1 / 60

Unix Linux Administration II

Unix Linux Administration II. Class 5: Scripting arithmetic, quoting and arguments. Certificates. Scripting conditionals. Agenda. discuss Homework. . vimrc file Secured web directory Master DNS server Ping script. Review last class Unit 1: Scripting quotes & arguments.

hien
Télécharger la présentation

Unix Linux Administration II

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Unix Linux Administration II Class 5: Scripting arithmetic, quoting and arguments. Certificates. Scripting conditionals

  2. Agenda • discuss Homework. • .vimrc file • Secured web directory • Master DNS server • Ping script. • Review last class • Unit 1: Scripting quotes & arguments. • Unit 2: Certificates. • Unit 3: Scripting conditionals. Midterm quiz information.

  3. Homework review • .vimrc • “ comments • set number • secured web directory • enable overrides • create .htaccess file • create .htpasswd file • restart webserver

  4. Homework review • Master DNS zones. • zone name • create zone file • update named.conf • restart named • check logs, pull zone file, • ping script • script template • ping 3 times? • mv output

  5. Review nslookup: deprecated but still exists. dig: preferred replacement for nslookup host: provides a limited set of functions. traceroute and tracepath: provide hop or path details. ping – common initial troubleshooting tool. nscd – name service caching daemon

  6. Review: • Master server maintains zone file and it is stored on disk locally. The master and the slave are authoritative for the zone. • zone files describe the domain, provide SOA details and contain resource record information. • Slave servers store a copy of the zone file but, the file is not managed locally. • zone updates are based on serial number increments. The updates can be full (axfr) incremental (ixfr) or dynamic. • in-addr.arpa is used for reverse records. Contains the PTR records.

  7. Review: Script templates - :r template.sh Variables start with _ or alphabetic character Variables assignment var1=value Re-assign var2=$var1 Rename var3=${var2}.bk Order of operations; variable substitution, file substitution, parse command line.

  8. Class 5, Unit 1 What we are going to cover: • Scripting; arithmetic, quoting and arguments. What you should leave this session with: • Ability to complete basic math in your shell. • Knowledge of your quoting options. • How to pass and shift arguments.

  9. Script bin It may be helpful to create a script directory in your home directory with a bin sub directory. Using this design you can place your scripts into this directory and then add this to your PATH variable. ~<user>/scripts/bin export PATH=${PATH}:/home/user/script/bin

  10. Random script tips Whitespace is ignored on the first line. #! /bin/sh, #!/bin/sh or #! /bin/sh You can set shell options on the first line such as debug #! /bin/sh –x Sometimes you may find scripts with just a dash and no option. This tells the shell that there are no more options. This can prevent some types of spoofing attacks. #! /bin/sh -

  11. Arithmetic in the shell The Portable Operating System Interface (POSIX) standards define a set of Application Programming Interfaces (API), shell, and utility interfaces for UNIX systems. POSIX allows for some basic arithmetic expansion and functions. Including + - * / < > || && etc. Standard syntax is $((expression)) e.g. echo $((2*4))

  12. Shell math cont. Multiple parenthesis can exist within the basic syntax. They expressions are executed in the order you might remember from high school algebra, *pemdas… echo $(( i = ( i + 10 ) * 2 ) Try this in your shell. Now run it again did the value change? If so why? *Please Excuse My Dear Aunt Sally

  13. Shell math cont. Leading and trailing whitespace is valid. • echo $((i=(i + 10)*2)) Or • echo $((i=(i + 10)*2)) The exit status ($?) is true (0) so long as the last expression is a non zero value. Otherwise the exit status is false (1).

  14. Quotes, single, double and on… There are four recognized quotes in shell • \ back slash • ‘ single quote • “ double quote • ` back quote

  15. Back slash \ The backslash can remove the special meaning of the character directly adjacent. echo “The \$PATH value is $PATH” Shell treats a backslash at the end of a line as an argument delimiter. ps –ef \ | wc –l This is often used to break up commands that require multiple lines.

