A Linux system has quite a number of tools for accessing, manipulating, and troubleshooting network connections. We can incorporate some of these tools into scripts -- scripts that expand our knowledge of networking, useful scripts that can facilitate the administration of a network.
Here is a simple CGI script that demonstrates connecting to a remote server.
Print the server environment
#!/bin/bash # test-cgi.sh # by Michael Zick # Used with permission
# May have to change the location for your site. # (At the ISP's servers, Bash may not be in the usual place.) # Other places: /usr/bin or /usr/local/bin # Might even try it without any path in sha-bang.
# Disable filename globbing. set -f
# Header tells browser what to expect. echo Content-type: text/plain echo
echo CGI/1.0 test script report: echo
echo environment settings: set echo
echo whereis bash? whereis bash echo
echo who are we? echo ${BASH_VERSINFO[*]} echo
echo argc is $#. argv is "$*". echo
# CGI/1.0 expected environment variables.
echo SERVER_SOFTWARE = $SERVER_SOFTWARE echo SERVER_NAME = $SERVER_NAME echo GATEWAY_INTERFACE = $GATEWAY_INTERFACE echo SERVER_PROTOCOL = $SERVER_PROTOCOL echo SERVER_PORT = $SERVER_PORT echo REQUEST_METHOD = $REQUEST_METHOD echo HTTP_ACCEPT = "$HTTP_ACCEPT" echo PATH_INFO = "$PATH_INFO" echo PATH_TRANSLATED = "$PATH_TRANSLATED" echo SCRIPT_NAME = "$SCRIPT_NAME" echo QUERY_STRING = "$QUERY_STRING" echo REMOTE_HOST = $REMOTE_HOST echo REMOTE_ADDR = $REMOTE_ADDR echo REMOTE_USER = $REMOTE_USER echo AUTH_TYPE = $AUTH_TYPE echo CONTENT_TYPE = $CONTENT_TYPE echo CONTENT_LENGTH = $CONTENT_LENGTH
exit 0
# Here document to give short instructions. :<<-'_test_CGI_'
1) Drop this in your http://domain.name/cgi-bin directory. 2) Then, open http://domain.name/cgi-bin/test-cgi.sh.
_test_CGI_
For security purposes, it may be helpful to identify the IP addresses a computer is accessing.
IP addresses
#!/bin/bash # ip-addresses.sh # List the IP addresses your computer is connected to.
# Inspired by Greg Bledsoe's ddos.sh script, # Linux Journal, 09 March 2011. # URL: # http://www.linuxjournal.com/content/back-dead-simple-bash-complex-ddos # Greg licensed his script under the GPL2, #+ and as a derivative, this script is likewise GPL2.
connection_type=TCP # Also try UDP. field=2 # Which field of the output we're interested in. no_match=LISTEN # Filter out records containing this. Why? lsof_args=-ni # -i lists Internet-associated files. # -n preserves numerical IP addresses. # What happens without the -n option? Try it. router="[0-9][0-9][0-9][0-9][0-9]->" # Delete the router info.
lsof "$lsof_args" | grep $connection_type | grep -v "$no_match" | awk '{print $9}' | cut -d : -f $field | sort | uniq | sed s/"^$router"//
# Bledsoe's script assigns the output of a filtered IP list, # (similar to lines 19-22, above) to a variable. # He checks for multiple connections to a single IP address, # then uses: # # iptables -I INPUT -s $ip -p tcp -j REJECT --reject-with tcp-reset # # ... within a 60-second delay loop to bounce packets from DDOS attacks.
# Exercise: # -------- # Use the 'iptables' command to extend this script #+ to reject connection attempts from well-known spammer IP domains.
More examples of network programming:
TODO Getting the time from nist.gov
TODO Downloading a URL
TODO A GRE tunnel
TODO Checking if an Internet server is up
TODO Example 16-41
TODO Example A-28
TODO Example A-29
TODO Example 29-1
See also TODO the networking commands in the System and Administrative Commands chapter and the communications commands in the External Filters, Programs and Commands chapter.