unix linux administration ii
Skip this Video
Download Presentation
Unix Linux Administration II

Loading in 2 Seconds...

play fullscreen
1 / 60

Unix Linux Administration II - PowerPoint PPT Presentation

  • Uploaded on

Unix Linux Administration II. Class 5: Scripting arithmetic, quoting and arguments. Certificates. Scripting conditionals. Agenda. discuss Homework. . vimrc file Secured web directory Master DNS server Ping script. Review last class Unit 1: Scripting quotes & arguments.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Unix Linux Administration II' - hien

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
unix linux administration ii

Unix Linux Administration II

Class 5: Scripting arithmetic, quoting and arguments. Certificates. Scripting conditionals

  • discuss Homework.
    • .vimrc file
    • Secured web directory
    • Master DNS server
    • Ping script.
  • Review last class
  • Unit 1: Scripting quotes & arguments.
  • Unit 2: Certificates.
  • Unit 3: Scripting conditionals.

Midterm quiz information.

homework review
Homework review
  • .vimrc
    • “ comments
    • set number
  • secured web directory
    • enable overrides
    • create .htaccess file
    • create .htpasswd file
    • restart webserver
homework review1
Homework review
  • Master DNS zones.
    • zone name
    • create zone file
    • update named.conf
    • restart named
    • check logs, pull zone file,
  • ping script
    • script template
    • ping 3 times?
    • mv output

nslookup: deprecated but still exists.

dig: preferred replacement for nslookup

host: provides a limited set of functions.

traceroute and tracepath: provide hop or path details.

ping – common initial troubleshooting tool.

nscd – name service caching daemon

  • Master server maintains zone file and it is stored on disk locally. The master and the slave are authoritative for the zone.
  • zone files describe the domain, provide SOA details and contain resource record information.
  • Slave servers store a copy of the zone file but, the file is not managed locally.
  • zone updates are based on serial number increments. The updates can be full (axfr) incremental (ixfr) or dynamic.
  • in-addr.arpa is used for reverse records. Contains the PTR records.

Script templates - :r template.sh

Variables start with _ or alphabetic character

Variables assignment


Re-assign var2=$var1

Rename var3=${var2}.bk

Order of operations; variable substitution, file substitution, parse command line.

class 5 unit 1
Class 5, Unit 1

What we are going to cover:

  • Scripting; arithmetic, quoting and arguments.

What you should leave this session with:

  • Ability to complete basic math in your shell.
  • Knowledge of your quoting options.
  • How to pass and shift arguments.
script bin
Script bin

It may be helpful to create a script directory in your home directory with a bin sub directory. Using this design you can place your scripts into this directory and then add this to your PATH variable.


export PATH=${PATH}:/home/user/script/bin

random script tips
Random script tips

Whitespace is ignored on the first line.

#! /bin/sh, #!/bin/sh or #! /bin/sh

You can set shell options on the first line such as debug

#! /bin/sh –x

Sometimes you may find scripts with just a dash and no option. This tells the shell that there are no more options. This can prevent some types of spoofing attacks.

#! /bin/sh -

arithmetic in the shell
Arithmetic in the shell

The Portable Operating System Interface (POSIX) standards define a set of Application Programming Interfaces (API), shell, and utility interfaces for UNIX systems.

POSIX allows for some basic arithmetic expansion and functions.

Including + - * / < > || && etc.

Standard syntax is $((expression))

e.g. echo $((2*4))

shell math cont
Shell math cont.

Multiple parenthesis can exist within the basic syntax. They expressions are executed in the order you might remember from high school algebra, *pemdas…

echo $(( i = ( i + 10 ) * 2 )

Try this in your shell.

Now run it again did the value change? If so why?

*Please Excuse My Dear Aunt Sally

shell math cont1
Shell math cont.

Leading and trailing whitespace is valid.

  • echo $((i=(i + 10)*2))


  • echo $((i=(i + 10)*2))

The exit status ($?) is true (0) so long as the last expression is a non zero value. Otherwise the exit status is false (1).

quotes single double and on
Quotes, single, double and on…

There are four recognized quotes in shell

  • \ back slash
  • ‘ single quote
  • “ double quote
  • ` back quote
back slash
Back slash \

The backslash can remove the special meaning of the character directly adjacent.

echo “The \$PATH value is $PATH”

Shell treats a backslash at the end of a line as an argument delimiter.

ps –ef \

| wc –l

This is often used to break up commands that require multiple lines.

single quotes
Single Quotes

Single quotes tell the shell not to interpolate anything within the quotes. It is like saying set the value to exactly this regardless of the special characters you might see.

ulc-231 ~]$ echo '$HOME \\ \$PATH'


double quotes
Double quotes

Double quotes are the opposite of single quotes in that you want the shell to interpolate the contents within the shell

[[email protected] ~]$ echo "$HOME \\ \$PATH"

/home/angus \ $PATH

back quote and command substitution
Back quote and command substitution

The back quote is used to capture command output like date, ls, ps etc.


echo $today

This can also be done as follows


Either is acceptable.

*Solaris may need use the latter syntax

more on command substitution
More on command substitution

You can use cat to store file contents in variables.

filecontent=$(cat )

echo "$filecontent“

you can also translate characters using echo and tr

name="buck rogers"

name=$(echo $name | tr '[a-z]' '[A-Z]')

echo $name


enter argument
Enter argument.

To argue with a script is not a bad thing. This means to provide a value defined at runtime as a variable for your script.

[[email protected] scripts]$ ./script.sh help

passing arguments around
Passing arguments around

When passing in arguments to a script the order of the arguments defines the variable

./myscript name1 name2 name3 name4

Within the script

$1 = name1

$2 = name2

positional parameters
Positional parameters.

The shell automatically stores the first argument and subsequent arguments starting at $0 through $9

You can leverage these arguments in your script for the duration of the process.

[[email protected] scripts]$ ./script.sh mon tue

What do you think the value of $0 is?

what the shell
$# what the shell

Every time a shell script is run the $# records the number of variable passed to the script. This can be a good way to determine if the script received the expected input.

what the shell is this
$* what the shell is this?

The $* variable replaces all the arguments passed to the shell.

On.sh bob john tom

echo $*

echo “script only run with first user provided”

who | grep $1

shift my shell variable
Shift my shell variable

Shift values off the stack per se’. Here is a simple example using shift, $#, $*

[[email protected] shell]$ ./shifting.sh a b c d

+ echo 4 a b c d

4 a b c d

+ shift

+ echo 3 b c d

3 b c d


basic math syntax $((expression))

most common functions available including bitwise and logcal

White space is optional.

non-zero final expression return true.

Quoting ', ", ` and \

command subsitution user=$(grep -i $name /etc/passwd)

review cont
Review: cont.

Positional parameters are provided by the shell environment and automatically assign variables to values passed into the script.


who | grep root

on.sh root

who | grep $1

$# = number of arguments passed to the script.

$* = reference all arguments passed to the script

$? = Stores the exit value of the script

in class lab 5a
In class lab 5a
  • Lab notes for this session can be found here: http://www.ulcert.uw.edu -> Class Content -> InClass labs ->
class 5 unit 2
Class 5, Unit 2

What we are going to cover:

  • Self signed certificates

What you should leave this session with:

  • How to create self signed certificates
  • Certificate installation for web servers.
crypto nerd fantasy and reality
Crypto nerd fantasy and reality.

Source: http://xkcd.com/538/

pki bob and alice in a crowded room
PKI-Bob and Alice in a crowded room.

How do Bob and Alice have a private conversation in a crowded room using a mega phone?

Both create public/private key pairs

They exchange public keys

Now they can establish communication by encrypting all communication with the others public key as only the holder of the private key can decrypt the messages.

How important is the private key?

self signed certificates
Self signed certificates

Self signed certificates are just like the public/private keys generated by Bob and Alice.

When we create a self signed certificate a user in our case a web client is provided with the public key and if accepted will encrypt the traffic with that key. Ok just the symmetric key they agree on but I digress….

openssl self signed certificates
Openssl: self signed certificates

Using openssl you can create both the private and public keys or certificates.

This means you sign your own public certificate.

You are saying, “Trust me, hey I trust me!”.

Just like the ssh keys we use for system authentication, private key encryption is optional.

If we encrypt the private key for ssl we will have to provide the passphase each time we start up the websever.

openssl self signed
Openssl: self-signed.

Creating a self signed cert requires:

  • Cert request
  • Private key
  • Public certificate signed by private key.

The cert request should also include attributes about the certificate including but not limited to organization, name, city, state, and cn (fqdn).

openssl self signed1
Openssl: self signed

openssl req –x509 –nodes –days 365 –newkey rsa:1024 –keyout cert.key –out cert.crt

req = generate cert request

nodes = do not encrypt cert

days = life of cert

newkey = type and length of the certificate.

keyout = private key name

out = public key path.

QUESTION, do you need to root privileges for this action?

web server configuration
Web server configuration

Apache web servers typically have a separate ssl.conf file.

This file for yum based builds is located under:


You need to define the path to your public certificate and private key.

If the key is passphrase encrypted, you will need to enter this passphrase each time you start the server.

review certificates
Review: certificates

Public certificate and Private key

For self-signed certificates you need:

  • private key
    • server.key
  • certificate signing request (csr)
    • server.csr
  • public certificate which is based on the newly created csr which is related to the private key.
    • server.crt

Web server ssl configurations:


in class lab 5b
In class lab 5b
  • Lab notes for this session can be found here: http://www.ulcert.uw.edu -> Class Content -> InClass labs ->
class 5 unit 3
Class 5, Unit 3

What we are going to cover:

  • Scripting and conditionals

What you should leave this session with:

  • How to add decision points to your scripts.
  • How to enable debug in your scripts.
  • Tabs or Spaces
    • Be consistent! (possible vimrc setting?).
  • Helps with legibility
  • Most languages ignore white space
    • Good or Bad?

”…code is read much more often than it is written”

Python - http://www.python.org/dev/peps/pep-0008/#indentation

exit status
Exit status

Every time you run a script it produces an exit status. Zero is successful anything else indicates failure.

Failures can be caused for lots of reasons. The exit value is stored in $?

echo $?

What are some ways to create a failed exit status?

the if construct
The "if" construct

"if" is one of the first conditional statements you will probably encounter.

You can think of this as "if X then do Y and finish". The if statement must start with "if" and end with "fi". We will see similar constructs in other conditionals later.

for example:

if [ -f /etc/hosts ]; then

echo "a host file exists"


how to test string values
How to test string values.

You can test an expression for a true or false value using the expression "test".


if test “$user” == angus; then

echo “$user found on system”


Many test operators are available such as

==, !=, -z string (string is null) –n string (string is NOT null), string (is defined)

test cont
Test cont.

You can also test for integer values with

Returns true (0) if:

int1 -eq int2

int1 -ge int2 “great than or equal to”

int1 -gt int2 “greater than”

int1 -le int2 “less than or equal to”

int1 -lt int2 “less than”

int1 -ne int2 “not equal to”

[ “$value” -eq 0 ]

file tests
File tests

The file tests expect a single argument, the filename.

-d file file is a directory

-e file file exists

-f file file is an ordinary file

-r file file is read only

-s file file has nonzero length

-w file file is writable by process

-x file file is executable

-L file file is a symbolic link

[ -f /etc/passwd ] is this an ordinary file

[ -r /etc/passwd ] Is file readable by process.

logical operators available
Logical operators available.

! Used to negate the value

[ ! –r /etc/shadow ] is the file not readable

-a performs logical AND of two expressions.

[ -f /etc/passwd –a –r /etc/passwd ]

BOTH must be true.

-o performs logical OR of two expressions.

[ -f /etc/passwd –o –r /etc/shadow ]

true if EITHER are successful


You can use parentheses in a test to alter the order of evaluations however the parentheses must be escaped

[ \( “$value” –ge 0 \) –a \( $value –lt 10 \) ]

the else conditional
The else conditional

The else statement can expand the if statement. If the first condition is true the second one is skipped.

if cmd; then







else example
else example

# value passed in from cmd line.


if who | grep "^$user " > /dev/null; then

echo "$user is logged on"


echo "$user is NOT logged on"


exit command
Exit command

Exit allows you to immediately terminate a script. You can pass exit a numeric value also if you want, this become the status code stored by $?

if ...


echo "$user is NOT logged on“

exit 2


syntax for else if elif
Syntax for Else/if = elif

If you find a need for nested if statements this can resolved with elif statements.

If cmd ; then


elif cmd ; then





the case statement
The case statement

Case statements let you compare a value against multiple values and execute one when a match is found. Case statements can be very efficient.

case value in

pattern) cmd


pattern) cmd



pattern) cmd



sample case statement
Sample case statement

# script expects a single variable.

case "$1” in

0) echo zero;;

1) echo one;;

2) echo two;;

3) echo three;;

*) echo "out of expected range";;


Result, user enters 1 script echoes “one”

talk about nothing no operator
Talk about nothing, no operator

The shell representation for no operator is :

This can be used in a script when you what to check for a value but do nothing if it is defined but return a message if it does not exist.

If grep “userid /etc/passwd” > /dev/null; then



echo “user is not defined to system”


debug your scripts
Debug your scripts

One way to debug your scripts is to start them with the –x option like this:

/bin/sh –x number.sh

  • /bin/sh -x number.sh 2
  • + case "$1" in
  • + echo two
  • Two

The set –x option will display command and their arguments as they are executed.

debug cont
Debug cont.

You can extend the output using –v

Enabling –v will display the shell input lines as they are read.

Both can be enabled at the same time.

#!/bin/sh –vx

Or within the script using something like

  • set –v on
  • set –x on

Disable using +v or +x

shell logical or and logical and
Shell logical OR and logical AND

Logical OR = ||

cmd1 || cmd2

cmd2 is ONLY executed if cmd1 fails.

Logical AND = &&

cmd1 && cmd2

ONLY if cmd1 succeeds will cmd2 run.

review conditionals
Review: conditionals

Exit status, 0 = success, !0 = fail.

if test "$user" == “

you can also just use []

[ "$user" == “” ]

File tests, such as does the file exist.

[ -e /etc/nsswitch.conf ]

logical operators

-a -o || &&

You can use parentheses to alter the order of evaluations.

if cmd; then do; else do; fi

if [ "$HOME" ]; then echo "Found home!"; else echo "shucks we are homeless!"; fi

in class lab 5c
In class lab 5c
  • Lab notes for this session can be found here: http://www.ulcert.uw.edu -> Class Content -> InClass labs ->
homework and midterm
Homework and Midterm

Homework for this week and the midterm will be posted later tonight.