  16. Single Quotes Single quotes tell the shell not to interpolate anything within the quotes. It is like saying set the value to exactly this regardless of the special characters you might see. ulc-231 ~]$ echo '$HOME \\ \$PATH' $HOME \\ \$PATH

  17. Double quotes Double quotes are the opposite of single quotes in that you want the shell to interpolate the contents within the shell [angus@ulc-231 ~]$ echo "$HOME \\ \$PATH" /home/angus \ $PATH

  18. Back quote and command substitution The back quote is used to capture command output like date, ls, ps etc. today=`date` echo $today This can also be done as follows today=$(date) Either is acceptable. *Solaris may need use the latter syntax

  19. More on command substitution You can use cat to store file contents in variables. filecontent=$(cat <file>) echo "$filecontent“ you can also translate characters using echo and tr name="buck rogers" name=$(echo $name | tr '[a-z]' '[A-Z]') echo $name BUCK ROGERS

  20. Enter argument. To argue with a script is not a bad thing. This means to provide a value defined at runtime as a variable for your script. [angus@localhost scripts]$ ./script.sh help

  21. Passing arguments around When passing in arguments to a script the order of the arguments defines the variable ./myscript name1 name2 name3 name4 Within the script $1 = name1 $2 = name2 …

  22. Positional parameters. The shell automatically stores the first argument and subsequent arguments starting at $0 through $9 You can leverage these arguments in your script for the duration of the process. [angus@ulc-231 scripts]$ ./script.sh mon tue What do you think the value of $0 is?

  23. $# what the shell Every time a shell script is run the $# records the number of variable passed to the script. This can be a good way to determine if the script received the expected input.

  24. $* what the shell is this? The $* variable replaces all the arguments passed to the shell. On.sh bob john tom echo $* echo “script only run with first user provided” who | grep $1

  25. Shift my shell variable Shift values off the stack per se’. Here is a simple example using shift, $#, $* [angus@ulc-188 shell]$ ./shifting.sh a b c d + echo 4 a b c d 4 a b c d + shift + echo 3 b c d 3 b c d

  26. Review: basic math syntax $((expression)) most common functions available including bitwise and logcal White space is optional. non-zero final expression return true. Quoting ', ", ` and \ command subsitution user=$(grep -i $name /etc/passwd)

  27. Review: cont. Positional parameters are provided by the shell environment and automatically assign variables to values passed into the script. who who | grep root on.sh root who | grep $1 $# = number of arguments passed to the script. $* = reference all arguments passed to the script $? = Stores the exit value of the script

  28. In class lab 5a • Lab notes for this session can be found here: http://www.ulcert.uw.edu -> Class Content -> InClass labs ->

  29. Class 5, Unit 2 What we are going to cover: • Self signed certificates What you should leave this session with: • How to create self signed certificates • Certificate installation for web servers.

  30. Crypto nerd fantasy and reality. Source: http://xkcd.com/538/

  31. PKI-Bob and Alice in a crowded room. How do Bob and Alice have a private conversation in a crowded room using a mega phone? Both create public/private key pairs They exchange public keys Now they can establish communication by encrypting all communication with the others public key as only the holder of the private key can decrypt the messages. How important is the private key?

  32. Self signed certificates Self signed certificates are just like the public/private keys generated by Bob and Alice. When we create a self signed certificate a user in our case a web client is provided with the public key and if accepted will encrypt the traffic with that key. Ok just the symmetric key they agree on but I digress….

  33. Openssl: self signed certificates Using openssl you can create both the private and public keys or certificates. This means you sign your own public certificate. You are saying, “Trust me, hey I trust me!”. Just like the ssh keys we use for system authentication, private key encryption is optional. If we encrypt the private key for ssl we will have to provide the passphase each time we start up the websever.

