Assignments

Assignment 2: Creating bulk user accounts in Linux and Windows

Online Submission Due 5pm, Monday, 18 November 2002

• The Assignment is here.

• Submit your work again if you gave me a Microsoft Word document.

  I will not open screen dumps in proprietary MS Word formats.  Provide a standard format such as PNG (or even GIF) instead.
• Submit your assignment online Here or, if that doesn't work, try Here and tell me about it.
• Put your email address near top of your work so that I can return the marked assignment to you.
• You may submit as many times as you like.  All your submissions are recorded. 
• Submit one file (a tarball or zip file).
• Do not submit rar archives or other proprietary formats (I will give zero marks)
• Here is information about creating accounts in Linux.
• See here for more about creating accounts in Windows.
• See here for how to install Linux onto your removable hard disk using the kickstart disks -- ask Henry, Chi-man or Rick for one.
• See here for information about booting into single user mode.
• The data that you must make accounts from is here.
• I have created a Ghost image of my hard disk, called snmss-nu.gho.  Please see any of the technical staff in A204d to copy it.  It includes:
  • a working Windows 2000 Advanced server installation, including Perl and the Win32::Lanman and Win32::Perms modules;
  • a working Windows NT 4 Workstation installation;
  • a working Windows 98 installation;
  • a working Red Hat 8.0 Linux installation, with the software required for the rest of this subject

  You will probably need to use the grub installation boot disks in A204d. 

  • This will install an MBR onto your removable hard disk
  • Select the last item in the boot menu; the installation takes less than a second.
  • Please return the disk after you have used it.

  You will need to set the root password by booting into single-user mode (see above).

• How to write a program that will use the Win32::xx modules only on Windows?  Well, use require, something like this:

  if ( $^O eq "MSWin32" )
  {
      require Win32::Lanman;
      require Win32::Perms;
  
      ...
  }
  

  require works rather like #include in C, but it includes the file at run time rather than at compile time.

  The reason this works is that use works at compile time, while require works at run time.  Another difference is that use will import names provided by the module, whereas require doesn't.  I am not sure without testing it whether this will have any effect on using the code I gave you or not.

• How do you compile code with calls to the Win32 modules under Linux?  I mean, how do you avoid a compiler error when you get to this code in Linux:

  my $acl = new Win32::Perms( "$homeNTdirs\\$account" );
  

  Well, one thing you can do is put the code into separate file(s), and require the file(s).

WARNING WARNING

Assignment Due 8pm, Sunday 13 April 2003

There is NO change in the submission date from Sunday 13 April 2003, despite SARS

• Note the change in submission date from end of March, to reduce strain on you (and to increase the quality of what you do!)
• The submission date is still 8pm, Sunday 13 April 2003
• The assignment specification is here
• Submit your assignment here, the same place as before.

> Actally my topic is"Investigate portscans on your
> firewall and graph the results using Cricket"
Fine.
> Then, i try to read the link :IP ACCOUNTING" and
> "EXEC in Cricket" that you suggested.
>
> I readed them again and again.. and still don't know
> how to use the cricket to graph the result.
Well the executive summary of ip accounting is:
iptables -L -x -v -n
will give a table with the first column giving the exact number of packets
that matched the rule, the second column giving the exact number of bytes
in all those packets.

An executive summary of the Cricket Reference about EXEC datasources:
Write a Perl script that will execute iptables -L -x -v -n
It should probably be set userid to root, since only root can execute
iptables.
cat /usr/local/bin/showipcounts
#! /usr/bin/perl -wT

delete @ENV{'IFS', 'CDPATH', 'PATH', 'ENV', 'BASH_ENV'};

my @cmd = (
           "/sbin/iptables",
           "-L",
           "-v",
           "-x",
           "-n",
          );

my $retval = system @cmd;
$retval == 0 || die "@cmd failed with exit status $retval\n";

$ sudo chown root /usr/local/bin/showipcounts
$ sudo chmod a+x,u+s /usr/local/bin/showipcounts
$ ls -l /usr/local/bin/showipcounts
-rwsrwxr-x    1 root     nicku         294 Apr 11 12:48 showipcounts

Then set up a data source for each line you want to graph.  Each data
source will specified like this:
ds-source   = exec:n:showipcounts
where n is the line number from showipcounts that you want to plot; note
that n is counted from zero, so to plot the second line you want a
data source of

ds-source   = exec:1:showipcounts
Specify the  rrd-ds-type as DERIVE.

I provide this executive summary for all you executives too busy to read
all the documentation :-)

A related question:

> When I do:
> $ showipcounts
> I see this output:
> Can't do setuid
Install the perl-suid package:
$ sudo rpm -Uhv perl-suidperl-5.8.0-55.i386.rpm
Where to get it from?  From
http://ictlab.tyict.vtc.edu.hk/ftp/redhat-8.0/RedHat/RPMS/perl-suidperl-5.8.0-55.i386.rpm
or from a Red Hat 8.0 CD ROM.

Here is another question and answer:

> My assignment title
> is "install cricket in windows".
                                                                                
> After a few weeks, i can get the traffic information but can't generate
> a picture. I have discussed it with other classmates whose topic is
> "install cricket in windows" too. they also face this problem.
> After our investigation,
> we found there is a problem that cricket default know what is /xxx/xxx
> in linux but not C:\xxx\xxx in windows.

> My classmate has joined an organization and asked how to solve this
> problem. But there is no reply for him.

> Now, we are reporting this problem to you. And do wish you would give us
> any opinion.
This is an FAQ, and it is answered in the FAQ.
See perldoc -q path
Also see perldoc perldoc.

I recommend that everyone join the documentation readers society.  Membership is free, and the benefits are great.  This may be better than the organisation from which no reply was heard.

Another question:

> i have finished to install the perl-suid package.
> And can run the  run it with ds-source   =
> exec:0:showipcounts in "Default" file.
Aer you sure you want the first line of output from showipcounts?  When I
run showipcounts, I get a header:
Chain INPUT (policy DROP 3967 packets, 457742 bytes)
the second line also is a header.  I think you need to look at the output
and decide what line you actually want.  Hint: it should start with a
number.
> However another problem came out.
>
> The error message is given out:
> [cricket@kimlui cricket-config]$ ~/cricket/collector
> /ipaccount
> [11-Apr-2003 19:42:03 ] Starting collector: Cricket
> version 1.0.3 (2001-11-06)
> [11-Apr-2003 19:42:03 ] Retrieving data (EXEC:
> showipcounts) for 127.0.0.1
> [11-Apr-2003 19:42:03 ] Retrieved data for 127.0.0.1
> (): 56
> [11-Apr-2003 19:42:03*] Cannot update
> /home2/cricket/cricket-config/../cricket-data//ipaccount/127.0.0.1.rrd:
> expected 5 data source readings (got 1) from N:56:...
>
>
> In fact, i just want to count the first line of rule
> , but i don't know why it cannot update the database?
>
> Would you mind to give me some advice?
Count the number of data sources in your view.  It should equal the
number you collect with ds = ...

Look at the example config files (such as the one I wrote).

You cannot change the number of datasources in a round robin database
after you have created it, unless you use tools from the contrib web
site, such as
http://www.certaintysolutions.com/tech-advice/cricket-contrib/files/add_ds.tgz

If you want to keep the data, then use that tool.  If you haven't
collected anything (very likely here), then just delete the round robin
database and run the collector again.

> Your worried student,
Don't worry so much.

> but i don't know where the RRD in,
> so i don't know how to do it.
>
> Would you mind to give me some advice?
try this, as cricket:
find ~ -name \*.rrd

> I wnat to ack is it all lan card can collect snmp data?
An SNMP agent can collect data for whatever it is programmed to collect
data for.  In general, an SNMP agent will at least collect data for all
the network interfaces.  You would need to activate an SNMP agent on
Windows to collect SNMP data from your Windows machine.  Hmm, I wonder how
helpful Microsoft is in that.

Further problems with graphing firewall portscans with Cricket:

> However, the other problem came out.
> The problem is the vaule data, that i capture from
> using cricket, are not equal the value of data that  
> i plot from the graph.
> 
> For example:
> there are five datas that i try to capture , and the
> value of them are come out, when try :
> 
> [cricket@kimlui ipaccount]$ ~/cricket/collector
> /ipaccount2
> [12-Apr-2003 01:05:59 ] Starting collector: Cricket
> version 1.0.3 (2001-11-06)
> [12-Apr-2003 01:05:59 ] Retrieving data (EXEC:
> showipcounts) for 127.0.0.1
> [12-Apr-2003 01:05:59 ] Retrieved data for 127.0.0.1
> (): 2287,4,0,1104,41
> 
> i know that the values of datas "2287,4,0,1104,41"
> will be plot on the graph. 
> But, the values of line 1 data on the graph is
> "0.67". I think it must be 2287. But why it is not
> equal 2287?
> 
> Would you mind to give me some advice?
!. re-read the SNMP notes about the difference between a counter and a 
guage.
2. Check what units you are using (i.e., are you multiplying by any 
constant?)
3. Chack that you are uing the DERIVE data source type.  Then
read the documentation about DERIVE.

Getting discouraged:

> i have re-read the notes about SNMP and check the
> units that i use in "pkts" in graphs. And also,
> i have finished to read the DERIVE data source type.
> I'm sure that i do exactly use the DERIVE as
> data-source type.
> 
> However, the result is still not correct in the graph.
> 
> What should i do?
> Acutally, i use too many time to install the cricket
> and try to use the cricket again and again.
> However, there are many problem that came out and i
> try to debug it by myself. This kinds of behaviour
> may be waste so many time and some problems for me
> still don't know how to solve.

It is not a waste of time for you to learn what you should have learned as 
part of this subject.  The problem is that you think that problem solving 
is a waste of time.  In fact, problem solving is what employers value.  
You do not need to feel so negative; you are doing something worthwhile.

> i feel very disappointed and stree. It is because
> the deadline of this assignment is near. And i still
> cannot use cricket to plot the graph correctly!
> 
> Should i change to another topic to do this
> assignment ??
Giving up is not a good choice.

Getting warmer:

> The Difference between a counter and a guage is:
> 
> GAUGE  - is a 32 bit unsigned value that can
> increase or decrease but not wrap 
> it is used for counting things like temperature or
> the number of people in a room, etc.
> 
> COUNTER -is a 32 bit unsign value that wrap 
> which is used when an SNMP query returns an
> ever-increasing value.

The most important difference as far as the use is concerned is that a 
counter is used to measure rate.  When you graph a counter, you graph the 
rate of change of the variable, not its absolute value.

In other words, if the measurement is made every 5 minutes, then the value 
that is graphed is the ( current value - last value ) / ( 5 * 60 ).  In 
other words, the value is packets per second.  You may wish to multiply 
this by 60 to get packets per minute.  But you should verify that the data 
is in fact correct.  It seems that your system is working.

On the other hand, a gauge is an absolute value, and Cricket graphs
exectly the value that it reads every 5 minutes.

You need to verify that the values you get correspond with the values that 
are graphed.

Now well on the way to getting it all making sense:

Thanks you for your advice,
With your advice, i do now understand the difference
 between Counter and Guage.

Now, i must try my best to do this assignment!