Robert G. Ferrell's Perl Scripts


whois.pl | dumpdiag.pl | bin_chksums.pl | du_report.pl | sec2date.pl | upper2lower.pl
Web Performance Monitor | df_sum.pl | move_sa.pl | chkpwd.pl

Other Useful Stuff

Protocol Numbers | Acronym Finder | Internet Hoaxes | Security Focus Articles


This is a motley collection of Perl code snippets that I've written over the years as utilities to solve one or more pressing UNIX sys admin issues. They really aren't fancy enough for CPAN, but I thought since I found them useful, someone else might, as well. Take note that these scripts were mostly developed under and for Solaris 2.5.1/2.6/2.7 (SPARC), running Perl 5.002 and above.

Not only will I not be responsible for anything these scripts might do to your systems and/or state of mind, I guarantee you they won't work without some modifications. At least they're free; and I won't even pretend to expect you to credit me if you use them.

Clicking on the link and choosing 'save as' should do it. You'll have to hack each of these to suit your system, of course. I generally create a symbolic link to the script from /usr/local/bin and drop the .pl extension.

I'll add to this from time to time. The latest addition date will always be at the bottom of the page.


whois.pl (revised 2/8/2001)

On December 1, 1999, Network Solutions changed their whois server to whois.networksolutions.com, thereby breaking most, if not all, implementations of the Unix whois utility. This script provides a simple interface to whois that not only specifies the correct server, but allows you to choose from the other most common destinations.

Note that you'll need to change your present whois to whois_old to make this work. If you rename whois to something else, be sure to modify the script accordingly.

Usage: whois [host] target

Where valid host arguments are

a	APNIC
e	RIPE
g 	GOV
m	MIL
n	ARIN
u	NSI
j	Japan NIC
default (no host) is NSI (whois.networksolutions.com)
If n or u options selected, should redirect automatically
to RIPE or APNIC, as appropriate.

dumpdiag.pl

Uses ufsdump to estimate the amount of space necessary to do a full dump of all /dev/dsk/ partitions listed by df. Skips /proc, fd, swap, and anything mounted by vold. Prints PASS/FAIL and total space required, expressed in MB. Set to calculate space based on a 12 GB uncompressed tape (DDS-3), but could be hacked to any size media you like.

Usage: dumpdiag.pl

Example output:

bash-2.03# ./dumpdiag.pl
*****************************************
Analyzing backup space requirements...
/dev/dsk/c0t0d0s0 will require 1620MB
/dev/dsk/c0t0d0s3 will require 744MB
The total space required is 2365MB
Backup = PASS: One 12 GB tape should hold this.

*****************************************

bin_chksums.pl

Runs simple UNIX checksums on files susceptible to named exploits. The first time it is run it will generate checksums and store them inconspicuously. When run again, it generates new checksums and compares them to the archived ones, then emails the person(s) specified in the script if it finds a discrepancy.
CAVEAT: This is not sophisticated security, folks. In fact, it's just one step above no security at all. Wouldn't even slow a determined and skilled cracker down. It's just one possible component of a multifaceted approach that you should take to keeping your UNIX systems secure. For a good start at taking comprehensive security measures, see the SANS Institute's Network Security Roadmap.

Usage: bin_chksums.pl

du_report.pl

This script takes the output from du and extracts the essential information in reverse order of size.

Usage: du_report.pl [directory] [minimum size]

where minimum size is the minimum bytes a directory must contain before you want it listed on the report.

Example output:

bash-2.01# du_report.pl /var 1000

Minimum size for reporting is 1000 bytes
Disk usage, sorted by size:

46658   /var
27278   /var/adm
26362   /var/adm/sa
15962   /var/sadm
10856   /var/sadm/pkg
6964    /var/sadm/pkg/SUNWmfrun
6952    /var/sadm/pkg/SUNWmfrun/save
4894    /var/sadm/install
3476    /var/sadm/pkg/SUNWmfrun/save/105284-12
3474    /var/sadm/pkg/SUNWmfrun/save/105284-15
2514    /var/cron

sec2date.pl

Converts seconds since beginning of the UNIX epoch (1 Jan 1970) to actual date/time. Output is in same format as the UNIX date command. Caveat: This conversion algorithm has a flaw in it somewhere that I've been too lazy to fix. :-/

Usage: sec2date.pl [no. of seconds]

Example output:

bash-2.01# sec2date.pl 123456789

Your time was 1428 days, 21 hours, 33 minutes, and 9 seconds since the beginning of the epoch.
This corresponds to Thu Nov 29 21:33:09 1973.

upper2lower.pl

Converts all file names in a given directory (specified in the script) to lowercase. Useful in ftp-upload situations where automated indexing or some other file name processing occurs that requires lower case names only.

Usage: upper2lower.pl

Web Performance Monitor

This program is actually a suite of three scripts and an HTML file (webhttpd.pl, webtest.pl, webgraph.pl, webgraph.html) that monitors the time it takes to download a target page (by default, the index.html page of the selected Web server) and produces a nice table of the results (not graphics, despite the misleading script name). I developed it in response to a Webmaster who complained that his pages were "downloading too slow," but had no hard data to support that contention. All three scripts and the HTML file that controls them are concatenated onto webgraph.txt, so you'll have to cut the scripts out individually and recreate them as executable Perl files, leaving the rest as webgraph.html. Be sure to change all the relevant file references (grep for "#+#") to match your setup.

Note that webgraph is more useful if you run it from a different machine than the Web server you're trying to monitor, as you get a more accurate picture of HTTP performance. However, you'll have to arrange to have the current number of HTTP connections stored in a file that is accessible to the script, or else allow the script host to access this info directly via something like rexec.

Installation
(You'll need libwww (LWP), which comes in the standard Perl distribution.)

To install, create a cron job that runs webtest.pl on a regular basis (say, every 15 minutes). This will generate the webperf log and the count file. When you want to see the stats page, just hit the "go" button on the recreated webgraph.html. Make sure to change the URL in the "action" field of the form to match your site.

I haven't tested this since I made made the changes for public release, so there's probably a bug or three lurking. Caveat emptor.

Usage: See above

df_sum.pl

This script reports on the total mounted hard disk space, the total available space, and the percentage of swap space relative to total hard disk space. It ignores any space mounted on /vol/*, to avoid reporting on CD-ROMs or floppies mounted by the Solaris Volume Manager (vold).

Usage: df_sum.pl

Example output:

bash-2.01# df_sum

        Total mounted fixed disk space = 4013010 KB (4013 MB)
        Total mounted fixed disk space available = 1972146 KB (1972 MB)

        You have 222620 kb (223 MB) of swap space allocated, which
        represents 5% of the total

move_sa.pl

This script reduces the contents of the /var/adm/sa partition by moving sa data files (not the ASCII text files, sar) to another partition, then creating a symbolic link to them. It could be used to do the same for any group of files in any directory, just hack it to meet your needs. I run it as a cron job at midnight.

Usage: move_sa.pl

Example output:

bash-2.01# move_sa.pl

*******************************************************
New Contents of /u08/var/adm/sa:

total 5626
drwxrwxr-x   2 adm      sys          512 Apr  1 11:38 .
drwxrwxr-x   6 root     sys          512 Mar 28 03:10 ..
-rw-r--r--   1 sys      sys       692968 Apr  1 11:20 sa01
lrwxrwxrwx   1 root     other         17 Mar 29 15:27 sa21 -> /u08/var/adm/sa21
lrwxrwxrwx   1 root     other         17 Mar 29 15:27 sa22 -> /u08/var/adm/sa22
lrwxrwxrwx   1 root     other         17 Mar 29 15:27 sa23 -> /u08/var/adm/sa23
lrwxrwxrwx   1 root     other         17 Mar 29 15:27 sa24 -> /u08/var/adm/sa24
lrwxrwxrwx   1 root     other         17 Mar 29 15:27 sa25 -> /u08/var/adm/sa25
lrwxrwxrwx   1 root     other         17 Mar 29 15:27 sa26 -> /u08/var/adm/sa26
lrwxrwxrwx   1 root     other         17 Mar 29 15:27 sa27 -> /u08/var/adm/sa27
lrwxrwxrwx   1 root     other         17 Mar 29 15:27 sa28 -> /u08/var/adm/sa28
lrwxrwxrwx   1 root     other         17 Apr  1 11:38 sa29 -> /u08/var/adm/sa29
lrwxrwxrwx   1 root     other         17 Apr  1 11:38 sa30 -> /u08/var/adm/sa30
lrwxrwxrwx   1 root     other         17 Apr  1 11:38 sa31 -> /u08/var/adm/sa31
-rw-r--r--   1 sys      sys       351474 Mar 24 18:05 sar24
-rw-r--r--   1 sys      sys       351474 Mar 25 18:05 sar25
-rw-r--r--   1 sys      sys       351474 Mar 26 18:05 sar26
-rw-r--r--   1 sys      sys       351474 Mar 29 18:05 sar29
-rw-r--r--   1 sys      sys       351474 Mar 30 18:05 sar30
-rw-r--r--   1 sys      sys       351474 Mar 31 18:05 sar31


*******************************************************
New status of /var partition:

Filesystem            kbytes    used   avail capacity  Mounted on
/dev/dsk/c1t1d0s3      23839   13367   10449    57%    /var

chkpwd.pl

A simple script that checks the current /etc/password and /etc/shadow files against archived "clean" copies and reports if it finds any differences. You'll have to copy these two files to another directory first, then change the script to reflect your specific setup. I run this script once an hour as a cron job.

You could, of course, have this check any number of files, and do more than just notify someone.

Usage: chkpwd.pl

Example output: N/A


Generally Useful Stuff


Protocol Numbers

Acronym Finder


Common Internet Hoaxes

I've put together a succinct
compendium of many of the more prevalent Internet hoaxes/chain letters/circulating annoyances. It is by no means comprehensive (especially since new ones are always being generated and old ones mutated), but it helps.


And Now For Something Completely Different

See my series Chasing the Wind at
SecurityFocus.com. Ypu can check out my other articles while you're there by choosing "Incident Handling" from the menu on the left, or by simply searching on my name.

Lastly, if you're interested in my personal literary stuff, check out The Plinth.


Back to SAPM




revised 7/28/2001, Robert G. Ferrell