First commit

LICENSE.txt

@@ -0,0 +1,27 @@
+Freeware License, some rights reserved
+
+Copyright (c) 2009 Nathan Campi and Kirk Bauer
+
+Permission is hereby granted, free of charge, to anyone obtaining a copy 
+of this software and associated documentation files (the "Software"), 
+to work with the Software within the limits of freeware distribution and fair use. 
+This includes the rights to use, copy, and modify the Software for personal use. 
+Users are also allowed and encouraged to submit corrections and modifications 
+to the Software for the benefit of other users.
+
+It is not allowed to reuse,  modify, or redistribute the Software for 
+commercial use in any way, or for a user�s educational materials such as books 
+or blog articles without prior permission from the copyright holder. 
+
+The above copyright notice and this permission notice need to be included 
+in all copies or substantial portions of the software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS OR APRESS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+

README.md

@@ -0,0 +1,15 @@
+#Apress Source Code
+
+This repository accompanies [*Automating Linux and Unix System Administration*](http://www.apress.com/9781430210597) by Nathan Campi and Kirk Bauer (Apress, 2009).
+
+![Cover image](9781430210597.jpg)
+
+Download the files as a zip using the green button, or clone the repository to your machine using Git.
+
+##Releases
+
+Release v1.0 corresponds to the code in the published book, without corrections or updates.
+
+##Contributions
+
+See the file Contributing.md for more information on how you can contribute to this repository.

contributing.md

@@ -0,0 +1,14 @@
+# Contributing to Apress Source Code
+
+Copyright for Apress source code belongs to the author(s). However, under fair use you are encouraged to fork and contribute minor corrections and updates for the benefit of the author(s) and other readers.
+
+## How to Contribute
+
+1. Make sure you have a GitHub account.
+2. Fork the repository for the relevant book.
+3. Create a new branch on which to make your change, e.g. 
+`git checkout -b my_code_contribution`
+4. Commit your change. Include a commit message describing the correction. Please note that if your commit message is not clear, the correction will not be accepted.
+5. Submit a pull request.
+
+Thank you for your contribution!

source_code/Appendix_a/bash_example.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Ask the user for a directory
+echo "Please enter a directory name:"
+read input
+
+# Now, show the contents of that directory
+echo
+echo "Contents of directory $input:"
+ls $input

source_code/Appendix_a/perl_example.pl

@@ -0,0 +1,29 @@
+#!/usr/bin/perl -w
+use strict;
+
+# First, ask user for a directory
+print "Please enter a directory name: ";
+
+# Use 'my' to declare variables 
+# Use the <> operators to read a line from STDIN
+my $dir = <STDIN>;
+
+# Now, use the 'chomp' function to remove the carriage return 
+chomp($dir);
+
+# First, do a dir listing by executing the 'ls' command directly
+print "\nCalling system ls function:\n";
+# The 'system' function will execute any shell command
+system("ls $dir");
+
+# Next, do a dir listing using internal Perl commands
+# The 'die' function will cause the script to abort if the 
+# 'opendir' function call fails
+print "\nListing directory internally:\n";
+opendir(DIR, $dir) or die "Could not find directory: $dir\n";
+my $entry;
+# Now, read each entry, one at a time, into the $entry variable
+while ($entry = readdir(DIR)) {
+   print "$entry\n";
+}
+closedir(DIR);

source_code/Appendix_b/cf.detect_niagara_proc

@@ -0,0 +1,9 @@
+control:
+	sunos_sun4v::
+		addinstallable = ( niagara_t1_proc )
+		actionsequence = ( module:detect_niagara )
+
+shellcommands:
+	sunos_sun4v.niagara_t1_proc::
+		"/bin/echo hello world - I have a Niagara processor with $(num_cores) threads"
+

source_code/Appendix_b/module-detect_niagara

@@ -0,0 +1,9 @@
+#!/bin/sh
+PATH=/bin:/usr/bin
+
+if /usr/platform/sun4v/sbin/prtdiag | grep UltraSPARC-T1 >/dev/null
+then
+	NUM_CORES=`/usr/platform/sun4v/sbin/prtdiag | grep UltraSPARC-T1 | wc -l | sed 's/^[ \t]*//' `
+	echo "+niagara_t1_proc"
+	echo "=num_cores=$NUM_CORES"
+fi

