Mark's Linux PPP Scripts
------------------------
These scripts were developed under RedHat Linux and may need to be modified
for use with other distributions or other unixes.  The scripts were based
on some very simple code contributed by an unknown author.  These scripts
are provided "As is" and all responsibility for their use is assumed by
the user.  Copyright Mark A. Martin 1999.

Introduction
------------
The scripts provided here establish or shut down a PPP connection from
a Linux (System V UNIX) machine.  They also reconfigure an Apache web
server running on the local host to allow connections based on the
assigned IP address or hostname of the local machine.

Scripts:

	ppp-on        - establishes a PPP connection
	ppp-off       - terminates a PPP connection
	pingd         - keep-alive daemon based on ping
	update_name   - reconfigures web server to reflect network
                        with PPP connection established
        restore_hosts - restores /etc/hosts to local network configuration
        rstore_name   - reconfigures web server for local network

Requirements
------------
These scripts assume a System V configuration such as in RedHat Linux.
They also assume that you are running the Apache web server, version 1.2
or 1.3.

Installation
------------
1. Check to make sure that the first lines of all scripts contain the
   correct paths to bash and perl.  Typing "which bash" and "which perl"
   to determine the correct paths.

2. Edit the variables at the top of ppp-on to reflect the correct phone
   number, device, lock directory, and IP address.  An IP address of 0.0.0.0
   means that the remote host will assign the IP address.  You will probably
   only have to change the phone number and the ping target. The ping target
   is the IP address of the machine that the ping daemon will ping to keep
   the connection alive.  A good ping target might be the remote name server.

3. Edit the variable $host at the top of restore_name so that it contains
   the name of the local machine when the ppp connection is not established.

4. Make sure that the scripts have the correct owner, group, and
   permissions.  I recommend that the scripts be owned by root with group
   root, all permissions for the owner, and read-only or no permissions
   for the group and others.  Commands that will make these changes are

	chown root:root *
	chmod 700 *		# No permission for group or others.
	chmod 744 *		# Read permission for group and others.

   These commands should be executed from a root shell.

   Alternatively, the scripts can be made SUID to allow non-root users
   to execute them.  There are other ways of accomplishing this too.

5. Move the scripts to the correct locations.  I recommend the following
   locations:

   	ppp-on, ppp-off, restore_hosts, pingd - /usr/sbin
        update_names, restore_names           - /etc/httpd/conf

   The scripts assume that you are running the Apache web server with
   configuration files located in /etc/httpd/conf and start-up/shut-down
   script /etc/rc.d/init.d/httpd.

   If you want to run the scripts in different locations, edit the variables
   at the tops of the scripts to reflect the desired locations.  The main
   PPP control scripts ppp-on and ppp-off can be run from anywhere without
   editing if the other scripts are put in the recommended locations.

Security Notes:

1. If the system has multiple users, you may not want to allow non-root users
   to read the scripts.

2. It is more secure to only allow root to execute the scripts.  Therefore,
   it is better if the scripts are not SUID.  If you do not know how to
   configure the system to allow others to execute the scripts, it is likely
   that you don't understand the security ramifications either.  That is
   why I'm not supplying details on how to do this.

3. The scripts use the full paths of commands to help prevent trojan horse
   attacks.  This reduces the portability of the scripts and means that
   the paths may need to be modified before using the scripts on your
   system.

More information on computer security may be found in the O'Reilly books on
computer security or many places on the web.

Using the Scripts
-----------------
Connecting:

1. With your modem hardware correctly connected, execute ppp-on from a root
   shell.  If the script does not run, make sure that the script is in your
   path or that the command line specifies the path to the script and that
   you have execute permission for the script.

2. The script will prompt you for the user name and password required for
   authentication.

3. The script displays intermediate status information as it executes.

Disconnecting:

1. Execute ppp-off from a root shell.

2. Status information is displayed as the script executes.

It should be possible to make the scripts SUID to allow execution under other
user names.  This should be done with care to avoid introducing security
problems.

To Do
-----
1. The connection script ppp-on doesn't check "chat" output for common
   error conditions such as NO DIALTONE, BUSY, or incorrect user names or
   passwords and therefore cannot alert the user to these problems.  I intend
   to utilize the report capabilities of "chat" to remedy this deficiency.

2. The auxiliary scripts update_name, restore_name, and restore_hosts should
   be integrated into ppp-on and ppp-off as functions.  This may mean
   rewriting ppp-on and ppp-off in perl.

3. Create an installation script.

Author
------
Comments or suggestions to

	Mark A. Martin
	mmartin@amath.washington.edu
	http://www.amath.washington.edu/~mmartin
