Copyright © 2001 O'Reilly & Associates, Inc All rights reserved Perl for System Administration By David N Blank-Edelman ISBN 1-56592-609-9 Print book copyright © 2000 O'Reilly & Associates, Inc All rights reserved Published by O'Reilly & Associates, Inc., 101 Morris Street, Sebastopol, CA 95472 This electronic publication is intended for use by one individual As such, you may make copies for your own personal use However, you may not provide copies to others, or make this publication available to others over a LAN or other network You may not reprint, offer for sale, or otherwise re-use material from this publication without the explicit written permission of O'Reilly & Associates, Inc You can purchase print editions of these books directly from O'Reilly & Associates, Inc or from bookstores that carry O'Reilly & Associates books Logos and Trademarks The O'Reilly logo is a registered trademark of O'Reilly & Associates, Inc Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks Where those designations appear in this book, and O'Reilly & Associates, Inc was aware of a trademark claim, the designations have been printed in caps or initial caps Disclaimer While every precaution has been taken in the preparation of this product, the publisher assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein Questions, comments, and suggestions to bookquestions@ora.com Copyright © 2001 O'Reilly & Associates All rights reserved Colophon Our look is the result of reader comments, our own experimentation, and feedback from distribution channels Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects The animal on the cover of Perl for System Administration is a sea otter North American sea otters make their homes along the Pacific coast, near the kelp beds containing the shellfish that make up the majority of their diet Sea otters can be found in great numbers in Alaska, and on beaches as far south as California Sea otters are agile and intelligent mammals, and are known to make ingenious use of tools Floating on their backs, they hold a shellfish such as a mussel or abalone on their bellies, and use a rock to break the shell Intensely social, sea otters gather to float in groups called rafts They are excellent swimmers, propelling themselves swiftly through the water with their flipper-like, webbed back paws Their thick fur provides them with efficient insulation in the water At times, their existence has been threatened as they have been mercilessly hunted to near extinction for their fur Colleen Gorman was the production editor and copyeditor for Perl for System Administration Jane Ellin was the proofreader Mary Sheehan and Emily Quill provided quality control Molly Shangraw, Maeve O'Meara, Gabe Weiss, Mary Sheehan, and Darren Kelly provided production support Nancy Crumpton wrote the index Hanna Dyer designed the cover of this book, based on a series design by Edie Freedman The cover image is an original illustration created by Lorrie LeJeune Emma Colby produced the cover layout with QuarkXPress 3.32 using Adobe's ITC Garamond font Alicia Cech and David Futato designed the interior layout based on a series design by Nancy Priest Mike Sierra and David Futato implemented the design in FrameMaker 5.5.6 The text and heading fonts are ITC Garamond Light and Garamond Book The illustrations that appear in the book were produced by Robert Romano and Rhon Porter using Macromedia FreeHand 8 and Adobe Photoshop 5 This colophon was written by Colleen Gorman Copyright © 2001 O'Reilly & Associates All rights reserved Symbols | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z Index: Symbols There are no index entries for this letter Symbols | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z Copyright © 2001 O'Reilly & Associates, Inc All Rights Reserved Symbols | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z Index: A Access Control List (ACL): 2.2.2 Microsoft Windows NT/2000 account creation/deletion, programs for Unix: 3.3.2.1 Unix account creation and deletion routines Windows NT/2000: 3.3.2.2 Windows NT/2000 account creation and deletion routines account systems: 3.3.1 The Backend Database building: 3.3 Building an Account System to Manage Users databases, use in: 3.3.1 The Backend Database Active Directory: 6.5 ADSI (Active Directory Service Interfaces) Active Directory Service Interfaces (see ADSI) ActiveState repository: 1.5 Locating and Installing Modules ActiveX Data Objects (see ADO) adcomplain program: 8.3.3 Tracking Down Spam ADO (ActiveX Data Objects): 6.5.6 Searching ADSI (Active Directory Service Interfaces): 3.2.1 NT/2000 User Identity Storage and Access 6.5 ADSI (Active Directory Service Interfaces) 6.5.1 ADSI Basics resources for using: 6.5.1 ADSI Basics searches in: 6.5.6 Searching system administration with: 6.5.8 Working with Users via ADSI using from Perl: 6.5.2 Using ADSI from Perl ADSIDump program: 6.5.5 So How Do You Know Anything About an Object? ADsPaths: 6.5.1 ADSI Basics 6.5.5 So How Do You Know Anything About an Object? 