Bash Script for Comparing Two Conf Directories

I have had a small problem of screwing up my jboss the other day. To get it working again I had to copy my co-worker's jboss directories and start using that. Slight problem with that, all the conf files will now be specific to him and not me e.g. my jndi ports, etc. So I had to go through by hand and fix all of the conf files I could find. Luckily I had a backup of my old conf files to check against. In an effort to track down the differences I wrote the following bash script.

My bash is not good, but it seems to do the trick and will compare files in two directories who's only difference is the path.

#!/bin/bash

#List the files that end with 'xml' in the final directory of $1 (you specify $1
#as the first arg on the command line)
#Note that when you list with a wild card *nix will list out the full path. If you know how to disable that #for ls, then you can use that instead, but I didn't see anything in the man pages. Therfore, strip it #out with a quick and dirty regex

ls /home/blah/jboss/server/all/$1/*xml > dir

orig_jboss="/home/blah/jboss-4.2.3.GA.20090611/server/all/$1/"
new_jboss="/home/blah/jboss/server/all/$1/"

#note the >>. If you don't put both it will only write the last one into the new file.
#>> will force an append
for file in `cat dir`; do echo ${file#/home*$1/} >> actual_dir ; done

for i in `cat actual_dir`; do diff $new_jboss$i $orig_jboss$i ; done

#If you don't do this and run the script a few times, you'll keep appending more
#things into 'actual_dir'
rm dir actual_dir

If everything is the same you shouldn't see any output. Otherwise you'll get a list of all the differences without having to do much by hand.

Python Simple HTTP Server

Recently I have gotten into using python for as many things as I can. So far the results have been good; I like the significant white space, and most functions are fairly intuitive.

Python also makes nearly a program as short as possible. Starting in version 2.5 there is a very easy way to start a http server for testing and sharing a file with a friend. I've cobbled together a few examples that get progressively more involved. I take no credit for writing these commands/scripts.

python -m SimpleHTTPServer 9914 

OR

python -c "import SimpleHTTPServer;SimpleHTTPServer.test()"

And finally:

#!/usr/bin/python

import BaseHTTPServer, SimpleHTTPServer

import os
import sys

def run(server_class=BaseHTTPServer.HTTPServer,
       handler_class=SimpleHTTPServer.SimpleHTTPRequestHandler):
   print 'Server version:',handler_class.server_version

   port=8000

   if len(sys.argv)>1:
       if sys.argv[1].isdigit():
           port=int(sys.argv[1])
   server_address = ('', port)

   httpd = server_class(server_address, handler_class)

   myurl='http://localhost:'+str(server_address[1])+'/'
   print 'Your Server is running on:',myurl
   print 'and serving files from:',os.getcwd(),'and below.'
   print 'To stop the server, type ^C.'

   if 'b' in sys.argv:
       print 'Trying to start webbrowser...'
       import webbrowser
       webbrowser.open(myurl)

   httpd.serve_forever()

run()

Lessons Learned 1: Basic IP Tables

How to View Your IP Table Rules

iptables -t nat -L (nat table)
iptables -L (standard table)

IP Tables Bash Script

This is a very basic example of IP Tables and how to use them.



#!/bin/bash

iptables="/sbin/iptables"
standard_ports="5060"
lan="192.168.205.0/255.255.255.0"
vpn30="192.168.30.0/255.255.255.0"
vpn20="192.168.20.0/255.255.255.0"
vpn10="192.168.10.0/255.255.255.0"
any="0.0.0.0"
yourserver="your.server.com"
yourserverip="200.0.168.500"

$iptables -F
$iptables -Z
$iptables -X

#Policies are defined below. Policies are the default rules used if a packet does not match any of the rules
#you have defined.

#our policy (the p switch) drop all packets TO this machine
#policy to drop all packets to OTHER machines
#accept all packets coming FROM this machine
$iptables -P INPUT DROP
$iptables -P FORWARD DROP
$iptables -P OUTPUT DROP

#NOTE!! Normally you would define rules for the INPUT, OUTPUT, and FORWARDING and then join/jump to the rule you set up.
#But since we are dealing with some very simple rules I have just defined all that I want to do directly on the chains
#That is I don't use the 'states' chain that I have defined below. If you wanted to use it you'd do something like:
#$iptables -A INPUT -p tcp,upd -j state
#$iptables -A OUTPUT -p tcp,upd -j state
#$iptables -A FORWARD -p tcp,upd -j state

#Chains are defined blow. These are the rules we use to match packets
#create a chain aka rule, called states (n switch stands for 'new' and is mandatory)
$iptables -N states

#Any packets that are part of an established or related connection accept immediately so we don't have to match anymore
#Accept connections to us from the $lan
#Accept established udp connections from DV
$iptables -A states -m state --state ESTABLISHED,RELATED -j ACCEPT
#$iptables -A states -m state --state NEW -s $lan -d localhost -j ACCEPT
#$iptables -A states -m state --state ESTABLISHED -s $yourserver -p udp -d localhost -j ACCEPT

#Accept all traffic on the loopback device
#Ditto
$iptables -A INPUT -i lo -p all -j ACCEPT
$iptables -A OUTPUT -o lo -p all -j ACCEPT

#Accept all stateful input
#Accept all packets with a source coming from the lan
$iptables -A INPUT -p all -j states
$iptables -A INPUT -p all -s $vpn30 -j ACCEPT
$iptables -A INPUT -p all -s $lan -j ACCEPT
$iptables -A INPUT -p all -s $vpn20 -j ACCEPT
$iptables -A INPUT -p all -s $vpn10 -j ACCEPT
$iptables -A INPUT -p all -s "200.0.168.500" -j ACCEPT

#Default all outbound traffic to the 'state' rule i.e. allow established and related connections through
#Accept all outbound traffic
#$iptables -A OUTPUT -p all -j states
$iptables -A OUTPUT -p all -j ACCEPT

#$iptables -A OUTPUT -p udp --dport 5060 -d $yourserverip -s localhost -j ACCEPT
#$iptables -A OUTPUT -p tcp --dport 80 -s localhost -j ACCEPT


IP Tables NAT (Network Address Translation)

IP Tables has a different set of chains for NAT. This table can be useful for forwarding a
port e.g. 80, to something listening on port 8090 (Tomcat or JBoss)

#!/bin/bash

iptables="/sbin/iptables"
lan="192.168.0.0/255.255.255.0"

$iptables -F
$iptables -Z
$iptables -X

$iptables -t nat -F
$iptables -t nat -Z
$iptables -t nat -X
#always accept input and output from within the lan
$iptables -A INPUT -p all -s $lan -j ACCEPT
$iptables -A OUTPUT -p all -j ACCEPT

#The first rule is to redirect all traffic with an outside src going to port 83 to port 8003
#The second rule is for local host. NOTE: localhost does NOT go through PREROUTING, so just
#a call to OUTPUT is necessary. If you do not put that rule in, traffic from localhost will not be
#redirected to the correct port.

$iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 83 -j REDIRECT --to-port 8003
$iptables -t nat -A OUTPUT -p tcp --dport 83 -j DNAT --to :8003