1 / 14

System Administration HW2 Shell Script

System Administration HW2 Shell Script. xclin. Requirements. Xferlog statistics (15%) use one-line command to show FTP transfer statistics watch script (35%) execute program periodically and show output fullscreen A simple log analyzer (100%). Xferlog statistics.

jonas-harvey
Télécharger la présentation

System Administration HW2 Shell Script

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. System Administration HW2Shell Script xclin

  2. Requirements • Xferlog statistics (15%) • use one-line command to show FTP transfer statistics • watch script (35%) • execute program periodically and show output fullscreen • A simple log analyzer (100%)

  3. Xferlog statistics • Use one-line command to show FTP transfer statistics • For each file in xferlog • Print transfers counts and total byte • Result should be sorted by count and byte descending • Output format (count bytes path) • 12 121231 /path-to-file1 • 11 1213 /path-to-file2 • 11 121 /path-to-file3 • 10 12345 /path-to-file4 • Only cmd | cmd or `cmd` are allowed • No && || > >> < and temp file

  4. Watch • Execute a program periodically, showing output fullscreen • Easy to monitor some information • “systat –ifstat” shows network interface statistics • When copy a file, there is no built-in command to show progress Use “watch ls” to find out how may byte has copied • Watch is a built-in command in Linux but FreeBSD’s watch command has another functionality

  5. Watch script • Write a script to execute program periodically • Syntax watch.sh [ -i interval ] cmd | -f file-to-cmd-list • Basic function ………………………10% • Portinstall stat script …………………5% • customized monitoring script ………..5% • Anti-blank …………………………..10% • Cut off out-of-screen data ……………5% • No temp files are allowed

  6. Watch portinstall • Portinstall can gather port dependency and show install progress in proctitle • Write a script to monitor portinstall and run by watch.sh –f cmd-file

  7. A simple log analyzer • Write a user-friendly log analyser by using dialog(1) • Use menubox to choose which log file to read (all.log, messages, xferlog, user input path) and which filter to apply • Show all ………………………………………..5% • Search keyword ………………………………..5% • User specified filiting command and replace inputted %file% to real path …….10% • Show sshd bruteforce attempt ………………..20% • Syslog priority selection ……………………..10% • Merge with archived log files ………………..10%

  8. A simple log analyzer • Give a option of IP lists that shown in 4. and generate a firewall script that block user selected IPs ………………10% • Customized filiter …………………………..max 30% • Your script should provide basic functions (1~4) • Must delete temp file when exit

  9. SSH bruteforce • Oct 15 12:33:24 NASA sshd[93293]: error: PAM: authentication error for root from 124.107.32.54 • Oct 15 12:33:52 NASA sshd[93296]: error: PAM: authentication error for root from 220.165.9.232 • Oct 15 12:34:43 NASA sshd[93299]: error: PAM: authentication error for root from 76.70.31.196 • Oct 15 12:35:22 NASA sshd[93304]: error: PAM: authentication error for root from 114.143.242.51 • Oct 15 12:36:08 NASA sshd[93307]: error: PAM: authentication error for root from 82.160.33.5 • Oct 15 12:37:04 NASA sshd[93310]: error: PAM: authentication error for root from 85.185.74.218 • Oct 15 12:37:59 NASA sshd[93313]: error: PAM: authentication error for root from 74.239.115.130 • Oct 15 12:39:50 NASA sshd[93316]: error: PAM: authentication error for root from 65.33.2.11 • Oct 15 12:40:44 NASA sshd[93321]: error: PAM: authentication error for root from 84.74.21.119 • Oct 15 12:41:58 NASA sshd[93326]: error: PAM: authentication error for root from 207.250.220.196 • Oct 15 12:42:46 NASA sshd[93329]: error: PAM: authentication error for root from 125.244.82.2 • Oct 20 01:50:46 NASA sshd[5991]: Invalid user raimundo from 61.152.201.74 • Oct 20 01:50:54 NASA sshd[5993]: Invalid user joan from 61.152.201.74 • Oct 20 01:51:03 NASA sshd[5995]: Invalid user johan from 61.152.201.74 • Oct 20 01:51:11 NASA sshd[5997]: Invalid user sebastian from 61.152.201.74 • Oct 20 01:51:19 NASA sshd[5999]: Invalid user agata from 61.152.201.74 • Oct 20 01:51:26 NASA sshd[6001]: Invalid user administrator from 61.152.201.74 • Oct 20 01:51:43 NASA sshd[6006]: Invalid user alexandre from 61.152.201.74

  10. Syslog priority selection • Syslog has different priority e.g. critical, error… • Use checklist to choose which priority to display • Some log message has no priority • Oct 6 04:08:49 XXXX sshd[80329]: error: PAM: authentication error for root from 123.231.37.127 • Oct 6 04:10:12 XXXX sshd[80465]: warning: /etc/hosts.allow, line 2: can't verify hostname: getaddrinfo(5.72-43-196.Musoma.juasun.net, AF_INET) failed • Oct 15 10:04:51 XXXX proftpd[26985]: yyyyyyy (218.25.25.206[218.25.25.206]) - Session timed out, disconnected • Oct 15 12:40:37 XXXX sshd[27228]: fatal: Read from socket failed: Connection reset by peer

  11. How to collect all log • Uncomment #*.* /var/log/all.log in /etc/syslog.conf • touch & chmod /var/log/all.log to 600 • Restart syslogd

  12. Merge with archived log files • Once a user selected a log file, search for archived log • Use checklist to determine which file to read

  13. How to hand-in • Due 2009-11-10 18:30:00 • Demo & How: TBD

  14. Penalty • 1 week 80% • 2 week 70% • 3 week 60% • …….

More Related