SECOND EDITION
Automating System
Administration with Perl
David N. Blank-Edelman
O'REILLY®
Beijing • Cambridge • Farnham • Köln • Sebastopol • Taipei • TokyoTable of Contents
Preface xv
1. Introduction 1
Automation Is a Must 1 How Perl Can Help You 2 This Book Will Show You How 3
What You Need 5
Some Notes About the Perl Versions Used for This Book 6 What About Perl 5.10? 6 What About Strawberry Perl? 6 What About Perl 6? 6 Some Notes About Using Vista with the Code in This Book 7 Locating and Installing Modules 8 Installing Modules on Unix 9 Installing Modules on Win32 9 It's Not Easy Being Omnipotent 10
Don't Do It 10
Drop Your Privileges As Soon As Possible 10 Be Careful When Reading Data 11 Be Careful When Writing Data 12 Avoid Race Conditions 12
Enjoy 13
References for More Information 13
2. Filesystems 15
Perl to the Rescue 15 Filesystem Differences 16
Unix 16
Windows-Based Operating Systems 16
Mac OS X 18
Filesystem Differences Summary 19 Dealing with Filesystem Differences from Perl 19
Walking or Traversing the Filesystem by Hand 21 Walking the Filesystem Using the File::Find Module 26 Walking the Filesystem Using the File::Find::Rule Module 36 Manipulating Disk Quotas 38 Editing Quotas with edquota Trickery 40 Editing Quotas Using the Quota Module 44 Editing NTFS Quotas Under Windows 45 Querying Filesystem Usage 46 Module Information for This Chapter 48 References for More Information 48
3. User Accounts 49
Unix User Identities 50 The Classic Unix Password File 50 Changes to the Password File in BSD 4.4 Systems 57 Shadow Passwords 58 Windows-Based Operating System User Identities 59 Windows User Identity Storage and Access 59 Windows User ID Numbers 61 Windows Passwords Don't Play Nice with Unix Passwords 63
Windows Groups 63
Windows User Rights 68 Building an Account System to Manage Users 71 The Backend Database 73 The Low-Level Component Library 78 The Process Scripts 89 Account System Wrap-Up 94 Module Information for This Chapter 97 References for More Information 97 Unix Password Files 97 Windows User Administration 98
4. User Activity 99
Process Management 100 Windows-Based Operating System Process Control 100 Unix Process Control 119 File and Network Operations 125 Tracking File Operations on Windows 125 Tracking Network Operations on Windows 128 Tracking File and Network Operations in Unix 129 Module Information for This Chapter 135 Installing Win32::Setupsup 135 References for More Information 136
5. TCP/IP Name and Configuration Services 137
Host Files 137
Generating Host Files 140 Error-Checking the Host File Generation Process 143 Improving the Host File Output 144 Incorporating a Source Code Control System 148 NIS, NIS+, and WINS 151
NIS+ 154
Windows Internet Name Server (WINS) 154
Domain Name Service (DNS) 155 Generating DNS (BIND) Configuration Files 156 DNS Checking: An Iterative Approach 165
DHCP 174
Active Probing for Rogue DHCP Servers 176 Monitoring Legitimate DHCP Servers 181 Module Information for This Chapter 183 References for More Information 184
6. Working with Configuration Files 185
Configuration File Formats 188
Binary 188
Naked Delimited Data 189 Key/Value Pairs 190 Markup Languages 192 All-in-One Modules 235 Advanced Configuration Storage Mechanisms 236 Module Information for This Chapter 236 References for More Information 237
XML and YAML 237
7. SQL Database Administration 239
Interacting with a SQL Server from Perl 240 Using the DBI Framework 243 Using ODBC from Within DBI 249 Server Documentation 251 MySQL Server via DBI 252 Oracle Server via DBI 254 Microsoft SQL Server via ODBC 255 Database Logins 258 Monitoring Space Usage an a Database Server 260 Module Information for This Chapter 263 References for More Information 263
DBI 263
Microsoft SQL Server 264
ODBC 264
Oracle 264
8. Email 265
Sending Mail 265
Getting sendmail (or a Similar Mail Transport Agent) 266 Using the OS-Specific IPC Framework to Drive a Mail Client 266 Speaking the Mail Protocols Directly 268 Common Mistakes in Sending Email 273 Overzealous Message Sending 273 Subject Line Waste 282 Insufficient Information in the Message Body 282
