Tag - management - blog'o thnet

Static Route Management for Hosts in the Demilitarized Zone (DMZ)

By Julien Gabel on Wednesday 29 June 2005, 11:39 - Solaris

Based on existing procedures, here is a new tool which aim is to help adding centralized managed static routes for all servers hosted in the demilitarized zone. As for the Password Management for Hosts in the Demilitarized Zone (DMZ), this script is managed using the cvs(1) concurrent management system.

Follow are the three necessary files:

dmz_routes.sh this one is able to get, push and apply new static route(s) remotely
route_admin this script can list and apply new static route(s) locally and is used from rc script at boot time
route_admin.cfg current static routes commented configuration file; used by route_admin

Assuming that the environment variables ${CVSROOT} and ${CVS_RSH} are properly sets, here are little samples of usage:

# cvs checkout -P dmz_route && cd dmz_route
#
# sh ./dmz_route.sh
usage: dmz_route.sh [-hd] [-s servername,...] [-c config_file] [-i init.d_file] {push|add|status}
#
# sh ./dmz_route.sh -s beastie status
* server: beastie
 => state of files:
/data/system/etc/
/data/system/etc/init.d/
/data/system/etc/route_admin.cfg:
     $Id: route_admin.cfg,v 1.10 2005/02/14 14:14:14 root Exp $
/data/system/etc/init.d/route_admin:
     $Id: route_admin,v 1.9 2004/09/14 08:19:29 root Exp $
 => show the routing tables:IRE Table: IPv4
  Destination             Mask           Gateway          Device Mxfrg  Rtt  Ref Flg  Out  In/Fwd
-------------------- --------------- -------------------- ------ ----- ----- --- --- ----- ------
10.126.220.40        255.255.255.255 192.168.138.33               1500*    0   1 UGH    790     0
10.126.220.41        255.255.255.255 192.168.138.33               1500*    0   1 UGH   2862     0
10.126.215.162       255.255.255.255 192.168.138.33               1500*    0   1 UGH     65     0
[...]
#
# sh ./dmz_route.sh -s beastie push
* server: beastie
 => last configuration backuped
 => route_admin.cfg pushed
 => route_admin pushed

Need more help?... See the command line help switch:

# sh ./dmz_route.sh -h

Password Management for Hosts in the Demilitarized Zone (DMZ)

By Julien Gabel on Saturday 25 June 2005, 11:39 - Solaris

Based on existing procedures, here is a new tool which aim is to help managing centralized passwords for all servers hosted in the demilitarized zone. As for the Static Route Management for Hosts in the Demilitarized Zone (DMZ), this script is managed using the cvs(1) concurrent management system.

Follow is the named script:

dmz_passwd.sh this one is able to get and set some password configurations and/or parameters remotely

Assuming that the environment variables ${CVSROOT} and ${CVS_RSH} are properly sets, here are little samples of usage:

# cvs checkout -P dmz_passwd && cd dmz_passwd
#
# sh ./dmz_passwd.sh
usage: dmz_passwd.sh [-hd] [-s servername,...] [-n min_day] [-x max_day] [-w warn_day] -u username,... {status|set|unlock|lock|reset}
#
# sh ./dmz_passwd.sh -s unic -u greg set
* server: unic
 => *set* password attributes and policy for user: greg
#
# sh ./dmz_passwd.sh -s unic,beastie -u greg status
* server: unic
 => *get* password attributes and policy for user: greg
    .password status: locked [LK]
    .last changed: 13 September 2004
    .minimum between password changes: 0 day(s)
    .maximum between password changes: 91 day(s)
    .warning before the password expires: 7 day(s)
    .password will expire at: 13 December 2004

* server: beastie
 => *get* password attributes and policy for user: greg
    .password status: passworded or locked [PS]

Need more help?... See the command line help switch: