Book review "Perl For System Administration"

Tib - Dec 4 '20 - - Dev Community

Perl Sysadmin

Intro

Yet another book review ! \o/

This book was released in Y2K. Seems like there was no new edition since then.

Perl for System Administration is written by David N. Blank-Edelman.

Very cool

Old bits

Some fun facts about how old is the book :

  • The book mentions "Perl is not ubiquitous" as a weakness when having to choose between Perl and other scripts languages.
  • The author thanks Usenix, SAGE and LISA conferences.
  • Recommends search.cpan.org ๐Ÿ˜„
  • "NTFS driver will be integrated in Linux kernel 2.2"... ah memories

Security

Security is always one of the numerous hats of a System Administrator...

Security

Here are some notions explained in the book :

  • Poison null byte (still possible in 2020 ?)
  • open(TEMPFILE, ">/tmp/tmp.$$); Predicatble $$ on multi user machine, a malicious user can predict and steal a temp file and write custom text/command to force reader to execute what he wants
  • I discovered that "..." ". " were valid filenames (for bad people).
  • Interesting exercise with system monitoring (dates, content, DNS dump...)
  • The idea of Postmortem, long time before devops mindset :D
  • Classic DDoS SYN flood attack (I think the first time I heard about it was in a story about Kevin Mitnick)
  • Cool part mentioning "John the ripper", "Crack" or "L0phtCrack". "libcrack" and "npasswd" ๐Ÿ’€

Things I discovered

I learnt also :

  • A lot of things about PPM.
  • A lot about macperl : cpan-mac and installme where you can drag and drop tarballs to install

Chapter about file systems

Very cool !

  • How MAC is different (data fork, resource fork)
  • How Windows is LOL (vfat = how to build something on top of a technical debt)

Corrupted check file

  • The sample code is cool
  • The sysread trick vs < > (read sequentially and stop at first error)

In general, how the author tells a story and explains sysadmin concepts each time is very cool -- I LOVE IT --

Quotas

How quotas are explained is very cool.

Quotas edition samples are a bit hacky and brittle (not by the fault of the author) but proves "how to get the job done" with Perl.

Handling users

Some tips detailed:

  • GID is primary group
  • We can have a group password
  • Password * to disable login
  • $< and $> and $) and $( for real/effective user/group

Windows

  • Windows : RID + DID = SID
  • Impossible to recreate same user then computer owner change implies to rename user
  • Windows cannot give ownership, we can only take ownership

Unix vs Win

  • There is a password hash incompatibility (algorithm)
  • On Unix there is a superuser whereas on Windows it's more like super-heros (users with super powers)

Sysadmin mindset

Sysadmins have their own mindset (and the ones I know have a great sense of humor).

Sysadmin starter pack

  • "Nothing is foolproof because fools are so ingenious"
  • "Something is wrong and I have no idea what" (how some users report problems) lol
  • "Sysadmins are log file linguists"
  • "Handle with pack and unpack - this way lies madness and misery" ๐Ÿ˜ƒ
  • "There are times where death is too good for a process"
  • "Security is continuum"
  • "You can be more secure but you will never be 100% secure" and in the same theme "It is always possible to find more to fear"
  • "Oog's password to get back into the clan's cave was probably "oog" " (about weak passwords)
  • "Detect local signs of perils" (nothing special but it sounds good to me ๐Ÿ˜„)
  • "Learn something from incident instead of only loosing time and effort"
  • "An user does not login from a lot of different places" (probably still true today even in the "mobility world" that we know today)

Process handling

Very nice chapter !

  • Inspect process with /dev/kmem, Proc::ProcessTable, ps, proc
  • Filewatcher windows very contemporary

Directories services

  • finger
  • whois
  • LDAP (LDIF)
  • Active Directory (ADSI, DCOM, OLE)

Caracteristics : structured or not, some implementation details etc...

Networked, remote, hierarchical, structured, read many write few...

Very good chapter about LDAP, I skipped some parts at the end, but at least I have ready to use code if needed.

Other cool things

  • Control Windows windows with API !
  • Security bits
  • References at the end of chapter, original but cool
  • Very nice chapter about DNS

Not cool

  • Not for Perl beginners, sometimes complex notions are thrown without any explanation (@, \%, keys, map, $_, refs)
  • Sometimes too much details that will be outdated one day after the book is released (a bug in a very specific version of Net::NIS...)
  • Sometimes too much code (one snippet was 5 pages long, tldr;)
  • Lost with chapter about XML, not clear
  • SNMP and LDAP are probably not so well explained

Various Tips and tricks

  • Compare 2 tabs that contains numbers if("@arr[1..12]" ne "@arr2") nice Perl idiom (slice then convert to string to compare).
  • Do you know the SQL "SELECT ... INTO ..." ? Me not ! ๐Ÿ˜
  • Good idea to compare SQL operators to Perl regex operators !

Appendix

There are really short introductions, quality depends the topic:

  • XS and XML intros are cool.
  • LDAP and SNMP intros are too hard.

Conclusion

Very pleasant to let the author give a tour of Operating Systems for us for each topic, even (especially) if I'm less interested in some OS.

You should read this book! Definitely ! ๐Ÿ‘

Image
Simplify Demos by Directly Testing Ads on Client Websites
Image
Odoo Implementation: Common Challenges and Solutions

odoo, odooimplementation, erpsoftware
Image
Rent a fully furnished two-bedroom apartment in Vatika City, Sohna Road, Gurgaon

vatikacitygurgaon, 2bhkapartmentinvatikacity
Image
Must Know 5 Vim Tricks (with GIF) for Kubernetes Certification

vim, kubernetes, tricks, certification
Image
A Critical Look at AWS Lambda Extensions: Pros, Cons, and Recommended Use Cases

aws, serverless, devops, lambda
Image
Entrust your logo and visual identity to a creative and innovative agency in India

webdev, javascript, beginners, programming
Image
Unlocking the Power of AI in Data Analytics: Measuring the Impact of Marketing Campaigns and Optimizing Future Strategies

aiindataanalytics, dataanalytics, marketing, marketingcampaign
Image
How to Create a Shopify Omnichannel Customer Support Inboxย App

shopify, shopifyapp, omnichannel
Image
Mastering Angular 18 State Management using NgRx

angular, webdev, javascript, frontend
Image
The Benefits of Using a Boilerplate and How BuildMVP Can Help You Launch Faster

webdev, saas, nextjs, marketing
Image
Data Scraping: How to Collect Information Without Getting Blocked
Image
How the New iPhone, Development, and Cryptocurrencies Are Connected

webdev, productivity, news, blockchain
Image
Experimenting with Terramate and SAP BTP

terraform, terramate, sap, btp
Image
Git Deep Dive: Understanding the Magic Behind Its Internals

git, github, gitlab
Image
June Programming Language Rankings

javascript, c, nextjs
Image
Experimenting with ViewTransitions on iOS 18 and svelte5

webdev, svelte
Image
แƒงแƒแƒ•แƒšแƒ˜แƒกแƒ›แƒแƒ›แƒชแƒ•แƒ”แƒšแƒ˜ แƒ›แƒ˜แƒ›แƒแƒฎแƒ˜แƒšแƒ•แƒ
Image
Khelo24bet: Your Ultimate Destination for Online Betting and Casino Games
Image
frozen cash mod apk
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .