Using CGI for Unix System Administration
Reader Please Note: As far as I know the information
in this document is accurate, if you find any errors, have any comments,
additions, or just have questions, please feel free to contact me at
billetter@NetworkTechnologist.Com
Introduction
CGI - Common Gateway Interface is a technique that allows web pages to run
programs or scripts. It was designed to allow for dynamic web pages.
This allows for the creation of web pages that provide real time information
that can change - such as a clock or calculator. Of course it is used
in much more complicated applications as well, such as connecting web pages
with databases.
For the purposes of this article, I will focus on the use of CGI programming
for system administrator applications. In particular this article will
show how CGI can run on a Linux server and provide real time status information
from a web page on any client in the enterprise. I use this technique
for my non unix aware users who need to get information from a unix server,
such as uptime or firewall statistics.
Program Design
For the purposes of this article lets assume that we have a Linux server
that is connected to the Internet. In reality, it may be serving as
a router, firewall and proxy server. We would like to be able to do
the following:
- Check the error log - /var/log/messages
- Get a report of Apache web server errors - /var/log/httpd/error_log
- Check some basic Linux server statistics such as how long the system
has been up, the number of users using the system and the % disk space being
used.
Using CGI requires that we have a web server. For this article we
will assume that we are using the Apache Web Server that is freely available
and runs under Linux. We will also assume that our Linux server
is using the ipchains firewall capability built into Linux.
The program itself will consist of a main web page, which we will call admin.html.
This web page will provide links to 3 cgi programs, that each will perform
one of our desired tasks. Since what we want to do is essentially run
unix commands, we will use the Linux /bin/sh shell scripting language as
our cgi language. Note: PERL is the most common cgi programming
language, but in reality many languages can be used for cgi. Shell scripting
is the most logical choice for this simple example.
The 3 additional programs that will be required will be called sh-messages.cgi,
sh-error-log.cgi and sh-df.cgi. sh-messages will display the contents
of the Linux /var/adm/messages. The sh-error-log.cgi will display the
contents of the Apache web server error log as a web page. The sh-df.cgi
will run the necessary unix commands to determine how long the system has
been up, how many users are using it and how much free disk space there is,
again displayed as a web page.
Because of the prevalence of web technology, this server administration
tool will be able to on virtually any client in the enterprise. This
greatly improves the power of the tools that we can use and develop ourselves
for unix system administration.
Writing admin.html web page
The admin.html web page is a very simple static page that will call the
dynamic cgi shell scripts. It must display some basic information along
with links to each script. The user only needs to click on the link
to run the corresponding cgi shell script. Here is the code to do this:
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/transitional.dtd">
<html>
<head>
<title>Administration of the Firewall Server</title>
</head>
<body>
<h1>Administration of the Firewall Server</h1>
<p>
<b>Please choose one of the following:</b><br />
<br />
<a href="http://localhost/cgi-bin/sh-messages.cgi">
<b>View the Messages Log</b></a><br />
<a href="http://localhost/cgi-bin/sh-error_log.cgi">
<b>View the Apache Server Error Log</b></a><br />
<a href="http://localhost/cgi-bin/sh-df.cgi">
<b>View Disk Usage Statistics</b></a><br />
</p>
</body>
</html>
This simple web page has the standard DOCTYPE statement. Followed
by the standard html page format of <html>, <head>, <title>
and<body>. The page itself displays a heading followed by a simple
list of links. Clicking on each link will run the associated cgi program.
Note that all the programs are located in the cgi-bin directory of the
webserver. This is done for security reasons since this directory will
be able to execute code on the server, we want to limit it to a single directory
and carefully control it's contents.
Writing the sh-messages.cgi script
The sh-messages.cgi program will display the contents of the /var/adm/messages
file on the screen. This can easily be accomplished by the unix "cat" command.
As a matter of fact the cgi program is not much more complicated than
that. Here is the code:
#!/bin/sh
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Messages Log File - from Shell
Script</title></head><body>"
echo "<h1>Contents of /var/log/messages file</h1>"
cat /var/log/messages
echo "</pre><br />"
echo "<a href="http://localhost/admin.html"><b>Return to Admin
Menu</b></a>
echo "<hr /><address>This page was dynamically generated by
the firewall server
on"
date
echo "</address>"
echo "</body></html>"
As you can see the file is nothing more than unix commands, primarily the
echo command. The echo command writes to standard output. Since
this is a program that was actually called by a web browser, the web browser
becomes the source of standard input and the destination of standard output.
Therefore the echo statements are sent to the web browser. The
first echo statement informs the web browser that it is going to be receiving
text which is actually html. Next the web page is built.
The very first line of the cgi program is the shebang indicating that the
language being used for this program is the Linux shell /bin/sh. After
the web page is built with the standard elements <html>, <head>,
<title>, <body> and the heading, the actual unix command "cat"
is executed. The <pre> tags are used so that the white space in
the output of the cat command will not be ignored. The messages log
should be expected to scroll off the screen, but the browser will allow the
user to use the scroll bars to view the entire file.
Finally at the end of the page is a footer block with a link back to the
main administration page. The footer indicates the date and time that
the page was constructed, thereby emphasizing the dynamic aspect of the cgi
program.
Writing the sh-error-log.cgi script
#!/bin/sh
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Apache Error Log File - from Shell
Script</title></head><body>"
echo "<h1>Contents of the Apache Error Log File</h1>"
echo "<pre>"
cat /var/log/httpd/error_log
echo "</pre><br />"
echo "<a href="http://localhost/admin.html"><b>Return to Admin
Menu</b></a>"
echo "<hr /><address>This page was dynamically generated by
the firewall server
on"
date
echo "</address>"
echo "</body></html>"
echo "<a href="http://localhost/admin.html"><b>Return to Admin
Menu</b></a>"
echo "</body></html>"
This script is very similar to the sh-messages.cgi script. The only
difference is the unix shell script command that is issued. In the
particular command the cat command is applied to the /var/log/httpd/error_log
log file. No further explanation is necessary.
Writing the sh-df.cgi script
This script will perform two unix shell commands. The first command
uptime will report how long the systems has been up and how many users are
using the system. The second command - df will report on the filesystem
utilization for each mounted filesystem. Here is the script:
#!/bin/sh
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Firewall Server Administration
Information</title></head><body>"
echo "<h1 align='center'>Firewall Server Administration Information</h1>"
echo "<h2>Server Up Time Statistics</h2>"
echo "<pre>"
uptime
echo "</pre><br />"
echo "<h2>Server Disk Utilization</h2>"
echo "<pre>"
df -H
echo "</pre><br />"
echo "<a href="http://localhost/admin.html"><b>Return to Admin
Menu</b></a>"
echo "<hr /><address>This page was dynamically generated by the
firewall server
on"
date
echo "</address>"
echo "</body></html>"
Again, the script is virtually identical to the other cgi scripts in structure.
The main difference is rather than issuing the unix "cat" command,
the df -H command and the uptime command are issued. Other than that,
this script follows the same format.
Summary
This article has shown how to create a web page on a unix server that will
upon request provide the results of unix commands. These results can
be displayed on any web browser, making the possibility of getting
important system adminstration information from any client the network easy
to do. Not only that, using the Internet and vpn (virtual private networks)
technology this technique can allow the adminstrator to monitor remote sites
and servers.
Please be careful before implementing these ideas. CGI scripting, especially
over the internet must be carefully written to avoid security problems. It
is beyond the scope of this article to discuss the specifics of CGI security,
especially today with the constant increase in the sophistication of hacking
tools. Please research this subject before putting this technique on
a server that could be comprimised. Feel free to contact me at the
above email address, or keep checking this site for updated information on
CGI programming and security.
Most any unix commands can be run from the CGI environment. As a matter
of fact, I use this same technique to provide my customers using ADSL to
access the internet via a unix router to get real time disconnect statistics
from any browser on their network. This very simple concept can provide
some very powerful results.
Copyright Bill Etter 2002 all rights reserved
Last Revised August 30, 2002
For more information, contact
billetter@networktechnologist.com
http://www.networktechnologist.com/sysadmin/admincgi.htm