CS615A Aspects of System Administration Homework Assignment #2 Please read this entire document before starting to work on the assignment. Goals: ------ To develop a number of programs to solve "typical" problems encountered by system administrators and to understand when to use which tools. The nature of the problems to solve also will provide additional (non-obvious) insights into topics related to system administration. Summary: -------- This assignment consists of three distinct programs solving very different problems. Short summaries are as follows: (a) Write a program to perform a simple health check on a given set of hosts. (b) Write a program to collect hostname<->IP pairs from a DNS zone file. (c) Write a program to generate a list of known vulnerabilities in the FreeBSD ports collection. Due date: --------- 2009-03-28 10:59:59 Meta: ----- For each of the three programs, you may chose any programming language you like. However, the program needs to run (without any additional software installed or any special settings or tweaks) on all three of the systems you have been given access to: - linux-lab.cs.stevens.edu Linux (Fedora release 8) - lab.cs.stevens.edu NetBSD 2.1 - drude.cs.stevens.edu Solaris 10 Feel free to discuss general problems and concepts on the mailing list or amongst yourself, but please do not share any significant code snippets or detailed step-by-step instructions. Each of you should learn to do this on their own. Each of your program should follow general UNIX philosophy and act and behave following the principle of least surprise. Details: -------- (a) 15 points Write a program to perform a simple health check on a given set of hosts. Your program takes as input a list of hostnames. For each hostname, it performs the following checks: - the hostname resolves - the host responds to ping - the host can be reached on port 22 Each of these checks, if not passed, causes your program to generate a notice on stdout indicating the failure and then to move on to the next host. Example usage: $ shc host1 host2 host3 host4 host5 host2: ping failure host3: dns failure host5: ssh failure $ Any errors encountered are printed to stderr; under successful execution, your program does not generate any other output. Extra credit: allow the user to provide the list of hosts from a text file, one hostname per line, ignoring empty lines and anything after a '#' character. (b) 25 points Write a program to collect hostname<->IP pairs from a DNS zone file. Your program takes as input a file name, expected to be a DNS zone file. From this file, your program extracts all direct hostname<->IP address mappings (ie all A or AAAA records). Example usage: $ chipp file1 host1 1.2.3.4 host2 2.3.4.5 host3 3.4.5.6 host4 2002:4f8:4:7:2e0:81ff:fe52:9a6b $ Any errors encountered are printed to stderr; under successful execution, your program does not generate any other output. An example DNS zone file has been uploaded to http://www.cs.stevens.edu/~jschauma/615A/root-zone-file The syntax of a DNS zone file is defined in RFC1034 (http://tools.ietf.org/html/rfc1034), section 3.6. Your program does NOT need to validate the syntax (ie determine whether or not the input file is a valid zone file), but it should be able to handle any valid syntax. (c) 35 points Write a program to generate a list of known vulnerabilities in the FreeBSD ports collection. On http://www.vuxml.org/freebsd/index-cve.html you can find a list of known security vulnerabilities in the FreeBSD ports collection. Your program needs to parse this document and convert the format into lines containing three tab-separated fields. The first lists the port name and the version modifier, the second the type of the vulnerability and the third the URL with details. The output for these entries on that website: CVE-2009-0422 phplist -- local file inclusion vulnerability CVE-2009-0312 moinmoin -- multiple cross site scripting vulnerabilities CVE-2009-0241 ganglia -- buffer overflow vulnerability CVE-2009-0240 websvn -- multiple vulnerabilities then becomes phplist<2.10.9 local file inclusion vulnerability http://www.vuxml.org/freebsd/40774927-f6b4-11dd-94d9-0030843d3802.html moinmoin<1.8.1 multiple cross site scripting vulnerabilities http://www.vuxml.org/freebsd/6a523dba-eeab-11dd-ab4f-0030843d3802.html ganglia-monitor-core<3.1.1 buffer overflow vulnerability http://www.vuxml.org/freebsd/b9077cc4-6d04-4bcb-a37a-9ceaebfdcc9e.html ganglia-monitor-webfrontend<3.1.1 buffer overflow vulnerability http://www.vuxml.org/freebsd/b9077cc4-6d04-4bcb-a37a-9ceaebfdcc9e.html websvn<2.1.0 multiple vulnerabilities http://www.vuxml.org/freebsd/71597e3e-f6b8-11dd-94d9-0030843d3802.html Note that the 'ganglia' listing yielded two lines in your output. Your program may ignore entries where the version information is not trivial (ie following a simple "greater than" or "smaller than"; see extra credit for details). Extra credit: Support packages with more complex versioning. That is, entries like CVE-2009-0478 squid -- remote denial of service vulnerability would yield: squid>=2.7.1<2.7.6 remote denial of service vulnerability http://www.vuxml.org/freebsd/9c2460a4-f6b1-11dd-94d9-0030843d3802.html squid>=3.0.1<3.0.13 remote denial of service vulnerability http://www.vuxml.org/freebsd/9c2460a4-f6b1-11dd-94d9-0030843d3802.html Deliverables: ------------- You need to email me a tar archive of your programs that, when extracted has the following directory and naming structure: /shc/ /chipp/ /fbvlist/ References: ----------- The manual pages and documentation of whatever programming language you chose.