book

Automating System Administration with Perl, 2nd Edition

Name: Automating System Administration with Perl, 2nd Edition
Author: David N. Blank-Edelman
ISBN: 9780596006396

by David N. Blank-Edelman

May 2009

Intermediate to advanced

666 pages

24h 32m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Automating System Administration with Perl
Dedication
Preface
What’s New in This Edition?How This Book Is StructuredTypographical ConventionsOperating System Naming ConventionsCoding ConventionsUsing Code ExamplesHow to Contact UsSafari® Books OnlineAcknowledgments from the First EditionAcknowledgments for the Second Edition
1. Introduction
Automation Is a MustHow Perl Can Help YouThis Book Will Show You HowWhat You NeedSome Notes About the Perl Versions Used for This BookWhat About Perl 5.10?What About Strawberry Perl?What About Perl 6?Some Notes About Using Vista with the Code in This BookLocating and Installing ModulesInstalling Modules on UnixInstalling Modules on Win32It’s Not Easy Being OmnipotentDon’t Do ItDrop Your Privileges As Soon As PossibleBe Careful When Reading DataBe Careful When Writing DataAvoid Race ConditionsEnjoyReferences for More Information
2. Filesystems
Perl to the RescueFilesystem DifferencesUnixWindows-Based Operating SystemsMac OS XFilesystem Differences SummaryDealing with Filesystem Differences from PerlWalking or Traversing the Filesystem by HandWalking the Filesystem Using the File::Find ModuleWalking the Filesystem Using the File::Find::Rule ModuleManipulating Disk QuotasEditing Quotas with edquota TrickeryEditing Quotas Using the Quota ModuleEditing NTFS Quotas Under WindowsQuerying Filesystem UsageModule Information for This ChapterReferences for More Information
3. User Accounts
Unix User IdentitiesThe Classic Unix Password FileChanges to the Password File in BSD 4.4 SystemsExtra fields in passwd filesThe binary database formatShadow PasswordsWindows-Based Operating System User IdentitiesWindows User Identity Storage and AccessWindows User ID NumbersWindows Passwords Don’t Play Nice with Unix PasswordsWindows GroupsWindows User RightsBuilding an Account System to Manage UsersThe Backend DatabaseAdding to the account queueThe Low-Level Component LibraryUnix account creation and deletion routinesUnix account creation and deletion routines—a variationWindows account creation and deletion routinesThe Process ScriptsAccount System Wrap-UpModule Information for This ChapterReferences for More InformationUnix Password FilesWindows User Administration
4. User Activity
Process ManagementWindows-Based Operating System Process ControlUsing external binariesUsing the Win32::Process::Info moduleUsing the GUI control modules (Win32::Setupsup and Win32::GuiTest)Using Windows Management Instrumentation (WMI)Unix Process ControlCalling an external programExamining the kernel process structuresUsing the /proc filesystemUsing the Proc::ProcessTable moduleFile and Network OperationsTracking File Operations on WindowsTracking Network Operations on WindowsTracking File and Network Operations in UnixModule Information for This ChapterInstalling Win32::SetupsupReferences for More Information
5. TCP/IP Name and Configuration Services
Host FilesGenerating Host FilesError-Checking the Host File Generation ProcessImproving the Host File OutputIncorporating a Source Code Control SystemNIS, NIS+, and WINSNIS+Windows Internet Name Server (WINS)Domain Name Service (DNS)Generating DNS (BIND) Configuration FilesCreating the administrative headerGenerating multiple configuration filesDNS Checking: An Iterative ApproachUsing nslookupWorking with raw network socketsUsing Net::DNSDHCPActive Probing for Rogue DHCP ServersMonitoring Legitimate DHCP ServersModule Information for This ChapterReferences for More Information
6. Working with Configuration Files
Configuration File FormatsBinaryNaked Delimited DataKey/Value PairsMarkup LanguagesXMLWriting XML from PerlSurvey of best-practice tools to parse and manipulate XML from PerlWorking with XML using XML::SimpleWorking with XML using XML::LibXMLWorking with XML using SAX2 via XML::SAXWorking with XML using a hybrid approach (XML::Twig)YAMLAll-in-One ModulesAdvanced Configuration Storage MechanismsModule Information for This ChapterReferences for More InformationXML and YAML
7. SQL Database Administration
Interacting with a SQL Server from PerlUsing the DBI FrameworkUsing ODBC from Within DBIServer DocumentationMySQL Server via DBIOracle Server via DBIMicrosoft SQL Server via ODBCDatabase LoginsMonitoring Space Usage on a Database ServerModule Information for This ChapterReferences for More InformationDBIMicrosoft SQL ServerODBCOracle

8. Email
Sending MailGetting sendmail (or a Similar Mail Transport Agent)Using the OS-Specific IPC Framework to Drive a Mail ClientSpeaking the Mail Protocols DirectlySending vanilla mail messages with Email::SendSending mail messages with attachments using Email::SendSending HTML mail messages using Email::SendCommon Mistakes in Sending EmailOverzealous Message SendingControlling the frequency of mailControlling the amount of mailSubject Line WasteInsufficient Information in the Message BodyFetching MailTalking POP3 to Fetch MailTalking IMAP4rev1 to Fetch MailProcessing MailDissecting a Single MessageDissecting a Whole MailboxDealing with SpamSpamAssassinFeedback loopsSupport Mail AugmentationModule Information for This ChapterReferences for More Information
9. Directory Services
What’s a Directory?Finger: A Simple Directory ServiceThe WHOIS Directory ServiceLDAP: A Sophisticated Directory ServiceLDAP Programming with PerlThe Initial LDAP ConnectionPerforming LDAP SearchesEntry Representation in PerlAdding Entries with LDIFAdding Entries with Standard LDAP OperationsDeleting EntriesModifying Entry NamesModifying Entry AttributesDeeper LDAP TopicsReferrals and referencesControls and extensionsThe root DSEDSMLPutting It All TogetherActive Directory Service InterfacesADSI BasicsUsing ADSI from PerlDealing with Container/Collection ObjectsIdentifying a Container ObjectSo How Do You Know Anything About an Object?SearchingPerforming Common Tasks Using the WinNT and LDAP NamespacesWorking with Users via ADSIWorking with Groups via ADSIWorking with File Shares via ADSIWorking with Print Queues and Print Jobs via ADSIWorking with Windows-Based Operating System Services via ADSIModule Information for This ChapterReferences for More InformationLDAPADSI
10. Log Files
Reading Text LogsReading Binary Log FilesUsing unpack()Calling an OS (or Someone Else’s) BinaryUsing the OS’s Logging APIStructure of Log File DataDealing with Log File InformationSpace Management of Logging InformationLog rotationCircular bufferingInput blocking in log-processing programsSecurity in log-processing programsLog Parsing and AnalysisStream read-countA simple stream read-count variationRead-remember-processBlack boxesUsing databasesUsing Perl-only databasesUsing Perl-cliented SQL databasesWriting Your Own Log FilesLogging Shortcuts and Formatting HelpBasic/Intermediate Logging FrameworksAdvanced Logging FrameworkModule Information for This ChapterReferences for More Information
11. Security
Noticing Unexpected or Unauthorized ChangesLocal Filesystem ChangesChanges in Data Served Over the NetworkNoticing Suspicious ActivitiesLocal Signs of PerilFinding Problematic PatternsDanger on the Wire, or “Perl Saves the Day”Preventing Suspicious ActivitiesSuggest Better PasswordsReject Bad PasswordsModule Information for This ChapterReferences for More Information
12. SNMP
Using SNMP from PerlSending and Receiving SNMP Traps, Notifications, and InformsAlternative SNMP Programming InterfacesModule Information for This ChapterReferences for More Information
13. Network Mapping and Monitoring
Network MappingDiscovering HostsDiscovering Network ServicesPhysical LocationObservation 1: Proximity can helpObservation 2: Conventions can helpPresenting the InformationTextual Presentation ToolsGraphical Presentation ToolsUsing the GD::Graph module familyUsing GraphVizUsing RRDtoolMonitoring FrameworksExtending Existing Monitoring PackagesXymonMonNagiosWhat’s Left?Module Information for This ChapterReferences for More Information
14. Experiential Learning
Playing with TimelinesTask One: Parsing crontab FilesTask Two: Displaying the TimelineTask Three: Writing Out the Correct XML FilePutting It All TogetherSummary: What Can We Learn from This?Playing with GeocodingGeocoding from Postal AddressesGeocoding from IP AddressesSummary: What Can We Learn from This?Playing with an MP3 CollectionSummary: What Can We Learn from This?One Final ExplorationPart One: Retrieving the Wiki Page with WWW::MechanizePart Two: Extracting the DataPart Three: Geocoding and Mapping the DataSummary: What Can We Learn from This?Remember to PlayModule Information for This ChapterSource Material for This Chapter
A. The Eight-Minute XML Tutorial
XML Is a Markup LanguageXML Is PickyTwo Key XML TermsLeftoversReferences for More Information
B. The 10-Minute XPath Tutorial
XPath Basic ConceptsBasic Location PathsPredicatesAbbreviations and AxesFurther ExplorationReferences for More Information
C. The 10-Minute LDAP Tutorial
LDAP Data Organization
D. The 15-Minute SQL Tutorial
Creating/Deleting Databases and TablesInserting Data into a TableQuerying InformationRetrieving All of the Rows in a TableRetrieving a Subset of the Rows in a TableSimple Manipulation of Data Returned by QueriesAdding the Query Results to Another TableChanging Table InformationRelating Tables to Each OtherSQL StragglersViewsCursorsStored Procedures
E. The Five-Minute RCS Tutorial
References for More Information
F. The Two-Minute VBScript-to-Perl Tutorial
Translation TacticsTactic 1: Loading Your ModulesTactic 2: Referencing an ObjectTactic 3: Accessing Object Properties Using the Hash Dereference SyntaxTactic 4: Dealing with Container ObjectsTactic 5: Converting Method InvocationsTactic 6: Dealing with ConstantsReferences for More Information
G. The 20-Minute SNMP Tutorial
SNMP in Practice
Index
About the Author
Colophon
Copyright

Content preview from Automating System Administration with Perl, 2nd Edition

Chapter 11. Security

Any discussion of security is fraught with peril, for at least three reasons:

Security means different things to different people. If you walked into a conference of Greco-Roman scholars and asked about Rome, the first scholar might rise dramatically to her feet and begin to lecture about aqueducts (infrastructure and delivery), while the second focused on Pax Romana (ideology and policies), a third expounded on the Roman legions (enforcement), a fourth on the Roman Senate (administration), and so on. The need to deal with every facet of security at once is security’s first trap.
Security is a continuum, not a binary. People often mistakenly think that a program, a computer, a network, etc. can be “secure.” This chapter will never claim to show you how to make anything secure, though it will try to help you to make something more secure, or at least to recognize when something is less secure.
Finally, one of the most deadly traps in this business is specificity. It is true that you can often address security issues by paying attention to the details, but the set of details is ever-shifting. Patching security holes A, B, and C only ensures that those particular holes will not be a problem—if the patches work as promised. It does nothing to help when hole D is found. That’s why this chapter will focus on general principles and tools for improving security, rather than telling you how to fix any particular buffer overflow, vulnerable registry key, or world-writable ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780596801892Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Automating System Administration with Perl, 2nd Edition

by David N. Blank-Edelman

Chapter 11. Security

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.