  34. Openssl: self-signed. Creating a self signed cert requires: • Cert request • Private key • Public certificate signed by private key. The cert request should also include attributes about the certificate including but not limited to organization, name, city, state, and cn (fqdn).

  35. Openssl: self signed openssl req –x509 –nodes –days 365 –newkey rsa:1024 –keyout cert.key –out cert.crt req = generate cert request nodes = do not encrypt cert days = life of cert newkey = type and length of the certificate. keyout = private key name out = public key path. QUESTION, do you need to root privileges for this action?

  36. Web server configuration Apache web servers typically have a separate ssl.conf file. This file for yum based builds is located under: /etc/httpd/conf.d/ You need to define the path to your public certificate and private key. If the key is passphrase encrypted, you will need to enter this passphrase each time you start the server.

  37. Review: certificates Public certificate and Private key For self-signed certificates you need: • private key • server.key • certificate signing request (csr) • server.csr • public certificate which is based on the newly created csr which is related to the private key. • server.crt Web server ssl configurations: /etc/httpd/conf.d/

  38. In class lab 5b • Lab notes for this session can be found here: http://www.ulcert.uw.edu -> Class Content -> InClass labs ->

  39. Class 5, Unit 3 What we are going to cover: • Scripting and conditionals What you should leave this session with: • How to add decision points to your scripts. • How to enable debug in your scripts.

  40. Indenting • Tabs or Spaces • Be consistent! (possible vimrc setting?). • Helps with legibility • Most languages ignore white space • Good or Bad? ”…code is read much more often than it is written” Python - http://www.python.org/dev/peps/pep-0008/#indentation

  41. Exit status Every time you run a script it produces an exit status. Zero is successful anything else indicates failure. Failures can be caused for lots of reasons. The exit value is stored in $? echo $? What are some ways to create a failed exit status?

  42. The "if" construct "if" is one of the first conditional statements you will probably encounter. You can think of this as "if X then do Y and finish". The if statement must start with "if" and end with "fi". We will see similar constructs in other conditionals later. for example: if [ -f /etc/hosts ]; then echo "a host file exists" fi

  43. How to test string values. You can test an expression for a true or false value using the expression "test". user=$1 if test “$user” == angus; then echo “$user found on system” fi Many test operators are available such as ==, !=, -z string (string is null) –n string (string is NOT null), string (is defined)

  44. Test cont. You can also test for integer values with Returns true (0) if: int1 -eq int2 int1 -ge int2 “great than or equal to” int1 -gt int2 “greater than” int1 -le int2 “less than or equal to” int1 -lt int2 “less than” int1 -ne int2 “not equal to” [ “$value” -eq 0 ]

  45. File tests The file tests expect a single argument, the filename. -d file file is a directory -e file file exists -f file file is an ordinary file -r file file is read only -s file file has nonzero length -w file file is writable by process -x file file is executable -L file file is a symbolic link [ -f /etc/passwd ] is this an ordinary file [ -r /etc/passwd ] Is file readable by process.

  46. Logical operators available. ! Used to negate the value [ ! –r /etc/shadow ] is the file not readable -a performs logical AND of two expressions. [ -f /etc/passwd –a –r /etc/passwd ] BOTH must be true. -o performs logical OR of two expressions. [ -f /etc/passwd –o –r /etc/shadow ] true if EITHER are successful

  47. Parentheses You can use parentheses in a test to alter the order of evaluations however the parentheses must be escaped [ \( “$value” –ge 0 \) –a \( $value –lt 10 \) ]

  48. The else conditional The else statement can expand the if statement. If the first condition is true the second one is skipped. if cmd; then command1 command2 else command1 command2 fi

  49. else example # value passed in from cmd line. user=$1 if who | grep "^$user " > /dev/null; then echo "$user is logged on" else echo "$user is NOT logged on" fi

  50. Exit command Exit allows you to immediately terminate a script. You can pass exit a numeric value also if you want, this become the status code stored by $? if ... else echo "$user is NOT logged on“ exit 2 fi

More Related