LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 05-01-2008, 05:48 PM   #16
cocchiararo
LQ Newbie
 
Registered: Apr 2008
Posts: 29

Original Poster
Rep: Reputation: 15

well, we dont have the tcpdump command (does it come with debian etch ?, if it doesnt, we cant use it for this)

hiding the error worked tho xD
 
Old 05-01-2008, 07:08 PM   #17
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,269

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
To be more explicit
/usr/sbin/tcpdump
 
Old 05-01-2008, 07:30 PM   #18
cocchiararo
LQ Newbie
 
Registered: Apr 2008
Posts: 29

Original Poster
Rep: Reputation: 15
well, its not there :P
 
Old 05-01-2008, 08:48 PM   #19
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,269

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
Here ya go: http://packages.debian.org/tcpdump
 
Old 05-01-2008, 08:52 PM   #20
cocchiararo
LQ Newbie
 
Registered: Apr 2008
Posts: 29

Original Poster
Rep: Reputation: 15
i have to ask if we are allowed to install packages that were not provided (thats why i kept saying that i didnt have it, instead of trying to get it :P )

if we are allowed to download packages and installe them (when we execute "make instalar"), ill check it.
 
Old 05-01-2008, 10:10 PM   #21
cocchiararo
LQ Newbie
 
Registered: Apr 2008
Posts: 29

Original Poster
Rep: Reputation: 15
ok, my teammate gave me this:
#!/bin/bash
Code:
case $1 in 
procesar) Cant_Paq=`netstat -s | awk '{if (NR == 6){print $1}}'`
	  if [ $Cant_Paq -gt $MAX_PAQ ]; then
	  netstat --ip -np 2> /dev/null > network
	  ps -o pid= | while read PID
 	  do
	  Proc=`cat network | grep $PID`
	  if [ "$Proc" != "" ]; then
	  echo "$Proc"
	  kill $PID
	  fi
	  done;;
informacion) echo "El maximo numero de paquetes permitido es $MAX_PAQ"
	     echo "Numero de paquetes salientes:" `netstat -s | awk '{if (NR == 7){print $1}}'`;;
iniciar) export MAX_PAQ=`cat /etc/michelle/modulos/red/config/$USER`;;
detener) export -n MAX_PAQ;;
esac
exit 0
he was really happy, until he understood (or so he thinks) that the info that he gets from netstat (about outgoing packets) is always "growing", each time theres an outgoing packet, the number netstat -s gives, grows by 1, and it wont go down when a proces that was osing a socket is killed.

so we once again find ourselves without knowing how to work with sockets and this problem, and still have no answer from the university if we can download and install (and use) tcpdump yet.
 
Old 05-03-2008, 04:05 PM   #22
cocchiararo
LQ Newbie
 
Registered: Apr 2008
Posts: 29

Original Poster
Rep: Reputation: 15
ok, we are "almost" done, we have finished everything but:

net limiter module
socket limitation in the general limitations module
ssh-kegen (or something like that) for automatick log in into a remote computer for saving a log
installer (make)

netstat was not the tool to use for the packets thing in the net limiting module, we still have no answer from the guy who has to tell us if we can or can not install tcpdump, we turned our attention to /proc/net/dev

that file has the ammount of packets sent, but its a cumulative ammount, each time a packet is sent, its added there. Initially we thought that we had to check the current sent packets, and if in the moment we checked, they were higher thanwhat was allowed, we had to kill proceses using sockets for outgoing conections. (thus, stoping outgoing packets). If anyone knows of something (diferent from tcpdump :P) that can check the number of outgoing packets in a given instant (not the total since the user logged in), pls inform us, for now, we'll asume that the module will check outgoing packets (total), and from the first time it detects that the limit has been exeded, each time its executed, it will kill proceses that are sending packets. (its not ilogical, but we arent 100% sure this is what the module must do).

with that done, the only thing we need info about, is: "how to check the actual amount of sockets open by active proceses". In the meantime, will look into /proc too for that info (but we still dont know the actual file that may have the info).
 
