Find out LDAP client IPs

ips.pl is a simple perl filter that processes SunONE Directory Server 5.2 access logs to find out the IP addresses that queries are coming from. It’s very useful to evaluate the impact for migrating LDAP infrastructures. Most comments and variable names are in spanish but the code should be clear enough to any SODS sysadmin. Or drop me a line if you absolutely need an all-english version.

#!/usr/bin/perl
# ips.pl $Revision: 1.1 $
# Analiza archivos access de Sun ONE Directory Server 5.2 para generar
# reporte de IPs de clientes y servidores
# Copyright (C) 2005 Javier Arturo Rodriguez
use strict;
my($acceso);
my $filename = shift @ARGV;
die("Usage:\t$0 <filename>\n\tbunzip2 -c <filename.bz2> | $0 -\n") unless $file
name;
open(FILE,"<$filename");
while(<FILE>) {
        chomp;
        if($_=~m,^\[(.*?)\].*?connection from ([\d\.]+) to ([\d\.]+),) {
                $acceso->{$3}->{$2}->{TS}=$1;
                ++$acceso->{$3}->{$2}->{CNT};
        }
}
close(FILE);
foreach my $dst (sort keys %{$acceso||{}}) {
        print "Acceden a traves de $dst\n";
        foreach my $src (
                reverse sort { $acceso->{$dst}->{$a}->{CNT} <=> $acceso->{$dst}
->{$b}->{CNT} }
                keys %{$acceso->{$dst}||{}}
        ) {
                printf("  %-15s (last seen on %s; %d hit%s)\n",
                        $src,
                        $acceso->{$dst}->{$src}->{TS},
                        $acceso->{$dst}->{$src}->{CNT},
                        $acceso->{$dst}->{$src}->{CNT}==1?'':'s',
                );
        }
}

(Download)

Get stock quotes into a spreadsheet

This code stnippet grabs a .CSV file from Yahoo! Finance with selected quotes. This is very useful to keep an eye in your portfolio from within OpenOffice.org Calc, Gnumeric, Kspread,Microsoft Excel or similar program using your very own models.
To use it edit the paths and the symbols in the script, run it periodically from cron(8) to get $DEST/quotes.csv, import the file once and reference it from your own spreadsheet.

#!/bin/sh
TMP=/home/user/tmp
DEST=/home/user/prj/mba/dinero/portafolio
wget -q -O $TMP/quotes.csv 'http://finance.yahoo.com/d/quotes.csv?s=^MXX+^DJI+^IXIC+MXN=X+AMXL.MX+ARA.MX+BIMBOA.MX+CIEB.MX+FEMSAUBD.MX+GFBBB.MX+GMODELOC.MX+TELMEXL.MX+TLEVISACPO.M+WALMEXV.MX&f=sl1d1t1c1ohgv&e=.csv'
echo '"SYMBOL","VALUE","A","B","C","D","E","F","G","H"' > $DEST/quotes.csv
cat $TMP/quotes.csv >> $DEST/quotes.csv

Mitigate the .WMF vulnerability with Exim, Squid and SquidGuard

Unless you’ve been on holiday leave you’ve probably heard about the WMF vulnerability by now. Everything seems to indicate that Microsoft won’t take action to patch this gaping hole before January 9th, so here are a few measures to be on the safe side.

1. Before you do anything else, go ahead an unregister SHIMGVW.DLL

C:\> regsvr32 -u %windir%\system32\shimgvw.dll

Put this in a login script, and just for good measure go ahead an run it in every Windows box you’re responsible for. Heck, run it even in those you’re *not* responsible for as well.

2. I already got quite a few .WMF attachments on the spamtraps. F-Secure has a very interesting specimen and a lot to say about it. So the next step is to block them in exim.conf. Enable the acl_check_content ACL and make sure that you have a rule like this one:

  deny  message = This message contains an unwanted file extension ($found_extension)
        demime = scr:vb:vbs:vbe:js:jse:reg:bat:lnk:pif:hlp:dll:com:rar:wmf

3. SquidGuard can filter URLs that match a given regular expression. Add these regexes to a local-blocks/expressions or similar file:

http://.*\.(scr|vb|vbs|vbe|jse|reg|bat|lnk|pif|hlp|com|rar|wmf)($|\?)
ftp://.*\.(scr|vb|vbs|vbe|jse|reg|bat|lnk|pif|hlp|com|rar|dll|js|wmf)($|\?)

Note that the .dll and .js extensions aren’t blocked for HTTP. That’s because the lovely IIS uses the .dll suffix for its extensions, and you can’t block JavaScript for HTTP either unless you want to break 90% of the Internet for all your local clients. I firmly belive that blocking them for FTP is just fine, tough.
Update 20060102 125530: Jeremy Gaddis shares a squid recipe.

Of course, this only applies if you use exim and Squid+SquidGuard -which by the way are all excellent Open Source products- but the same principle applies to any other mail and proxy servers. If you implement all three recommendations you should be fine. User should not get .WMF files through email or the Web. Even if a clueless user catches it though some other means (IM, external e-mail account, a *ack!* floppy disk/CD-ROM/flash drive, a helpful colleage, etc.) the REGSVR32 workaround should keep the exploit at bay. If you definitely need to work with WMFs, there are other alternatives as outlined by Richard Bejtlich. Just don’t hold your breath for a Microsoft-backed patch.

<rant>And about Microsoft’s “swift” response to this issue: The next time that someone gives me the line about not using Open Source because there’s nobody to take responsibility for problems, I’ll puch him in the face without further warning.</rant>

countdown

This small script is an alternative to sleep(1) that gives a visual clue to the user about the remaining seconds in the delay

#!/usr/bin/perl
$|++;

my $secs = shift;
die("Usage: $0 <secs>\n") unless (defined $secs) && ($secs>=0);
while($secs>0) {
        printf("\r% 4d", $secs);
        sleep 1;
        --$secs;
}
print "Done          \n";

(Download)
There are numerous instances where you might want your shell scripts to sleep(1) giving the user a clue about what’s going on, but just to relate to a previous example, let’s see how this can be used to throttle file leeching:

$ for i in `count 1 10 %02d`; do wget http://..../file-$i.pdf; countdown 30; done

Anansi Boys

Anansi BoysIt took a bit longer than I originally expected, but last night I finally finished reading Anansi Boys and I just have this to say: Neil Gaiman is a master storyteller.
Neil has just weaved a great story from a few seemingly loose strands in American Gods and -I swear- it is a solid web that he traps the reader into. The characters are solid and well developed over time, and by the end of the book they jump right off the page. The situations are very well constructed and some scenes have a frail, dreamlike quality. I can certainly relate to some aspects of the situations that Fat Charlie goes through, most certainly to those bits about parents being involuntarily embarrasing entities. As it is written, the characters’ ultimate destinies are very much like melodies that intertwine gradually and evolve into a great, powerful song. This song flows naturally, armonically, unavoidably. The musical bridges are in their right place, and in retrospect I can see that every note is there for a reason. The end resonates loudly, like a sustained note in a song I that I feel that I’ve heard before. And I probably have: Even now, Neil is one of the few authors that has the strange gift of haunting my sleep with their stories.
Neil: while you’re conceivably baking in the sun and healing from that nasty cold in some heavenly island in the Caribbean after which you shaped St. Andrews, I just have to thank you for taking me wide awake to that mysterious land at the beginning of time that we ordinary humans only visit in our sleep.

count

count is a minimalist perl script in the spirit of seq(1) but with a simpler syntax. It only counts in increments of 1, but -on the other hand- it knows how to count down.

#!/usr/bin/perl
use strict;
my($from,$to,$fmt,$inc)=@ARGV;
$to||=$from;
$fmt||="%d";
print join("\n",map{sprintf("$fmt",$_)}($from>$to?reverse($to..$from):($from..$to))),"\n";

(Download)
For instance, “count 10 1 %03d” will count down from 10 to 0 padding with zeroes to three digits. “count 0 15 %x” will count in hex. If you omit the format string it will default to “%d” (decimal, no padding).
count is very useful -among other things- for file leeching:

$ for i in `count 1 10 %02d`; do wget http://..../file-$i.pdf; done

de64

Base64 is used to encode binary data in printable ASCII form. de64 is a trivial perl script to decode such strings:

#!/usr/bin/perl
use MIME::Base64;
local $/ = undef;
print decode_base64(shift||<STDIN>);

(Download)
One application of de64 is decoding UTF8 LDAP attributes inside LDIF files. For instance, “cn:: Um9iZXJ0byBNYXJ0w61uZXo=” may be decoded with

$ de64 Um9iZXJ0byBNYXJ0w61uZXo=
Roberto Martí­nez

(Look Randal! I’m using a CPAN module this time! ;-) ) Of course, all the heavy lifting is done by MIME::Base64 from CPAN.

Luhn algorithm in PHP

As I mentioned before, the Luhn algorithm is used to validate some interesting numbers, most notably GSM IMEIs and credit card numbers. Here’s another implementation I wrote, this time in PHP.

	function luhn($str) {
		$odd = !strlen($str)%2;
		$sum = 0;
		for($i=0;$i<strlen($str);++$i) {
			$n=0+$str&#91;$i&#93;;
			$odd=!$odd;
			if($odd) {
				$sum+=$n;
			} else {
				$x=2*$n;
				$sum+=$x>9?$x-9:$x;
			}
		}
		return(($sum%10)==0);
	}

(Download)

perlwhich

Are you wondering where the heck does some arcane module come from? Wonder no more, perlwhich comes to the rescue:

#!/usr/bin/perl
use strict;
use File::Spec;

my $module = shift @ARGV;
$module=~s,\.,,igs;
my $pm=$module.'.pm';
my @path = split(/::/,$pm);
my $found = 0;
foreach my $dir (@INC) {
        my $file = File::Spec->catfile($dir,@path);
        if(-f $file) {
                print $file,"\n";
                $found=1;
        }
}
exit(!$found);

(Download)
Next time you need to know some module’s path just run it like this:

$ perlwhich Data::Dumper
/usr/lib/perl/5.8/Data/Dumper.pm

If a module resides in multiple locations under @INC, perlwhich will let you know as well:

$ perlwhich Salesforce
/usr/local/lib/site_perl/Salesforce.pm
/usr/local/share/perl/5.8.4/Salesforce.pm