Sanity Insanity and Moi

There are many tutorials on the net on how to use the Net::Telnet module to write a script that will automate a telnet session. Perhaps the best place is the CPAN site itself. Though all i needed was a simple script that did the job, i had to scour through many other sites for reference. Finally i’m done with the script that will telnet to the server collect the logs and then mail it to the id that i specified.

I wrote the working version as two perl scripts. I still dont know why i did that, may be for the simplicity sake.

• log.pl  => does the telnet to retrieve the logs and mail it to me
• run.pl => which runs the log.pl every hour

So here is the code -

log.pl

#!/usr/bin/perl
use Telnet;
# ---------------------------
$date = `date`;
chop $date;
$mailId = "jerry\@jerrymannel.com";
$cmd = "cat in.log | mail ".$mailId." -s \"Logs - ".$date."\"  ";
# ---------------------------
$host = "192.168.1.100";
$port = "2300";
$uid = "jerry";
$pwd = "password";
open $inputLog,  ">in.log";
$box = new Net::Telnet();
$box->open(     Host => $host,
                Port => $port,
        );
$iLog = $box->input_log($inputLog);
$flag = $box->login(    Name => $uid,
                        Password => $pwd,
                );
$box->print("co");
$box->waitfor('/# $/i');
$box->print("show load;show cpu");
$box->waitfor('/# $/i');
$box->print("show log");
$box->waitfor('/# $/i');
$box->close;
# MAIL section
system $cmd;
exit

run.pl

#!/usr/bin/perl
while (1)
{
        $date = `date +%M%S`;
        chop $date;
        #print $date." - ";
        if ( $date eq "0000" )
        {
                print "Sending the mail @ - ".(`date`);
                system("./logs.pl");
        }
        sleep(1);
}

The script was run on a Linux machine. So i neednt worry about the ‘date’ command and getting the date printed out in a fashion that i needed.

Drop in a line of you have more queries on the script. Always happy to help.

I have been thinking for a long time that i need to write about this tool that i found. Its quite interesting that this tool is really helpful in automating many of the routine sessions that i as a tester came across. This is by far the best automation tool that i found for telnet sessions.

Imagine these scenarios :

• You need to do BSO authentications frequently when you switch networks
• Get intermittent logs from the server for analysis
• Run automated tests on remote systems (something which i have started to call as run-and-forget)
• stuck in traffic…no way
  

Lets get into what this tool is and how to use it.

The tool is for windows (one of the things that i felt bad). To make use of this tool, u will need the exe file, i.e., tst10.exe and an input commands file. The input file will has the first line as the hostname/IP and port, which is followed by alternating SEND and WAIT commands.

Consider this example. I need to connect to a server of IP - 192.168.1.100, where a telnet service is running at PORT - 2300. This is how my script/input file will look like :

192.168.1.100 2300
SEND "\m"
WAIT "login:"
SEND "admin\m"
WAIT "Password:"
SEND "admin1\m"
WAIT "s1#"
SEND "co\m"
WAIT "s1(config)#"
SEND "show load; show cpu\m"
WAIT "s1(config)#"

“\m” = \n in C/PERL/Java/most programming langunages = CR or in non-techie terms “Enter”. SEND, sends the commands to be executed and the WAIT that follows tried to match the string in the output of the SEND commands before it.

How to run it?. There are 2 ways to do it. You can open up the command prompt navigate to the directory where the files are and then issue this command -

tst10.exe /r:IN /o:OUT

where IN is the input file and OUT stores the complete output of the session, so that you can skim through the file and have a look at what happened. OR, put the command in a batch file and double click it every time you need to run it.

Here is the screen capture -

TST10 Screen Capture

How is it different from Net::Telnet module of Perl or something similar in TCL or Python? Think about it.

• Time to write the code - 30min to ? depending upon how complex the situation is
• Trying to match the output to with REGEX, which means that you need to spend time in coming up with the right regex. Now you have 2 problems in hand
• Testing time to make sure that the script is robust enough

So this is perfect! NO. This doesn’t work for ssh sessions. Since telnet is getting substituted by ssh in most of the servers due to the secure nature of the connection its kind of difficult to fit it in a normal installation of Linux. I’m not sure about the telnet-ssh thingie happening in Solaris or any of the other servers.

Is there something like this for Linux? No. Hey, but look at it this way. Its some relief for us on windows platform for scripting.

You can build complex automatons with this combined with a little bit of Perl and Outlook. Here is one typical scenario that i made and which i have presented as a white-paper.

• Outlook has a setting that detects for incoming mails with a specific subject line.
• When the mail comes it evokes a Perl script.
• The Perl script will go ahead an call the TST’s batch file, which initiates the TST10 session, connects to the remote server starts/runs the automation. The output will be stored in OUT file
• The Perl script will skim the OUT file for any errors reported during the run.
• Then it calls an FTP script that will go ahead and get the log files from the remote system
• The log files are read, the results extracted and neatly formatted into mail and send to the required email-ids

sounds complex, but this script gave me enough time to hut for a new job and quit the previous employer.

Who wrote this? Someone by the name of Albert Yale. His home page is - http://ay.home.ml.org/, sadly the site is no longer online.

What happened to the white-paper? It got rejected , humor was not the order of the day.

Download TST10 : tst10.exe | tst10.zip

Xkcd is one of my fav web comic. Such good humor is hard to find, worst of all, i cant share that with most of my friends, cos half of them wont understand who Richard Stallman is.

Sharing here is my most favorite Xkcd series - the 1337 and that means “leet”.

read more at Xkcd itself…

This was an interesting find on the net. Steven Levy in 1984 had a code of ethics for Hackers

The ethics goes as -

• Access to Computers - and anything which might teach you something about the way the world works - should be unlimited and total. Always yield to the Hands-On Imperative!
• All information should be free.
• Mistrust Authority - Promote Decentralization.
• Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position.
• You can create art and beauty on a computer.
• Computers can change your life for the better.

Interesting …

Picture this about a laptop

It comes for as low as $299, ie Rs. 12K. Most expensive is $499, ie Rs.20k
Fully-featured laptop costs $69 less than the 16 GB Apple iPod Touch.
It’s $100 less than an Amazon Kindle e-book reader
It runs Linux (Xandros running KDE)- which is $30 less than Amazon.com’s discounted price for Microsoft Windows Vista Ultimate
They first in market with flash based storage.

Now thats a laptop that i would buy soon. (Just dont ask how soon ’soon’ is, as i’m known for procrastinating)
This makes ASUS Eee PC hated by, well lets just say every major company. Now that includes - Microsoft, Apple, Dell etc. and Azuztek a.k.a Azuz the most hated IT company as of now.
Intel loves them coz they are running a Celeron processor.
Is this going to hurt OLPC after the Intel back-out? I dont know and frankly i cant just about predict or speculate anything about the OLPC project. Their $100 laptop is now priced at $200 and now without Intel … i just cant make out anything.
[Source of news - http://itmanagement.earthweb.com/]
[Image source - engadget]

No before i get into the whole thing, by Free Software i mean the programs that follow the 0-3 Freedoms as stated by the Free Software Foundation. Or rather Copy-Left than Copy Right …
Why is that a Free S/w user is so good at fixing a system, trouble shooting software issues and fixes thing without even reading the manual.
Now these are the reasons

1) Free software users expect open licenses and no activation methods
2) Free software users expect regular upgrades and patches
3) Free software users expect to work the way they choose
4) Free software users want control of their own systems
5) Free software users explore
6) Free software users expect to help themselves
7) Free software users don’t fear the command line
Free software users learn software categories, not programs
9) Free software users expect access to developers and other employees

Creativity has no limits and the fact that people can go to any extend to infect you machine with malware, let me say comes as a total relief. After people has spend dollars securing their machine with the latest spyware remover, anti-virus, pop-up blocker and all the shit that you can get you hands on, there is no stopping a curious browser who downloads some thing and authorizes it to do some operation and ends ups in a deeper shit that he was before.

We all love torrent. The countless torrent files that you looked up on the net to download your favorite movie, would have at least made you thin, what you would have done with out those torrent sites. Its the same feeling you get when you thank George Bush for the oil that he is bringing in from Iraq and Kuwait.

So when some thought of the idea of infecting your machine with the help of torrent download and get paid $3 for doing so , has to be credited with the ingenuity of the idea. Here is the whole scenario.

You download a movie (most of the reports came up with the latest movies like Hitman, Beowuf, National Treasure : Book of Secrets) or an episode of your favorite series on TV. When you try to play it it says

“This video can only be played in DomPlayer, Visit Download.Domplayer.Com“

Like any other desperate downloader you visit their site :

Pretty neat site of a movie player, compared to VLC Player and Real Player. So you go and download the player, the Download button is right in front of you. So whats the big deal. Go ahead download the file… At this point i got suspicious and thought hey i never heard any of my friends talk about such a player, instead of installing it at the home PC (Windows XP), let me try to get an installer/player for Linux. That way its safe and its my Laptop, if anything gets screwd up i can just install all over again. Big Deal!!!

Web searches got me to couple of forums here and here. They talked about another player 3wPlayer by Wildman Productions(i have no idea who the hell they are).

