Archive::Zip

The Archive::Zip module allows a Perl program to create, manipulate, read, and write Zip archive files.

Zip archives can be created, or you can read from existing zip files. Once created, they can be written to files, streams, or strings.

Members can be added, removed, extracted, replaced, rearranged, and enumerated. They can also be renamed or have their dates, comments, or other attributes queried or modified. Their data can be compressed or uncompressed as needed. Members can be created from members in existing Zip files, or from existing directories, files, or strings.

This module uses the Compress::Zlib library to read and write the compressed streams inside the files. It requires a version of Compress::Zlib >=1.06 (see below)

Examples and helper libraries are given to show how:

• zip files can be written to strings
• zip files can be written in chunks to arbitrary functions

This is a work in progress. I'd appreciate your feedback on its design and implementation.

You can look at its object model as a .PDF file.

Download Archive::Zip Perl module

Archive-Zip-0.11.zip  via HTTP
Archive-Zip-0.11.tar.gz  via HTTP

Compress::Zlib can be obtained from CPAN:  http://www.cpan.org/authors/id/PMQS/Compress-Zlib-1.14.tar.gz

Changes

Older versions can be obtained from CPAN:
Via HTTP: http://cpan.org/modules/by-authors/id/N/NE/NEDKONZ/
Via FTP: ftp://ftp.cpan.org/pub/CPAN/modules/by-authors/id/N/NE/NEDKONZ/

Apache::PrettyPerl
An on-the-fly syntax highlighter for Perl files.



Programming Language :: Perl [filter]
Topic :: Software Development :: Libraries [filter]

[May 15, 2002] AutoUpdate by Gerald Teschl (GPL)

About: AutoUpdate 4.0.3 is a simple Perl script which performs a task similar to Red Hat's up2date or autorpm. It can be used to automatically download and upgrade RPMs from different FTP sites. Moreover, it can also be used to keep a server with a customized (Red Hat) distribution plus all clients up to date.

Changes: Some problems with exclude patterns are now fixed.

Unix SysAdm Resources Automated Unix SysMgmt Software

• Master System is a public-domain Unix systems configuration tool written in Perl. The system is architecture and operating system independent, but it can handle architecture and operating system dependent configuration. It is designed to control the configuration of large groups of systems that are configured in the same style, but are not necessarily identical. From a group at Rutgers University.
  
• Webmin is a free web-based admin interface for Unix systems. Via a web browser, you can configure DNS, Apache, Samba, filesystems, startup scripts, inetd, crontabs and more. Written in Perl5 and easily extendable. Supports several Linux versions and Solaris.

Webmin

Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms (and Java for the File Manager module), you can setup user accounts, Apache, DNS, file sharing and so on.

Webmin consists of a simple web server, and a number of CGI programs which directly update system files like /etc/inetd.conf and /etc/passwd. The web server and all CGI programs are written in Perl version 5, and use no non-standard Perl modules.

Drall by Henrik Edlund -- remote implementation of OFM. Very interesting idea and one of the two top news for 1999(see also news item about CGI-based implementation). Please note that Java implementation would be much better. Platforms: Unix and Perl (actually any system supporting perl)

Drall is a script which allows users to access their directories and files remotely without the need of using insecure ftp and telnet. It enables the user to treat the remote file system as if it was on their local hard disk trough a normal web browser. The interface resembles the well known Norton Commander (of DOS fame) and Midnight Commander (of UNIX fame). Drall relies on the server's HTTP authentication and SSL for security. Dual-frame interface makes it easy to overlook file system and the modular design means you only use the features you need. Written in Perl for easy customization and expansion.

Spong 2.7-alpha8
Stephen L Johnson <sjohnson at monsters.org> - July 27th 2000, 03:47 EST

Urgency: low

More 2 Cent Tips & Tricks LG #32

Linux Gazette November, 1995

Sent you some e-mail a while back about the Linux Gazette, and here's another tip probably worth publishing. I haven't searched through all issues yet, but I don't see it in there. If it is, sorry...

In your July issue, you describe copying files to /config_dist or such for back-up purposes. Such a mechanism is useful, indeed, but I believe that there is a *better* solution: RCS. Install the RCS package, and let RCS store *all* your previous versions. This allows you to store a change history, change description, etc. with all files. With RCS you can ask: What did I change to my hosts file? I had an old version of sendmail.cf that worked, and now its broken. What's changed? I solved this problem once before. How? Etc.

Oh. RCS stands for Revision Control System, and is GNU software.

Here's a brief summary on the use of RCS. Pretend that the file you want to manage is '/directory/file'.

1. Obtain and install.
   Probably should do: man rcsintro for an introduction
   
   
2. To put a file under revision control:
   cd /directory
   mkdir RCS (not required, but recomended.)
   ci -u file Puts the file under revision control.
   answer questions Describe the file to RCS.
   Note that file is now r--r--r-- (read only).
   
   
3. To Check out a file:
   co -l file Checks out the file (now writable).
   You may now modify the file.
   
   
4. When done, check it back in:
   ci -u file (Will ask your for change description)
   description_of_changes (Describe what you did to the file).
   (File is now r--r--r-- again).
   
   
5. To get a log of the file:
   rlog file
   
6. To find differences between current and last checked in:
   rcsdiff file
   
   

Many more things. Do read the man page. Its worth the effort to learn!

-- Nicholas R. LeRoy <nleroy@norland.idcnet.com>

See also

• Shells
• Perl

Recommended Links

• System administration -- list of sysadmin tools
• Helpful Administrative Scripts
• Rosetta Stone
• FTP link to SAGE-AU's collection of Sysadmin Software
• PERL Reference/Sysadmin tools

Administration and Monitoring

[Nov. 24, 1999] WebRAT

WebRAT consists of :

• The client part which is a set of cgi scripts, establishing connection to the servers, transferring requests, getting the answers, providing these answers to the user through dynamically created web pages.
• The administration server which is a single perl script, waiting (through inetd) for connections, from the client scripts, from which accepts (or denies) the requests, authorizes the user, calls the appropriate administrative script , and provides the results of the action requested (which is the output of the administrative script )
  1. The administrative scripts are scripts that do one and only job, called by the administration server
• The nodes' daemon is the equivalent of the administration server , exists in every node to be administered, accepts (through inetd) connections from the client scripts (or the administration server under certain circumstances), authorizes the user, calls the appropriate server script , and provides the results of the action requested (which is the output of the server script as an answer to the client script .
  1. The server scripts are scripts that do one and only job, called by the daemon

That may seem complicated, but once implemented, it is very easy to maintain, and extend. The system is supposed to be modular, and although adding modules is not (yet) the easiest thing to do, it will be much more easier in the future, once the module adding module is implemented.

The difficult part is in the design and the implementation, thus hiding all the complexity from the user of the system.

The way it works

WebRAT relies on a administration server which has the responsibility of keeping the hosts-to-be-administered database. Adding/removing nodes is on of the administration servers' responsibilities. Every node has its own "password" file, keeping user/module pairs, from which the node may authenticate if a user is allowed (or not) to use the specific module. This (password) file is also handled by the administration server. You may NOT add users of the system through the node, you have to add them through the administration server.

Several administrative scripts exist in order to handle administration server's requests. These should be considered as part of the administration server itself, but the choice to be different scripts was made in order to make all the scripts small and compact, for easier maintenance.

Each and every node has its own daemon , and a set of server scripts . Those have the same relationship as the administration server to the administrative scripts . Every user registered to perform tasks to the system may access the daemon, which allows him access to these tasks only. So, the superuser may distribute tasks to unprivileged users

Authentication is performed in every stage of the process, so that someone cannot override the client.

Security implications

As WebRAT relies on a WebServer, and the daemons are called through inetd, the whole system may be extremely secure, by the usage of independent, open source software, such as OpenSSL and TCP/wrappers.

