Solved

Shutdown script

Posted on 2006-06-12
13
927 Views
Last Modified: 2008-01-09
Ok ... Here is the scenario.

In cisco devices, using the IOS, it is possible to setup the device to reboot after a specified time (usually minutes). I would like to implement the same feature in Linux. I know what command to use. But I would like to run a script exactly before the computer restarts.

Basically, I would like to play with iptables. However, I am doing it remotely. So I am running the risk of locking down the remote access to the box. Thus, it would be nice to have this feature implemented ...

In practice it would work like that:

1. Save current iptables config
2. Set the feature ON (reload after x minutes)
3. Make my changes; play with the config; ...
4. If the box becomes inaccessible, it would restart after x minutes. Yet, on restart, it would copy the old iptables config so that the box become available after restart

I believe this is possible ... at least, everyone says Linux is so flexible ... I'm a rookie when it comes to Linux. However, you can use any technical details you think apropriate ... check my profile if in doubt of what I can do ;)

I am using CentOS with GUI loaded. But I am starting to enjoy the command line. So, if you could provide two separate solutins, even better.




Thanks,
Rafael
0
Comment
Question by:rafael_acc
  • 6
  • 5
13 Comments
 
LVL 16

Accepted Solution

by:
Blaz earned 500 total points
ID: 16891816
You could do a iptables restore and restart only iptables if iptables is your concern. You don't have to reboot the entire machine.

You could implement this feature using cron (or at) jobs and I can even think of two variants:

1. There is a cron job that is running every x minutes. If a certain condition is met it initializes the iptables rules and restarts. The condition could be if a certain file is older than 10 minutes and turning the feature on would be touching this file.

2. You use a one time "at" script.
$> at now + 10 minutes
at> /sbin/iptables-restore < saved-rules.conf
at> /etc/init.d/iptables restart
at> Ctrl + D
0
 
LVL 11

Author Comment

by:rafael_acc
ID: 16892210
hmm ... I'll try that ... If it works, I'll give the points. However, it would be nice to implement the way Iwanted at the begening. It could be useful ...

Cheers
0
 
LVL 16

Expert Comment

by:Blaz
ID: 16892252
Well instead of
at> /etc/init.d/iptables restart

you could do

at> /sbin/shutdown -r now

That is pretty much what you wanted.

Actually if you have configured that you load a saved iptables config (the backup config) from disk every time the system restarts, you could do a simple:
$> /sbin/shutdown -r +10 &
This will reboot the machine in 10 minutes if you won't cancel the shutdown with:
$> /sbin/shutdown -c
0
 
LVL 11

Author Comment

by:rafael_acc
ID: 16892303
How can I copy the original config from the backup if the remote access gets locked??

cheers
0
 
LVL 16

Expert Comment

by:Blaz
ID: 16892352
Usually you have an iptables rules file on the disk. Every time the computer is restarted this file is read and iptables rules are applied - otherwise the system would start up with blank iptables rules. As long as you don't change the rules in this file the computer will start from previous configuration.

For example the file is /etc/iptables.rules

When you want to apply a rule do:
/sbin/iptables -A INPUT -p tpc --dport 22 -j DROP

This rule will not be saved in the /etc/iptables.rules file ie when the system restarts this rule will not be there. You must save the rule manually with
/sbin/iptables-save > /etc/iptables.rules

0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 11

Author Comment

by:rafael_acc
ID: 16892424
oooh ... that was really helpful ... cool! so i can just make any experiments I like ...
i'll try that ...

Yet ... it would be nice to be able to run a script exactly before shutdown. Can't this be done???

Rafael
0
 
LVL 16

Expert Comment

by:Blaz
ID: 16892455
> Yet ... it would be nice to be able to run a script exactly before shutdown.

What do you mean by that? Isn't this solved with:
$> at now + 10 minutes
at> script_before_shutdown.sh
at> /sbin/shutdown -r now
at> Ctrl + D
0
 
LVL 11

Author Comment

by:rafael_acc
ID: 16892468
more or less ... In this case, I have to run this commands everytime ... To be more precise ... In windows for instance, if you want a shutdown script to run everytime a shutdown is performed, it can be easily achieved. I woudln't have to write eveytime a set of commands to do it ... I would just make the configuration once.


cheers
0
 
LVL 16

Expert Comment

by:Blaz
ID: 16892545
Ah, you want a command to execute EVERY time a shudown occurs? Why didn't you say so ;-).

You should probably look into run levels. Reboot is run level 6 and in that run level scripts in /etc/rc.d/rc6.d/ are run. You could probably add a script that will execute before reboot.
0
 
LVL 11

Author Comment

by:rafael_acc
ID: 16892561
well ... As I said before, I'm a begineer ... I'm looking for a more or less  complete solution. I looked into run-levels but it raises even more questions in my head. And I don't have much time now to look further until I understand Linux completely.... Since all this issues are somehow related, I guess I will have to do that in time ...

So your answer, the way it is (from your last post) doesn't really help  much - sorry! It is like "How do you read the time? Answer: you look at the watch and read it" - if you know what I mean ...



Cheers
0
 
LVL 11

Author Comment

by:rafael_acc
ID: 16892562
begineer in linux ... I had to add
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now