In fact the real deal here is as reported from Best Security Tips is DOM Player says its clean but you call them up and pay them to activate the attack on your P. If that doesnt work they ask you to download 3wPlayer. Which is another piece of shit and load the malware to the PC free of charge.

Now that is a cool idea. You get paid to get infected like the way you paid to get protected. Over that you download movie files (AVI files) which might be renamed porno movies.

IF any one using Fedora with vsftpd service for FTP might have come across the issue while connecting via FTP

500 OOPS: cannot change directory:/home/xxxx

Login failed.

Then here is the solution. The problem is with SELinux. Go to System > Administration > SELinux Administration. Left side - Select : Boolean. On right side - FTP, check the box that says - Allow ftp to read/write files in the users home directory.

DONE!!! Close SELinux…

Security is still a big issue in India. Since there are terrorists ready to blow up anything here, we must be aware of the fact that we are vulnerable and take all means in avoiding it. Of lately when the security measures in my company was stepped up, many employees expressed dissatisfaction and where highly irritated. Sadly they dont realize the threat. They all complained that the Security at the main gates and buildings scrutinized their belongings and treated them equally like terrorists. To a mail sent by my colleague to the Security in charge, part of the reply went like this

… We (the security and the company) are not bothered about what the employee takes unauthorized from the company(hardware and documents). But more worried about the a much more grave situation… The attack at IISc Bangalore was first planned against IT companies as they (Terrorists) realize that a well planned strike at the heart of the Silicon Valley of India, will send India’s market crashing and the country will be in a chaos in no time. Sadly our company was also in their list. They were outside our gates, looking at every move and they found the security tight even for a normal employee. Thus we were spared. Else the AKs would have gone in any of the leading IT company…

A normal Techie, works from 8-to-8 and is completely oblivious to much of the things shaping up in the outside world, spare may be Bipasha’s curves or SRK’s Abs. He doesnt realize that the Bad Guys have really turned ugly and they are recruiting Graduates and Post Grads, like most IT companies, to do the dirty job (both ways its true for the Terror Organization and IT Company). I was surprised one Monday morning when i was asked to stop at the gates and the security guy checked my ID to verify its me. After 2 years, that day i entered the campus a bit happy, coz i found the Security doing their job properly.

Sadly, the fact is, the Security at majority of the IT Companies are a bit inadequate. They in most of the cases doesn’t realize the force they are up against. Everyday i see the security at all the companies on my way to office and i bet i can breach their physical security. I dont know why i do that. But i like doing it. Every time i face a security at a gate, i think of a way of beating him without raising the slightest suspicion.

Leave alone the physical security, its the Cyber age and are we prepared against an attack via the net. No!!! Network security, if you look at most of the intranets, is getting internally compromised by the employees. Simply coz a fair number of people will click the “You won a million dollars“, flashing ad on a web page. In most of the case, that will lead to a pornographic site, at times they open up the pandora’s box for the network of the company. E-mails in particular can bring a network down. A well placed attachment asking the user to open it is more than required. Remember “I love you” or you dont coz you remember it as what your lover told you.

I have had friends approach me saying “I think my damn system is affected with virus. I have the latest in anti-virus updated everyday, the latest pop-up blocker (how did that ever block a virus), a bazooka and an entire army guarding my system… but still. Damn windows … its all because of Windows.” Let me tell you there is nothing wrong with Windows (may be not entirely and probably this will be the only time i’ll be talking for Windows and Microsoft), what is wrong is YOU. Couldn’t resist visiting the site that flashed “Sexy savvy teens… going dirty…”, or couldnt resist opening the attachment that told you how to increase what ever you have or may be had. Think before what you click on or open. They are out there to make money and they will make it any way possible.

Knowing all this what can you do … if u cant make that out by your self, then how lame are you???

“How lame are you???”, the words that lead the world’s biggest Hacker Kevin Mitnik to his fall.

After much struggle i’m on Twitter. With the new Reliance ZTE CDMA USB Modem (ZTE CDMA 1X Modem MG880), which almost runs at the speed of the traffic on hosur road, i managed to get an account on Twitter.

I’m available at this link - http://twitter.com/jerrymannel

The last hurdle was to enable my mobile. The Settings page had a short message number that wont work here. Apparently that was my first try. Then i went to the help section, there i find this question - How to verify your phone . Elated, i read through and find this number - +44 778 148 8126 - which apparently is not the number again . Which I realized after sending two messages.

Then i read FAQ, from where i was supposed to start in the first place, when the first number didnt work. Damn It!!!. Finally i get the correct number - +44 762 480 1423. Now that is the correct number… FINALLY!!!!