Today: we practice using sudo and creating new users and groups and explore a new scripting language (Perl).
Modify the sudo configuration file to include an entry for your account and to permit it to run commands as root. Verify that it works by executing sudo /sbin/fdisk -l /dev/sda to see the partitions defined on your hard drive.
Now use sudo and lvrename to change the name of your lv_home logical volume to be named lv_swap2, so that the next person who looks at your logical volumes is not confused. Note that this means you'll also need to change /etc/fstab so that your system finds your new swap volume at next boot.
Create an account for a friend using useradd and passwd. Notice that it automatically created a home directory and a personal group in /etc/group. Look at the password you created in /etc/shadow to see whether it is md5 or not. How can you tell?
Establish an account for me, called prof, with the specific encrypted password: $6$9lAKxQZj$1Agt39ynQJRY28OsnwM/Kh8omTqhix0CpdBg8gLIPnV7qL39gWftM6DqmM4duDfMgfCamD0Kt8EvRrbmTIV0n0 so that I can log in with a password that I know. Create a new entry in /etc/group for a new group, and add your personal account and the prof account to it. Verify that your account is now in two groups using the groups command.
Wireshark (formerly known as Ethereal) is a popular cross-platform packet sniffer --- it can record the packets that your network adapter sees on the network. Under normal circumstances, your adapter sees only the traffic that is sent to or from your computer. When you use a shared medium (such as a wireless network or a hub instead of a switch) you'll also be able to see packets belonging to other computers.
Packet sniffers such as wireshark and tcpdump are valuable tools to understand exactly what traffic is flowing on a link, and to debug network applications. However, in a non-switched environment it can enable you to see other people's traffic, and even in a switched environment you will be able to see other people's traffic if they are logged into the same machine. As a result, use of such tools should be determined carefully, and with respect to any AUP.
Use wireshark to monitor your computer's traffic on the network. Since you likely don't have wireshark installed in /usr/sbin/wireshark, you'll need to install it first. Run yum install wireshark-gnome to install the gnome-based front-end to wireshark (say yes to install the packages requested and any dependencies).
Run wireshark. Note that this program requires root access (and so will ask you for the root password when started from a regular account). If you are unable to click on anything in wireshark after starting it, look for a hidden dialog box behind wireshark. Click on the Capture Options icon (second from left) and click the Pseudo-device that captures on all interfaces --- it will start capturing traffic, and show the count of the number of ethernet frames captured of varying types. Stop after you've captured a few hundred and take a look at the kinds of traffic. If you aren't seeing any traffic, open a browser and start accessing some Web sites.
Use wireshark to capture just DNS packets (which are UDP packets on port 53). To do that, put "port 53" into the capture filter box (not display filter) that is visible from Capture->Options. Now visit a new site, such as http://www.cs.vu.nl/ and capture a few dozen DNS requests and responses. You'll likely see a number of AAAA queries. What are they?
One is typically attached to the departmental network. We usually leave the second empty, for use in the future for networking-specific exercises.
Running ifconfig with no arguments generates a list of all network devices and their configurations. Note the list includes another device we have not mentioned -- the network loopback device, which is defined to be 127.0.0.1 for all systems, and is usually defined with the DNS name of "localhost". You can, for example, ping localhost with the same effect as pinging with the current name of your machine. Do such pings show up in wireshark?
Revise the local boot script from lab #3 to incorporate the output of ifconfig on every boot. (No, it doesn't need to be all on one line this time.)
If you are unfamiliar with Perl, start by skimming through the section on Perl in chapter 2 of ULSAH. If you are uncertain of your programming skills, I suggest: Picking Up Perl. If you are more confident, try Perl in 20 pages.
There is lots of Perl documentation online and there are multiple books on Perl in the Lehigh Safari e-book library.
Now write a very simple Perl script that prints out the parameters given to it, like the echo(1) command. It should work like this:
% ./echo.pl hello world
hello world
The following script will write the words 'hello world' to syslog, along with the PID of the logger.pl process. Modify it to write the contents of all parameters of the script instead (like the echo script above).
#!/usr/bin/perl
use strict; # compile-time checks
use warnings; # enable run-time warnings
use Sys::Syslog qw(:DEFAULT setlogsock); # library for syslog functions
setlogsock('unix'); # use a unix domain socket
openlog("logger.pl", 'pid', 'user'); # register ourselves
syslog('info', 'hello world'); # the syslog call
closelog(); # close the socket
Verify that it works by running it and checking /var/log/messages.
Challenge task (optional): modify your local boot script so that it extracts the IP address from ipconfig and adds it to the single line output (and ignores the rest of the ipconfig data). Then write a perl script that replicates the functionality of your improved local boot script.
If you have time, you might continue to work on Project #1.