unix linux administration ii class 7: scripting conditionals. setting up your certificate authority...

Download Unix Linux Administration II Class 7: Scripting conditionals. Setting up your Certificate Authority (CA). Scripting loops

Post on 25-Dec-2015

213 views

Category:

Documents

1 download

Embed Size (px)

TRANSCRIPT

  • Slide 1
  • Unix Linux Administration II Class 7: Scripting conditionals. Setting up your Certificate Authority (CA). Scripting loops.
  • Slide 2
  • Agenda discuss Homework. Unit 1: Scripting conditionals. Unit 2: Certificate Authority. Unit 3: Scripting loops.
  • Slide 3
  • Homework review DNS configs. Scripting ping script.
  • Slide 4
  • Review: basic math syntax $((expression)) most common functions available including bitwise and logcal White space is optional. non-zero final expression return true. Quoting ', ", ` and \ command subsitution user=$(grep -i $name /etc/passwd)
  • Slide 5
  • Review: cont. Positional parameters are provided by the shell environment and automatically assign variables to values passed into the script. who who | grep root on.sh root who | grep $1 $# = number of arguments passed to the script. $* = reference all arguments passed to the script $? = Stores the exit value of the script
  • Slide 6
  • Review: Slave servers provide redundancy and high availability when designed appropriately form your domain. The changes between slave and master are fairly simple. Slave poll masters by default but master can be configured to notify slaves when updates occur. Slaves can be configured to store zone data locally for backup.
  • Slide 7
  • Class 7, Unit 1 What we are going to cover: Scripting and conditionals What you should leave this session with: How to add decision points to your scripts. How to enable debug in your scripts.
  • Slide 8
  • Indenting Tabs or Spaces Be consistent! (possible vimrc setting?). Helps with legibility Most languages ignore white space Good or Bad? code is read much more often than it is written Python - http://www.python.org/dev/peps/pep-0008/#indentation
  • Slide 9
  • Exit status Every time you run a script it produces an exit status. Zero is successful anything else indicates failure. Failures can be caused for lots of reasons. The exit value is stored in $? echo $? What are some ways to create a failed exit status?
  • Slide 10
  • The "if" construct "if" is one of the first conditional statements you will probably encounter. You can think of this as "if X then do Y and finish". The if statement must start with "if" and end with "fi". We will see similar constructs in other conditionals later. for example: if [ -f /etc/hosts ]; then echo "a host file exists" fi
  • Slide 11
  • How to test string values. You can test an expression for a true or false value using the expression "test". user=$1 if test $user == angus; then echo $user found on system fi Many test operators are available such as ==, !=, -z string (string is null) n string (string is NOT null), string (is defined)
  • Slide 12
  • Test cont. You can also test for integer values with Returns true (0) if: int1 -eq int2 int1 -ge int2 great than or equal to int1 -gt int2 greater than int1 -le int2 less than or equal to int1 -lt int2 less than int1 -ne int2 not equal to [ $value -eq 0 ]
  • Slide 13
  • File tests The file tests expect a single argument, the filename. -d filefile is a directory -e filefile exists -f file file is an ordinary file -r filefile is read only -s filefile has nonzero length -w filefile is writable by process -x file file is executable -L filefile is a symbolic link [ -f /etc/passwd ] is this an ordinary file [ -r /etc/passwd ] Is file readable by process.
  • Slide 14
  • Logical operators available. ! Used to negate the value [ ! r /etc/shadow ] is the file not readable -a performs logical AND of two expressions. [ -f /etc/passwd a r /etc/passwd ] BOTH must be true. -o performs logical OR of two expressions. [ -f /etc/passwd o r /etc/shadow ] true if EITHER are successful
  • Slide 15
  • Parentheses You can use parentheses in a test to alter the order of evaluations however the parentheses must be escaped [ \( $value ge 0 \) a \( $value lt 10 \) ]
  • Slide 16
  • The else conditional The else statement can expand the if statement. If the first condition is true the second one is skipped. if cmd; then command1 command2 else command1 command2 fi
  • Slide 17 /dev/null; then echo "$user is logged on" else echo "$user is NOT logg"> /dev/null; then echo "$user is logged on" else echo "$user is NOT logged on" fi"> /dev/null; then echo "$user is logged on" else echo "$user is NOT logg" title="else example # value passed in from cmd line. user=$1 if who | grep "^$user " > /dev/null; then echo "$user is logged on" else echo "$user is NOT logg">