Old 05-03-2008, 09:35 PM   #23
cocchiararo
LQ Newbie
 
Registered: Apr 2008
Posts: 29

Original Poster
Rep: Reputation: 15
ok, weare done (considering that our understanding of the net limiter module is correct :P )

we have 2 small problems we would like your help to solve (besides making the makefile, but we dont want help for that... yet :P )

a) shutdown: it needs us to be root... any way to solve this little problem ? (especially one that wont require root pasword :P)
we will install with make instalar, and then configure it with make configurar (wich will ask for a username) as root tho, so any modifications that need us to be root, can be done in make instalar /make configurar, but we are unsure what to modify :P

EDIT: we are looking into the posibility of creating a group that will be allowed to use shutdown, and then add the user we configure michelle as the shell to, but that would have to be done doring make instalar (creating the group) and make configurar (putting the user in the group)

b) one module logs EACH command in a local file, but once it has a certain size, we need to start loguin it in a remote log (the ip of the remote pc and the size of the file are set in a config file). We understand that we can do this with ssh, more specifically, with this command:
echo "$2" | ssh $IPSERVERLOG 'cat /home/$USER/logauditoria'

$IPSERVERLOG is the value that was previously taken from the config file, and its an IP, $2 is the command that will be logged.

but in order for that to work without asking for paswords, we must put the file with the key (this might sound ignorant, but thats how it was explained to me by my teammate :P) in the remote pc, and we'll need a pasword for that too :P
As far as i know its ILOGIC to think that we will be able to write to another pc without ever knowing the pasword, so we might be allowed to put the necesary files on the remote pc before testing the proyect (i hope), but more info might be appreciated :P
 
Old 05-04-2008, 05:11 PM   #24
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian
Posts: 2,455

Rep: Reputation: 843Reputation: 843Reputation: 843Reputation: 843Reputation: 843Reputation: 843Reputation: 843
Quote:
Originally Posted by cocchiararo View Post
ok, weare done (considering that our understanding of the net limiter module is correct :P )

we have 2 small problems we would like your help to solve (besides making the makefile, but we dont want help for that... yet :P )

a) shutdown: it needs us to be root... any way to solve this little problem ? (especially one that wont require root pasword :P)
we will install with make instalar, and then configure it with make configurar (wich will ask for a username) as root tho, so any modifications that need us to be root, can be done in make instalar /make configurar, but we are unsure what to modify :P
See http://en.wikipedia.org/wiki/Setuid

Quote:
b) one module logs EACH command in a local file, but once it has a certain size, we need to start loguin it in a remote log (the ip of the remote pc and the size of the file are set in a config file). We understand that we can do this with ssh, more specifically, with this command:
echo "$2" | ssh $IPSERVERLOG 'cat /home/$USER/logauditoria'
I think you mean
echo "$2" | ssh $IPSERVERLOG 'cat - >> /home/$USER/logauditoria'

Quote:
but in order for that to work without asking for paswords, we must put the file with the key (this might sound ignorant, but thats how it was explained to me by my teammate :P) in the remote pc, and we'll need a pasword for that too :P
As far as i know its ILOGIC to think that we will be able to write to another pc without ever knowing the pasword, so we might be allowed to put the necesary files on the remote pc before testing the proyect (i hope), but more info might be appreciated :P
see Public_key_authentication_with_ssh
 
Old 05-04-2008, 05:33 PM   #25
cocchiararo
LQ Newbie
 
Registered: Apr 2008
Posts: 29

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by ntubski View Post
See http://en.wikipedia.org/wiki/Setuid


I think you mean
echo "$2" | ssh $IPSERVERLOG 'cat - >> /home/$USER/logauditoria'



see Public_key_authentication_with_ssh
we created a group for the shutdown thing, but ill look into setuid too.

i dont know about the command for remote loguin with ssh, since my teammate had 2 virtual machines and used that to test, but ill ask him.
(and forward him the link :P )
 
Old 05-04-2008, 10:37 PM   #26
cocchiararo
LQ Newbie
 
Registered: Apr 2008
Posts: 29

Original Poster
Rep: Reputation: 15
ok... we have a little problem :P

in make configurar (configurar = configure, and its one of make's targets), we must ask the user (root) to input the user to which he want myshell to be configured.

we thought of doingh this:

Code:
	read -p "write username to configure the shell to: " Usuario
	chsh -s /usr/bin/michelle.sh ${Usuario}
when it DIDNT work, i did some checking, and i noticed that Usuario was blank.
then some reading revealed that ${Usuario} was a make variable (if i set it to something in the variables section, Usuario keeps that value), so $$Usuario or $${Usuario} should have worked, or so i thoght, buy no
do i need to change something in the read command ? or in the way i want to expand the variable ? :P
If everything fails, i could call for a secondary script for doing the read and chsh stuff, but i don't know if it will be acceptable :P (we arent compiling anything, but they said the wanted make to be the install/configure/uninstall tool)
 
Old 05-05-2008, 01:50 PM   #27
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian
Posts: 2,455

Rep: Reputation: 843Reputation: 843Reputation: 843Reputation: 843Reputation: 843Reputation: 843Reputation: 843
The problem is that each line is executed in a new subshell, so the second line doesn't see the variables set by the first one. You could try
Code:
	read -p "write username to configure the shell to: " Usuario ; \
	chsh -s /usr/bin/michelle.sh $${Usuario}
The backslash makes it all one line, then you need the semicolon as a command seperator
 
