smeserver/smeserver-audittools
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

initial commit of file from CVS for smeserver-audittools on Mon 10 Jul 08:35:16 BST 2023

Browse Source
This commit is contained in:
Brian Read
2023-07-10 08:35:16 +01:00
parent 0c3dab603b
commit e8ae5ac869
17 changed files with 877 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
root/etc/e-smith/events/smeserver-audittools-update/.gitignore vendored Normal file
View File

65
root/sbin/e-smith/audittools/aliases Normal file
View File

@@ -0,0 +1,65 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2006 Gordon Rowell <gordonr@gormand.com.au>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#----------------------------------------------------------------------
use strict;
use warnings;
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open or die "Couldn't open AccountsDB\n";
use constant ALIAS_DIR => "/var/qmail/alias";
chdir ALIAS_DIR or die "Couldn't chdir alias directory\n";
opendir DIR, '.' or die "Couldn't readdir .\n";
for my $file ( readdir(DIR) )
{
next unless ($file =~ /^.qmail-/);
my $name = $file;
$name =~ s/.qmail-//;
$name =~ s/-default$//;
$name =~ s/:/./g;
my $account = $adb->get($name);
if ($account)
{
print "$file: ACCOUNT: $name - " . $account->prop('type') . "\n";
next;
}
my $template = "/etc/e-smith/templates" . ALIAS_DIR . "/$file";
my $custom_template = "/etc/e-smith/templates-custom" . ALIAS_DIR . "/$file";
if (-e $template or -e $custom_template)
{
print "$file: TEMPLATE exists\n";
next;
}
print "$file: MANUAL - contents:\n";
open FILE, $file;
print <FILE>, "\n";
}

71
root/sbin/e-smith/audittools/events Normal file
View File

@@ -0,0 +1,71 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2006 Gordon Rowell <gordonr@gormand.com.au>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#----------------------------------------------------------------------
use strict;
use warnings;
use RPM2;
use File::Find;
use File::Path;
use File::stat;
# Files not owned by RPMs
# Files modified since install by RPM
# events from "non-standard" RPMs
use RPM2;
my $rpm2 = RPM2->open_rpm_db();
find({ wanted => \&events }, "/etc/e-smith/events");
sub events
{
return unless -f;
my $template = $File::Find::name;
my $status = rpm_status(name => $File::Find::name);
return if ( $status eq "OWNED_BY_RPM");
return if ( $File::Find::name =~ /^\/etc\/e-smith\/events\/temp/);
print "$File::Find::name: $status\n";
}
sub rpm_status
{
my (%options) = @_;
my @rpms = $rpm2->find_by_file($options{name});
return "MANUALLY_ADDED" unless (@rpms);
return "MULTIPLE_RPM_OWNERS " . join(", ", map { $_->as_nvre } @rpms)
if (@rpms >= 2);
my $install_time = $rpms[0]->tag("INSTALLTIME");
my $st = lstat($options{name}) or die "Couldn't stat $options{name}: $!";
return "MODIFIED " . $rpms[0]->as_nvre if ($st->mtime > $install_time);
return "OWNED_BY_RPM";
}

133
root/sbin/e-smith/audittools/groups-users Normal file
View File

@@ -0,0 +1,133 @@
#!/bin/bash
#------------------------------------------------------------------------
# The purpose of this tool is to verify correct GID and UID of essential
# groups and users of SME and to display all users, groups, ibays set in
# the collaboration panel of server-manager.
#------------------------------------------------------------------------
##admin
a=`id admin`
a1=`id admin -u`
a2=`id admin -g`
a4=`awk -F: '$1=="admin" { print $1,$3 }' /etc/group`
##Test conditions
if [ $a1 = "101" ] && [ $a2 = "101" ]
then
a3="....Good!!!"
else
a3="....Error!!!"
fi
if [[ -n "$a4" ]]; then
a5="....Good!!!"
else
a5="....Error!!!"
fi
##www
b=`id www`
b1=`id www -u`
b2=`id www -g`
b4=`awk -F: '$1=="www" { print $1,$3 }' /etc/group`
##Test conditions
if [ $b1 = "102" ] && [ $b2 = "102" ]
then
b3="....Good!!!"
else
b3="....Error!!!"
fi
if [[ -n "$b4" ]]; then
b5="....Good!!!"
else
b5="....Error!!!"
fi
##apache
c=`id apache`
c1=`id apache -u`
c2=`id apache -g`
c4=`awk -F: '$1=="apache" { print $1,$3 }' /etc/group`
##Test conditions
if [ $c1 = "102" ] && [ $c2 = "102" ]
then
c3="....Good!!!"
else
c3="....Error!!!"
fi
if [[ -n "$c4" ]]; then
c5="....Good!!!"
else
c5="....Error!!!"
fi
##public
d=`id public`
d1=`id public -u`
d2=`id public -g`
d4=`awk -F: '$1=="public" { print $1,$3 }' /etc/group`
##Test conditions
if [ $d1 = "103" ] && [ $d2 = "103" ]
then
d3="....Good!!!"
else
d3="....Error!!!"
fi
if [[ -n "$d4" ]]; then
d5="....Good!!!"
else
d5="....Error!!!"
fi
##smelog
e=`id smelog`
e1=`id smelog -u`
e2=`id smelog -g`
e4=`awk -F: '$1=="smelog" { print $1,$3 }' /etc/group`
##Test conditions
if [ $e1 = "1002" ] && [ $e2 = "1002" ]
then
e3="....Good!!!"
else
e3="....Error!!!"
fi
if [[ -n "$e4" ]]; then
e5="....Good!!!"
else
e5="....Error!!!"
fi
##display uid/gid
echo "* The user/group 'admin' needs a UID/GID of 101 : " $a3
echo $a
echo "* The group 'admin' needs to be written in /etc/group : " $a4 $a5
echo ""
echo "* The user/group 'www' needs a UID/GID of 102 : " $b3
echo $b
echo "* The group 'www' needs to be written in /etc/group : " $b4 $b5
echo ""
echo "* The user/group 'apache' needs a UID/GID of 102 : " $c3
echo $c
echo "* The group 'apache' needs to be written in /etc/group : " $c4 $c5
echo ""
echo "* The user/group 'public' needs a UID/GID of 103 : " $d3
echo $d
echo "* The group 'public' needs to be written in /etc/group : " $d4 $d5
echo ""
echo "* The user/group 'smelog' needs a UID/GID of 1002 : " $e3
echo $e
echo "* The group 'smelog' needs to be written in /etc/group : " $e4 $e5
echo
##display all users of server-manager
echo "* All users created in the server-manager with their UID/GID"
cat /etc/passwd | grep 'users' |sort| sed "s/:/ /g"| sed "s/x/ /g"
echo ""
##display all groups of server-manager
echo "* All groups created in the server-manager with their GID"
awk -F: '$3== '500' || $3 >= '5000' && $3 < '65534' { print $1,$3,$4 }' /etc/group | sort
echo ""
##display all ibays created
echo "* All ibays created in the server-manager with their UID/GID"
cat /etc/passwd | grep 'ibays' |sort | sed "s/:/ /g"| sed "s/x/ /g"| sed "s|/bin/false| |g"

25
root/sbin/e-smith/audittools/logcheck Normal file
View File

@@ -0,0 +1,25 @@
#!/bin/bash
#logcheck [days] [location]
re='^[0-9]+$'
days=2
location=/tmp
# If there is a second arg, use it as the location
if ! [ -z "$2" ]; then
location=$2
fi
# If first arg is a number, then set days.
if ! [ -z "$1" ]; then
if [[ $1 =~ $re ]] ; then
days=$1
else
location=$1
fi;
fi
echo "Log file: $location/log$(date +'%m%d%y')"
find /var/log/ -mtime -$days -print -exec sh -c 'cat "{}" | tai64nlocal | egrep -i "useless|warn|fail|error|disable|remov|unable|exit"' \; > "$location/log$(date +'%m%d%y')" 2>&1
exit 0

13
root/sbin/e-smith/audittools/newrpms Normal file
View File

@@ -0,0 +1,13 @@
#!/bin/bash
#List rpms installed from outside the standard yum repositories
yum list extras \
--disablerepo=* \
--enablerepo=base \
--enablerepo=smeupdates \
--enablerepo=updates \
--enablerepo=smeos \
--enablerepo=smeaddons \
--enablerepo=remi-safe \
| grep -vi gpg-pubkey

75
root/sbin/e-smith/audittools/pseudonyms Normal file
View File

@@ -0,0 +1,75 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2006 Mitel Corporation
# copyright (C) 2006 Gordon Rowell <gordonr@gormand.com.au>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#----------------------------------------------------------------------
use strict;
use warnings;
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open_ro or die "Couldn't open AccountsDB\n";
for my $pseudonym ($adb->pseudonyms)
{
my $account = $pseudonym->prop('Account');
my $key = $pseudonym->key;
if ($key =~ /\@$/)
{
complain($key, "missing domain");
next;
}
unless ($account)
{
complain($key, "no Account property or Account property empty");
next;
}
$account = $adb->get($pseudonym->prop('Account'));
unless ($account)
{
complain($key, "points to account which does not exist");
next;
}
$account = $adb->get($account->prop('Account'))
if ($account->prop('type') eq "pseudonym");
unless ($account)
{
complain($key, "points to pseudonym account which points to account which does not exist");
next;
}
if ($account->prop('type') eq "pseudonym")
{
complain($key, "too many pseudonym levels");
next;
}
}
sub complain
{
my ($key, $warning) = @_;
warn "$key: $warning\n";
print "RUN: db accounts settype $key pseudonym-deleted\n";
}

6
root/sbin/e-smith/audittools/repositories Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
#List status of configured repositories
/sbin/e-smith/db yum_repositories print | sed 's/=.*|status|/: /;s/|.*//'

89
root/sbin/e-smith/audittools/templates Normal file
View File

@@ -0,0 +1,89 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2006 Gordon Rowell <gordonr@gormand.com.au>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#----------------------------------------------------------------------
use strict;
use warnings;
use RPM2;
use File::Find;
use File::Path;
use File::stat;
# Files not owned by RPMs
# Files modified since install by RPM
# Templates from "non-standard" RPMs
# Templates overridden in templates-custom
use RPM2;
my $rpm2 = RPM2->open_rpm_db();
for my $dir ( qw(templates templates-user) )
{
find({ wanted => \&custom_templates }, "/etc/e-smith/$dir-custom");
find({ wanted => \&templates }, "/etc/e-smith/$dir");
}
sub custom_templates
{
return unless -f;
my $template = $File::Find::name;
$template =~ s/-custom//;
my $status = rpm_status(name => $File::Find::name);
print "$File::Find::name: $status, " .
((-e $template) ? "OVERRIDE" : "ADDITION"), "\n";
}
sub templates
{
return unless -f;
my $template = $File::Find::name;
my $status = rpm_status(name => $File::Find::name);
return if ( $status eq "OWNED_BY_RPM");
print "$File::Find::name: $status\n";
}
sub rpm_status
{
my (%options) = @_;
my @rpms = $rpm2->find_by_file($options{name});
return "MANUALLY_ADDED" unless (@rpms);
return "MULTIPLE_RPM_OWNERS " . join(", ", map { $_->as_nvre } @rpms)
if (@rpms >= 2);
my $install_time = $rpms[0]->tag("INSTALLTIME");
my $st = stat($options{name}) or die "Couldn't stat $options{name}: $!";
return "MODIFIED " . $rpms[0]->as_nvre if ($st->mtime > $install_time);
return "OWNED_BY_RPM";
}

48
root/sbin/e-smith/audittools/templates2expand Normal file
View File

@@ -0,0 +1,48 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2006 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#----------------------------------------------------------------------
use strict;
use warnings;
open (FIND, '-|', 'find /etc/e-smith/events/*/templates2expand -type f')
or die "Couldn't call find\n";
my %t2e;
my %e2t;
while ( <FIND> )
{
if ( m:/etc/e-smith/events/(.*)/templates2expand(.*): )
{
push @{$t2e{$2}}, $1;
push @{$e2t{$1}}, $2;
}
}
for (sort keys %t2e)
{
print "$_\n\t" . join("\n\t", @{$t2e{$_}}) . "\n";
}
for (sort keys %e2t)
{
print "$_\n\t" . join("\n\t", @{$e2t{$_}}) . "\n";
}

81
root/sbin/e-smith/audittools/users2domains Normal file
View File

@@ -0,0 +1,81 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation
# Copyright (C) 2006 Gordon Rowell <gordonr@gormand.com.au>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#----------------------------------------------------------------------
use strict;
use esmith::AccountsDB;
use User::pwent;
use File::Find;
use Mail::Header;
use constant VERBOSE => 0;
my %delivered2;
my $adb = esmith::AccountsDB->open;
die "Couldn't open AccountsDB\n" unless $adb;
my @users = ('admin', map { $_->key } $adb->users);
foreach my $user ( @users )
{
my $pwent = getpwnam($user)
or die "Couldn't get password entry for $user\n";
find({ wanted => \&wanted}, $pwent->dir . "/Maildir");
}
for my $key (sort keys %delivered2)
{
print "$key: $delivered2{$key}\n";
}
sub wanted
{
return unless -f;
my $name = $File::Find::name;
unless ($name =~ /(\d+\.\S+)/)
{
warn "Unknown filename $name\n" if VERBOSE;
return;
}
$name = $1;
open (FILE, $name) or die "Couldn't open $name\n";
my $header = new Mail::Header \*FILE;
unless ($header)
{
warn "Couldn't create Mail::Header object";
next;
}
for ($header->get("Delivered-To"))
{
chomp;
next if /^alias-localdelivery/;
$delivered2{lc($_)}++;
}
}

61
root/sbin/e-smith/audittools/virtualdomains2pseudonyms Normal file
View File

@@ -0,0 +1,61 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2006 Gordon Rowell <gordonr@gormand.com.au>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#----------------------------------------------------------------------
use strict;
use warnings;
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open or die "Couldn't open AccountsDB\n";
use constant VIRTUALDOMAINS => "/var/qmail/control/virtualdomains";
open VIRTUALS, VIRTUALDOMAINS or die "Couldn't open virtualdomains\n";
for ( <VIRTUALS> )
{
next unless (/(.*@.*):\s*(\S+)\s*/);
my ($pseudo, $target) = ($1, $2);
my $entry = $adb->get($pseudo);
if ($entry)
{
my $account = $entry->prop("Account");
if (not $account)
{
warn "$pseudo Account property missing or null\n";
next;
}
if ($account ne $target)
{
warn "$pseudo=>$account, but virtualdomains=>$target \n";
next;
}
warn "$pseudo exists\n";
next;
}
print "RUN: db accounts set $pseudo pseudonym Account $target\n";
}