Enterprise Linux Log - A SearchEnterpriseLinux.com blog

Enterprise Linux Log:

 

A SearchEnterpriseLinux.com blog


A blog for Linux administrators covering Red Hat, SUSE, Ubuntu, Linux in data centers, Oracle Linux, Linux vs. Windows, Linux vs. Unix, interoperability, migration, the Linux kernel and more.

More Linux commands for your scripting pleasure

January 31st, 2008 by Mark Gallagher

One of our users, James Lowden, emailed us to say that our recent 77 useful Linux commands and utilities guide missed a couple of his favorites:

I’m a NetBSD guy, but I have RHEL at work.

As for commands, I like:

  1. pax better than tar

  2. hexdump better than od

  3. tnfpt better than wget

Pax has a much better command-line interface than tar, especially for copying trees. Consider:

$ pax -rw -pe src dest # to copy a tree

$ pax -wzf file.pax.gz src # to create and archive

hexdump -C is what you almost always want.

Tnftp (a port of the NetBSD FTP client to other systems) is a much saner way to fetch stuff. Why the GNU world focuses on wget instead is a mystery to me. It doesn’t do anything tnftp doesn’t do, and it doesn’t do anything better, either.

If you would like to share your opinions of our essential Linux command guide, feel free to drop us line and share some of your favorite commands with the Enterprise Linux Log.

Posted in Linux basics, Administration, interoperability and integration, tips, scripts | 1 Comment »

Script tracks Perl modules for you

October 11th, 2007 by Mark Gallagher

Michael Hurley shares a script that he wrote called modlister. I’ll let him explain:

It’s a script to tell you what Perl modules you have installed and where, to query whether you have a particular module installed, to see associated files, etc. For example:

    1. List all installed modules:

    2. modlister.pl

  2. Only show filenames (strip directories):

    3. modlister.pl -f

  3. See if Compress::Zlib is installed:

    4. modlister.pl -m Zlib

  4. See all the files associated with Zlib:

    5. modlister.pl -m Zlib -a

Thanks for the script, Michael.

Try this one out yourself. Tell us what you think or submit one of your own. If we use your script, you will receive a gift a Starbucks gift certificate. More scripting goodness after the jump… Read more »

Posted in Linux basics, scripts | No Comments »

Handy script protects Linux against traffic spikes

October 4th, 2007 by Mark Gallagher

We received another user-submitted Linux script for our “Share scripts… win Starbucks” series. This one comes from David Witham, who writes:

I administer a consumer VoIP switch for a VSP. The switch acts as a SIP registrar and proxy. Many thousands of devices register and re-register with the registrar every few minutes so there’s a pretty constant stream of traffic hitting it. Some SIP devices have flakey firmware and misbehave in such a way that they flood the registrar with registration requests to the point that performance is compromised, so I needed a way to protect the registrar from those devices.

I wrote a script that takes a sample of network traffic using Ethereal, checks for IP addresses transmitting excessive packets and blocks them by adding them to a list of addresses to drop in the INPUT chain of iptables.

David suggests running the script every 15 minutes to allow new IP addresses to be added to the list, then flushing the addresses and re-adding them so IP addresses that have stopped flooding can re-register.

Give it a try. This script was optimized for RHEL4 but should run on other Linux and Unix systems that have Ethereal or iptables. Feel free to modify it any way you like, or maybe you have one of your own to share? Share a script with us and, if we use it, we’ll treat you to Starbucks.

Keep the scripts coming!

#!/bin/bash
#
# Run from cron on a frequent basis, including on the hour, to block IP addresses flooding with SIP requests
# Use -f to force a flush of the INPUT chain
#
# First 3 octets of destination IP address of the flooding packets

