Archive for the ‘Open Source’ Category
Wednesday, April 16th, 2008
Right click, upload to Google.
I have been slightly interested in python for a while, but just never got around to actually writing anything. Not that I am enough of a programmer to be particularly swayed by one language over another - but the path of least resistance for writing plugins and such for the Linux desktop seems to by python. This was a simple project that taught me some basics, and since there isn’t a nicely developed perl module for the Google API I went on with the python.
Lets say you just made a little spreadsheet in OpenOffice
Now you want to share that amazingly complex spreadsheet with your lawyer on Google Docs
Now it’s up there…
and you can edit and share with friends
Nautilus, the Gnome file manager, lets you drop scripts of your choosing into ~/.gnome2/nautilus-scripts/. When you run the script on a file through the right-click menu the file name gets passed to the script. I knew this was possible, and have played around with OS X folder actions before, but I have to say that in practice this is a lot easier than AppleScript to me.
Grab the python script yourself, download and install the gdata python API, edit the file to have your own username/password, and right-click your way to uploading fun. Disclaimer: this is just a quick and dirty thing, do not expect it to be good.
Posted in Internet, Linux, Open Source, Programs | No Comments »
Friday, August 24th, 2007
To wrap up script week, I’d like to talk a little bit about arpwatch. Continuing on the theme of half-baked ideas, this was one that I was rather excited about as an entry level network engineer, but the complete lack of interest kinda took the wind out of my sails.
Here is the gist. From my experiences I’ve never seen the use of NAC, 802.1x, or even simple switch port security. I have to assume that many corporations remain blind to what devices are hard connecting to their local network. Each ethernet device has a universally unique burned-in address. It gladly shoots frames with this address out to the network as it attempts to get a dynamic address, or in response to another machine’s request. Arpwatch just sits there and listens for new devices, and creates a log entry when there is a new one.
To me it just stands to reason that a security conscious company would be interested in what mac addresses have been seen on the network, when they were first seen, what VLANs they’ve been on… especially when it is so simple. If you ask a branch office or campus LAN administrator what new mac addresses have shown up on the network TODAY, they simply cannot tell you.
So I thought it’d be a great idea to just set up a linux box with a trunk port to the corporate switches. This would be able to sniff for every ARP on the network and keep an inventory of hardware addresses. Since syslogs are a little lame, I made a database where this information was stored. You could run reports like “show me all devices that first appeared on the network on either VLAN 50 or VLAN 60 between October 10th and 16th which had 3Com network cards”. I also created scripts to use snmp to grab the dynamic cam table from Cisco switches. The idea here is to be able to tie those hardware addresses back into the cam tables to tell us which port and switch the machine had connected. This seems rather obvious to me, and somewhat simple to implement.
I seem to have trouble not with coding or implementing these things, but with marketing. As certain as I was that this is great information to have, there seemed to be no interest. I’ve not seen any other tool attempting to do the same thing.
Oh well, another ill-fated script. Here is some code. I don’t even know if I have all the pieces to this one. I certainly don’t have the database schema.
This one does the parsing and importing of arpwatch logs.
This one does the grabbing of data from switches.
This is really old, so is not exactly “good” but I still think the idea is worthwhile.
Posted in Open Source, Programs | No Comments »
Thursday, August 23rd, 2007
A long time ago I had searched around for a tool that would let you update DNS through a web interface. There were a few commercial products that wanted to run their own database - but nothing that just made existing DNS infrastructure easier. Sometimes it just doesn’t make sense to have folks editing files with vim and hoping that there are no mistakes. I know I am often guilty of adding a forward entry without a reverse too. This was my attempt to solve this problem - and to automate some things that were being done manually. I say make the computers do the work.
This package is a collection of perl CGIs that use Net::DNS to dynamically update DNS. Now in theory this could be any name server, but this was only tested with BIND. You will need to enable dynamic updates to these zones for this to work. You could add in security as well. Here is what it provides:
- Forward and reverse entries created (and removed) with one simple form - type, click, done
- TACACS+ authentication of users
- Audit trail of all entries
- New records show up instantly - no need to rndc reload or any of that jazz
- Search tool to look through a zone for an existing record
- Advanced configuration tool that can allow you to add/delete records such as NS, MX, or TXT
There was also an automated piece to this that would automatically discover and create entries. That was not at all generic so I have not included it. It would be trivial to add your own script to pull from a ordering database or scan the network to find new devices - go nuts.
That’s all for now. Comment if you find this useful.
Posted in Open Source, Programs | No Comments »
