|
From: <ki...@us...> - 2009-10-31 20:57:22
|
Revision: 7864
http://syscheck.svn.sourceforge.net/syscheck/?rev=7864&view=rev
Author: kinneh
Date: 2009-10-31 20:57:12 +0000 (Sat, 31 Oct 2009)
Log Message:
-----------
#15 new script to create db user at localhost only
Added Paths:
-----------
trunk/syscheck/config/815.conf
trunk/syscheck/config/815.english
trunk/syscheck/database-replication/815-create-mysql-ejbca-user-db-user-localhost-only.sh
Added: trunk/syscheck/config/815.english
===================================================================
--- trunk/syscheck/config/815.english (rev 0)
+++ trunk/syscheck/config/815.english 2009-10-31 20:57:12 UTC (rev 7864)
@@ -0,0 +1,10 @@
+HELP="grants access to the ejbca user from localhost only"
+
+LEVEL_1=$INFO
+DESCR_1="access rules inserted into mysql db ok"
+HELP_1="no action is needed"
+
+LEVEL_2=$INFO
+DESCR_2="failed to insert access rules into mysql db"
+HELP_2="run the script with sh -x $0 -s to find out more info"
+
Added: trunk/syscheck/database-replication/815-create-mysql-ejbca-user-db-user-localhost-only.sh
===================================================================
--- trunk/syscheck/database-replication/815-create-mysql-ejbca-user-db-user-localhost-only.sh (rev 0)
+++ trunk/syscheck/database-replication/815-create-mysql-ejbca-user-db-user-localhost-only.sh 2009-10-31 20:57:12 UTC (rev 7864)
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+#Scripts that creates replication privilegdes for the slave db to the master.
+
+# Set default home if not already set.
+SYSCHECK_HOME=${SYSCHECK_HOME:-"/usr/local/syscheck"}
+
+## Import common definitions ##
+. $SYSCHECK_HOME/resources.sh
+
+SCRIPTID=815
+getlangfiles $SCRIPTID || exit 1;
+getconfig $SCRIPTID || exit 1;
+
+ERRNO_1="${SCRIPTID}1"
+ERRNO_2="${SCRIPTID}2"
+
+schelp () {
+ echo "$HELP"
+ echo "$ERRNO_1/$DESCR_1 - $HELP_1"
+ echo "$ERRNO_2/$DESCR_2 - $HELP_2"
+ echo "${SCREEN_HELP}"
+ exit
+}
+
+
+PRINTTOSCREEN=1
+
+if [ "x$1" = "x-h" -o "x$1" = "x--help" ] ; then
+ schelp
+elif [ "x$1" = "x-s" -o "x$1" = "x--screen" -o \
+ "x$2" = "x-s" -o "x$2" = "x--screen" ] ; then
+ PRINTTOSCREEN=1
+fi
+
+
+OUTFILE="$CLUSTERSCRIPT_HOME/tmp_create-ejbca-mysql-user.sql"
+
+echo "GRANT ALL ON ejbca.* to '$DB_USER'@'localhost' IDENTIFIED BY '${DB_PASSWORD}';" > $OUTFILE
+echo "select * from user where user like '%${DB_USER}%'" >> $OUTFILE
+
+echo "Will now insert these sql:"
+cat $OUTFILE
+
+$MYSQL_BIN mysql -u root --password="$MYSQLROOT_PASSWORD" < $OUTFILE
+if [ $? -eq 0 ] ; then
+ printlogmess $LEVEL_1 $ERRNO_1 "$DESCR_1"
+else
+ printlogmess $LEVEL_2 $ERRNO_2 "$DESCR_2"
+fi
+
+rm $OUTFILE
Property changes on: trunk/syscheck/database-replication/815-create-mysql-ejbca-user-db-user-localhost-only.sh
___________________________________________________________________
Added: svn:executable
+ *
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ki...@us...> - 2009-12-16 21:25:17
|
Revision: 7876
http://syscheck.svn.sourceforge.net/syscheck/?rev=7876&view=rev
Author: kinneh
Date: 2009-12-16 21:25:04 +0000 (Wed, 16 Dec 2009)
Log Message:
-----------
#19 - new script to support configure(lesser) crl publishing
Added Paths:
-----------
trunk/syscheck/config/925.conf
trunk/syscheck/lang/925.english
trunk/syscheck/related-available/925_publish_crl_from_file.sh
Added: trunk/syscheck/config/925.conf
===================================================================
--- trunk/syscheck/config/925.conf (rev 0)
+++ trunk/syscheck/config/925.conf 2009-12-16 21:25:04 UTC (rev 7876)
@@ -0,0 +1,24 @@
+# config for 905_publish_crl.sh
+
+
+VERIFY_HOST[0]=localhost
+CRLTO_DIR[0]='/srv/www/crl/'
+SSHUSER[0]=
+SSHKEY[0]=
+
+VERIFY_HOST[1]=localhost
+CRLTO_DIR[1]='/srv/www/crl/'
+SSHUSER[1]=
+SSHKEY[1]=
+
+VERIFY_HOST[2]=localhost
+CRLTO_DIR[2]='/srv/www/crl/'
+SSHUSER[2]=
+SSHKEY[2]=
+
+VERIFY_HOST[3]=localhost
+CRLTO_DIR[3]='/srv/www/crl/'
+SSHUSER[3]=
+SSHKEY[3]=
+
+### end config ###
Added: trunk/syscheck/lang/925.english
===================================================================
--- trunk/syscheck/lang/925.english (rev 0)
+++ trunk/syscheck/lang/925.english 2009-12-16 21:25:04 UTC (rev 7876)
@@ -0,0 +1,10 @@
+HELP="Publish a CRL from file, ie you need to call this script with the file on disc\n$0: -c <file>|--crlfile=<file>"
+DESCR_1="Publish crl run successfully"
+HELP_1="ok"
+DESCR_2="no input file found"
+HELP_2="supply file as argument to this script"
+DESCR_3="Publish certificate failed, cant read file (%s)"
+HELP_3="verify the file is in place and with proper permissions before executing this script"
+DESCR_4="scp script failed"
+HELP_4="check the log for messages about the transfer"
+
Added: trunk/syscheck/related-available/925_publish_crl_from_file.sh
===================================================================
--- trunk/syscheck/related-available/925_publish_crl_from_file.sh (rev 0)
+++ trunk/syscheck/related-available/925_publish_crl_from_file.sh 2009-12-16 21:25:04 UTC (rev 7876)
@@ -0,0 +1,91 @@
+#!/bin/bash
+
+# The script fetches a crl from the ca and scp the crl to a webserver.
+# Change $HTTPSERVER, $SSHUSER and $SSHSERVER_DIR. Define the crl's and the servers in the end.
+# Usage:
+# get example.crl # This gets the crl from the CA server.
+# put 192.168.10.10 # This sends the crl to the webserver.
+
+# source env vars from system that dont get included when running from cron
+
+SYSCHECK_HOME=${SYSCHECK_HOME:-"/usr/local/syscheck"}
+
+# Import common resources
+. $SYSCHECK_HOME/resources.sh
+
+
+## local definitions ##
+SCRIPTID=925
+getlangfiles $SCRIPTID
+getconfig $SCRIPTID
+
+ERRNO_1=${SCRIPTID}1
+ERRNO_2=${SCRIPTID}2
+ERRNO_3=${SCRIPTID}3
+
+
+if [ "x$1" = "x--help" -o "x$1" = "x-h" ] ; then
+ /bin/echo -e "$HELP"
+ echo
+ echo "$ERRNO_1/$DESCR_1 - $HELP_1"
+ echo "$ERRNO_2/$DESCR_2 - $HELP_2"
+ echo "$ERRNO_3/$DESCR_3 - $HELP_3"
+ echo "$0 <-s|--screen>"
+ exit
+elif [ "x$1" = "x-s" -o "x$1" = "x--screen" ] ; then
+ PRINTTOSCREEN=1
+fi
+
+
+TEMP=`/usr/bin/getopt --options "hsc:" --long "help,screen,crlfile:" -- "$@"`
+if [ $? != 0 ] ; then help ; fi
+eval set -- "$TEMP"
+
+while true; do
+ case "$1" in
+ -c|--crlfile ) CRLFILE=$2; shift 2;;
+ -s|--screen ) PRINTTOSCREEN=1; shift;;
+ -b|--batch ) BATCH=1; shift;;
+ -h|--help ) schelp;shift;;
+ --) break ;;
+ esac
+done
+
+
+if [ "x${CRLFILE}" = "x" ] ; then
+ printlogmess $ERROR $ERRNO_2 "$DESCR_2"
+ exit
+fi
+
+
+if [ ! -r ${CRLFILE} ] ; then
+ printlogmess $ERROR $ERRNO_3 "$DESCR_3" ${CRLFILE}
+ exit
+fi
+
+
+put () {
+
+ CRLHOST=$1
+ CRLFILE=$2
+ SSHSERVER_DIR=$3
+ SSHKEY=$4
+ SSHUSER=$5
+
+ $SYSCHECK_HOME/related-enabled/906_ssh-copy-to-remote-machine.sh -s $CRLFILE $CRLHOST $SSHSERVER_DIR $SSHUSER $SSHKEY
+ if [ $? != 0 ] ; then
+ printlogmess $ERROR $ERRNO_4 "$DESCR_4" $CRLHOST $CRLFILE
+ else
+ printlogmess $INFO $ERRNO_1 "$DESCR_1" $CRLHOST $CRLFILE
+ fi
+}
+
+
+for (( i=0; i < ${#VERIFY_HOST[@]} ; i++ )){
+
+ put ${VERIFY_HOST[$i]} "${CRLFILE}" ${CRLTO_DIR[$i]} ${SSHKEY[$i]} ${SSHUSER[$i]}
+
+}
+
+
+
Property changes on: trunk/syscheck/related-available/925_publish_crl_from_file.sh
___________________________________________________________________
Added: svn:executable
+ *
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ki...@us...> - 2010-06-04 09:19:07
|
Revision: 7883
http://syscheck.svn.sourceforge.net/syscheck/?rev=7883&view=rev
Author: kinneh
Date: 2010-06-04 09:19:01 +0000 (Fri, 04 Jun 2010)
Log Message:
-----------
Closes #23 SSH_USER can't find "ifconfig"
moves the local network-tools configs from 911 to common so sc28 also can use them.
Modified Paths:
--------------
trunk/syscheck/config/911.conf
trunk/syscheck/config/common.conf
trunk/syscheck/related-available/911_activate_VIP.sh
trunk/syscheck/scripts-available/sc_28_check_vip.sh
Modified: trunk/syscheck/config/911.conf
===================================================================
--- trunk/syscheck/config/911.conf 2010-06-04 09:03:11 UTC (rev 7882)
+++ trunk/syscheck/config/911.conf 2010-06-04 09:19:01 UTC (rev 7883)
@@ -1,10 +1,4 @@
### config 911_activate_VIP.sh
-ROUTE=/sbin/route
-IP=/sbin/ip
-IFCONFIG=/sbin/ifconfig
-IP_GATEWAY=`$ROUTE -n | awk '/0.0.0.0/'| awk '{print $2}' |awk '!/0.0.0.0/'`
-PING=/bin/ping
+# uses common.conf path:s
-# uses HOSTNAME_VIRTUAL NETMASK_VIRTUAL IF_VIRTUAL from resorses.sh
-
Modified: trunk/syscheck/config/common.conf
===================================================================
--- trunk/syscheck/config/common.conf 2010-06-04 09:03:11 UTC (rev 7882)
+++ trunk/syscheck/config/common.conf 2010-06-04 09:19:01 UTC (rev 7883)
@@ -102,7 +102,14 @@
#Path do ejbcascript directory
EJBCASCRIPT_HOME=$SYSCHECK_HOME/misc/ejbca
+# networking path:s
+IFCONFIG=/sbin/ifconfig
+ROUTE=/sbin/route
+IP=/sbin/ip
+PING=/bin/ping
+
+
#IP address or hostname to primary and secondary cluster nodes.
THIS_NODE=NODE2
# master node
Modified: trunk/syscheck/related-available/911_activate_VIP.sh
===================================================================
--- trunk/syscheck/related-available/911_activate_VIP.sh 2010-06-04 09:03:11 UTC (rev 7882)
+++ trunk/syscheck/related-available/911_activate_VIP.sh 2010-06-04 09:19:01 UTC (rev 7883)
@@ -36,7 +36,10 @@
shift
fi
+IP_GATEWAY=`$ROUTE -n | awk '/0.0.0.0/'| awk '{print $2}' |awk '!/0.0.0.0/'`
+
+
CHECK_VIP=`$IFCONFIG ${IF_VIRTUAL} | grep 'inet addr' | grep ${HOSTNAME_VIRTUAL}`
if [ "x${CHECK_VIP}" != "x" ] ; then
printlogmess $INFO $ERRNO_3 "$ACTVIP_DESCR_3"
Modified: trunk/syscheck/scripts-available/sc_28_check_vip.sh
===================================================================
--- trunk/syscheck/scripts-available/sc_28_check_vip.sh 2010-06-04 09:03:11 UTC (rev 7882)
+++ trunk/syscheck/scripts-available/sc_28_check_vip.sh 2010-06-04 09:19:01 UTC (rev 7883)
@@ -31,8 +31,8 @@
PRINTTOSCREEN=1
fi
-CHECK_VIP_NODE1=`${SYSCHECK_HOME}/related-enabled/915_remote_command_via_ssh.sh ${HOSTNAME_NODE1} "ifconfig | grep ${HOSTNAME_VIRTUAL}" ${SSH_USER} ${SSH_KEY} | awk '{print $2}' | sed 's/addr\://g'`
-CHECK_VIP_NODE2=`${SYSCHECK_HOME}/related-enabled/915_remote_command_via_ssh.sh ${HOSTNAME_NODE2} "ifconfig | grep ${HOSTNAME_VIRTUAL}" ${SSH_USER} ${SSH_KEY} | awk '{print $2}' | sed 's/addr\://g'`
+CHECK_VIP_NODE1=`${SYSCHECK_HOME}/related-enabled/915_remote_command_via_ssh.sh ${HOSTNAME_NODE1} "${IFCONFIG} | grep ${HOSTNAME_VIRTUAL}" ${SSH_USER} ${SSH_KEY} | awk '{print $2}' | sed 's/addr\://g'`
+CHECK_VIP_NODE2=`${SYSCHECK_HOME}/related-enabled/915_remote_command_via_ssh.sh ${HOSTNAME_NODE2} "${IFCONFIG} | grep ${HOSTNAME_VIRTUAL}" ${SSH_USER} ${SSH_KEY} | awk '{print $2}' | sed 's/addr\://g'`
if [ "$CHECK_VIP_NODE1" = "${HOSTNAME_VIRTUAL}" -a "$CHECK_VIP_NODE2" = "${HOSTNAME_VIRTUAL}" ] ; then
printlogmess $ERROR $ERRNO_3 "$CHECK_VIP_DESCR_3"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ki...@us...> - 2010-06-07 09:12:05
|
Revision: 7887
http://syscheck.svn.sourceforge.net/syscheck/?rev=7887&view=rev
Author: kinneh
Date: 2010-06-07 09:11:59 +0000 (Mon, 07 Jun 2010)
Log Message:
-----------
add missing configfiles
Modified Paths:
--------------
trunk/syscheck/lang/815.english
Added Paths:
-----------
trunk/syscheck/config/806.conf
trunk/syscheck/config/807.conf
trunk/syscheck/config/808.conf
trunk/syscheck/config/812.conf
trunk/syscheck/config/813.conf
trunk/syscheck/config/814.conf
Removed Paths:
-------------
trunk/syscheck/config/815.english
Added: trunk/syscheck/config/806.conf
===================================================================
Added: trunk/syscheck/config/807.conf
===================================================================
Added: trunk/syscheck/config/808.conf
===================================================================
Added: trunk/syscheck/config/812.conf
===================================================================
Added: trunk/syscheck/config/813.conf
===================================================================
Added: trunk/syscheck/config/814.conf
===================================================================
Deleted: trunk/syscheck/config/815.english
===================================================================
--- trunk/syscheck/config/815.english 2010-06-04 11:26:52 UTC (rev 7886)
+++ trunk/syscheck/config/815.english 2010-06-07 09:11:59 UTC (rev 7887)
@@ -1,10 +0,0 @@
-HELP="grants access to the ejbca user from localhost only"
-
-LEVEL_1=$INFO
-DESCR_1="access rules inserted into mysql db ok"
-HELP_1="no action is needed"
-
-LEVEL_2=$INFO
-DESCR_2="failed to insert access rules into mysql db"
-HELP_2="run the script with sh -x $0 -s to find out more info"
-
Modified: trunk/syscheck/lang/815.english
===================================================================
--- trunk/syscheck/lang/815.english 2010-06-04 11:26:52 UTC (rev 7886)
+++ trunk/syscheck/lang/815.english 2010-06-07 09:11:59 UTC (rev 7887)
@@ -1,4 +1,4 @@
-HELP="grants access to the ejbca user"
+HELP="grants access to the ejbca user from localhost only"
LEVEL_1=$INFO
DESCR_1="access rules inserted into mysql db ok"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ki...@us...> - 2010-06-14 08:31:25
|
Revision: 7895
http://syscheck.svn.sourceforge.net/syscheck/?rev=7895&view=rev
Author: kinneh
Date: 2010-06-14 08:31:18 +0000 (Mon, 14 Jun 2010)
Log Message:
-----------
updates to doc and change to common.conf
Modified Paths:
--------------
trunk/syscheck/database-replication/801-drop-existing-ejbca-db.sh
trunk/syscheck/doc/database_replication_and_failover.odt
trunk/syscheck/lib/release.sh
Modified: trunk/syscheck/database-replication/801-drop-existing-ejbca-db.sh
===================================================================
--- trunk/syscheck/database-replication/801-drop-existing-ejbca-db.sh 2010-06-09 10:39:47 UTC (rev 7894)
+++ trunk/syscheck/database-replication/801-drop-existing-ejbca-db.sh 2010-06-14 08:31:18 UTC (rev 7895)
@@ -41,7 +41,7 @@
echo "are you really sure you want to drop and replace the ejbca db on this host?"
-echo "enter 'im-really-sure' to continiue or ctrl-c to abort"
+echo "enter 'im-really-sure' without the '-' to continue or ctrl-c to abort"
read a
if [ "x$a" != "xim really sure" ] ; then
echo "ok probably wise choice, exiting"
Modified: trunk/syscheck/doc/database_replication_and_failover.odt
===================================================================
(Binary files differ)
Modified: trunk/syscheck/lib/release.sh
===================================================================
--- trunk/syscheck/lib/release.sh 2010-06-09 10:39:47 UTC (rev 7894)
+++ trunk/syscheck/lib/release.sh 2010-06-14 08:31:18 UTC (rev 7895)
@@ -22,7 +22,7 @@
svn export . ${PROGPATH}
-perl -pi -e "s/SYSCHECK_VERSION=.*/SYSCHECK_VERSION=${rel}/gi" ${PROGPATH}/resources.sh
+perl -pi -e "s/SYSCHECK_VERSION=.*/SYSCHECK_VERSION=${rel}/gi" ${PROGPATH}/config/common.conf
find ${PROGPATH} -name \*.sh -exec chmod 755 {} \;
find ${PROGPATH}/scripts-available/ -name \*.sh -exec chmod 755 {} \;
find ${PROGPATH}/scripts-enabled/ -name \*.sh -exec rm {} \;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ki...@us...> - 2010-10-06 18:42:41
|
Revision: 7902
http://syscheck.svn.sourceforge.net/syscheck/?rev=7902&view=rev
Author: kinneh
Date: 2010-10-06 18:42:34 +0000 (Wed, 06 Oct 2010)
Log Message:
-----------
Closes #31 add generic process check
Added Paths:
-----------
trunk/syscheck/config/30.conf
trunk/syscheck/lang/30.english
trunk/syscheck/scripts-available/sc_30_check_running_procs.sh
Added: trunk/syscheck/config/30.conf
===================================================================
--- trunk/syscheck/config/30.conf (rev 0)
+++ trunk/syscheck/config/30.conf 2010-10-06 18:42:34 UTC (rev 7902)
@@ -0,0 +1,31 @@
+# config for sc_30_check_running_procs.sh
+
+# set RESTARTCMD to empty if no automatic action is wanted
+
+PROCNAME[0]=apache2
+RESTARTCMD[0]="/etc/init.d/apache2 restart"
+PIDFILE[0]=/var/run/apache2.pid
+
+#
+PROCNAME[1]=ntpd
+RESTARTCMD[1]="/etc/init.d/ntp restart"
+PIDFILE[1]=/var/run/ntpd.pid
+
+#
+PROCNAME[2]=cupsd
+RESTARTCMD[2]="/etc/init.d/cups stop ; sleep 3 ; /etc/init.d/cups start"
+PIDFILE[2]=/var/run/cups/cupsd.pid
+
+
+#PROCNAME[3]=apache2
+#RESTARTCMD[3]="/etc/init.d/apache2 stop ; sleep 3 ; /etc/init.d/apache2 start"
+#PIDFILE[3]=/var/run/apache2.pid
+
+
+#PROCNAME[4]=apache2
+#RESTARTCMD[4]="/etc/init.d/apache2 stop ; sleep 3 ; /etc/init.d/apache2 start"
+#PIDFILE[4]=/var/run/apache2.pid
+
+
+
+
Added: trunk/syscheck/lang/30.english
===================================================================
--- trunk/syscheck/lang/30.english (rev 0)
+++ trunk/syscheck/lang/30.english 2010-10-06 18:42:34 UTC (rev 7902)
@@ -0,0 +1,9 @@
+HELP="Generic script to check a proc is running and try to restart those that's not"
+DESCR_1="Process %s is running"
+HELP_1="No action is needed"
+DESCR_2="Process %s was not running, restart succeded"
+HELP_2="If this happens regulary this need to be looked into"
+DESCR_3="Process %s was not running, restart succeded"
+HELP_3="If this happens regulary this need to be looked into"
+DESCR_4="Process %s was not running, no restart command defined"
+HELP_4="No restart command defined, restart manually"
Added: trunk/syscheck/scripts-available/sc_30_check_running_procs.sh
===================================================================
--- trunk/syscheck/scripts-available/sc_30_check_running_procs.sh (rev 0)
+++ trunk/syscheck/scripts-available/sc_30_check_running_procs.sh 2010-10-06 18:42:34 UTC (rev 7902)
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+# Set default home if not already set.
+SYSCHECK_HOME=${SYSCHECK_HOME:-"/usr/local/syscheck"}
+
+# uniq ID of script (please use in the name of this file also for convinice for finding next availavle number)
+SCRIPTID=30
+
+## Import common definitions ##
+. $SYSCHECK_HOME/config/syscheck-scripts.conf
+
+getlangfiles $SCRIPTID
+getconfig $SCRIPTID
+
+ERRNO_1=${SCRIPTID}01
+ERRNO_2=${SCRIPTID}02
+ERRNO_3=${SCRIPTID}03
+ERRNO_4=${SCRIPTID}04
+
+
+# help
+if [ "x$1" = "x--help" ] ; then
+ echo "$0 $HELP"
+ echo "$ERRNO_1/$DESCR_1 - $HELP_1"
+ echo "$ERRNO_2/$DESCR_2 - $HELP_2"
+ echo "$ERRNO_3/$DESCR_3 - $HELP_3"
+ echo "$ERRNO_4/$DESCR_4 - $HELP_4"
+ exit
+elif [ "x$1" = "x-s" -o "x$1" = "x--screen" ] ; then
+ PRINTTOSCREEN=1
+fi
+
+
+for (( i = 0 ; i < ${#PROCNAME[@]} ; i++ )) ; do
+
+ pidinfo=`${SYSCHECK_HOME}/lib/proc_checker.sh ${PIDFILE[$i]} ${PROCNAME[$i]}`
+ if [ "x$pidinfo" = "x" ] ; then
+
+ # try restart
+ if [ "x${RESTARTCMD[$i]}" = "x" ] ; then
+ printlogmess $ERROR $ERRNO_4 "$DESCR_4" ${PROCNAME[$i]}
+ continue
+ fi
+
+ eval ${RESTARTCMD[$i]}
+
+ if [ $? -ne 0 ] ; then
+ # log restart success
+ printlogmess $INFO $ERRNO_1 "$DESCR_1" ${PROCNAME[$i]}
+ else
+ # log restart fail
+ printlogmess $ERROR $ERRNO_3 "$DESCR_2" ${PROCNAME[$i]}
+ fi
+ else
+ printtoscreen "proc $i: ${PROCNAME[$i]} is running, no action needed"
+ fi
+
+
+done
+
Property changes on: trunk/syscheck/scripts-available/sc_30_check_running_procs.sh
___________________________________________________________________
Added: svn:executable
+ *
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ki...@us...> - 2010-10-12 12:30:24
|
Revision: 7908
http://syscheck.svn.sourceforge.net/syscheck/?rev=7908&view=rev
Author: kinneh
Date: 2010-10-12 12:30:17 +0000 (Tue, 12 Oct 2010)
Log Message:
-----------
Closes #16 sc_01_discusage config
Modified Paths:
--------------
trunk/syscheck/config/01.conf
trunk/syscheck/lang/01.english
trunk/syscheck/scripts-available/sc_01_diskusage.sh
Modified: trunk/syscheck/config/01.conf
===================================================================
--- trunk/syscheck/config/01.conf 2010-10-07 08:52:11 UTC (rev 7907)
+++ trunk/syscheck/config/01.conf 2010-10-12 12:30:17 UTC (rev 7908)
@@ -1,2 +1,12 @@
# config for sc_01_diskusage.sh
-DU_PERCENT=95
+
+FILESYSTEM[0]=/
+USAGEPERCENT[0]=95
+
+FILESYSTEM[1]=/usr/local/certificate-services
+USAGEPERCENT[1]=90
+
+FILESYSTEM[2]=/backup
+USAGEPERCENT[2]=80
+
+
Modified: trunk/syscheck/lang/01.english
===================================================================
--- trunk/syscheck/lang/01.english 2010-10-07 08:52:11 UTC (rev 7907)
+++ trunk/syscheck/lang/01.english 2010-10-12 12:30:17 UTC (rev 7908)
@@ -3,3 +3,5 @@
DU_HELP_1="No action is needed"
DU_DESCR_2="Diskusage exceeded (%s is %s percent used: Limit is %s percent)"
DU_HELP_2="The usage is more than the limit, if the disk fills up thing will start to break, make some free space and maybe restart the machine"
+DU_DESCR_3="Diskusage problems (%s)"
+DU_HELP_3="Manually check config and also try df -Ph /path"
Modified: trunk/syscheck/scripts-available/sc_01_diskusage.sh
===================================================================
--- trunk/syscheck/scripts-available/sc_01_diskusage.sh 2010-10-07 08:52:11 UTC (rev 7907)
+++ trunk/syscheck/scripts-available/sc_01_diskusage.sh 2010-10-12 12:30:17 UTC (rev 7908)
@@ -15,9 +15,11 @@
ERRNO_1="${SCRIPTID}01"
ERRNO_2="${SCRIPTID}02"
+ERRNO_3="${SCRIPTID}03"
DESCR_1="${DU_DESCR_1}"
DESCR_2="${DU_DESCR_2}"
+DESCR_3="${DU_DESCR_3}"
### local conf ###
@@ -36,14 +38,23 @@
diskusage () {
FILESYSTEM=$1
LIMIT=$2
- PERCENT=`df -Ph $FILESYSTEM | grep -v Filesystem | awk '{print $5}' | sed 's/%//'`
+ DFPH=`df -Ph $FILESYSTEM 2>&1`
- if [ $PERCENT -gt $LIMIT ] ; then
- printlogmess $ERROR $ERRNO_2 "$DESCR_2" "$FILESYSTEM" "$PERCENT" "$LIMIT"
+ if [ $? -ne 0 ] ; then
+ printlogmess $ERROR $ERRNO_3 "$DESCR_3" "$FILESYSTEM" "$DFPH"
else
- printlogmess $INFO $ERRNO_1 "$DESCR_1" "$FILESYSTEM" "$PERCENT" "$LIMIT"
+
+ PERCENT=`df -Ph $FILESYSTEM | grep -v Filesystem| awk '{print $5}' | sed 's/%//'`
+ if [ $PERCENT -gt $LIMIT ] ; then
+ printlogmess $ERROR $ERRNO_2 "$DESCR_2" "$FILESYSTEM" "$PERCENT" "$LIMIT"
+ else
+ printlogmess $INFO $ERRNO_1 "$DESCR_1" "$FILESYSTEM" "$PERCENT" "$LIMIT"
+ fi
fi
}
-diskusage / $DU_PERCENT
+for (( i = 0 ; i < ${#FILESYSTEM[@]} ; i++ )) ; do
+ diskusage ${FILESYSTEM[$i]} ${USAGEPERCENT[$i]}
+done
+
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ki...@us...> - 2010-10-12 12:39:55
|
Revision: 7910
http://syscheck.svn.sourceforge.net/syscheck/?rev=7910&view=rev
Author: kinneh
Date: 2010-10-12 12:39:49 +0000 (Tue, 12 Oct 2010)
Log Message:
-----------
Closes #35 change 908 clean old backups to honor the KEEPDAYS for each configued value instead of using default
Modified Paths:
--------------
trunk/syscheck/config/908.conf
trunk/syscheck/related-available/908_clean_old_backups.sh
Modified: trunk/syscheck/config/908.conf
===================================================================
--- trunk/syscheck/config/908.conf 2010-10-12 12:31:51 UTC (rev 7909)
+++ trunk/syscheck/config/908.conf 2010-10-12 12:39:49 UTC (rev 7910)
@@ -7,19 +7,19 @@
KEEPDAYS[1]=30;
BACKUPDIR[1]="/backup/mysql/daily";
-DATESTR[1]=`${SYSCHECK_HOME}/lib/x-days-ago-datestring.pl ${KEEPDAYS[0]} 2>/dev/null`;
-FILENAME[1]="${BACKUPDIR[0]}/ejbcabackup-${DATESTR[0]}*"
+DATESTR[1]=`${SYSCHECK_HOME}/lib/x-days-ago-datestring.pl ${KEEPDAYS[1]} 2>/dev/null`;
+FILENAME[1]="${BACKUPDIR[1]}/ejbcabackup-${DATESTR[1]}*"
KEEPDAYS[2]=90;
BACKUPDIR[2]="/backup/mysql/weekly/";
-DATESTR[2]=`${SYSCHECK_HOME}/lib/x-days-ago-datestring.pl ${KEEPDAYS[1]} 2>/dev/null`;
-FILENAME[2]="${BACKUPDIR[1]}/ejbcabackup-${DATESTR[1]}*"
+DATESTR[2]=`${SYSCHECK_HOME}/lib/x-days-ago-datestring.pl ${KEEPDAYS[2]} 2>/dev/null`;
+FILENAME[2]="${BACKUPDIR[2]}/ejbcabackup-${DATESTR[2]}*"
KEEPDAYS[3]=370;
BACKUPDIR[3]="/backup/mysql/monthly/";
-DATESTR[3]=`${SYSCHECK_HOME}/lib/x-days-ago-datestring.pl ${KEEPDAYS[1]} 2>/dev/null`;
-FILENAME[3]="${BACKUPDIR[1]}/ejbcabackup-${DATESTR[1]}*"
+DATESTR[3]=`${SYSCHECK_HOME}/lib/x-days-ago-datestring.pl ${KEEPDAYS[3]} 2>/dev/null`;
+FILENAME[3]="${BACKUPDIR[3]}/ejbcabackup-${DATESTR[3]}*"
### end config ###
Modified: trunk/syscheck/related-available/908_clean_old_backups.sh
===================================================================
--- trunk/syscheck/related-available/908_clean_old_backups.sh 2010-10-12 12:31:51 UTC (rev 7909)
+++ trunk/syscheck/related-available/908_clean_old_backups.sh 2010-10-12 12:39:49 UTC (rev 7910)
@@ -50,7 +50,7 @@
exit
fi
- realfiles=$(ls ${FILENAME[$i]})
+ realfiles=$(ls ${FILENAME[$i]} 2>/dev/null)
if [ "x${realfiles}" != "x" ] ; then
returnstr=`rm ${FILENAME[$i]} 2>&1`
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ki...@us...> - 2010-10-14 07:37:38
|
Revision: 7913
http://syscheck.svn.sourceforge.net/syscheck/?rev=7913&view=rev
Author: kinneh
Date: 2010-10-14 07:37:31 +0000 (Thu, 14 Oct 2010)
Log Message:
-----------
First version for #6 change the help function so it prints the log standard format instead and
#3 move level to a define per message instead of each printlogmess chooses the level
Also closes #37 add better support for changing the location of syscheck install for sc_300_check_running_procs.sh
Added Paths:
-----------
trunk/syscheck/config/300.conf
trunk/syscheck/lang/300.english
trunk/syscheck/scripts-available/sc_300_check_running_procs.sh
Removed Paths:
-------------
trunk/syscheck/config/30.conf
trunk/syscheck/lang/30.english
trunk/syscheck/scripts-available/sc_30_check_running_procs.sh
Deleted: trunk/syscheck/config/30.conf
===================================================================
--- trunk/syscheck/config/30.conf 2010-10-14 06:56:06 UTC (rev 7912)
+++ trunk/syscheck/config/30.conf 2010-10-14 07:37:31 UTC (rev 7913)
@@ -1,31 +0,0 @@
-# config for sc_30_check_running_procs.sh
-
-# set RESTARTCMD to empty if no automatic action is wanted
-
-PROCNAME[0]=apache2
-RESTARTCMD[0]="/etc/init.d/apache2 restart"
-PIDFILE[0]=/var/run/apache2.pid
-
-#
-PROCNAME[1]=ntpd
-RESTARTCMD[1]="/etc/init.d/ntp restart"
-PIDFILE[1]=/var/run/ntpd.pid
-
-#
-PROCNAME[2]=cupsd
-RESTARTCMD[2]="/etc/init.d/cups stop ; sleep 3 ; /etc/init.d/cups start"
-PIDFILE[2]=/var/run/cups/cupsd.pid
-
-
-#PROCNAME[3]=apache2
-#RESTARTCMD[3]="/etc/init.d/apache2 stop ; sleep 3 ; /etc/init.d/apache2 start"
-#PIDFILE[3]=/var/run/apache2.pid
-
-
-#PROCNAME[4]=apache2
-#RESTARTCMD[4]="/etc/init.d/apache2 stop ; sleep 3 ; /etc/init.d/apache2 start"
-#PIDFILE[4]=/var/run/apache2.pid
-
-
-
-
Copied: trunk/syscheck/config/300.conf (from rev 7902, trunk/syscheck/config/30.conf)
===================================================================
--- trunk/syscheck/config/300.conf (rev 0)
+++ trunk/syscheck/config/300.conf 2010-10-14 07:37:31 UTC (rev 7913)
@@ -0,0 +1,31 @@
+# config for sc_30_check_running_procs.sh
+
+# set RESTARTCMD to empty if no automatic action is wanted
+
+PROCNAME[0]=apache2
+RESTARTCMD[0]="/etc/init.d/apache2 restart"
+PIDFILE[0]=/var/run/apache2.pid
+
+#
+PROCNAME[1]=ntpd
+RESTARTCMD[1]="/etc/init.d/ntp restart"
+PIDFILE[1]=/var/run/ntpd.pid
+
+#
+PROCNAME[2]=cupsd
+RESTARTCMD[2]="/etc/init.d/cups stop ; sleep 3 ; /etc/init.d/cups start"
+PIDFILE[2]=/var/run/cups/cupsd.pid
+
+
+#PROCNAME[3]=apache2
+#RESTARTCMD[3]="/etc/init.d/apache2 stop ; sleep 3 ; /etc/init.d/apache2 start"
+#PIDFILE[3]=/var/run/apache2.pid
+
+
+#PROCNAME[4]=apache2
+#RESTARTCMD[4]="/etc/init.d/apache2 stop ; sleep 3 ; /etc/init.d/apache2 start"
+#PIDFILE[4]=/var/run/apache2.pid
+
+
+
+
Property changes on: trunk/syscheck/config/300.conf
___________________________________________________________________
Added: svn:mergeinfo
+
Deleted: trunk/syscheck/lang/30.english
===================================================================
--- trunk/syscheck/lang/30.english 2010-10-14 06:56:06 UTC (rev 7912)
+++ trunk/syscheck/lang/30.english 2010-10-14 07:37:31 UTC (rev 7913)
@@ -1,9 +0,0 @@
-HELP="Generic script to check a proc is running and try to restart those that's not"
-DESCR_1="Process %s is running"
-HELP_1="No action is needed"
-DESCR_2="Process %s was not running, restart succeded"
-HELP_2="If this happens regulary this need to be looked into"
-DESCR_3="Process %s was not running, restart succeded"
-HELP_3="If this happens regulary this need to be looked into"
-DESCR_4="Process %s was not running, no restart command defined"
-HELP_4="No restart command defined, restart manually"
Copied: trunk/syscheck/lang/300.english (from rev 7902, trunk/syscheck/lang/30.english)
===================================================================
--- trunk/syscheck/lang/300.english (rev 0)
+++ trunk/syscheck/lang/300.english 2010-10-14 07:37:31 UTC (rev 7913)
@@ -0,0 +1,20 @@
+ABOUT="Generic script to check a proc is running and try to restart those that's not"
+DESCR[0]="Process %s is running"
+HELP[0]="No action is needed"
+LEVEL[0]=$INFO
+ERRNO[0]=${SCRIPTID}0
+
+DESCR[1]="Process %s was not running, restart succeded"
+HELP[1]="If this happens regulary this need to be looked into"
+LEVEL[1]=$WARN
+ERRNO[1]=${SCRIPTID}1
+
+DESCR[2]="Process %s was not running, restart failed"
+HELP[2]="If this needs to be this handled manually"
+LEVEL[2]=$ERROR
+ERRNO[2]=${SCRIPTID}2
+
+DESCR[3]="Process %s was not running, no restart command defined"
+HELP[3]="No restart command defined, restart manually"
+LEVEL[3]=$ERROR
+ERRNO[3]=${SCRIPTID}3
Property changes on: trunk/syscheck/lang/300.english
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: trunk/syscheck/scripts-available/sc_300_check_running_procs.sh (from rev 7902, trunk/syscheck/scripts-available/sc_30_check_running_procs.sh)
===================================================================
--- trunk/syscheck/scripts-available/sc_300_check_running_procs.sh (rev 0)
+++ trunk/syscheck/scripts-available/sc_300_check_running_procs.sh 2010-10-14 07:37:31 UTC (rev 7913)
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+# Set SYSCHECK_HOME if not already set.
+
+# 1. First check if SYSCHECK_HOME is set then use that
+if [ "x${SYSCHECK_HOME}" = "x" ] ; then
+# 2. Check if /etc/syscheck.conf exists then source that (put SYSCHECK_HOME=/path/to/syscheck in ther)
+ if [ -e /etc/syscheck.conf ] ; then
+ source /etc/syscheck.conf
+ else
+# 3. last resort use default path
+ SYSCHECK_HOME="/usr/local/syscheck"
+ fi
+fi
+
+if [ ! -f ${SYSCHECK_HOME}/syscheck.sh ] ; then echo "$0: Can't find syscheck.sh in SYSCHECK_HOME ($SYSCHECK_HOME)" ;exit ; fi
+
+
+
+
+# uniq ID of script (please use in the name of this file also for convinice for finding next availavle number)
+SCRIPTID=300
+
+## Import common definitions ##
+. $SYSCHECK_HOME/config/syscheck-scripts.conf
+
+getlangfiles $SCRIPTID
+getconfig $SCRIPTID
+
+
+# help
+if [ "x$1" = "x--help" ] ; then
+ displayhelp
+ exit
+elif [ "x$1" = "x-s" -o "x$1" = "x--screen" ] ; then
+ PRINTTOSCREEN=1
+fi
+
+
+for (( i = 0 ; i < ${#PROCNAME[@]} ; i++ )) ; do
+
+ pidinfo=`${SYSCHECK_HOME}/lib/proc_checker.sh ${PIDFILE[$i]} ${PROCNAME[$i]}`
+ if [ "x$pidinfo" = "x" ] ; then
+
+ # try restart
+ if [ "x${RESTARTCMD[$i]}" = "x" ] ; then
+ # no restart cmd defined
+ printlogmess ${LEVEL[3]} ${ERRNO[3]} "${DESCR[3]}" ${PROCNAME[$i]}
+ continue
+ fi
+
+ eval ${RESTARTCMD[$i]}
+
+ if [ $? -eq 0 ] ; then
+ # log restart success
+ printlogmess ${LEVEL[1]} ${ERRNO[1]} "${DESCR[1]}" ${PROCNAME[$i]}
+ else
+ # log restart fail
+ printlogmess ${LEVEL[2]} ${ERRNO[2]} "${DESCR[2]}" ${PROCNAME[$i]}
+ fi
+ else
+ printlogmess ${LEVEL[0]} ${ERRNO[0]} "${DESCR[0]}" ${PROCNAME[$i]}
+ printtoscreen "proc $i: ${PROCNAME[$i]} is running"
+ fi
+
+
+done
+
Property changes on: trunk/syscheck/scripts-available/sc_300_check_running_procs.sh
___________________________________________________________________
Added: svn:executable
+ *
Added: svn:mergeinfo
+
Deleted: trunk/syscheck/scripts-available/sc_30_check_running_procs.sh
===================================================================
--- trunk/syscheck/scripts-available/sc_30_check_running_procs.sh 2010-10-14 06:56:06 UTC (rev 7912)
+++ trunk/syscheck/scripts-available/sc_30_check_running_procs.sh 2010-10-14 07:37:31 UTC (rev 7913)
@@ -1,60 +0,0 @@
-#!/bin/sh
-
-# Set default home if not already set.
-SYSCHECK_HOME=${SYSCHECK_HOME:-"/usr/local/syscheck"}
-
-# uniq ID of script (please use in the name of this file also for convinice for finding next availavle number)
-SCRIPTID=30
-
-## Import common definitions ##
-. $SYSCHECK_HOME/config/syscheck-scripts.conf
-
-getlangfiles $SCRIPTID
-getconfig $SCRIPTID
-
-ERRNO_1=${SCRIPTID}01
-ERRNO_2=${SCRIPTID}02
-ERRNO_3=${SCRIPTID}03
-ERRNO_4=${SCRIPTID}04
-
-
-# help
-if [ "x$1" = "x--help" ] ; then
- echo "$0 $HELP"
- echo "$ERRNO_1/$DESCR_1 - $HELP_1"
- echo "$ERRNO_2/$DESCR_2 - $HELP_2"
- echo "$ERRNO_3/$DESCR_3 - $HELP_3"
- echo "$ERRNO_4/$DESCR_4 - $HELP_4"
- exit
-elif [ "x$1" = "x-s" -o "x$1" = "x--screen" ] ; then
- PRINTTOSCREEN=1
-fi
-
-
-for (( i = 0 ; i < ${#PROCNAME[@]} ; i++ )) ; do
-
- pidinfo=`${SYSCHECK_HOME}/lib/proc_checker.sh ${PIDFILE[$i]} ${PROCNAME[$i]}`
- if [ "x$pidinfo" = "x" ] ; then
-
- # try restart
- if [ "x${RESTARTCMD[$i]}" = "x" ] ; then
- printlogmess $ERROR $ERRNO_4 "$DESCR_4" ${PROCNAME[$i]}
- continue
- fi
-
- eval ${RESTARTCMD[$i]}
-
- if [ $? -ne 0 ] ; then
- # log restart success
- printlogmess $INFO $ERRNO_1 "$DESCR_1" ${PROCNAME[$i]}
- else
- # log restart fail
- printlogmess $ERROR $ERRNO_3 "$DESCR_2" ${PROCNAME[$i]}
- fi
- else
- printtoscreen "proc $i: ${PROCNAME[$i]} is running, no action needed"
- fi
-
-
-done
-
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ki...@us...> - 2010-10-19 05:36:53
|
Revision: 7916
http://syscheck.svn.sourceforge.net/syscheck/?rev=7916&view=rev
Author: kinneh
Date: 2010-10-19 05:36:47 +0000 (Tue, 19 Oct 2010)
Log Message:
-----------
Closes #39 remove the misc/clusterscript path from some 80x scripts
Modified Paths:
--------------
trunk/syscheck/config/common.conf
trunk/syscheck/database-replication/802-create-mysql-ejbca-user-db-user.sh
trunk/syscheck/database-replication/803-create-mysql-replication-user.sh
trunk/syscheck/database-replication/804-make-mysql-server-act-as-master.sh
trunk/syscheck/database-replication/805-make-mysql-server-act-as-slave.sh
trunk/syscheck/database-replication/815-create-mysql-ejbca-user-db-user-localhost-only.sh
Modified: trunk/syscheck/config/common.conf
===================================================================
--- trunk/syscheck/config/common.conf 2010-10-19 05:29:43 UTC (rev 7915)
+++ trunk/syscheck/config/common.conf 2010-10-19 05:36:47 UTC (rev 7916)
@@ -85,17 +85,6 @@
-### CLUSTER SCRIPT RESOURCES ###
-#Depending if the scripts is running as a cluster or standalone
-#might different levels with different errorcodes be reported.