source_code/Chapter02/adduser_v2.sh

@@ -0,0 +1,28 @@
+#!/bin/sh
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+REQUIRED_HOST=adminhost1
+
+usage() {
+	echo "Usage: $0 account_name"
+	echo "Make sure this is run on the host: $REQUIRED_HOST"
+	exit 1
+}
+
+MYHOSTNAME=`hostname`
+
+[ -n "$1" -a $MYHOSTNAME == $REQUIRED_HOST ] || usage
+
+USERNAME=$1
+
+useradd -m $USERNAME || exit 1
+cp /opt/admin/etc/skel/.bash* /home/$USERNAME/ || exit 1
+
+/usr/bin/mailx -s "Welcome to our site" ${1}@example.net <<EOF
+The SA team has created an account for you on the UNIX systems.
+You have a default password that's unique to your account,
+which will need to be changed upon initial login.
+The system will force this password change.
+
+Please call the SA help desk at 555-1212 in order to receive your
+password, and to ask any questions that you may have.
+EOF

source_code/Chapter02/adduser_v3.sh

@@ -0,0 +1,47 @@
+#!/bin/sh
+# Written by ncampi 05/26/08 for new UNIX user account creation
+# WARNING!!!! If you attempt to run this for an existing username,
+# it will probably delete that user and all their files!
+# Think about adding logic to prevent this.
+
+# set the path for safety and security
+PATH=/usr/sbin:/bin:/usr/bin
+
+# update me if we fail over or rebuild/rename the admin host
+REQUIRED_HOST=adminhost1
+
+usage() {
+	echo "Usage: $0 account_name"
+	echo "Make sure this is run on the host: $REQUIRED_HOST"
+	exit 1
+}
+
+die() {
+	echo ""
+	echo "$*"
+	echo ""
+	echo "Attempting removal of user account and exiting now."
+	userdel -rf $USERNAME
+	exit 1
+}
+
+MYHOSTNAME=`hostname`
+
+[ -n "$1" -a $MYHOSTNAME == $REQUIRED_HOST ] || usage
+
+USERNAME=$1
+
+useradd -m $USERNAME || die "useradd command failed."
+cp /opt/admin/etc/skel/.bash* /home/$USERNAME/ || \
+die "Copy of skeleton files failed."
+
+/usr/bin/mailx -s "Welcome to our site" ${1}@example.net <<EOF
+
+The SA team has created an account for you on the UNIX systems.
+You have a default password that's unique to your account,
+which will need to be changed upon initial login. The system will
+force this password change upon your first login.
+
+Please visit the SA help desk in order to receive your password,
+and to ask any questions that you may have.
+EOF

source_code/Chapter03/account-ssh-setup.pl

@@ -0,0 +1,117 @@
+#!/usr/bin/perl -w
+use strict;
+
+# Set the location of the configuration file here
+my $config = "/usr/local/etc/ssh/accounts";
+
+# Where the key fingerprints will be stored
+# (for purposes of log analysis)
+my $prints = "/usr/local/etc/ssh/prints";
+
+# Set the path to a user's public key relative to
+# their home directory
+my $public_key = ".ssh/id_rsa.pub";
+
+# This function takes one scalar parameter (hence the $
+# within the parenthesis). The parameter is stored in
+# the local variable $username. The home directory
+# is returned, or undef is returned if the user does
+# not exist.
+
+sub GetHomeDir ($) {
+	my ($username) = @_;
+	my $homedir = (getpwnam($username))[7];
+	unless ($homedir) {
+		print STDERR "Account $username doesn't exist!\n";
+	}
+	return $homedir;
+}
+
+# This function takes in an account and the home directory and logs
+# the key fingerprint (by running ssh-keygen -l), which has output:
+# 2048 85:2c:6e:cb:f6:e1:39:66:99:15:b1:20:9e:4a:00:bc ...
+sub StorePrint ($$) {
+	my ($account, $homedir) = @_;
+	my $print = `ssh-keygen-l -f $homedir/$public_key`;
+	# Remove the carriage return
+	chomp($print);
+	# Keep the fingerprint only
+	$print =~ s/^\d+ ([0-9a-f:]+).*$/$1/;
+	print PRINTS "$account $print\n";
+}
+
+# This function takes one line from the config file and
+# sets up that specific account.
+	sub ProcessLine ($) {
+	my ($line) = @_;
+	# A colon separates the account name and the users with access
+	my ($account, $users) = split (/:/, $line);
+	my $homedir = GetHomeDir($account);
+	return unless ($homedir);
+
+	print "Account $account: ";
+
+	# First, make sure the directory exists, is owned
+	# by root, and is only accessible by root
+	my $group = 0;
+
+	if (-d "$homedir/.ssh") {
+		$group = (stat("$homedir/.ssh"))[5];
+		system("chown root:root $homedir/.ssh");
+		system("chmod 0700 $homedir/.ssh");
+	} else {
+		mkdir("$homedir/.ssh", 0700);
+	}
+
+	# Remove the existing file
+	unlink ("$homedir/.ssh/authorized_keys");
+
+	# Create the new file by appending other users' public keys
+	my ($user, $homedir2);
+	foreach $user (split /,/, $users) {
+		# Get this other user's home directory too
+		$homedir2 = GetHomeDir($user);
+		next unless ($homedir2);
+
+		if ((not -f "$homedir2/$public_key") or
+			( -l "$homedir2/$public_key") ) {
+			print "\nUser $user public key not found or not a file!\n";
+			next;
+		}
+		print "$user ";
+		my $outfile = "$homedir/.ssh/authorized_keys";
+		system("cat $homedir2/$public_key >> $outfile");
+		StorePrint($user, $homedir2);
+	}
+	print "\n";
+
+	# Now, fix the permissions to their proper values
+	system("chmod 0600 $homedir/.ssh/authorized_keys");
+	system("chown $account $homedir/.ssh/authorized_keys");
+	system("chown $account $homedir/.ssh");
+	if ($group) {
+		# We saved its previous group ownership... restore it.
+		system("chgrp $group $homedir/.ssh");
+	}
+}
+
+# Open the fingerprint file
+open (PRINTS, ">$prints") or die "Can't create $prints: $!\n";
+
+# Open the config file and process each non-empty line
+open (CONF, "$config") or die "Can't open $config: $!\n";
+my $line;
+# The angle operators (<>) read one line at a time
+while ($line = <CONF>) {
+	chomp($line);
+	# Remove any comments
+	$line =~ s/\#.*$//;
+	# Remove leading and trailing whitespace
+	$line =~ s/^\s+//;
+	$line =~ s/\s+$//;
+	# Process the line (if anything is left)
+	$line and ProcessLine($line);
+}
+close (CONF);
+close (PRINTS);
+exit 0;

source_code/Chapter03/load_key_run_commands.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Start the agent (don't display PID)
+eval `ssh-agent` >/dev/null
+# Now, ask for the key once
+ssh-add
+
+# Now, perform a bunch of SSH operations
+ssh host1 'command1'
+ssh host1 'command2'
+ssh host2 'command3'
+
+# Finally, kill the agent and exit
+kill $SSH_AGENT_PID
+exit 0

source_code/Chapter03/sshreport.pl

@@ -0,0 +1,48 @@
+#!/usr/bin/perl -w
+use strict;
+
+# The logfile to analyze by default on a RedHat-based system
+my $log = "/var/log/secure";
+
+# Where the key fingerprints are stored
+my $prints = "/usr/local/etc/ssh/prints";
+
+# First, read and store the fingerprints in a hash table
+# Duplicate lines will not hurt anything
+open (PRINTS, "$prints") or die "Can't open $prints: $!\n";
+my (%Prints, $line);
+while ($line = <PRINTS>) {
+	chomp($line);
+	my ($account, $print) = split / /, $line;
+	$Prints{$print} = $account;
+}
+close (PRINTS);
+
+# Open the logfile and process each line
+# Store results in a two-tier hash table
+open (LOG, "$log") or die "Can't open $log: $!\n";
+my (%Results, $user);
+while ($line = <LOG>) {
+	chomp ($line);
+	if ($line =~ /Found matching \S+ key: ([0-9a-f:]+)/) {
+		# Determine user from print-lookup hash (if possible)
+		if ($Prints{$1}) {
+			$user = $Prints{$1};
+		} else {
+			$user = 'Unknown';
+		}
+	} elsif ($line =~ /Accepted publickey for (\S+)/) {
+		$Results{$1}{$user}++;
+	}
+}
+close (LOG);
+
+# Display the results
+my $account;
+foreach $account (keys %Results) {
+	print "$account:\n";
+	foreach $user (keys %{$Results{$account}}) {
+		print " $user: $Results{$account}{$user} connection(s)\n";
+	}
+}
+exit 0;