Linux Training

Linux training for private, public & voluntary sector.

0793 572 8612
Home | Contact | Linux Support | Shell scripts

Search



Linux / UNIX services

Sample scripts.

City Linux Training Seal

I am based just outside Nottingham in the East Midlands and can readily provide on-site Linux training courses in Nottingham, Beeston, Castle Donnington, Chesterfield, Derby, East Leak, Grantham, Leicester, Lincoln, Loughborough, Mansfield, Market Harborough, Newark, Sheffield, Stoke on Trent and Sutton Ashfield. Off site training and public linux classes can be arranged in Nottingham and elsewhere in the East Midlands.
    Valid XHTML 1.0!   Valid CSS!

City LinUX sample scripts - chkfw 


#!/bin/bash
#$Id: chkfw,v 1.104 2016/11/12 09:27:49 fulford Exp $
# $Source: /src/merlin/usr/local/etc/RCS/chkfw,v $
# $Revision: 1.104 $
# Author C W Fulford.
# Copyright 2012 - 2013 (c) C W Fulford.
# Licensed for public use under the LGPL.
# For assistance contact fulford@fulford.net 0709 229 5385
###################################################################
cmd=`basename $0`
syntax="$0 [[-C] [-cc <email_copy>] [-d] [-m <max_wait in minutes>] [-l] [-p #[,#...]] [-T] [-u|-U] [-v]] <hostname> |-h|-V"
ver=`echo "$Id: chkfw,v 1.104 2016/11/12 09:27:49 fulford Exp $"|awk '{print $3,$4,$5}'`
while [ $# -gt 0 ];do
	case $1 in
		-C) chkonly=:;shift;;
		-cc) cc=$2;shift 2;;
		-d) verbose=0;debug=1;set -x;shift ;;
	--force-restore) forcerestore=:;shift;;
		-h) if [ $# -eq 1  ];then
			man 8l chkfw
			exit 
		    else
			echo "syntax: $syntax">&2
			exit
		    fi;;
		-l) log=:; shift;;
		-m) max_wait=$2; shift 2;;
		-n) now=1;shift;;
		-p) ports=$2 ;shift 2 ;;
		-T) txt=00022220009@txtservice.co.uk;shift;;
		-u) if [ ${update-0} -gt 1 ];then
		    	echo "$syntax">&2
			exit 1
		    else
	     	    	update=1
		    fi
		    shift;;# update tmplt only
		-U) if [ ${update:-0} -eq 1 ];then
		    	echo "$syntax">&2
			exit 1
		    else
	     	    	update=2
		    fi
		    shift;;# update tmplt config and fw boot file
		-v) verbose=0 ;shift 1;;
		-V) echo "$cmd $ver";exit;;
		-*) echo "syntax: $syntax" >&2; exit 1;;
		 *) if [ $# -eq 1 ];then
			host=$1;shift
		    else
			echo $syntax >&2
			exit 1
		    fi;;
	esac
done

#set variables
[ -z "$host" ]&& { echo $syntax >&2; exit 1 ;}
ip=`nslookup $host|awk '/Address:/{if($2 !~ "#")print $2}'`
cname=`nslookup $ip |awk '/name =/{print $4}'` 
cc=${cc:-fulford@fulford.net}
delay=0
debug=${debug:-0}
email_rcpt=fulford@fulford.net
logdir=/var/log/$host
[  -d $logdir ] ||sudo mkdir -m 775 $logdir||
	{ echo "$cmd: Can't create $logdir">&2 
			exit 1
	}
fwchlog=$logdir/`date +%y%m%d%X`
fw_restore=0
iptables=/etc/sysconfig/iptables
iptables_cfg=/etc/sysconfig/iptables-config
srcdir=/src/$host
iptables_src=${srcdir}/${iptables}
iptables_cfg_src=${srcdir}${iptables_cfg}
max_wait=${max_wait:-30} # After 30 minutes cron will rerun process
msgf=/tmp/f$$
now=${now:-0}
ports=${ports:-22}
psa_fwsw=/usr/local/psa/var/modules/firewall/active.flag
tmplt=/usr/local/etc/$host.d/fw
tmp=/tmp/`basename $0`$$
tmp_ports=/tmp/ports.$$
txtsent=/var/tmp/${cmd}${host}-txt
update=${update:-0}

[ $verbose ] && echo "$cmd: host=$host ip=$ip cononical=$cname"

