reachableceo/ReachableCEO-ShellScriptPortfolio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

organzing for portfolio

Browse Source
This commit is contained in:
Charles N Wyble 2024-12-13 17:32:49 -06:00
parent 299f95e2fb
commit 1b0612b005
30 changed files with 910 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
K8S/k8s-context.sh Normal file
View File

@ -0,0 +1,19 @@
# Set the default kube context if present
DEFAULT_KUBE_CONTEXTS="$HOME/.kube/config"
if test -f "${DEFAULT_KUBE_CONTEXTS}"
then
export KUBECONFIG="$DEFAULT_KUBE_CONTEXTS"
fi
# Additional contexts should be in ~/.kube/custom-contexts/
CUSTOM_KUBE_CONTEXTS="$HOME/.kube/custom-contexts"
mkdir -p "${CUSTOM_KUBE_CONTEXTS}"
OIFS="$IFS"
IFS=$'\n'
for contextFile in `find "${CUSTOM_KUBE_CONTEXTS}" -type f -name "*.yml"`
do
export KUBECONFIG="$contextFile:$KUBECONFIG"
done
IFS="$OIFS"

18
K8S/kbCheck.sh Normal file
View File

@ -0,0 +1,18 @@
#!/bin/bash
IFS=$'\n\t'
kbNodeList=(
"db1"
"db2"
"db3"
)
for kbNode in ${kbNodeList[@]}; do
COMMAND="$(ssh $kbNode uptime)"
echo "Load on $kbNode" $COMMAND
done
kubectl get nodes -o wide
kubectl get pods -A -o wide

13
NetworkManagement/librenms-bulkAdd.sh Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash
hostsToAdd=(
pfv-vmsrv-06.turnsys.net
)
IFS=$'\n\t'
for nodeToAdd in ${hostsToAdd[@]}; do
./delhost.php $nodeToAdd
./addhost.php $nodeToAdd kn3lmgmt ; ./discovery.php -h $nodeToAdd kn3lmgmt ; ./poller.php -h $nodeToAdd kn3lmgmt &
done

33
NetworkManagement/librenmsPollScripts/discoveryWrap.sh Normal file
View File

@ -0,0 +1,33 @@
#!/bin/bash
#wrapper script called from cron for observium polling. A lightweight wrapper around poller.php
#Source common functions/variables
source /var/observium/CMDB/pollScripts/discoveryWrapControl
source /var/observium/CMDB/pollScripts/discoveryWrapCommon.sh
function discover()
#Perform discovery of hosts with pattern passed in via $1
{
logger "Performing discovery of node type: $1"
/var/observium/observium/discovery.php -h *$1*
if [ $? -ne 0 ]; then
error_out fatal "discovery.php run for $1 failed"
fi
}
function main()
#Main execution body
{
for arg in "${commandline_args[@]}"; do
preflight "$arg"
touch /tmp/discovery-$arg.lock
discover "$arg"
rm -f /tmp/discovery-$arg.lock
logger "Completed discovery."
done
}
#Kick it all off
commandline_args=("$@")
main

26
NetworkManagement/librenmsPollScripts/discoveryWrapCommon.sh Normal file
View File

@ -0,0 +1,26 @@
function error_out()
#Handle error conditions
#Takes two arguments:
#Error type (fatal,nonfatal)
#Error message
{
if [ $1 == "fatal" ]; then
echo "$0 has experienced a fatal error condition and has aborted operation at $DATE. Please investigate and resolve. Details: $2" | mail -s "Observium discovery fatal error" -r $ERROR_FROM $ERROR_TO
logger $0 has experienced a fatal error condition and has aborted operation at $DATE. Details: $2
exit 1
elif [ $1 == "nonfatal" ]; then
echo "$0 has experienced a non fatal error condition and has continued operation at $DATE. Please investigate and resolve. \n Details: $2" | mail -s "Observium discovery non fatal error" -r $ERROR_FROM $ERROR_TO
logger $0 has experienced a non fatal error condition and has continued operation at $DATE . Details: $2
fi
}
function preflight()
#Perform preflight checks for all scan types
{
logger "Performing preflight checks for discovery of node type: $1"
echo "Performing preflight checks for discovery of node type: $1"
if [ -f /tmp/discovery-$1.lock ]; then
error_out fatal "lock file /tmp/discovery-$1.lock exists. Bailing out."
fi
}

3
NetworkManagement/librenmsPollScripts/discoveryWrapControl Normal file
View File

@ -0,0 +1,3 @@
DATE=$(date +%m/%d/%Y-%H:%M)
ERROR_FROM=""
ERROR_TO=""

33
NetworkManagement/librenmsPollScripts/pollerWrap.sh Normal file
View File

@ -0,0 +1,33 @@
#!/bin/bash
#wrapper script called from cron for observium polling. A lightweight wrapper around poller.php
#Source common functions/variables
source /var/observium/CMDB/pollScripts/pollerWrapControl
source /var/observium/CMDB/pollScripts/pollerWrapCommon.sh
function poller()
#Perform scan
{
logger "Performing polling of node type: $1"
/var/observium/observium/poller.php -h *$1*
if [ $? -ne 0 ]; then
error_out fatal "poller.php run for $1 failed"
fi
}
function main()
#Main execution body
{
for arg in "${commandline_args[@]}"; do
preflight "$arg"
touch /tmp/poll-$arg.lock
poller "$arg"
rm -f /tmp/poll-$arg.lock
logger "Completed polling."
done
}
#Kick it all off
commandline_args=("$@")
main

27
NetworkManagement/librenmsPollScripts/pollerWrapCommon.sh Normal file
View File

@ -0,0 +1,27 @@
function error_out()
#Handle error conditions
#Takes two arguments:
#Error type (fatal,nonfatal)
#Error message
{
if [ $1 == "fatal" ]; then
echo "$0 has experienced a fatal error condition and has aborted operation at $DATE. Please investigate and resolve. Details: $2" | mail -s "Observium polling fatal error" -r $ERROR_FROM $ERROR_TO
logger $0 has experienced a fatal error condition and has aborted operation at $DATE. Details: $2
exit 1
elif [ $1 == "nonfatal" ]; then
echo "$0 has experienced a non fatal error condition and has continued operation at $DATE. Please investigate and resolve. \n Details: $2" | mail -s "Observium polling non fatal error" -r $ERROR_FROM $ERROR_TO
logger $0 has experienced a non fatal error condition and has continued operation at $DATE . Details: $2
fi
}
function preflight()
#Perform preflight checks for all scan types
{
echo "Performing preflight checks for polling of: $1"
logger "Performing preflight checks for polling of: $1"
if [ -f /tmp/poll-$1.lock ]; then
error_out fatal "Poll lock file /tmp/poll-$1.lock exists."
fi
}

3
NetworkManagement/librenmsPollScripts/pollerWrapControl Normal file
View File

@ -0,0 +1,3 @@
DATE=$(date +%m/%d/%Y-%H:%M)
ERROR_FROM=""
ERROR_TO=""

21
SysadminAutomation/PHPIpam/phpipam_api_key.sh Normal file
View File

@ -0,0 +1,21 @@
function api_key_phpiahm()
{
#Description: obtain api key from phpipam for future operations
#Arguments: none
#Outputs: api key
curl \
--silent \
-X POST \
--user $UN:$PW \
-H "Content-Type: application/xml" \
$PHPIPAM_BASE_URL/user/ > /tmp/phpipam/$CURR_EX_VAR-token.xml
export API_TOKEN=$(while read_dom; do
if [[ $ENTITY = "token" ]]; then
echo $CONTENT
fi
done < /tmp/phpipam/$CURR_EX_VAR-token.xml)
rm -f /tmp/phpipam/$CURR_EX_VAR-token.xml
}

52
SysadminAutomation/PHPIpam/phpipam_hostname_detail.sh Normal file
View File

@ -0,0 +1,52 @@
function phpipam_hostname_detail()
{
#Description: lookup network details from a hostname
#Arguments: hostname
#output: IP address, netmask, gw
#Lookup TS hostname/IP in phpipam
IP_XML=$(curl \
--silent \
-X GET \
--user $UN:$PW \
-H "Content-Type: application/xml" \
-H "token:${API_TOKEN}" \
$PHPIPAM_BASE_URL/api/$APP_ID/addresses/search_hostname/$1/ > /tmp/phpipam/$CURR_EX_VAR-ip.xml
)
PC_IP=$(while read_dom; do
if [[ $ENTITY = "ip" ]]; then
echo $CONTENT
fi
done < /tmp/phpipam/$CURR_EX_VAR-ip.xml)
SUBNET_ID=$(while read_dom; do
if [[ $ENTITY = "subnetId" ]]; then
echo $CONTENT
fi
done < /tmp/phpipam/$CURR_EX_VAR-ip.xml)
#Use subnet id to determine netmask and gateway
curl \
--silent \
-X GET \
--user $UN:$PW \
-H "Content-Type: application/xml" \
-H "token:${API_TOKEN}" \
$PHPIPAM_BASE_URL/api/$APP_ID/subnets/$SUBNET_ID/ > /tmp/phpipam/$CURR_EX_VAR-subnet.xml
export PC_NETMASK=$(while read_dom; do
if [[ $ENTITY = "Subnet_netmask" ]]; then
echo $CONTENT
fi
done < /tmp/phpipam/$CURR_EX_VAR-subnet.xml)
export PC_GATEWAY=$(while read_dom; do
if [[ $ENTITY = "ip_addr" ]]; then
echo $CONTENT
fi
done < /tmp/phpipam/$CURR_EX_VAR-subnet.xml)
}

5
SysadminAutomation/ServerAutomation/ServerAdmin/clean-docker.sh Normal file
View File

@ -0,0 +1,5 @@
#!/bin/bash
for did in $(docker ps -a |grep -v IMAGE|awk '{print $1}'); do docker rm -f $did;done
for did in $(docker image ls |grep -v IMAGE|awk '{print $3}'); do docker image rm -f $did;done

29
SysadminAutomation/ServerAutomation/ServerAdmin/commandWrapSafe Normal file
View File

@ -0,0 +1,29 @@
#!/bin/bash
#Wrapper for various items which play traffic.
#tcpreplay,tomahawk,isic suite
#Check for presence of eth0 in passed arguments and abort/alert
OPTIONS="$@"
function ABORT()
{
#red bg 0;41
#white text 1;37
chmod 400 $0.real
chmod 400 $0
MESSAGE="You have attempted to execute an action which will result in harm to the system. The system is now terminating all shell sessions on this host and alerting support personnel. You will lose any unsaved work."
echo -e "\e[0;41m$MESSAGE\e[1;37"
mailsend -q -smtp RELAYHOST -t PAGEREMAIL -f ALERTFROMEMAIL -sub "$0 using eth0 activity on $(hostname)" -M "$(hostname) attempted to play traffic using $0 out of eth0 at $(date)."
killall -g -9 bash
}
ETH0_CHECK=$(echo $OPTIONS | grep eth0 -c)
if [ $ETH0_CHECK -gt 0 ];
then
ABORT
fi
#If all checks pass, go ahead and execute the invoking program
$0.real $OPTIONS

10
SysadminAutomation/ServerAutomation/ServerAdmin/custom_ssh_handler.sh Normal file
View File

@ -0,0 +1,10 @@
function custom_ssh()
{
CUSTOMSSH_USER=$1
CUSTOMSSH_HOST=$2
CUSTOMSSH_COMMAND=$3
SSH_TARGET="$CUSTOMSSH_USER@$CUSTOMSSH_HOST"
ssh -q -t -o StrictHostKeyChecking=no -i $SSH_KEY $SSH_TARGET "$CUSTOMSSH_COMMAND"
}

17
SysadminAutomation/ServerAutomation/ServerAdmin/obtain_centos_mac.sh Normal file
View File

@ -0,0 +1,17 @@
function obtain_centos_mac()
{
DISTRO_TYPE="$(distro |awk '{print $1}'|tr '[:upper:]' '[:lower:]')"
DISTRO_VERSION=$(distro |awk '{print $2}'|awk -F '.' '{print $1}')
if [ $DISTRO_TYPE == "centos" ] && [ $DISTRO_VERSION == 6 ] ;
then
/sbin/ifconfig eth0|grep HWadd| awk '{print $NF}'|tr '[:upper:]' '[:lower:]'|sed 's/\:/-'/g
fi
if [ $DISTRO_TYPE == "centos" ] && [ $DISTRO_VERSION == 7 ] ;
then
/sbin/ifconfig eth0|grep ether| awk '{print $2}'|tr '[:upper:]' '[:lower:]'|sed 's/\:/-'/g
fi
}

21
SysadminAutomation/ServerAutomation/ServerAdmin/setForPxe.sh Normal file
View File

@ -0,0 +1,21 @@
#!/bin/bash
echo "setting bmc for pxe boot..."
export ISHP="$(dmidecode -t System|grep Manufacturer|grep HP -c)"
export ISDELL="$(dmidecode -t System|grep Manufacturer|grep Dell -c)"
#Set BMC to PXE
if [ $ISHP -eq 1 ]; then
hpbootcfg -P
fi
if [ $ISDELL -eq 1 ]; then
ipmitool chassis bootparam set bootflag force_pxe
fi
#Reboot the system
echo "re-booting..."
/sbin/reboot

20
SysadminAutomation/ServerAutomation/ServerAdmin/sitrep.sh Normal file
View File

@ -0,0 +1,20 @@
#!/bin/bash
#A script to produce a current situation report for a server
echo -e "\e[1;34;47mSystem uptime/load:\e[0m" ; uptime;
echo -e "\e[1;34;47mSystem hostname and IP address:\e[0m"; hostname && hostname -i;
echo -e "\e[1;34;47mDisk usage:\e[0m"; df -i; df -h;
echo -e "\e[1;34;47mPHP process count:\e[0m" ;ps faux |grep php | wc -l;
echo -e "\e[1;34;47mMemory:\e[0m"; free -m; cat /proc/meminfo | egrep 'MemTotal|MemFree';
echo -e "\e[1;34;47mNumber of and model ofCPU:\e[0m"; cat /proc/cpuinfo | grep processor | wc -l; cat /proc/cpuinfo | grep "model name";
echo -e "\e[1;34;47mSoftware Versions:\e[0m"; php -v; mysql --version; httpd -v;
echo -e "\e[1;34;47mExim Message Count:\e[0m"; exim -bpc;
echo -e "\e[1;34;47mFTP Connection Count:\e[0m"; netstat -pan |grep :21|wc -l;
echo -e "\e[1;34;47mApache Connection Count:\e[0m";netstat -pan|grep :80|wc -l;
echo -e "\e[1;34;47mSSH Connection Count:\e[0m"; netstat -pan|grep :22|wc -l;
for i in $(ls /var/log/sa/sa[0-31]*);do echo "Average System load for $(date +%B) $i" ; sar -f $i -q|tail -n 1 ; done;for i in $(ls /var/log/sa/sa[0-31]*);do echo "Average System load for $(date +%B) $i" ; sar -f $i -r|tail -n 1 ; done;
if [ -e /proc/user_beancounters ]; then echo -e "\e[1;34;47mUser Beancounters:\e[0m" && cat /proc/user_beancounters | awk '{if ($NF>0){print$0}}';fi;
echo -e "\e[1;34;47mrunning processes:\e[0m" ; ps faux|egrep -v 'init|watchdog|iscsi|cqueue|kmpath|iscsid|syslogd|kpsmoused|auditd|irqbalance|rpc.idmapd|hcid|kmpathd|ib_cm|rpciod|migration|kjournald|scsi_eh_0|scsi_eh_1|khubd|kswapd0|kedac|kauditd|udevd|named|mingetty|agetty|dbus|kacpid|kblockd|pdflush|ksoftirqd|khelper|kthread|kseriod|klogd|acpid|spamd|cpsrvd|pure-authd|/usr/sbin/courierlogger|/usr/lib/courier-imap';blockcount=$(ip ro |grep blackhole | wc -l); if [ $blockcount -gt 0 ]; then echo -e "\e[1;34;47mBlocked IP Addresses:\e[0m"; ip ro |grep blackhole; fi

7
SysadminAutomation/ServerAutomation/ServerAdmin/up2date.sh Normal file
View File

@ -0,0 +1,7 @@
apt-get -y --purge autoremove
apt-get update
apt-get -y upgrade
apt-get -y dist-upgrade
apt-get -y full-upgrade
apt-get -y --purge autoremove
apt-get clean

29
SysadminAutomation/ServerAutomation/out-of-band/Set_User.xml Normal file
View File

@ -0,0 +1,29 @@
<!-- file used for configuring admin privileges with hponcfg -->
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="adminname" PASSWORD="password">
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<USER_NAME value="Administrator"/>
<PASSWORD value="secretcred"/>
<ADMIN_PRIV value="Yes"/>
<REMOTE_CONS_PRIV value="Yes"/>
<RESET_SERVER_PRIV value="Yes"/>
<VIRTUAL_MEDIA_PRIV value="Yes"/>
<CONFIG_ILO_PRIV value="Yes"/>
<!-- Firmware support infomation for next 6 tags: -->
<!-- iLO 2 - None. -->
<!-- iLO - Version earlier than 1.40. -->
<!-- RILOE II - None. -->
<!-- <VIEW_LOGS_PRIV value="Yes"/> -->
<!-- <CLEAR_LOGS_PRIV value="Yes"/> -->
<!-- <EMS_PRIV value="Yes"/> -->
<!-- <UPDATE_ILO_PRIV value="No"/> -->
<!-- <CONFIG_RACK_PRIV value="Yes"/> -->
<!-- <DIAG_PRIV value="Yes"/> -->
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>

