and the rest of it...
This commit is contained in:
parent
c2b1b821f7
commit
f759149c11
29
Set_User.xml
Normal file
29
Set_User.xml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
<!-- file used for configuring admin privileges with hponcfg -->
|
||||||
|
|
||||||
|
|
||||||
|
<RIBCL VERSION="2.0">
|
||||||
|
<LOGIN USER_LOGIN="adminname" PASSWORD="password">
|
||||||
|
<USER_INFO MODE="write">
|
||||||
|
<MOD_USER USER_LOGIN="Administrator">
|
||||||
|
<USER_NAME value="Administrator"/>
|
||||||
|
<PASSWORD value="secretcred"/>
|
||||||
|
<ADMIN_PRIV value="Yes"/>
|
||||||
|
<REMOTE_CONS_PRIV value="Yes"/>
|
||||||
|
<RESET_SERVER_PRIV value="Yes"/>
|
||||||
|
<VIRTUAL_MEDIA_PRIV value="Yes"/>
|
||||||
|
<CONFIG_ILO_PRIV value="Yes"/>
|
||||||
|
<!-- Firmware support infomation for next 6 tags: -->
|
||||||
|
<!-- iLO 2 - None. -->
|
||||||
|
<!-- iLO - Version earlier than 1.40. -->
|
||||||
|
<!-- RILOE II - None. -->
|
||||||
|
<!-- <VIEW_LOGS_PRIV value="Yes"/> -->
|
||||||
|
<!-- <CLEAR_LOGS_PRIV value="Yes"/> -->
|
||||||
|
<!-- <EMS_PRIV value="Yes"/> -->
|
||||||
|
<!-- <UPDATE_ILO_PRIV value="No"/> -->
|
||||||
|
<!-- <CONFIG_RACK_PRIV value="Yes"/> -->
|
||||||
|
<!-- <DIAG_PRIV value="Yes"/> -->
|
||||||
|
</MOD_USER>
|
||||||
|
</USER_INFO>
|
||||||
|
</LOGIN>
|
||||||
|
</RIBCL>
|
||||||
|
|
29
commandWrapSafe
Normal file
29
commandWrapSafe
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#Wrapper for various items which play traffic.
|
||||||
|
#tcpreplay,tomahawk,isic suite
|
||||||
|
#Check for presence of eth0 in passed arguments and abort/alert
|
||||||
|
|
||||||
|
OPTIONS="$@"
|
||||||
|
|
||||||
|
function ABORT()
|
||||||
|
{
|
||||||
|
#red bg 0;41
|
||||||
|
#white text 1;37
|
||||||
|
chmod 400 $0.real
|
||||||
|
chmod 400 $0
|
||||||
|
|
||||||
|
MESSAGE="You have attempted to execute an action which will result in harm to the system. The system is now terminating all shell sessions on this host and alerting support personnel. You will lose any unsaved work."
|
||||||
|
echo -e "\e[0;41m$MESSAGE\e[1;37"
|
||||||
|
mailsend -q -smtp RELAYHOST -t PAGEREMAIL -f ALERTFROMEMAIL -sub "$0 using eth0 activity on $(hostname)" -M "$(hostname) attempted to play traffic using $0 out of eth0 at $(date)."
|
||||||
|
killall -g -9 bash
|
||||||
|
}
|
||||||
|
|
||||||
|
ETH0_CHECK=$(echo $OPTIONS | grep eth0 -c)
|
||||||
|
|
||||||
|
if [ $ETH0_CHECK -gt 0 ];
|
||||||
|
then
|
||||||
|
ABORT
|
||||||
|
fi
|
||||||
|
|
||||||
|
#If all checks pass, go ahead and execute the invoking program
|
||||||
|
$0.real $OPTIONS
|
141
config-iLO
Normal file
141
config-iLO
Normal file
@ -0,0 +1,141 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#Script for configuring iLO - modified version, works with hponcfg-4.2.0-0.i386.rpm
|
||||||
|
|
||||||
|
#set -x
|
||||||
|
|
||||||
|
function configure-ilo()
|
||||||
|
{
|
||||||
|
echo "Now running $FUNCNAME...."
|
||||||
|
|
||||||
|
|
||||||
|
#Install hponcfg
|
||||||
|
#yum install -y hponcfg
|
||||||
|
|
||||||
|
#Reset to factory defaults (just in case)
|
||||||
|
hponcfg -r
|
||||||
|
|
||||||
|
#Dynamic values for the generated XML
|
||||||
|
ILONAME="$(hostname -s)-iLO"
|
||||||
|
ILOIP="$(dig -x @DNS_SERVER_IP $ILONAME.$TLD +short)"
|
||||||
|
|
||||||
|
#VLAN verification and configuration
|
||||||
|
case $ILOIP in
|
||||||
|
172.16.10*.*)
|
||||||
|
GATEWAY=172.16.103.254
|
||||||
|
NETMASK=255.255.252.0
|
||||||
|
ENABLEV=Y
|
||||||
|
VLAN=101
|
||||||
|
;;
|
||||||
|
172.16.11*.*)
|
||||||
|
GATEWAY=172.16.115.254
|
||||||
|
NETMASK=255.255.252.0
|
||||||
|
ENABLEV=Y
|
||||||
|
VLAN=112
|
||||||
|
;;
|
||||||
|
172.17.1.*)
|
||||||
|
GATEWAY=0.0.0.0
|
||||||
|
NETMASK=255.255.252.0
|
||||||
|
ENABLEV=N
|
||||||
|
VLAN=243
|
||||||
|
;;
|
||||||
|
172.17.2.*)
|
||||||
|
GATEWAY=0.0.0.0
|
||||||
|
NETMASK=255.255.252.0
|
||||||
|
ENABLEV=N
|
||||||
|
VLAN=243
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
#Build xml config file for ILO
|
||||||
|
cat > /tmp/ilo.dat <<ENDILO
|
||||||
|
<!-- HPONCFG VERSION = "1.9" -->
|
||||||
|
<!-- Generated 1/31/2013 16:8:49 -->
|
||||||
|
<RIBCL VERSION="2.1">
