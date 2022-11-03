When teenage me found out that I could get paid to mess around on Linux, becoming a sysadmin instantly became my dream. And at 18, a tech company in Florida made that dream a reality.

They even paid me to relocate there. I couldn’t believe it.

However, that was over a decade ago. Also, after only working there for a few months, I became a Perl developer (RIP). So to test my skills, every time I need to do a sysadmin-y task on the command line, I’ll try it without Google and record my results here.

Am I still a console cowboy?

Hunting down file users

First task: given the name of a file, print every unique process id and name that has that file open.

Easy peasy! List open files with lsof , then grep for the filename we want, use awk to get the fields with the name and process id, and then sort and uniq to remove duplicates!

lsof | grep $FILENAME | awk '{ print $2 $1 }' | sort | uniq

Okay, that was really easy. Out of curiosity, I wonder how lsof actually finds out what files are open. Apparently (based on lsof.c) it gets the process ID and then looks in /proc/$PID/fd/ which contains files representing like, sockets open between processes and files?

I’m home now and my Linux laptop is broken, so I’m stuck on MacOS right now or else I’d investigate. Which makes me wonder, how does this work on MacOS, which doesn’t have /proc and relies on sysctl for most of the things /proc usually does. I tried reading the source code for lsof by Vic Abell but I gave up. Sigh.

DDoS quick fix

Second task: ban any IP address with more than 5 current connections right now.

This one was a huge failure.

Some internal servers were making a ton of requests to another one in the network. I didn’t know exactly which servers, and as an emergency measure, I decided to just temporarily ban connections from IPs which currently had a ton of connections open.

I was in a big rush here so I did Google and found this ServerFault answer. Then I added a regex to only get hosts with over 10 current connections:

netstat -n | awk '/^tcp/ {print $4}' | awk -F: '{print $1}' | sort | uniq -c | sort -n | egrep "^ 5"

So, pretty lame. From there I manually banned the IPs that showed up using ufw. I’m including this one so you can see what failure looks like. Sorry!

Is my dir big?

Third task: Calculate the size of a directory and its contents

Oh, I got this one, 4096! Just kidding. To explain, a Unix directory doesn’t know the combined sizes of everything in it. In real life I was in too much of a rush to do this with Bash, but I still wanted to try it without Googling anything, so I whipped up a quick Python script: (note, looks like substack isn’t respecting indentation in code for some reason, sorry)

#!/usr/bin/python3

import os

import sys

def dir_size(dir, recursive=True):

size = 0

for entry in os.listdir(dir):

entry_path = os.path.join(dir, entry)



if os.path.isdir(entry_path):

size += dir_size(entry_path, recursive)

else:

size += os.path.getsize(entry_path)



return size



print(dir_size(sys.argv[-1]))

Now I’m home and will try it without Python… first I’ll use the find command to get all of the files in the current directory, and subdirectories, and so on. The find command handles the recursion for me! We’ll get files only with the -type f argument (I know directories also have a size I should be counting, this is a bug in my Python script as well. But for the task I was doing it didn’t matter, so I’m ignoring it).

Then we can get the size using the -ls option, whose second output field is the size in bytes, so we now have find $DIR -type f -ls | awk ‘{ print $2 }’

Now I just need the sum of the output… Hmm. Actually, checking the man page for find, this won’t work! The -ls option gives me the sizein 512 byte blocks, whereas I need actual bytes. So I’ll just pipe it to ls -l instead. That looks like this:

SUM=0;

for i in $(find test/ -type f | xargs ls -l | awk '{ print $5 }');

do

SUM=`echo $SUM+$i \

| bc`;

done;

echo $SUM

This is so bad lol. Anyway, let’s make sure the results come out the same:

$ ./recur_size.py test

842132

$ SUM=0; for i in $(find test/ -type f | xargs ls -l | awk '{ print $5 }'); do SUM=`echo $SUM+$i | bc`; done; echo $SUM

842132

Okay, I guess it worked! Oh, by the way, I iteratively sum the commands by adding the sizes to a SUM variable with the bc command. This is particularly grotesque to me, even as someone who is super hacky in Bash. I think it would be a lot more elegant if there was a sum command that took took a stream of input and returned the sum.

So I added a sum command to my PATH that does this:

use std::io::{self, BufRead};

fn main() {

let stdin = io::stdin();

let sum: u32 = stdin

.lock()

.lines()

.map(|line| -> u32 {

let num: u32 = line.unwrap().parse().unwrap_or(0);

num

}).sum();

println!("{}", sum);

}

Not perfect (hello, negative numbers!) but it’s something I want. If you would do it better, make a PR here please: git.lain.church/logan/sum

Appreciate it!

This makes the previous Bash code look like this:

$ find test/ -type f | xargs ls -l | awk '{ print $5 }' | sum

842132

Ah, that’s so much nicer. Anyone who’s actually good is probably vomiting at it, but it’s progress haha. Oh, and in doing so, I’ve replaced the actual sum command, which does something I don’t care about. Maybe some important system things will depend on the sum command as provided by the shell PATH. I hope not, because I’m just gonna do this and pray.

Phew, all done! The week is over.

What I learned

Bash involves gluing together commands a lot using intermediaries like grep, xargs, awk, shell expansion, and so on. I think there’s a lot of room for better such intermediaries to be created which would drastically improve the ergonomics of the command line.

Maybe PowerShell cares about this? I have no idea. Maybe the CLI just doesn’t matter enough these days. But all in all, I was impressed with how much I remember from over a decade ago, and how easily everything came back to me. Even if my solutions were “bad” by sysadmin standards, I got the results I wanted with no need to Google, or even much struggle along the way.

More importantly, I learned that I’m a terrible sysadmin who knows nothing of the systems I’m operating. Which are all just recreational systems I’m using for fun, but still. It would be more fun to not suck! Feel free to leave a comment here on the blog teaching me more intelligent ways I could have solved these problems.