recently asked members to submit their favorite Network Administration scripts
for possible publication. One of the first to make a submission was John A. Sullivan III. For his effort, John
earned $100 and the satisfaction of seeing his script published on TechRepublic.

Earn $100 for your admin script

Let us pay
you for your original scripts so that we can publish them as downloads on
TechRepublic and allow your fellow IT professionals to benefit from your
scripting savvy. We only ask that you put in the appropriate comments to your
scripts so that it’s easy to tell what the script is doing and which variables
might need to be customized. Send us your original UNIX/Linux
admin scripts
and we’ll pay you $100
for each one that we publish as a TechRepublic download.

John A. Sullivan’s script in his own words

In the open
source ISCS network
security management project
, we wish to restrict access control on an IPSec VPN tunnel. In other words, when a remote user
connects, the iptables
firewall rules are dynamically altered based upon the users DN in their X.509 certificate. When Road Warriors
connect to the openswan
gateway, we run a modified up-down script named X509updown
(Listing A):
which we
have included. That (script), in turn, calls the main script, DNRead, (Listing B):
which takes the DN and CA information,
compares it to a text file of access group membership named DNList and automatically creates
rules for the traffic on this tunnel to allow or deny packets based upon the
DN. It uses the ISCS model of firewalling but can
easily be adapted to other models. DNRead.comments
(Listing C):
is the
same DNRead
script but with annotations.