6.5.7 Performing Common Tasks Using the WinNT and LDAP Namespaces algorithm, message-digest: 10.1.1 Local Filesystem Changes American Registry for Internet Numbers (ARIN): 8.3.3.2 Checking against Internet-wide blacklists APNIC (Asia Pacific Address Allocations): 8.3.3.2 Checking against Internetwide blacklists Apple Events: 8.1.2 Using the OS-Specific IPC Framework AppleScript: 8.1.2 Using the OS-Specific IPC Framework 8.1.2 Using the OS-Specific IPC Framework @ARGV, retrieving under Mac OS: 2.4 Walking the Filesystem Using the File::Find Module ARIN (American Registry for Internet Numbers): 8.3.3.2 Checking against Internet-wide blacklists Asia Pacific Address Allocations (APNIC): 8.3.3.2 Checking against Internetwide blacklists Symbols | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z Copyright © 2001 O'Reilly & Associates, Inc All Rights Reserved 9.7 References for More Information Essential System Administration, (2nd Edition), by Æleen Frisch (O'Reilly, 1995) has a good, short intro to syslog http://www.heysoft.de/index.htm is the home of Frank Heyne software, a provider of Win32 Event Log-parsing software Also has a good Event Log FAQ list http://www.le-berre.com/is Philippe Le Berre's home page, and contains an excellent write-up on the use of Win32::EventLog and other Win32 packages "Managing NT Event Logs with Perl for Win32," Bob Wells, Windows NT Magazine, February/March 1998 Practical Unix & Internet Security, (2nd Edition), by Simson Garfinkel and Gene Spafford (O'Reilly, 1996) Another good (and slightly more detailed) intro to syslog, also includes tcpwrappers information Windows NT Event Logging, by James D Murray (O'Reilly, 1998) Copyright © 2001 O'Reilly & Associates All rights reserved C.3 Two Key XML Terms You can't go very far in XML without learning these two important terms XML data is said to be well-formed if it follows all of the XML syntax and grammar rules (matching tags, etc.) Often a simple check for well-formed data can help spot typos in XML files That's already an advantage when the data you are dealing with holds configuration information like the machine database excerpted above XML data is said to be valid if it conforms to the rules we've set down in one of the data definition mechanisms mentioned earlier For instance, if your data file conforms to its DTD, it is valid XML data Valid data by definition is well-formed, but the converse does not have to be true It is possible to have perfectly wonderful XML data that does not have an associated DTD or schema If it parses properly, it is well-formed, but not valid Copyright © 2001 O'Reilly & Associates All rights reserved 0.2 Typographical Conventions Italic Used for filenames, usernames, directories, commands, hostnames, URLs, and terms when they are first introduced Constant width Used for Perl module and function names, and when showing code and computer output Constant width bold Used to indicate user input in examples Constant width bold italic Used for parts of a command line that are user replaceable, or code annotations Copyright © 2001 O'Reilly & Associates All rights reserved 1.3 This Book Will Show You How In the 1966-68 "Batman" television show, the dynamic duo wore utility belts If Batman and Robin had to scale a building, Batman would say, "Quick Robin, the Bat Grappling Hook! " Or Batman would say, "Quick Robin, the Bat Knockout Gas!" and they'd both have the right tool at hand to subdue the bad guys This book aims to give you the utility belt you need to do good system administration work Every chapter attempts to provide you with three things Clear and concise information about a system administration domain In each chapter we discuss in depth one domain of the system administration world The number of possible domains in multiplatform system administration is huge, far too many to be included in a single book The best survey books on just Unix system administration, Essential System Administration, by Æleen Frisch (O'Reilly & Associates), and Unix System Administration Handbook, by Evi Nemeth, Garth Snyder, and Trent R Hein (Prentice-Hall), are two and three times, respectively, the size of this book We'll be looking at topics from three different operating systems: Unix, Windows NT, Windows 2000, and MacOS As a result, some hard choices were made on what to include and what to exclude In general the topics that I believe will become even more important over the next five years made the cut Important technologies like XML are explored because they are likely to have a significant impact on the field as time goes by Unfortunately, these guidelines meant that some system administration stalwarts like backup and printing are edged out by newer topics like LDAP and SNMP The skills and tools provided by this book can help with the domains I omit, but a direct treatment will have to be found elsewhere I've tried to put together a good stew of system and network administration information for people with varying levels of experience in the field Seasoned veterans and new recruits may come away from this book having learned completely different material, but everyone should find something of interest to chew on Each chapter ends with a list of references which can help you get deeper into a topic should you so choose For each domain or topic, especially the ones that have a considerable learning curve, I include appendixes with all of the information you need to come up to speed quickly Even if you're familiar with a topic, you may find these appendixes can round out your knowledge about that matter (e.g., how something is implemented on a different operating system) Perl techniques and approaches that can be used in system administration To get the most out of this book, you'll need some initial Perl background Every chapter is full of Perl code that ranges in complexity from beginner to advanced levels of Perl knowledge Whenever we encounter an intermediate-to-advanced technique, data structure, or idiom, I'll take the time to carefully step us through it, piece by piece In the process, you should be able to pick up some interesting Perl techniques to add to your programming repertoire The hope is that Perl programmers of all levels will be able to find something to learn from the examples presented in this book And as your Perl skills improve over time, you should be able to come back to this book, learning new things each time To further enhance this learning experience, I will often present more than one way to accomplish the same task using Perl rather than showing a single