UnixGarage: Chronically attached to the CLI

I was fortunate enough to give a presentation at software freedom day in Alexandria university. The audience were attentive and I had a great time. The main presentation was about using open source software to build secure infrastructure. I also got to spend some time demonstrating a simple PF policy on OpenBSD. The slides can be found here

I am making a list of apps and tools that I have come to rely on. As I discover new cool and reliable tools, they will be added to this repository.

Network related hardware :

Soekris: If you are dealing with lightweight traffic, this would be the first place to look.
Interface masters : They sell quad ports gigabit nics and bypass devices. They are open source friendly and overall awesome people to deal with.

For software tools :

• Snort
• Tomahawk
• Fragroute
• Scapy
• Scruby
• Libnids
• Nmap
• mcollective
  

To be continued…

Content management can mean different things to different people.I wanted to add some level of dynamic content management to the site but I did not want to deploy n-tier complex applications. My requirements are simple:

• Light weight: I don’t need some heavy java based solution
• Portable: I typically use 4-5 different operating systems throughout the day. I don’t need something that will only work with certain browsers/operating systems. I also didn’t want any new markup(think wiki markup) or tagging. html/plain-text is good enough for me
• Accessible: I know MVCs are taking over the world and perhaps it makes sense to store text in database tables in some cases but for my purposes I have a strong preference to store text content in “surprise surprise” text files so I can grep, diff or version control it when I want to

The design I had in mind was something where I could look into a location on the file system and list directories embedding them into html to generate a dynamic navigation menu.For the body of the pages, I wanted to be able to write the stories in html and have a script find them and embed them in the generated page.

Enter eruby! short for embedded ruby, it  is one of several ways to write cgi scripts in ruby.With eruby you can embed ruby code in html files. I wanted to use ruby because it is dynamic and flexible but the task could have been accomplished with any of the Ps(Perl, Python or PHP).

I won’t go into details of setting up eruby,Hiveminds magazine has a pretty good introduction online, but as a quick reference you will need to tell apache about the new type of file. Usually you will save your ruby files in rhtml so you will want a directive like this in apache’s config file:

“AddType ruby .rhtml .rb”

You will also want to tell apache which interpreter to use to execute your rhtml file, something like this should work:

“Action ruby /virtual-cgi/eruby”

It was more difficult to find examples that go beyond “3.times do” so I thought I would share the story with whatever little code I have and hopefully it will be useful to someone.

Code storage:

When apache invokes your script, your cwd(current working directory) will be the real filesystem path where you specified the ruby handler. For example if you configured apache like this:

Action ruby /virtual-cgi/eruby

and virtual-cgi is configured like this:

ScriptAlias /virtual-cgi /jail/usr/local/cgi-handlers

Then your current working directory is going to be “/jail/usr/local/cgi-handlers”.By default you will only be able to load modules from directories if they are in your $LOAD_PATH or in your CWD.$LOAD_PATH is an array and you could add to it by a simple ‘$LOAD_PATH.push(“/path/to/directory”)’
I created a unixgarage directory somewhere in my site_ruby tree.For now all the common code should go to a file helpers.rhtml in that directory till I find it compelling to make things more OO.

So first thing was to create the dynamic navigation menu and it was pretty easy, here is the code slightly edited for file/directory names:

1 $rootdir = “/path/to/docroot/”

2 $forbidden =["secret","private","valuable"]

3 def listdirs
4 puts “<ul>”
5 Dir.foreach(“#{$rootdir}”) do | fsentry |
6 next if fsentry.length < 3
7 next if $forbidden.index(“#{fsentry}”)
8 if File.directory?(“#{$rootdir}/#{fsentry}”)
9 puts “<li><a href=\”/#{fsentry}\”>#{fsentry}</a></li>”
10 end
11 end
12 puts “</ul>”
13 end

Pretty simple: the method iterates over the contents of the global variable $rootdir .An array of directories that should not be listed is defined in the global variable $forbidden. We use ruby’s Dir class to loop over each entry in the directory, skipping any entries that exist in the forbidden array. The items we find are then printed as a list item.

Now on to reading and embedding contents from a file. For now, I use a hard coded file name to look for, “main.txt” but in the future I might make it more dynamic to use a config file of sorts. Here is the code:

15 def mainbody(path)
16 fullpath = $rootdir + path
17 if File.exists?(“#{fullpath}main.txt”)
18 puts IO.readlines(“#{fullpath}main.txt”)
19 else
20 puts “Coming soon”
21 puts “<br>”
22 end
23 end

The code checks to see if a file called “main.txt” exists in the directory we are generating content for. If the file exists it will read the contents and embed them. If the file doesn’t exist we print a “Coming soon” message.

But how do we know which directory are we in?That will be defined in the ENV hash apache passes to the calling script as the value of the key ‘REQUEST_URI‘. To access the key, use ENV["REQUEST_URI"]. To construct the full file system path, we add that value to the value of $rootdir.

How about dynamically creating a list of links that represent the content of the directory?That too is very easy:

25 def listDirContent(path)
26 fullpath = $rootdir + path
27 Dir.foreach(“#{fullpath}”) do | dEntry |
28 (fName, fExt) = dEntry.split(“.”)
29 next if dEntry.length < 3
30 next if $forbidden.index(“#{dEntry}”)
31 if File.file?(“#{fullpath}/#{dEntry}”)
32 puts “<li><a href=\”#{path}#{dEntry}\”>#{fName}</a></li>”
33 end
34 end
35 end
Now what we need to do is write index.rhtml, or any other file that you tell apache is an index and load our helpers.rhtml:

<% load ‘unixgarage/helpers.rhtml’ %>

you go on to write all the html you want to write and to call either of the functions created you simply do <% functionname(arguments) %>

so for the navigation menu, I have a line in index.rhtml that reads:

<% listdirs %>

and for embedding the contents of main:

<% mainbody(“#{ENV["REQUEST_URI"]}”)

To dynamically display links to the contents of the directory:

<% listDirContent(“#ENV["REQUEST_URI"])

If you run into trouble, you can use eruby to execute your script to see where things are going wrong. To see it in action visit our ruby section.

Comments and suggestions welcome