Using the following command is able to touch files recursively:
find . -print0 | xargs -r0 touch
where . is the current directory and the option r of xargs is specific for GNU xargs.
Monday, 7 February 2011
Monday, 17 January 2011
Bash Script-exec
IEEE Std 1003.1, 2004 Edition
Copyright © 2001-2004 The IEEE and The Open Group, All Rights reserved.
NAME
exec - execute commands and open, close, or copy file descriptors
SYNOPSIS
exec [command [argument ...]]
DESCRIPTION
The exec utility shall open, close, and/or copy file descriptors as specified by any redirections as part of the command.
If exec is specified without command or arguments, and any file descriptors with numbers greater than 2 are opened with associated redirection statements, it is unspecified whether those file descriptors remain open when the shell invokes another utility. Scripts concerned that child shells could misuse open file descriptors can always close them explicitly, as shown in one of the following examples.
If exec is specified with command, it shall replace the shell with command without creating a new process. If arguments are specified, they shall be arguments to command. Redirection affects the current shell execution environment.
OPTIONS
None.
OPERANDS
See the DESCRIPTION.
STDIN
Not used.
INPUT FILES
None.
ENVIRONMENT VARIABLES
None.
ASYNCHRONOUS EVENTS
Default.
STDOUT
Not used.
STDERR
The standard error shall be used only for diagnostic messages.
OUTPUT FILES
None.
EXTENDED DESCRIPTION
None.
EXIT STATUS
If command is specified, exec shall not return to the shell; rather, the exit status of the process shall be the exit status of the program implementing command, which overlaid the shell. If command is not found, the exit status shall be 127. If command is found, but it is not an executable utility, the exit status shall be 126. If a redirection error occurs (see Consequences of Shell Errors ), the shell shall exit with a value in the range 1-125. Otherwise, exec shall return a zero exit status.
CONSEQUENCES OF ERRORS
Default.
The following sections are informative.
APPLICATION USAGE
None.
EXAMPLES
Open readfile as file descriptor 3 for reading:
exec 3< readfileOpen writefile as file descriptor 4 for writing:
exec 4> writefileMake file descriptor 5 a copy of file descriptor 0:
exec 5<&0Close file descriptor 3:
exec 3<&-Cat the file maggie by replacing the current shell with the cat utility:
exec cat maggie
RATIONALE
Most historical implementations were not conformant in that:
foo=bar exec cmddid not pass foo to cmd.
FUTURE DIRECTIONS
None.
SEE ALSO
Special Built-In Utilities
CHANGE HISTORY
Issue 6
IEEE Std 1003.1-2001/Cor 1-2002, item XCU/TC1/D6/5 is applied so that the reference page sections use terms as described in the Utility Description Defaults ( Utility Description Defaults ). No change in behavior is intended.
End of informative text.
Refer to: http://pubs.opengroup.org/onlinepubs/009695399/utilities/exec.html
Saturday, 15 January 2011
Linux Network Security Issues
Until now, as far as I know, there are at least three different levels of network security mechanism that affects the running of network processes, TCP Wrapper, Iptables firewall, SELinux.
TCP Wrapper and SELinux are host-based mechanism. According to a response to a network packet, TCP Wrapper and SELinux will decide if this packet can be processed by the specific running process. They will not block any network access from other hosts, however, they will limit the running process in the host from processing network messages.
Iptables, on the other hand, provides a network-based security mechanism. It inspects every network packet whenever a packet going into a host or leaving a host. A great amount of distinct functional rules can be set up in order to filter some specific packets. By this way, unwanted packet is forbidden outside of the host.
In my recent experiment, several problems are suffered in these two issues. I'd like to record them here for future reference:
TCP Wrapper and SELinux are host-based mechanism. According to a response to a network packet, TCP Wrapper and SELinux will decide if this packet can be processed by the specific running process. They will not block any network access from other hosts, however, they will limit the running process in the host from processing network messages.
Iptables, on the other hand, provides a network-based security mechanism. It inspects every network packet whenever a packet going into a host or leaving a host. A great amount of distinct functional rules can be set up in order to filter some specific packets. By this way, unwanted packet is forbidden outside of the host.
In my recent experiment, several problems are suffered in these two issues. I'd like to record them here for future reference:
- In school's Fedora 11 system, snmp messages can not going out even if the corresponding port is opened by iptables firewall. When I was using tcpdump to inspect every packet of snmp protocol, I found that snmp request messages were able to go in the system. but there were never any packets coming out. I supposed that two possibilities: snmp crashed, or some other than iptables was keeping block the outgoing messages. Finally, after I searched almost the whole internet (joking, can I? but it is true that it is quite difficult to spot a specific rear problem on the internet.), I realised that I got half correct. There is something called TCP Wrapper which is used by Linux system to prevent some specific daemon processes from accessing from unwanted network hosts. In this case, all of the process other than several processes denoted in the file /etc/hosts.allow is allowed to be accessed in localhost host which means that only local access is allowed. This is right the reason why I was able to query snmp using localhost. In coming snmp messages from other hosts is not allowed to be processed by snmpd (so harsh!!). The solution is simple, just add the snmpd into hosts.allow file.
- The problem regarding to Iptables is a little foolish, but I learnt others when I modified the rules of Iptables. Actually, the reason of I can't transfer files to cspc020 is because I open the wrong port for tcp connection (don't believe the instructions on the webpage totally, this lessoned me). Just open tcp60000 is fine. During this process, i found that, always modify the iptables using iptables command line tools before modify the configuration file /etc/sysconfig/iptables, because the command line is temporary but effects at once. If there are some problems, I am able to resume it by restart computer and then the original configuration will be read. !!!! Good mechanism.
Thursday, 13 January 2011
Strange SNMP problem in Ubuntu or other platform
Description of the problem:
After I have installed SNMPd in Ubuntu 9.04, I was trying to snmpwalk system to test the correction of the installation and deployment. However, I got a Time out message even though I did not get any firewall installed in Ubuntu. At the beginning, I thought that it is the firewall problem like in Fedora. The truth of no firewall installed in Ubuntu by default makes me realise that this is not in that case.
Solution:
Ubuntu is different from Fedora, there is a file to keep the default snmpd's running options, which is:
/etc/default/snmpd. In it, the options denote that only local host is able to snmpwalk the SNMP agent. In this case, I will not only need to change the snmpd.conf configure file, but I will also need to change some lines in the snmpd configure file mentioned above to make it work. The changing is like this:
After I have installed SNMPd in Ubuntu 9.04, I was trying to snmpwalk system to test the correction of the installation and deployment. However, I got a Time out message even though I did not get any firewall installed in Ubuntu. At the beginning, I thought that it is the firewall problem like in Fedora. The truth of no firewall installed in Ubuntu by default makes me realise that this is not in that case.
Solution:
Ubuntu is different from Fedora, there is a file to keep the default snmpd's running options, which is:
/etc/default/snmpd. In it, the options denote that only local host is able to snmpwalk the SNMP agent. In this case, I will not only need to change the snmpd.conf configure file, but I will also need to change some lines in the snmpd configure file mentioned above to make it work. The changing is like this:
#SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1' SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf
Wednesday, 15 December 2010
Discussion on Array size, String length.
This is an revision concentrating two functions, sizeof() and strlen().
There are several manners for a programmer to define a string in C/C++ programs.
In order to initialize them, the following steps work.
INSTEAD: strcpy(string, "This is what we want to defined");
char *string;
In the following part, I give some different defined strings in my code. The print out is the results of two functions, sizeof() and strlen.
Here is the code:
The print out is:
Another aspect of the difference between strlen() and sizeof() is that strlen needs a function call to determine the string length, however, sizeof is able to give the length during the compile process. The buffer's example demonstrates this argument quite well. But, the prerequisite is that the sizeof() is able to give rather correct string length. The string should be defined and initialized as buffer example dose. In this case, bear in mind that sizeof will include the '\0' but strlent will not.
Hopefully, this makes clear of the usage of string.
There are several manners for a programmer to define a string in C/C++ programs.
- char pointer: char *string;
- char array: char string[100];
In order to initialize them, the following steps work.
- define string immediately if we know what we want to define.
char string[] = "This is what we want to defined";
char *string = "This is what we want to defined";
- define string first and then give the specific number afterwards.
char string[100];
string = "This is what we want to defined";
CAUTION:<<This is not allowed in C++, can not assign an array to another array>>INSTEAD: strcpy(string, "This is what we want to defined");
char *string;
string = "This is what we want to defined";
In the following part, I give some different defined strings in my code. The print out is the results of two functions, sizeof() and strlen.
Here is the code:
char *test;
char test2[100];
test = "This is what we want to define";
char buffer []= "This is what we want to define";
strcpy(test2, "This is what we want to define");
std::cout << "test sizeof " << sizeof(test) << "\n";
std::cout << "test strlen " << strlen(test) << "\n";
std::cout << "buffer sizeof " << sizeof(buffer) << "\n";
std::cout << "buffer strlen " << strlen(buffer) << "\n";
std::cout << "test2 sizeof " << sizeof (test2) << "\n";
std::cout << "test2 strlen " << strlen(test2) << "\n";
The print out is:
test sizeof 4
test strlen 30
buffer sizeof 31
buffer strlen 30
test2 sizeof 100
test2 strlen 30
Another aspect of the difference between strlen() and sizeof() is that strlen needs a function call to determine the string length, however, sizeof is able to give the length during the compile process. The buffer's example demonstrates this argument quite well. But, the prerequisite is that the sizeof() is able to give rather correct string length. The string should be defined and initialized as buffer example dose. In this case, bear in mind that sizeof will include the '\0' but strlent will not.
Hopefully, this makes clear of the usage of string.
Monday, 13 December 2010
Coding works of the Experiment
Here is the TODO list for experiment coding: some of them have long time to achieve and may be implemented later on due to the current works.
* How to monitor the network bandwidth: the rough idea is to sum the number of packets during a period of time and then to calculate the amount of data per second during this period. At this point, how fine of the records should be concerned.
* How to write a daemon to let the program running background:
* How to stop the experiment program at anytime: Investigate how to used signal to tell the experiment process to terminate. Using IPC (Inter process call)??? The main issue is how to used Nagios to spread this instruction across all of the experiment machine.
* How to monitor the system resources usages:
* How to use automake to compile my own code together with the shared library of chord or sfslite. For this task, I have get some progresses on nagios snmp plugins. change the Makefile.am in ./src directory and run autoreconf --install in package directory and then automake (not sure if this is required). Then configure it and make it. PROBLEMs to be consider: 1. where is configure.ac? Is it optional for autoconf?
ANSWER: configure.ac was called configure.in before autoconf 2.50. It can still be found in Chord and nagios snmp plugins distributions. When you modified some places in Makefile.am files or Configure.ac files, don't do anything except make it. All of the .in files will be regenerated.
* How to monitor the network bandwidth: the rough idea is to sum the number of packets during a period of time and then to calculate the amount of data per second during this period. At this point, how fine of the records should be concerned.
* How to write a daemon to let the program running background:
* How to stop the experiment program at anytime: Investigate how to used signal to tell the experiment process to terminate. Using IPC (Inter process call)??? The main issue is how to used Nagios to spread this instruction across all of the experiment machine.
* How to monitor the system resources usages:
* How to use automake to compile my own code together with the shared library of chord or sfslite. For this task, I have get some progresses on nagios snmp plugins. change the Makefile.am in ./src directory and run autoreconf --install in package directory and then automake (not sure if this is required). Then configure it and make it. PROBLEMs to be consider: 1. where is configure.ac? Is it optional for autoconf?
ANSWER: configure.ac was called configure.in before autoconf 2.50. It can still be found in Chord and nagios snmp plugins distributions. When you modified some places in Makefile.am files or Configure.ac files, don't do anything except make it. All of the .in files will be regenerated.
Tuesday, 7 December 2010
Parsing Long Options
Find this topic in DOCUMENT of GNU C library: libc
http://www.gnu.org/software/libc/manual/ From page 633
Here I conclude some useful tips:
== return values of getopt():
- successful
- a character (the option name without argument)
- a character (the option name), a pointer to char (char *optarg: argument)
- failed
- '?' (not included in options OR missing argument) (int optopt keeps the character)
- -1 complete
== return values of getopt_long ():
- successful
- short_options
- (same with getopt())
- long_options
- content of val (flag = NULL) (Tips, put corresponding short option char in val)
- 0 (flag != NULL, put content of val into *flag)
- (same with above two) (with argument are stored in optarg)
- failed
- (same with getopt())
- -1 complete
PS: indexptr record the index of the options in array of struct option.
Subscribe to:
Posts (Atom)