DNS Tools

I've put together some scripts that make creating or checking a glut of DNS entries a whole lot easier.  They're not perfect by any means, but you can feel free to modify them to do whatever you want.  It's just a simple framework that accomplished what I needed at the time.

digger    This utility, based on the BIND tool dig, allows you to compile a list of IP addresses that you want to check against a list of nameservers.  It's very useful for checking DNS propagation as well as proper reverse DNS configuration.  This script is very flexible, accepting command-line arguments as well as working interactively.  I've commented the code extensively, so you know what it's doing when it's doing it.  Please note that you must have dig installed and in your path for this script to work.

make-rev-dns   As the name indicates, this script makes reverse DNS entries.  It works using a source file that has the IP address and host tab-delimited like this:

10.1.1.1    server1
10.1.1.2    server2
10.1.1.3    server3

This is very useful if you have a large hosts file on a Windows or Unix computer and want to create reverse DNS for it (for later use with a DNS server).  Files are created in the format named.rev.xx.yy.zz where xx is the first octet, yy is the second octet, and zz is the third octet (in dotted-decimal notation).  If I get around to it, I'll stick something in there so you hardcore DNS guys can have the files named "in-addr.arpa."  Why anyone would want that, I'm not really sure, but I'll think about putting it in.  If you want, you can take a look at the sample file I put together to give you an idea of how it works.  It's currently designed to be used in conjunction with the named-creator utility on this page.

named-creator    For those times when you just need to create a named.conf using a list of networks.  If your network is 10.1.1.1, this script will take a text file with the networks in 10.1.1 format or 1.1.10 format (as long as you tell it what kind of input it's getting).  Really useful for large networks.  

Also has a great feature for generating conf files for master/slave environments and allows you to specify master server if you select slave mode.  Modify as you wish.  There's a modification in there (you have to comment/uncomment as you see fit) for dealing with regions/subdomains.  No, it's not pretty.  If you have the time to modify it to work properly, let me know.  I'd love to keep these tools alive.  Here's the sample file in forward format.  This tool works well with the make-rev-dns tool, also on this page.

Security Tools

md5check    This script, based on the freeware MD5 tool, allows you to compare the MD5 checksums of files.  Simple create a list of files for which you want to store the MD5 checksums and run the script.  Later, if you suspect that someone has tampered with the files, run the script again with the same file list and you will be notified of mismatches.  This can be *very* useful in helping to determine if a root kit or trojan has overwritten some of your system files by comparing checksums of known good files against the suspicious files.  This utility can be useful for correlating a system crash with a system modification (provided that you keep up to date on your checksum files).  This script is currently interactive, so you can't cron it (yet).  If I get the time, I will make it non-interactive so you can keep a running (or someone else can make the modifications and send it back to me).  Here is the source for the script; here is a tarball with a sample file list.  You can get the MD5 utility at http://www.sunfreeware.com or on this website (SPARC/Solaris 2.6 or SPARC/Solaris 8).  Please keep in mind, though, that I don't update mine regularly.

User Tools

adduser    If you don't run a NIS or NIS+ environment, you've probably found yourself faced with the nightmare of attempting to maintain accounts on multiple machines.  In large environments, this can be quite cumbersome.  I've worked in environments with 50-60 UNIX servers without a mechanism to remotely add users to all of the servers.  Thus, this tool was born.  It utilizes htpasswd (if you have it) to create an encrypted password for a user and adds that user account/password to a list of servers.  Since it utilizes rsh/rlogin, you'll need to make sure that the server that hosts this utility is allowed to rsh into the other servers.  The server list is a simple, plaintext list of target servers/IP addresses (one entry per line) that you want to add a user to.  I've bundled it with its companion, deluser, which allows you to remove a specific user account (and home directory) from a list of servers.  Get the bundle here.

deluser    Just as adduser allows you to add a user to a list of servers, deluser gives you the ability to remove a user (and their home directories, if you wish) from a list of servers.

htpasswd    If you don't have Apache installed, you probably don't have htpasswd.  Download this to be able to generate the encrypted passwords for the shadow password file.  Alternately, you can go to http://www.apache.org and get the latest version of Apache.