  • else example # value passed in from cmd line. user=$1 if who | grep "^$user " > /dev/null; then echo "$user is logged on" else echo "$user is NOT logged on" fi
  • Slide 18
  • Exit command Exit allows you to immediately terminate a script. You can pass exit a numeric value also if you want, this become the status code stored by $? if... else echo "$user is NOT logged on exit 2 fi
  • Slide 19
  • Syntax for else/if = elif If you find a need for nested if statements this can resolved with elif statements. If cmd ; then cmd elif cmd ; then cmd else cmd fi
  • Slide 20
  • The case statement Case statements let you compare a value against multiple values and execute one when a match is found. Case statements can be very efficient. case value in pattern) cmd cmd;; pattern)cmd cmd cmd;; pattern)cmd cmd;; esac
  • Slide 21
  • Sample case statement # script expects a single variable. case "$1 in 0) echo zero;; 1) echo one;; 2) echo two;; 3) echo three;; *) echo "out of expected range";; esac Result, user enters 1 script echoes one
  • Slide 22
  • Talk about nothing, no operator The shell representation for no operator is : This can be used in a script when you what to check for a value but do nothing if it is defined but return a message if it does not exist. If grep userid /etc/passwd > /dev/null; then : else echo user is not defined to system fi
  • Slide 23
  • Debug your scripts One way to debug your scripts is to start them with the x option like this: /bin/sh x number.sh /bin/sh -x number.sh 2 + case "$1" in + echo two Two The set x option will display command and their arguments as they are executed.
  • Slide 24
  • Debug cont. You can extend the output using v Enabling v will display the shell input lines as they are read. Both can be enabled at the same time. #!/bin/sh vx Or within the script using something like set v on set x on Disable using +v or +x
  • Slide 25
  • Shell logical OR and logical AND Logical OR = || cmd1 || cmd2 cmd2 is ONLY executed if cmd1 fails. Logical AND = && cmd1 && cmd2 ONLY if cmd1 succeeds will cmd2 run.
  • Slide 26
  • Review: conditionals Exit status, 0 = success, !0 = fail. if test "$user" == you can also just use [] [ "$user" == ] File tests, such as does the file exist. [ -e /etc/nsswitch.conf ] logical operators -a -o || && You can use parentheses to alter the order of evaluations. if cmd; then do; else do; fi if [ "$HOME" ]; then echo "Found home!"; else echo "shucks we are homeless!"; fi
  • Slide 27
  • In class lab 7a Lab notes for this session can be found here: http://www.ulcert.uw.edu -> Class Content -> InClass labs ->http://www.ulcert.uw.edu
  • Slide 28
  • Class 7, Unit 2 What we are going to cover: Certificate Authorities (CA) What you should leave this session with: How public CA server work PKI structure
  • Slide 29
  • Public Certificate Authorities (CA) So, if we want others to trust our certificate the creation process is very similar to a self signed certificate. The difference is that we have a 3 rd party sign the certificate signing request (CSR) which then becomes the public certificate. At this point anyone that trusts that 3 rd party (Verisign, Thwart, Entrust) now implicitly trust you.
  • Slide 30
  • What is a Certificate Authority (CA) A certificate authority can be described as an entity with policies for verifying the identity of entities. This verification is then manifest in the signing of a public key provided by the requestor that others can recognize as legitimate. Similar in how a government issues passports that then other governments and individuals can use to confirm the identity of the passport owner.
  • Slide 31
  • Where to find public CA certificates Browser installs, OS installs, Java installs all come with a keystore. The keystore contains a selection of public key certificates that the related organizations have chosen to include by default. Applications that interact with those technologies will trust certificates signed by the private keys for which the public certificate is available.
  • Slide 32
  • Chain of trust. The Chain of trust is based on the idea that trust is implied by association. With certificates we trust them because we typically already trust the certificate that signed them. If we visit for example: https://www.paypal.com/https://www.paypal.com/ We trust this site because it was signed by: VeriSign Class 3 Extended Validation SSL CA
  • Slide 33
  • Certificate chain. Starts with a public CA certificates such as: VeriSign Class 3 Public Primary Certificate Authority G5 Which in tu

Recommended

View more >