141
SysadminAutomation/ServerAutomation/out-of-band/config-iLO Normal file
View File

@ -0,0 +1,141 @@
#!/bin/bash
#Script for configuring iLO - modified version, works with hponcfg-4.2.0-0.i386.rpm
#set -x
function configure-ilo()
{
echo "Now running $FUNCNAME...."
#Install hponcfg
#yum install -y hponcfg
#Reset to factory defaults (just in case)
hponcfg -r
#Dynamic values for the generated XML
ILONAME="$(hostname -s)-iLO"
ILOIP="$(dig -x @DNS_SERVER_IP $ILONAME.$TLD +short)"
#VLAN verification and configuration
case $ILOIP in
172.16.10*.*)
GATEWAY=172.16.103.254
NETMASK=255.255.252.0
ENABLEV=Y
VLAN=101
;;
172.16.11*.*)
GATEWAY=172.16.115.254
NETMASK=255.255.252.0
ENABLEV=Y
VLAN=112
;;
172.17.1.*)
GATEWAY=0.0.0.0
NETMASK=255.255.252.0
ENABLEV=N
VLAN=243
;;
172.17.2.*)
GATEWAY=0.0.0.0
NETMASK=255.255.252.0
ENABLEV=N
VLAN=243
;;
esac
#Build xml config file for ILO
cat > /tmp/ilo.dat <<ENDILO
<!-- HPONCFG VERSION = "1.9" -->
<!-- Generated 1/31/2013 16:8:49 -->
<RIBCL VERSION="2.1">
<LOGIN USER_LOGIN="Administrator" PASSWORD="xxxxx">
<DIR_INFO MODE="write">
<MOD_DIR_CONFIG>
<DIR_AUTHENTICATION_ENABLED VALUE = "No"/>
<DIR_LOCAL_USER_ACCT VALUE = "Y"/>
<DIR_SERVER_ADDRESS VALUE = ""/>
<DIR_SERVER_PORT VALUE = "636"/>
<DIR_OBJECT_DN VALUE = ""/>
<DIR_OBJECT_PASSWORD VALUE = ""/>
<DIR_USER_CONTEXT_1 VALUE = ""/>
<DIR_USER_CONTEXT_2 VALUE = ""/>
<DIR_USER_CONTEXT_3 VALUE = ""/>
</MOD_DIR_CONFIG>
</DIR_INFO>
<RIB_INFO MODE="write">
<MOD_NETWORK_SETTINGS>
<DHCP_ENABLE VALUE = "No"/>
<SPEED_AUTOSELECT VALUE = "Yes"/>
<NIC_SPEED VALUE = "10"/>
<FULL_DUPLEX VALUE = "Y"/>
<IP_ADDRESS VALUE = "$ILOIP"/>
<SUBNET_MASK VALUE = "$NETMASK"/>
<GATEWAY_IP_ADDRESS VALUE = "$GATEWAY"/>
<DNS_NAME VALUE = "$ILONAME"/>
<PRIM_DNS_SERVER value = "10.207.12.78"/>
<DOMAIN_NAME VALUE = "tplab.tippingpoint.com"/>
<DHCP_GATEWAY VALUE = "No"/>
<DHCP_DNS_SERVER VALUE = "No"/>
<DHCP_STATIC_ROUTE VALUE = "No"/>
<DHCP_WINS_SERVER VALUE = "No"/>
<REG_WINS_SERVER VALUE = "No"/>
<PRIM_WINS_SERVER VALUE = ""/>
<SHARED_NETWORK_PORT VALUE="Y"/>
<VLAN_ENABLED VALUE = "$ENABLEV"/>
<VLAN_ID VALUE = "$VLAN"/>
</MOD_NETWORK_SETTINGS>
<!-- iLO Advanced Activation -->
<LICENSE>
<ACTIVATE KEY="3GMPZW29YQP242466Q99355BM" />
</LICENSE>
</RIB_INFO>
<USER_INFO MODE="write">
<ADD_USER
USER_NAME="Guest"
USER_LOGIN="Guest"
PASSWORD="Wund3rB4r!!">
<ADMIN_PRIV value="Y"/>
<REMOTE_CONS_PRIV value="Y"/>
<RESET_SERVER_PRIV value="Y"/>
<VIRTUAL_MEDIA_PRIV value="Y"/>
<CONFIG_ILO_PRIV value="Y"/>
</ADD_USER>
</USER_INFO>
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<USER_NAME value="Administrator"/>
<PASSWORD value="admin11=="/>
<ADMIN_PRIV value="N"/>
<REMOTE_CONS_PRIV value="Y"/>
<RESET_SERVER_PRIV value="Y"/>
<VIRTUAL_MEDIA_PRIV value="N"/>
<CONFIG_ILO_PRIV value="N"/>
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>
ENDILO
#Apply config to the ILO card
hponcfg -f /tmp/ilo.dat
echo "iLO configured on $ILONAME, IP: $ILOIP"
}
#configure-ilo
##########################################################################################
## Control logic for the script ##
##########################################################################################
main()
{
echo "Configuring iLo on $ILONAME at $(date)"
configure-ilo
}
main

99
SysadminAutomation/ServerAutomation/out-of-band/iLO-admin-priv Normal file
View File

@ -0,0 +1,99 @@
#!/bin/bash
#Standalone script for setting Administrator Privileges
#set -x
#Checks to see if the server is a HP
function server-check()
{
SERVER_TYPE="$(dmidecode -t system|grep Manufacturer |grep HP -c)"
if [ $SERVER_TYPE -eq 0 ]; then
echo This is not a HP server, exiting.
exit
fi
if [ $SERVER_TYPE -eq 1 ]; then
echo Server is a HP, checking admin privileges
#yum install -y hponcfg
ilo-check
fi
}
#Checks the status of iLO on the server
function ilo-check()
{
#Generates the XML file for checking iLO
cat > /tmp/ilo.check << ENDCHECK
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="adminname" PASSWORD="password">
<USER_INFO MODE="read">
<GET_USER USER_LOGIN="Administrator"/>
</USER_INFO>
</LOGIN>
</RIBCL>
ENDCHECK
#iLO Status variable
ILOSTATUS="$(hponcfg -f /tmp/ilo.check | grep ADMIN_PRIV |grep -i y -c)"
if [ $ILOSTATUS -eq 0 ]; then
echo Administrator does not have admin privileges. Enabling...
configure-ilo
fi
if [ $ILOSTATUS -eq 1 ]; then
echo Administrator has admin privileges, exiting
fi
}
function configure-ilo()
{
#Build xml config file for ILO
cat > /tmp/ilo.dat <<ENDILO
<!-- HPONCFG VERSION = "1.9" -->
<!-- Generated 1/31/2013 16:8:49 -->
<RIBCL VERSION="2.1">
<LOGIN USER_LOGIN="Administrator" PASSWORD="xxxxx">
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<USER_NAME value="Administrator"/>
<PASSWORD value="admin11=="/>
<ADMIN_PRIV value="Yes"/>
<REMOTE_CONS_PRIV value="Yes"/>
<RESET_SERVER_PRIV value="Yes"/>
<VIRTUAL_MEDIA_PRIV value="Yes"/>
<CONFIG_ILO_PRIV value="Yes"/>
<!-- Firmware support infomation for next 6 tags: -->
<!-- iLO 2 - None. -->
<!-- iLO - Version earlier than 1.40. -->
<!-- RILOE II - None. -->
<!-- <VIEW_LOGS_PRIV value="Yes"/> -->
<!-- <CLEAR_LOGS_PRIV value="Yes"/> -->
<!-- <EMS_PRIV value="Yes"/> -->
<!-- <UPDATE_ILO_PRIV value="No"/> -->
<!-- <CONFIG_RACK_PRIV value="Yes"/> -->
<!-- <DIAG_PRIV value="Yes"/> -->
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>
ENDILO
#Apply config to the iLO card
hponcfg -f /tmp/ilo.dat
echo "Admin Privileges enabled on $(hostname)"
}
##########################################################################################
## Control logic for the script ##
##########################################################################################
main()
{
echo "iLO Admin Privilege checker initiated on $(hostname) at $(date)"
server-check
}
main

71
SysadminAutomation/ServerAutomation/out-of-band/ilo-password-changer Normal file
View File

@ -0,0 +1,71 @@
#This is a test change
#!/bin/bash
#iLO Password Updater script
#set -x
function iLO-password-updater()
{
#Build xml config file for ILO
cat << ENDILO > /tmp/ilo.pass
<!-- RIBCL Sample Script for HP Lights-Out Products -->
<!--Copyright (c) 2003,2008 Hewlett-Packard Development Company, L.P.-->
<!-- Description: This is a sample XML script to change a user's -->
<!-- password in the database of local users on -->
<!-- following devices: -->
<!-- Integrated Lights-Out 2 (iLO 2) -->
<!-- Integrated Lights-Out (iLO) -->
<!-- Remote Insight Lights-Out Edition II (RILOE II) -->
<!-- NOTE: You will need to replace the values inside the quote -->
<!-- marks with values that are appropriate for your -->
<!-- environment. -->
<!-- Use CPQLOCFG.EXE ver 2.26 or greater with this script -->
<!-- This script was written for iLO 2 firmware version 1.30. -->
<!-- release. -->
<!-- See "HP Integrated Lights-Out Management Processor -->
<!-- Scripting and Command Line Resource Guide" for more -->
<!-- information on scripting and the syntax of the RIBCL -->
<!-- XML. -->
<!-- Firmware support infomation for this script: -->
<!-- iLO 2 - All versions. -->
<!-- iLO - All versions. -->
<!-- RILOE II - All versions. -->
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="adminname" PASSWORD="password">
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<PASSWORD value="secretcred"/>
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>
ENDILO
#Apply new password to the iLO card
hponcfg -f /tmp/ilo.pass
echo "iLO password changed on $(hostname)"
}
##########################################################################################
## Control logic for the script ##
##########################################################################################
main()
{
echo -e "iLO password changer initiated on $(hostname) at $(date)\n"
iLO-password-updater
}
main

30
SysadminAutomation/ServerAutomation/out-of-band/iloFwUp Normal file
View File

@ -0,0 +1,30 @@
#!/bin/bash
#Checks to see if the server is a HP, exit if not
SERVER_TYPE="$(dmidecode -t system|grep Manufacturer |grep HP -c)"
if [ $SERVER_TYPE -eq 0 ]; then
echo This is not a HP server, exiting.
exit
fi
#FWDLURL="https://dl.server.domain/fwdir"
#Upgrade ILO firmware to latest version as of 02/10/2015
hponcfg -g
VERSION=$(hponcfg -g|grep type|awk -F 'type' '{print $2}'|awk '{print $3}')
echo "Upgrading firmware...."
if [ $VERSION -eq "4" ]; then
curl --silent $FWDLURL/ilo/HPILO4 > /tmp/HPILO4
chmod +x /tmp/HPILO4
/tmp/HPILO4
fi
if [ $VERSION -eq "2" ]; then
curl --silent $FWDLURL/ilo/HPILO2 > /tmp/HPILO2
chmod +x /tmp/HPILO2
/tmp/HPILO2
fi

90
SysadminAutomation/ServerAutomation/out-of-band/iloUpdater.sh Normal file
View File

@ -0,0 +1,90 @@
#!/bin/bash
#Standalone iLO updater script - Jason Mak 6/25/2018
#Defines the latest version of iLO
ilo2latest="2.33"
ilo4latest="2.61"
#Checks server type, only proceeds on HP servers
function server-check()
{
ISHP=$(dmidecode -t System | grep Manufacturer | grep HP -c)
ISDELL=$(dmidecode -t System | grep Manufacturer | grep Dell -c)
if [ $ISDELL -eq 1 ]; then
echo "Server is a Dell, exiting"
server-cleanup
exit
fi
if [ $ISHP -eq 1 ]; then
echo "Server is an HP, proceeding"
ilogeneration=$(hponcfg | grep -i "ilo" | awk -F= '{print $3}' | awk '{print $2}')
iloversionraw=$(hponcfg | grep -i "ilo" | awk -F= '{print $2}' | awk '{print $1}')
iloversion=${iloversionraw//.}
ilo-versioncheck
fi
}
#Checks iLO generation and version, updates as necessary
function ilo-versioncheck()
{
if [ $ilogeneration -eq "2" ]; then
if [ $(echo $iloversion -lt ${ilo2latest//.}) ]; then
echo "iLO2 firmware:" $iloversionraw "latest version is:" $ilo2latest "updating..."
wget http://172.16.99.121/iLO/ilo2_${ilo2latest//.}.bin -O /tmp/iloFW.bin
update-ilo
server-cleanup
else
echo "iLO 2 is up to date, exiting"
server-cleanup
exit
fi
fi
if [ $ilogeneration -eq "4" ]; then
if [ $(echo $iloversion -lt ${ilo4latest//.}) ]; then
echo "iLO4 firmware:" $iloversionraw "latest version is:" $ilo4latest "updating..."
wget http://172.16.99.121/iLO/ilo4_${ilo4latest//.}.bin -O /tmp/iloFW.bin
update-ilo
server-cleanup
else
echo "iLO 4 is up to date, exiting"
server-cleanup
exit
fi
fi
}
#xml file that performs the update
function update-ilo()
{
cat > /tmp/ilo_update.xml << EOF
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="adminname" PASSWORD="password">
<RIB_INFO MODE="write">
<!-- Firmware support information for next tag: -->
<!-- iLO 2 - 1.70 and later. For servers with TPM enabled. -->
<!-- iLO - None -->
<!-- Riloe II - None -->
<TPM_ENABLED VALUE="Yes"/>
<UPDATE_RIB_FIRMWARE IMAGE_LOCATION="/tmp/iloFW.bin"/>
</RIB_INFO>
</LOGIN>
</RIBCL>
EOF
hponcfg -f /tmp/ilo_update.xml
}
#Clean-up
function server-cleanup()
{
rm -vf /tmp/iloFW.bin
rm -vf /tmp/ilo_update.xml
rm -vf /tmp/iloUpdater.sh
}
#Control logic
main ()
{
server-check
}
main

