Listing 1: The verify script
#!/bin/ksh
########################################################################
#
# FILE NAME: verify
#
# DESCRIPTION :
# This file contains both the data and ksh-script code needed
# to discover significant deltas between the current
# system configuration and the predetermined baseline:
# DEVELOPMENT CONFIGURATION LOAD A
#
# ASSUMPTIONS:
# Script designed to run on any DEC 5000 ULTRIX class machine.
########################################################################
#
#
# USAGE:
# verify [-v]
# v: verbose
# Normal output is only of items not in baseline.
# Verbose output is status of all items.
#
# NOTES:
# 1) This script requires root privilege to execute properly.
# This can be done effectively for any user by setting the UID
# and GID bits on this file:
# chown root.system verify
# chmod 6755 verify
# 2) Key to special symbols within this script:
# WS: whitespace (space tab)
# FILE_SPEC: absolute path of a file
# [...]: repeat previous expression, with WS if needed.
# 3) ULTRIX 4.2a-specific commands. If the following are modified in
# later ULTRIX releases, then configuration items using these
# commands may need to be modified as well.
# kvar(8)- ULTRIX RISC read kernel variables in memory.
# uerf(8)- ULTRIX error report formatter (system messages).
# setld(8)- ULTRIX system software management utility.
# lmf(8)- ULTRIX product license management utility.
# 4) All data required for this script to run are included in this file.
# 5) This script creates one (1) other temporary file:
# '/tmp/current_setld'.
#
##########################################################################
BASELINE_LOAD="DEVELOPMENT LOAD CONFIGURATION A"
HOST=`/bin/hostname`
KERNEL_FILE="/vmunix"
#SET UP ALIASES TO AVOID PATH HASSLES
#UNIX-SPECIFIC UTILITIES
alias awk=/bin/awk
alias cat=/bin/cat
alias cut=/usr/bin/cut
alias dc=/usr/bin/dc
alias df=/bin/df
alias diff=/bin/diff
alias echo=/bin/echo
alias egrep=/usr/bin/egrep
alias expr=/bin/expr
alias find=/usr/bin/find
alias head=/usr/ucb/head
alias ifconfig=/bin/ifconfig
alias ls=/bin/ls
alias netstat=/usr/ucb/netstat
alias pr=/usr/bin/pr
alias ps=/bin/ps
alias pstat=/etc/pstat
alias sed=/bin/sed
alias sum=/usr/bin/sum
alias tail=/usr/ucb/tail
alias touch=/usr/bin/touch
alias tr=/usr/bin/tr
alias wc=/usr/ucb/wc
alias xargs=/usr/bin/xargs
#ULTRIX-SPECIFIC UTILITIES
alias kvar=/usr/etc/kvar
alias lmf=/etc/lmf
alias setld=/etc/setld
#BSD-SPECIFIC UTILITIES
alias chpt=/bin/chpt
#X11-SPECIFIC UTILITIES
alias xlsfonts=/usr/bin/X11/xlsfonts
#SET UP VERBOSITY: VERBOSE TO STANDARD OUT, DEFAULT TO '/dev/null'.
if [ $# -eq 0 ]; then
OUT='/dev/null'
else
OUT=''
fi
#########################################################################
#########################################################################
################# START CONFIGURATION ITEMS ######################
#########################################################################
#########################################################################
#HARDWARE CONFIGURATION===========================
#=================================================
#DESCRIPTION: TOTAL MBYTES (1024*1024 BYTES) OF RAM.
#DERIVED FROM: uerf(8) and '/usr/adm/syserr/$HOSTNAME' SYSTEM STARTUP FILE.
#FORMAT: MBYTES_RAM
#DATA TYPE: INT
#EXAMPLE: 32
BASELINE_REAL_MEM=32
#DESCRIPTION: PERIPHERALS AND THEIR SCSI IDS (ADDRESS).
#DERIVED FROM: uerf(8) and '/usr/adm/syserr/syserr.$HOST' SYSTEM STARTUP FILE.
#FORMAT: SCSI_ID# WS DEVICE_NAME [...]
#DATA TYPE: INT ALPHANUM
#EXAMPLE: 0 RZ56 3 RX23 5 TZK10
set -A BASELINE_SCSI_DEVICES \
0 RZ56 \
3 RX23 \
5 TZK10
#DESCRIPTION: LIST OF MOUNTED/SWAP DISK PARTITIONS.
#DERIVED FROM: chpt(8) AND '/etc/fstab'
#FORMAT: PARTITION_LETTER WS PARTITION_SIZE WS TYPE [...]
#PARTITION_SIZE IS IN 512-BYTE SECTORS;
#TYPE IS ONE OF FILESYSTEM ("FS") OR "SWAP".
#DATA TYPE: ALPHA INT "fs"|"swap"
#EXAMPLE: a 32768 fs b 380700 swap f 885706 fs
set -A BASELINE_PARTITIONS \
a 32768 fs \
b 380700 swap \
f 885706 fs
#DESCRIPTION: NUMBER OF ACTIVE NFS.
#DERIVED FROM: df(1)
#FORMAT: NUMBER_OF_ACTIVE_NFS
#DATA TYPE: INT
#EXAMPLE: 0
BASELINE_NUM_NFS=0
#DESCRIPTION: NUMBER OF ADDITIONAL LOCAL MOUNTED FILESYSTEMS
#DERIVED FROM: df(1)
#FORMAT: NUMBER_OF_ADDITIONAL_LOCAL_MOUNTED_FILESYSTEMS
#DATA TYPE: INT
#EXAMPLE: 0
BASELINE_NUM_LOCAL_FS=0
#FILE CHECK SUMS=================================
#================================================
#DESCRIPTION: CHECKSUMS OF FILES.
#DERIVED FROM: sum(1)
#FORMAT: FILE_SPEC WHITESPACE CHECKSUM [...]
#EXAMPLE: /vmunix 55947 2660 /usr/bin/Xws 36304 2264
#CHECKSUMS ARE SLOW, KEEP NUMBER TO A MINIMUM.
set -A BASELINE_CHECKSUMS \
/vmunix 55947 2660 \
/usr/bin/Xws 36304 2264
#SYSTEM TABLES===================================
#=================================================
#DESCRIPTION: KERNEL SYSTEM TABLE SIZES.
#DERIVED FROM: pstat(8)
#FORMAT: SYSTEM_TABLE_NAME WS TABLE_SIZE [...]
#DATA TYPE: ALPHA INT
#EXAMPLE: files 264 gnodes 204 processes 96
set -A BASELINE_SYSTEM_TABLE \
files 379 \
gnodes 284 \
processes 160
#KERNEL VARIABLE =================================
#=================================================
#DESCRIPTION: ULTRIX KERNEL VARIABLES
#DERIVED FROM: kvar(8)
#FORMAT: FIELD_NAME WS FIELD_VALUE WS KERNEL_VAR WS FIELD_OFFSET [...]
#FIELD_NAME= NAME WRITTEN TO STD-OUT; GOOD IDEA TO MAKE SAME AS '*.h' FILES.
#VARIABLE_NAME= ACTUAL KERNEL VARIABLE THAT CONTAINS THE FIELD_NAME.
#FIELD_OFFSET= THE LOCATION OF THE FIELD_NAME WITHIN THE KERNEL_VAR.
#DATA TYPE: ALPHA INT ALPHA INT
#EXAMPLE: SEMMAP 60 seminfo 0 SEMMNI 30 seminfo 4
set -A BASELINE_KERNEL_VARIABLES \
SEMMAP 30 seminfo 0 \
SEMMNI 30 seminfo 4 \
SEMMNS 180 seminfo 8 \
SEMMNU 60 seminfo 12 \
SMMNI 100 sminfo 8 \
SMSEG 12 sminfo 12 \
MSGMAP 300 msginfo 0 \
MSGMNI 50 msginfo 12 \
MSGTQL 200 msginfo 20 \
MSGTQL 200 msginfo 20 \
LOTSFREE 1953 lotsfree 0 \
DESFREE 472 desfree 0 \
MINFREE 244 minfree 0
#NETWORK ROUTING AND I/Fs=========================
#=================================================
#DESCRIPTION: NETWORK IDENTIFICATION AND ROUTING INFO
#DERIVED FROM: netstat(1)
#FORMAT: DESTINATION WS GATEWAY WS INTERFACE [...]
#DATA TYPE: NETWORK_IP_ADDRESS HOSTNAME INTERFACE_NAME
#EXAMPLE: 127.158 my_hostname ln0
#CAN ALSO USE INFO FROM '/etc/rc' OR '/etc/rc.local' IF YOU
#NEED MORE PORTABILITY.
LN0_DESTINATION=127.158; LN0_GATEWAY=$HOST
LN1_DESTINATION=127.157; LN1_GATEWAY=${HOST}P
set -A BASELINE_ROUTES \
$LN0_DESTINATION $LN0_GATEWAY ln0 \
$LN1_DESTINATION $LN1_GATEWAY ln1
#X11 CONFIG=========================================
#=================================================
#DESCRIPTION: LOCAL FONTS.
#DERIVED FROM: xlsfonts(1X)
#FORMAT: PRIVATE_FONT_NAME NUMBER_FONTS [...]
#DATA TYPE: ALPHANUM INT
#EXAMPLE: 'space*' 4 8x13 1
#NOTE: TO SPECIFY A FAMILY OF FONTS, USE WILDCARDS (AS DESCRIBED
#IN xlsfonts(1X)) ENCLOSED IN SINGLE QUOTES.
set -A BASELINE_PRIVATE_FONTS \
'space*' 8 \
8x13 1
#APPLICATION PROGRAM LICENSING INFO===============
#=================================================
#DESCRIPTION: SL-GMS LICENSING INFO.
#DERIVED FROM: './gms/c*' './gms/lib/keys' and './gms/tsn'
#FORMAT: VALUE
#DATA TYPE: ALPHANUM
#EXAMPLE: D4361932
BASELINE_GMS_VERSION=4.03
BASELINE_GMS_KEY=123456
BASELINE_GMS_TSN=1234
#DESCRIPTION: RS1 LICENSE INFO.
#DERIVED FROM: '/usr/rs1/license.dat'
#FORMAT: TEXT OF LICENSE WITH IMBEDDED QUOTES ESCAPED (E.G. \").
#DATA TYPE: ALPHANUM
#EXAMPLE: "SERVER DEMO DEMO \"Dcs\""
#THE FOLLOWING IS THE GENERIC RS/1 LICENSE.
BASELINE_RS1_LICENSE="SERVER DEMO DEMO
2222 DAEMON bbnsp bbnsp
FEATURE Rsr bbnsp 100.000 11-JAN-2009 0 zcsq0s1uz4xaw5a \"Dcs\" DEMO"
#DESCRIPTION: OPERATING SYSTEM USER LICENSE INFO.
#DERIVED FROM: lmf(8)
#FORMAT: SIZE (LICENSED NUMBER OF USERS) FOR ULTRIX
#DATA TYPE: INT
#EXAMPLE: 8
BASELINE_ULTRIX_LICENSE=8
#VENDOR OPERATING SYSTEM SW CONFIG================
#=================================================
#DESCRIPTION: LIST OF INSTALLED ULTRIX SYSTEM SOFTWARE SUBSETS.
