If you run into problems, this information can help you determine whether there has been a module change since this book was published.
I chose to develop and test the code in this book under Perl 5. These choices might lead you to ask a few questions. The Perl 5 development team has done some fabulous work to produce 5. However, 5. All of the code here should work just fine on Perl 5. Strawberry Perl aims to provide an environment where compilation and CPAN use are easy or at least possible and are the norm.
I think this is an excellent project because it is helping to push some portability back into the non-Win32 Perl community. Some great progress has been made so far, but the project is still fairly young as of this writing and it does not yet have a sufficiently large ecosystem of available modules e.
That ruled it out for this edition, but it is definitely something to watch. I have the pleasure of occasionally bumping into Jesse Vincent, the current Perl 6 project manager and author of the fabulous RT trouble ticketing system.
Perl 5 is a mature, widely deployed, production-ready language. There are some Perl 5 modules that let you get a taste of some planned Perl 6 features some of which have found their way into Perl 5.
I encourage you to try modules like PerlSlurp and PerlForm. Furthermore, once Perl 6 is ready for widespread use, it will take considerable time for the necessary ecosystem of modules to be developed to replace the many, many modules we leverage in this book. The code in this book has been tested under Microsoft Vista, but there is one twist you will need to know about if you plan to use it on that platform: some of the examples in this book must be run using elevated privileges for this to work.
You should choose the method or methods that make the most sense in your environment:. Use the runas.
Designate that the perl. Use the command-line utility pl2bat to convert your Perl script into a batch file and then permit that batch file to run as Administrator.
You may be wondering if it is possible to add something to your Perl script to have it request elevated privileges as needed. Unfortunately, according to Jan Dubois one of the top Windows Perl luminaries in the field , the answer is no.
He notes that there is no way to elevate an already running process; it must be created with elevated privileges. The closest you could come would be to check whether the process was already running in this fashion e. One last note in a similar vein: in several of the chapters I recommend using the Microsoft Scriptomatic tool to become familiar with WMI.
Like Perl scripts,. Press the Alt key to display the IE File menu. Open that file and you should be all set. Much of the benefit of using Perl for system administration work comes from all of the free code available in module form.
The modules mentioned in this book can be found in one of three places:. CPAN is a huge archive of Perl source code, documentation, scripts, and modules that is replicated at over a hundred sites around the world. This tool connects to repositories the most famous one is housed at ActiveState to retrieve prebuilt module packages. How do you install one of these modules when you find it?
The answer depends on the operating system you are running. Perl now ships with documentation on this process in a file called perlmodinstall. The next sections provide brief summaries of the steps required for each operating system used in this book. In most cases, the process goes like this:.
Run perl Makefile. PL to create the necessary Makefile. Run make test to run any test suites included with the module by the author. Run make install to install it in the usual place for modules on your system. If you want to save yourself the trouble of performing all these steps by hand, you can use the CPAN module by Andreas J. CPAN allows you to perform all of those steps by typing:. Both modules are smart enough to handle module dependencies i.
They also each have a built-in search function for finding related modules and packages. If you are comfortable installing modules by hand using the Unix instructions in the previous section, you can use a program like WinZip to unpack a distribution and use nmake instead of make to build and install a module. Some modules require compilation of C files as part of their build process. A large portion of the Perl users in the Win32 world do not have the necessary software installed on their computers for this compilation, so ActiveState created PPM to handle prebuilt module distribution.
It uses a Perl program called ppm. You can start the program either by typing ppm or by running ppm-shell from within the Perl bin directory:. Programs written for system administration have a twist that makes them different from most other programs: on Unix and Windows they are often run with elevated privileges i. With this power comes responsibility.
There is an extra onus on us as programmers to write secure code. We write code that can and will bypass the security restrictions placed on mere mortals. Tiny mistakes can lead to severe disruptions for our users or damage to key system files. Here are some of the issues you should consider when you use Perl under these circumstances. By all means, use Perl. But if you can, avoid having your code run in a privileged context.
