The Net's a cross between an elephant and a white elephant sale: it never forgets, and it's always crap. --Nemo |
A Linux system has quite a number of tools for accessing, manipulating, and troubleshooting network connections. We can incorporate some of these tools into scripts -- scripts that expand our knowledge of networking, useful scripts that can facilitate the administration of a network.
Here is a simple CGI script that demonstrates connecting to a remote server.
Example 30-1. Print the server environment
1 #!/bin/bash
2 # test-cgi.sh
3 # by Michael Zick
4 # Used with permission
5
6 # May have to change the location for your site.
7 # (At the ISP's servers, Bash may not be in the usual place.)
8 # Other places: /usr/bin or /usr/local/bin
9 # Might even try it without any path in sha-bang.
10
11 # Disable filename globbing.
12 set -f
13
14 # Header tells browser what to expect.
15 echo Content-type: text/plain
16 echo
17
18 echo CGI/1.0 test script report:
19 echo
20
21 echo environment settings:
22 set
23 echo
24
25 echo whereis bash?
26 whereis bash
27 echo
28
29
30 echo who are we?
31 echo ${BASH_VERSINFO[*]}
32 echo
33
34 echo argc is $#. argv is "$*".
35 echo
36
37 # CGI/1.0 expected environment variables.
38
39 echo SERVER_SOFTWARE = $SERVER_SOFTWARE
40 echo SERVER_NAME = $SERVER_NAME
41 echo GATEWAY_INTERFACE = $GATEWAY_INTERFACE
42 echo SERVER_PROTOCOL = $SERVER_PROTOCOL
43 echo SERVER_PORT = $SERVER_PORT
44 echo REQUEST_METHOD = $REQUEST_METHOD
45 echo HTTP_ACCEPT = "$HTTP_ACCEPT"
46 echo PATH_INFO = "$PATH_INFO"
47 echo PATH_TRANSLATED = "$PATH_TRANSLATED"
48 echo SCRIPT_NAME = "$SCRIPT_NAME"
49 echo QUERY_STRING = "$QUERY_STRING"
50 echo REMOTE_HOST = $REMOTE_HOST
51 echo REMOTE_ADDR = $REMOTE_ADDR
52 echo REMOTE_USER = $REMOTE_USER
53 echo AUTH_TYPE = $AUTH_TYPE
54 echo CONTENT_TYPE = $CONTENT_TYPE
55 echo CONTENT_LENGTH = $CONTENT_LENGTH
56
57 exit 0
58
59 # Here document to give short instructions.
60 :<<-'_test_CGI_'
61
62 1) Drop this in your http://domain.name/cgi-bin directory.
63 2) Then, open http://domain.name/cgi-bin/test-cgi.sh.
64
65 _test_CGI_ |
For security purposes, it may be helpful to identify the IP addresses a computer is accessing.
Example 30-2. IP addresses
1 #!/bin/bash
2 # ip-addresses.sh
3 # List the IP addresses your computer is connected to.
4
5 # Inspired by Greg Bledsoe's ddos.sh script,
6 # Linux Journal, 09 March 2011.
7 # URL:
8 # http://www.linuxjournal.com/content/back-dead-simple-bash-complex-ddos
9 # Greg licensed his script under the GPL2,
10 #+ and as a derivative, this script is likewise GPL2.
11
12 connection_type=TCP # Also try UDP.
13 field=2 # Which field of the output we're interested in.
14 no_match=LISTEN # Filter out records containing this. Why?
15 lsof_args=-ni # -i lists Internet-associated files.
16 # -n preserves numerical IP addresses.
17 # What happens without the -n option? Try it.
18 router="[0-9][0-9][0-9][0-9][0-9]->"
19 # Delete the router info.
20
21 lsof "$lsof_args" | grep $connection_type | grep -v "$no_match" |
22 awk '{print $9}' | cut -d : -f $field | sort | uniq |
23 sed s/"^$router"//
24
25 # Bledsoe's script assigns the output of a filtered IP list,
26 # (similar to lines 19-22, above) to a variable.
27 # He checks for multiple connections to a single IP address,
28 # then uses:
29 #
30 # iptables -I INPUT -s $ip -p tcp -j REJECT --reject-with tcp-reset
31 #
32 # ... within a 60-second delay loop to bounce packets from DDOS attacks.
33
34
35 # Exercise:
36 # --------
37 # Use the 'iptables' command to extend this script
38 #+ to reject connection attempts from well-known spammer IP domains. |
More examples of network programming:
See also the networking commands in the System and Administrative Commands chapter and the communications commands in the External Filters, Programs and Commands chapter.