Unix Linux Administration II

Download Report

Transcript Unix Linux Administration II

Unix Linux
Administration II
Class 10: Shell prompts and
functions.
Agenda
 discuss
Homework.
 Unit 1: shell prompts and functions.
 Unit 2: Nagios
Homework review
Installing postfix.
Problems with sending mail to local hosts.
Sending mail between external hosts (gmail,
Hotmail, Comcast, etc).
Postgrey installs.
Review:
switch between postfix and sendmail using
/usr/sbin/alternatives --config mta
Config files under /etc/postfix
 primary config file main.cf
postfix leverages the same alisese file as sendmail
/etc/aliases
smarthost, central host for managing mail delivery.
postfix like sendmail only listens on the loopback
address by default.
postfix like sendmail supports TLS for encrypting
mail transport.
Review: class restrictions
ube, unsolicited bulk email
uce, unsolicited commercial email
or SPAM
smtpd helo restrictions: force connections to
identify themselves.
smtpd sender restrictions, reject mail from nonFQDN hosts, reject mail without an A or MX
record, reject non standard mail
smtpd recipient restrictions, disable bulk deliveries,
reject mail without a fqdn for recipient,
Review: black/white/grey listing
White list: user allowed
Black list: account rejected
Real time blacklist or DNS black lists
 bl.spamcop.net
Grey listing: delay mail.
 Postgrey: a policy server used to greylist for
the MTA. Postgrey reviews the request and
temporarily rejects mail not seen before.
Class 10, Unit 1
What we are going to cover:
 Prompts, parameters and functions.
What you should leave this session with:
 How to modify your default prompt
 Using parameter substitution for patern
matching.
 Creating functions in your scripts.
Command prompt PS1
How your prompt is displayed is defined by the
environment variable PS1.
you can see the current setting using echo:
echo $PS1
[\u@\h \W]\$
You can of course change this environment variable
temporarily using export
$PS1="[\u@\h \@ ]"
This will add time to your prompt.
if you want to keep this add it to your .profile or
.bashrc
Parameter substitution
Remember that we can rename files using ${var}.old
for example.
But we can also use failsafe options such as if a
variable is not already defined, define it.
${parameter:-value}
In this example if the value of "parameter" is null
then it will be replaced with the value provided.
This may be found in your apachectl scripts as:
httpd=${HTTPD:-/usr/sbin/httpd}
Pattern matching Constructs
The POSIX shell provides four parameter
substitution constructs that perform pattern
matching.
The construct takes two arguments, a
variable name and a pattern.
If the pattern is a match then the shell
substitutes the value of the variable on the
command line.
Pattern :${variable%pattern}
${variable%pattern} - looks to find a match at the
end of the variable, if found the contents of the
variable are substituted on the command line for
the shortest matching pattern.
var=testcase
echo $var
testcase
echo ${var%e}
testcas
Pattern :${variable%%pattern}
${variable%%pattern} - just like before but it will
match the LONGEST pattern assuming the * is
used in the pattern otherwise it is just like the
single percent version.
var=testcase
echo $var
testcase
echo ${var%%a*e}
testc
Pattern :${variable#pattern}

${variable#pattern} - substitute the value
of the variable on the command line with
the pattern removed from the left.
var=testcase
echo $var
testcase
echo ${var#?e}
stcase
Pattern :${variable##pattern}
${variable##pattern} - just like the single
hash version but it substitutes the
LONGEST pattern on the left.
var=testcase
echo $var
testcase
echo ${var##*c}
ase
IFS Internal Field Separator
IFS - The shell uses this value when parsing
input from the read command, output from
command substitution and when performing
variable substation.
This is the list of characters that act as word
separators typically set to space, tab and
newline.
echo "IFS${IFS}"
Functions.
functions - standard format is
name () {
command; }
We have seen examples in some scripts this
quarter for our "usage" statements. Anytime you
find yourself writing the same logic twice you
should probably consider using a function.
Functions cont.
once a function is defined you can execute it
just like any other command.
functions only exist in the shell they were
defined within, they cannot be exported to
sub-shells. However, you could put common
functions into your .profile if desired.
you can remove a function from a shell using
unset -f {function name}
Review
Your shell prompt is controlled by PS1, you can
use many shortcuts to customize this value. \u \W
\h \@ and more.
Parameter substitution allows you to temporarily
change a value. Or set a default value as we saw
with:
httpd=${HTTPD:-/usr/sbin/httpd}
IFS defines the internal field separators which are
usually tab, whitespace and newline.
Review
Functions allow you to write code once and
reuse it multiple times. The standard format
is:
name () {
command; }
We have seen usage statement examples
quarter.
In class lab 10a

Lab notes for this session can be found
here: http://www.ulcert.uw.edu -> Class
Content -> InClass labs ->
Class 10, Unit 2
What we are going to cover:
 Nagios
What you should leave this session with:
 Basic install.
 How to add resources to monitor.
Nagios history
Born from Netstaint Nagios is a open source
network monitoring solution. Published by
FSF under the GNU General Public
License.
Currently maintained by Ethan Galstad,
Nagios is an acronym for “Nagios Ain’t
Gonna Insist On Sainthood.
Nagios monitoring
There are two types of monitoring
 System monitoring: checking for local stats
such as cpu, memory, disk space etc.
 Network monitoring: using a central
machine to check the status of remote
services like web servers, mail servers,
applications etc.
Nagios components
Nagios daemon - responsible for managing
the web interface and running the various
checks.
Nagios plug-ins - collection of scripts for
checking various services.
So to run Nagios you just need the daemon
running and a Nagios plugin defined.
Primary config
<nagroot>/etc/nagios.cfg
This file is read by nagios every time it is
started up.
Lots of options defined within this file including
resources (variables), configuration
locations, object definitions, etc.
Verify the nagios configuration using:
<nagroot>/bin/nagios –v <nagroot>/etc/nagios.cfg
Nagios cgi.cfg
The web interface for Nagios is based on
CGI scripts. The configuration file for
these can be found under
<nagroot>/etc/nagios/cgi.cfg
Objects
Objects define what Nagios will check.
Objects are defined for hosts, services,
contacts, etc.
A host object provides a mapping between a
IP address and a name. A service defines
a given process on a host that Nagios will
monitor.
Object files are stored under
<nagroot>/etc/nagios/objects
localhost.cfg is a good example to review
when defining new objects.
Templates
All templates are defined in the templates.cfg
file. There are templates definitions for
contact, host, and service objects.
Templates and objects look very similar. The
primary difference is that templates have a
register value of 0, meaning this can only be
used as a Template and not an active object.
Templates can be chained together based on
inheritance.
Contacts and notifications
When things change on your network that Nagios
monitors you will be informed based on the
notifications defined for that object.
Check the contact.cfg for contact groups
Contact options include email, SMS messages,
pagers and anything else you care to configure
Timeperiods.cfg defines just what you might
expect.
Advanced Nagios features
There are local services that can be installed
to monitor host system more closely
Nagios can accept updates from external
sources such as SNMP traps.
Nagios can be configured to understand
relationships between hosts and services.
Nagios can be integrated with Splunk.
Commercial support is available for Nagios.
Installing Nagios
You can install Nagios using Yum if you
enable 3rd party repositories
But to allow for more control over the builds
we will compile Nagios locally from source.
That said using 3rd party repositories prepackaged build for Nagios can be a
reasonable option in many cases.
Sample host definition.
# Define a host for the local machine
define host{
use
linux-server ; Name of host template to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name localhost
alias
localhost
address
127.0.0.1
}
Sample host check
Review the localhost.cfg for sample configs
This is a sample ping test
define service{
use local-service ; Name of service template
host_name
localhost
service_description
PING
check_command check_ping! 100.0,20%!500.0,60%
}
Update, test config and reload
Once you have a new config in place update your
nagios.cfg file to reflect the new object if necessary.
New files under cfg_dir=/usr/local/nagios/etc/conf.d
do not need an explict defintion.
Test your new configuration
/usr/local/nagios/bin/nagios –v nagios.cfg
Restart nagios
/sbin/service nagios restart
Check the web admin for the new object.
Review:
Started out as Netsaint
Provides system and network monitoring
Components include Nagios daemon and plug-ins
Primary configuration <nagroot>/etc/nagios.cfg
<nagroot>/bin/nagios –v <nagroot>/etc/nagios.cfg
Web configuration located <nagroot>/etc/nagios/cgi.cfg
Objects define what Nagios will check.
Templates similar to objects but not used for active
checks.
Local Nagios agents can provide more detailed
monitoring
Nagios be configured to understand system relationships.
Commercial support is available for Nagios.
In class lab 10b

Lab notes for this session can be found
here: http://www.ulcert.uw.edu -> Class
Content -> InClass labs ->
Homework
Final for this quarter will be posted later
tonight. It is basically another homework
assignment but with a few less details.
However you can use your notes, google,
call a friend etc. It should all be things we
have covered this quarter.