Most tasks do not require root or Administrator privileges. For example, your log analysis program probably does not need to run as root. Create another, less privileged user for this sort of automation. Have a small, dedicated, privileged program hand the data to that user if necessary, and then perform the analysis as the unprivileged user. For instance, a mail delivery program you create may need to be able to write to a file as any user on the system.
However, programs like these should shed their omnipotence as soon as possible during their run. Windows does not have user IDs per se, but there are similar processes for dropping privileges, and you can use runas.
When reading important data like configuration files, test for unsafe conditions first. For instance, you may wish to check that the file and all of the directories in its path are not writable since that would make it possible for someone to tamper with them.
The other concern is user input. Never trust that input from a user is palatable. Even if you explicitly print Please answer Y or N: , there is nothing to prevent the users from answering with 2, random characters either out of malice or because they stepped away from the computer and a two-year-old came over to the keyboard instead.
User input can be the cause of even more subtle trouble. To Perl, there is nothing special about this character, but to the libraries it indicates the end of a string. In practical terms, this means it is possible for a user to evade simple security tests. One example given in the article is that of a password-changing program whose code looks like this:.
But when that string is passed to the underlying C library, the string will be treated as just root , and the user will have walked right past the security check.
If not caught, this same exploit will allow access to random files and other resources on the system. The easiest way to avoid being caught by this exploit is to sanitize your input with something like this:. This is just one example of how user input can get programs into trouble. Because user input can be so problematic, Perl has a security precaution called taint mode. If your program can write or append to every single file on the local filesystem, you need to take special care with how, where, and when it writes data.
On Unix systems, this is especially important because symbolic links make file switching and redirection easy. Unless your program is diligent, it may find itself writing to the wrong file or device.
There are two classes of programs where this concern comes especially into play. Programs that append data to a file fall into the first class.
The steps your program should take before appending to a file are:. Make sure that it is not a hard or soft link, that it has the appropriate permissions and ownership, etc. Compare the values from steps 1 and 3 to be sure that you have an open handle to the file you intended. The bigbuffy program in Chapter 10 illustrates this procedure. Programs that use temporary files or directories are in the second class.
File::Temp can also remove the temporary file for you automatically if desired. Whenever possible, avoid writing code that is susceptible to race condition exploits.
The traditional race condition starts with the assumption that the following sequence is valid:. Your program checks the timestamp on a file of bug submissions to make sure nothing has been added since you last read the file. If they can get your program in step 2 to naively act upon different data from what it found in step 1, they have effectively exploited a race condition i.
Other race conditions occur if you do not handle file locking properly. Race conditions often show up in system administration programs that scan the filesystem as a first pass and then change things in a second pass.
Nefarious users may be able to make changes to the filesystem right after the scanner pass so that changes are made to the wrong file. Make sure your code does not leave such gaps open. It is important to remember that system administration is fun. Wheeler for secure programming under Linux and Unix. The concepts and techniques Wheeler describes are applicable to other situations as well. Skip to main content. Start your free trial.
Privacy Policy. New eBooks. Search Engine. Automating System Administration with Perl. If you do systems administration work of any kind, you have to deal with the growing complexity of your environment and increasing demands on your time. Automating System Administration with Perl, Second Edition, not only offers you the right tools for your job, but also suggests the best way to approach specific problems and to securely automate recurring tasks.
With this book in hand and Perl in your toolbox, you can do more with less--fewer resources, less effort, and far less hassle. Unix System Administration With Solaris This course is intended to be a basic introduction to UNIX system administration. It is not intended to be en encyclopedic reference; it is designed to introduce the UNIX system to you, and equip you with basic skills to manage and run your own systems.
You will learn to use Solaris The goal is to get you used to working in a UNIX-like way rather than teaching you every possible command or technique
0コメント