Fetching Mail 285
Talking POPS to Fetch Mail 285 Talking IMAP4revl to Fetch Mail 287 Processing Mail 291 Dissecting a Single Message 291 Dissecting a Whole Mailbox 296 Dealing with Spam 297 Support Mail Augmentation 305 Module Information for This Chapter 310 References for More Information 311
9. Directory Services 313
What's a Directory? 313 Finger: A Simple Directory Service 314 The WHOIS Directory Service 318 LDAP: A Sophisticated Directory Service 321 LDAP Programming with Perl 322 The Initial LDAP Connection 323 Performing LDAP Searches 325 Entry Representation in Perl 329 Adding Entries with LDIF 331 Adding Entries with Standard LDAP Operations 333 Deleting Entries 334 Modifying Entry Names 335 Modifying Entry Attributes 337 Deeper LDAP Topics 339 Putting It All Together 348 Active Directory Service Interfaces 354
ADSI Basics 355
Using ADSI from Perl 357
Dealing with Container/Collection Objects 359 Identifying a Container Object 360 So How Do You Know Anything About an Object? 360
Searching 363
Performing Common Tasks Using the WinNT and LDAP Namespaces 366 Working with Users via ADSI 367 Working with Groups via ADSI 369 Working with File Shares via ADSI 369 Working with Print Queues and Print Jobs via ADSI 370 Working with Windows-Based Operating System Services via ADSI 371 Module Information for This Chapter 373 References for More Information 373
LDAP 373
ADSI 374
10. Log Files 377
Reading Text Logs 377 Reading Binary Log Files 378 Using unpack() 378 Calling an OS (or Someone Else's) Binary 383 Using the OS's Logging API 384 Structure of Log File Data 385 Dealing with Log File Information 388 Space Management of Logging Information 388 Log Parsing and Analysis 395 Writing Your Own Log Files 425 Logging Shortcuts and Formatting Help 425 Basic/Intermediate Logging Frameworks 426 Advanced Logging Framework 428 Module Information for This Chapter 429 References for More Information 430
11. Security 433
Noticing Unexpected or Unauthorized Changes 434 Local Filesystem Changes 434 Changes in Data Served Over the Network 440 Noticing Suspicious Activities 442 Local Signs of Peril 442 Finding Problematic Patterns 444 Danger an the Wire, or "Perl Saves the Day" 449 Preventing Suspicious Activities 460 Suggest Better Passwords 460 Reject Bad Passwords 461
Module Information for This Chapter 466 References for More Information 467
12. SNMP 469
Using SNMP from Perl 469 Sending and Receiving SNMP Traps, Notifications, and Informs 480 Alternative SNMP Programming Interfaces 484 Module Information for This Chapter 486 References for More Information 486
13. Network Mapping and Monitoring 489
Network Mapping 489 Discovering Hosts 490 Discovering Network Services 499 Physical Location 501 Presenting the Information 503 Textual Presentation Tools 503 Graphical Presentation Tools 507 Monitoring Frameworks 522 Extending Existing Monitoring Packages 524
What's Left? 526
Module Information for This Chapter 527 References for More Information 527
14. Experiential Learning 529
Playing with Timelines 530 Task One: Parsing crontab Files 530 Task Two: Displaying the Timeline 531 Task Three: Writing Out the Correct XML File 533 Putting It All Together 534 Summary: What Can We Learn from This? 536 Playing with Geocoding 537 Geocoding from Postal Addresses 537 Geocoding from IP Addresses 541 Summary: What Can We Learn from This? 544 Playing with an MP3 Collection 544 Summary: What Can We Learn from This? 546 One Final Exploration 546 Part One: Retrieving the Wiki Page with WWW::Mechanize 547 Part Two: Extracting the Data 550 Part Three: Geocoding and Mapping the Data 551 Summary: What Can We Learn from This? 554 Remember to Play 555
Module Information for This Chapter 555
Source Material for This Chapter 556
A. The Eight-Minute XML Tutorial 557
B. The 10-Minute XPath Tutorial 563
C. The 10-Minute LDAP Tutorial 573
D. The 15-Minute SQL Tutorial 579
E. The Five-Minute RCS Tutorial 593
F. The Two-Minute VBScript-to-Perl Tutorial 597
G. The 20-Minute SNMP Tutorial 603
Index 617