Cooking with Linux—The French Connection
In the last example, I talked about the beleaguered administrator (is there any other kind?) and suggested this might be a useful tool for them as well. What if you are administering that system from far away? Worse yet, this Internet gateway runs on a budget—it's a simple dial-up connection to an ISP running diald and IP masquerading. When trouble strikes, they call you. Trouble means you use TELNET to log in, check things out and fix the problems remotely. Trouble is, the IP is dynamic and changes with each connection to the ISP. The solution this time is the showppp.pl script shown in Listing 2. The script is simple and lives in cgi-bin. Depending on your web server setup, you might want to rename this one showppp.pl.
Setting up a simple Intranet for your users is a breeze. A nice corporate home page with some popular links to the Internet makes it easier on your resources than having each user start up their browser with http://www.cnn.com/ or http://www.excite.com/ as their start page. If your dial-up connection gives you only a fixed number of hours per month, that time can get chewed up very quickly.
Why not use that same page and give your users a link to a script that will display the IP address of your dial-up IP connection without requiring them to log in to your Linux server? Figure 1 shows just such a page.
Every once in a while, the diald process may get hung up. Sometimes the modem has gotten hung up and diald can't seem to drop it. In either case, the easiest way to get life back to normal is to stop diald and restart the process. Since you are operating remotely and want to make this as painless as possible, you can either do the work yourself or talk one of your remote users through the process. It would be so much easier if they could just type one command, rather than doing a ps ax | grep diald while hoping they kill the right PID and not bring your system down. Listing 3 is a little script to do just that. The user simply types:
to get things moving again. You can also use the script to stop diald, start it, or shut it down and start a single instance of mgetty in order to pick up a fax (but that's for another time).
You can use this example as a template to create any number of start, stop or restart scripts. When necessary, you can have trusted users log in to your server and run simple administration scripts like this one without risking damage to your system or the equally ominous possibility of killing an important process like init. After all, kill --1 looks very similar to kill 1, doesn't it?
Remember those great little messages for letting your users know they have mail? How about using that same technique to let you, the administrator, know that some important system event needs your attention? For example, suppose you are constantly battling disk space. Wouldn't it be nice if the system let you know that resources are low? With the next little Perl script (see Listing 4), you can have your Linux system send a pop-up message to your Windows workstation alerting you that system resources are low. This script scans disk partitions and reports to client speedy that disk space usage is over 90%. (See Figure 2.)
The Windows winpopup utility is a great tool for the user who still runs a Windows client but needs to get information sent to him from their Linux servers. This script and the earlier mail notification script highlight this flexibility.
By the way, the next item on the menu, the fly—that's just to get you thinking about other possibilities.
In my business, I've set up a number of Linux internet gateways. To make these installations as inexpensive as possible, we set the machines to dial every half hour or so to pick up mail. That half-hour mark is also our cue to log in using TELNET if we need to do some administration work on the machines. Unfortunately, the time on each machine can vary. How about a way to check the time against some reliable source and adjust the Linux server?
The script in Listing 5 is a bit of Perl magic. It opens a socket on a secondary time server, picks up the time, and closes the socket. This is a nice alternative to NTP in that it does not tax the NTP time server's resources. For that very reason, the NTP rules ask that you do not use primary servers if you don't need to. A link to the “Public NTP Time Servers” page is provided in Resources.
Notice the line in Listing 5 that says remote_host="chime.utoronto.ca";. The host specified here is chime.utoronto.ca, but it could be one of any number of machines which offer primary or secondary time services. Consider the rules, though, and visit the NTP time server page for a system in your area and time zone.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- The US Government and Open-Source Software
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- May 2016 Issue of Linux Journal
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- BitTorrent Inc.'s Sync
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide