Archive

Posts Tagged ‘Unix’

CentOS Firewall Init Script

August 8, 2010 3 comments

I wrote a simple chkconfig compatible firewall init script for CentOS/RedHat/Fedora based Linux systems.

It will setup iptables firewall rules allowing anyone to access user defined ports (22,80 by default). It also has the ability to whitelist and blacklist IP’s. I’ve tested it with chkconfig on CentOS 5.

Read more…

Print next few lines after pattern in AWK

May 6, 2010 1 comment

Input data.txt is a collection report for XYZ corp group by different collection zones.

$ cat data.txt
Total Collection = $10291 {Fri May  8}
zone7   4500
zone8   3545
zone1   1200
zone0   900
zone3   70
zone5   67
zone11  9
Total Collection = $11847 {Sat May  9}
zone1   2800
zone3   2800
zone6   2567
zone8   2300
zone9   1200
zone12  90
zone11  90

Required: We need to find out the top 4 collection zones for each day from the above file. i.e. to print next 4 lines where the pattern “Total Collection =” is found (as the items are sorted on collection amount).

This is how we can achieve this using awk:

$ awk '/^Total Collection =/{c=4;next}c-->0' data.txt
zone7   4500
zone8   3545
zone1   1200
zone0   900
zone1   2800
zone3   2800
zone6   2567
zone8   2300

Now if we need to print the header line also, something like:

$ awk '/^Total Collection =/{c=4;{print}next}c-->0' data.txt
Total Collection = $10291 {Fri May  8}
zone7   4500
zone8   3545
zone1   1200
zone0   900
Total Collection = $11847 {Sat May  9}
zone1   2800
zone3   2800
zone6   2567
zone8   2300

And if you want to just print the date part as the header with top 4 collection zones.

$ awk -F "[{,}]" '/^Total Collection =/{c=4;{print $2}next}c-->0' data.txt
Fri May  8
zone7   4500
zone8   3545
zone1   1200
zone0   900
Sat May  9
zone1   2800
zone3   2800
zone6   2567
zone8   2300
Categories: Linux / Unix, Tutorial Tags: , , ,

Reverse SSH Tunnelling

May 13, 2008 3 comments

It is possible to create a “reverse” SSH Tunnel. The reverse tunnel will allow you to create an SSH Tunnel from your work computer to your home computer, for example, and then login to your work machine from your home machine even if your work firewall does not permit ssh traffic initiated from your home machine!

For this to work, an SSH Server must be installed on your work and home computer, and ssh (TCP port 22) must be allowed outbound from your work computer to your home computer.

Syntax: ssh -R remote_port:localhost:22 your_home_computer

At home, you would then run ssh -p 2048 localhost to log into your work computer via ssh.

Here is a script that you can run through the cron facility on your work system to make sure the reverse SSH Tunnel to your home system is up and running. It is useful in case the system is rebooted.

#!/bin/sh

# $REMOTE_HOST is the name of the remote system
REMOTE_HOST=remote.system.ip

# $REMOTE_PORT is the remote port number that will be used to tunnel
# back to this system
REMOTE_PORT=5000

# $COMMAND is the command used to create the reverse ssh tunnel
COMMAND=”ssh -q -N -R $REMOTE_PORT:localhost:22 $REMOTE_HOST”

# Is the tunnel up? Perform two tests:

# 1. Check for relevant process ($COMMAND)
pgrep -f -x “$COMMAND” > /dev/null 2>&1 || $COMMAND

# 2. Test tunnel by looking at “netstat” output on $REMOTE_HOST
ssh $REMOTE_HOST netstat -an | egrep “tcp.*:$REMOTE_PORT.*LISTEN” \
> /dev/null 2>&1
if [ $? -ne 0 ] ; then
pkill -f -x “$COMMAND”
$COMMAND
fi

SSH Tunnelling

May 13, 2008 Leave a comment

SSH Tunnelling is an excellent way to tunnel insecure protocols through a secure communication channel. In this example, I’ll tunnel POP3 traffic using SSH. Traditional POP3 traffic, including username and password information, travels clear-text across the network.

The syntax: ssh -f -N -L <local port>:<remote server>:<remote port> <userid>@<remote server>

To tunnel POP3 traffic using ssh:

  1. Make sure an ssh client is installed on your machine and an ssh server is installed on the POP3 server.
  2. Create a local SSH Tunnel on your machine (port 1234 for this example) to the POP3 server’s port 110. You will need to be the root user to bind to “privileged” ports (< 1024).
    # ssh -f -N -L 1234:localhost:110 user@POP3_server
  3. Test the tunnel.
    $ telnet localhost 1234
    You should see the POP3 server’s banner information.est the tunnel.
  4. Configure your mail client to access your mail via POP3 using mail server localhost and port 1234.
%d bloggers like this: