分享
 
 
 

系统比对[oscmp.pl]

王朝other·作者佚名  2008-05-18
窄屏简体版  字體: |||超大  

#!/usr/bin/perl -w

###########################################################################

# Global definitions

###########################################################################

use Getopt::Long;

$tmpdir="/usr/tmp/integrit.$$";

$usrtmp="/usr/tmp/integrit_tmp.$$";

$filedir="$tmpdir/filedir";

$integrit_conf="$tmpdir/integrit.conf";

$integrit="/usr/local/sbin/integrit";

$knowndb="/tmp/tsecdb";

$remcurrentdb="/tmp/databases/integrit.cdb.new";

$currentdb="/tmp/databases";

$remdb="/tmp/tsecdb/integrit.cdb";

$inststuff="/ccrun/etc/inststuff.pl";

###########################################################################

#command

###########################################################################

#$scp="/usr/bin/scp";

#$ssh="/usr/local/bin/ssh";

#$rsync="/usr/bin/rsync";

#$integrit="/usr/bin/integrit";

$scp="/usr/local/bin/scp";

$ssh="/usr/local/bin/ssh";

$rsync="/usr/local/bin/rsync";

$integrit="/usr/local/sbin/integrit";

$rsync_cmd="$rsync -Rapzq --partial -e $ssh";

$rsync_del="$rsync -lvrnc --delete -e $ssh";

$rsync_exist="$rsync -lvrnc --existing -e $ssh";

###########################################################################

# Check for help request. Display help page if --help/-h/-? was passed.

###########################################################################

sub help_page {

my $programname = $0;

$programname =~ s#^\./##;

print("$programname - .Usage: $programname <-r hostname>[-i Ign]Options are interpreted as follows:-r hostname remote hostname\

-i Ign Ignores default setting.For example: \

$programname -r enghp3\n");

exit 1;

}

###########################################################################

# Check and update local configuration

###########################################################################

sub LocalVarExists ($)

{

my ($name) = @_;

return $main::{$name}; # if integrit_conf declared it, we're done.

}

my $newstuff = "";

sub LocalVar ($$)

{

my ($name, $definition) = @_;

return if $main::{$name};

$newstuff .= " " . $name;

open FILE, '>>', $integrit_conf;

print FILE $definition, "\n\n";

close FILE;

}

###########################################################################

# Check data directory

###########################################################################

sub Checkdir()

{

#Check tmp directory

unless (-d $tmpdir)

{

print "Creating tmp directory ($tmpdir) ...\n";

mkdir $tmpdir, 0770;

}

unless (-d $usrtmp)

{

print "Creating tmp directory ($usrtmp) ...\n";

mkdir $usrtmp, 0770;

}

unless (-d $knowndb)

{

print "Creating knowndb directory ($knowndb) ...\n";

mkdir $knowndb, 0770;

}

#unless (-d $datadir) {

# print "Creating data directory ($datadir) ...\n";

# mkdir $datadir, 0770;

#}

###########################################################################

#create integrit.conf

###########################################################################

unless (-e $integrit_conf){

LocalVar('root_dir', <<'END');

# integrit.conf -*- fundamental -*-

#

root=/

END

LocalVar('database', <<'END');

known=/tmp/tsecdb/integrit.cdb

current=/tmp/databases/integrit.cdb.new

END

LocalVar('README', <<'END');

# from the integrit README file:

#

# Here's a table of letters and the corresponding checks / options:

#

# s checksum

# i inode

# p permissions

# l number of links

# u uid

# g gid

# z file size (redundant if checksums are on)

# a access time

# m modification time

# c ctime (time UN*X file info last changed)

# r reset access time (use with care)

#

# Upper case turus off a given check, Lower case turns it on.

#

# Files whose contents are expected to change only get checks on

# permissions, user owner and group owner of the file.

END

LocalVar('SIMC', <<'END');

#

# For /root/

#

!/root

!/dev

!/var

!/tmp

!/mnt

!/.security

!/home

!/ora_system

!/redund

!/stand

!/tcb

!/mnt

!/etc

!/opt/hpws/tomcat

!/opt/hpwebadmin

!/opt/ignite

!/usr/goldimage

!/usr/adm

!/usr/mail

!/usr/spool

!/usr/tmp

!/usr/lost+found

!/usr/preserve

!/usr/spool

!/usr/pub

!/usr/share/man

!/usr/share/doc

!/usr/share/html

!/usr/local/man

!/usr/local/info

!/usr/local/doc

!/usr/local/oracle

!/usr/local/src

!/opt/samba_src

!/opt/java1.3

!/opt/mozilla

#

# For /etc/

#

!/etc/mtab SIMC

!/etc/ssh_random_seed

!/etc/fstab

!/etc/mnttab

!/etc/utmp

!/etc/rc.config.d

!/etc/ipf/ipmon.pid

!/etc/opt/ldapux

!/etc/opt/mx

!/etc/sfd.pid

!/etc/ftpd

!/etc/MANPATH

!/etc/PATH

!/etc/skel

!/etc/pam.conf

!/etc/default

!/etc/useracct

!/etc/utmps

!/etc/utmps

!/etc/shutdownlog

!/etc/issue

!/etc/syslog.conf

#/etc CMPILUGA

#--------------nfs directories

!/mnt/secdb

!/barhost-home

!/adm/barhost-cgi

END

LocalVar('Nocheck', <<'END');

#--------this one gets over-written at boot, so only report changes

# in its contents

# No Check. The infomation is local filesystem info which depend on local host.

!/etc/lvmconf

!/etc/lvmrc

!/etc/lvmtab

!/etc/lvm*

!/etc/vxvmconf

!/etc/vx

!/dev/vx

!/var/vx

!/usr/tmp

!/dev/vg*

!/dev/vxportal

!/etc/.profile.*

!/etc/fstab

!/etc/aliases

!/etc/oratab

!/etc/passwd

!/etc/group

!/etc/opt/resmon

!/etc/hosts

!/etc/publickey

!/etc/rc.config.d/netconf

!/etc/ioconfig

!/stand

END

LocalVar('checkdir', <<'END');

#: Check dir.

/opt CMPILUGA

/bin CMPILUGA

#/etc CMPILUGA

/lib CMPILUGA

/net CMPILUGA

/sbin CMPILUGA

/usr CMPILUGA

/pcrelease CMPILUGA

END

}

unless (-d $knowndb && -d $currentdb)

{

print "Creating known db directory or current db directory ...\n";

mkdir $knowndb, 0770;

mkdir $currentdb, 0770;

}

}

sub GetParas

{

my ($argv);

$argv = join(' ',@ARGV);

$argv = join(' ',@ARGV);

my $tmp = 0;

&help_page if ( $argv eq "" || $argv =~ m!-h! );

GetOptions("r:s","i=s");

if ($opt_r eq "")

{

&help_page;

exit(1);

}

if (! $opt_i eq "")

{

$tmp = $opt_i;

}

return ($opt_r,$tmp);

}

sub Env{

if ($> != 0)

{

print ("\nThe command need root permission!\n\n");

exit(1);

}

}

sub dbsh ($$){

my ($name, $definition) = @_;

return if $main::{$name};

$newstuff .= " " . $name;

open FILE, '>>', "$tmpdir/createdb.sh";

print FILE $definition, "\n\n";

close FILE;

}

###########################################################################

#create creatdb.sh

###########################################################################

sub newdbsh{

dbsh('createdbsh', <<'END');

#!/bin/bash

#Define work direction and command

integrit_conf=`pwd`/integrit.conf

integrit=/usr/local/sbin/integrit

#scp=/usr/bin/scp

#tmpdir=/usr/tmp/integrit.$$

currentdir=/tmp/databases/

currentdb=/tmp/databases/integrit.cdb.new

#if [ ! -d $tmpdir ]; then

# echo Creating $tmpdir directory >&2

# mkdir -p $tmpdir

#fi

if [ ! -d $currentdir ]; then

echo Creating $currentdir directory >&2

mkdir -p $currentdir

fi

ls -l / |grep "^d" |awk '{print "!/"$9}' |grep -v "usr" |grep -v "opt" |grep -v "home"|grep -v "var" |grep -v "root" |grep -v "sbin"|grep -v "bin" |grep -v "net" |grep -v "^dev"| grep -v "etc" |grep -v "lib" | grep -v "pcrelease" >>$integrit_conf

$integrit -u -C $integrit_conf

END

}

###########################################################################

#Check host

###########################################################################

sub Checkhost()

{

my ($thost) = @_;

print "Warning - remote system is $thost- are you sure? (Y/N) ";

my $tmp = <STDIN>;

if ($tmp eq "Y" && $tmp eq "y")

{

print "remote system is $thost\n";

}

else

{

exit 1;

}

}

###########################################################################

#Get remote host db file

###########################################################################

sub Getdb

{

my ($rhost) = @_;

&newdbsh;

system("ssh $rhost -l root '. /etc/.profile; mkdir $tmpdir'");

system("$scp $tmpdir/createdb.sh root\@$rhost:$tmpdir");

system("$scp $integrit_conf root\@$rhost:$tmpdir");

print "Creating integrit db file on $rhost ......\n";

system("ssh $rhost -l root '. /etc/.profile;cd $tmpdir; sh createdb.sh'");

system("$scp root\@$rhost:$remcurrentdb $remdb");

system("ssh $rhost -l root '. /etc/.profile; rm -rf $tmpdir");

}

###########################################################################

#Copy file to tmpdir

###########################################################################

sub cpfile{

my ($usrdir,$filelists) = @_;

#copy file from local host to tmpdir

open(FILE,"$usrdir/$filelists") || die "can not open filelist:$!";

while($filename=<FILE>)

{

chomp($filename);

if (! $filename eq "")

{

my $bar=`dirname $filename`;

# system("mkdir -p $usrdir/filedir$bar");

system("$rsync_cmd $filename $usrdir/filedir 2>/dev/null");

}

}

}

###########################################################################

#check file list

###########################################################################

sub checkfilelist

{

my ($chfile) = @_;

foreach $exist (`cat $tmpdir/$chfile`)

{

chomp($exist);

if (! -e $exist)

{

open (FILE, ">>$usrtmp/$chfile");

print FILE "$exist\n";

}

}

}

###########################################################################

#check not exist file list

###########################################################################

sub checknotexist

{

my ($checkfile) = @_;

foreach $notexist (`cat $tmpdir/$checkfile`)

{

chomp($notexist);

if (-e $notexist)

{

open (FILE, ">>$usrtmp/$checkfile");

print FILE "$notexist\n";

}

}

}

###########################################################################

#cleanup

###########################################################################

sub cleanup

{

system("rm -rf $tmpdir");

}

###########################################################################

#Main routine

###########################################################################

sub main {

my $help = grep(/^--help$/, @ARGV) || grep (/^-h$/, @ARGV) || grep (/^-\?$/, @ARGV) || 0;

help_page() if $help;

#check user uid

&Env;

#Get hostname

my ($host,$Ignores)=&GetParas;

#check host

print ("Warning - remote system is $host- are you sure? (Y/N)");

my $tmp = <STDIN>;

chomp($tmp);

if ($tmp eq "Y" or $tmp eq "y")

{

print "remote system is $host\n";

}

else

{

exit 1;

}

#check data dir

&Checkdir;

#Get remote db file

&Getdb($host);

#no check dirs list

system("ls -1 / |grep -v \"usr\" |grep -v \"opt\"|grep -v \"home\"|grep -v \"var\" |grep -v \"root\" |grep -v \"sbin\"|grep -v \"bin\"|grep -v \"net\"|grep -v \"^dev\" |grep -v \"etc\" |grep -v \"lib\" | grep -v \"pcrelease\" > $tmpdir/rootdirs ");

foreach $dir (`cat $tmpdir/rootdirs`)

{

open (FILE, ">>$integrit_conf");

print FILE "!/$dir";

close (FILE);

}

#create integrit database on v44 and v45 hosts

system("$integrit -u -C $integrit_conf");

system("$integrit -c -C $integrit_conf |grep -v \"^integrit: \">$tmpdir/diffs");

system("cat \"$tmpdir/diffs\" |perl -pi -e 's!.*: +!!g' |perl -pi -e 's! +.*!!g'|sort |uniq |grep -v \"#\" >$tmpdir/diffs_file_list");

#Creating filelist

print "Creating filelist file from $tmpdir/diffs_file_list .....\n";

foreach my $list(`cat $tmpdir/diffs_file_list`)

{

chomp($list);

open (FILE, ">>/$usrtmp/filelist");

print FILE "$list\n" if (! -d $list );

close (FILE);

}

if ($Ignores==1)

{

print "Copy file to $tmpdir/filedir. are you sure? (Y/N) ";

my $tmp = <STDIN>;

chomp($tmp);

exit (1) if ($tmp eq "N" or $tmp eq "n");

}

#copy file from local host to tmpdir

print "Copy file from local host to tmpdir...\n";

open(FILE,"/$usrtmp/filelist") || die "can not open filelist:$!";

while($filename=<FILE>)

{

chomp($filename);

# my $bar=`dirname $filename`;

# system("mkdir -p $filedir$bar");

system("$rsync_cmd $filename $filedir");

}

#Creating addfilelist delfilelist and updatefilelist

print "Creating file list .....\n";

system("ls -1 $filedir >$tmpdir/filedirlist");

foreach $dirlist (`cat $tmpdir/filedirlist`)

{

chomp($dirlist);

system("$rsync_del $filedir/$dirlist/ root\@$host:/$dirlist/|grep \"^deleting\" |grep -v \"^deleting directory\"|perl -pi -e 's!deleting !\/$dirlist\/!'|sort |uniq >>$tmpdir/delfilelist");

system("$rsync_del root\@$host:/$dirlist/ $filedir/$dirlist/|grep \"^deleting\" |grep -v \"^deleting directory\"|perl -pi -e 's!^deleting !\/$dirlist\/!'|sort |uniq >>$tmpdir/addfilelist");

system("$rsync_exist $filedir/$dirlist/ root\@$host:/$dirlist/|grep -v \"^deleting\" |grep -v \"^skipping\"|grep -v \"^building\" |grep -v \"^sent\" |grep -v \"^total\" |grep -v \"^wrote \"|perl -pi -e 's!->.*!!'|perl -pi -e 's!^receiving *!!'|sort |uniq >>$tmpdir/up");

foreach $update (`cat $tmpdir/up`)

{

open (FILE, ">>$tmpdir/updatefilelist");

print FILE "/$dirlist/$update";

close (FILE);

}

}

#check file list

print "checking delete file list....\n";

&checkfilelist("delfilelist");

#copy new file to $usrtmp/filedir

&checknotexist("addfilelist");

if (-e "$usrtmp/addfilelist")

{

print "copy new file to $usrtmp/filedir...\n";

&cpfile($usrtmp,"addfilelist");

}

#copy update file to $usrtmp/filedir

&checknotexist("updatefilelist");

if (-e "$usrtmp/updatefilelist")

{

print "copy update file to $usrtmp/filedir...\n";

&cpfile($usrtmp,"updatefilelist");

}

#please running instsutff.pl

print "Copy file $inststuff from localhost to $tmpdir @ $host.....\n";

system("ssh $host -l root '. /etc/.profile;mkdir $tmpdir'");

system("$rsync -av $inststuff $usrtmp");

system("$rsync -apzq --partial -e $ssh $usrtmp/ root\@$host:$tmpdir");

print("******************************************************************New files ready for final installation on $host:$tmpdir****NOW login to $host and running $tmpdir/instsutff.pl**** For example: **** sudo $tmpdir/inststuff.pl -d $tmpdir**************************************************************\n");

&cleanup;

}

&main;

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有