[aklug] Re: Linux certification

Damien Hull writes:
> Thanks for the examples. I haven't had a chance to look at
> any bash scripting yet. I should have time this weekend.
>
> Umm... What's up with those expressions? I don't get them,
> regular or otherwise. Guess I'll learn once I start reading
> about shell scripting. In case anyone is confused it's the
> stuff inside the brackets.
>
> if [ "$TEST" =3D "yes" ]

that's a shortcut for the 'test' (or '[') command.

   test "$TEST" =3D "yes" # returns either 1 or 0

And for everybody's super fun time pleasure maki ono discuss,
here's the startup script that I use on my distributed sniffer
platform. It runs on multiple types of boxes from a 2G system
flash drive, so I like it to be generic.
If it detects a management interface, it'll auto-skip it, otherwise
any ethernet 'eth*' are valid. It also auto-detects link-state
and vlan information (only 1 vlan per IF, currently, so no trunks)

There's probably going to be some line wraps, but meh.

Caveat: Shane Spencer will hate this.

#!/bin/bash
# (c) 2009 Leif Sawyer

# here's where we store our capturefiles
DATAMOUNT=3D"/data"

# Nothing to see...
##############################################

PATH=3D/bin:/usr/bin:/sbin:/usr/sbin

# Array of system interfaces to check
declare -a SYSIFACES

# Array of real interfaces to use for sniffing (raw, vlan, etc)
declare -a REALIFACES

#will we need to load the 802.1q module?
NEEDVLANMOD=3D0

MTD=3D$(mount | grep ${DATAMOUNT})
if [ -z "${MTD}" ]; then
        echo "${DATAMOUNT} partition not mounted, aborting"
        exit 1
fi

# Check for 'management' interfaces
DEFIF=3D$(netstat -rn | grep '0.0.0.0.*UG')
DEFIF=3D"${DEFIF//*eth/eth/}"

#if there's no management inteface, give grep a fake regexp to avoid breaky
DEFIF=3D"${DEFIF:-^$}"

# get a count of available ports, except for management, for sizing the dat=
afile counts.
# Include any existing VLANS, but exclude their parent physical interfaces=
.
SYSIFACES=3D$(ip link show | grep "eth[0-9]" | grep UP |
                 grep -v "${DEFIF}" | cut -f 2 -d: | cut -f 1 -d@)
VLANPARENTS=3D$(ip link show | grep "@eth"| cut -f 2 -d: | cut -f 2 -d@ | s=
ort -u )
for i in $VLANPARENTS; do
        SYSIFACES=3D$(for v in ${SYSIFACES}; do echo $v | egrep -vw "${i}\$=
" ; done)
done

# Make sure we only include 'up' interfaces in the list
declare -a TEMPIFS
for IFACE in ${SYSIFACES}; do
        link=3D$(ethtool ${IFACE} | grep Link)
        link=3D"${link##*no*}"
        if [ -n "${link}" ]; then
                  #Always a pointer to the 'next' available slot in zero-ba=
sed counting.
                IND=3D${#TEMPIFS[@]}
                TEMPIFS[IND]=3D"${IFACE}"
        fi
done
SYSIFACES=3D( ${TEMPIFS[@]} )

SYSIFACEC=3D$(echo ${SYSIFACES}|wc -w)

# figure out how many data files we can store without disk-full errors
FREE=3D$( df -k ${DATAMOUNT} | awk '{print $4}' | tail -1 )
COUNT=3D$( expr ${FREE} / 1000 / 512 / ${SYSIFACEC} )

if [ ${COUNT} -lt 2 ];
then
        echo "not enough free space on ${DATAMOUNT}!"
        exit 255
fi

for IFACE in ${SYSIFACES}
do
        # Check for vlan interfaces
        IND=3D${#REALIFACES[@]}
        USE_VLAN=3D$(tcpdump -i ${IFACE} -e -X -c 1 2>&1 | grep -i 802.1Q)
        USE_VLAN=3D"${USE_VLAN##*802.1Q*}"
        REALIFACES[$IND]=3D"${IFACE}"
        if [ -z "${USE_VLAN}" ];
        then
                VLAN_ID=3D$(tcpdump -i ${IFACE} -X -c 1 2>&1 | grep vlan |
                                        cut -f 1 -d, | awk '{print $3}' )
                if [ -n "${VLAN_ID}" ]; then
                        REALIFACES[$IND]=3D"${IFACE}.${VLAN_ID}"
                        NEEDVLANMOD=3D1
                fi
        fi
done

if [ $NEEDVLANMOD -eq 1 ];
then
        modprobe -Q 8021q
fi

# taken care of by shutdown script
# > ${DATAMOUNT}/.sniffer/pids

for i in $(seq 0 $((${#REALIFACES[@]} - 1)))
do
        # echo "found ${REALIFACES[i]}" #DEBUG

        exists=3D$( ip link show ${REALIFACES[i]} 2>&1 | grep UP | awk '{pr=
int $3}')
        if [ -z "${exists}" ]; then
                # This interface doesn't yet exist? Probably a VLAN, so bri=
ng it up
                VLANID=3D"${REALIFACES[i]##*.}"
                ETHIF=3D"${REALIFACES[i]%%.*}"
                if [ -n "${VLANID}" ]; then
                        vconfig add $ETHIF $VLANID
# adding a vlan mungs the parent interface, and this -should- restore it bu=
t doesn't.
# vconfig set_flag ${ETHIF}.${VLANID} REORDER_HDR 0
                        ifconfig ${ETHIF}.${VLANID} up
                fi
        fi

        ethstat=3D$( ip link show ${REALIFACES[i]} 2>&1 | grep UP | awk '{p=
rint $3}')
        if [ -n "${ethstat}" ]; then
                ifconfig ${REALIFACES[i]} promisc >/dev/null 2>&1
                ETH_OK=3D$?
                if [ "${ETH_OK:-255}" -eq 0 ]; then
                        tpid=3D$(ps -ef | grep tshark | grep ${REALIFACES[i=
]} |
                                         awk '{print $2}')

                        if [ -z "${tpid}" ]; then
                                tshark -n -q -i ${REALIFACES[i]} -a filesiz=
e:512000 \
                                                -b files:${COUNT} -w ${DATA=
MOUNT}/${REALIFACES[i]}.cap &
                                stat=3D$?
                        fi
                        sleep 3

                        tpid=3D$(ps -ef | grep tshark | grep ${REALIFACES[i=
]} |
                                        awk '{print $2}')
                        if [ -n "${tpid}" ]; then
                                echo "${tpid}" >> ${DATAMOUNT}/.sniffer/pid=
s
                        fi

                fi
        fi
done

echo "capture running on ${#REALIFACES[@]} interface(s), max ${COUNT} files=
 per instance"

exit 0
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Dec 1 11:38:17 2009