1.1 Read (at least) these things (All The Words)Index

1. Week 10 Notes HTML – this file – Read All The Words
2. Shell Scripts – lists of commands, executable scripts, script header, command arguments and positional parameters
3. Shell command substituion – interpolate stdout into a command line using $(…) or `…`
4. Shell Control Structures – if, then, else, test, [...]
5. List of Commands You Should Know
6. Linux and Sysadmin News in the World
7. Video Tutorials on Lynda.com – tagged by week number

1.2 Assignments and lab work this weekIndex

Reminder: There are now two quizzes that you need to complete on Blackboard as part of your term Quiz mark. A third quiz will be posted before the Final Exam. The Quizzes are not optional; see the Course Outline.

Check the due date for each assignment and put a reminder in your agenda, calendar, and digital assistant. Just like in the Real World, not all due dates are on the same days or at the same times.

• Review last week. Did you do everything assigned last week?
• Do Worksheet #08 HTML and then do Assignment #08 HTML – setting permissions, mode, umask
  • This assignment requires Permissions and Umask
• Do Bonus (optional) Assignment #09 HTML about Midterm #2
  • There is a checking program available to check your file format for this bonus assignment, but only people who Read All These Words will know about it. Wrong format means no marks. Do not redirect or submit the output of this checking program!
• Read The VI (VIM) Text Editor and optionally do the bonus Assignment #04 HTML.
  • Reminder: You must actually use the VIM editor during the term to get full marks for this bonus assignment. Read All The Words.
• Coming soon: Assignment #10 HTML – tar, processes, syslog, crontab, at, mail, shell script

1.3 WorksheetsIndex

Worksheets are preparation for your assignments. You can’t do the assignments without having done the worksheets first, and you can’t do the worksheets without having first read the Course Notes:

1. Read the web notes. (Please: Read All The Words)
2. Do the relevant Worksheet(s).
3. Do the relevant Assignment(s).

Form a small study group to do the worksheets. Each person tries the example given, and you make sure you all get the same answers. Worksheets are not for hand-in; they are not worth marks; the assignments test your knowledge of the lectures and worksheets.

The worksheets are available in four formats: Open Office (ODT), PDF, HTML, and Text. Only the Open Office format allows you “fill in the blanks” in the worksheet. The PDF format looks good but doesn’t allow you to type into the blanks in the worksheet. The HTML format is crude but useful for quick for viewing online.

Do NOT open the Worksheet ODT files using any Microsoft products; they will mangle the format and mis-number the questions. Use the free Libre Office or Open Office programs to open these ODT documents. On campus, you can download Libre Office here.

• Worksheet #06 HTML – Optional Bonus VIM Text Editor Practice
  • This is an optional worksheet for a BONUS assignment using vim
  • Optional command-line VIM tutorial: the vimtutor program on the CLS.
  • Bonus (optional) Assignment #04 HTML – the VIM text editor
  • Read The VI (VIM) Text Editor
• Worksheet #08 ODT – Linux file system permissions (modes)
  • This Worksheet is a prerequisite for Assignment #08 HTML
  • Worksheet #08 PDF – PDF version
  • Worksheet #08 HTML – HTML version
  • chmod, ls -lid, umask

Worksheets prepare you for the upcoming assignments.

1.4 Upcoming tests and examsIndex

This course has two midterm tests and one final exam.

• Put these dates below into your phone!
• Read the Test Instructions (all the words) before your tests and exam.
• Use the Name Game link (in the Test Instructions) to test the spelling of your name before the test.
• I don’t answer questions about the instructions during the test. Ask me in a lab period before the test.

3.1 Commands UsedIndex

• Keep a notebook with a List of Commands in it.
  • You need to write down yourself what each command does.
  • Check the updated list of commands each week.
  • Bring your notes to class! Stop wasting time looking up commands.
  • I will check for this list in your lab periods.
• Are you making notes from the worksheets on how each command works?
  • What do the options used in the worksheets mean, for each command?
  • Don’t copy and use options that you don’t understand!

3.2 Case Study: enabling blocked IP addressesIndex

This case study needs Command Substitution and Control Statements and super-user (root) permission.

The Course Linux Server runs the Denyhosts intrusion detection package (man denyhosts). Blocked IP addresses are automatically added to the file /etc/hosts.evil that is included by /etc/hosts.allow to block access to the machine:

$ wc -l /etc/hosts.evil
7908 /etc/hosts.evil

Visual inspection of /etc/hosts.evil suggests that some of the recent blocked IP addresses are people on the local Rogers cable network:

$ whois 99.224.86.21
[...]
NetRange:       99.224.86.0 - 99.224.87.255
CIDR:           99.224.86.0/23
Parent:         ROGERS-COM-HSD (NET-99-224-0-0-1)

The sysadmin wants to find and unblock all these IP addresses.

1. Find some obvious Rogers IP addresses in the file:

   $ fgrep ' 99.2' /etc/hosts.evil
   sshd: 99.224.86.21
   sshd: 99.245.238.68
   sshd: 99.246.18.16
   sshd: 99.254.149.12
   sshd: 99.246.3.39
   sshd: 99.239.40.207

2. Isolate the just IP addresses on each line:

   $ fgrep ' 99.2' /etc/hosts.evil | awk '{print $NF}'
   99.224.86.21
   99.245.238.68
   99.246.18.16
   99.254.149.12
   99.246.3.39
   99.239.40.207

3. Write a debugging FOR loop that uses the IP addresses via command substitution and echoes them to the screen:

   $ for ip in $( fgrep ' 99.2' /etc/hosts.evil | awk '{print $NF}' ) ; do echo "IP is $ip" ; done
   IP is 99.224.86.21
   IP is 99.245.238.68
   IP is 99.246.18.16
   IP is 99.254.149.12
   IP is 99.246.3.39
   IP is 99.239.40.207

4. Replace the debugging echo with the real unblocking command (requires privilege to work):

   $ for ip in $( fgrep ' 99.2' /etc/hosts.evil | awk '{print $NF}' ) ; do sudo /usr/share/denyhosts/DenyHosts/dh_reenable "$ip" ; done
   Done!
   Please restart denyhosts
   Done!
   Please restart denyhosts
   Done!
   Please restart denyhosts
   Done!
   Please restart denyhosts
   Done!
   Please restart denyhosts
   Done!
   Please restart denyhosts
   Done!
   Please restart denyhosts

5. Verify that it worked:

   $ fgrep ' 99.2' /etc/hosts.evil
   $                              # no output - all addresses were removed

6. Restart the Denyhosts package (requires privilege to work):

   $ sudo service denyhosts restart
    * Stopping DenyHosts denyhosts
      ...done.
    * Starting DenyHosts denyhosts
      ...done.

Done.

3.3 Finding world-writable files in your accountIndex

The assignment Checking Programs may issue this message:

Number of world-writable pathnames in abcd0001 account: 1
       ERROR: Sysadmin do not create files that anyone can overwrite.
       ERROR:       See "Examples of uses of find" to find these files.
   ERROR(-1): Fix the permissions on these files

Don’t create files or directories that anyone (“other”) can write, except the few required ones in the one Assignment #08 HTML head directory!

You must look at all the files in your account to try to find these files or directories that you have created with “other” write permissions. You can find the files the hard way, using cd and ls, or you can do it the easy way using a recursive command:

• To learn how to find these world-writable files in your account, first use a command to search for the files that contain the text world-writable in all the course notes. The course notes have an example showing what command to use to find world-writable files.
• To search the course notes for a text string, re-read section 4.5 of Assignment #05 HTML, especially item #8 about searching for the text string Filezilla in all the course notes.
• You will be able to identify which course notes web page you should read to find the example showing how to find world-writable files.
• Fix the permissions on these files. Remove write permission for “other”.

8.1 Course Linux ServerIndex

# Since: Jan  1 07:51:01
$ fgrep 'refused connect' /var/log/auth.log \
      | awk '{print $NF}' | sort | uniq -c | sort -nr | head
33409 (116.31.116.25)    # CHINANET Guangdong province network
10498 (153.99.182.35)    # China Unicom Jiangsu province network
10041 (218.65.30.46)     # CHINANET jiangxi province network
 9955 (182.100.67.76)
 5071 (122.194.229.16)
 3990 (218.65.30.251)
 3232 (218.65.30.80)
 3104 (61.177.172.60)
 2387 (153.99.182.11)
 2148 (116.31.116.23)

8.2 Home machine (ISPs: TekSavvy and Distributel)Index

# Since Jan  1 07:36:15
$ zfgrep 'refused connect' /var/log/auth.log{,.{?,10,11}.gz} \
    | awk '{print $NF}' | sort | uniq -c | sort -nr | head
66204 (116.31.116.53)    # CHINANET Guangdong province network
24451 (153.99.182.10)    # China Unicom Jiangsu province network
22199 (153.99.182.26)    # China Unicom Jiangsu province network
21173 (123.183.209.139)
20876 (116.31.116.36)
15789 (218.65.30.46)
13893 (58.218.200.37)
13621 (116.31.116.24)
12596 (153.99.182.39)
11666 (153.99.182.13)

8.3 Algonquin T313 Office machine (same network as CLS)Index

# Since: Feb 13 07:37:01
$ zfgrep 'refused connect' /var/log/auth.log* \
    | awk '{print $NF}' | sort | uniq -c | sort -nr | head
28235 (116.31.116.25)    # CHINANET Guangdong province network
12751 (61.177.172.60)    # CHINANET jiangsu province network
10859 (153.99.182.35)    # China Unicom Jiangsu province network
 5112 (122.194.229.16)
 4347 (153.99.182.36)
 2841 (218.65.30.251)
 1672 (218.65.30.210)
 1508 (219.153.15.82)
 1498 (209.159.145.140)
 1339 (116.31.116.53)

You’re not paranoid if they really are out to get you!