limited answer Remember the Perl motto, "There's More Than One Way To Do It." These multiple-approach examples are designed to better equip your Perl utility belt: the more tools you have at hand, the better the choices you can make when approaching a new task Sometimes it will be obvious that one technique is superior to the others But this book only addresses a certain subset of situations you may find yourself in, and a solution that is woefully crude for one problem may be just the ticket for another So bear with me For each example I'll try to show you both the advantages and drawbacks of each approach (and often tell you which method I prefer) System administration best practices and deep principles As I mentioned at the start of this chapter, there are better and worse ways to do system administration I've been a system and network administrator for the last 15 years in some pretty demanding multiplatform environments In each chapter I try to bring this experience to bear as I offer you some of the best practices I've learned and the deeper principles behind them Occasionally I'll use a personal "war story from the front lines" as the starting point for these discussions Hopefully the depth of the craft in system administration will become apparent as you read along Copyright © 2001 O'Reilly & Associates All rights reserved 1.4 What You Need To get the most of this book, you will need some technical background and some resources at hand Let's start with the background first: You'll need to know some Perl There isn't enough room in this book to provide the basics of the Perl language, so you need to seek that elsewhere before working through this material Once you have learned the material in a book like Learning Perl, by Randal L Schwartz and Tom Christiansen (O'Reilly), or Learning Perl on Win32 Systems, by Randal L Schwartz, Erik Olson, and Tom Christiansen (O'Reilly), you should be in good shape to approach the code in this book You'll need to know the basics of your operating system(s) This book assumes that you have some facility with the operating system or systems you plan to administer You'll need to know how to get around in that OS, run commands, find documentation, etc Background information on the more complex frameworks built into the OS (e.g., WMI on Windows 2000 or SNMP) is provided You may need to know the specifics of your operating system(s) I make an attempt to describe the differences between the major operating systems as we encounter them, but I can't cover all of the intra-OS differences In particular, every variant of Unix is a little different from all of the others As a result, you may need to find OS-specific information and roll with the punches should the information be different than what is described here For technical resources, you will need just two things: Perl You will need a copy of Perl installed on or available to every system you wish to administer The downloads section of http://www.perl.com will help you find either the source code or binary distributions for your particular operating system The examples in this book use Perl Version 5.005 (the latest stable version as of this writing) On Unix we use the core Perl distribution compiled from source, on Win32 platforms we use the version provided by ActiveState (build 522) and on MacOS we use the MacPerl distribution (5.2.0r4) The ability to find and install Perl modules The next section of this chapter is devoted to the location and installation of Perl modules because this skill is extremely important This book assumes you have the knowledge and necessary permission to install any modules you need At the end of each chapter is a list of the version numbers for all of the modules used by the code in that chapter The version information is provided because modules are updated all the time Not all updates retain backwards compatibility, so if you run into problems, this information can help you determine if there has been a module change since this book was published Copyright © 2001 O'Reilly & Associates All rights reserved 1.7 References for More Information http://dwheeler.com/secure-programs/Secure-Programs-HOWTO.html is a HOWTO document for secure programming under Linux, but the concepts and techniques are applicable to other situations as well http://www.cs.ucdavis.edu/~bishop/secprog.html contains more good secure programming resources from security expert Matt Bishop http://www.homeport.org/~adam/review.html lists security code review guidelines by Adam Shostack http://www.dnaco.net/~kragen/security-holes.html is a good paper on how to find security holes (especially in your own code) by Kragen Sitaker http://www.shmoo.com/securecode/ offers an excellent collection of articles on how to write secure code Perl CGI Problems, by Rain Forrest Puppy (Phrack Magazine, 1999) can be found online at http://www.insecure.org/news/P55-07.txt or from the Phrack archives at http://www.phrack.com/archive.html Perl Cookbook, by Tom Christiansen and Nathan Torkington (O'Reilly, 1998) contains many good tips on coding securely Copyright © 2001 O'Reilly & Associates All rights reserved ... been mercilessly hunted to near extinction for their fur Colleen Gorman was the production editor and copyeditor for Perl for System Administration Jane Ellin was the proofreader Mary Sheehan and Emily Quill... Walking or Traversing the Filesystem Windows NT /2000: 2.3 Walking or Traversing the Filesystem Unix: 2.2.1 Unix VFAT: 2.2.2 Microsoft Windows NT /2000 Windows NT /2000: 2.2.2 Microsoft Windows NT /2000 finding damaged files on: 2.3... Dealing with Filesystem Differences from Perl File::Stat module: 10.1.1 Local Filesystem Changes Filesys::Df module: 2.6 Querying Filesystem Usage Filesys::DiskFree module: 2.6 Querying Filesystem Usage