[1] | 1 | #!/bin/sh
|
---|
| 2 |
|
---|
| 3 | YULERC="/etc/yulerc"
|
---|
| 4 | YULEDIR="/var/lib/yule"
|
---|
| 5 | YULELOG="/var/log/yule/yule_log"
|
---|
| 6 | YULEUSER="yule"
|
---|
| 7 | YULEGROUP="yule"
|
---|
| 8 | YULERESTART="/sbin/service yule restart"
|
---|
| 9 |
|
---|
| 10 | deploybin="/usr/local/sbin/deploy.sh"
|
---|
| 11 |
|
---|
| 12 | # this is used for creating hosts only
|
---|
| 13 | # (to check if this is a valid host)
|
---|
| 14 | # if you uncomment it, this check will not be performed
|
---|
| 15 | FORCEDOMAIN="yourdomain.net"
|
---|
| 16 |
|
---|
| 17 | action_dbclear="/usr/local/sbin/samhain.clearhost"
|
---|
| 18 |
|
---|
| 19 |
|
---|
| 20 | geth() {
|
---|
| 21 | unset HLIST
|
---|
| 22 | unset FQHLIST
|
---|
| 23 |
|
---|
| 24 | for file in $(ls ${YULEDIR}/file* | egrep -v ".bak$" | egrep -v ".log$" | \
|
---|
| 25 | egrep -v ".mgmt$" | egrep -v ".old$" | egrep -v ".sav$" ) ; do
|
---|
| 26 | # strip path
|
---|
| 27 | fn=$(basename ${file})
|
---|
| 28 | # strip leading "file."
|
---|
| 29 | fqhn=${fn#file.}
|
---|
| 30 | # strip trailing domain
|
---|
| 31 | hn=${fqhn%%.*}
|
---|
| 32 | # write results to two arrays
|
---|
| 33 | FQHLIST[${#FQHLIST[*]}]=$fqhn
|
---|
| 34 | HLIST[${#HLIST[*]}]=$hn
|
---|
| 35 | done
|
---|
| 36 |
|
---|
| 37 | # get the length of the two arrays
|
---|
| 38 | hlistlen=${#HLIST[*]}
|
---|
| 39 | fqhlistlen=${#FQHLIST[*]}
|
---|
| 40 |
|
---|
| 41 | # run until a valid selection is made
|
---|
| 42 | while [ 1 ] ; do
|
---|
| 43 | clear
|
---|
| 44 | echo "HOST LIST SELECTION"
|
---|
| 45 | echo
|
---|
| 46 |
|
---|
| 47 | # loop through array, print echo each host
|
---|
| 48 | arrpos=0
|
---|
| 49 | while [ ${arrpos} -lt ${hlistlen} ] ; do
|
---|
| 50 | echo -e "$((${arrpos}+1)).\t${HLIST[${arrpos}]}"
|
---|
| 51 | arrpos=$((${arrpos}+1))
|
---|
| 52 | done
|
---|
| 53 |
|
---|
| 54 | echo
|
---|
| 55 | echo -n "Please select a host (q to quit): "
|
---|
| 56 |
|
---|
| 57 | read hostsel
|
---|
| 58 |
|
---|
| 59 | if [ "${hostsel}" = "q" ] ; then
|
---|
| 60 | exit
|
---|
| 61 | fi
|
---|
| 62 |
|
---|
| 63 | isnum=$(echo ${hostsel} | egrep "^[[:digit:]]*$")
|
---|
| 64 | if [ "${isnum}" ] ; then
|
---|
| 65 | if [ ${hostsel} -gt 0 -a ${hostsel} -lt $((${hlistlen}+1)) ]
|
---|
| 66 | then
|
---|
| 67 | hostsel=$((${hostsel}-1))
|
---|
| 68 | break
|
---|
| 69 | fi
|
---|
| 70 | fi
|
---|
| 71 | done
|
---|
| 72 | }
|
---|
| 73 |
|
---|
| 74 |
|
---|
| 75 | getprof() {
|
---|
| 76 | unset PLIST
|
---|
| 77 | for entry in $(find ${YULEDIR}/profiles -type d -maxdepth 1) ; do
|
---|
| 78 | entry=$(basename ${entry})
|
---|