BASE=xxx.xxx.xxx

# Whole destination IP address of the flooding packets

HOSTIP=xxx.xxx.xxx.xxx

# Interface on which the flooding is occurring

INTERFACE=eth3

# Flush iptables INPUT filter chain each hour in case some IPs have stopped flooding and are genuinely trying to use the service
if [ $(date +%M) = “00″ -o “$1″ = “-f” ]; then
        /sbin/iptables -F INPUT
        # Wait 5 seconds for IPs to start flooding again (most flooding IPs send REGISTER every 4 seconds if not getting a response)
        sleep 5
        # Add IP address to drop to iptables INPUT filter chain. Repeat a couple of times to catch all IPs
        /usr/sbin/tethereal -i $INTERFACE-a duration:10 2>/dev/null | awk ‘{print $2;print $4}’ | grep -v $BASE | sort | uniq -c | sort -rn | awk ‘$1 > 30 {print $2}’ | while read ip; do /sbin/iptables -A INPUT -s $ip -d $HOSTIP -j DROP ; done
        sleep 5
        /usr/sbin/tethereal -i $INTERFACE-a duration:10 2>/dev/null | awk ‘{print $2;print $4}’ | grep -v $BASE | sort | uniq -c | sort -rn | awk ‘$1 > 30 {print $2}’ | while read ip; do /sbin/iptables -A INPUT -s $ip -d $HOSTIP -j DROP ; done
        sleep 5
        /usr/sbin/tethereal -i $INTERFACE-a duration:10 2>/dev/null | awk ‘{print $2;print $4}’ | grep -v $BASE | sort | uniq -c | sort -rn | awk ‘$1 > 30 {print $2}’ | while read ip; do /sbin/iptables -A INPUT -s $ip -d $HOSTIP -j DROP ; done
else
        # Add more IP addresses to drop to iptables INPUT filter chain
        /usr/sbin/tethereal -i $INTERFACE-a duration:10 2>/dev/null | awk ‘{print $2;print $4}’ | grep -v $BASE | sort | uniq -c | sort -rn | awk ‘$1 > 30 {print $2}’ | while read ip; do /sbin/iptables -A INPUT -s $ip -d $HOSTIP -j DROP ; done

fi 

Posted in Linux basics, scripts | No Comments »

Does this script work for you?

September 28th, 2007 by Mark Gallagher

Recently, we asked our readers to share some of their Linux scripts with us. Our first script comes to us from Diethard Ohrt, who sent us a script named “survf”. He writes:

The script “survf” monitors a file so you can check whether this file is growing (e.g. during ftp transfer). If you link it to the name “survp,” it monitors a running process… when the process terminates it sounds a bell and terminates.

Take a look at survf and give it a try. Diethard adds that he originally wrote it for the Korn shell on a Unix box a few years ago (so you might want to tweak it with “proper, real bash syntax.”)

Thank you, Diethard! To show our appreciation, we are sending you a gift certificate for some Starbucks coffee. Enjoy.

Let us know what you think of the script or send us one of your own. If we use it, you can earn yourself a Starbucks gift certificate plus you’ll be helping out other users.

If you would like some more scripts, check out our tips section. Whether it is help with Linux migrations or managing high-volume CPU processes, our SearchEnterpriseLinux experts help you navigate through the Linux world.

Hope you like the script. Keep them coming.


!/bin/bash

survp/f: primitive process/file surveillance
==================================================
monitors a given process using ps(1)
process may be given by PID or name
if called as "survf", a given file is monitored
("CUP" means "cursor up" ...)
__________________________________________________

PROGNAME=`basename $0`

trap echo -e "\n$PROGNAME: terminated." exit 0 2 15

is_int=0

How have we been called? _________________________
if [ $PROGNAME = survp ]
then
OBJECT=process
CMD="ps -U $LOGNAME | grep $1"
if (( $ != 1 ))
then
echo "usage: $PROGNAME { pid | process_name }"
exit 1
fi
Check: is parameter a number, thus PID?
export item2test=$1
bash -u -c typeset -i NUM=$item2test > /dev/null 2>&1
(( $? == 0 )) && is_int=1
else
invoked as "survf" _____________________________
OBJECT=file
CMD="ls -l $1"
if (( $ != 1 ))
then
echo "usage: $PROGNAME { file_name }"
exit 1
fi
fi

typeset -i STATE=0

echo $PROGNAME: surveillance of $OBJECT $1
echo " (use ^C to terminate)"
CUP=`tput cuu1``tput cuu1`
while [ true ]
do
if [ $OBJECT = process ]
then
if (( $is_int == 0 ))
then
ps -u $LOGNAME | grep $1
STATE=$?
else
ps -fp $item2test
STATE=$?
echo $CUP
fi
else
$CMD
STATE=$?
fi
if (( $STATE != 0 ))
then
echo -e "07\n$PROGNAME: *** ERROR *** $OBJECT $1 not found!"
exit 1
fi
echo $CUP
sleep 10
done

Posted in Linux basics, scripts | 1 Comment »