 Aaron's Linux Scripts (www.fireparse.com) All files are '.tgz' which can be extracted with gunzip and then tar, or most modern GNU tar versions can use the 'z' option, eg: 'tar zxvf net-check.tgz' By popular request (yeah, two people) I have set up a page on ways you can support my efforts. ADMLogger tivo_mail net-check pconfig |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Download ADMLogger |
"ADMLogger"
is a log analyzing engine based on 'fireparse.' After I had written
fireparse, I had found myself
writing little scripts based on it. Like one that told me what my FTP server
did that day. And then more things like - were unauthorized machines trying
to get IP addresses from my DHCP server? So I decided to rip out the 'engine'
of fireparse to create a generic log analyzer system. Using this core, I
could easily build upon it with plugins. This also made it easier on my systems
since there was now only one entry for cron, and I didn't have different code
everywhere - a bug fix in fireparse had me searching the rest of my systems
looking to see if I still used that line.
For the average Linux user, ADMLogger will probably only be a means to an end - that end being able to run fireparse. But with very little Perl programming knowledge, it may become a powerful tool in a System Administrator's toolbox. ADMLogger creates e-mail reports that can be formatted plain text or full HTML, which is up to the plugin designers to support. The main system has a HTML preference, so if your plugin ignores it, so be it. ADMLogger will also remove all filtered entries from the main syslog file into a second file so your other entries are more noticable. All plugins listed below are included in the ADMLogger download package! New in version 1.1: Improved non-HTML output support for ALL plugins. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ADMLogger plugin fireparse |
Reports on all packets that have been logged by the kernel's ipchains and iptables packet filtering subsystems. The report can include:
fireparse does not provide any firewall scripts or guidance - there are enough of those to go around. See FirewallScript or anything that matches on freshmeat. New in version 3.0 (ADMLogger 1.0/1.01): ADMLogger plugin. New in version 3.1 (ADMLogger 1.1): Watch chains - only the count received and the port they came in on (for example, to watch the newest Microsoft worm, but don't want 300 entries showing each machine that is trying to infect you) Tweaked HTML columns The optional perl module is now really optional An (old) sample - output is slightly different now:
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ADMLogger plugin dhcpd |
OVERVIEW
========
I use the ISC DHCPd daemon to manage IPs on my home network. My wireless hub
supposedly filters at the MAC level, but just in case I do have some security
measures. A quick and easy way to see if unauthorized MAC addresses are on my
network is to see if unauthorized MACs are requesting IP addresses. My DHCP
setup file has hard coded MAC <==> IP pairs, as shown:
host mokushi {
hardware ethernet 00:11:22:33:44:55;
fixed-address 192.168.0.1;
}
host apocalypse {
# hardware ethernet 00:11:22:33:44:66; # Realtek 8139
hardware ethernet 00:11:22:33:44:77; # nVidia nForce
fixed-address 192.168.0.2;
# 14 DAYS for desktop systems
max-lease-time 1209600;
default-lease-time 1209600;
}
This plugin examines the dhcpd output from the system log and checks that the
only MAC addresses that the DHCP server ever refers to are listed in the setup
file (properly ignoring commented out lines).
New in version 1.1: Fixed upper/lower case problems dhcpinform statements now handled WinXP Home problem fixed |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ADMLogger plugin pam_unix |
OVERVIEW ======== This plugin simply checks to see who has issued the 'su' command and compares the list to known 'good' user names. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ADMLogger plugin pureftp |
OVERVIEW ======== I share a few files regularly with some friends on a private FTP server. I run PureFTP and this program will email me daily reports telling me who is downloading what, when somebody has uploaded something new, etc. It also tells me their throughput which is nice to know. If it encounters a line that it does not understand, it will put it in the email message sent. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ADMLogger plugin zcleanup |
OVERVIEW ======== This plugin is named to be the last executed on the log file. In it are a set of Perl Regular Expressions (don't worry yet) that contain lines that show up in your system log that you really don't care about hearing. The use of this plugin is considered ADVANCED - please do NOT use it unless you are fairly sure you know what you are doing. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ADMLogger 3rd party plugin N/A | No third party plugins are available yet - if you write one, I would be happy to link to it from here! | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Download tivo_mail |
tivo_mail is a set of scripts to allow you to see your waiting e-mail on your TV screen using a TiVo! | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Download net-check |
The "net-check" package is a pair of simple perl scripts that will monitor and report on your internet connectivity. The scripts came about when my DSL provider repeatedly dropped the connections on a machine that was used exclusively as a dial-up gateway. In addition, since I am spending $50 a month for my internet connection, I want to make sure I get what I paid for. A Sample: To: user@isp.net Subject: Automated Network Checks Report Last month, there were 64.25 hours of downtime out of 720 possible hours. (There were only 2692 out of 2880 possible samples made.) Last month's ratio was 0.089 so your bill should be $45.53. -------------------------------------------------------------------------------- 1 : 2 hr 2 : 22 hr 3 : 0.5 hr 4 : 1.25 hr 5 : 1.75 hr 6 : 0.25 hr 7 : 0.25 hr 8 : 0.25 hr 9 : 1.25 hr 10 : 3.25 hr 11 : 1.25 hr 13 : 0.25 hr 14 : 1.75 hr 15 : 0.25 hr 16 : 0.75 hr 17 : 0.75 hr 18 : 8.5 hr 19 : 0.75 hr 20 : 11.5 hr 21 : 0.75 hr 22 : 0.75 hr 23 : 1.75 hr 24 : 2 hr 25 : 0.25 hr 27 : 0.25 hr | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Download pconfig |
From the README: "pconfig" is a perl script to set up... perl scripts! Allows a perl script's configuration information to be included within the script for no need for external files. Controlled by internal comments within the script itself (the target script). The output script is also pconfig compatible (if renamed to .pc) to reconfigure if required. What's the use? I am the author of a few other perl scripts, some GPL, some not. Two of them are designed to (try to) be as fast as possible. This is especially true for net-check since it is designed to be run every fifteen minutes.
When I released the first version of fireparse, I got e-mail like crazy. Why? I accidentally left my e-mail address in there as the report destination! Oops... So I decided to write pconfig to be an external program that would set up fireparse and handle (some) sanity checking along the way. Figuring it may help other people (that's why fireparse was first released), I made pconfig fairly generic. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Free counters provided by Honesty.com.