| 79 | if [ ! "${entry}" = "src" -a ! "${entry}" = "profiles" ] ; then
|
---|
| 80 | PLIST[${#PLIST[*]}]=${entry}
|
---|
| 81 | fi
|
---|
| 82 | done
|
---|
| 83 |
|
---|
| 84 | # array length
|
---|
| 85 | plistlen=${#PLIST[*]}
|
---|
| 86 | }
|
---|
| 87 |
|
---|
| 88 |
|
---|
| 89 |
|
---|
| 90 |
|
---|
| 91 | cleardb() {
|
---|
| 92 | # clear the SQL database
|
---|
| 93 | geth
|
---|
| 94 | (
|
---|
| 95 | echo "Clearing database for ${HLIST[${hostsel}]}:"
|
---|
| 96 | ${action_dbclear} ${HLIST[${hostsel}]} 2>&1 && \
|
---|
| 97 | echo "exit 0"
|
---|
| 98 | ) | less
|
---|
| 99 | }
|
---|
| 100 |
|
---|
| 101 |
|
---|
| 102 |
|
---|
| 103 | # re-init part
|
---|
| 104 | rrinit() {
|
---|
| 105 |
|
---|
| 106 | geth
|
---|
| 107 |
|
---|
| 108 | if [ ! -f ${YULEDIR}/file.${FQHLIST[${hostsel}]} ] ; then
|
---|
| 109 | echo "File ${YULEDIR}/file.${FQHLIST[${hostsel}]} does not exist. Exiting."
|
---|
| 110 | exit 42
|
---|
| 111 | fi
|
---|
| 112 |
|
---|
| 113 | if [ ! -f ${YULEDIR}/rc.${FQHLIST[${hostsel}]} ] ; then
|
---|
| 114 | echo "File ${YULEDIR}/rc.${FQHLIST[${hostsel}]} does not exist. Exiting."
|
---|
| 115 | exit 42
|
---|
| 116 | fi
|
---|
| 117 |
|
---|
| 118 | echo "Please see the yule log if you really want to reinit the samhain database."
|
---|
| 119 | echo "This is a really ugly XML file. Better get out of here ..."
|
---|
| 120 | echo -n "Press ENTER to continue. "
|
---|
| 121 | read forgetthisone
|
---|
| 122 |
|
---|
| 123 |
|
---|
| 124 | while [ 1 ] ; do
|
---|
| 125 | grep "remote_host=\"${HLIST[${hostsel}]}\"" ${YULELOG} | less
|
---|
| 126 |
|
---|
| 127 | echo -n "Now that you've seen this: do you still want to continue? (y) (q to quit): "
|
---|
| 128 | read goforit
|
---|
| 129 |
|
---|
| 130 | if [ "${goforit}" = "q" ] ; then
|
---|
| 131 | exit
|
---|
| 132 | fi
|
---|
| 133 |
|
---|
| 134 | if [ "${goforit}" = "y" ] ; then
|
---|
| 135 | break
|
---|
| 136 | fi
|
---|
| 137 | done
|
---|
| 138 |
|
---|
| 139 |
|
---|
| 140 | # Clean the database
|
---|
| 141 | echo "Clearing database for ${HLIST[${hostsel}]}:"
|
---|
| 142 | ${action_dbclear} ${HLIST[${hostsel}]} 2>&1 && echo "exit 0"
|
---|
| 143 |
|
---|
| 144 |
|
---|
| 145 | # now run remotely
|
---|
| 146 | # this code is _really_ funny ... :)
|
---|
| 147 | ssh -x root@${FQHLIST[${hostsel}]} \
|
---|
| 148 | 'if [ ! -d /samhain-deploy ] ; then \
|
---|
| 149 | mkdir /samhain-deploy ; \
|
---|
| 150 | fi ; \
|
---|
| 151 | if [ -f /samhain-deploy/sh_database ] ; then \
|
---|
| 152 | rm -f /samhain-deploy/sh_database ; \
|
---|
| 153 | fi ; \
|
---|
| 154 | if [ -x /usr/bin/monit -a "$(/usr/bin/monit status | grep samhain)" ] ; then \
|
---|
| 155 | monit stop samhain && sleep 5 ; \
|
---|
| 156 | elif [ -x /etc/init.d/samhain ] ; then \
|
---|
| 157 | /etc/init.d/samhain stop ; \
|
---|
| 158 | elif [ -x /etc/rc.d/init.d/samhain ] ; then \
|
---|
| 159 | /etc/rc.d/init.d/samhain stop ;
|
---|
| 160 | else \
|
---|
| 161 | kill $(cat /var/run/samhain.pid) ; \
|
---|
| 162 | fi ; \
|
---|
| 163 | /sbin/samhain -t init '
|
---|
| 164 | echo -n -e '\a' ; sleep 1
|
---|
| 165 | echo -n -e '\a' ; sleep 1
|
---|
| 166 | echo -n -e '\a' ; sleep 1
|
---|
| 167 | echo -n -e '\a' ; sleep 1
|
---|
| 168 | echo -n -e '\a'
|
---|
| 169 |
|
---|
| 170 | # backup old database
|
---|
| 171 | cp ${YULEDIR}/file.${FQHLIST[${hostsel}]} ${YULEDIR}/file.${FQHLIST[${hostsel}]}.mgmt
|
---|
| 172 |
|
---|
| 173 | # get the new database
|
---|
| 174 | scp root@${FQHLIST[${hostsel}]}:/samhain-deploy/sh_database \
|
---|
| 175 | ${YULEDIR}/file.${FQHLIST[${hostsel}]} && \
|
---|
| 176 | chown ${YULEUSER}:${YULEGROUP} ${YULEDIR}/file.${FQHLIST[${hostsel}]} && \
|
---|
| 177 | chmod 600 ${YULEDIR}/file.${FQHLIST[${hostsel}]}
|
---|
| 178 | echo -n -e '\a' ; sleep 1
|
---|
| 179 | echo -n -e '\a' ; sleep 1
|
---|
| 180 | echo -n -e '\a' ; sleep 1
|
---|
| 181 | echo -n -e '\a' ; sleep 1
|
---|
| 182 | echo -n -e '\a'
|
---|
| 183 |
|
---|
| 184 | while [ 1 ] ; do
|
---|
| 185 | echo
|
---|
| 186 | echo -n "Do you want to start the remote samhain client now? (y/n/q) "
|
---|
| 187 | read remotestart
|
---|
| 188 |
|
---|
| 189 | if [ "${remotestart}" = "q" ] ; then
|
---|
| 190 | exit
|
---|
| 191 | fi
|
---|
| 192 |
|
---|
| 193 | if [ "${remotestart}" = "y" -o "${remotestart}" = "n" ] ; then
|
---|
| 194 | break
|
---|
| 195 | fi
|
---|
| 196 | done
|
---|
| 197 |
|
---|
| 198 | if [ "${remotestart}" = "y" ] ; then
|
---|
| 199 | # restart samhain on remote host
|
---|
| 200 | ssh -x root@${FQHLIST[${hostsel}]} \
|
---|
| 201 | 'if [ -f /samhain-deploy/sh_database ] ; then \
|
---|
| 202 | rm -f /samhain-deploy/sh_database ; \
|
---|
| 203 | fi ; \
|
---|
| 204 | if [ -x /usr/bin/monit -a "$(/usr/bin/monit status | grep samhain)" ] ; then \
|
---|
| 205 | monit start samhain ; \
|
---|
| 206 | elif [ -x /etc/init.d/samhain ] ; then \
|
---|
| 207 | /etc/init.d/samhain start ; \
|
---|
| 208 | elif [ -x /etc/rc.d/init.d/samhain ] ; then \
|
---|
| 209 | /etc/rc.d/init.d/samhain start ;
|
---|
| 210 | else \
|
---|
| 211 | echo "Do not know how to start samhain." ; \
|
---|
| 212 | fi'
|
---|
| 213 | echo -n -e '\a' ; sleep 1
|
---|
| 214 | echo -n -e '\a' ; sleep 1
|
---|
| 215 | echo -n -e '\a' ; sleep 1
|
---|
| 216 | echo -n -e '\a' ; sleep 1
|
---|
| 217 | echo -n -e '\a'
|
---|
| 218 |
|
---|
| 219 | echo "done"
|
---|
| 220 | fi
|
---|
| 221 | }
|
---|
| 222 |
|
---|
| 223 |
|
---|
| 224 | # add a new host
|
---|
| 225 | addnewhost() {
|
---|
| 226 | getprof
|
---|
| 227 |
|
---|
| 228 | while [ 1 ] ; do
|
---|
| 229 | clear
|
---|
| 230 | echo "PROFILE SELECTION"
|
---|
| 231 | echo
|
---|
| 232 |
|
---|
| 233 | # loop through array, print echo each host
|
---|
| 234 | arrpos=0
|
---|
| 235 | while [ ${arrpos} -lt ${plistlen} ] ; do
|
---|
| 236 | echo -e "$((${arrpos}+1)).\t${PLIST[${arrpos}]}"
|
---|
| 237 | arrpos=$((${arrpos}+1))
|
---|
| 238 | done
|
---|
| 239 |
|
---|
| 240 | echo
|
---|
| 241 | echo -n "Please select a profile (q to quit): "
|
---|
| 242 |
|
---|
| 243 | read psel
|
---|
| 244 |
|
---|
| 245 | if [ "${psel}" = "p" ] ; then
|
---|
| 246 | exit
|
---|
| 247 | fi
|
---|
| 248 |
|
---|
| 249 | if [ ${psel} -gt 0 -a ${psel} -lt $((${plistlen}+1)) ] ; then
|
---|
| 250 | psel=$((${psel}-1))
|
---|
| 251 | break
|
---|
| 252 | fi
|
---|
| 253 | done
|
---|
| 254 |
|
---|
| 255 | while [ 1 ] ; do
|
---|
| 256 | echo
|
---|
| 257 | echo -n "Enter a fully qualified host name: "
|
---|
| 258 | read newhost
|
---|
| 259 | foundpoint=$(echo ${newhost} | egrep "\.")
|
---|
| 260 | if [ "${foundpoint}" ] ; then
|
---|
| 261 | break
|
---|
| 262 | else
|
---|
| 263 | echo "Dude, a FQHN please!"
|
---|
| 264 | continue
|
---|
| 265 | fi
|
---|
| 266 | if [ "${FORCEDOMAIN}" ] ; then
|
---|
| 267 | if [ "$(echo ${newhost} | egrep \"\.${FORCEDOMAIN}$\")" ] ; then
|
---|
| 268 | break
|
---|
| 269 | else
|
---|
| 270 | echo "Host must be in domain ${FORCEDOMAIN}"
|
---|
| 271 | continue
|
---|
| 272 | fi
|
---|
| 273 | fi
|
---|
| 274 | done
|
---|
| 275 |
|
---|
| 276 |
|
---|
| 277 | while [ 1 ] ; do
|
---|
| 278 | echo "You are going to run the following command:"
|
---|
| 279 | echo "${deploybin} --remote-host=${newhost} --build-OS=${PLIST[${psel}]} --clients=${YULERC}"
|
---|
| 280 | echo -n "Continue? (y/n/q) "
|
---|
| 281 | read pconf
|
---|
| 282 |
|
---|
| 283 | if [ "${pconf}" = "q" ] ; then
|
---|
| 284 | exit
|
---|
| 285 | fi
|
---|
| 286 |
|
---|
| 287 | if [ "${pconf}" = "y" -o "${pconf}" = "n" ] ; then
|
---|
| 288 | break
|
---|
| 289 | fi
|
---|
| 290 | done
|
---|
| 291 |
|
---|
| 292 | if [ ${pconf} = "y" ] ; then
|
---|
| 293 | ${deploybin} --remote-host=${newhost} --build-OS=${PLIST[${psel}]} --clients=${YULERC}
|
---|
| 294 |
|
---|
| 295 |
|
---|
| 296 | chown ${YULEUSER}:${YULEGROUP} ${YULEDIR}/file.${newhost} ${YULEDIR}/rc.${newhost}
|
---|
| 297 |
|
---|
| 298 | while [ 1 ] ; do
|
---|
| 299 | echo
|
---|
| 300 | echo "Yule has to be restarted before the client is started."
|
---|
| 301 | echo -n "Do you want to restart yule now? (y|n) "
|
---|
| 302 | read yulerestart
|
---|
| 303 |
|
---|
| 304 | if [ "${yulerestart}" = "y" -o "${yulerestart}" = "n" ] ; then
|
---|
| 305 | break
|
---|
| 306 | fi
|
---|
| 307 | done
|
---|
| 308 |
|
---|
| 309 | if [ "${yulerestart}" = "y" ] ; then
|
---|
| 310 | eval ${YULERESTART}
|
---|
| 311 | fi
|
---|
| 312 |
|
---|
| 313 |
|
---|
| 314 | while [ 1 ] ; do
|
---|
| 315 | echo
|
---|
| 316 | echo -n "Do you want to start the remote samhain client now? (y|n) "
|
---|
| 317 | read startsam
|
---|
| 318 | if [ "${startsam}" = "y" -o "${startsam}" = "n" ] ; then
|
---|
| 319 | break
|
---|
| 320 | fi
|
---|
| 321 | done
|
---|
| 322 |
|
---|
| 323 |
|
---|
| 324 | if [ "${startsam}" = "y" ] ; then
|
---|
| 325 |
|
---|
| 326 | echo "x${newhost}x"
|
---|
| 327 |
|
---|
| 328 | ssh -x root@${newhost} \
|
---|
| 329 | 'if [ -f /var/run/samhain.pid ] ; then \
|
---|
| 330 | if [ -x /usr/bin/monit -a "$(/usr/bin/monit status | grep samhain)" ] ; then \
|
---|
| 331 | monit stop samhain && sleep 5 ; \
|
---|
| 332 | elif [ -x /etc/init.d/samhain ] ; then \
|
---|
| 333 | /etc/init.d/samhain stop ; \
|
---|
| 334 | elif [ -x /etc/rc.d/init.d/samhain ] ; then \
|
---|
| 335 | /etc/rc.d/init.d/samhain stop ;
|
---|
| 336 | else \
|
---|
| 337 | kill $(cat /var/run/samhain.pid) ; \
|
---|
| 338 | fi ; \
|
---|
| 339 | fi ; \
|
---|
| 340 | if [ -x /usr/bin/monit -a "$(/usr/bin/monit status | grep samhain)" ] ; then \
|
---|
| 341 | monit start samhain ; \
|
---|
| 342 | elif [ -x /etc/init.d/samhain ] ; then \
|
---|
| 343 | /etc/init.d/samhain start ; \
|
---|
| 344 | elif [ -x /etc/rc.d/init.d/samhain ] ; then \
|
---|
| 345 | /etc/rc.d/init.d/samhain start ;
|
---|
| 346 | else \
|
---|
| 347 | echo "Do not know how to start samhain." ; \
|
---|
| 348 | fi'
|
---|
| 349 | echo -n -e '\a' ; sleep 1
|
---|
| 350 | echo -n -e '\a' ; sleep 1
|
---|
| 351 | echo -n -e '\a' ; sleep 1
|
---|
| 352 | echo -n -e '\a' ; sleep 1
|
---|
| 353 | echo -n -e '\a'
|
---|
| 354 | fi
|
---|
| 355 | fi
|
---|
| 356 |
|
---|
| 357 |
|
---|
| 358 | }
|
---|
| 359 |
|
---|
| 360 |
|
---|
| 361 |
|
---|
| 362 |
|
---|
| 363 | # run until a valid selection is made
|
---|
| 364 | while [ 1 ] ; do
|
---|
| 365 | clear
|
---|
| 366 |
|
---|
| 367 | echo "SELECT ACTION"
|
---|
| 368 | echo
|
---|
| 369 |
|
---|
| 370 | echo -e "1.\tOnly clear log entries in SQL database"
|
---|
| 371 | echo -e "2.\tReinitialize host database"
|
---|
| 372 | echo -e "3.\tAdd a new host"
|
---|
| 373 | echo
|
---|
| 374 | echo -n "Select an action (q to quit): "
|
---|
| 375 |
|
---|
| 376 | read action
|
---|
| 377 |
|
---|
| 378 | if [ "${action}" = "q" ] ; then
|
---|
| 379 | exit
|
---|
| 380 | fi
|
---|
| 381 |
|
---|
| 382 | if [ "${action}" = "1" ] ; then
|
---|
| 383 | cleardb
|
---|
| 384 | fi
|
---|
| 385 |
|
---|
| 386 | if [ "${action}" = "2" ] ; then
|
---|
| 387 | rrinit
|
---|
| 388 | fi
|
---|
| 389 |
|
---|
| 390 | if [ "${action}" = "3" ] ; then
|
---|
| 391 | addnewhost
|
---|
| 392 | fi
|
---|
| 393 |
|
---|
| 394 | done
|
---|
| 395 |
|
---|
| 396 |
|
---|
| 397 |
|
---|
| 398 |
|
---|