WebRAT is written in perl, in order to

• avoid buffer overflows (common problem when someone writing daemons doesn't know C very well like me)
• be easily customized
• be easily maintained
• be easily modularized
• give the user the ability to check the code (as these scripts are executed as privileged user, i.e. root) in an easy understandable language

That last part is also the reason the scripts are not so compact. They could have at least 20% of lines of code less, if I was trying to make them compact, but I preferred to make them easily understandable

You may take WebRAT's latest version from here

[Nov. 24, 1999] Linux Today MAT 0.20 - Monitoring and Administration Tool

I'm proud to announce a new release of the Monitoring and Administration Tool (MAT). New to version 0.20 is the replication module. This allows replication between UNIX hosts. A HPUX agent is now included, as well as a GNU libc build. There are several bug fixes in the backup module, as well as some fixes to the system monitoring module.

The MAT web site is at: http://www.ee.ryerson.ca/~sblack/mat

It contains screen-shots, as well as descriptions of MAT's functions.

Below is a description of this release of MAT.

Monitoring & Administration Tool (MAT)
--------------------------------------

MAT is an enterprise monitoring and administration tool. It allows you as an administrator, or authorized individual, to manage a hetrogeneous UNIX network. It hides most of the complexity of the standard configuration files making it easier administer. The monitoring daemon provides historical information about a hosts status. Several monitored parameters can be graphed to aid capacity planning. The monitored parameters can trigger events when a threshold is exceeded, alerting administrators to problems.

Some of the advanced features include the ability to upgrade it's self as new versions, or upgrades become available, the ability to allow other users to control some or all of the administrative functions. The ability to see the "health" of a host.

MAT is in three parts, the MAT agent, the MAT daemon, and the MAT console. The MAT agent does the actual work of modifing files, running commands, and inspecting the system. The MAT daemon MATd periodically monitors system parameters, and can send alarms. The MAT console provides an easy to use GUI which sends commands to the MAT agent to manipulate and query standard UNIX configuration files. It also provides an easy to use GUI for graphing the MATd results and controlling the parameters monitored by MATd.

MAT is available for Linux, SunOS 4.1.x, and Solaris. An alpha port to IRIX 6.x is included. Currently MAT allows you to add, modify and delete the following:

• Users (Site specific user defaults are supported)
• Groups
• Hosts
• Email Aliases
• Mounted filesystems
• Crontab entries
• DNS client configuration
• Login message (motd)
• Services
• Exported (shared) filesystems
• DNS domains & records
• Most NIS records
• Syslogd entries

MAT allows you inspect many of the common system parameters including:

• All syslog files (TK 8.0 recommended for this)
• Routes
• Processes
• Lastlog
• Diskspace
• Exports

The monitoring deamon MATd runs scripts for monitoring of:

• Network Connectivity (through ICMP)
• Required Processes
• Disk usage
• CPU use
• Run queue
• User logins
• FTP server status
• SMTP server status
• Network Interface Activity

SWAP, and Memory use are monitored in the Linux version. A simple plotting tool allows you to graph the various monitored parameters. The monitoring scripts are written in Perl, and should be easy to customize and expand. The MAT probe has been updated to display it's current status.

Requirements:
--------------
For the MAT agent you need a UNIX machine running:

• Linux 2.x
• SunOS 4.1.4
• Solaris 5.x
• IRIX 6.x
• HPUX 10.10 or 10.20

Perl 5.x is needed for the monitored parameters and alarms. The Console requires Tcl/TK on at least one host.

[July 17, 1999] durep -- Psiren - June 07th 1999, 23:04 EST durep is a perl script used for disk usage reports. It can generate text output with bar graphs to allow easy comparisons of disk usage between directories. It can also generate web pages which can be navigated through the directory structure. This allows easy visual monitoring of disk usage.

Console Administration - Firewall - Security

[ June 20, 1999] Unix::ConfigFile
The Unix::ConfigFile distribution is a suite of modules that provide simple interfaces to various Unix configuration files. The objective is to free the system administrator from dealing with the trivial formatting details of the files, and allow him or her to concentrate on the information therein. Currently supported files include:

syswatch-1.1.tar.gz SysWatch 1.1 - SysWatch is a perl script that allows you to view current system information, disk utilization, resource utilization all in your web browser. Changes: Added automatic drive mapping (less configuration). Added red bar for drives over 90% full. The same script will now work on both *BSD and Linux. 3.621 kb. By Chris Martino.

Last updated: June 05, 2008