#!/bin/sh # This script picks up scheduled configuration information for this machine # and stores it all in $BASE_DIR. [-d] parameter deletes and # remakes sub-directories as needed in $BASE_DIR. Files in $BASE_DIR # not affected but those generated here are overwritten. As the writers # system /home directory is mounted from a different drive than /, keeping # $BASE_DIR in a regular users account saves the data over system installs. # # Must be run as superuser as many of the config files have restrictive # permissions set. The resulting $BASE_DIR is owned by $CONFIG_USER. # # Copyright (c) 2008-2011 David R. Forrest (Forrest) # # Permission to use, copy, modify, and distribute this material # for any purpose and without fee is hereby granted, provided # that the above copyright notice and this permission notice # appear in all copies, and that the name of Forrest not be # used in advertising or publicity pertaining to this # material without the specific, prior written permission # of an authorized representative of Forrest. FORREST # MAKES NO REPRESENTATIONS ABOUT THE ACCURACY OR SUITABILITY # OF THIS MATERIAL FOR ANY PURPOSE. IT IS PROVIDED "AS IS", # WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. # # Revised 06/04/10 for F13 installation # Revised 01/24/11 for F14 # Revised 08/22/11 technical structure of DIR # Be sure to set user name CONFIG_USER and Base Directory below CONFIG_USER="drf" # Assume we are in F16 Fedora=F16 (/bin/uname -r |grep fc11 >/dev/null) && Fedora=F11 # If F11, use F11 BASE_DIR="/home/drf/Desktop/SystemDocumentation/$Fedora" # Subdirectories to the $BASE_DIR are script created by a statement starting in column 1 # formatted as: DIR=$BASE_DIR/subdirectory_name LOCAL_CONFIG_NOTES='This white box system bypasses many of the Fedora configuration files normally included as it has evolved over several years from earlier installations. As such, be advised to carefully check that configuration information that may be provided by Fedora is actually used. Sorry about that. -drf 4/9/08' # Sanity checks test $UID != 0 && { echo "Must be super user!" ; exit; } test -z $BASE_DIR && { echo "Must set base directory in script (BASE_DIR)" ; exit; } test -z $CONFIG_USER && { echo "Must set a target user for these files" ; exit; } test ! -d $BASE_DIR && { echo "Base Directory ($BASE_DIR) is not a directory" ; exit; } test ! -w $BASE_DIR && { echo "Base Directory ($BASE_DIR) is not writable" ; exit; } # Check how we are to run while getopts ":dbh" opt; do case $opt in d) CLEAN_OUT_DIRS="yes" ;; b) [ -f $BASE_DIR/bootdmesg ] && mv $BASE_DIR/bootdmesg $BASE_DIR/bootdmesg.bak date > $BASE_DIR/bootdmesg echo >> $BASE_DIR/bootdmesg dmesg >> $BASE_DIR/bootdmesg chown $CONFIG_USER.$CONFIG_USER $BASE_DIR/bootdmesg exit 0 ;; *|h ) echo -e "\n Usage: ${0##*/} [-d] [-b] [h]" echo " -d Clean out sub-directories" echo " -b Update boot dmesg output only" echo " -h This help" echo -e " Note: This script requires configuration modification \n" exit 1 ;; esac done # Establish directories # Builds the DIRS to be found in this script. Must start in column 1 and look like the DIR=$BASE_DIR/boot below DIRS=$(awk '/^DIR\=\$BASE_DIR\// { print $1 }' $0 |sed 's/DIR=$BASE_DIR\/\([:alpha:]*\)/\1/g') for directoryfound in $DIRS; do [ -n "$CLEAN_OUT_DIRS" ] && \ { rm -r $BASE_DIR/$directoryfound > /dev/null 2>&1 echo "Removing contents of $BASE_DIR/$directoryfound" } mkdir -p $BASE_DIR/$directoryfound &>/dev/null # create found directory if missing. done DIR=$BASE_DIR/boot # bootup drive, lvm, and iptables at boot { # do all this in a block (faster than a subshell) /usr/local/sbin/booted_drive_info >$DIR/AsBooted rsync -a /boot/grub/grub.conf $DIR/ rm -f /usr/local/bin/RESULTS.txt &>/dev/null /usr/local/bin/boot_info_script032.sh > /dev/null rsync -a /usr/local/bin/RESULTS.txt $DIR/ rm -f /usr/local/bin/RESULTS.txt &>/dev/null /usr/local/sbin/bootinfo > $DIR/bootinfo.out rsync -aRu /etc/lvm/ $DIR/ rsync -aRu /etc/smartd.conf/ $DIR/ [ -f /tmp/iptables-setup ] && rsync -a /tmp/iptables-setup $DIR/ # created by /usr/local/bin/my.rc.local } DIR=$BASE_DIR/CUPS # Printing setup { echo "Files in this directory sourced from /etc/cups" >$DIR/README rsync -a /etc/cups/ $DIR/ rsync -a /etc/printcap $DIR } DIR=$BASE_DIR/Crontabs # system existing crontabs # Selected users in WORD lists only their existing crontabs. # Default -- lists all users existing crontabs.) # WORD="" [ -z "$WORD" ] && WORD="`awk -F\":\" '{ printf \"%s \",$1 }' /etc/passwd`" rm -r $DIR > /dev/null 2>&1 mkdir -p $DIR >/dev/null 2>&1 { for LISTED in $WORD; do date > $DIR/crontab.$LISTED echo >> $DIR/crontab.$LISTED /usr/bin/crontab -u $LISTED -l >> $DIR/crontab.$LISTED 2>&1 grep "no crontab for" $DIR/crontab.$LISTED > /dev/null 2>&1 && \ rm $DIR/crontab.$LISTED done } DIR=$BASE_DIR/hylafax # hylafax+ from http://hylafax.sourceforge.net/ [ -f /var/spool/hylafax/etc/config ] && \ { rsync -a /var/spool/hylafax/etc/config $DIR rsync -a /var/spool/hylafax/etc/config.ttyS1 $DIR rsync -a /usr/local/lib/fax/sendfax.conf $DIR rsync -a /var/spool/hylafax/etc/FaxNotify $DIR rsync -a /var/spool/hylafax/etc/FaxDispatch $DIR rsync -a /var/spool/hylafax/bin/jobcontrol $DIR || mail -s "/var/spool/hylafax/bin/jobcontrol is missing" root echo -e "# From /etc/event.d/ttyS1 $(date)\n\n" > $DIR/faxgetty-init cat /etc/event.d/ttyS1 >> $DIR/faxgetty-init echo -e "# From /usr/local/lib/fax/typerules $(date) \n\n" >$DIR/typerules cat /usr/local/lib/fax/typerules >>$DIR/typerules echo ' # Do not forget: edit-faxcover will edit the default cover page # faxcover.ps default is in /usr/local/lib/fax/faxcover.ps' > $DIR/edit-faxcover rsync -a /usr/local/lib/fax/faxcover.ps $DIR rsync -a /etc/event.d/ttyS1 $DIR rsync -a /home/drf/Desktop/SystemDocumentation/hylafax_error_messages.pdf $DIR } DIR=$BASE_DIR/mailcap # Necessary for alpine http://sourceforge.net/projects/re-alpine/ { cp -u /etc/mailcap $DIR cp -u /etc/mime.types $DIR } DIR=$BASE_DIR/DNS # From ISC includes dhcpd http://www.isc.org/ { cp -u /etc/named.conf $DIR /usr/local/sbin/named-checkconf -p >/var/named/named.conf.canonical ||\ echo -e "\nConversion failed, as will named if attempted" &>>/var/named/named.conf.canonical cp /var/named/named.conf.canonical $DIR rsync -a --copy-links /var/named/* $DIR cp -u /etc/dhcpd.conf $DIR cp -u /etc/sysconfig/dhcpd $DIR/etc-sysconfig-dhcpd cp -u /usr/local/sbin/seen* $DIR/ cp -u /var/db/dhcpd.leases $DIR cp -u /usr/local/sbin/renew-default-route $DIR cp -u /etc/update-keys $DIR cp -u /etc/dhclient-eth0.conf $DIR cp -u /var/lib/dhclient/dhclient-eth0.leases $DIR cp -u /etc/resolv.conf $DIR cp -u /etc/resolv.conf.fixed $DIR cp -u /usr/local/bin/buildblackhole $DIR named-checkzone -D -o $DIR/maplepark.com.signed.canonical maplepark.com \ /var/named/drf/external/maplepark.com.signed &> /tmp/$$junk echo -e "\n;;*** OUTPUT FROM RUN DATED $(date +%F) ***" >>$DIR/maplepark.com.signed.canonical cat /tmp/$$junk >> $DIR/maplepark.com.signed.canonical; rm -f /tmp/$$junk named-checkzone -D -o $DIR/maplepark.com.Internal.canonical maplepark.com \ /var/named/drf/internal/maplepark.com &> /tmp/$$junk echo -e "\n;;*** OUTPUT FROM RUN DATED $(date +%F) ***" >>$DIR/maplepark.com.Internal.canonical cat /tmp/$$junk >> $DIR/maplepark.com.Internal.canonical; rm -f /tmp/$$junk rsync -a /etc/dns-slaves $DIR/etc-dns-slaves echo -e "Running as: $(cat /proc/$(pgrep -o named)/cmdline) $(date) \n" >$DIR/named_process_limits cat /proc/$(pgrep -o named)/limits >> $DIR/named_process_limits ### Optional patch follows echo '/etc/rc.d/init.d/named INIT PATCH (Optional): NOTE: Failure to apply patch will result in the Fedora binary /usr/sbin/named running in lieu of the /usr/local/sbin version. Because we usually use a custom bind from ISC and this Fedora system has a fedora named installed that uses the full system V init scripts that rely on /etc/rc.d/init.d/named scripts to stop, start, or restart, it is necessary to edit the /etc/rc.d/init.d/named script to properly set up limits, the binary, and the working directory upon system upgrades as yum bind updates may overwrite our patch and render it ephemeral: if [ -x /usr/sbin/named-checkconf ] && [ -x /usr/sbin/named-checkzone ] && /usr/sbin/named-checkconf $ckcf_options ${named_conf} >/dev/null 2>&1; then +++ ulimit -u 4096 ## DRF +++ chown -hR named:named /var/named ## DRF --- daemon /usr/sbin/"$named" -u named ${OPTIONS}; +++ daemon /usr/local/sbin/"$named" -u named ${OPTIONS}; ## DRF RETVAL=$? if [ $RETVAL -eq 0 ]; then Also, under rhstatus(), I sometimes add: cat "/proc/$(pgrep -o named)/limits" to get system limits added to the "service named status" report. # DRF 5/7/2010 END INIT PATCH ' >$DIR/README_named_script_changes } DIR=$BASE_DIR/iptables # Firewalls - IPv4 and IPv6 { cp -u /usr/local/sbin/setup_iptables $DIR date > $DIR/iptables-list /sbin/iptables -L -v --line-numbers -n >> $DIR/iptables-list echo "" >>$DIR/iptables-list /sbin/iptables -t nat -L -v --line-numbers -n >> $DIR/iptables-list echo -e "\nEND of iptables list\n" >>$DIR/iptables-list /sbin/ip6tables -L -v --line-numbers -n > $DIR/ip6tables-list echo "$LOCAL_CONFIG_NOTES" >$DIR/README } DIR=$BASE_DIR/SysStartupConfigs # System startup configurations { cp -u /etc/inittab $DIR cp -u /etc/rc.d/rc.local $DIR rsync -a /usr/local/bin/my.rc.local $DIR cp -u /etc/bashrc $DIR/etc.bashrc cp -u /etc/profile $DIR/etc.profile echo "$LOCAL_CONFIG_NOTES" >$DIR/README /sbin/chkconfig --list >$DIR/chkconfigs rsync -u /etc/rc.d/init.d/* $DIR/init.d/ } DIR=$BASE_DIR/a2ps # ascii to ps print formatting used by alpine mailer { cp -u /etc/a2ps-site.cfg $DIR cp -u /etc/a2ps.cfg $DIR } DIR=$BASE_DIR/syslog # System logs and rotation { cp -u /etc/rsyslog.conf $DIR cp -u /etc/logrotate.conf $DIR rsync -a /etc/logrotate.d $DIR/ echo "Files to be rotated are configured in logrotate.d/syslog" > $DIR/README } DIR=$BASE_DIR/killit # Kills bad guys knocking on my ssh daemon { cp -u /usr/local/sbin/killit $DIR cp -u /usr/local/sbin/killit_plugin $DIR cp -u /usr/local/sbin/dropbad $DIR cp -u /usr/local/sbin/seen_it $DIR cp -u /usr/local/sbin/seenit_plugin $DIR cp -u /usr/local/sbin/stopscan_plugin $DIR } DIR=$BASE_DIR/NFS # Linux file sharing cp -u /etc/exports $DIR DIR=$BASE_DIR/Samba # M$ file sharing { rsync -a --exclude drivers/ /etc/samba/* $DIR/ echo `date` >$DIR/smb.conf.brief /usr/bin/testparm -s >> $DIR/smb.conf.brief 2>&1 } DIR=$BASE_DIR/Sendmail # Mail transport and delivery { cp -uR /etc/mail/* $DIR/ cp -u /home/$CONFIG_USER/.procmailrc $DIR/procmailrc.$CONFIG_USER echo "$LOCAL_CONFIG_NOTES" >$DIR/README } DIR=$BASE_DIR/sshd # System secure shell cp -uR /etc/ssh/* $DIR DIR=$BASE_DIR/httpd # Apache web server { cp -uR /var/www/html/* $DIR cp -u /etc/httpd/conf/httpd.conf $DIR cp -uR /var/www/cgi-bin $DIR cp -u /home/anon/passwd $DIR echo "Our AuthUserFile is /home/anon/passwd because the /home directory is mounted from a separate partition and independent of system upgrades. As almost all our pages are served from the home directories of users, this insures that our .htaccess files are always referring to an existing password file. Of course any user can set up their own .htpasswd files in some other location (outside of web access, I hope). DRF 2/14/09 (Happy Valentines day!)" > $DIR/htpasswd-README } DIR=$BASE_DIR/yum # Yellow-dog update manager { cp -u /etc/yum.conf $DIR cp -uR /etc/yum.repos.d/ $DIR/ } DIR=$BASE_DIR/usr-local-bin # Locally installed general executables cp -u /usr/local/bin/* $DIR/ # usr-local-sbin DIR=$BASE_DIR/usr-local-sbin # Locally installed system executables cp -u /usr/local/sbin/* $DIR/ DIR=$BASE_DIR/FormsAndScripts # Miscellaneous scripts { cp -u /home/drf/FormsAndScripts/* $DIR/ echo "$LOCAL_CONFIG_NOTES" >$DIR/README } DIR=$BASE_DIR/SysConfigs # Fedora system configs http://fedoraproject.org/ { rsync -a --delete --copy-links /etc/sysconfig/* $DIR/ rsync -a --delete --copy-links /etc/modprobe.d $DIR/ echo "$LOCAL_CONFIG_NOTES" >$DIR/README } DIR=$BASE_DIR/ApplicationConfigs # Application configs { #cp -u /etc/xtide.conf $DIR #cp -uR /etc/mplayer $DIR rsync -a /home/drf/.pinerc $DIR/drf.pinerc rsync -a /root/.pinerc $DIR/root.pinerc } DIR=$BASE_DIR/DisksIfacesRoutes # Disk, interface, and routing information { cp -u /usr/local/sbin/renew-default-route $DIR { # Create a disktable file date > $DIR/disktable echo -e "\n\nfdisk -l ---->" >> $DIR/disktable /sbin/fdisk -l >>$DIR/disktable 2>/dev/null echo -e "\n\nfstab ---->">>$DIR/disktable cat /etc/fstab >> $DIR/disktable echo -e "\n\ndf -P ---->" >> $DIR/disktable /bin/df -P >> $DIR/disktable echo -e "\n\nhddtemp /dev/sd[a-f]---->" >> $DIR/disktable /usr/sbin/hddtemp /dev/sd[a-f] >> $DIR/disktable echo -e "\n\nudev ------>" >>$DIR/disktable ls -lR /dev/disk/ >>$DIR/disktable echo -e "\n\nblkid ------>" >>$DIR/disktable /sbin/blkid >>$DIR/disktable echo -en "\n\n End report " >> $DIR/disktable date >> $DIR/disktable } { # Network configuration date > $DIR/Network echo >> $DIR/Network /sbin/ifconfig >> $DIR/Network date > $DIR/Route echo >> $DIR/Route /sbin/route -n >> $DIR/Route echo >> $DIR/Route /sbin/route -A inet6 -n >> $DIR/Route } # Update lvm info to /boot and to our archive rsync -a /etc/lvm/* $DIR/lvm/ rsync -a /etc/lvm/* /boot/lvm/ } # Entries below this line are in $BASE_DIR - not in subdirectories # _____________________________________________________________________________________ # # Warning README echo "$LOCAL_CONFIG_NOTES" >$BASE_DIR/README # Copy the passwd file cp -u /etc/passwd $BASE_DIR/passwd # Box details are kept in parent directory for now cp -u $BASE_DIR/../BoxDetails $BASE_DIR/ # Box data here # Preserve last dmesg { DMESG=$BASE_DIR/dmesg [ -f $DMESG ] && mv $DMESG $DMESG.bak date > $DMESG echo >>$DMESG dmesg >>$DMESG } # Scan hardware { date > $BASE_DIR/HardwareList echo >> $BASE_DIR/HardwareList lshw >> $BASE_DIR/HardwareList 2>&1 lshw -short >>$BASE_DIR/HardwareList 2>&1 } # Copy this script as executed to base directory { rsync $0 $BASE_DIR/ScriptAsRun rsync $0 $BASE_DIR/ } # Wait for all subshells to complete wait # Make sure all directories are browsable and readable find $BASE_DIR/ -type d |while read dirfound; do chmod 777 $dirfound; done # Create a file manifest of $BASE_DIR files & set modes to -rw-rw-r-- { find $BASE_DIR/ -type f |tee $BASE_DIR/FileManifest|\ while read filefound; do chmod 664 $filefound; done } # Change owership of all files to the config user chown -R $CONFIG_USER.$CONFIG_USER $BASE_DIR # End of script