System Administration scripts
This is simply a small collection of scripting (both in bash shell and PERL where appropriate), to do a variety of things involved with the maintaining of systems and networks.
Firewall log analysis
I'm always being asked to do this job. Sure, we have an expensive server with some proprietary firewall anaylsis software which does it for us, but it's clumsy to use when you just want to find out what a certain server has been up to, and who has been trying to toy with it.
What I've done is come up with a script framework in PERL for doing exactly the above. You can select multiple log filenames and an IP address you are interested in, then let the script go to work. You can do scans either by ip (to see what machines out there are doing to you), or by protocol (to see who has been trying to use which services and how). Although I've tried to make sure the script doesn't have a buffet feast on your computer's memory, if you overload the script with too many logs at once, your computer is going to start crawling before you in agony.
I've written scripts to analyse Checkpoint NG FW1 logs, as well as Inkra firewall logs, although they could easily be adapted for just about any type of firewall you have. There is some firewall specific code commented in the listings, so all you have to do is rework it with your PERL skills. The program requires you to collect the following variables:-
source ip -> $ip[0]Note: I recommend that you combine both port number and protocol into the $port variable. There's a difference between TCP and UDP port numbers after all. ;)
destination ip -> $ip[1]
port -> $port
I'm actually going to halt downloads of these for a while for specific reasons. This will be changed in future.
Yeah, there are more scripts to come. Hold your horses.