-#Comment and uncomment the levels you want to change
-
-#Path do clusterscript directory
-CLUSTERSCRIPT_HOME=$SYSCHECK_HOME/misc/clusterscripts
-
-#Path do ejbcascript directory
-EJBCASCRIPT_HOME=$SYSCHECK_HOME/misc/ejbca
-
# networking path:s
IFCONFIG=/sbin/ifconfig
ROUTE=/sbin/route
Modified: trunk/syscheck/database-replication/802-create-mysql-ejbca-user-db-user.sh
===================================================================
--- trunk/syscheck/database-replication/802-create-mysql-ejbca-user-db-user.sh 2010-10-19 05:29:43 UTC (rev 7915)
+++ trunk/syscheck/database-replication/802-create-mysql-ejbca-user-db-user.sh 2010-10-19 05:36:47 UTC (rev 7916)
@@ -49,7 +49,7 @@
fi
-OUTFILE="$CLUSTERSCRIPT_HOME/tmp_create-ejbca-mysql-user.sql"
+OUTFILE="$SYSCHECK_HOME/var/tmp_create-ejbca-mysql-user.sql"
echo "GRANT ALL ON ejbca.* to '$DB_USER'@'$HOSTNAME_NODE1' IDENTIFIED BY '${DB_PASSWORD}';" > $OUTFILE
echo "GRANT ALL ON ejbca.* to '$DB_USER'@'$HOSTNAME_NODE2' IDENTIFIED BY '${DB_PASSWORD}';" >> $OUTFILE
Modified: trunk/syscheck/database-replication/803-create-mysql-replication-user.sh
===================================================================
--- trunk/syscheck/database-replication/803-create-mysql-replication-user.sh 2010-10-19 05:29:43 UTC (rev 7915)
+++ trunk/syscheck/database-replication/803-create-mysql-replication-user.sh 2010-10-19 05:36:47 UTC (rev 7916)
@@ -52,7 +52,7 @@
-OUTFILE="$CLUSTERSCRIPT_HOME/tmp_create-ejbca-mysql-user.sql"
+OUTFILE="$SYSCHECK_HOME/var/tmp_create-ejbca-mysql-user.sql"
echo "GRANT REPLICATION SLAVE ON *.* to '${DBREP_USER}'@'${HOSTNAME_NODE2}' IDENTIFIED BY '${DBREP_PASSWORD}';" > $OUTFILE
echo "GRANT REPLICATION SLAVE ON *.* to '${DBREP_USER}'@'${HOSTNAME_VIRTUAL}' IDENTIFIED BY '${DBREP_PASSWORD}';" >> $OUTFILE
Modified: trunk/syscheck/database-replication/804-make-mysql-server-act-as-master.sh
===================================================================
--- trunk/syscheck/database-replication/804-make-mysql-server-act-as-master.sh 2010-10-19 05:29:43 UTC (rev 7915)
+++ trunk/syscheck/database-replication/804-make-mysql-server-act-as-master.sh 2010-10-19 05:36:47 UTC (rev 7916)
@@ -60,7 +60,7 @@
fi
-OUTFILE="$CLUSTERSCRIPT_HOME/tmp_make-mysql-server-act-as-master.sql"
+OUTFILE="$SYSCHECK_HOME/var/tmp_make-mysql-server-act-as-master.sql"
echo "SLAVE STOP;" > $OUTFILE
echo "RESET MASTER;" >> $OUTFILE
Modified: trunk/syscheck/database-replication/805-make-mysql-server-act-as-slave.sh
===================================================================
--- trunk/syscheck/database-replication/805-make-mysql-server-act-as-slave.sh 2010-10-19 05:29:43 UTC (rev 7915)
+++ trunk/syscheck/database-replication/805-make-mysql-server-act-as-slave.sh 2010-10-19 05:36:47 UTC (rev 7916)
@@ -73,7 +73,7 @@
-OUTFILE="$CLUSTERSCRIPT_HOME/tmp_make-mysql-server-act-as-slave.sql"
+OUTFILE="$SYSCHECK_HOME/var/tmp_make-mysql-server-act-as-slave.sql"
echo "STOP SLAVE;" > $OUTFILE
if [ "x$THIS_NODE" = "xNODE1" ] ; then
Modified: trunk/syscheck/database-replication/815-create-mysql-ejbca-user-db-user-localhost-only.sh
===================================================================
--- trunk/syscheck/database-replication/815-create-mysql-ejbca-user-db-user-localhost-only.sh 2010-10-19 05:29:43 UTC (rev 7915)
+++ trunk/syscheck/database-replication/815-create-mysql-ejbca-user-db-user-localhost-only.sh 2010-10-19 05:36:47 UTC (rev 7916)
@@ -49,7 +49,7 @@
fi
-OUTFILE="$CLUSTERSCRIPT_HOME/tmp_create-ejbca-mysql-user.sql"
+OUTFILE="$SYSCHECK_HOME/var/tmp_create-ejbca-mysql-user.sql"
echo "GRANT ALL ON ejbca.* to '$DB_USER'@'localhost' IDENTIFIED BY '${DB_PASSWORD}';" > $OUTFILE
echo "select * from user where user like '%${DB_USER}%'" >> $OUTFILE
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ki...@us...> - 2010-10-19 11:47:31
|
Revision: 7917
http://syscheck.svn.sourceforge.net/syscheck/?rev=7917&view=rev
Author: kinneh
Date: 2010-10-19 11:47:24 +0000 (Tue, 19 Oct 2010)
Log Message:
-----------
Close #40 change 905_publish_crl.sh to make sure you get a new CRL before we remove the old one
Modified Paths:
--------------
trunk/syscheck/config/905.conf
trunk/syscheck/config/common.conf
trunk/syscheck/lang/905.english
trunk/syscheck/related-available/905_publish_crl.sh
Modified: trunk/syscheck/config/905.conf
===================================================================
--- trunk/syscheck/config/905.conf 2010-10-19 05:36:47 UTC (rev 7916)
+++ trunk/syscheck/config/905.conf 2010-10-19 11:47:24 UTC (rev 7917)
@@ -1,41 +1,46 @@
# config for 905_publish_crl.sh
HOURTHRESHOLD=1
-CRLDIRECTORY=/srv/www/htdocs/crl/
CANAME[0]=MSDomainLogonCA
-VERIFY_HOST[0]=localhost
-CRLTO_DIR[0]='/srv/www/htdocs/'
+REMOTE_HOST[0]=localhost
+CRLTO_DIR[0]='/srv/www/htdocs/crl/'
+CRL_NAME[0]=MSDomainLogonCA.crl
SSHUSER[0]=
SSHKEY[0]=
CANAME[1]=eSignCA
-VERIFY_HOST[1]=localhost
-CRLTO_DIR[1]='/srv/www/htdocs/'
+REMOTE_HOST[1]=localhost
+CRLTO_DIR[1]='/srv/www/htdocs/crl/'
+CRL_NAME[1]=eSignCA.crl
SSHUSER[1]=
SSHKEY[1]=
CANAME[2]=ServerCA
-CRLTO_DIR[2]='/srv/www/htdocs/'
-VERIFY_HOST[2]=localhost
+CRLTO_DIR[2]='/srv/www/htdocs/crl/'
+REMOTE_HOST[2]=localhost
+CRL_NAME[2]=ServerCA.crl
SSHUSER[2]=
SSHKEY[2]=
CANAME[3]=eIDCA
-CRLTO_DIR[3]='/srv/www/htdocs/'
-VERIFY_HOST[3]=localhost
+CRLTO_DIR[3]='/srv/www/htdocs/crl/'
+REMOTE_HOST[3]=localhost
+CRL_NAME[3]=eIDCA.crl
SSHUSER[3]=
SSHKEY[3]=
CANAME[4]=MachineCertCA
-CRLTO_DIR[4]='/srv/www/htdocs/'
-VERIFY_HOST[4]=localhost
+CRLTO_DIR[4]='/srv/www/htdocs/crl/'
+REMOTE_HOST[4]=localhost
+CRL_NAME[4]=MachineCertCA.crl
SSHUSER[4]=
SSHKEY[4]=
CANAME[5]=SoftTokenCA
-CRLTO_DIR[5]='/srv/www/htdocs/'
-VERIFY_HOST[5]=localhost
+CRLTO_DIR[5]='/srv/www/htdocs/crl/'
+REMOTE_HOST[5]=localhost
+CRL_NAME[5]=SoftTokenCA.crl
SSHUSER[5]=
SSHKEY[5]=
Modified: trunk/syscheck/config/common.conf
===================================================================
--- trunk/syscheck/config/common.conf 2010-10-19 05:36:47 UTC (rev 7916)
+++ trunk/syscheck/config/common.conf 2010-10-19 11:47:24 UTC (rev 7917)
@@ -44,6 +44,10 @@
#Path to active jboss config
JBOSS_HOME=${JBOSS_HOME:-"/usr/local/jboss"}
+if [ "x$TMPDIR" = "x" ] ; then
+ TMPDIR="/tmp/"
+fi
+
# List indicating CAs to activate, should contain a list of caname and PIN separated by space.
# Also used for handling CRLs.
CANAME[0]="eIDCA"
Modified: trunk/syscheck/lang/905.english
===================================================================
--- trunk/syscheck/lang/905.english 2010-10-19 05:36:47 UTC (rev 7916)
+++ trunk/syscheck/lang/905.english 2010-10-19 11:47:24 UTC (rev 7917)
@@ -1,9 +1,25 @@
-PUBL_DESCR_1="Publish certificate run successfully"
-PUBL_DESCR_2="Publish failed (%s) "
-PUBL_HELP_2="Check connectivity to the host (%s) "
-PUBL_DESCR_3="Publish certificate failed, script called without file"
+PUBL_HELP="Script to publish the CRL:s from the CA, supports local and remote publishing by SSH"
+
+PUBL_DESCR_1="Publish CRL run successfully (%s)"
+PUBL_HELP_1="No action needed"
+
+PUBL_DESCR_2="Publish to remote host failed crl:(%s) host:(%s)"
+PUBL_HELP_2="Try manually to run this command and setup ssh-keys and check username"
+
+PUBL_DESCR_3="Publish CRL failed, can't copy crl to destination %s/%s"
+PUBL_HELP_3="Check permissions for the path:s"
+
PUBL_DESCR_4="File not found"
-PUBL_DESCR_5="CRL is not the right size"
-PUBL_DESCR_6="Could not get a CRL from ejbca"
-PUBL_HELP_6="Check that EJBCA is running"
-PUBL_DESCR_7="CRL is outdated %s %s (%s)"
+PUBL_HELP_4="Verify the configuration of this script so it reflects the existing CA:s"
+
+PUBL_DESCR_5="Couldn't stat the file to get the filesize"
+PUBL_HELP_5="Probably some problem getting the file/or filerights"
+
+PUBL_DESCR_6="File size of CRL is 0 (%s)"
+PUBL_HELP_6="Probably some problem getting the file/or filerights"
+
+PUBL_DESCR_7="CRL is outdated %s (%s)"
+PUBL_HELP_7="This script cant get a new CRL, check the CA-logs"
+
+PUBL_DESCR_8="CRL:%s is published to host:%s"
+PUBL_HELP_8="no action needed"
Modified: trunk/syscheck/related-available/905_publish_crl.sh
===================================================================
--- trunk/syscheck/related-available/905_publish_crl.sh 2010-10-19 05:36:47 UTC (rev 7916)
+++ trunk/syscheck/related-available/905_publish_crl.sh 2010-10-19 11:47:24 UTC (rev 7917)
@@ -1,10 +1,6 @@
#!/bin/bash
-# The script fetches a crl from the ca and scp the crl to a webserver.
-# Change $HTTPSERVER, $SSHUSER and $SSHSERVER_DIR. Define the crl's and the servers in the end.
-# Usage:
-# get example.crl # This gets the crl from the CA server.
-# put 192.168.10.10 # This sends the crl to the webserver.
+# The script fetches a crl from the ca and copies to a local dir or scp the crl to a webserver.
# Set SYSCHECK_HOME if not already set.
@@ -41,6 +37,7 @@
ERRNO_5=${SCRIPTID}5
ERRNO_6=${SCRIPTID}6
ERRNO_7=${SCRIPTID}7
+ERRNO_8=${SCRIPTID}8
@@ -52,110 +49,110 @@
fi
-
-if [ ! -d $CRLDIRECTORY ] ; then
- mkdir $CRLDIRECTORY
-fi
-
-VERIFYCRLDIRECTORY="/var/tmp/crl-verify"
-if [ ! -d $VERIFYCRLDIRECTORY ] ; then
- mkdir $VERIFYCRLDIRECTORY
-fi
-
+### get crl ###
+### CRLFILE will be overwritten and migth be empty
+### soo call me with a temporary file!!!
get () {
- CRLNAME=$1
- CRLFILE=$2
- rm -f $CRLDIRECTORY/$CRLFILE
- cd ${EJBCA_HOME}
- printtoscreen "${EJBCA_HOME}/bin/ejbca.sh ca getcrl $CRLNAME $CRLDIRECTORY/$CRLFILE"
- ${EJBCA_HOME}/bin/ejbca.sh ca getcrl $CRLNAME $CRLDIRECTORY/$CRLFILE
- if [ $? != 0 -o ! -r $CRLDIRECTORY/$CRLFILE ] ; then
- printlogmess $ERROR $ERRNO_6 "$PUBL_DESCR_6" $CRLNAME
- fi
+ CRLNAME=$1
+ CRLFILE=$2
+ cd ${EJBCA_HOME}
+ printtoscreen "${EJBCA_HOME}/bin/ejbca.sh ca getcrl $CRLNAME $CRLFILE"
+ ${EJBCA_HOME}/bin/ejbca.sh ca getcrl $CRLNAME "$CRLFILE"
+ if [ $? != 0 -o ! -r $CRLFILE ] ; then
+ printlogmess $ERROR $ERRNO_6 "$PUBL_DESCR_6" "$CRLNAME/$CRLFILE"
+ fi
+
}
+
+### put crl ###
put () {
- CRLHOST=$1
- CRLFILE=$2
- SSHSERVER_DIR=$3
- SSHKEY=$4
- SSHUSER=$5
+ REMOTEHOST=$1
+ CRLFILE=$2
+ REMOTEDIR=$3
+ SSHKEY=$4
+ SSHUSER=$5
+
+ $SYSCHECK_HOME/related-enabled/906_ssh-copy-to-remote-machine.sh -s $CRLFILE $REMOTEHOST $REMOTEDIR $SSHUSER $SSHKEY
- cd $CRLDIRECTORY
- $SYSCHECK_HOME/related-enabled/906_ssh-copy-to-remote-machine.sh -s $CRLFILE $CRLHOST $SSHSERVER_DIR $SSHUSER $SSHKEY
- if [ $? != 0 ] ; then
- printlogmess $ERROR $ERRNO_2 "$PUBL_DESCR_2" $CRLHOST $CRLNAME
- fi
+ if [ $? = 0 ] ; then
+ printlogmess $INFO $ERRNO_8 "$PUBL_DESCR_8" $CRLNAME $CRLHOST
+ else
+ printlogmess $ERROR $ERRNO_2 "$PUBL_DESCR_2" $CRLNAME $CRLHOST
+ fi
}
-### FOR NOW WE DO THIS HERE, next we should use syscheck who does this
+
+### check crl ###
checkcrl () {
- CRLHOST=$1
- CRLNAME=$2
- SSHSERVER_DIR=$3
- SSHKEY=$4
- SSHUSER=$5
+ CRLFILE=$1
- cd $VERIFYCRLDIRECTORY
- rm -f $VERIFYCRLDIRECTORY/$CRLNAME
- if [ "x${CRLHOST}" != "xlocalhost" ] ; then
- printtoscreen "scp -o ConnectTimeout=10 -i $SSHKEY $SSHUSER@${CRLHOST}:$SSHSERVER_DIR/$CRLNAME $VERIFYCRLDIRECTORY/$CRLNAME "
- scp -o ConnectTimeout=10 -i $SSHKEY $SSHUSER@${CRLHOST}:$SSHSERVER_DIR/$CRLNAME $VERIFYCRLDIRECTORY/$CRLNAME
- if [ $? -ne 0 ] ; then
- printlogmess $ERROR $ERRNO_3 "$PUBL_DESCR_3" $CRLHOST $CRLNAME
- exit
- fi
- else
- cp -f $SSHSERVER_DIR/$CRLNAME $VERIFYCRLDIRECTORY/$CRLNAME
- fi
-
# file not found where it should be
- if [ ! -f $VERIFYCRLDIRECTORY/$CRLNAME ] ; then
- printlogmess $ERROR $ERRNO_4 "$PUBL_DESCR_4" $CRLHOST $CRLNAME
- exit 1
- fi
+ if [ ! -f $CRLFILE ] ; then
+ printlogmess $ERROR $ERRNO_4 "$PUBL_DESCR_4" $CRLFILE
+ return 4
+ fi
- CRL_FILE_SIZE=`stat -c"%s" $VERIFYCRLDIRECTORY/$CRLNAME`
# stat return check
- if [ $? -ne 0 ] ; then
- printlogmess $ERROR $ERRNO_5 "$PUBL_DESCR_5" $CRLHOST $CRLNAME
- exit
- fi
+ CRL_FILE_SIZE=`stat -c"%s" $CRLFILE`
+ if [ $? -ne 0 ] ; then
+ printlogmess $ERROR $ERRNO_5 "$PUBL_DESCR_5" $CRLFILE
+ return 5
+ fi
# crl of 0 size?
- if [ "x$CRL_FILE_SIZE" = "x0" ] ; then
- printlogmess $ERROR $ERRNO_6 "$PUBL_DESCR_6" $CRLHOST $CRLNAME
- exit
- fi
+ if [ "x$CRL_FILE_SIZE" = "x0" ] ; then
+ printlogmess $ERROR $ERRNO_6 "$PUBL_DESCR_6" $CRLFILE
+ return 6
+ fi
# now we can check the crl:s best before date is in the future with atleast HOURTHRESHOLD hours (defined in resources)
- TEMPDATE=`openssl crl -inform der -in $CRLNAME -lastupdate -noout`
- DATE=${TEMPDATE:11}
- HOURSSINCEGENERATION=`${SYSCHECK_HOME}/lib/cmp_dates.pl "$DATE"`
-
- if [ "$HOURSSINCEGENERATION" -gt "$HOURTHRESHOLD" ] ; then
- printlogmess $ERROR $ERRNO_7 "$PUBL_DESCR_7" $CRLNAME $CRLHOST "old: ${HOURSSINCEGENERATION}) limit: ${HOURTHRESHOLD}"
- else
- printlogmess $INFO $ERRNO_1 "$PUBL_DESCR_1" $CRLHOST $CRLNAME
- fi
+ TEMPDATE=`openssl crl -inform der -in $CRLFILE -nextupdate -noout`
+ DATE=${TEMPDATE:11}
+ HOURSLEFT=`${SYSCHECK_HOME}/lib/cmp_dates.pl "$DATE"`
+
+ if [ "$HOURSLEFT" -lt "$HOURTHRESHOLD" ] ; then
+ printlogmess $ERROR $ERRNO_7 "$PUBL_DESCR_7" $CRLFILE "hoursleft: ${HOURSLEFT} limit: ${HOURTHRESHOLD}"
+ return 7
+ else
+# printlogmess $INFO $ERRNO_1 "$PUBL_DESCR_1" $CRLFILE
+ return 0
+ fi
}
+
for (( i=0; i < ${#CANAME[@]} ; i++ )){
- if [ "x${VERIFY_HOST[$i]}" = "xlocalhost" ] ; then
- get ${CANAME[$i]} "${CANAME[$i]}.crl"
-# todo fix verification date calc problems
-# checkcrl ${VERIFY_HOST[$i]} "${CANAME[$i]}.crl" ${CRLTO_DIR[$i]}
+ tempdir=$(mktemp -d)
+ trap 'rm -rf "$tempdir"' EXIT
+
+ CRLFILE=${tempdir}/${CRL_NAME[$i]}
+
+ get ${CANAME[$i]} "${CRLFILE}"
+ checkcrl "${CRLFILE}"
+ if [ $? -ne 0 ] ; then
+ # check crl didn't pass the crl so we'll not publish this one and continue with the next
+ rm -rf $tempdir
+ continue
+ fi
+
+ if [ "x${REMOTE_HOST[$i]}" = "xlocalhost" ] ; then
+ cp -f ${CRLFILE} "${CRLTO_DIR[$i]}/${CRL_NAME[$i]}"
+ if [ $? -eq 0 ] ;then
+ printlogmess $INFO $ERRNO_1 "$PUBL_DESCR_1" ${CANAME[$i]}
else
- get ${CANAME[$i]} "${CANAME[$i]}.crl"
- put ${VERIFY_HOST[$i]} "${CANAME[$i]}.crl" ${CRLTO_DIR[$i]} ${SSHKEY[$i]} ${SSHUSER[$i]}
- checkcrl ${VERIFY_HOST[$i]} "${CANAME[$i]}.crl" ${CRLTO_DIR[$i]} ${SSHKEY[$i]} ${SSHUSER[$i]}
+ printlogmess $ERROR $ERRNO_3 "$PUBL_DESCR_3" ${CRL_NAME[$i]} "${CRLTO_DIR[$i]}/${CRL_NAME[$i]}"
fi
+
+ else
+ put ${REMOTE_HOST[$i]} ${CRLFILE} ${CRLTO_DIR[$i]} ${SSHKEY[$i]} ${SSHUSER[$i]}
+
+ fi
+ rm -rf $tempdir
}
-
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ki...@us...> - 2010-10-19 11:53:38
|
Revision: 7919
http://syscheck.svn.sourceforge.net/syscheck/?rev=7919&view=rev
Author: kinneh
Date: 2010-10-19 11:53:31 +0000 (Tue, 19 Oct 2010)
Log Message:
-----------
Close #38 add a pre-upgrade script to copy all key config/keystores to /tmp/backup_htmf_conf
Added Paths:
-----------
trunk/syscheck/config/926.conf
trunk/syscheck/lang/926.english
trunk/syscheck/related-available/926_local_htmf_copy_conf.sh
Added: trunk/syscheck/config/926.conf
===================================================================
--- trunk/syscheck/config/926.conf (rev 0)
+++ trunk/syscheck/config/926.conf 2010-10-19 11:53:31 UTC (rev 7919)
@@ -0,0 +1,17 @@
+# config for 926
+
+### config ###
+
+#
+BACKUP_DIR='/tmp/backup_htmf_conf/'
+
+# If you configure one or more REMOTE_HOST:s the archived certificate will also be stored on that host
+HTMF_FILE[0]="${HTMF_HOME}/hardtokenmgmt.properties"
+HTMF_FILE[1]="${HTMF_HOME}/autogenerated_hardtokenmgmt.properties"
+HTMF_FILE[2]="${HTMF_HOME}/src/resources/globalsettings/global.properties"
+HTMF_FILE[3]="${HTMF_HOME}/jarsigner.jks"
+HTMF_FILE[4]="${EJBCA_HOME}/conf/ejbca.properties"
+HTMF_FILE[5]="${EJBCA_HOME}/conf/database.properties"
+HTMF_FILE[6]="${JBOSS_HOME}/server/default/conf/keystore/keystore.jks"
+HTMF_FILE[7]="${JBOSS_HOME}/server/default/conf/keystore/truststore.jks"
+HTMF_FILE[8]="${JBOSS_HOME}/server/default/deploy/jboss-web.deployer/server.xml"
Added: trunk/syscheck/lang/926.english
===================================================================
Added: trunk/syscheck/related-available/926_local_htmf_copy_conf.sh
===================================================================
--- trunk/syscheck/related-available/926_local_htmf_copy_conf.sh (rev 0)
+++ trunk/syscheck/related-available/926_local_htmf_copy_conf.sh 2010-10-19 11:53:31 UTC (rev 7919)
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+# Set SYSCHECK_HOME if not already set.
+
+# 1. First check if SYSCHECK_HOME is set then use that
+if [ "x${SYSCHECK_HOME}" = "x" ] ; then
+# 2. Check if /etc/syscheck.conf exists then source that (put SYSCHECK_HOME=/path/to/syscheck in ther)
+ if [ -e /etc/syscheck.conf ] ; then
+ source /etc/syscheck.conf
+ else
+# 3. last resort use default path
+ SYSCHECK_HOME="/usr/local/syscheck"
+ fi
+fi
+
+if [ ! -f ${SYSCHECK_HOME}/syscheck.sh ] ; then echo "$0: Can't find syscheck.sh in SYSCHECK_HOME ($SYSCHECK_HOME)" ;exit ; fi
+
+
+
+
+## Import common definitions ##
+. $SYSCHECK_HOME/config/related-scripts.conf
+
+# uniq ID of script (please use in the name of this file also for convinice for finding next availavle number)
+SCRIPTID=921
+
+getlangfiles $SCRIPTID
+getconfig $SCRIPTID
+
+ERRNO_1="${SCRIPTID}1"
+ERRNO_2="${SCRIPTID}2"
+ERRNO_3="${SCRIPTID}3"
+
+### end config ###
+
+PRINTTOSCREEN=1
+if [ "x$1" = "x-h" -o "x$1" = "x--help" ] ; then
+ echo "$ECRT_HELP"
+ echo "$ERRNO_1/$COPY_EJBCA_CONF_DESCR_1 - $COPY_EJBCA_CONF_HELP_1"
+ echo "$ERRNO_2/$COPY_EJBCA_CONF_DESCR_2 - $COPY_EJBCA_CONF_HELP_2"
+ echo "${SCREEN_HELP}"
+ exit
+elif [ "x$1" = "x-s" -o "x$1" = "x--screen" -o \
+ "x$2" = "x-s" -o "x$2" = "x--screen" ] ; then
+ PRINTTOSCREEN=1
+fi
+
+
+# Make sure you add quotation marks for the first argument when adding new files that should be copied, for exampel.
+
+
+${SYSCHECK_HOME}/related-enabled/915_remote_command_via_ssh.sh ${HOSTNAME_NODE2} "mkdir -p ${REMOTE_DIR}" ${SSH_USER} ${SSHKEY}
+if [ $? -ne 0 ] ; then
+ echo "couldn't make dir"
+ exit
+fi
+
+
+for (( j=0; j < ${#HTMF_FILE[@]} ; j++ )){
+ printtoscreen "Copying file: ${HTMF_FILE[$j]} to:${HOSTNAME_NODE2} dir:${REMOTE_DIR} remotreuser:${REMOTE_USER} sshkey: ${SSHKEY}"
+ ${SYSCHECK_HOME}/related-enabled/906_ssh-copy-to-remote-machine.sh "${HTMF_FILE[$j]}" ${HOSTNAME_NODE2} ${REMOTE_DIR} ${REMOTE_USER} ${SSHKEY}
+ if [ $? -ne 0 ] ; then
+ echo "couln't copy file \"${HTMF_FILE[$j]}\""
+ exit
+ fi
+
+}
+
Property changes on: trunk/syscheck/related-available/926_local_htmf_copy_conf.sh
___________________________________________________________________
Added: svn:executable
+ *
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ki...@us...> - 2010-10-19 12:10:52
|
Revision: 7920
http://syscheck.svn.sourceforge.net/syscheck/?rev=7920&view=rev
Author: kinneh
Date: 2010-10-19 12:10:46 +0000 (Tue, 19 Oct 2010)
Log Message:
-----------
Closes #38 add a pre-upgrade script to copy all key config/keystores to /tmp/backup_htmf_conf
Modified Paths:
--------------
trunk/syscheck/lang/926.english
trunk/syscheck/related-available/926_local_htmf_copy_conf.sh
Modified: trunk/syscheck/lang/926.english
===================================================================
--- trunk/syscheck/lang/926.english 2010-10-19 11:53:31 UTC (rev 7919)
+++ trunk/syscheck/lang/926.english 2010-10-19 12:10:46 UTC (rev 7920)
@@ -0,0 +1,8 @@
+HELP="Copy all config/keystore files to /tmp/bckup_htmf_conf before system upgrade"
+DESCR_1="File copied ok(%s)"
+HELP_1="no action needed"
+DESCR_2="Failed to copy file (%s)"
+HELP_2="check permissions and paths"
+DESCR_3="Failed to create backup dir (%s)"
+HELP_3="check permissions and paths"
+
Modified: trunk/syscheck/related-available/926_local_htmf_copy_conf.sh
===================================================================
--- trunk/syscheck/related-available/926_local_htmf_copy_conf.sh 2010-10-19 11:53:31 UTC (rev 7919)
+++ trunk/syscheck/related-available/926_local_htmf_copy_conf.sh 2010-10-19 12:10:46 UTC (rev 7920)
@@ -22,7 +22,7 @@
. $SYSCHECK_HOME/config/related-scripts.conf
# uniq ID of script (please use in the name of this file also for convinice for finding next availavle number)
-SCRIPTID=921
+SCRIPTID=926
getlangfiles $SCRIPTID
getconfig $SCRIPTID
@@ -35,9 +35,9 @@
PRINTTOSCREEN=1
if [ "x$1" = "x-h" -o "x$1" = "x--help" ] ; then
- echo "$ECRT_HELP"
- echo "$ERRNO_1/$COPY_EJBCA_CONF_DESCR_1 - $COPY_EJBCA_CONF_HELP_1"
- echo "$ERRNO_2/$COPY_EJBCA_CONF_DESCR_2 - $COPY_EJBCA_CONF_HELP_2"
+ echo "$HELP"
+ echo "$ERRNO_1/$DESCR_1 - $HELP_1"
+ echo "$ERRNO_2/$DESCR_2 - $HELP_2"
echo "${SCREEN_HELP}"
exit
elif [ "x$1" = "x-s" -o "x$1" = "x--screen" -o \
@@ -49,19 +49,21 @@
# Make sure you add quotation marks for the first argument when adding new files that should be copied, for exampel.
-${SYSCHECK_HOME}/related-enabled/915_remote_command_via_ssh.sh ${HOSTNAME_NODE2} "mkdir -p ${REMOTE_DIR}" ${SSH_USER} ${SSHKEY}
+mkdir -p ${BACKUP_DIR}
if [ $? -ne 0 ] ; then
- echo "couldn't make dir"
- exit
+ printlogmess $ERROR $ERRNO_3 "$DESCR_3" "${BACKUP_DIR}"
+ exit
fi
for (( j=0; j < ${#HTMF_FILE[@]} ; j++ )){
- printtoscreen "Copying file: ${HTMF_FILE[$j]} to:${HOSTNAME_NODE2} dir:${REMOTE_DIR} remotreuser:${REMOTE_USER} sshkey: ${SSHKEY}"
- ${SYSCHECK_HOME}/related-enabled/906_ssh-copy-to-remote-machine.sh "${HTMF_FILE[$j]}" ${HOSTNAME_NODE2} ${REMOTE_DIR} ${REMOTE_USER} ${SSHKEY}
+ printtoscreen "Copying file: ${HTMF_FILE[$j]} to:${BACKUP_DIR}"
+ cp -f "${HTMF_FILE[$j]}" ${BACKUP_DIR}
if [ $? -ne 0 ] ; then
- echo "couln't copy file \"${HTMF_FILE[$j]}\""
- exit
+ printlogmess $ERROR $ERRNO_3 "$DESCR_3" ${HTMF_FILE[$j]}
+ continue
+ else
+ printlogmess $INFO $ERRNO_2 "$DESCR_2" ${HTMF_FILE[$j]}
fi
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ki...@us...> - 2010-10-27 15:02:18
|
Revision: 7923
http://syscheck.svn.sourceforge.net/syscheck/?rev=7923&view=rev
Author: kinneh
Date: 2010-10-27 15:02:12 +0000 (Wed, 27 Oct 2010)
Log Message:
-----------
closes #42 - add new script to change master mysql node in jboss and ejbca
Added Paths:
-----------
trunk/syscheck/config/816.conf
trunk/syscheck/database-replication/816-change-master-to-nodeX-in-jboss-and-ejbca.sh
trunk/syscheck/lang/816.english
Added: trunk/syscheck/config/816.conf
===================================================================
--- trunk/syscheck/config/816.conf (rev 0)
+++ trunk/syscheck/config/816.conf 2010-10-27 15:02:12 UTC (rev 7923)
@@ -0,0 +1,2 @@
+# config for 816-change-master-to-nodeX-injboss-and-ejbca.sh
+# no config
Added: trunk/syscheck/database-replication/816-change-master-to-nodeX-in-jboss-and-ejbca.sh
===================================================================
--- trunk/syscheck/database-replication/816-change-master-to-nodeX-in-jboss-and-ejbca.sh (rev 0)
+++ trunk/syscheck/database-replication/816-change-master-to-nodeX-in-jboss-and-ejbca.sh 2010-10-27 15:02:12 UTC (rev 7923)
@@ -0,0 +1,87 @@
+#!/bin/sh
+
+# Set SYSCHECK_HOME if not already set.
+
+# 1. First check if SYSCHECK_HOME is set then use that
+if [ "x${SYSCHECK_HOME}" = "x" ] ; then
+# 2. Check if /etc/syscheck.conf exists then source that (put SYSCHECK_HOME=/path/to/syscheck in ther)
+ if [ -e /etc/syscheck.conf ] ; then
+ source /etc/syscheck.conf
+ else
+# 3. last resort use default path
+ SYSCHECK_HOME="/usr/local/syscheck"
+ fi
+fi
+
+if [ ! -f ${SYSCHECK_HOME}/syscheck.sh ] ; then echo "$0: Can't find syscheck.sh in SYSCHECK_HOME ($SYSCHECK_HOME)" ;exit ; fi
+
+
+
+
+## Import common definitions ##
+. $SYSCHECK_HOME/config/database-replication.conf
+
+
+# Fail over JBoss datasource
+if [ "$DO_DATASOURCE_FAILOVER" == "false" ] ; then
+ echo Info: Not failing over JBoss datasources because DO_DATASOURCE_FAILOVER=false.
+ exit
+
+fi
+
+
+if [ "x$1" = "xnode1" ] ; then
+ HOSTNAME_NODE=$HOSTNAME_NODE1
+elif [ "x$1" = "xnode2" ] ; then
+ HOSTNAME_NODE=$HOSTNAME_NODE2
+else
+ echo "arg1 must be the node to enter in the ds conf (node1 or node2)"
+ exit
+fi
+RET=0
+
+# <connection-url>jdbc:mysql://${HOSTNAME_NODE}:3306/${DB_NAME}</connection-url>
+perl -pi -e "s#connection-url>jdbc:mysql:.*connection-url#connection-url>jdbc:mysql://${HOSTNAME_NODE}:3306/${DB_NAME}</connection-url#gio" ${JBOSS_HOME}/server/default/deploy/ejbca-ds.xml
+grep ${HOSTNAME_NODE} ${JBOSS_HOME}/server/default/deploy/ejbca-ds.xml || RET=1
+
+# <user-name>${DB_USER}</user-name>
+perl -pi -e "s#user-name.*user-name#user-name>${DB_USER}</user-name#gio" ${JBOSS_HOME}/server/default/deploy/ejbca-ds.xml
+grep ${DB_USER} ${JBOSS_HOME}/server/default/deploy/ejbca-ds.xml || RET=2
+
+# <password>${DB_PASSWORD}</password>
+perl -pi -e "s#password.*password#password>${DB_PASSWORD}</password#gio" ${JBOSS_HOME}/server/default/deploy/ejbca-ds.xml
+grep ${DB_PASSWORD} ${JBOSS_HOME}/server/default/deploy/ejbca-ds.xml || RET=3
+
+if [ ! -x ${EJBCA_HOME}/conf/database.properties ] ; then
+ cp ${EJBCA_HOME}/conf/database.properties.sample ${EJBCA_HOME}/conf/database.properties
+else
+ RET=10
+fi
+
+perl -pi -e \"s/#database.name=mysql/database.name=mysql/\" ${EJBCA_HOME}/conf/database.properties
+grep "^database.name=mysql/$" ${EJBCA_HOME}/conf/database.properties || RET=4
+
+perl -pi -e \"s/#datasource.mapping=mySQL/datasource.mapping=mySQL/\" ${EJBCA_HOME}/conf/database.properties
+grep "^datasource.mapping=mySQL$" ${EJBCA_HOME}/conf/database.properties || RET=5
+
+
+perl -pi -e \"s/#database.url=jdbc:mysql:\/\/127.0.0.1:3306\/ejbca$/database.url=jdbc:mysql:\/\/${HOSTNAME_NODE}:3306\/${mysqlejbcadbname}/\" ${EJBCA_HOME}/conf/database.properties
+grep "database.url.*${HOSTNAME_NODE}" ${EJBCA_HOME}/conf/database.properties || RET=6
+
+perl -pi -e \"s/#database.driver=com.mysql.jdbc.Driver/database.driver=com.mysql.jdbc.Driver/\" ${EJBCA_HOME}/conf/database.properties
+grep "^database.driver=com.mysql.jdbc.Driver$" ${EJBCA_HOME}/conf/database.properties || RET=7
+
+perl -pi -e \"s/#database.username=ejbca/database.username=${mysqlejbcauser}/\" ${EJBCA_HOME}/conf/database.properties
+grep "database.username=${mysqlejbcauser}" ${EJBCA_HOME}/conf/database.properties || RET=8
+
+perl -pi -e \"s/#database.password=ejbca/database.password=${mysqlejbcapass}/\" ${EJBCA_HOME}/conf/database.properties
+grep "database.password=${mysqlejbcapass}" ${EJBCA_HOME}/conf/database.properties || RET=9
+
+
+if [ $RET -eq 0 ] ; then
+ echo "ejbca-ds.xml in jboss switched host to ${HOSTNAME_NODE}"
+ echo "remember to restart jboss when you want the change to take effect"
+else
+ echo "failed to change all settings for database node in ejbca-ds.xml and/or database.properties"
+ echo "returncode: ${RET}"
+fi
Property changes on: trunk/syscheck/database-replication/816-change-master-to-nodeX-in-jboss-and-ejbca.sh
___________________________________________________________________
Added: svn:mergeinfo
+
Added: trunk/syscheck/lang/816.english
===================================================================
--- trunk/syscheck/lang/816.english (rev 0)
+++ trunk/syscheck/lang/816.english 2010-10-27 15:02:12 UTC (rev 7923)
@@ -0,0 +1 @@
+HELP="changes datasource in both ejbca/conf/database.properties and jboss/server/default/deploy/ejbca-ds.xml"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ki...@us...> - 2010-11-24 16:12:47
|
Revision: 7933
http://syscheck.svn.sourceforge.net/syscheck/?rev=7933&view=rev
Author: kinneh
Date: 2010-11-24 16:12:40 +0000 (Wed, 24 Nov 2010)
Log Message:
-----------
Closes #47 - change name in 905 publish crl so it uses a unique name
Modified Paths:
--------------
trunk/syscheck/config/905.conf
trunk/syscheck/related-available/905_publish_crl.sh
Modified: trunk/syscheck/config/905.conf
===================================================================
--- trunk/syscheck/config/905.conf 2010-11-23 13:27:38 UTC (rev 7932)
+++ trunk/syscheck/config/905.conf 2010-11-24 16:12:40 UTC (rev 7933)
@@ -2,42 +2,42 @@
HOURTHRESHOLD=1
-CANAME[0]=MSDomainLogonCA
+CRLCANAME[0]=MSDomainLogonCA
REMOTE_HOST[0]=localhost
CRLTO_DIR[0]='/srv/www/htdocs/crl/'
CRL_NAME[0]=MSDomainLogonCA.crl
SSHUSER[0]=
SSHKEY[0]=
-CANAME[1]=eSignCA
+CRLCANAME[1]=eSignCA
REMOTE_HOST[1]=localhost
CRLTO_DIR[1]='/srv/www/htdocs/crl/'
CRL_NAME[1]=eSignCA.crl
SSHUSER[1]=
SSHKEY[1]=
-CANAME[2]=ServerCA
+CRLCANAME[2]=ServerCA
CRLTO_DIR[2]='/srv/www/htdocs/crl/'
REMOTE_HOST[2]=localhost
CRL_NAME[2]=ServerCA.crl
SSHUSER[2]=
SSHKEY[2]=
-CANAME[3]=eIDCA
+CRLCANAME[3]=eIDCA
CRLTO_DIR[3]='/srv/www/htdocs/crl/'
REMOTE_HOST[3]=localhost
CRL_NAME[3]=eIDCA.crl
SSHUSER[3]=
SSHKEY[3]=
-CANAME[4]=MachineCertCA
+CRLCANAME[4]=MachineCertCA
CRLTO_DIR[4]='/srv/www/htdocs/crl/'
REMOTE_HOST[4]=localhost
CRL_NAME[4]=MachineCertCA.crl
SSHUSER[4]=
SSHKEY[4]=
-CANAME[5]=SoftTokenCA
+CRLCANAME[5]=SoftTokenCA
CRLTO_DIR[5]='/srv/www/htdocs/crl/'
REMOTE_HOST[5]=localhost
CRL_NAME[5]=SoftTokenCA.crl
Modified: trunk/syscheck/related-available/905_publish_crl.sh
===================================================================
--- trunk/syscheck/related-available/905_publish_crl.sh 2010-11-23 13:27:38 UTC (rev 7932)
+++ trunk/syscheck/related-available/905_publish_crl.sh 2010-11-24 16:12:40 UTC (rev 7933)
@@ -124,14 +124,14 @@
}
-for (( i=0; i < ${#CANAME[@]} ; i++ )){
+for (( i=0; i < ${#CRLCANAME[@]} ; i++ )){
tempdir=$(mktemp -d)
trap 'rm -rf "$tempdir"' EXIT
CRLFILE=${tempdir}/${CRL_NAME[$i]}
- get ${CANAME[$i]} "${CRLFILE}"
+ get ${CRLCANAME[$i]} "${CRLFILE}"
checkcrl "${CRLFILE}"
if [ $? -ne 0 ] ; then
# check crl didn't pass the crl so we'll not publish this one and continue with the next
@@ -142,7 +142,7 @@
if [ "x${REMOTE_HOST[$i]}" = "xlocalhost" ] ; then
cp -f ${CRLFILE} "${CRLTO_DIR[$i]}/${CRL_NAME[$i]}"
if [ $? -eq 0 ] ;then
- printlogmess $INFO $ERRNO_1 "$PUBL_DESCR_1" ${CANAME[$i]}
+ printlogmess $INFO $ERRNO_1 "$PUBL_DESCR_1" ${CRLCANAME[$i]}
else
printlogmess $ERROR $ERRNO_3 "$PUBL_DESCR_3" ${CRL_NAME[$i]} "${CRLTO_DIR[$i]}/${CRL_NAME[$i]}"
fi
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ki...@us...> - 2010-11-28 19:06:05
|
Revision: 7934
http://syscheck.svn.sourceforge.net/syscheck/?rev=7934&view=rev
Author: kinneh
Date: 2010-11-28 19:05:59 +0000 (Sun, 28 Nov 2010)
Log Message:
-----------
Closes #48 add custom ssh key to 907_make_mysql_db_backup_and_transfer_to_remote_mashine.sh
Modified Paths:
--------------
trunk/syscheck/config/907.conf
trunk/syscheck/related-available/907_make_mysql_db_backup_and_transfer_to_remote_mashine.sh
Modified: trunk/syscheck/config/907.conf
===================================================================
--- trunk/syscheck/config/907.conf 2010-11-24 16:12:40 UTC (rev 7933)