# Serious situation send alert by text and e-mail.
_alert (){
	   read msg 
	   [ ! -f $txtsent -a -n "$txt" ] && cc="$cc,$txt"
	   mailx -s "URGENT $host - $msg" \
		-c $cc \
		$email_rcpt </dev/null
	   touch $txtsent
	   [ $verbose ] && echo "$cmd: alert sent" >&2
	   [ $log ] && logger -t $cmd-$host "$msg" ||{
		echo "$cmd failed line:$LINENO: logger -t $cmd-$host $msg" >&2
		}
}

# function to check if target server up, $port available and ssh ok.
_host_up (){ 	mins=0
		nports=`echo $ports|sed -e 's/,/ /g'|wc -w`
		plist=`echo $ports|sed -e 's/,/ /g'`
		[ $verbose ] && echo "$cmd: $nports port(s) to check ie. $plist"
		for p in $plist ;do
			found=n
	     		while [ "$mins" -lt $max_wait -a $found = "n" ];do
		    		nmap -p $p $host >$tmp_ports
		    		date=`date`	
		        	[ $verbose ]&& echo "$cmd: checking port $port" 
		   		if grep -q "$p/tcp open" $tmp_ports ;then
				     found=y
		 		     msg="port $p open - $date"
		        	     [ $verbose ] && echo "$cmd: $msg" 
		        	else
		     		     msg="waiting for port $p on $host $date"
					#if this is first iteration send alert
	   	    			[ $mins -eq 0 ]&&  echo "$msg"|_alert &
	   	      			[ $verbose ]&& echo "$cmd: $msg" >&2
					sleep 60
					mins=`expr $mins + 1`
		    	 	fi	
		     	done
	     		if [ $found = n ];then
				msg="$host port $p unavailable - $date"
				echo "$msg"|_alert 
	   			[ $verbose ]&& echo "$cmd: $msg" >&2
			fi
			nports=`expr $nports - 1`
	      	done;
		return $nports
}

# function to check status of running firewall
_fwok (){
	date=`date`
	ssh -q  $host "sudo iptables -nL"  >$tmp
	date > $fwchlog	
	if [ `sudo diff $tmp $tmplt|tee -a $fwchlog |wc -l` -eq 0 ];then 
		e_val=0
	else
		e_val=1
	fi	
	return $e_val 
}
 
_update (){
	update=$1
	ssh -q $host "sudo iptables -nL" >$tmp
	tmplt_dir=`dirname $tmplt`
	[ ! -d $tmplt_dir ] && sudo mkdir -p $tmplt_dir
	[ ! -f $tmplt ] && sudo touch $tmplt
	ndiffs=`sudo diff $tmp $tmplt|wc -l` #counts the lines
	if [ $ndiffs -gt 0 ];then
		[ $verbose ] && echo "$cmd: updating $tmplt"
		arc=$tmplt.`date +%s`
		sudo cp $tmplt $arc
		sudo cp $tmp $tmplt
	else
		[ $verbose ] && echo "$cmd: $tmplt is up to date"
	fi
	[ $debug -gt 0 ] && echo $ndiffs >&2
	src_dir=`dirname $iptables_cfg_src`
	[ -d $src_dir ] || sudo mkdir -p $src_dir
	[ -f $iptables_cfg_src ] || sudo touch $iptables_cfg_src
	ssh -q ${host} cat $iptables_cfg > $tmp
	if ! diff $tmp $iptables_cfg_src>/dev/null;then
		[ $verbose ] && echo "$cmd: updating $iptables_cfg_src"
		sudo cp $tmp $iptables_cfg_src
	else
		echo "$cmd: $iptables_cfg_src is up to date"
	fi
	if [ $update -gt 1 ];then
		[ -f $iptables_src ]||sudo touch $iptables_src
		ssh -q ${host} "cat $iptables" >$tmp.iptables
		if ! diff $tmp.iptables $iptables_src>/dev/null;then
			[ $verbose ] && echo "$cmd: updating $iptables_src"
			sudo cp $tmp.iptables $iptables_src
		else
			echo "$cmd: $iptables_src is up to date"
		fi
	fi	
	return $ndiffs
}
if _host_up;then 
	if [ $update -gt 0 ];then
		_update $update
		exit $?
	fi
	# check fw status
	if _fwok ;then
		[ $verbose ] && echo "$cmd: active fw matches $tmplt ok" >&2 
		[ -f $fwchlog ] && rm $fwchlog
		msg="active fw matches $tmplt ok"
		[ $log ]&&{
			logger -t $cmd-$host "$msg"||{
		     		echo "$cmd failed $LINENO: logger -t $cmd-$host $msg">&2
			}
		}
		fw_restore="no"
	else
		   msg="active FW differs from $tmplt see ${fwchlog} $date."
		   echo "$msg"| _alert &
	   	   [ $verbose ] && echo "$cmd $msg" >&2
	   	   fw_restore=:
	fi
	[ $verbose ] && echo "$cmd: fw_restore is set to $fw_restore" >&2

 	# Check fw config if server were rebooted, is the remote
	# configuration the same as the source on the admin server.
	if ssh  -q $host "cat ${iptables_cfg}"|
		sudo diff - $iptables_cfg_src>/dev/null
  	then
  		ipcfg_ok=0
		[ $verbose ] && echo "$cmd: ${iptables_cfg} ok" >&2
  	else
		fw_restore=no
 		date=${date:-`date`}
  		msg="FW reboot config changed -$date."
		echo "Warning - $msg"|_alert
		[ $verbose ]&& echo "$cmd: $msg" >&2
  	fi
 	# Check if fw boot file the same as on admin server
        if ssh -q $host "cat ${iptables}"|
		sudo diff - $iptables_src>/dev/null
	then
		ipcfg_ok=0
		[ $verbose ] && echo "$cmd: $iptables ok" >&2
	else
		fw_restore=no
		date=${date:-`date`}
		msg="$cmd boot file $iptables changed -$date"
		echo "$msg"|_alert
		[ $verbose ]&& echo "$cmd: $msg" >&2
	fi

  	# Check if psa firewall activated.
  	if  ssh -q $host "test -e $psa_fwsw" ;then
		fw_restore=no
  		date=${date:-`date`}
  		echo "$msg psa firewall activated -$date." |_alert 
		[ $verbose ] && echo "$cmd: psa firewall activated on $host" >&2
  	else
		[ $verbose ] && echo "$cmd: psa firewall not activated" >&2
  	fi
	if [ -n "$forcerestore" ] ;then
		fw_restore=yes
		cat $iptables_src |ssh -q $host "sudo dd of=$iptables"
		cat ${iptables_cfg_src}|ssh -q $host "sudo dd of=$iptables_cfg"
	fi
	if [ "$fw_restore" = "yes" ] ;then
		[ -n "$chkonly" ] && exit
		echo ssh -q $host "sudo /etc/init.d/iptables restart&"
		sleep 10 
		if _fwok ;then
			msg="FW restored"
		else
			msg="FW restore failed"
		fi	
		echo "$msg - see $fwchlog"|_alert
	fi
	[ -f $tmp ] && rm $tmp
	[ -f $txtsent ] && rm $txtsent
	[ -f $tmp_ports ] && rm $tmp_ports
fi
######################################################################
# This program is free software: you can redistribute it and or      #
# modify it under the terms of the Lesser GNU General Public License #
# as published by the Free Software Foundation, either version 3 of  #
# the License, or (at your option) any later version.                #
#                                                                    #
# This program is distributed in the hope that it will be useful,    #
# but WITHOUT ANY WARRANTY; without even the implied warranty of     #    
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the      #
# GNU General Public License for more details.                       #
#                                                                    # 
# A copy of the Lesser GNU General Public License and the GNU        #
# General Public License is available at                             #
# <http://www.gnu.org/licenses/>.                                    #
######################################################################

Trainer

Picture of Clifford W Fulford - IT consultant
Clifford W Fulford BA(Hons), PGDip (Computing), PGCE. DES/DFE No. 7773034.

I started my career in computing in the days of CPM and C/CPM, building network operating systems and correcting bespoke software written to manage community transport booking and accounting systems.

I fist came across UNIX when called upon to migrate database systems from Mercator BBS to Thoroughbred Basic. Excited by the power and flexibility of UNIX in 1989/90 I studied the OS at City University night classes while developing my practical skills in a SCO Xenix environment during the working day.

In 1994 I was introduced to Linux by students in the School of Mathematics and Computing at North London University. Although initially sceptical of the ability of the fledgling OS to meet the requirements of large scale mission critical systems, I rapidly became a convert to Linux in a corporate environment.

I have now worked professionally as a systems manager and systems administrator with Xenix, AIX, HPUX, SunOS, Solaris and Linux in the City, Antwerp, McLean Virginia, Cairo, Birmingham and Nottingham for over 25 years

Copyright © 2003-2017 Clifford W Fulford.
Fulford Consulting Ltd. Regd. Co. 4250037 in England & Wales. Regd. office 162, Edward Rd. Nottingham NG2 5GF, England, UK.

Related web sites: City Linux | Flare Support | West Bridgford | Fulford Portal | Joan Mary Fulford (Nottingham Writer) | Fulford Gallery | Amharic Interpreter | Arabic Interpreter | Tigrinya Interpreter

The layout and associated style sheets for this page are taken from the World Wide Web Consortium and used here under the W3C software licence.