dcsimg

Helpful Hints and an iptables GUI

This month's column provides a suite of helpful utilities that save time and energy and avoid frustration.

This month’s column provides a suite of helpful utilities that save time and energy and avoid frustration.

Finding Things Faster with slocate

When looking for a file outside of their $PATH, many people will sit through a find / -name lookingforsomething 2/dev/null. While find works, the slocate utility accomplishes the same task much faster.

slocate uses a database of files — initially constructed by slocate -u and maintained nightly by updatedb (typically run from cron) — to record filenames, paths, and permissions. If you’re familiar with GNU locate, slocate is very similar, except it also stores file permissions and ownership so that users don’t see files they do not have access to.

Kill ‘em All with pkill

Many daemons can be stopped with an init script with the stop command or with kill `cat /path/to/pidfile`, where pidfile contains the process id (PID) of the daemon. For programs that don’t follow either of these standards you might be accustomed to running a command like ps auxw | grep commandname to get a PID, followed by kill PID to end the process. To save time, you can easily kill a process using pkill. By default, pkill sends a SIGTERM, but you can specify any signal that you’d pass to kill.

For example, pkill -HUP syslogd sends a SIGHUP signal to syslogd. pkill -u jeremy ssh sends a SIGTERM to all ssh processes owned by the user jeremy. And pkill -n bash would send a SIGTERM to the last (the newest) bash process.

Text Change Operations with dos2unix

If you’ve ever tried to run a Perl script created by a Windows user only to get a “bad interpreter” error, you’ve experienced the pain caused by Windows and Linux using different linefeed characters. The fact that Linux uses Carriage Return (CR), while Windows uses CR following by Line Feed (LF) can cause problems in other situations, too. Luckily, a file can be converted from CR/LF to CR fairly quickly and easily, using the dos2unix filter. To convert a file named windows.txt simply type dos2unix windows.txt. This converts and replaces the file.

If you’d like to keep the current file untouched and save the converted output to a new file, you can use dos2unix -n windows.txt linux.txt.

Do not use wildcards with the -n option, because you’ll lose your files if you do.

You can also use vi to convert a file. To do this, open the file in vi and type…


:1,$ s/^v^m//

… while in command mode. (The ^v^m is CTRL-v CTRL-m, not caret-v-caret-m.) This command removes all LFs (CTRL-Ms), starting with the first line and going to the end of the file.








tech_01
Figure One: fwbuilder is a GUI for iptables and other firewall rule sets

An iptables GUI

Once mastered, you’ll find iptables to be an extremely powerful and flexible firewalling subsystem. iptables does stateful packet filtering, all different kinds of network address translation (NAT), and other advanced packet processing. While the command-line syntax for iptables is irreplaceable, you can also tweak iptables with a GUI front-end called fwbuilder.

Shown in Figure One and released under the GPL, fwbuilder currently supports iptables, ipfilter, OpenBSD PF, and Cisco PIX and is available from http://www.fwbuilder.org. One of its biggest strengths is its ability to simplify managing multiple firewalls by using a central, network objects database and allowing you to easily install the same policy on all firewalls simultaneously, regardless of the platform.

fwbuilder also allows you to get a visual representation of your security policy and can run a sanity check on your rules to catch common errors before the policy is installed.

While fwbuilder is not a replacement for a good understanding of iptables or general firewall rule creation, it can ease firewall deployment once you have those skills.



Jeremy is the founder and admin of LinuxQuestions.org, a free, friendly and active Linux Community. He can be reached at jeremy@linuxquestions.org.

Comments are closed.