+++ trunk/syscheck/config/907.conf 2010-11-28 19:05:59 UTC (rev 7934)
@@ -9,13 +9,17 @@
BACKUP_HOST[0]=localhost
BACKUP_DIR[0]=/backup/host1/
BACKUP_USER[0]=backup
+BACKUP_SSHFROMKEY[0]=/home/jboss/.ssh/backup_id_rsa
+
#BACKUP_HOST[1]=logandbak2.labb
#BACKUP_DIR[1]=/backup/logandbak2.labb/
#BACKUP_USER[1]=backup
+#BACKUP_SSHFROMKEY[1]=/home/jboss/.ssh/backup_id_rsa
#BACKUP_HOST[2]=logandbak3.labb
#BACKUP_DIR[2]=/backup/logandbak3.labb/
#BACKUP_USER[2]=backup
+#BACKUP_SSHFROMKEY[2]=/home/jboss/.ssh/backup_id_rsa
# end config #
Modified: trunk/syscheck/related-available/907_make_mysql_db_backup_and_transfer_to_remote_mashine.sh
===================================================================
--- trunk/syscheck/related-available/907_make_mysql_db_backup_and_transfer_to_remote_mashine.sh 2010-11-24 16:12:40 UTC (rev 7933)
+++ trunk/syscheck/related-available/907_make_mysql_db_backup_and_transfer_to_remote_mashine.sh 2010-11-28 19:05:59 UTC (rev 7934)
@@ -82,7 +82,7 @@
fi
for (( i = 0 ; i < "${#BACKUP_HOST[@]}" ; i++ )) ; do
- $SYSCHECK_HOME/related-enabled/906_ssh-copy-to-remote-machine.sh ${FULLFILENAME} ${BACKUP_HOST[$i]} "${BACKUP_DIR[$i]}/${EXTRADIR}/" ${BACKUP_USER[$i]}
+ $SYSCHECK_HOME/related-enabled/906_ssh-copy-to-remote-machine.sh ${FULLFILENAME} ${BACKUP_HOST[$i]} "${BACKUP_DIR[$i]}/${EXTRADIR}/" ${BACKUP_USER[$i]} ${BACKUP_SSHFROMKEY[$i]}
if [ $? -eq 0 ] ; then
printlogmess $INFO $BAK_ERRNO_1 "$BAK_DESCR_1"
else
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ki...@us...> - 2010-11-28 22:08:51
|
Revision: 7935
http://syscheck.svn.sourceforge.net/syscheck/?rev=7935&view=rev
Author: kinneh
Date: 2010-11-28 22:08:45 +0000 (Sun, 28 Nov 2010)
Log Message:
-----------
Closes #46 - change 905_publish_crl.sh to be able to warn and error depending on how long time is left
Modified Paths:
--------------
trunk/syscheck/config/905.conf
trunk/syscheck/lang/905.english
trunk/syscheck/lib/cmp_dates.pl
trunk/syscheck/related-available/905_publish_crl.sh
Modified: trunk/syscheck/config/905.conf
===================================================================
--- trunk/syscheck/config/905.conf 2010-11-28 19:05:59 UTC (rev 7934)
+++ trunk/syscheck/config/905.conf 2010-11-28 22:08:45 UTC (rev 7935)
@@ -1,6 +1,5 @@
# config for 905_publish_crl.sh
-HOURTHRESHOLD=1
CRLCANAME[0]=MSDomainLogonCA
REMOTE_HOST[0]=localhost
@@ -8,13 +7,18 @@
CRL_NAME[0]=MSDomainLogonCA.crl
SSHUSER[0]=
SSHKEY[0]=
+CRLWARNTIME[0]=4h
+CRLERRORTIME[0]=60m
+
CRLCANAME[1]=eSignCA
REMOTE_HOST[1]=localhost
CRLTO_DIR[1]='/srv/www/htdocs/crl/'
CRL_NAME[1]=eSignCA.crl
SSHUSER[1]=
SSHKEY[1]=
+CRLWARNTIME[1]=4h
+CRLERRORTIME[1]=60m
CRLCANAME[2]=ServerCA
CRLTO_DIR[2]='/srv/www/htdocs/crl/'
@@ -22,6 +26,8 @@
CRL_NAME[2]=ServerCA.crl
SSHUSER[2]=
SSHKEY[2]=
+CRLWARNTIME[2]=4h
+CRLERRORTIME[2]=60m
CRLCANAME[3]=eIDCA
CRLTO_DIR[3]='/srv/www/htdocs/crl/'
@@ -29,6 +35,8 @@
CRL_NAME[3]=eIDCA.crl
SSHUSER[3]=
SSHKEY[3]=
+CRLWARNTIME[3]=4h
+CRLERRORTIME[3]=60m
CRLCANAME[4]=MachineCertCA
CRLTO_DIR[4]='/srv/www/htdocs/crl/'
@@ -36,6 +44,8 @@
CRL_NAME[4]=MachineCertCA.crl
SSHUSER[4]=
SSHKEY[4]=
+CRLWARNTIME[4]=4h
+CRLERRORTIME[4]=60m
CRLCANAME[5]=SoftTokenCA
CRLTO_DIR[5]='/srv/www/htdocs/crl/'
@@ -43,5 +53,7 @@
CRL_NAME[5]=SoftTokenCA.crl
SSHUSER[5]=
SSHKEY[5]=
+CRLWARNTIME[5]=4h
+CRLERRORTIME[5]="60m"
### end config ###
Modified: trunk/syscheck/lang/905.english
===================================================================
--- trunk/syscheck/lang/905.english 2010-11-28 19:05:59 UTC (rev 7934)
+++ trunk/syscheck/lang/905.english 2010-11-28 22:08:45 UTC (rev 7935)
@@ -1,6 +1,6 @@
PUBL_HELP="Script to publish the CRL:s from the CA, supports local and remote publishing by SSH"
-PUBL_DESCR_1="Publish CRL run successfully (%s)"
+PUBL_DESCR_1="Publish CRL run successfully (%s) %s"
PUBL_HELP_1="No action needed"
PUBL_DESCR_2="Publish to remote host failed crl:(%s) host:(%s)"
@@ -18,8 +18,15 @@
PUBL_DESCR_6="File size of CRL is 0 (%s)"
PUBL_HELP_6="Probably some problem getting the file/or filerights"
-PUBL_DESCR_7="CRL is outdated %s (%s)"
+PUBL_DESCR_7="CRL has past error time %s (%s)"
PUBL_HELP_7="This script cant get a new CRL, check the CA-logs"
PUBL_DESCR_8="CRL:%s is published to host:%s"
PUBL_HELP_8="no action needed"
+
+PUBL_DESCR_9="CRL has past warn time %s (%s)"
+PUBL_HELP_9="This script cant get a new CRL, check the CA-logs"
+
+PUBL_DESCR_10="Retrived and checked CRL (%s) %s"
+PUBL_HELP_10="No action needed"
+
Modified: trunk/syscheck/lib/cmp_dates.pl
===================================================================
--- trunk/syscheck/lib/cmp_dates.pl 2010-11-28 19:05:59 UTC (rev 7934)
+++ trunk/syscheck/lib/cmp_dates.pl 2010-11-28 22:08:45 UTC (rev 7935)
@@ -3,7 +3,9 @@
use Date::Manip;
my $indate = $ARGV[0];
+my $returnMinutes = $ARGV[1];
+
$now = localtime;
my %mon2int = ( "Jan" => "1",
@@ -33,6 +35,12 @@
$date2 = Date_SecsSince1970($nmon,$nmday,$nyear,$nhour,$nmin,$nsec);
# diff
-my $diff=int(($date1 - $date2)/3600);
+my $diff=0;
+if ( $returnMinutes eq "--return-in-minutes"){
+ $diff=int(($date1 - $date2)/60);
+}else{
+ $diff=int(($date1 - $date2)/3600);
+}
+
print "$diff\n";
Modified: trunk/syscheck/related-available/905_publish_crl.sh
===================================================================
--- trunk/syscheck/related-available/905_publish_crl.sh 2010-11-28 19:05:59 UTC (rev 7934)
+++ trunk/syscheck/related-available/905_publish_crl.sh 2010-11-28 22:08:45 UTC (rev 7935)
@@ -38,6 +38,8 @@
ERRNO_6=${SCRIPTID}6
ERRNO_7=${SCRIPTID}7
ERRNO_8=${SCRIPTID}8
+ERRNO_9=${SCRIPTID}8
+ERRNO_10=${SCRIPTID}8
@@ -57,10 +59,11 @@
CRLFILE=$2
cd ${EJBCA_HOME}
printtoscreen "${EJBCA_HOME}/bin/ejbca.sh ca getcrl $CRLNAME $CRLFILE"
- ${EJBCA_HOME}/bin/ejbca.sh ca getcrl $CRLNAME "$CRLFILE"
+ CMD=$(${EJBCA_HOME}/bin/ejbca.sh ca getcrl $CRLNAME "$CRLFILE")
if [ $? != 0 -o ! -r $CRLFILE ] ; then
printlogmess $ERROR $ERRNO_6 "$PUBL_DESCR_6" "$CRLNAME/$CRLFILE"
fi
+ printtoscreen $CMD
}
@@ -88,8 +91,48 @@
checkcrl () {
CRLFILE=$1
+ WTIME=$2
+ ETIME=$2
+ wishour=$(echo $WTIME | grep -i "h")
+ wismin=$(echo $WTIME | grep -i "m")
+ wdigits=$(echo $WTIME| perl -ane 'm/(\d+)/,print "$1"')
+ wunit="hours"
+ wcmdopts=""
+ if [ "x$wismin" != "x" ] ; then
+ wcmdopts="--return-in-minutes"
+ wunit="minutes"
+ elif [ "x$wishour" != "x" ] ; then
+# TIME=$digits
+ wunit="hours"
+ else
+ # todo fail not known time
+ # default to use only number as before
+# TIME=$digits
+ wunit="hours"
+ fi
+ WTIME=$wdigits
+ eishour=$(echo $ETIME | grep -i "h")
+ eismin=$(echo $ETIME | grep -i "m")
+ edigits=$(echo $ETIME| perl -ane 'm/(\d+)/,print "$1"')
+ eunit="hours"
+ ecmdopts=""
+ if [ "x$eismin" != "x" ] ; then
+ ecmdopts="--return-in-minutes"
+ eunit="minutes"
+ elif [ "x$eishour" != "x" ] ; then
+# TIME=$digits
+ eunit="hours"
+ else
+ # todo fail not known time
+ # default to use only number as before
+# TIME=$digits
+ eunit="hours"
+ fi
+ ETIME=$edigits
+
+
# file not found where it should be
if [ ! -f $CRLFILE ] ; then
printlogmess $ERROR $ERRNO_4 "$PUBL_DESCR_4" $CRLFILE
@@ -112,13 +155,20 @@
# now we can check the crl:s best before date is in the future with atleast HOURTHRESHOLD hours (defined in resources)
TEMPDATE=`openssl crl -inform der -in $CRLFILE -nextupdate -noout`
DATE=${TEMPDATE:11}
- HOURSLEFT=`${SYSCHECK_HOME}/lib/cmp_dates.pl "$DATE"`
+ WTIMELEFT=$(${SYSCHECK_HOME}/lib/cmp_dates.pl "$DATE" ${wcmdopts})
+ ETIMELEFT=$(${SYSCHECK_HOME}/lib/cmp_dates.pl "$DATE" ${ecmdopts})
- if [ "$HOURSLEFT" -lt "$HOURTHRESHOLD" ] ; then
- printlogmess $ERROR $ERRNO_7 "$PUBL_DESCR_7" $CRLFILE "hoursleft: ${HOURSLEFT} limit: ${HOURTHRESHOLD}"
+ if [ "$ETIMELEFT" -lt "$ETIME" ] ; then
+ printlogmess $ERROR $ERRNO_7 "$PUBL_DESCR_7" $CRLFILE "timeleft: ${ETIMELEFT}${eunit} limit: ${ETIME}${eunit}"
return 7
+
+ elif [ "$WTIMELEFT" -lt "$WTIME" ] ; then
+ printlogmess $WARN $ERRNO_9 "$PUBL_DESCR_9" $CRLFILE "timeleft: ${WTIMELEFT}${wunit} limit: ${WTIME}${wunit}"
+ return 7
+
else
-# printlogmess $INFO $ERRNO_1 "$PUBL_DESCR_1" $CRLFILE
+ printlogmess $INFO $ERRNO_10 "$PUBL_DESCR_10" $CRLFILE "timeleft: ${WTIMELEFT}${wunit} limit: ${WTIME}${wunit}"
+ printtoscreen "$INFO $ERRNO_10 $PUBL_DESCR_10 $CRLFILE timeleft: ${WTIMELEFT}${wunit} limit: ${WTIME}${wunit}"
return 0
fi
}
@@ -132,7 +182,8 @@
CRLFILE=${tempdir}/${CRL_NAME[$i]}
get ${CRLCANAME[$i]} "${CRLFILE}"
- checkcrl "${CRLFILE}"
+ echo "${CRLFILE} ${CRLWARNTIME[$i]} ${CRLERRORTIME[$i]}"
+ checkcrl "${CRLFILE}" ${CRLWARNTIME[$i]} ${CRLERRORTIME[$i]}
if [ $? -ne 0 ] ; then
# check crl didn't pass the crl so we'll not publish this one and continue with the next
rm -rf $tempdir
@@ -142,7 +193,7 @@
if [ "x${REMOTE_HOST[$i]}" = "xlocalhost" ] ; then
cp -f ${CRLFILE} "${CRLTO_DIR[$i]}/${CRL_NAME[$i]}"
if [ $? -eq 0 ] ;then
- printlogmess $INFO $ERRNO_1 "$PUBL_DESCR_1" ${CRLCANAME[$i]}
+ printlogmess $INFO $ERRNO_1 "$PUBL_DESCR_1" ${CRLCANAME[$i]}
else
printlogmess $ERROR $ERRNO_3 "$PUBL_DESCR_3" ${CRL_NAME[$i]} "${CRLTO_DIR[$i]}/${CRL_NAME[$i]}"
fi
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ki...@us...> - 2010-12-23 10:26:44
|
Revision: 7937
http://syscheck.svn.sourceforge.net/syscheck/?rev=7937&view=rev
Author: kinneh
Date: 2010-12-23 10:26:37 +0000 (Thu, 23 Dec 2010)
Log Message:
-----------
09 change to ip:s instead of dns names
906 use /bin/ech to expand multiple rows (\n)
811 add ; in instructions
Modified Paths:
--------------
trunk/syscheck/config/09.conf
trunk/syscheck/database-replication/811-master-node-flush-tables-with-read-lock.sh
trunk/syscheck/related-available/906_ssh-copy-to-remote-machine.sh
trunk/syscheck/scripts-available/sc_09_firewall.sh
Modified: trunk/syscheck/config/09.conf
===================================================================
--- trunk/syscheck/config/09.conf 2010-11-29 22:06:29 UTC (rev 7936)
+++ trunk/syscheck/config/09.conf 2010-12-23 10:26:37 UTC (rev 7937)
@@ -5,6 +5,6 @@
#IPTABLES_BIN=/sbin/iptables # debian
#Rules to check that it exists.
-IPTABLES_RULE1="DROP all -- anywhere anywhere"
+IPTABLES_RULE1="DROP all -- 0.0.0.0"
IPTABLES_RULE2="Chain INPUT (policy ACCEPT)"
Modified: trunk/syscheck/database-replication/811-master-node-flush-tables-with-read-lock.sh
===================================================================
--- trunk/syscheck/database-replication/811-master-node-flush-tables-with-read-lock.sh 2010-11-29 22:06:29 UTC (rev 7936)
+++ trunk/syscheck/database-replication/811-master-node-flush-tables-with-read-lock.sh 2010-12-23 10:26:37 UTC (rev 7937)
@@ -57,7 +57,7 @@
echo "FLUSH TABLES WITH READ LOCK;"
echo "keep the console open until the last step is done"
echo "then enter:"
-echo "UNLOCK TABLES"
+echo "UNLOCK TABLES;"
$MYSQL_BIN mysql -u root --password="$MYSQLROOT_PASSWORD"
if [ $? -eq 0 ] ; then
Modified: trunk/syscheck/related-available/906_ssh-copy-to-remote-machine.sh
===================================================================
--- trunk/syscheck/related-available/906_ssh-copy-to-remote-machine.sh 2010-11-29 22:06:29 UTC (rev 7936)
+++ trunk/syscheck/related-available/906_ssh-copy-to-remote-machine.sh 2010-12-23 10:26:37 UTC (rev 7937)
@@ -37,7 +37,7 @@
PRINTTOSCREEN=
if [ "x$1" = "x-h" -o "x$1" = "x--help" ] ; then
- echo "$SSH_HELP"
+ /bin/echo -e "$SSH_HELP"
echo "$ERRNO_1/$SSH_DESCR_1 - $SSH_HELP_1"
echo "$ERRNO_2/$SSH_DESCR_2 - $SSH_HELP_2"
echo "$ERRNO_3/$SSH_DESCR_3 - $SSH_HELP_3"
Modified: trunk/syscheck/scripts-available/sc_09_firewall.sh
===================================================================
--- trunk/syscheck/scripts-available/sc_09_firewall.sh 2010-11-29 22:06:29 UTC (rev 7936)
+++ trunk/syscheck/scripts-available/sc_09_firewall.sh 2010-12-23 10:26:37 UTC (rev 7937)
@@ -47,7 +47,7 @@
IPTABLES_TMP_FILE="/tmp/iptables.out"
-$IPTABLES_BIN -L > $IPTABLES_TMP_FILE
+$IPTABLES_BIN -L -n> $IPTABLES_TMP_FILE
FIREWALLFAILED="0"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ki...@us...> - 2011-08-09 11:50:31
|
Revision: 7944
http://syscheck.svn.sourceforge.net/syscheck/?rev=7944&view=rev
Author: kinneh
Date: 2011-08-09 11:50:25 +0000 (Tue, 09 Aug 2011)
Log Message:
-----------
closes #54 add script to create crl:s
Added Paths:
-----------
trunk/syscheck/config/927.conf
trunk/syscheck/lang/927.english
trunk/syscheck/related-available/927_create_crls.sh
Added: trunk/syscheck/config/927.conf
===================================================================
--- trunk/syscheck/config/927.conf (rev 0)
+++ trunk/syscheck/config/927.conf 2011-08-09 11:50:25 UTC (rev 7944)
@@ -0,0 +1,2 @@
+# config for 927_create_crls.sh
+# no config
Added: trunk/syscheck/lang/927.english
===================================================================
--- trunk/syscheck/lang/927.english (rev 0)
+++ trunk/syscheck/lang/927.english 2011-08-09 11:50:25 UTC (rev 7944)
@@ -0,0 +1,8 @@
+HELP="Script to create the CRL:s from the CA:s options if needed"
+
+DESCR_1="Create CRL run successfully (%s)"
+HELP_1="No action needed"
+
+DESCR_2="Create CRL failed (%s)"
+HELP_2="Try manually to run this command or direct do 'cd $EJBCA_HOME ; ./bin/ejbca.sh ca createcrl'"
+
Added: trunk/syscheck/related-available/927_create_crls.sh
===================================================================
--- trunk/syscheck/related-available/927_create_crls.sh (rev 0)
+++ trunk/syscheck/related-available/927_create_crls.sh 2011-08-09 11:50:25 UTC (rev 7944)
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+# The script fetches a crl from the ca and copies to a local dir or scp the crl to a webserver.
+
+# Set SYSCHECK_HOME if not already set.
+
+# 1. First check if SYSCHECK_HOME is set then use that
+if [ "x${SYSCHECK_HOME}" = "x" ] ; then
+# 2. Check if /etc/syscheck.conf exists then source that (put SYSCHECK_HOME=/path/to/syscheck in ther)
+ if [ -e /etc/syscheck.conf ] ; then
+ source /etc/syscheck.conf
+ else
+# 3. last resort use default path
+ SYSCHECK_HOME="/usr/local/syscheck"
+ fi
+fi
+
+if [ ! -f ${SYSCHECK_HOME}/syscheck.sh ] ; then echo "$0: Can't find syscheck.sh in SYSCHECK_HOME ($SYSCHECK_HOME)" ;exit ; fi
+
+# source env vars from system that dont get included when running from cron
+
+
+
+# Import common resources
+. $SYSCHECK_HOME/config/related-scripts.conf
+
+
+## local definitions ##
+SCRIPTID=927
+getlangfiles $SCRIPTID
+getconfig $SCRIPTID
+
+ERRNO_1=${SCRIPTID}1
+ERRNO_2=${SCRIPTID}2
+ERRNO_3=${SCRIPTID}3
+
+
+if [ "x$1" = "x--help" -o "x$1" = "x-h" ] ; then
+ echo $HELP
+ echo "$ERRNO_1/$DESCR_1 - $HELP_1"
+ echo "$ERRNO_2/$DESCR_2 - $HELP_2"
+ echo "$0 <-s|--screen>"
+ exit
+elif [ "x$1" = "x-s" -o "x$1" = "x--screen" ] ; then
+ PRINTTOSCREEN=1
+fi
+
+
+
+printtoscreen "${EJBCA_HOME}/bin/ejbca.sh ca createcrl"
+CMD=$(${EJBCA_HOME}/bin/ejbca.sh ca createcrl 2>&1)
+RES=$(echo "$CMD" | grep "CRLs have been created.")
+if [ "x$RES" = "x" ] ; then
+ printlogmess $ERROR $ERRNO_2 "$DESCR_2" "$CMD"
+else
+ printlogmess $INFO $ERRNO_1 "$DESCR_1" "$CMD"
+fi
+printtoscreen $CMD
+
Property changes on: trunk/syscheck/related-available/927_create_crls.sh
___________________________________________________________________
Added: svn:executable
+ *
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ki...@us...> - 2011-08-10 14:43:24
|
Revision: 7945
http://syscheck.svn.sourceforge.net/syscheck/?rev=7945&view=rev
Author: kinneh
Date: 2011-08-10 14:43:17 +0000 (Wed, 10 Aug 2011)
Log Message:
-----------
closes #55 add a syscheck script to verify db is in sync
Modified Paths:
--------------
trunk/syscheck/database-replication/808-test-table-update-and-check-master-and-slave.sh
Added Paths:
-----------
trunk/syscheck/config/301.conf
trunk/syscheck/lang/301.english
trunk/syscheck/scripts-available/sc_301_check_db_sync.sh
Added: trunk/syscheck/config/301.conf
===================================================================
--- trunk/syscheck/config/301.conf (rev 0)
+++ trunk/syscheck/config/301.conf 2011-08-10 14:43:17 UTC (rev 7945)
@@ -0,0 +1,2 @@
+#config for sc_30_check_sync.sh
+#no config
Modified: trunk/syscheck/database-replication/808-test-table-update-and-check-master-and-slave.sh
===================================================================
--- trunk/syscheck/database-replication/808-test-table-update-and-check-master-and-slave.sh 2011-08-09 11:50:25 UTC (rev 7944)
+++ trunk/syscheck/database-replication/808-test-table-update-and-check-master-and-slave.sh 2011-08-10 14:43:17 UTC (rev 7945)
@@ -4,6 +4,7 @@
#the table is created in the EJBCA database and contains a int columnt test
#with the value on 1.
#
+# mzbradm 110726 Update with two Variabels that is used in the script SYSCHECK_HOME/script-avalible/sc_30_check_sync.sh
# Set SYSCHECK_HOME if not already set.
@@ -31,9 +32,27 @@
echo "cleaning and inserting new val: $newval into HOSTNAME_NODE1:$HOSTNAME_NODE1"
echo "delete from test" | $MYSQL_BIN $DB_NAME -u ${DB_USER} --password=${DB_PASSWORD} -h $HOSTNAME_NODE1
echo "insert into test set value=$newval" | $MYSQL_BIN $DB_NAME -u ${DB_USER} --password=${DB_PASSWORD} -h $HOSTNAME_NODE1
+sleep 1
-sleep 1
+# Create sqlscript
+echo "SELECT value from test;">/tmp/select.sql
+echo "SELECT max(updateTime) from CertificateData;">/tmp/select1.sql
+# Check the value in table test
+VALUE_NODE1=`$MYSQL_BIN $DB_NAME -h $HOSTNAME_NODE1 -u ${DB_USER} --password=${DB_PASSWORD} </tmp/select.sql`
+export VALUE_NODE1
echo "values from $HOSTNAME_NODE1"
-echo "SELECT value from test;" | $MYSQL_BIN $DB_NAME -h $HOSTNAME_NODE1 -u ${DB_USER} --password=${DB_PASSWORD}
+echo $VALUE_NODE1
+VALUE_NODE2=`$MYSQL_BIN $DB_NAME -h $HOSTNAME_NODE2 -u ${DB_USER} --password=${DB_PASSWORD} </tmp/select.sql`
echo "values from $HOSTNAME_NODE2"
-echo "SELECT value from test;" | $MYSQL_BIN $DB_NAME -h $HOSTNAME_NODE2 -u ${DB_USER} --password=${DB_PASSWORD}
+echo $VALUE_NODE2
+export VALUE_NODE1 VALUE_NODE2
+
+# Get time when table CertificateData was last updated
+LASTUPD_NODE1=`$MYSQL_BIN $DB_NAME -h $HOSTNAME_NODE1 -u ${DB_USER} --password=${DB_PASSWORD} </tmp/select1.sql`
+LASTUPD_NODE1=`echo $LASTUPD_NODE1 |awk '{print $2/1000}'`
+LASTUPD_NODE1=`perl -e "print scalar(localtime($LASTUPD_NODE1))"|awk '{print $3,$2,$4,$5}'`
+LASTUPD_NODE2=`$MYSQL_BIN $DB_NAME -h $HOSTNAME_NODE2 -u ${DB_USER} --password=${DB_PASSWORD} </tmp/select1.sql`
+LASTUPD_NODE2=`echo $LASTUPD_NODE2 |awk '{print $2/1000}'`
+LASTUPD_NODE2=`perl -e "print scalar(localtime($LASTUPD_NODE2))"|awk '{print $3,$2,$4,$5}'`
+echo "Lastupdate in CertificateData on $HOSTNAME_NODE1 $LASTUPD_NODE1"
+echo "Lastupdate in CertificateData on $HOSTNAME_NODE2 $LASTUPD_NODE2"
Added: trunk/syscheck/lang/301.english
===================================================================
--- trunk/syscheck/lang/301.english (rev 0)
+++ trunk/syscheck/lang/301.english 2011-08-10 14:43:17 UTC (rev 7945)
@@ -0,0 +1,7 @@
+SYNC_HELP="Check if DB in sync"
+
+SYNC_DESCR_1="DB in sync"
+SYNC_HELP_1="and updating databases"
+
+SYNC_DESCR_2="DB not in sync, date of CertificateData diff betwin nodes:"
+SYNC_HELP_2="check error.log, probebly needing manual sync, se manual"
Added: trunk/syscheck/scripts-available/sc_301_check_db_sync.sh
===================================================================
--- trunk/syscheck/scripts-available/sc_301_check_db_sync.sh (rev 0)
+++ trunk/syscheck/scripts-available/sc_301_check_db_sync.sh 2011-08-10 14:43:17 UTC (rev 7945)
@@ -0,0 +1,66 @@
+#!/bin/bash
+# Script that checks if the sync of Db works
+# Use SYSCHECK_HOME/database-replication/808-test-table-update-and-check-master-and-slave.sh as source of information
+# Set SYSCHECK_HOME if not already set.
+
+# 1. First check if SYSCHECK_HOME is set then use that
+if [ "x${SYSCHECK_HOME}" = "x" ] ; then
+# 2. Check if /etc/syscheck.conf exists then source that (put SYSCHECK_HOME=/path/to/syscheck in ther)
+ if [ -e /etc/syscheck.conf ] ; then
+ source /etc/syscheck.conf
+ else
+# 3. last resort use default path
+ SYSCHECK_HOME="/usr/local/syscheck"
+ fi
+fi
+
+if [ ! -f ${SYSCHECK_HOME}/syscheck.sh ] ; then echo "$0: Can't find syscheck.sh in SYSCHECK_HOME ($SYSCHECK_HOME)" ;exit ; fi
+
+
+
+
+
+## Import common definitions ##
+. $SYSCHECK_HOME/config/syscheck-scripts.conf
+
+# uniq ID of script (please use in the name of this file also for convinice for finding next availavle number)
+SCRIPTID=301
+
+SYNC_ERRNO_1=${SCRIPTID}01
+SYNC_ERRNO_2=${SCRIPTID}02
+
+getlangfiles $SCRIPTID
+getconfig $SCRIPTID
+
+# help
+if [ "x$1" = "x--help" ] ; then
+ echo "$0 $SYNC_HELP"
+ echo "$SYNC_ERRNO_1/$SYNC_DESCR_1 - $SYNC_HELP_1"
+ echo "$SYNC_ERRNO_2/$SYNC_DESCR_2 - $SYNC_HELP_2"
+ exit
+elif [ "x$1" = "x-s" -o "x$1" = "x--screen" ] ; then
+ PRINTTOSCREEN=1
+fi
+if [ ! -f $SYSCHECK_HOME/database-replication/808-test-table-update-and-check-master-and-slave.sh ]
+then
+echo " missing script, $SYSCHECK_HOME/database-replication/808-test-table-update-and-check-master-and-slave.sh"
+exit
+fi
+. $SYSCHECK_HOME/database-replication/808-test-table-update-and-check-master-and-slave.sh >/dev/null
+###echo $VALUE_NODE1 $VALUE_NODE2
+NODE1=`echo $VALUE_NODE1|awk '{print $2}'`
+NODE2=`echo $VALUE_NODE2|awk '{print $2}'`
+if [ $NODE1 != $NODE2 ]
+then
+ sync=FAIL
+
+SYNCDATE=`perl -e "print scalar(localtime($NODE2))"|awk '{print $3,$2,$4,$5}'`
+fi
+
+# Sends an error to syslog if x"$sync" is FAIL.
+if [ "x$sync" = "xFAIL" ] ; then
+ printlogmess "$ERROR" "$SYNC_ERRNO_2" "$SYNC_DESCR_2 $LASTUPD_NODE1 /$LASTUPD_NODE2"
+else
+ printlogmess "$INFO" "$SYNC_ERRNO_1" "$SYNC_DESCR_1"
+fi
+
Property changes on: trunk/syscheck/scripts-available/sc_301_check_db_sync.sh
___________________________________________________________________
Added: svn:executable
+ *
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