#DERIVED FROM: setld(8)
#FORMAT: SUBSET_NAME WS [...]
#DATA TYPE: ALPHANUM
#EXAMPLE: COMU4BACKEND205 DXMMRM110
set -A BASELINE_SETLD \
COMU4BACKEND205 DXMMRM110 DXMMWM110 DXMX11110 DXMXM110 SPREXE300 \
SPRMAN300 UDTAFM420 UDTBASE420 UDTBASE425 UDTBIN420 UDTBIN425 \
UDTCOMM420 UDTCOMM425 UDTDCMT420 UDTEXER420 UDTEXER425 UDTINET420 \
UDTINET425 UDTMAN420 UDTMAN425 UDTMANPGMR420 UDTMANPGMR425 UDTNFS420 \
UDTNFS425 UDTPGMR420 UDTPGMR425 UDTPRINT420 UDTPRINT425 UDTSEC420 \
UDTSEC425 UDTUMAIL420 UDWDECW420 UDWFONT420 UDWMAN420 UDWMAN425 \
UDWSER425 UDWX11420 UDWX11425 UDWXDEV420 UDWXDEV425 UDXINET420 \
UDXMAN420 UDXUNFONTS420 UDXUNMAN420 UDXUNMIT420 UWSPAT40263S421
#FILES AND FILE PERMISSIONS=======================
#=================================================
#DESCRIPTION: FILE PERMISSIONS
#DERIVED FROM: find(1)
#FORMAT: FILE_NAME WS FILE_PERMISSION [...]
#DATA TYPE: FILE_SPEC OCTAL_FILE_PERMISSION
#EXAMPLE: /dev/mem 644 /user/test 6755
set -A BASELINE_FILE_PERM \
$KERNEL_FILE 755 \
/dev/mem 644 \
/dev/kmem 644 \
/dev/rrz0c 644 \
/dev/tty00 666 \
/dev/tty01 666
#DESCRIPTION: LIST OF FILES ADDED TO SYSTEM.
#DERIVED FROM: test(1)
#FORMAT: FILE_NAME WS [...]
#DATA TYPE: FILE_SPEC
#EXAMPLE: /usr/users
set -A SITE_ADDED_FILES \
/usr/users /luser /bin/ksh /etc/ttys.new
#DESCRIPTION: LIST OF FILES STRIPPED FROM SYSTEM
#DERIVED FROM: test(1)
#FORMAT: FILE_NAME WS [...]
#DATA TYPE: FILE_SPEC
#EXAMPLE: /usr/sys/MIPS
set -A SITE_STRIPPED_FILES \
/usr/sys/MIPS /usr/lib/DPS
#MISC USER INFO===================================
#=================================================
#DESCRIPTION: LIST OF REQUIRED USERS AND GROUPS
#DERIVED FROM: '/etc/passwd', '/etc/group'
#FORMAT: NAME WS [...]
#DATA TYPE: ALPHANUM
#EXAMPLE: testguy1 testguy2
set -A BASELINE_USERS \
test1
set -A BASELINE_GROUPS \
test1
#DESCRIPTION: ROOT UMASK
#DERIVED FROM: '/.profile'
#FORMAT: UMASK
#DATA TYPE: OCTAL_UMASK
#EXAMPLE: 022
BASELINE_ROOT_UMASK=002
#PROCESS INFO======================================
#==================================================
#DESCRIPTION: PROCESSES THAT SHOULD_NOT/SHOULD BE RUNNING
#DERIVED FROM: ps(1)
#FORMAT: PROCESS_NAME WS [...]
#DATA TYPE: ALPHANUM
#EXAMPLE: portmap biod ypbind
set -A NON_BASELINE_PROCESSES \
portmap biod ypbind sendmail timed routed
set -A BASELINE_PROCESSES \
syslog cron lpd elcsd inetd snmpd
#########################################################################
#########################################################################
################# END CONFIGURATION ITEMS ######################
#########################################################################
#########################################################################
#SET UP COMMONLY USED VARIABLES
DF=`df`
set -A PSTAT `pstat -T`
CHPT=`chpt -q /dev/rrz0c|tail -8|awk '{print $1,$4}'`
DISPLAY=${HOST}:0.0
PS=`ps -aux`
NETSTAT=`netstat -r`
echo "===================================================================&quo;
date
echo "Configuration verification for: ${HOST}"
echo "Checked against system baseline load: $BASELINE_LOAD."
echo "===================================================================&quo;
echo " "
#=========================HARDWARECONFIGURATION==========================
#=========================================================================
echo "--- Hardware Configuration ---" 1>$OUT
#THE FOLLOWING HARDWARE CHECKS UTILIZE THE ULTRIX SYSTEM EVENT LOGGER,
#WHICH AMONG OTHER THINGS, RECORDS SYSTEM HARDWARE CONFIG UPON STARTUP.
#THESE EVENTS ARE WRITTEN TO AN EVENT FILE, WITH THE EVENT REPORT FORMATTER
#uerf(8) USES. BECAUSE THE EVENT REPORTER IS SLOW (12X SLOWER THAN THE
#METHOD USED HERE), THE EVENT FILE IS MANUALLY SEARCHED FOR THE MOSTRECENT
#SYSTEM STARTUP, AND THAT LINE NUMBER IS RECORDED. THEN THE HARDWARE
CONFIG
#INFO CONTAINED IN THE EVENT FILE AT THAT LINE NUMBER IS CUT OUT.
#CHECK RAM SIZE SYS_EVENT_FILE=/usr/adm/syserr/syserr.${HOST}
LAST_STARTUP=`egrep -n 'System #[0-9]' $SYS_EVENT_FILE|tail -1|cut -f1 -d:`
STARTUP_INFO=`tail +$LAST_STARTUP $SYS_EVENT_FILE|head -30`
REAL_MEM=`expr "$STARTUP_INFO" : '.*real mem =\([ 0-9]*\)'`
((REAL_MEM=REAL_MEM/1024/1024))
if [ $REAL_MEM -eq $BASELINE_REAL_MEM ]; then
echo "Baseline amount of RAM ($REAL_MEM)MB installed." 1>$OUT
else
echo -n "???????> Amount of RAM ($REAL_MEM)MB installed "
echo "NOT baseline ($BASELINE_REAL_MEM)MB."
fi
#CHECK ACTIVE SCSI DRIVES FOR BASELINE DRIVES.
#NOTE MUST HAVE LEADING BLANK IS REQUIRED FOR expr TO WORK.
set -A SCSI_DEVICES " "`expr "$STARTUP_INFO"|egrep "at asc0" \
|cut -f1,6 -d' '|sed 's/[()]//g;s/[a-z][a-z]\([0-7]\)/\1/g'`
ARRAY_ELEMENT=0
#WHILE ARRAY_ELEMENT IS LESS THAN SIZE OF ARRAY...
while [ $ARRAY_ELEMENT -lt ${#BASELINE_SCSI_DEVICES[*]} ]; do
BASELINE_ID=${BASELINE_SCSI_DEVICES[$ARRAY_ELEMENT]}
BASELINE_NAME=${BASELINE_SCSI_DEVICES[$ARRAY_ELEMENT + 1]}
NAME=`expr "${SCSI_DEVICES[*]}" : ".* $BASELINE_ID \([a-zA-Z0-9]*\)"\
\| CANT_FIND`
if [ $BASELINE_NAME = $NAME ]; then
echo -n "Baseline device ($BASELINE_NAME) " 1>$OUT
echo "at SCSI ($BASELINE_ID)." 1>$OUT
set -A SCSI_DEVICES " "`echo ${SCSI_DEVICES[*]} \
|sed "s/$BASELINE_ID $BASELINE_NAME//"`
else
echo -n "???????> Can't find baseline device ($BASELINE_NAME) "
echo "at SCSI ($BASELINE_ID)."
fi
((ARRAY_ELEMENT=ARRAY_ELEMENT+2))
done
#REPORT NON_BASELINE SCSI DRIVES.
set -A SCSI_DEVICES `echo ${SCSI_DEVICES[*]}`
ARRAY_ELEMENT=0
#IF LENGTH OF ARRAY IS GREATER THAN 1...
if [ ${#SCSI_DEVICES[*]} -gt 1 ]; then
#WHILE ARRAY_ELEMENT IS LESS THAN SIZE OF ARRAY...
while [ $ARRAY_ELEMENT -lt ${#SCSI_DEVICES[*]} ]; do
ID=${SCSI_DEVICES[$ARRAY_ELEMENT]}
NAME=${SCSI_DEVICES[$ARRAY_ELEMENT + 1]}
echo "???????> Device ($NAME) at SCSI ($ID) not in baseline."
((ARRAY_ELEMENT=ARRAY_ELEMENT+2))
done
fi
#CHECK FOR SECOND ETHERNET I/F (LN1).
#IF THE STRING 'ln1' APPEARS IN THE EVENTFILE....
if [ `expr "$STARTUP_INFO" : '.*ln1'` -gt 0 ]; then
echo "Baseline (ln1) I/F HW installed." 1>$OUT
else
echo "???????> (ln1) I/F HW not installed."
fi
#===========================DISK CONFIGURATION ==========================
#========================================================================
echo "" 1>$OUT
echo "--- Disk Configuration ---" 1>$OUT
#CHECK PARTITIONING OF BOOT DISK
#THIS ALGORITHM RELIES ON THE FACT THAT THE SYSTEM EVENTFILE LISTS
#ACTIVE SCSI DEVICES IN NUMERICAL ORDER, 0-7.
set -A PARTITIONS `expr "$DF"|egrep /dev/rz0|cut -c9`
ARRAY_ELEMENT=0
#WHILE ARRAY_ELEMENT IS LESS THAN SIZE OF ARRAY...
while [ $ARRAY_ELEMENT -lt ${#BASELINE_PARTITIONS[*]} ]; do
BASELINE_PART_NAME=${BASELINE_PARTITIONS[$ARRAY_ELEMENT]}
BASELINE_PART_SIZE=${BASELINE_PARTITIONS[$ARRAY_ELEMENT + 1]}
BASELINE_PART_TYPE=${BASELINE_PARTITIONS[$ARRAY_ELEMENT + 2]}
PART_NAME=`expr "${PARTITIONS[*]}":".*\($BASELINE_PART_NAME\)"`
PART_SIZE=`expr "$CHPT" : ".*$BASELINE_PART_NAME \([0-9]*\)"`
#VERIFY THE SIZES OF THE DISK PARTITIONS
if [ $BASELINE_PART_SIZE = $PART_SIZE ]; then
echo -n "Baseline partition '$BASELINE_PART_NAME' " 1>$OUT
echo "size ($BASELINE_PART_SIZE)." 1>$OUT
else
echo -n "???????> Partition '$BASELINE_PART_NAME' size ($PART_SIZE),"
echo " should be ($BASELINE_PART_SIZE)."
fi
#VERIFY PARTITIONS ARE MOUNTED
if [ $BASELINE_PART_TYPE != 'swap' ]; then
if [ $PART_NAME ]; then
echo "Baseline partition '$BASELINE_PART_NAME' mounted." 1>$OUT
set -A PARTITIONS `echo ${PARTITIONS[*]} \
|sed "s/$BASELINE_PART_NAME//"`
else
echo "???????> Partition '$BASELINE_PART_NAME' is not mounted."
fi
else
NUM_SWAP=`expr "${PSTAT[*]}" : '.*text.*[0-9]*/\([0-9]*\)'`
((BASELINE_SWAP=BASELINE_PART_SIZE/200))
if [ $NUM_SWAP -eq $BASELINE_SWAP ]; then
echo "Baseline configured swap ($NUM_SWAP)00K." 1>$OUT
else
echo -n "???????> Configured swap ($NUM_SWAP)00K not baseline "
echo "($BASELINE_SWAP)00K."
fi
fi
((ARRAY_ELEMENT=ARRAY_ELEMENT+3))
done
#REPORT NON_BASELINE MOUNTED FILESYTEMS.
ARRAY_ELEMENT=0
#WHILE ARRAY_ELEMENT IS LESS THAN SIZE OF ARRAY...
while [ $ARRAY_ELEMENT -lt ${#PARTITIONS[*]} ]; do
PART_NAME=${PARTITIONS[$ARRAY_ELEMENT]}
echo "???????> Mounted partition '$PART_NAME' not in baseline."
((ARRAY_ELEMENT=ARRAY_ELEMENT+2))
done
#CHECK FOR MOUNTED NFS
NUM_NFS=`expr "$DF"|egrep -c :`
if [ $NUM_NFS -eq $BASELINE_NUM_NFS ]; then
echo "Baseline ($BASELINE_NUM_NFS) NFS mounted directories." 1>$OUT
else
echo -n "???????> ($NUM_NFS) additional NFS mounted directories, "
echo "should be ($BASELINE_NUM_NFS)."
fi
#CHECK FOR ADDITIONAL LOCAL MOUNTED FILESYSTEMS.
NUM_LOCAL_FS=`expr "$DF"|egrep -c "/dev/rz[1-7]"`
if [ $NUM_LOCAL_FS -eq $BASELINE_NUM_LOCAL_FS ]; then
echo -n "Baseline ($BASELINE_NUM_LOCAL_FS) additional local " 1>$OUT
echo "mounted directories." 1>$OUT
else
echo -n "???????> ($NUM_LOCAL_FS) additional local mounted directories,"
echo " should be ($BASELINE_NUM_LOCAL_FS)."
fi
#===========================KERNEL CONFIGURATION==========================
#=========================================================================
echo " " 1>$OUT
echo "--- Kernel Configuration ---" 1>$OUT
#VERIFY KERNEL IS GLOBALLY READABLE;REQUIRED FOR 'kvar'.
if [ ! -r $KERNEL_FILE ]; then
echo "ERROR>>> Kernel doesn't have READ file permission."
echo "ERROR>>> Exiting."
exit 1
fi
# CHECK KERNEL FOR SECOND NETWORK INTERFACE.
IFCONFIG_LN1=`ifconfig ln1 2>/dev/null`
#IF PREVIOUS COMMAND EXITED SUCCESSFULLY...
if [ ${?} -eq 0 ]; then
echo 'Baseline (ln1) I/F SW in kernel.' 1>$OUT
else
echo '???????> (ln1) I/F SW not in kernel.'
fi
#CHECK SYSTEM TABLE CONTENTS.
ARRAY_ELEMENT=0
#WHILE ARRAY_ELEMENT IS LESS THAN SIZE OF ARRAY...
while [ $ARRAY_ELEMENT -lt ${#BASELINE_SYSTEM_TABLE[*]} ]; do
BASELINE_TABLE_NAME=${BASELINE_SYSTEM_TABLE[$ARRAY_ELEMENT]}
BASELINE_TABLE_SIZE=${BASELINE_SYSTEM_TABLE[$ARRAY_ELEMENT + 1]}
TABLE_SIZE=`expr "${PSTAT[*]}" : ".*/\([ 09]*\)$BASELINE_TABLE_NAME"`
if [ $TABLE_SIZE -eq $BASELINE_TABLE_SIZE ]; then
echo -n "Baseline system table '${BASELINE_TABLE_NAME}' " 1>$OUT
echo "size (${BASELINE_TABLE_SIZE})." 1>$OUT
else
echo -n "???????> System table '${BASELINE_TABLE_NAME}' "
echo "size (${TABLE_SIZE}), should be (${BASELINE_TABLE_SIZE})."
fi
((ARRAY_ELEMENT=ARRAY_ELEMENT+2))
done
#CHECK KERNEL VARIABLES
#FUNCTION TO CONVERT THE THIRD kvar(8) ARGUMENT HEX TO DECIMAL.
function KVARXTOI {
#CONVERT ALL CHAR TO UPPERCASE (REQUIRED BY dc)
typeset -u HEX_VAL=`echo $3 | cut -dx -f2`
#CONVERT HEX TO DEC
echo "16 i $HEX_VAL p"|dc
}
ARRAY_ELEMENT=0
#WHILE ARRAY_ELEMENT IS LESS THAN SIZE OF ARRAY...
while [ $ARRAY_ELEMENT -lt ${#BASELINE_KERNEL_VARIABLES[*]} ]; do
BASELINE_FIELD_NAME=${BASELINE_KERNEL_VARIABLES[$ARRAY_ELEMENT]}
BASELINE_VAR_SIZE=${BASELINE_KERNEL_VARIABLES[$ARRAY_ELEMENT + 1]}
BASELINE_VAR_NAME=${BASELINE_KERNEL_VARIABLES[$ARRAY_ELEMENT + 2]}
BASELINE_FIELD_OFFSET=${BASELINE_KERNEL_VARIABLES[$ARRAY_ELEMENT + 3]}
VAR_SIZE=`kvar -k -s $BASELINE_VAR_NAME -rw -o \
$BASELINE_FIELD_OFFSET $KERNEL_FILE`
VAR_SIZE=`KVARXTOI $VAR_SIZE`
if [ $VAR_SIZE -eq $BASELINE_VAR_SIZE ]; then
echo -n "Baseline kernel variable '$BASELINE_FIELD_NAME' " 1>$OUT
echo "size ($BASELINE_VAR_SIZE)." 1>$OUT
else
echo -n "???????> Kernel variable ($BASELINE_FIELD_NAME) "
echo "size (${VAR_SIZE}), should be ($BASELINE_VAR_SIZE)."
fi
((ARRAY_ELEMENT=ARRAY_ELEMENT+4))
done
#===========================NETWORK ROUTING ==============================
#=========================================================================
echo " " 1>$OUT
echo "--- Network Routes ---" 1>$OUT
#CHECK ACTIVE ROUTES.
#GET DESTINATION ($1), GATEWAY ($2), AND INTERFACE ($6) FROM NETSTAT.
set -A ALL_ROUTES " "`expr "$NETSTAT"|egrep -e 'ln[01]' \
|awk '{print $1,$2,$6}'`
ARRAY_ELEMENT=0
#WHILE ARRAY_ELEMENT IS LESS THAN SIZE OF ARRAY...
while [ $ARRAY_ELEMENT -lt ${#BASELINE_ROUTES[*]} ]; do
BASELINE_DEST=${BASELINE_ROUTES[$ARRAY_ELEMENT]}
BASELINE_GATEWAY=${BASELINE_ROUTES[$ARRAY_ELEMENT + 1]}
BASELINE_IF=${BASELINE_ROUTES[$ARRAY_ELEMENT + 2]}
ROUTE="$BASELINE_DEST $BASELINE_GATEWAY $BASELINE_IF"
#IF THIS ONE ROUTE IS IN LIST OF ALL ROUTES...
if [ `expr "${ALL_ROUTES[*]}" : ".*$ROUTE"` -gt 0 ]; then
echo -n "Baseline route [$BASELINE_DEST <- $BASELINE_GATEWAY]" 1>$OUT
echo " on ($BASELINE_IF)." 1>$OUT
set -A ALL_ROUTES " "`echo ${ALL_ROUTES[*]} \
|sed "s/$BASELINE_DEST $BASELINE_GATEWAY $BASELINE_IF//"`
else
echo -n "???????> Cant find baseline route "
echo "[$BASELINE_DEST <- $BASELINE_GATEWAY] on ($BASELINE_IF)."
fi
((ARRAY_ELEMENT=ARRAY_ELEMENT+3))
done
#REPORT NON_BASELINE ROUTES.
ARRAY_ELEMENT=0
#IF ARRAY LENGTH IS GREATER THAN 1...
#YOU MAY WANT TO LIMIT THIS IF NUMBER OF NON-BASELINE ROUTES IS TOO LARGE.
if [ ${#ALL_ROUTES[*]} -gt 1 ]; then
#WHILE ARRAY_ELEMENT IS LESS THAN SIZE OF ARRAY...
while [ $ARRAY_ELEMENT -lt ${#ALL_ROUTES[*]} ]; do
BASELINE_DEST=${ALL_ROUTES[$ARRAY_ELEMENT]}
BASELINE_GATEWAY=${ALL_ROUTES[$ARRAY_ELEMENT + 1]}
BASELINE_IF=${ALL_ROUTES[$ARRAY_ELEMENT + 2]}
echo -n "???????> Route [$BASELINE_DEST <- $BASELINE_GATEWAY] "
echo "on ($BASELINE_IF) not in baseline."
((ARRAY_ELEMENT=ARRAY_ELEMENT+3))
done
fi
#=========================SIGNIFICANT PROCESSES ==========================
#=========================================================================
echo "" 1>$OUT
echo "--- Significant Running Processes ---" 1>$OUT
#CHECK FOR OUT OF BASELINE PROCESSES
#FOR EACH PROCESS IN LIST OF PROCESS...
for PROCESS in ${NON_BASELINE_PROCESSES[*]}; do
if [ `expr "$PS" : ".*$PROCESS"` -eq 0 ]; then
echo "Baseline '$PROCESS' is not running." 1>$OUT
else
echo "???????> non-baseline '$PROCESS' is running."
fi
done
#CHECK FOR NON_EXISTENT BASELINE PROCESSES
for PROCESS in ${BASELINE_PROCESSES[*]}; do
if [ `expr "$PS" : ".*$PROCESS"` -gt 0 ]; then
echo "Baseline '$PROCESS' is running." 1>$OUT
else
echo "???????> baseline '$PROCESS' is not running."
fi
done
#=====================CHECK APPLICATION CONFIGURATION=============
#==========================================================
echo "" 1>$OUT
echo "--- Applications Installation and Licensing ---" 1>$OUT
# CHECK VADS INSTALLATION
if [ ! -s /usr/VADS ]; then
echo "Baseline 'VADS' not installed." 1>$OUT
else
echo "???????> Non-baseline 'VADS' installed."
fi
# CHECK SL-GMS INSTALLATION AND LICENSING
if [ -s /usr/gms ]; then
#CHECK REVISION OF SL-GMS
if [ -s /usr/gms/$BASELINE_GMS_VERSION ]; then
echo "Baseline 'SL-GMS' version ($BASELINE_GMS_VERSION)." 1>$OUT
else
echo "???????> 'SL-GMS' version not ($BASELINE_GMS_VERSION)."
fi
#CHECK SL-GMS LICENSE IS CORRECT
GMS_KEY=`cat /usr/gms/lib/KEYS|tail -1|sed 's, ,,g'`
if [ $BASELINE_GMS_KEY = $GMS_KEY ]; then
echo "Baseline 'SL-GMS' key ($GMS_KEY)." 1>$OUT
else
echo -n "???????> 'SL-GMS' key ($GMS_KEY) is not "
echo "the baseline ($BASELINE_GMS_KEY)."
fi
#CHECK SL-GMS TSN CORRECT.
GMS_TSN=`cat /usr/gms/TSN|tail -1|cut -f1 -d'>'|sed 's,[ <],,g'`
if [ $BASELINE_GMS_TSN = $GMS_TSN ]; then
echo "Baseline 'SL-GMS' TSN ($GMS_TSN)." 1>$OUT
else
echo -n "???????> 'SL-GMS' TSN ($GMS_TSN) is not "
echo "the baseline ($BASELINE_GMS_TSN)."
fi
else
echo "???????> 'SL-GMS' not Installed."
fi
# CHECK RS/1 INSTALLATION
if [ -s /usr/rs1 ]; then
echo "Baseline 'RS/1' installed." 1>$OUT
#STRIP ALL NON-ESSENTIAL WHITESPACE FROM VARIABLE JUST IN CASE...
BASELINE_RS1_LICENSE=`echo $BASELINE_RS1_LICENSE|tr '\012\040\011' `
#STRIP ALL NON-ESSENTIAL WHITESPACE FROM FILE.
RS1_LICENSE=`cat /usr/rs1/license.dat|tr '\012\040\011' `
if [ $BASELINE_RS1_LICENSE = $RS1_LICENSE ]; then
echo "Baseline 'RS/1' runtime license." 1>$OUT
else
echo "???????> 'RS/1' baseline license not installed."
fi
else
echo "???????> 'RS/1' not Installed"
fi
#CHECK OPERATING SYSTEM LICENSING
ULTRIX_LICENSE=`lmf list 2>/dev/null |egrep ULTRIX|awk '{print $3}'`
#IF VARIABLE IS SET...
if [ ${ULTRIX_LICENSE:=0} -eq $BASELINE_ULTRIX_LICENSE ]; then
echo "Baseline 'ULTRIX' license ($ULTRIX_LICENSE user)." 1>$OUT
else
echo -n "???????> 'ULTRIX' license ($ULTRIX_LICENSE user), "
echo "should be ($BASELINE_ULTRIX_LICENSE user)."
fi
#CHECK EMULEX INSTALLATION
if [ -s /usr/emlx/bin/rprint ]; then
echo "Baseline 'Emulex' installed." 1>$OUT
else
echo "???????> 'Emulex' not installed."
fi
#=====================CHECK FILE INFO======================
#==========================================================
echo "" 1>$OUT
echo "--- File Status ---" 1>$OUT
#CHECK BASELINE FILE PERMISSIONS
ARRAY_ELEMENT=0
#WHILE ARRAY_ELEMENT IS LESS THAN SIZE OF ARRAY...
while [ $ARRAY_ELEMENT -lt ${#BASELINE_FILE_PERM[*]} ]; do
BASELINE_NAME=${BASELINE_FILE_PERM[$ARRAY_ELEMENT]}
BASELINE_PERM=${BASELINE_FILE_PERM[$ARRAY_ELEMENT + 1]}
if [ -a $BASELINE_NAME ]; then
#IF FILE PERM IS OK, THEN ECHO 0 (ZERO)...
PERM_OK=`find $BASELINE_NAME -perm $BASELINE_PERM -exec echo 0 \;`
#IF VARIABLE IS SET...
if [ ${PERM_OK:=1} -eq 0 ]; then
echo -n "Baseline '$BASELINE_NAME' " 1>$OUT
echo "file permission ($BASELINE_PERM)." 1>$OUT
else
echo -n "???????> '$BASELINE_NAME' file permissions "
echo "should be ($BASELINE_PERM)."
fi
else
echo "???????> '$BASELINE_NAME' not found."
fi
((ARRAY_ELEMENT=ARRAY_ELEMENT+2))
done
# CHECK DIRECTORIES EXPECTED TO EXIST
#FOR EACH FILE IN LIST OF FILES...
for FILE in ${SITE_ADDED_FILES[*]}; do
if [ -s $FILE ]; then
echo "Baseline '$FILE' exists." 1>$OUT
else
echo "???????> '$FILE' does not exist."
fi
done
# CHECK DIRECTORIES EXPECTED TO BE STRIPPED.
for FILE in ${SITE_STRIPPED_FILES[*]}; do
if [ ! -s $FILE ]; then
echo "Baseline '$FILE' stripped." 1>$OUT
else
echo "???????> '$FILE' not stripped."
fi
done
#=====================CHECK MISC USER INFO=================
#==========================================================
#CHECK USER INFO
echo "" 1>$OUT
echo "--- User Info ---" 1>$OUT
#FOR EACH USER IN LIST OF USERS...
for USER in ${BASELINE_USERS[*]}; do
#IF USER HAS AT LEAST ONE LINE IN FILE...
if [ `egrep -c $USER /etc/passwd` -gt 0 ]; then
echo "Baseline '$USER' found in /etc/passwd." 1>$OUT
else
echo "???????> User '$USER' not found in /etc/passwd."
fi
done
for GROUP in ${BASELINE_GROUPS[*]}; do
#IF USER HAS AT LEAST ONE LINE IN FILE...
if [ `egrep -c $GROUP /etc/group` -gt 0 ]; then
echo "Baseline '$GROUP' found in /etc/group." 1>$OUT
else
echo "???????> Group '$GROUP' not found in /etc/group."
fi
done
#CHECK ROOT UMASK
ROOT_UMASK=`egrep umask /.profile|cut -f2 -d' '`
#IF VARIABLE IS SET (DEFAULT IS 022)...
if [ ${ROOT_UMASK:=022} -eq $BASELINE_ROOT_UMASK ]; then
echo "Baseline root umask ($ROOT_UMASK)." 1>$OUT
else
echo -n "???????> Root umask ($ROOT_UMASK), "
echo "should be ($BASELINE_ROOT_UMASK)."
fi
#CHECK /etc/rc.local FOR ASSORTED CONFIGURATION ITEMS.
if [ `egrep -c '.*#.*/SITE_SPECIFIC_COMMAND_FILE' /etc/rc.local` -eq 0 ]; then
if [ `egrep -c '.*#.*/etc/ifconfig ln' /etc/rc.local` -eq 0 ]; then
echo "Baseline /etc/rc.local likely." 1>$OUT
else
echo "???????> /etc/rc.local lacks 2 active Ethernet I/Fs."
fi
else
echo "???????> /etc/rc.local lacks SITE_SPECIFIC_COMMAND_FILE. "
fi
#=================CHECK X11 INFO==========================================
#=========================================================================
echo "" 1>$OUT
echo "--- X11 Info ---" 1>$OUT
# CHECK THE PRIVATE FONTS.
# NOTE: THE X SERVER MUST BE UNLOCKED TO DO THIS.
#IF STRING APPEARS IN VARIABLE...
if [ `expr "$PS" : '.*Xprompter'` -gt 0 ]; then
echo "ERROR>>> Cannot check fonts while console is locked."
else
ARRAY_ELEMENT=0
#WHILE ARRAY_ELEMENT IS LESS THAN SIZE OF ARRAY...
while [ $ARRAY_ELEMENT -lt ${#BASELINE_PRIVATE_FONTS[*]} ]; do
BASELINE_FONT=${BASELINE_PRIVATE_FONTS[$ARRAY_ELEMENT]}
BASELINE_NUM_FONT=${BASELINE_PRIVATE_FONTS[$ARRAY_ELEMENT + 1]}
set -A NUM_FONT \
`xlsfonts -display $DISPLAY -fn "$BASELINE_FONT" 2>/dev/null`
if [ ${#NUM_FONT[*]} -eq $BASELINE_NUM_FONT ]; then
echo -n "Baseline number of '$BASELINE_FONT' " 1>$OUT
echo "fonts ($BASELINE_NUM_FONT). " 1>$OUT
else
echo -n "???????> Number of '$BASELINE_FONT' fonts "
echo "(${#NUM_FONT[*]}), should be ($BASELINE_NUM_FONT)."
fi
((ARRAY_ELEMENT=ARRAY_ELEMENT+2))
done
fi
#REPORT NON_BASELINE PRIVATE_FONTS.
#--------NOT IMPLEMENTED---------
#=========================CHECK OPERATING SYSTEMSOFTWARE=================
#=========================================================================
echo "" 1>$OUT
echo "--- ULTRIX Subset Configuration ---" 1>$OUT
INSTALLED_SUBSETS='/tmp/installed_subsets'
setld -i|egrep installed|cut -f1 -d' ' > $INSTALLED_SUBSETS
#USE 'tr(1)' TO REPLACE SPACES WITH CR SO THAT 'diff(1)' CAN COMPARE LINES.
MISSING_SUBSETS=`echo ${BASELINE_SETLD[*]}|tr '\040' '\012' \
|diff - $INSTALLED_SUBSETS |egrep '<'|sed 's,< ,,'`
EXTRA_SUBSETS=`echo ${BASELINE_SETLD[*]}|tr '\040' '\012' \
|diff - $INSTALLED_SUBSETS |egrep '>'|sed 's,> ,,'`
if [ ${#MISSING_SUBSETS} -eq 0 ]; then
echo "Baseline no missing subsets." 1>$OUT
else
echo "???????> Missing subsets: " $MISSING_SUBSETS
fi
if [ ${#EXTRA_SUBSETS} -eq 0 ]; then
echo "Baseline no additional subsets." 1>$OUT
else
echo "???????> Extra subsets: " $EXTRA_SUBSETS
fi
rm -f $INSTALLED_SUBSETS
#===========================FILE CHECKSUMS================================
#=========================================================================
echo "" 1>$OUT
echo "--- File Checksums ---" 1>$OUT
ARRAY_ELEMENT=0
while [ $ARRAY_ELEMENT -lt ${#BASELINE_CHECKSUMS[*]} ]; do
FILENAME=${BASELINE_CHECKSUMS[$ARRAY_ELEMENT]}
if [[ ! -f $FILENAME ]]; then
echo "???????> '$FILENAME' - can't find."
((ARRAY_ELEMENT=ARRAY_ELEMENT+3))
continue
fi
BASELINE_SUM=${BASELINE_CHECKSUMS[$ARRAY_ELEMENT + 1]}
BASELINE_BLOCK=${BASELINE_CHECKSUMS[$ARRAY_ELEMENT + 2]}
set -A CHECKSUM `sum $FILENAME`
SUM=${CHECKSUM[0]}
BLOCK=${CHECKSUM[1]}
if [ $BASELINE_SUM -eq $SUM -a $BASELINE_BLOCK -eq $BLOCK ]; then
echo "Baseline '$FILENAME' checksum." 1>$out
else
echo "???????> '$FILENAME' checksum not matched."
fi
((ARRAY_ELEMENT=ARRAY_ELEMENT+3))
done
echo "" 1>$OUT
echo done. 1>$OUT
exit 0
|