1
SysadminAutomation/ServerAutomation/ssh-handlers/generic-authorized_keys Normal file
View File

@ -0,0 +1 @@
command="/home/user/restricted-handler.sh",from="ALLOWED_HOST_FQDN",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty PUBLICKEY

23
SysadminAutomation/ServerAutomation/ssh-handlers/generic-restricted-handler.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
set $SSH_ORIGINAL_COMMAND
case "$1" in
ls)
;;
scp)
;;
/bin/scp)
;;
rm)
;;
/path/to/custom/command)
;;
*)
logger -s -t restricted-command -- "Invalid command $@"
exit 1
;;
esac
logger -t restricted-command -- "Executing $@"
exec "$@"

1
SysadminAutomation/ServerAutomation/ssh-handlers/slack-authorized_keys Normal file
View File

@ -0,0 +1 @@
command="/home/slack-lab/bin/restricted-handler.sh" SSHPUBKEY

16
SysadminAutomation/ServerAutomation/ssh-handlers/slack-restricted-handler.sh Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
set $SSH_ORIGINAL_COMMAND
case "$1" in
rsync)
;;
*)
logger -s -t restricted-command -- "Invalid command $@"
echo "An attempt was made to utilize the private key on a KNEL managed server to access control and execute the following command: $@" | mail -s "SECURITY BREACH ON control for slack account: $USER" BREACHPAGEEMAIL
exit 1
;;
esac
exec "$@"

41
SysadminAutomation/makeIPAMUsr.sh Normal file
View File

@ -0,0 +1,41 @@
#!/bin/bash
export AD_DOMAIN="test"
export DOMAIN_TLD="testco.tld"
export AD_QUERY_USERNAME="ldapquery"
export AD_QUERY_PASSWORD="Ldap01-^"
export AD_DC="testdc"
#-b "cn=users,dc=test,dc=testco,dc=tld" \
# Make these into the appropriate components of above string
export DCPART1=""
export DCPART2=""
export DCPART3=""
AD_DOMAIN_FQDN="$AD_DOMAIN.$DOMAIN_TLD"
DOMAIN_CONTROLLER_FQDN="$AD_DC.$AD_DOMAIN_FQDN"
for domain_user in $(cat $AD_DOMAIN-userlist);
do
ademail=$(ldapsearch -LLL\
-x -h $DOMAIN_CONTROLLER_FQDN \
-D "$AD_QUERY_USERNAME@$AD_DOMAIN_FQDN" \
-w $AD_QUERY_PASSWORD \
-b "cn=users,dc=$DCPART1,dc=$DCPART2,dc=$DCPART3" \
-s sub "(samAccountName=$domain_user)" mail|grep "mail\:" | awk -F ":" '{print $2}')
realname=$(ldapsearch -LLL\
-x -h $DOMAIN_CONTROLLER_FQDN \
-D "$AD_QUERY_USERNAME@$AD_DOMAIN_FQDN" \
-w $AD_QUERY_PASSWORD \
-b "cn=users,dc=$DCPART1,dc=$DCPART2,dc=$DCPART3" \
-s sub "(samAccountName=$domain_user)" name|grep "name\:" |awk -F ":" '{print $2}')
adname=$(ldapsearch -LLL\
-x -h $DOMAIN_CONTROLLER_FQDN \
-D "$AD_QUERY_USERNAME@$AD_DOMAIN_FQDN" \
-w $AD_QUERY_PASSWORD \
-b "cn=users,dc=$DCPART1,dc=$DCPART2,dc=$DCPART3" \
-s sub "(samAccountName=$domain_user)" uid|grep "uid\:" |awk -F ":" '{print $2}')
echo "INSERT INTO users (username, authMethod, password, groups, role, real_name, email, domainUser) VALUES ('$adname', 3, NULL, '{\"4\":\"4\"}', 'User', '$realname', '$ademail', 0);"
done

11
SysadminAutomation/searchLdap.sh Normal file
View File

@ -0,0 +1,11 @@
#!/bin/bash
#A script to search LDAP
#LDAP_SERVER=$(set |grep LOGONSERVER|awk -F '=' '{print $2}'|sed -e 's/\'//g')
#echo $LDAP_SERVER
LDAPSEARCH_OPTIONS="-x -LLL"
LDAP_SERVER="some.server.tld"
LDAP_SERVER_PORT="1234"
ldapsearch -LLL -x -W -H ldaps://$LDAP_SERVER:$LDAP_SERVER_PORT -b "dc=$DC1,dc=$DC2" -D mail=$SEARCH_EMAIL uid