Old 05-05-2008, 04:05 PM   #28
cocchiararo
LQ Newbie
 
Registered: Apr 2008
Posts: 29

Original Poster
Rep: Reputation: 15
i tried that (well, i actually was forced too, since the code i pasted before is inside an "if", but it wont work.

dunno, might try that, but i too read that every line is executed in a separated /bin/sh shell, so

for now we'll manage with calling a script in the make configurar section.

now, i want to present you with a "bigger" problem:

Our main script calls many subscripts, some run in background (script.sh & or . script.sh &, depending what we need).
Now, the first thing that is run, is a script that "register's" each module set for the user.
we were really happy yesterday when we finally installed our shell, and the security module worked... but then, for diferent reasons, we ended up noticing that, the "check modules" script, wich is run with & (background) wouldntexecute the script that "registered modules" when it should. Upon further investigation, we notices that the "register modules"script, DOES NOTHING if executed with & (and thus, we conclude that the "check modules" script doesnt work cause its run in background, and calls "register modules" when needed).

supose theres a father/main script that uses 2 arrays.
it then calls for:
. registrar.sh

(. is used cause we first used export on the 2 arrays, but we cant export arrays, or so we think, and also, exporting makes the array visible for the child script, but changes made to it wont be seen by the parent)

that works well.

now, if we change that to:

. registrar.sh &

it either does nothing, or since it runs in a diferent shell/background, our main script never gets the changes on the arrays.

any way arround this ? we are more or less screwed if there is none :P

EDIT: we are running it in that what, cause there are 2 scripts that have to run every x minutes, and they wont run if we put them insile the read-eval loop, if the user leaves the computer and writes nothing. We first thought of using read -t "timeout time", but we dont like the fact that it might be posible for the user to take a LONG time to write a long command, and the timeout would execute it when he was halfway writing it...
but it might be our only chance (with read t we can put the periodic scripts back into the loop, and make a check in them if they will do ther "thing" or just end)

Last edited by cocchiararo; 05-05-2008 at 04:25 PM.
 
Old 05-05-2008, 06:04 PM   #29
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,269

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
Use the sudo tool for safe shutdown, better than setuid. Would only require the user's passwd (not root's) to activate.

for timeout, make it longer eg 5 mins.

Separate files eg registrar.sh, whether run in the background or called directly inherit any shell vars that have been explicitly exported, but it's a one-way process ie you can't make changes to a var in a sub-shell prog and expect them to propagate up to the parent... it's downwards only.
You can use various other methods eg a temp file or a rtn code.

don't know if you've seen these pages, but they are very useful:

http://www.tldp.org/LDP/abs/html/
http://rute.2038bug.com/index.html.gz

Last edited by chrism01; 05-06-2008 at 06:04 PM.
 
Old 05-05-2008, 08:14 PM   #30
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian
Posts: 2,455

Rep: Reputation: 843Reputation: 843Reputation: 843Reputation: 843Reputation: 843Reputation: 843Reputation: 843
Quote:
Originally Posted by cocchiararo View Post
i tried that (well, i actually was forced too, since the code i pasted before is inside an "if", but it wont work.
hmm, works for me...

Quote:
now, i want to present you with a "bigger" problem:
...
EDIT: we are running it in that what, cause there are 2 scripts that have to run every x minutes, and they wont run if we put them insile the read-eval loop, if the user leaves the computer and writes nothing. We first thought of using read -t "timeout time", but we dont like the fact that it might be posible for the user to take a LONG time to write a long command, and the timeout would execute it when he was halfway writing it...
but it might be our only chance (with read t we can put the periodic scripts back into the loop, and make a check in them if they will do ther "thing" or just end)
I think you could use traps and signals, the trap handler executes within the current shell, so you could source the script from there. Then you just need another script sending a signal every x minutes.
 
  


Reply

Tags
scripting, shell


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Custom Linux Shell instead of bash/sh CY83R-R0N1N Linux - General 5 02-15-2007 05:15 PM
Linux Bash shell Scrpt help samBl Linux - General 3 08-29-2006 05:29 PM
Posting guidelines... Answering guidelines? itsjustme LQ Suggestions & Feedback 14 07-22-2005 01:08 PM
Linux Shell Scripting using BASH Help! fooforon Programming 5 02-05-2004 09:16 AM
Looking for a good list of shell commands with examples jk1 Linux - Newbie 4 06-11-2002 08:09 PM


All times are GMT -5. The time now is 03:14 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration