Those are just a very few of the things you can use PIKT to monitor. We use it for all kinds of systems administration tasks, including: clearing out /tmp files; reporting system crashes; monitoring changes in critical system files, directories, and devices; detecting passwd and shadow file anomalies; running a mail quota system; reporting "orphaned" accounts and home directories; detecting bad e-mail list addresses; clearing out user Web browser caches; removing core files; rotating and retiring system log files; reporting full file systems; reporting runaway processes; reviving vital system processes; reviewing security log files--the list goes on and on.
Working with Other Scripting Languages
If you prefer to use a different scripting language, that is no problem. Here is a short Pikt wrapper script around a much longer, and very complicated Perl script, =mailchk (/pikt/lib/programs/mailchk.pl):
MailChk init status active level warning task "Check for mail \ errors, such as \ forwarding loops." input proc "=mailchk 2>&1" rule output mail $inline
mailchk.pl yields output which the Pikt MailChk script captures in a PIKT e-mail alert. If you wish, you could let your Perl script handle all the reporting, but still have PIKT deal with scheduling and logging, using the minimalist Pikt script:
MailChk begin exec "=mailchk 2>&1"
We have a suite of over two dozen account management programs, almost all of them written in Perl, that we maintain within our programs.cfg file. We don't use Pikt or piktd at all to run these. Rather, we use PIKT to manage the per-OS and per-machine differences, to install, and to monitor script integrity.
Config Files Installation and Management
Listing 12 is a portion of our files.cfg, the section configuring inetd.conf.
Listing 12: files.cfg (fragment)
#if usersys ftp stream tcp nowait root /usr/tcpd/tcpd in.ftpd telnet stream tcp nowait root /usr/tcpd/tcpd in.telnetd ... #else #ftp stream tcp nowait root /usr/tcpd/tcpd in.ftpd #telnet stream tcp nowait root /usr/tcpd/tcpd in.telnetd ... #endif
Turning services on and off is as easy as editing the central files.cfg, then reinstalling inetd.conf with the appropriate piktc command.
Recently, a CERT advisory was broadcast advising against running the rpc.ttdbserverd service with root privileges. For the rpc.ttdbserverd line, we substituted "daemon" for "root" (the line was already commented out anyway), then updated inetd.conf and reconfigured inetd on all Solaris systems with:
# piktc -iv +F inetd.conf \ +H solaris -H downsys # piktc -xv +S SigHupInetd \ +H solaris -H downsys
where SigHupInetd is a Pikt script written expressly for that purpose.
Another problem we have faced is keeping up-to-date our sudoers file--especially the list of part-time Computer Assistants. We do it in files.cfg by means of an include file:
User_Alias PARTTIMERS=\ #include <sudo_parttimers_files.cfg>
where the sudo_parttimers_files.cfg file might be:
larry,moe,curly,sporty,\ ginger,baby,posh,scary,\ john,paul,george,ringo
We have a separate script that rewrites the sudo_parttimers_files.cfg file nightly based on an authoritative and up-to-date GNU Mailman list. The result: a dynamic sudoers config file!
Remote Command Execution
You can use piktc for remote program execution as an alternative to rsh or ssh. The command
# piktc -Xv +C "<command(s)>" \ +H <systems>
executes the given command(s) on the specified systems.
You can insert PIKT macros within +C command strings. See Listing 13,
Listing 13: piktc Command Example
# piktc -x +C "hostname; =dfk /tmp" +H mus kiev0 Filesystem kbytes used avail capacity Mounted on /dev/sd0e 993006 17 893689 0% /tmp kiev Filesystem kbytes used avail capacity Mounted on swap 769096 296 768800 1% /tmp ...
Note that kiev0 is a SunOS system. We want 'df -k' to run on the Solaris systems and just plain 'df' to run on the SunOS systems. The macro =dfk resolves to the desired path and command option.
With perhaps the simplest but still useful PIKT setup imaginable--the piktc binary and a systems.cfg file--you can maintain custom system lists, whether for referencing within other programs, as in this Perl statement
@hpsys = `piktc -L +H hpux \ -H downsys`;
or for command-line work, as in a command loop we use to upgrade our Solaris
PIKT binaries (see Listing 14).
Listing 14: System Lists
# for sys in `piktc -L +H solaris -H piktdevsys no_usr_local downsys` > do > echo $sys > ssh $sys "/pikt/lib/programs/svcstart.pl -k; \ cp /pikt/bin/pikt* /pikt/bin/bak; \ cp /usr/local/pikt/bin/solaris/pikt* /pikt/bin; \ /pikt/lib/programs/svcstart.pl -r" > done
The uses of PIKT really are limited only by your imagination!
|prev page||1st page||next page|