|
||||||
|
<LOGIN USER_LOGIN="Administrator" PASSWORD="xxxxx">
|
||||||
|
<DIR_INFO MODE="write">
|
||||||
|
<MOD_DIR_CONFIG>
|
||||||
|
<DIR_AUTHENTICATION_ENABLED VALUE = "No"/>
|
||||||
|
<DIR_LOCAL_USER_ACCT VALUE = "Y"/>
|
||||||
|
<DIR_SERVER_ADDRESS VALUE = ""/>
|
||||||
|
<DIR_SERVER_PORT VALUE = "636"/>
|
||||||
|
<DIR_OBJECT_DN VALUE = ""/>
|
||||||
|
<DIR_OBJECT_PASSWORD VALUE = ""/>
|
||||||
|
<DIR_USER_CONTEXT_1 VALUE = ""/>
|
||||||
|
<DIR_USER_CONTEXT_2 VALUE = ""/>
|
||||||
|
<DIR_USER_CONTEXT_3 VALUE = ""/>
|
||||||
|
</MOD_DIR_CONFIG>
|
||||||
|
</DIR_INFO>
|
||||||
|
<RIB_INFO MODE="write">
|
||||||
|
<MOD_NETWORK_SETTINGS>
|
||||||
|
<DHCP_ENABLE VALUE = "No"/>
|
||||||
|
<SPEED_AUTOSELECT VALUE = "Yes"/>
|
||||||
|
<NIC_SPEED VALUE = "10"/>
|
||||||
|
<FULL_DUPLEX VALUE = "Y"/>
|
||||||
|
<IP_ADDRESS VALUE = "$ILOIP"/>
|
||||||
|
<SUBNET_MASK VALUE = "$NETMASK"/>
|
||||||
|
<GATEWAY_IP_ADDRESS VALUE = "$GATEWAY"/>
|
||||||
|
<DNS_NAME VALUE = "$ILONAME"/>
|
||||||
|
<PRIM_DNS_SERVER value = "10.207.12.78"/>
|
||||||
|
<DOMAIN_NAME VALUE = "tplab.tippingpoint.com"/>
|
||||||
|
<DHCP_GATEWAY VALUE = "No"/>
|
||||||
|
<DHCP_DNS_SERVER VALUE = "No"/>
|
||||||
|
<DHCP_STATIC_ROUTE VALUE = "No"/>
|
||||||
|
<DHCP_WINS_SERVER VALUE = "No"/>
|
||||||
|
<REG_WINS_SERVER VALUE = "No"/>
|
||||||
|
<PRIM_WINS_SERVER VALUE = ""/>
|
||||||
|
<SHARED_NETWORK_PORT VALUE="Y"/>
|
||||||
|
<VLAN_ENABLED VALUE = "$ENABLEV"/>
|
||||||
|
<VLAN_ID VALUE = "$VLAN"/>
|
||||||
|
</MOD_NETWORK_SETTINGS>
|
||||||
|
<!-- iLO Advanced Activation -->
|
||||||
|
<LICENSE>
|
||||||
|
<ACTIVATE KEY="3GMPZW29YQP242466Q99355BM" />
|
||||||
|
</LICENSE>
|
||||||
|
</RIB_INFO>
|
||||||
|
<USER_INFO MODE="write">
|
||||||
|
<ADD_USER
|
||||||
|
USER_NAME="Guest"
|
||||||
|
USER_LOGIN="Guest"
|
||||||
|
PASSWORD="Wund3rB4r!!">
|
||||||
|
<ADMIN_PRIV value="Y"/>
|
||||||
|
<REMOTE_CONS_PRIV value="Y"/>
|
||||||
|
<RESET_SERVER_PRIV value="Y"/>
|
||||||
|
<VIRTUAL_MEDIA_PRIV value="Y"/>
|
||||||
|
<CONFIG_ILO_PRIV value="Y"/>
|
||||||
|
</ADD_USER>
|
||||||
|
</USER_INFO>
|
||||||
|
<USER_INFO MODE="write">
|
||||||
|
<MOD_USER USER_LOGIN="Administrator">
|
||||||
|
<USER_NAME value="Administrator"/>
|
||||||
|
<PASSWORD value="admin11=="/>
|
||||||
|
<ADMIN_PRIV value="N"/>
|
||||||
|
<REMOTE_CONS_PRIV value="Y"/>
|
||||||
|
<RESET_SERVER_PRIV value="Y"/>
|
||||||
|
<VIRTUAL_MEDIA_PRIV value="N"/>
|
||||||
|
<CONFIG_ILO_PRIV value="N"/>
|
||||||
|
</MOD_USER>
|
||||||
|
</USER_INFO>
|
||||||
|
</LOGIN>
|
||||||
|
</RIBCL>
|
||||||
|
|
||||||
|
ENDILO
|
||||||
|
|
||||||
|
#Apply config to the ILO card
|
||||||
|
hponcfg -f /tmp/ilo.dat
|
||||||
|
|
||||||
|
echo "iLO configured on $ILONAME, IP: $ILOIP"
|
||||||
|
}
|
||||||
|
|
||||||
|
#configure-ilo
|
||||||
|
|
||||||
|
##########################################################################################
|
||||||
|
## Control logic for the script ##
|
||||||
|
##########################################################################################
|
||||||
|
main()
|
||||||
|
{
|
||||||
|
echo "Configuring iLo on $ILONAME at $(date)"
|
||||||
|
|
||||||
|
configure-ilo
|
||||||
|
}
|
||||||
|
|
||||||
|
main
|
23
disk_space/duc_automated.sh
Normal file
23
disk_space/duc_automated.sh
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#Create index
|
||||||
|
time duc index / --fs-exclude=nfs
|
||||||
|
|
||||||
|
|
||||||
|
#Produce report
|
||||||
|
cd /root
|
||||||
|
TODAY="$(date +%m-%d)"
|
||||||
|
REPORT_FILENAME="$(hostname).$TODAY.png"
|
||||||
|
duc graph /
|
||||||
|
mv duc.png $REPORT_FILENAME
|
||||||
|
|
||||||
|
|
||||||
|
#Send report to central server
|
||||||
|
scp -i /root/.ssh/duc_rsa $REPORT_FILENAME duc_user@txn04-slack-master.tplab.tippingpoint.com:/var/www/html/space/
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
45
disk_space/install_duc.sh
Normal file
45
disk_space/install_duc.sh
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#A script to install duc onto any KNEL managed system
|
||||||
|
|
||||||
|
|
||||||
|
duc-install()
|
||||||
|
{
|
||||||
|
echo "Installing duc..."
|
||||||
|
wget --quiet https://github.com/zevv/duc/releases/download/1.4.1/duc-1.4.1.tar.gz -O /tmp/duc.tar.gz
|
||||||
|
cd /tmp
|
||||||
|
tar xfz duc.tar.gz
|
||||||
|
cd duc-1.4.1
|
||||||
|
./configure
|
||||||
|
make
|
||||||
|
make install
|
||||||
|
cd /tmp
|
||||||
|
rm -rvf duc-1.4.1
|
||||||
|
rm -rvf duc.tar.gz
|
||||||
|
echo "Installed duc"
|
||||||
|
}
|
||||||
|
|
||||||
|
main-ubuntu()
|
||||||
|
{
|
||||||
|
apt-get install -y tokyocabinet-bin libncursesw5-dev libcairo2-dev libpango1.0-dev build-essential libtokyocabinet-dev
|
||||||
|
duc-install
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
main-centos()
|
||||||
|
{
|
||||||
|
yum -y install pango-devel cairo-devel tokyocabinet-devel gcc ncurses-devel
|
||||||
|
duc-install
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#######################################################################################################################################################
|
||||||
|
#Step 1: Figure out what distro we are, call the appropriate function which begins execution
|
||||||
|
#######################################################################################################################################################
|
||||||
|
wget --quiet https://dl.turnsys.com/bootstrap/bin/distro -O /usr/bin/distro
|
||||||
|
chmod +x /usr/bin/distro
|
||||||
|
|
||||||
|
|
||||||
|
DISTRO_TYPE="$(distro |awk -F '|' '{print $4}'|tr '[:upper:]' '[:lower:]')"
|
||||||
|
if [ $DISTRO_TYPE = "ubuntu" ] ; then main-ubuntu ; fi
|
||||||
|
if [ $DISTRO_TYPE = "centos" ] ; then main-centos ; fi
|
8
generateComprehensiveInventory.sh
Normal file
8
generateComprehensiveInventory.sh
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#A script to generate a comprehensive list of responsive hosts
|
||||||
|
|
||||||
|
OUTPUT_FILE="/tmp/network-scan"
|
||||||
|
|
||||||
|
for subnet in $(cat ../input/SubnetList); do
|
||||||
|
zmap -M icmp_echoscan -o $OUTPUT_FILE $subnet
|
||||||
|
done
|
99
iLO-admin-priv
Normal file
99
iLO-admin-priv
Normal file
@ -0,0 +1,99 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#Standalone script for setting Administrator Privileges
|
||||||
|
|
||||||
|
#set -x
|
||||||
|
|
||||||
|
#Checks to see if the server is a HP
|
||||||
|
function server-check()
|
||||||
|
{
|
||||||
|
SERVER_TYPE="$(dmidecode -t system|grep Manufacturer |grep HP -c)"
|
||||||
|
if [ $SERVER_TYPE -eq 0 ]; then
|
||||||
|
echo This is not a HP server, exiting.
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ $SERVER_TYPE -eq 1 ]; then
|
||||||
|
echo Server is a HP, checking admin privileges
|
||||||
|
#yum install -y hponcfg
|
||||||
|
ilo-check
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
#Checks the status of iLO on the server
|
||||||
|
function ilo-check()
|
||||||
|
{
|
||||||
|
#Generates the XML file for checking iLO
|
||||||
|
cat > /tmp/ilo.check << ENDCHECK
|
||||||
|
<RIBCL VERSION="2.0">
|
||||||
|
<LOGIN USER_LOGIN="adminname" PASSWORD="password">
|
||||||
|
<USER_INFO MODE="read">
|
||||||
|
<GET_USER USER_LOGIN="Administrator"/>
|
||||||
|
</USER_INFO>
|
||||||
|
</LOGIN>
|
||||||
|
</RIBCL>
|
||||||
|
ENDCHECK
|
||||||
|
|
||||||
|
#iLO Status variable
|
||||||
|
ILOSTATUS="$(hponcfg -f /tmp/ilo.check | grep ADMIN_PRIV |grep -i y -c)"
|
||||||
|
if [ $ILOSTATUS -eq 0 ]; then
|
||||||
|
echo Administrator does not have admin privileges. Enabling...
|
||||||
|
configure-ilo
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ $ILOSTATUS -eq 1 ]; then
|
||||||
|
echo Administrator has admin privileges, exiting
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function configure-ilo()
|
||||||
|
{
|
||||||
|
|
||||||
|
#Build xml config file for ILO
|
||||||
|
cat > /tmp/ilo.dat <<ENDILO
|
||||||
|
<!-- HPONCFG VERSION = "1.9" -->
|
||||||
|
<!-- Generated 1/31/2013 16:8:49 -->
|
||||||
|
<RIBCL VERSION="2.1">
|
||||||
|
<LOGIN USER_LOGIN="Administrator" PASSWORD="xxxxx">
|
||||||
|
<USER_INFO MODE="write">
|
||||||
|
<MOD_USER USER_LOGIN="Administrator">
|
||||||
|
<USER_NAME value="Administrator"/>
|
||||||
|
<PASSWORD value="admin11=="/>
|
||||||
|
<ADMIN_PRIV value="Yes"/>
|
||||||
|
<REMOTE_CONS_PRIV value="Yes"/>
|
||||||
|
<RESET_SERVER_PRIV value="Yes"/>
|
||||||
|
<VIRTUAL_MEDIA_PRIV value="Yes"/>
|
||||||
|
<CONFIG_ILO_PRIV value="Yes"/>
|
||||||
|
<!-- Firmware support infomation for next 6 tags: -->
|
||||||
|
<!-- iLO 2 - None. -->
|
||||||
|
<!-- iLO - Version earlier than 1.40. -->
|
||||||
|
<!-- RILOE II - None. -->
|
||||||
|
<!-- <VIEW_LOGS_PRIV value="Yes"/> -->
|
||||||
|
<!-- <CLEAR_LOGS_PRIV value="Yes"/> -->
|
||||||
|
<!-- <EMS_PRIV value="Yes"/> -->
|
||||||
|
<!-- <UPDATE_ILO_PRIV value="No"/> -->
|
||||||
|
<!-- <CONFIG_RACK_PRIV value="Yes"/> -->
|
||||||
|
<!-- <DIAG_PRIV value="Yes"/> -->
|
||||||
|
</MOD_USER>
|
||||||
|
</USER_INFO>
|
||||||
|
</LOGIN>
|
||||||
|
</RIBCL>
|
||||||
|
ENDILO
|
||||||
|
|
||||||
|
#Apply config to the iLO card
|
||||||
|
hponcfg -f /tmp/ilo.dat
|
||||||
|
|
||||||
|
echo "Admin Privileges enabled on $(hostname)"
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
##########################################################################################
|
||||||
|
## Control logic for the script ##
|
||||||
|
##########################################################################################
|
||||||
|
main()
|
||||||
|
{
|
||||||
|
echo "iLO Admin Privilege checker initiated on $(hostname) at $(date)"
|
||||||
|
|
||||||
|
server-check
|
||||||
|
}
|
||||||
|
|
||||||
|
main
|
71
ilo-password-changer
Normal file
71
ilo-password-changer
Normal file
@ -0,0 +1,71 @@
|
|||||||
|
|
||||||
|
#This is a test change
|
||||||
|
#!/bin/bash
|
||||||
|
#iLO Password Updater script
|
||||||
|
|
||||||
|
#set -x
|
||||||
|
|
||||||
|
function iLO-password-updater()
|
||||||
|
{
|
||||||
|
|
||||||
|
#Build xml config file for ILO
|
||||||
|
cat << ENDILO > /tmp/ilo.pass
|
||||||
|
<!-- RIBCL Sample Script for HP Lights-Out Products -->
|
||||||
|
<!--Copyright (c) 2003,2008 Hewlett-Packard Development Company, L.P.-->
|
||||||
|
|
||||||
|
<!-- Description: This is a sample XML script to change a user's -->
|
||||||
|
<!-- password in the database of local users on -->
|
||||||
|
<!-- following devices: -->
|
||||||
|
<!-- Integrated Lights-Out 2 (iLO 2) -->
|
||||||
|
<!-- Integrated Lights-Out (iLO) -->
|
||||||
|
<!-- Remote Insight Lights-Out Edition II (RILOE II) -->
|
||||||
|
|
||||||
|
<!-- NOTE: You will need to replace the values inside the quote -->
|
||||||
|
<!-- marks with values that are appropriate for your -->
|
||||||
|
<!-- environment. -->
|
||||||
|
|
||||||
|
<!-- Use CPQLOCFG.EXE ver 2.26 or greater with this script -->
|
||||||
|
|
||||||
|
<!-- This script was written for iLO 2 firmware version 1.30. -->
|
||||||
|
<!-- release. -->
|
||||||
|
|
||||||
|
<!-- See "HP Integrated Lights-Out Management Processor -->
|
||||||
|
<!-- Scripting and Command Line Resource Guide" for more -->
|
||||||
|
<!-- information on scripting and the syntax of the RIBCL -->
|
||||||
|
<!-- XML. -->
|
||||||
|
|
||||||
|
<!-- Firmware support infomation for this script: -->
|
||||||
|
<!-- iLO 2 - All versions. -->
|
||||||
|
<!-- iLO - All versions. -->
|
||||||
|
<!-- RILOE II - All versions. -->
|
||||||
|
|
||||||
|
<RIBCL VERSION="2.0">
|
||||||
|
<LOGIN USER_LOGIN="adminname" PASSWORD="password">
|
||||||
|
<USER_INFO MODE="write">
|
||||||
|
<MOD_USER USER_LOGIN="Administrator">
|
||||||
|
<PASSWORD value="secretcred"/>
|
||||||
|
</MOD_USER>
|
||||||
|
</USER_INFO>
|
||||||
|
</LOGIN>
|
||||||
|
</RIBCL>
|
||||||
|
|
||||||
|
ENDILO
|
||||||
|
|
||||||
|
#Apply new password to the iLO card
|
||||||
|
hponcfg -f /tmp/ilo.pass
|
||||||
|
|
||||||
|
echo "iLO password changed on $(hostname)"
|
||||||
|
}
|
||||||
|
|
||||||
|
##########################################################################################
|
||||||
|
## Control logic for the script ##
|
||||||
|
##########################################################################################
|
||||||
|
|
||||||
|
main()
|
||||||
|
{
|
||||||
|
echo -e "iLO password changer initiated on $(hostname) at $(date)\n"
|
||||||
|
|
||||||
|
iLO-password-updater
|
||||||
|
}
|
||||||
|
|
||||||
|
main
|
30
iloFwUp
Normal file
30
iloFwUp
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#Checks to see if the server is a HP, exit if not
|
||||||
|
SERVER_TYPE="$(dmidecode -t system|grep Manufacturer |grep HP -c)"
|
||||||
|
if [ $SERVER_TYPE -eq 0 ]; then
|
||||||
|
echo This is not a HP server, exiting.
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
#FWDLURL="https://dl.server.domain/fwdir"
|
||||||
|
|
||||||
|
|
||||||
|
#Upgrade ILO firmware to latest version as of 02/10/2015
|
||||||
|
|
||||||
|
hponcfg -g
|
||||||
|
VERSION=$(hponcfg -g|grep type|awk -F 'type' '{print $2}'|awk '{print $3}')
|
||||||
|
|
||||||
|
echo "Upgrading firmware...."
|
||||||
|
|
||||||
|
if [ $VERSION -eq "4" ]; then
|
||||||
|
curl --silent $FWDLURL/ilo/HPILO4 > /tmp/HPILO4
|
||||||
|
chmod +x /tmp/HPILO4
|
||||||
|
/tmp/HPILO4
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ $VERSION -eq "2" ]; then
|
||||||
|
curl --silent $FWDLURL/ilo/HPILO2 > /tmp/HPILO2
|
||||||
|
chmod +x /tmp/HPILO2
|
||||||
|
/tmp/HPILO2
|
||||||
|
fi
|
90
iloUpdater.sh
Normal file
90
iloUpdater.sh
Normal file
@ -0,0 +1,90 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#Standalone iLO updater script - Jason Mak 6/25/2018
|
||||||
|
#Defines the latest version of iLO
|
||||||
|
ilo2latest="2.33"
|
||||||
|
ilo4latest="2.61"
|
||||||
|
#Checks server type, only proceeds on HP servers
|
||||||
|
function server-check()
|
||||||
|
{
|
||||||
|
ISHP=$(dmidecode -t System | grep Manufacturer | grep HP -c)
|
||||||
|
ISDELL=$(dmidecode -t System | grep Manufacturer | grep Dell -c)
|
||||||
|
if [ $ISDELL -eq 1 ]; then
|
||||||
|
echo "Server is a Dell, exiting"
|
||||||
|
server-cleanup
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
if [ $ISHP -eq 1 ]; then
|
||||||
|
echo "Server is an HP, proceeding"
|
||||||
|
ilogeneration=$(hponcfg | grep -i "ilo" | awk -F= '{print $3}' | awk '{print $2}')
|
||||||
|
iloversionraw=$(hponcfg | grep -i "ilo" | awk -F= '{print $2}' | awk '{print $1}')
|
||||||
|
iloversion=${iloversionraw//.}
|
||||||
|
ilo-versioncheck
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
#Checks iLO generation and version, updates as necessary
|
||||||
|
function ilo-versioncheck()
|
||||||
|
{
|
||||||
|
if [ $ilogeneration -eq "2" ]; then
|
||||||
|
if [ $(echo $iloversion -lt ${ilo2latest//.}) ]; then
|
||||||
|
echo "iLO2 firmware:" $iloversionraw "latest version is:" $ilo2latest "updating..."
|
||||||
|
wget http://172.16.99.121/iLO/ilo2_${ilo2latest//.}.bin -O /tmp/iloFW.bin
|
||||||
|
update-ilo
|
||||||
|
server-cleanup
|
||||||
|
else
|
||||||
|
echo "iLO 2 is up to date, exiting"
|
||||||
|
server-cleanup
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ $ilogeneration -eq "4" ]; then
|
||||||
|
if [ $(echo $iloversion -lt ${ilo4latest//.}) ]; then
|
||||||
|
echo "iLO4 firmware:" $iloversionraw "latest version is:" $ilo4latest "updating..."
|
||||||
|
wget http://172.16.99.121/iLO/ilo4_${ilo4latest//.}.bin -O /tmp/iloFW.bin
|
||||||
|
update-ilo
|
||||||
|
server-cleanup
|
||||||
|
else
|
||||||
|
echo "iLO 4 is up to date, exiting"
|
||||||
|
server-cleanup
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
#xml file that performs the update
|
||||||
|
function update-ilo()
|
||||||
|
{
|
||||||
|
cat > /tmp/ilo_update.xml << EOF
|
||||||
|
<RIBCL VERSION="2.0">
|
||||||
|
<LOGIN USER_LOGIN="adminname" PASSWORD="password">
|
||||||
|
<RIB_INFO MODE="write">
|
||||||
|
<!-- Firmware support information for next tag: -->
|
||||||
|
<!-- iLO 2 - 1.70 and later. For servers with TPM enabled. -->
|
||||||
|
<!-- iLO - None -->
|
||||||
|
<!-- Riloe II - None -->
|
||||||
|
<TPM_ENABLED VALUE="Yes"/>
|
||||||
|
<UPDATE_RIB_FIRMWARE IMAGE_LOCATION="/tmp/iloFW.bin"/>
|
||||||
|
</RIB_INFO>
|
||||||
|
</LOGIN>
|
||||||
|
</RIBCL>
|
||||||
|
EOF
|
||||||
|
|
||||||
|
hponcfg -f /tmp/ilo_update.xml
|
||||||
|
}
|
||||||
|
|
||||||
|
#Clean-up
|
||||||
|
function server-cleanup()
|
||||||
|
{
|
||||||
|
rm -vf /tmp/iloFW.bin
|
||||||
|
rm -vf /tmp/ilo_update.xml
|
||||||
|
rm -vf /tmp/iloUpdater.sh
|
||||||
|
}
|
||||||
|
|
||||||
|
#Control logic
|
||||||
|
main ()
|
||||||
|
{
|
||||||
|
server-check
|
||||||
|
}
|
||||||
|
|
||||||
|
main
|
156
ldif/genUser.sh
Normal file
156
ldif/genUser.sh
Normal file
@ -0,0 +1,156 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#A script to generate a LDIF file of random users and associated organizational units
|
||||||
|
#supports emitting ldif files for: Active Directory, eDirectory, OpenLDAP
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
#Change these variables as needed #
|
||||||
|
################################################################################
|
||||||
|
#Number of users to generate
|
||||||
|
#Valid range is from 1 to 10,000
|
||||||
|
NUMUSERS="11"
|
||||||
|
|
||||||
|
#Type of directory server to generate ldif for
|
||||||
|
#Valid types (case sensitive):
|
||||||
|
#OPENLDAP
|
||||||
|
#ACTIVEDIRECTORY
|
||||||
|
#EDIRECTORY
|
||||||
|
DIRSERVERTYPE="OPENLDAP"
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
#!!!!!!!!!!!!!!!!!!!!DO NOT CHANGE ANYTHING BEYOND THIS LINE!!!!!!!!!!!!!!!!!!!#
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
USERCOUNTER="1"
|
||||||
|
NAMESOURCEFILE="./names.txt"
|
||||||
|
OUSOURCEFILE="./ou.txt"
|
||||||
|
OUTPUTFILE="bulkUserLoad-$DIRSERVERTYPE-$(date +%m%d%Y).ldif"
|
||||||
|
|
||||||
|
function ldifEmit-OpenLDAP()
|
||||||
|
#Code to emit an OpenLDAP compliant ldif
|
||||||
|
#Bits and bobs sourced from:
|
||||||
|
#
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
{
|
||||||
|
|
||||||
|
cat<<OpenLDAP >>$OUTPUTFILE
|
||||||
|
$FIRSTNAME
|
||||||
|
$LASTNAME
|
||||||
|
$OU
|
||||||
|
OpenLDAP
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function ldifEmit-ActiveDirectory()
|
||||||
|
#Code to emit an Active Directory compliant ldif
|
||||||
|
#Bits and bobs sourced from:
|
||||||
|
#
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
{
|
||||||
|
|
||||||
|
echo "Emitting ActiveDirectory ldif..."
|
||||||
|
|
||||||
|
cat<<ActiveDirectory >>$OUTPUTFILE
|
||||||
|
$FIRSTNAME
|
||||||
|
$LASTNAME $OU
|
||||||
|
ActiveDirectory
|
||||||
|
ActiveDirectory
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function ldifEmit-eDirectory()
|
||||||
|
#Code to emit an eDirectory compliant ldif
|
||||||
|
#Bits and bobs sourced from:
|
||||||
|
#
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
{
|
||||||
|
|
||||||
|
echo "Emitting eDirectory ldif..."
|
||||||
|
|
||||||
|
cat<<eDirectory >>$OUTPUTFILE
|
||||||
|
$FIRSTNAME $LASTNAME $OU
|
||||||
|
eDirectory
|
||||||
|
eDirectory
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
function main()
|
||||||
|
{
|
||||||
|
#Range / value check on user supplied variables
|
||||||
|
|
||||||
|
if [ $NUMUSERS -lt 1 -o $NUMUSERS -gt 50000 ]; then
|
||||||
|
echo "Number of users not correctly specified"
|
||||||
|
echo "Valid range is from 1 to 10,000"
|
||||||
|
echo "Exiting now...."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Number of user range is ok..."
|
||||||
|
|
||||||
|
if [ -z $NUMUSERS ]; then
|
||||||
|
echo "Number of users not specified."
|
||||||
|
echo "A value of 1 to 10,000 must be specififed."
|
||||||
|
echo "Exiting now...."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z $DIRSERVERTYPE ]; then
|
||||||
|
echo "Directory server type not specified."
|
||||||
|
echo "Exiting now...."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
rm -f $OUTPUTFILE
|
||||||
|
|
||||||
|
cat <<RUNNING
|
||||||
|
Generating LDIF file:
|
||||||
|
Formatted for $DIRSERVERTYPE with a user count of $NUMUSERS.
|
||||||
|
Output will be at $OUTPUTFILE
|
||||||
|
Please wait...
|
||||||
|
RUNNING
|
||||||
|
|
||||||
|
while [ $USERCOUNTER -le $NUMUSERS ]
|
||||||
|
do
|
||||||
|
|
||||||
|
#Get a random first/last name
|
||||||
|
NAMELINECOUNT=$(cat $NAMESOURCEFILE | wc -l)
|
||||||
|
NAMERANDNUM1=$(cat /proc/sys/kernel/random/uuid | cut -c1-4 | od -d | head -1 | cut -d' ' -f2)
|
||||||
|
NAMERANDNUM2=$(cat /proc/sys/kernel/random/uuid | cut -c1-4 | od -d | head -1 | cut -d' ' -f2)
|
||||||
|
NAME1=$(expr $NAMERANDNUM1 % $NAMELINECOUNT + 1)
|
||||||
|
NAME2=$(expr $NAMERANDNUM2 % $NAMELINECOUNT + 1)
|
||||||
|
FIRSTNAME=$(head -$NAME1 $NAMESOURCEFILE | tail -1)
|
||||||
|
LASTNAME=$(head -$NAME2 $NAMESOURCEFILE | tail -1)
|
||||||
|
|
||||||
|
#Get a random OU
|
||||||
|
OULINECOUNT=$(cat $OUSOURCEFILE | wc -l)
|
||||||
|
OURANDNUM=$(cat /proc/sys/kernel/random/uuid | cut -c1-4 | od -d | head -1 | cut -d' ' -f2)
|
||||||
|
OUNUM=$(expr $OURANDNUM % $OULINECOUNT + 1)
|
||||||
|
OU=$(head -$OUNUM $OUSOURCEFILE | tail -1)
|
||||||
|
|
||||||
|
|
||||||
|
#Emit ldif
|
||||||
|
if [ $DIRSERVERTYPE = "OPENLDAP" ]; then
|
||||||
|
ldifEmit-OpenLDAP $FIRSTNAME $LASTNAME $OU
|
||||||
|
elif [ $DIRSERVERTYPE = "ACTIVEDIRECTORY" ]; then
|
||||||
|
ldifEmit-ActiveDirectory $FIRSTNAME $LASTNAME $OU
|
||||||
|
elif [ $DIRSERVERTYPE = "EDIRECTORY" ]; then
|
||||||
|
ldifEmit-eDirectory $FIRSTNAME $LASTNAME $OU
|
||||||
|
fi
|
||||||
|
|
||||||
|
#Increment counter
|
||||||
|
USERCOUNTER=$(( $USERCOUNTER + 1 ))
|
||||||
|
done
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
#Kick it all off
|
||||||
|
main
|
8727
ldif/names.txt
Normal file
8727
ldif/names.txt
Normal file
File diff suppressed because it is too large
Load Diff
11
ldif/ou.txt
Normal file
11
ldif/ou.txt
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
Sales
|
||||||
|
Accounting
|
||||||
|
Finance
|
||||||
|
Support
|
||||||
|
Bizops
|
||||||
|
IT
|
||||||
|
SWDEV
|
||||||
|
Manufacturing
|
||||||
|
Backoffice
|
||||||
|
ESP
|
||||||
|
|
33
librenmsPollScripts/discoveryWrap.sh
Normal file
33
librenmsPollScripts/discoveryWrap.sh
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#wrapper script called from cron for observium polling. A lightweight wrapper around poller.php
|
||||||
|
|
||||||
|
#Source common functions/variables
|
||||||
|
source /var/observium/CMDB/pollScripts/discoveryWrapControl
|
||||||
|
source /var/observium/CMDB/pollScripts/discoveryWrapCommon.sh
|
||||||
|
|
||||||
|
|
||||||
|
function discover()
|
||||||
|
#Perform discovery of hosts with pattern passed in via $1
|
||||||
|
{
|
||||||
|
logger "Performing discovery of node type: $1"
|
||||||
|
/var/observium/observium/discovery.php -h *$1*
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
error_out fatal "discovery.php run for $1 failed"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function main()
|
||||||
|
#Main execution body
|
||||||
|
{
|
||||||
|
for arg in "${commandline_args[@]}"; do
|
||||||
|
preflight "$arg"
|
||||||
|
touch /tmp/discovery-$arg.lock
|
||||||
|
discover "$arg"
|
||||||
|
rm -f /tmp/discovery-$arg.lock
|
||||||
|
logger "Completed discovery."
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
#Kick it all off
|
||||||
|
commandline_args=("$@")
|
||||||
|
main
|
26
librenmsPollScripts/discoveryWrapCommon.sh
Normal file
26
librenmsPollScripts/discoveryWrapCommon.sh
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
function error_out()
|
||||||
|
#Handle error conditions
|
||||||
|
#Takes two arguments:
|
||||||
|
#Error type (fatal,nonfatal)
|
||||||
|
#Error message
|
||||||
|
{
|
||||||
|
if [ $1 == "fatal" ]; then
|
||||||
|
echo "$0 has experienced a fatal error condition and has aborted operation at $DATE. Please investigate and resolve. Details: $2" | mail -s "Observium discovery fatal error" -r $ERROR_FROM $ERROR_TO
|
||||||
|
logger $0 has experienced a fatal error condition and has aborted operation at $DATE. Details: $2
|
||||||
|
exit 1
|
||||||
|
elif [ $1 == "nonfatal" ]; then
|
||||||
|
echo "$0 has experienced a non fatal error condition and has continued operation at $DATE. Please investigate and resolve. \n Details: $2" | mail -s "Observium discovery non fatal error" -r $ERROR_FROM $ERROR_TO
|
||||||
|
logger $0 has experienced a non fatal error condition and has continued operation at $DATE . Details: $2
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function preflight()
|
||||||
|
#Perform preflight checks for all scan types
|
||||||
|
{
|
||||||
|
logger "Performing preflight checks for discovery of node type: $1"
|
||||||
|
echo "Performing preflight checks for discovery of node type: $1"
|
||||||
|
|
||||||
|
if [ -f /tmp/discovery-$1.lock ]; then
|
||||||
|
error_out fatal "lock file /tmp/discovery-$1.lock exists. Bailing out."
|
||||||
|
fi
|
||||||
|
}
|
3
librenmsPollScripts/discoveryWrapControl
Normal file
3
librenmsPollScripts/discoveryWrapControl
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
DATE=$(date +%m/%d/%Y-%H:%M)
|
||||||
|
ERROR_FROM=""
|
||||||
|
ERROR_TO=""
|
33
librenmsPollScripts/pollerWrap.sh
Normal file
33
librenmsPollScripts/pollerWrap.sh
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#wrapper script called from cron for observium polling. A lightweight wrapper around poller.php
|
||||||
|
|
||||||
|
#Source common functions/variables
|
||||||
|
source /var/observium/CMDB/pollScripts/pollerWrapControl
|
||||||
|
source /var/observium/CMDB/pollScripts/pollerWrapCommon.sh
|
||||||
|
|
||||||
|
|
||||||
|
function poller()
|
||||||
|
#Perform scan
|
||||||
|
{
|
||||||
|
logger "Performing polling of node type: $1"
|
||||||
|
/var/observium/observium/poller.php -h *$1*
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
error_out fatal "poller.php run for $1 failed"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function main()
|
||||||
|
#Main execution body
|
||||||
|
{
|
||||||
|
for arg in "${commandline_args[@]}"; do
|
||||||
|
preflight "$arg"
|
||||||
|
touch /tmp/poll-$arg.lock
|
||||||
|
poller "$arg"
|
||||||
|
rm -f /tmp/poll-$arg.lock
|
||||||
|
logger "Completed polling."
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
#Kick it all off
|
||||||
|
commandline_args=("$@")
|
||||||
|
main
|
27
librenmsPollScripts/pollerWrapCommon.sh
Normal file
27
librenmsPollScripts/pollerWrapCommon.sh
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
function error_out()
|
||||||
|
#Handle error conditions
|
||||||
|
#Takes two arguments:
|
||||||
|
#Error type (fatal,nonfatal)
|
||||||
|
#Error message
|
||||||
|
{
|
||||||
|
if [ $1 == "fatal" ]; then
|
||||||
|
echo "$0 has experienced a fatal error condition and has aborted operation at $DATE. Please investigate and resolve. Details: $2" | mail -s "Observium polling fatal error" -r $ERROR_FROM $ERROR_TO
|
||||||
|
logger $0 has experienced a fatal error condition and has aborted operation at $DATE. Details: $2
|
||||||
|
exit 1
|
||||||
|
elif [ $1 == "nonfatal" ]; then
|
||||||
|
echo "$0 has experienced a non fatal error condition and has continued operation at $DATE. Please investigate and resolve. \n Details: $2" | mail -s "Observium polling non fatal error" -r $ERROR_FROM $ERROR_TO
|
||||||
|
logger $0 has experienced a non fatal error condition and has continued operation at $DATE . Details: $2
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function preflight()
|
||||||
|
#Perform preflight checks for all scan types
|
||||||
|
{
|
||||||
|
echo "Performing preflight checks for polling of: $1"
|
||||||
|
logger "Performing preflight checks for polling of: $1"
|
||||||
|
|
||||||
|
if [ -f /tmp/poll-$1.lock ]; then
|
||||||
|
error_out fatal "Poll lock file /tmp/poll-$1.lock exists."
|
||||||
|
fi
|
||||||
|
|
||||||
|
}
|
3
librenmsPollScripts/pollerWrapControl
Normal file
3
librenmsPollScripts/pollerWrapControl
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
DATE=$(date +%m/%d/%Y-%H:%M)
|
||||||
|
ERROR_FROM=""
|
||||||
|
ERROR_TO=""
|
41
makeIPAMUsr.sh
Normal file
41
makeIPAMUsr.sh
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
export AD_DOMAIN="test"
|
||||||
|
export DOMAIN_TLD="testco.tld"
|
||||||
|
export AD_QUERY_USERNAME="ldapquery"
|
||||||
|
export AD_QUERY_PASSWORD="Ldap01-^"
|
||||||
|
export AD_DC="testdc"
|
||||||
|
|
||||||
|
#-b "cn=users,dc=test,dc=testco,dc=tld" \
|
||||||
|
# Make these into the appropriate components of above string
|
||||||
|
|
||||||
|
export DCPART1=""
|
||||||
|
export DCPART2=""
|
||||||
|
export DCPART3=""
|
||||||
|
|
||||||
|
AD_DOMAIN_FQDN="$AD_DOMAIN.$DOMAIN_TLD"
|
||||||
|
DOMAIN_CONTROLLER_FQDN="$AD_DC.$AD_DOMAIN_FQDN"
|
||||||
|
|
||||||
|
|
||||||
|
for domain_user in $(cat $AD_DOMAIN-userlist);
|
||||||
|
do
|
||||||
|
ademail=$(ldapsearch -LLL\
|
||||||
|
-x -h $DOMAIN_CONTROLLER_FQDN \
|
||||||
|
-D "$AD_QUERY_USERNAME@$AD_DOMAIN_FQDN" \
|
||||||
|
-w $AD_QUERY_PASSWORD \
|
||||||
|
-b "cn=users,dc=$DCPART1,dc=$DCPART2,dc=$DCPART3" \
|
||||||
|
-s sub "(samAccountName=$domain_user)" mail|grep "mail\:" | awk -F ":" '{print $2}')
|
||||||
|
realname=$(ldapsearch -LLL\
|
||||||
|
-x -h $DOMAIN_CONTROLLER_FQDN \
|
||||||
|
-D "$AD_QUERY_USERNAME@$AD_DOMAIN_FQDN" \
|
||||||
|
-w $AD_QUERY_PASSWORD \
|
||||||
|
-b "cn=users,dc=$DCPART1,dc=$DCPART2,dc=$DCPART3" \
|
||||||
|
-s sub "(samAccountName=$domain_user)" name|grep "name\:" |awk -F ":" '{print $2}')
|
||||||
|
adname=$(ldapsearch -LLL\
|
||||||
|
-x -h $DOMAIN_CONTROLLER_FQDN \
|
||||||
|
-D "$AD_QUERY_USERNAME@$AD_DOMAIN_FQDN" \
|
||||||
|
-w $AD_QUERY_PASSWORD \
|
||||||
|
-b "cn=users,dc=$DCPART1,dc=$DCPART2,dc=$DCPART3" \
|
||||||
|
-s sub "(samAccountName=$domain_user)" uid|grep "uid\:" |awk -F ":" '{print $2}')
|
||||||
|
echo "INSERT INTO users (username, authMethod, password, groups, role, real_name, email, domainUser) VALUES ('$adname', 3, NULL, '{\"4\":\"4\"}', 'User', '$realname', '$ademail', 0);"
|
||||||
|
done
|
20
sitrep.sh
Normal file
20
sitrep.sh
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#A script to produce a current situation report for a server
|
||||||
|
|
||||||
|
|
||||||
|
echo -e "\e[1;34;47mSystem uptime/load:\e[0m" ; uptime;
|
||||||
|
echo -e "\e[1;34;47mSystem hostname and IP address:\e[0m"; hostname && hostname -i;
|
||||||
|
echo -e "\e[1;34;47mDisk usage:\e[0m"; df -i; df -h;
|
||||||
|
echo -e "\e[1;34;47mPHP process count:\e[0m" ;ps faux |grep php | wc -l;
|
||||||
|
echo -e "\e[1;34;47mMemory:\e[0m"; free -m; cat /proc/meminfo | egrep 'MemTotal|MemFree';
|
||||||
|
echo -e "\e[1;34;47mNumber of and model ofCPU:\e[0m"; cat /proc/cpuinfo | grep processor | wc -l; cat /proc/cpuinfo | grep "model name";
|
||||||
|
echo -e "\e[1;34;47mSoftware Versions:\e[0m"; php -v; mysql --version; httpd -v;
|
||||||
|
echo -e "\e[1;34;47mExim Message Count:\e[0m"; exim -bpc;
|
||||||
|
echo -e "\e[1;34;47mFTP Connection Count:\e[0m"; netstat -pan |grep :21|wc -l;
|
||||||
|
echo -e "\e[1;34;47mApache Connection Count:\e[0m";netstat -pan|grep :80|wc -l;
|
||||||
|
echo -e "\e[1;34;47mSSH Connection Count:\e[0m"; netstat -pan|grep :22|wc -l;
|
||||||
|
|
||||||
|
|
||||||
|
for i in $(ls /var/log/sa/sa[0-31]*);do echo "Average System load for $(date +%B) $i" ; sar -f $i -q|tail -n 1 ; done;for i in $(ls /var/log/sa/sa[0-31]*);do echo "Average System load for $(date +%B) $i" ; sar -f $i -r|tail -n 1 ; done;
|
||||||
|
if [ -e /proc/user_beancounters ]; then echo -e "\e[1;34;47mUser Beancounters:\e[0m" && cat /proc/user_beancounters | awk '{if ($NF>0){print$0}}';fi;
|
||||||
|
echo -e "\e[1;34;47mrunning processes:\e[0m" ; ps faux|egrep -v 'init|watchdog|iscsi|cqueue|kmpath|iscsid|syslogd|kpsmoused|auditd|irqbalance|rpc.idmapd|hcid|kmpathd|ib_cm|rpciod|migration|kjournald|scsi_eh_0|scsi_eh_1|khubd|kswapd0|kedac|kauditd|udevd|named|mingetty|agetty|dbus|kacpid|kblockd|pdflush|ksoftirqd|khelper|kthread|kseriod|klogd|acpid|spamd|cpsrvd|pure-authd|/usr/sbin/courierlogger|/usr/lib/courier-imap';blockcount=$(ip ro |grep blackhole | wc -l); if [ $blockcount -gt 0 ]; then echo -e "\e[1;34;47mBlocked IP Addresses:\e[0m"; ip ro |grep blackhole; fi
|
1
ssh-handlers/generic-authorized_keys
Normal file
1
ssh-handlers/generic-authorized_keys
Normal file
@ -0,0 +1 @@
|
|||||||
|
command="/home/user/restricted-handler.sh",from="ALLOWED_HOST_FQDN",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty PUBLICKEY
|
23
ssh-handlers/generic-restricted-handler.sh
Normal file
23
ssh-handlers/generic-restricted-handler.sh
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set $SSH_ORIGINAL_COMMAND
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
ls)
|
||||||
|
;;
|
||||||
|
scp)
|
||||||
|
;;
|
||||||
|
/bin/scp)
|
||||||
|
;;
|
||||||
|
rm)
|
||||||
|
;;
|
||||||
|
/path/to/custom/command)
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
logger -s -t restricted-command -- "Invalid command $@"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
logger -t restricted-command -- "Executing $@"
|
||||||
|
exec "$@"
|
1
ssh-handlers/slack-authorized_keys
Normal file
1
ssh-handlers/slack-authorized_keys
Normal file
@ -0,0 +1 @@
|
|||||||
|
command="/home/slack-lab/bin/restricted-handler.sh" SSHPUBKEY
|
16
ssh-handlers/slack-restricted-handler.sh
Normal file
16
ssh-handlers/slack-restricted-handler.sh
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set $SSH_ORIGINAL_COMMAND
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
rsync)
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
logger -s -t restricted-command -- "Invalid command $@"
|
||||||
|
echo "An attempt was made to utilize the private key on a KNEL managed server to access control and execute the following command: $@" | mail -s "SECURITY BREACH ON control for slack account: $USER" BREACHPAGEEMAIL
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
exec "$@"
|
||||||
|
|
81
sslStackFromSource.sh
Normal file
81
sslStackFromSource.sh
Normal file
@ -0,0 +1,81 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#Made from instructions at https://www.tunetheweb.com/performance/http2/
|
||||||
|
|
||||||
|
OPENSSL_URL_BASE="https://www.openssl.org/source/"
|
||||||
|
OPENSSL_FILE="openssl-1.1.0h.tar.gz"
|
||||||
|
|
||||||
|
NGHTTP_URL_BASE="https://github.com/nghttp2/nghttp2/releases/download/v1.31.0/"
|
||||||
|
NGHTTP_FILE="nghttp2-1.31.0.tar.gz"
|
||||||
|
|
||||||
|
APR_URL_BASE="http://mirrors.whoishostingthis.com/apache/apr/"
|
||||||
|
APR_FILE="apr-1.6.3.tar.gz"
|
||||||
|
|
||||||
|
APR_UTIL_URL_BASE="http://mirrors.whoishostingthis.com/apache/apr/"
|
||||||
|
APR_UTIL_FILE="apr-util-1.6.1.tar.gz"
|
||||||
|
|
||||||
|
APACHE_URL_BASE="http://mirrors.whoishostingthis.com/apache/httpd/"
|
||||||
|
APACHE_FILE="httpd-2.4.33.tar.gz"
|
||||||
|
|
||||||
|
CURL_URL_BASE="https://curl.haxx.se/download/"
|
||||||
|
CURL_FILE="curl-7.60.0.tar.gz"
|
||||||
|
|
||||||
|
|
||||||
|
#Download and install latest version of openssl
|
||||||
|
wget $OPENSSL_URL_BASE/$OPENSSL_FILE
|
||||||
|
tar xzf $OPENSSL_FILE
|
||||||
|
cd openssl-1.1.0h
|
||||||
|
./config enable-weak-ssl-ciphers shared zlib-dynamic -DOPENSSL_TLS_SECURITY_LEVEL=0 --prefix=/usr/local/custom-ssl/openssl-1.1.0h ; make ; make install
|
||||||
|
ln -s /usr/local/custom-ssl/openssl-1.1.0h /usr/local/openssl
|
||||||
|
cd -
|
||||||
|
|
||||||
|
#Download and install nghttp2 (needed for mod_http2).
|
||||||
|
wget $NGHTTP_URL_BASE/$NGHTTP_FILE
|
||||||
|
tar xzf $NGHTTP_FILE
|
||||||
|
cd nghttp2-1.31.0
|
||||||
|
./configure --prefix=/usr/local/custom-ssl/nghttp ; make ; make install
|
||||||
|
cd -
|
||||||
|
|
||||||
|
#Updated ldconfig so curl build
|
||||||
|
|
||||||
|
cat <<custom-ssl > /etc/ld.so.conf.d/custom-ssl.conf
|
||||||
|
/usr/local/custom-ssl/openssl-1.1.0h/lib
|
||||||
|
/usr/local/custom-ssl/nghttp/lib
|
||||||
|
custom-ssl
|
||||||
|
|
||||||
|
ldconfig
|
||||||
|
|
||||||
|
#Download and install curl
|
||||||
|
wget $CURL_URL_BASE/$CURL_FILE
|
||||||
|
tar xzf curl-7.60.0.tar.gz
|
||||||
|
cd curl-7.60.0
|
||||||
|
./configure --prefix=/usr/local/custom-ssl/curl --with-nghttp2=/usr/local/custom-ssl/nghttp/ --with-ssl=/usr/local/custom-ssl/openssl-1.1.0h/ ; make ; make install
|
||||||
|
cd -
|
||||||
|
|
||||||
|
|
||||||
|
#Download and install latest apr
|
||||||
|
wget $APR_URL_BASE/$APR_FILE
|
||||||
|
tar xzf $APR_FILE
|
||||||
|
cd apr-1.6.3
|
||||||
|
./configure --prefix=/usr/local/custom-ssl/apr ; make ; make install
|
||||||
|
cd -
|
||||||
|
|
||||||
|
#Download and install latest apr-util
|
||||||
|
wget $APR_UTIL_URL_BASE/$APR_UTIL_FILE
|
||||||
|
tar xzf apr-util-1.6.1.tar.gz
|
||||||
|
cd apr-util-1.6.1
|
||||||
|
./configure --prefix=/usr/local/custom-ssl/apr-util --with-apr=/usr/local/custom-ssl/apr ; make; make install
|
||||||
|
cd -
|
||||||
|
|
||||||
|
#Download and install apache
|
||||||
|
wget $APACHE_URL_BASE/$APACHE_FILE
|
||||||
|
tar xzf httpd-2.4.33.tar.gz
|
||||||
|
cd httpd-2.4.33
|
||||||
|
cp -r ../apr-1.6.3 srclib/apr
|
||||||
|
cp -r ../apr-util-1.6.1 srclib/apr-util
|
||||||
|
./configure --prefix=/usr/local/custom-ssl/apache --with-ssl=/usr/local/custom-ssl/openssl-1.1.0h/ --with-pcre=/usr/bin/pcre-config --enable-unique-id --enable-ssl --enable-so --with-included-apr --enable-http2 --with-nghttp2=/usr/local/custom-ssl/nghttp/
|
||||||
|
make
|
||||||
|
make install
|
||||||
|
ln -s /usr/local/custom-ssl/apache /usr/local/apache
|
||||||
|
cd -
|
||||||
|
|
Loading…
Reference in New Issue
Block a user