#!/bin/sh # This script picks up scheduled configuration information for this machine # and stores it all in $BASE_DIR. [-d] parameter deletes and # remakes sub-directories as needed in $BASE_DIR. Files in $BASE_DIR # not affected but those generated here are overwritten. As the writers # system /home directory is mounted from a different drive than /, keeping # $BASE_DIR in a regular users account saves the data over system installs. # # Must be run as superuser as many of the config files have restrictive # permissions set. The resulting $BASE_DIR is owned by $CONFIG_USER. # # Copyright (c) 2008-2010 David R. Forrest (Forrest) # # Permission to use, copy, modify, and distribute this material # for any purpose and without fee is hereby granted, provided # that the above copyright notice and this permission notice # appear in all copies, and that the name of Forrest not be # used in advertising or publicity pertaining to this # material without the specific, prior written permission # of an authorized representative of Forrest. FORREST # MAKES NO REPRESENTATIONS ABOUT THE ACCURACY OR SUITABILITY # OF THIS MATERIAL FOR ANY PURPOSE. IT IS PROVIDED "AS IS", # WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. # # Revised 06/04/10 for F13 installation # Be sure to set user name CONFIG_USER and Base Directory below CONFIG_USER="drf" # Assume we are in F13 Fedora=F13 (/bin/uname -r |grep fc11 >/dev/null) && Fedora=F11 # If F11, assume F11 BASE_DIR="/home/drf/Desktop/SystemDocumentation/$Fedora" LOCAL_CONFIG_NOTES='This white box system bypasses many of the Fedora configuration files normally included as it has evolved over several years from earlier installations. As such, be advised to carefully check that configuration information that may be provided by Fedora is actually used. Sorry about that. -drf 4/9/08' DIRS='boot CUPS printcap Crontabs hylafax mailcap DNS iptables SysStartupConfigs a2ps syslog killit NFS Samba Sendmail sshd httpd yum usr-local-bin usr-local-sbin FormsAndScripts SysConfigs ApplicationConfigs' # Sanity checks test $UID != 0 && { echo "Must be super user!" ; exit; } test -z $BASE_DIR && { echo "Must set base directory in script (BASE_DIR)" ; exit; } test -z $CONFIG_USER && { echo "Must set a target user for these files" ; exit; } test ! -d $BASE_DIR && { echo "Base Directory ($BASE_DIR) is not a directory" ; exit; } test ! -w $BASE_DIR && { echo "Base Directory ($BASE_DIR) is not writable" ; exit; } # Check how we are to run while getopts ":dbh" opt; do case $opt in d) CLEAN_OUT_DIRS="yes" ;; b) date > $BASE_DIR/bootdmesg.$(date +%F) echo >> $BASE_DIR/bootdmesg.$(date +%F) dmesg >> $BASE_DIR/bootdmesg.$(date +%F) exit 0 ;; *|h ) echo -e "\n Usage: ${0##*/} [-d] [-b]" echo " -d Clean out sub-directories" echo " -b Update boot dmesg output only" echo " -h This help" echo -e " Note: This script requires configuration modification \n" exit 1 ;; esac done # establish directories for instance in $DIRS; do [ -n "$CLEAN_OUT_DIRS" ] && \ { rm -r $BASE_DIR/$instance > /dev/null 2>&1 echo "Removing all contents of directory $BASE_DIR/$instance " } mkdir -p $BASE_DIR/$instance &>/dev/null done # boot { # do all this in a block (faster than a subshell) rsync -a /boot/grub/grub.conf $BASE_DIR/boot/ rm -f /usr/local/bin/RESULTS.txt &>/dev/null /usr/local/bin/boot_info_script032.sh > /dev/null rsync -a /usr/local/bin/RESULTS.txt $BASE_DIR/boot/ rm -f /usr/local/bin/RESULTS.txt &>/dev/null /usr/local/sbin/bootinfo > /tmp/bootinfo.out rsync -a /tmp/bootinfo.out $BASE_DIR/boot/ rm -f /tmp/bootinfo.out rsync -aRu /etc/lvm/ $BASE_DIR/boot/ rsync -aRu /etc/smartd.conf/ $BASE_DIR/boot/ } # CUPS { echo "Files in this directory sourced from /etc/cups" >$BASE_DIR/CUPS/sourced rsync -a /etc/cups/ $BASE_DIR/CUPS/ } # printcap rsync -a /etc/printcap $BASE_DIR/printcap/ # crontabs # Selected users in WORD lists only their existing crontabs. # Default -- lists all users existing crontabs.) # WORD="" [ -z "$WORD" ] && WORD="`awk -F\":\" '{ printf \"%s \",$1 }' /etc/passwd`" rm -r $BASE_DIR/Crontabs > /dev/null 2>&1 mkdir -p $BASE_DIR/Crontabs >/dev/null 2>&1 { for LISTED in $WORD; do date > $BASE_DIR/Crontabs/crontab.$LISTED echo >> $BASE_DIR/Crontabs/crontab.$LISTED /usr/bin/crontab -u $LISTED -l >> $BASE_DIR/Crontabs/crontab.$LISTED 2>&1 grep "no crontab for" $BASE_DIR/Crontabs/crontab.$LISTED > /dev/null 2>&1 && \ rm $BASE_DIR/Crontabs/crontab.$LISTED done } # hylafax+ [ -f /var/spool/hylafax/etc/config ] && { rsync -a /var/spool/hylafax/etc/config $BASE_DIR/hylafax rsync -a /var/spool/hylafax/etc/config.ttyS1 $BASE_DIR/hylafax rsync -a /usr/local/lib/fax/sendfax.conf $BASE_DIR/hylafax rsync -a /var/spool/hylafax/etc/FaxNotify $BASE_DIR/hylafax rsync -a /var/spool/hylafax/etc/FaxDispatch $BASE_DIR/hylafax rsync -a /var/spool/hylafax/bin/jobcontrol $BASE_DIR/hylafax || mail -s "/var/spool/hylafax/bin/jobcontrol is missing" root echo -e "# From /etc/event.d/ttyS1 $(date)\n\n" > $BASE_DIR/hylafax/faxgetty-init cat /etc/event.d/ttyS1 >> $BASE_DIR/hylafax/faxgetty-init echo -e "# From /usr/local/lib/fax/typerules $(date) \n\n" >$BASE_DIR/hylafax/typerules cat /usr/local/lib/fax/typerules >>$BASE_DIR/hylafax/typerules # Don't forget: edit-faxcover will edit the default cover page # faxcover.ps default is in /usr/local/lib/fax/faxcover.ps rsync -a /usr/local/lib/fax/faxcover.ps $BASE_DIR/hylafax rsync -a /etc/event.d/ttyS1 $BASE_DIR/hylafax rsync -a /home/drf/Desktop/SystemDocumentation/hylafax_error_messages.pdf $BASE_DIR/hylafax } # mailcap { cp -u /etc/mailcap $BASE_DIR/mailcap/ cp -u /etc/mime.types $BASE_DIR/mailcap/ } # DNS DHCPD files { cp -u /etc/named.conf $BASE_DIR/DNS/ /usr/local/sbin/named-checkconf -p >/var/named/named.conf.canonical ||\ echo -e "\nConversion failed, as will named if attempted" &>>/var/named/named.conf.canonical cp /var/named/named.conf.canonical $BASE_DIR/DNS/ rsync -a --copy-links /var/named/* $BASE_DIR/DNS/ cp -u /etc/dhcpd.conf $BASE_DIR/DNS/ cp -u /etc/sysconfig/dhcpd $BASE_DIR/DNS/etc-sysconfig-dhcpd cp -u /usr/local/sbin/seen* $BASE_DIR/DNS/ cp -u /var/db/dhcpd.leases $BASE_DIR/DNS/ cp -u /usr/local/sbin/renew-default-route $BASE_DIR/DNS/ cp -u /etc/update-keys $BASE_DIR/DNS/ cp -u /etc/dhclient-eth0.conf $BASE_DIR/DNS/ cp -u /var/lib/dhclient/dhclient-eth0.leases $BASE_DIR/DNS/ cp -u /etc/resolv.conf $BASE_DIR/DNS/ cp -u /usr/local/bin/buildblackhole $BASE_DIR/DNS/ rsync -a /etc/dns-slaves $BASE_DIR/DNS/etc-dns-slaves echo -e "Running as: $(cat /proc/$(pgrep named)/cmdline) $(date) \n" >$BASE_DIR/DNS/named_process_limits cat /proc/$(pgrep named)/limits >> $BASE_DIR/DNS/named_process_limits ### Optional patch follows echo '/etc/rc.d/init.d/named INIT PATCH (Optional): NOTE: Failure to apply patch will result in the F13 binary /usr/sbin/named running in lieu of /usr/local/sbin version. Because we usually use a custom bind from ISC and this Fedora system has a fedora named installed that uses the full system V init scripts that rely on /etc/rc.d/init.d/named scripts to stop, start, or restart, it is necessary to edit the /etc/rc.d/init.d/named script to properly set up limits, the binary, and the working directory upon system upgrades as yum bind updates may overwrite our patch and render it ephemeral: if [ -x /usr/sbin/named-checkconf ] && [ -x /usr/sbin/named-checkzone ] && /usr/sbin/named-checkconf $ckcf_options ${named_conf} >/dev/null 2>&1; then +++ ulimit -u 4096 ## DRF +++ chown -hR named:named /var/named ## DRF --- daemon /usr/sbin/"$named" -u named ${OPTIONS}; +++ daemon /usr/local/sbin/"$named" -u named ${OPTIONS}; ## DRF RETVAL=$? if [ $RETVAL -eq 0 ]; then Also, under rhstatus(), I sometimes add: cat "/proc/$(pgrep -o named)/limits" to get system limits added to the service named status report. # DRF 5/7/2010 END INIT PATCH ' >$BASE_DIR/DNS/README_named_script_changes } # iptables { cp -u /usr/local/sbin/setup_iptables $BASE_DIR/iptables/ date > $BASE_DIR/iptables/iptables-list /sbin/iptables -L -v --line-numbers -n >> $BASE_DIR/iptables/iptables-list echo "" >>$BASE_DIR/iptables/iptables-list /sbin/iptables -t nat -L -v --line-numbers -n >> $BASE_DIR/iptables/iptables-list echo -e "\nEND of iptables list\n" >>$BASE_DIR/iptables/iptables-list echo "$LOCAL_CONFIG_NOTES" >$BASE_DIR/iptables/README } # System startup { cp -u /etc/inittab $BASE_DIR/SysStartupConfigs cp -u /etc/rc.d/rc.local $BASE_DIR/SysStartupConfigs cp -u /etc/bashrc $BASE_DIR/SysStartupConfigs/etc.bashrc cp -u /etc/profile $BASE_DIR/SysStartupConfigs/etc.profile echo "$LOCAL_CONFIG_NOTES" >$BASE_DIR/SysStartupConfigs/README /sbin/chkconfig --list >$BASE_DIR/SysStartupConfigs/chkconfigs } # a2ps { cp -u /etc/a2ps-site.cfg $BASE_DIR/a2ps/ cp -u /etc/a2ps.cfg $BASE_DIR/a2ps/ } # syslog { cp -u /etc/rsyslog.conf $BASE_DIR/syslog/ cp -u /etc/logrotate.conf $BASE_DIR/syslog/ rsync -a /etc/logrotate.d $BASE_DIR/syslog/ echo "Files to be rotated are configured in logrotate.d/syslog" > $BASE_DIR/syslog/README } # killit { cp -u /usr/local/sbin/killit $BASE_DIR/killit/ cp -u /usr/local/sbin/killit_plugin $BASE_DIR/killit/ cp -u /usr/local/sbin/dropbad $BASE_DIR/killit/ cp -u /usr/local/sbin/seen_it $BASE_DIR/killit/ cp -u /usr/local/sbin/seenit_plugin $BASE_DIR/killit/ cp -u /usr/local/sbin/stopscan_plugin $BASE_DIR/killit/ } # NFS cp -u /etc/exports $BASE_DIR/NFS/ # Samba { rsync -a --exclude drivers/ /etc/samba/* $BASE_DIR/Samba/ echo `date` >$BASE_DIR/Samba/smb.conf.brief /usr/bin/testparm -s >> $BASE_DIR/Samba/smb.conf.brief 2>&1 } # Sendmail { cp -uR /etc/mail/* $BASE_DIR/Sendmail/ cp -u /home/$CONFIG_USER/.procmailrc $BASE_DIR/Sendmail/ echo "$LOCAL_CONFIG_NOTES" >$BASE_DIR/Sendmail/README } # sshd cp -uR /etc/ssh/* $BASE_DIR/sshd/ # httpd { cp -u /var/www/html/* $BASE_DIR/httpd/ cp -u /etc/httpd/conf/httpd.conf $BASE_DIR/httpd/ cp -uR /var/www/cgi-bin/ $BASE_DIR/httpd/ cp -u /home/anon/passwd $BASE_DIR/httpd/ echo "Our AuthUserFile is /home/anon/passwd because the /home directory is mounted from a separate partition and independent of system upgrades. As almost all our pages are served from the home directories of users, this insures that our .htaccess files are always referring to an existing password file. Of course any user can set up their own .htpasswd files in some other location (outside of web access, I hope). DRF 2/14/09 (Happy Valentines day!)" > $BASE_DIR/httpd/htpasswd-README } # yum { cp -u /etc/yum.conf $BASE_DIR/yum/ cp -uR /etc/yum.repos.d/ $BASE_DIR/yum/ } # usr-local-bin cp -u /usr/local/bin/* $BASE_DIR/usr-local-bin/ # usr-local-sbin cp -u /usr/local/sbin/* $BASE_DIR/usr-local-sbin/ # FormsAndScripts { cp -u /home/drf/FormsAndScripts/* $BASE_DIR/FormsAndScripts/ echo "$LOCAL_CONFIG_NOTES" >$BASE_DIR/FormsAndScripts/README } # Fedora system configs { rsync -a --delete --copy-links /etc/sysconfig/* $BASE_DIR/SysConfigs/ rsync -a --delete --copy-links /etc/modprobe.d $BASE_DIR/SysConfigs/ echo "$LOCAL_CONFIG_NOTES" >$BASE_DIR/SysConfigs/README } # Application configs { #cp -u /etc/xtide.conf $BASE_DIR/ApplicationConfigs/ #cp -uR /etc/mplayer $BASE_DIR/ApplicationConfigs/ rsync -a /home/drf/.pinerc $BASE_DIR/ApplicationConfigs/drf.pinerc rsync -a /root/.pinerc $BASE_DIR/ApplicationConfigs/root.pinerc } # Entries below this line are in $BASE_DIR - not in subdirectories # _____________________________________________________________________________________ # # Warning README echo "$LOCAL_CONFIG_NOTES" >$BASE_DIR/README # Renew route script cp -u /usr/local/sbin/renew-default-route $BASE_DIR/ # Create a disktable file { date > $BASE_DIR/disktable echo -e "\n\nfdisk -l ---->" >> $BASE_DIR/disktable /sbin/fdisk -l >>$BASE_DIR/disktable 2>/dev/null echo -e "\n\nfstab ---->">>$BASE_DIR/disktable cat /etc/fstab >> $BASE_DIR/disktable echo -e "\n\ndf -P ---->" >> $BASE_DIR/disktable /bin/df -P >> $BASE_DIR/disktable echo -e "\n\nhddtemp /dev/sd[a-f]---->" >> $BASE_DIR/disktable /usr/sbin/hddtemp /dev/sd[a-f] >> $BASE_DIR/disktable echo -e "\n\nudev ------>" >>$BASE_DIR/disktable ls -lR /dev/disk/ >>$BASE_DIR/disktable echo -e "\n\nblkid ------>" >>$BASE_DIR/disktable /sbin/blkid >>$BASE_DIR/disktable echo -en "\n\n End report " >> $BASE_DIR/disktable date >> $BASE_DIR/disktable } # Copy the passwd file cp -u /etc/passwd $BASE_DIR/passwd # Box details are kept in parent directory for now cp -u $BASE_DIR/../BoxDetails $BASE_DIR/ # Box data here # Preserve last dmeg { DMESG=$BASE_DIR/dmesg.$(date +%F) date > $DMESG echo >>$DMESG dmesg >>$DMESG } # Network configuration { date > $BASE_DIR/Network echo >> $BASE_DIR/Network /sbin/ifconfig >> $BASE_DIR/Network date > $BASE_DIR/Route echo >> $BASE_DIR/Route /sbin/route >> $BASE_DIR/Route echo >> $BASE_DIR/Route /sbin/route -A inet6 >> $BASE_DIR/Route } # Scan hardware { date > $BASE_DIR/HardwareList echo >> $BASE_DIR/HardwareList lshw >> $BASE_DIR/HardwareList 2>&1 lshw -short >>$BASE_DIR/HardwareList 2>&1 } # Copy this file as executed on this date to base directory { rsync $0 $BASE_DIR/Updated_as_of_$(date +%F) rsync $0 $BASE_DIR/ } # Wait for all subshells to complete wait # Make sure all directories are browsable and readable find $BASE_DIR/ -type d |while read file; do chmod 777 $file; done # Create a file manifest of $BASE_DIR files & set modes to -rw-rw-rw- { find $BASE_DIR/ -type f |tee $BASE_DIR/FileManifest|\ while read file; do chmod 666 $file; done } # Change owership of all files to the config user chown -R $CONFIG_USER.$CONFIG_USER $BASE_DIR # End of script