Principles of Network and System Administration 2nd phần 10 pps

Proceedings of the Large Installation System Administration Workshop USENIX Association: Berkeley, CA, 1987, page 28, 1987.. Proceedings of the Large Installation System Administration W

Trang 1

#

# Test regular expressions in perl

#

# NB - careful with $ * symbols etc Use ’’ quotes since

# the shell interprets these!

Trang 2

572 APPENDIX B PROGRAMMING AND COMPILING

This can be tested with the following patterns:

.* prints every line (matches everything)

all lines except those containing only blanks

( doesn’t match ws/white-space)[a-z] matches any line containing lowercase

[^a-z] matches any line containing something which is

not lowercase a–z[A-Za-z] matches any line containing letters of any kind

[0-9] match any line containing numbers

#.* line containing a hash symbol followed by anything

^#.* line starting with hash symbol (ﬁrst char)

;\n match line ending in a semi-colon

Try running this program with the test data on the following ﬁle which is calledregex testin the example program

# A line beginning with a hash symbol

JUST UPPERCASE LETTERS

just lowercase letters

Letters and numbers 123456

123456

A line ending with a semi-colon;

Line with a comment # COMMENT

Generate WWW pages auto-magically

The following program scans through the password database and builds a dardized html-page for each user it ﬁnds there It ﬁlls in the name of the user ineach case Note the use of the << operator for extended input, already used in thecontext of the shell This allows us to format a whole passage of text, insertingvariables at strategic places, and avoid having to print over many lines

Trang 3

# Now make a unique filename for each page and open a file

foreach $user (sort keys(%FullName))

{

print OUT <<ENDMARKER;

<HTML>

<BODY>

<HEAD><TITLE>$FullName{$user}’s Home Page</TITLE></HEAD>

<H1>$FullName{$user}’s Home Page</H1>

Hi welcome to my home page In case you hadn’t

got it yet my name is: $FullName{$user}

I study at <a href=http://www.iu.hioslo.no>Oslo College</a>

</BODY>

Trang 4

</HTML>

ENDMARKER

}

Summary

Perl is a superior alternative to the shell which has much of the power of C and

is therefore ideal for simple and even more complex system programming tasks

A Perl program is more efﬁcient than a shell script since it avoids large overheadsassociated with forking new processes and setting up pipes The resident memoryimage of a Perl program is often smaller than that of a shell script when all of thesub-programs of a shell script are taken into account We have barely scratchedthe surface of Perl here If you intend to be a system administrator for Unix or NTsystems, you could do much worse than to read the Perl book [316] and learn Perlinside out

CGI stands for the Common Gateway Interface It is the name given to scriptswhich can be executed from within pages of the World Wide Web Although it ispossible to use any language in CGI programs (hence the word ‘common’), theusual choice is Perl, because of the ease with which Perl can handle text

The CGI interface is pretty unintelligent, in order to be as general as possible,

so we need to do a bit of work in order to make scripts work

Permissions

The key thing about the WWW which often causes a lot of confusion is that theWWW service runs with a user ID of nobody or www The purpose of this is toensure that no web user has the right to read or write ﬁles unless they are openedvery explicitly to the world by the user who owns them

In order for ﬁles to be readable on the WWW, they must have ﬁle mode 644and they must lie in a directory which has mode 755 In order for a CGI program

to be executable, it must have permission 755 and in order for such a program towrite to a file in a user’s directory, it must be possible for the file to be created (ifnecessary) and everyone must be able to write to it That means that files whichare written to by the WWW must have mode 666 and must either exist already orlie in a directory with permission 777.1

Protocols

CGI script programs communicate with WWW browsers using a very simpleprotocol It goes like this:

• A web page sends data to a script using the ‘forms’ interface Those data

are concatenated into a single line The data in separate ﬁelds of a form are

1 You could also set the sticky bit 1777 in order to prevent malicious users from deleting your ﬁle.

Trang 5

B.3 WWW AND CGI PROGRAMMING 575

separated by & signs New lines are replaced by the text %0D%0A, which is theDOS ASCII representation of a newline, and spaces are replaced by + symbols

• A CGI script reads this single line of text on the standard input

• The CGI script replies to the web browser The ﬁrst line of the reply must be

a line which tells the browser what mime-type the data are sent in Usually,

a CGI script replies in HTML code, in which case the ﬁrst line in the replymust be:

Content-type: text/html

This must be followed by a blank line

HTML coding of forms

To start a CGI program from a web page we use a form which is a part of the HTML

code enclosed with the parentheses

</FORM>

The method ‘post’ means that the data which get typed into this form will be pipedinto the CGI program via its standard input The ‘action’ specifies which programyou want to start Note that you cannot simply use the absolute path of the file,for security reasons You must use something called a ‘script alias’ to tell the webbrowser where to find the program If you do not have a script alias defined for youpersonally, then you need to get one from your system administrator By using ascript alias, no one from outside your site can see where your files are located,only that you have a ‘cgi-bin’ area somewhere on your system

Within these parentheses, you can arrange to collect different kinds of input.The simplest kind of input is just a button which starts the CGI program Thishas the form

This code creates a button When you click on it the program in your ‘action’string gets started More generally, you will want to create input boxes where youcan type in data To create a single-line input ﬁeld, you use the following syntax:

This creates a single-line text ﬁeld of width 40 characters This is not the limit

on the length of the string which can be typed into the ﬁeld, only a limit on theamount which is visible at any time It is for visual formatting only The NAMEﬁeld is used to identify the data in the CGI script The string you enter here will besent to the CGI script in the form variable-name=value of input Anothertype of input is a text area This is a larger box where one can type in text onseveral lines The syntax is

Trang 6

which means ‘create a text area of ﬁfty rows by ﬁfty columns with a prompt to theleft of the box’ Again, the size has only to do with the visual formatting, not to dowith limits on the amount of text which can be entered

As an example, let’s create a WWW page with a complete form which can beused to make a guest book, or order form

<HTML>

<HEAD>

<TITLE>Example form</TITLE>

<! Comment: Mark Burgess, 27-Jan-1997 >

</HEAD>

<BODY>

<CENTER><H1>Write in my guest book </H1></CENTER>

<HR>

<CENTER><H2>Please leave a comment using the form below.</H2><P>

Your Name/E-mail: <INPUT NAME="variable1" SIZE=40> <BR><BR>

<P>

<P>

Interpreting data from forms

To interpret and respond to the data in a form, we must write a program whichsatisﬁes the protocol above, see section 2.6.5 We use Perl as a script language.The simplest valid CGI script is the following

#!/local/bin/perl

#

# Reply with proper protocol

#

Trang 7

print "Content-type: text/html\n\n";

print $input, "\n Done! \n";

Although rather banal, this script is a useful starting point for CGI programming,because it shows you just how the input arrives at the script from the HTML form.The data arrive all in a single, enormously long line, full of funny characters Theﬁrst job of any script is to decode this line

Before looking at how to decode the data, we should make an important pointabout the protocol line If a web browser does not get this ‘content-type’ line fromthe CGI script it returns with an error:

caused the error

Error: HTTPd: malformed header from script www/cgi-bin/comment.pl

Before ﬁnishing your CGI script, you will probably encounter this error severaltimes A common reason for getting the error is a syntax error in your script Ifyour program contains an error, the ﬁrst thing a browser gets in return is not the

‘content-type’ line, but an error message The browser does not pass on this errormessage, it just prints the uninformative message above

If you can get the above script to work, then you are ready to decode the datawhich are sent to the script The ﬁrst thing is to use Perl to split the long line into

an array of lines, by splitting on & We can also convert all of the + symbols backinto spaces The script now looks like this:

#!/local/bin/perl

#

# Reply with proper protocol

#

Trang 8

print "Content-type: text/html\n\n";

variable1=Mark Burgess variable2=%0D%0AI just called to say (wrap) %0D%0A hey pig%2Cnothing%27s working out the way I planned Done!

As you can see, all control characters are converted into the form %XX We shouldnow try to do something with these Since we are usually not interested in keepingnew lines, or any other control codes, we can simply null-out these with a line ofthe form

$input =~ s/% //g;

The regular expression % matches anything beginning with a percent symbolfollowed by two characters The resulting output is then free of these symbols Wecan then separate the variable contents from their names by splitting the input.Here is the complete code:

Trang 9

print "<br>var1 = $variable1<br>";

print "<br>var2 = $variable2<br>";

Trang 10

var1 = Mark Burgess

var2 = I just called to say hey pig nothings working out (wrap)the way I planned

Done!

Trang 11

Appendix C

Example telnet session

The Transmission Control Protocol (RFC 793) is used to transport most high-levelprotocols today One of these is the telnet protocol, which has been a generalworkhorse for many years, but is now replaced with more secure or robustalternatives As a login service, telnet is no longer deemed suitable, since ittransmits secret information in plain text over the network RFC 845 details thetelnet protocol

As an exercise to the reader, it is helpful to see a real example of how passwordinformation is sent in plain text by reproducing the TCP/IP packets and theircontents in hard copy Although slightly cumbersome, it is very informative to seehow the communication actually takes place The retransmission of a packet alsodemonstrates the reliable property of TCP Readers are encouraged to researchthe behavior of the TCP/IP protocol and study this transfer

This dump was made with the Solaris snoop program, using snoop -v forverbose output The trace as provided is all the data transmitted over the network

in the time it takes to telnet the ‘to’ host from the ‘from’ host, get the login banner,type a username and a password and end up with a command prompt

The ﬁrst thing we see is how inefﬁcient the telnet protocol is, how passwordsare transmitted in clear text over the network and how fragmentation and retrans-mission of IP fragments is performed in order to guarantee transmission Noticealso how the sequence numbers are randomized

from% telnet to.domain.country

Trang 12

582 APPENDIX C EXAMPLE TELNET SESSION

from -> to ETHER Type=0800 (IP), size = 58 bytes

from -> to IP D=192.0.2.238 S=192.0.2.10 LEN=44, ID=53498

from -> to TCP D=23 S=54657 Syn Seq=4095044366 Len=0 Win=8760

from -> to TELNET C port=54657

Reply with Syn,Ack and Ack=prev Seq+1

to -> from ETHER Type=0800 (IP), size = 60 bytes

to -> from IP D=192.0.2.10 S=192.0.2.238 LEN=44, ID=43390

to -> from TCP D=54657 S=23 Syn Ack=4095044367 Seq=826419455 Len=0 Win=8760

to -> from TELNET R port=54657

Reply with Ack = prev Seq+1

from -> to TCP D=23 S=54657 Ack=826419456 Seq=4095044367 Len=0 Win=8760

Retransmit:

Now send data: ack = seq + Len each time until Fin

to -> from TCP D=54657 S=23 Ack=4095044394 Seq=826419456 Len=0 Win=8760

Retransmit with different Len no fragmentation, same Ack

Trang 13

APPENDIX C EXAMPLE TELNET SESSION 583

from -> to TELNET C port=54657 \377\372\30\0VT100\377\360\377\372#\0from

Transfers TERM variable - VT100:

to -> from TELNET R port=54657 login:

Here comes the login name

Retransmit, bad Len:

Trang 14

to -> from TELNET R port=54657 m

from -> to TELNET C port=54657 a

to -> from TELNET R port=54657 a

from -> to TELNET C port=54657 r

to -> from TELNET R port=54657 r

Retransmit:

from -> to TELNET C port=54657 k

to -> from TELNET R port=54657 k

(retrans)

Trang 15

to -> from TELNET R port=54657 Password:

Here comes the password, in plain text, for all to see!

Retransmit:

from -> to TELNET C port=54657 p

to -> from TELNET R port=54657 p

from -> to TELNET C port=54657 a

to -> from TELNET R port=54657 a

from -> to TELNET C port=54657 s

to -> from TELNET R port=54657 s

from -> to TELNET C port=54657 w

to -> from TELNET R port=54657 w

from -> to TELNET C port=54657 d

to -> from TELNET R port=54657 d

from -> to TELNET C port=54657 \n

Trang 16

(fragment)

to -> from TELNET R port=54657 SunOS Release 5.6 Ve

to -> from TELNET R port=54657 1:33pm up 2 day(s

Fragment:

to -> from TELNET R port=54657 You have mail (total

to -> from TELNET R port=54657 prompt \%

from -> to TELNET C port=54657 e

to -> from TELNET R port=54657 e

_

Trang 17

Retransmit:

from -> to TELNET C port=54657 c

to -> from TELNET R port=54657 c

Retransmit:

from -> to TELNET C port=54657 h

to -> from TELNET R port=54657 h

Retransmit

from -> to TELNET C port=54657 o

to -> from TELNET R port=54657 o

(retrans)

from -> to TELNET C port=54657 ei

Trang 18

to -> from TELNET R port=54657 i

Retransmit:

to -> from TELNET R port=54657 hei \r\nprompt\%

Retransmit:

to -> from TELNET R port=54657 logout \r\n

Trang 19

Send Fin, end of connection:

to -> from TCP D=54657 S=23 Fin Ack=4095044505 Seq=826420029 Len=0 Win=8760

Send Fin,Ack with Ack=previous Seq+1:

from -> to TCP D=23 S=54657 Fin Ack=826420030 Seq=4095044505 Len=0 Win=8760

Send Ack+1 to end:

Trang 21

Appendix D

Glossary

• ACL: Access control list, a list of access rights to an object.

• Anycast: A type of message introduced in IPv6 An anycast message is like

a cross between a unicast and a broadcast It is a message to the ‘nearestavailable’ host, and is used to ﬁnd servers for particular services The ﬁrsthost that responds to an anycast becomes the recipient

• ASN-1: Abstract Syntax Notation number One (ASN.1) is an international

standard that aims at specifying data used in communication protocols It

is used in protocols like SNMP and LDAP, and technologies such as mobilephones and even Internet Explorer

• ATM: Asynchronous Transfer Mode A network protocol that provides Quality

of Service guarantees and competes with Frame Relay for wide area point topoint links It can also be switched for Local Area traffic, but since it does notsupport broadcast, it is difficult to use for IPv4 traffic IPv6 offers workaroundsupport for ATM

• Atomic operation: A basic, primitive operation which cannot be subdivided

into smaller pieces, e.g reading a block from a ﬁle

• Binaries: Files of compiled software in executable form A compiler takes

program sources and turns them into binaries

• Binary server: A ﬁle-server which makes available executable binaries for a

given type of platform A binary server is operating system speciﬁc, sincesoftware compiled on one type of system cannot be used on another (See

also Home server.)

• BIND: Berkeley Internet Name Domain An implementation of the Domain

Name Service protocol suite, including both a client library (called theresolver) and the name server daemon

• Booting: Bootstrapping a machine This comes from the expression ‘to lift

yourself by your bootstraps’, which is supposed to reﬂect the way computersare able to start running from scratch, when they are powered up

Trang 22

592 APPENDIX D GLOSSARY

• Broadcast: A message sent by ﬂooding, that is directed to all hosts within a

region of a network Broadcasts are typically blocked by IP routers, but not

by layer 2 switches

• C/MOS: Complementary Metal Oxide Semiconductor p-n back-to-back

tran-sistor technology, low dissipation

• COM: Refers to the communications port on a PC Also stands for Microsoft’s

Common Object Model

• Consolidated: Grouping resources in one place A centralized type of solution

for concentrating computing power in one place This kind of solution makessense for heavy calculations, performed in engineering of computer graphics

• Context switching: Time-sharing between processes When the kernel

switches between processes quickly in order to give the illusion of currency or multitasking

con-• Cracker: A system intruder Someone who cracks the system A trespasser.

• DAC: Discretionary access control, i.e optional rather than forced (See MAC.)

• DAP: Directory Access Protocol (X.500).

• Dataless client: A client which has a disk and its own root partition, so it can

boot by itself Other data are mounted over NFS

• DIB: Directory Information Base (X.500).

• DIMM: Memory chip.

• Diskless client: A client which has no disk at all but which shares the root

and /usr ﬁle trees using the NFS from a server

• DISP: Directory Information Shadowing Protocol (X.500).

• Distributed: A decentralized solution, in which many workstations spread the

computing power evenly throughout the network

• DIT: Directory Information Tree.

• DLL: Dynamic Link Library (Windows).

• DN: Distinguished Name (X.500), a primary key in a DAP database.

• DNS: The Domain Name Service, which converts Internet names into IP

addresses and vice versa

• Domains: A domain is a logical group of hosts This word is used with several

different meanings in connection with different software systems The mostcommon meaning is connected with DNS, the Domain Name Service Here

a domain refers to an Internet sufﬁx, like domain.country, or nasa.gov.Internet domains denote organizations Domain is also used in NT to refer to

a group of hosts sharing the attributes of a common ﬁle-server Try not toconfuse Domain nameserver (DNS) server with NT Domain server

Trang 23

APPENDIX D GLOSSARY 593

• DSA: Directory System Agent (X.500), DAP or LDAP server.

• DSE: DSA speciﬁc entry, i.e root name space point for a local directory

(X.500)

• Enterprise: A small business network environment Enterprise management

is a popular concept today because NT has been aimed at this market.Enterprise management typically involves running a web server, a database,

a disk server and a group of workstations and common resources likeprinters, and so on Many magazines think of enterprise management as thenetwork model, but when people talk about enterprise management they arereally thinking of small businesses with fairly uniform systems

• FQHN: Fully qualiﬁed host name The name of a host which is a sum of

its unqualiﬁed name and its domain name, e.g host.domain.country, ofwhich host is the unqualiﬁed name and domain.country is the domainname

• Free software: This usually refers to software published under the GNU

Pub-lic License, Artistic License or derivative of these Free software is not aboutmoney, but about the freedom to use, modify and redistribute software with-out restrictions over and above what normal courtesy to the author demands.Free software must always include human readable source code Recentlypeople choose to distinguish between this and Open Source software, i.e.code whose source is open but which may or may not be free

• GUI: Graphical user interface.

• Heterogeneous: Non-uniform In a network context, a heterogeneous network

is one which is composed of hosts with many different operating systems

• Home server: A ﬁle-server which makes available users’ home directories.

A home server need not be operating system speciﬁc, provided it uses a

commonly supported protocol, e.g NFS, Samba (See also Binary server.)

• Homogeneous: Uniform In a network context, a homogeneous network is one

in which all of the hosts have the same operating system

• IETF: Internet Engineering Task Force A working group that deﬁnes Internet

standards

• IMAP: Internet Message Access Protocol A modern approach to distributed

E-mail services

• Index node (inode): Unix’s method of indexing ﬁles on a disk partition.

• Inhomogeneous: The opposite of homogeneous See also Heterogeneous.

• Internetworking protocol: A protocol which can send messages across quite

different physical networks, binding them together into a uniﬁed cations base

Trang 24

communi-594 APPENDIX D GLOSSARY

• IP address: Internet address Something like 128.39.89.10 or now 2001:

700:700:3:290:27ff:fea2:477b

• ISO: International Standards Organization.

• JNDI: Java Naming and Directory Interface Part of Java Enterprise services

for distributed computing

• Latency: The time you wait before receiving a reply during a transaction.

• Legacy system: An old computer or software package which a site has come

to rely on, but which is otherwise outdated

• LISA: Large Installation System Administration This refers to environments

with many (hundreds or thousands of) computers The environments typicallyconsist of many different kinds of system from multiple vendors Thesesystems are usually owned by huge companies, organizations like NASA oruniversities

• MAC: Mandatory access control (See DAC.)

• MAC address: Media access control address (e.g Ethernet address) This is

the hardware address which is typically burned into the network interface

• Memory image: A copy of some software in the actual RAM of the system Often used to refer to the resident size of a program, or the amount of memory

actually consumed by a program as it runs

• Middleware: A layer of software super-structure above the transport layer of

network communications that adds additional services and abstractions, e.g.CORBA, DCOM, Jini, Java RMI

• MFT: Master ﬁle table NTFS’s system of indexing ﬁles on a disk partition.

• Multicast: An IP message sent from a host to a number of other hosts A

multicast is typically used to distribute multimedia (video streams etc.) to anumber of subscribers

• NAT: Network address translator A device which translates concealed, private

IP addresses into public IP addresses NAT allows an organization to havemultiple distinct internal hosts appear as a smaller number of hosts to theInternet at large, as well as to hide the structure of the organization’s internalnetwork

• NDS: Novell Directory Services.

• NIS: Network Information Services (Sun Microsystems’ yellow pages service).

• Open source: A software ‘trademark’ for software whose source ﬁles are made

available to users This is similar to the idea of Free Software, but it does notnecessarily license users the ability to use and distribute the software withcomplete freedom See http://www.OpenSource.com

Trang 25

APPENDIX D GLOSSARY 595

• Open standards: Inter-operability standards that are published freely and

adopted as industry standards

• Open systems: A concept promoted originally by Sun Microsystems for Unix.

It is about software systems being compatible through the use of freelyavailable standards Competitors are not prevented from knowing how toimplement and include a technology in their products or from selling it underlicense

• PC: An Intel-based personal computer, used by a single user.

• PID: Process identity number.

• Point to point: A direct physical cable from one location to another, with

no routing required Protocols and transport mechanisms for such links areespecially important in Wide Area Networks, where a point to point link mightcross an ocean or half a country

• Proprietary systems: The opposite of open systems These systems are secret

and the details of their operation are not disclosed to competitors

• RAID: Redundant array of inexpensive (sometimes cited as independent)

disks A disk array with automatic redundancy and error correction RAID

6 can tolerate 2 disk failures, and RAID 0,1 (though not an ofﬁcial RAIDclassiﬁcation) can tolerate one or more concurrent disk failures, depending

on which disks go

• RDN: Relative Distinguished Name (X.500).

• SASL: Simple Authentication and Security Layer See RFC 2222.

• SCSI: Small Computer Systems Interface Used mainly for disks on multiuser

systems and musical instruments

• Server: A process (a daemon) which implements a particular service Services

can be local to one host, or net-wide

• Server-host: The host on which a server process runs This is often

abbrevi-ated simply to ‘server’, causing much confusion

• SID: Security identity number (NT).

• SIMM: Memory chip arrays See also DIMM.

• SMS: Short Message Service, a method of sending text messages that are up

to 160 characters long, usually by mobile (cell) phone

• SNMP: Simple Network Management Protocol, an application-layer protocol

from the IETF for retrieving and setting simple conﬁguration variables onnetwork hardware

• Spooﬁng: Impersonation, faking, posing as a false identity.

Trang 26

596 APPENDIX D GLOSSARY

• SSL: Secure socket layer A security wrapper which makes use of

public-private key encryption in order to create a virtual public-private network link (VPN)between two hosts The SSL, developed by Netscape, has become the standardfor secure communication

• Striping: A way of spreading data over several disk controllers to increase

throughput Striping can be dangerous on disk failure, since ﬁles are storedover several disks, meaning that if one disk fails, all data are lost

• Superuser: The root or Administrator or privileged user account.

• SVR4: System 5 release 4 Unix AT&T’s code release.

• TLD: Top Level Domain This is the topmost level of domain name resolution,

e.g .org, com, net, or country domains like uk or no

• TLS: Transport Layer Security (version 3 of SSL) See RFC 2246.

• TTL: Time to live or Transistor–Transistor Logic.

• UID: User identity number (Unix).

• Unicast: An IP message sent from a single host to another single host.

Contrast this to a multicast, anycast and broadcast

• Unqualiﬁed name: See FQHN.

• URL: Uniform resource locator A network ‘ﬁlename’ including the name of

the host on which the resource resides and the network service (port number)which provides it

• Vendor: A company which sells hardware or software This is common

Amer-ican parlance for a manufacturer or supplier

• Workstation: A desktop computer which might be used by several users.

Workstations can be based on, for example, SPARC (Sun Microsystems) orAlpha (Digital/Compaq) chip sets

• X11: The Unix windows system.

Trang 27

Appendix E

Recommended reading

1 The Practice of System Administration, T Limoncelli and C Hogan, Addison

Wesley, 2002

2 Unix System Administration Handbook, E Nemeth, G Synder, S Seebass

and T.R Hein, Prentice Hall, 2001

3 Essential System Administration, Æ Frisch, O’Reilly & Assoc, 2002.

4 Windows NT: User Administration, A.J Meggitt and T.D Ritchey, O’Reilly &

Assoc, 1997

5 Computer Networks, A Systems Approach, Second Edition, L.L Peterson and

B.S Davie, Morgan Kaufman, 2000

6 Computer Networks, 4th edition, A.S Tannenbaum, Prentice Hall, 2003.

7 Data Communications and Networking, 2nd edition, B.A Forouzan,

McGraw-Hill, 2001

8 DNS and BIND, Paul Albitz and Cricket Liu, O’Reilly & Assoc, 1992.

9 Sendmail Performance Tuning, N Christenson, Addison Wesley, 2002.

10 The Unix Programming Environment, Brian W Kernighan and Rob Pike,

Prentice Hall, 1984

11 The Hacker Crackdown, B Sterling Bantam, 1992.

12 Computer Security: Art and Science, M Bishop, Addison-Wesley, 2002.

13 Building Internet Firewalls, 2nd edition, D.B Chapman and E.D Zwicky,

O’Reilly & Assoc

Trang 29

[1] J Abbate User account administration at project athena Proceedings of the Large Installation System Administration Workshop (USENIX Association: Berkeley, CA, 1987), page 28, 1987.

[2] J Abbey The group administration shell and the gash network computing

environment Proceedings of the Eighth Systems Administration Conference (LISA VIII) (USENIX Association: Berkeley, CA), page 191, 1994.

[3] H Abdu, H Lutﬁya, and M Bauer A model for adaptive monitoring ﬁgurations Proceedings of the VI IFIP/IEEE IM Conference on Network Management, page 371, 1999.

con-[4] System administration and network security organization http://www.sans.org

[5] Imtiaz Ahmad and Muhammed K Dhodhi Multiprocessor scheduling in a

genetic paradigm Parallel Computing, 22:395–406, 1996.

[6] R Albert and A Barab ´asi Statistical mechanics of complex networks Rev Mod Phys, 74, 2002.

[7] P Albitz and C Liu DNS and BIND O’Reilley & Assoc., California, 1992 [8] D Alter Electronic mail gone wild Proceedings of the Large Installation System Administration Workshop (USENIX Association: Berkeley, CA, 1987),

page 24, 1987

[9] E Anderson and D Patterson Extensible, scalable monitoring for clusters

of computers Proceedings of the Eleventh Systems Administration Conference (LISA XI) (USENIX Association: Berkeley, CA), page 9, 1997.

[10] P Anderson Managing program binaries in a heterogeneous unix network

Proceedings of the Fifth Large Installation Systems Administration Conference (LISA V) (USENIX Association: Berkeley, CA), page 1, 1991.

[11] P Anderson Effective use of personal workstation disks in an nfs network

Proceedings of the Sixth Systems Administration Conference (LISA VI) (USENIX Association: Berkeley, CA), page 1, 1992.

[12] P Anderson Towards a high level machine conﬁguration system ings of the Eighth Systems Administration Conference (LISA VIII) (USENIX Association: Berkeley, CA), page 19, 1994.

Trang 30

Proceed-600 BIBLIOGRAPHY

[13] S.P Anderson, J.K Goeree, and C.A Holt Stochastic game theory: ment to equilibrium under noisy directional learning Working paper, University of Virginia, 1999.

Adjust-[14] G.M Jones and S.M Romig Cloning customized hosts (or customizing

cloned hosts) Proceedings of the Fifth Large Installation Systems tration Conference (LISA V) (USENIX Association: Berkeley, CA), page 233,

Adminis-1991

[15] S.P Schaefer and S.R Vemulakonda newu: Multi-host user setup ceedings of the Fourth Large Installation System Administrator’s Conference (LISA IV) (USENIX Association: Berkeley, CA, 1990), page 23, 1990.

Pro-[16] J Apisdort, K Claffy, K Thompson, and R Wilder Oc3mon: Flexible,

affordable, high performance statistics collection Proceedings of the Tenth Systems Administration Conference (LISA X) (USENIX Association: Berkeley, CA), page 97, 1996.

[17] R Apthorpe A probabilistic approach to estimating computer system

relia-bility Proceedings of the Fifteenth Systems Administration Conference (LISA XV) (USENIX Association: Berkeley, CA), page 31, 2001.

[18] B Archer Towards a posix standard for software administration ings of the Seventh Systems Administration Conference (LISA VII) (USENIX Association: Berkeley, CA), page 67, 1993.

Proceed-[19] B Arnold If you’ve seen one unix, you’ve seen them all Proceedings of the Fifth Large Installation Systems Administration Conference (LISA V) (USENIX Association: Berkeley, CA), page 11, 1991.

[20] B Arnold Accountworks: users create accounts on sql, notes, nt and unix

Proceedings of the Twelfth Systems Administration Conference (LISA XII) (USENIX Association: Berkeley, CA), page 49, 1998.

[21] E Arnold and C Ruff Conﬁguration control and management Proceedings

of the Fifth Large Installation Systems Administration Conference (LISA V) (USENIX Association: Berkeley, CA), page 195, 1991.

[22] SAGE/Usenix association http://www.usenix.org.

[23] ATM Asychronous transfer mode http://www.atmforum.com.

[24] AT&T Virtual network computing http://www.uk.research.att.com/vnc [25] A.L Barab ´asi Linked (Perseus, Cambridge, MA), 2002.

[26] M.R Barber Increased server availability and ﬂexibility through failover

capability Proceedings of the Eleventh Systems Administration Conference (LISA XI) (USENIX Association: Berkeley, CA), page 89, 1997.

[27] J Becker-Berlin Software synchronization at the federal judicial center ceedings of the Large Installation System Administration Workshop (USENIX Association: Berkeley, CA, 1987), page 12, 1987.

Trang 31

[33] J Brandts and C.A Holt Naive bayesian learning and adjustment to

equi-librium in signaling games Working paper, University of Virginia, 1995.

[34] A.M Breipohl Probabilistic Systems Analysis. J Wiley & Sons, NewYork, 1970

[35] D.R Brownbridge and L.F Marshall The newcastle connection or unixes

of the world unite Software Practice and Experience, 12:1147, 1982.

[36] M Buchanan Nexus: Small Worlds and the Groundbreaking Science of Networks W.W.Norton & Co., New York, 2002.

[37] P Bumbulis, D Cowan, E Gigu`ere, and T Stepien Integrating unix within

a microcomputer oriented development environment Proceedings of the Fifth Large Installation Systems Administration Conference (LISA V) (USENIX Association: Berkeley, CA), page 29, 1991.

[38] M Burgess Cfengine www site http://www.iu.hio.no/cfengine.

[39] M Burgess Talk at the cern hepix meeting, France 1994

[40] M Burgess Lecture notes http://www.iu.hio.no/ mark/lectures, 1995 [41] M Burgess A site conﬁguration engine Computing Systems MIT Press:

Cambridge, MA, 8:309, 1995

[42] M Burgess Automated system administration with feedback regulation

Software Practice and Experience, 28:1519, 1998.

[43] M Burgess Cfengine as a component of computer immune-systems

Proceedings of the Norwegian Conference on Informatics, 1998.

[44] M Burgess Computer immunology Proceedings of the Twelfth Systems Administration Conference (LISA XII) (USENIX Association: Berkeley, CA),

page 283, 1998

[45] M Burgess Managing os security with cfengine ;login:, 1999.

Trang 32

602 BIBLIOGRAPHY

[46] M Burgess The kinematics of distributed computer transactions

International Journal of Modern Physics, C12:759–789, 2000.

[47] M Burgess On the theory of system administration Submitted to Science

of Computer Programming, 2000.

[48] M Burgess Theoretical system administration Proceedings of the teenth Systems Administration Conference (LISA XIV) (USENIX Association: Berkeley, CA), page 1, 2000.

Four-[49] M Burgess Cfengine’s immunity model of evolving conﬁguration

management Submitted to Science of Computer Programming, 2002.

[50] M Burgess Two dimensional time-series for anomaly detection and

regulation in adaptive systems IFIP/IEEE 13th International Workshop on Distributed Systems: Operations and Management (DSOM 2002), page 169,

2002

[51] M Burgess A rational approach to the predictability of quality of servicefor service level agreements IFIP/IEEE 14th International Workshop on Distributed Systems: Operations and Management (DSOM 2003), 2003 [52] M Burgess Theory of Network and System Administration J Wiley & Sons,

Chichester, 2004

[53] M Burgess and G Canright Scalability of peer conﬁguration management

in partially reliable and ad hoc networks Proceedings of the VII IFIP/IEEE

IM Conference on Network Management, page 293, 2003.

[54] M Burgess, H Haugerud, T Reitan, and S Straumsnes Measuring host

normality ACM Transactions on Computing Systems, 20:125–160, 2001.

[55] M Burgess and R Ralston Distributed resource administration using

cfengine Software Practice and Experience, 27:1083, 1997.

[56] M Burgess and F.E Sandnes Predictable conﬁguration management in a

randomized scheduling framework IFIP/IEEE 12th International Workshop

on Distributed Systems: Operations and Management (DSOM 2001), page

293, 2001

[57] Linux Capabilities Linux privs project http://www.kernel.org/pub/linux/ libs/security/linux-privs.

[58] S Carter Standards and guidelines for unix workstation installations

Proceedings of the Workshop on Large Installation Systems Administration (USENIX Association: Berkeley, CA), page 51, 1988.

[59] J Case, M Fedor, M Schoffstall, and J Davin The simple network

management protocol RFC1155, STD 16, 1990.

[60] R Chahley Next generation planning tool Proceedings of the Large Installation System Administration Workshop (USENIX Association: Berkeley, CA), page 19, 1987.

Định dạng
Số trang	64
Dung lượng	421,33 KB