version 1.7, 2002/09/09 15:04:48
|
version 1.19, 2004/09/01 16:28:26
|
Line 1
|
Line 1
|
#!/usr/bin/perl |
#!/usr/bin/perl -w |
|
# |
|
# The LearningOnline Network with CAPA |
|
# |
|
# $Id$ |
|
# |
|
# Copyright Michigan State University Board of Trustees |
|
# |
|
# This file is part of the LearningOnline Network with CAPA (LON-CAPA). |
|
# |
|
# LON-CAPA is free software; you can redistribute it and/or modify |
|
# it under the terms of the GNU General Public License as published by |
|
# the Free Software Foundation; either version 2 of the License, or |
|
# (at your option) any later version. |
|
# |
|
# LON-CAPA is distributed in the hope that it will be useful, |
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
# GNU General Public License for more details. |
|
# |
|
# You should have received a copy of the GNU General Public License |
|
# along with LON-CAPA; if not, write to the Free Software |
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
|
# |
|
# /home/httpd/html/adm/gpl.txt |
|
# |
|
# http://www.lon-capa.org/ |
|
# |
|
# (Navigate problems for statistical reports |
|
# |
|
|
=pod |
=pod |
|
|
=head1 NAME |
=head1 NAME |
|
|
B<CHECKRPMS> - automated status report about RPMs on a system |
B<CHECKRPMS> - automated status report about RPMs on a system. |
|
|
=head1 SYNOPSIS |
|
|
|
./B<CHECKRPMS> [I<modeflag>] |
|
|
|
or |
|
|
|
B<perl> B<CHECKRPMS> [I<modeflag>] |
|
|
|
If I<modeflag> is left blank, the mode is "interactive". Otherwise, |
|
other modes can be specified as shown in the listing below: |
|
|
|
=over 4 |
|
|
|
|
|
|
|
=back |
|
|
|
=head1 DESCRIPTION |
=head1 DESCRIPTION |
|
|
This file automates the usage of Martin Siegert's "check-rpms" |
Runs Martin Seigert's checkrpms script. See |
script. It runs through a list of possible mirror sites |
http://www.sfu.ca/acs/security/linux/check-rpms.html for more information. |
until it finds one with a reasonably good FTP connection. |
|
|
|
=head2 Future directions |
|
|
|
Eventually, this script may have a simple argument format |
|
that allows the user to VIEW, DOWNLOAD, or AUTOUPDATE their |
|
computer. Or, this script may evolve into an interactive |
|
series of steps: For example, there may be questions like this: |
|
|
|
=over 4 |
|
|
|
=item * |
|
|
|
Do you want to (D)ownload or (A)utoupdate the RPMs |
|
in the list above? |
|
|
|
=item * |
|
|
|
Specify a download location for the RPMs |
|
(default=/tmp/update_my_rpms/)? |
|
|
|
=back |
|
|
|
Note that there are no current plans to automate a software upgrade of the |
|
kernel. This step should be performed by a qualified system administrator. |
|
|
|
=head1 AUTHOR |
Must be run as root or www. |
|
|
Scott Harrison, sharrison@users.sourceforge.net, 2002 |
|
|
|
=cut |
=cut |
|
|
# ================================================== READ IN COMMAND ARGUMENTS. |
use strict; |
|
use lib '/home/httpd/lib/perl/'; |
# ---------------------------------------------------- Process download option. |
use LONCAPA::Configuration; |
my $argument = shift(@ARGV); |
# |
my $document; |
# Determine who we email |
my $mode; |
my %perlvar=%{LONCAPA::Configuration::read_conf('loncapa.conf')}; |
if ($argument eq '--download' or $argument eq '--redownload') |
my $emailto = "$perlvar{'lonAdmEMail'}"; |
{ |
my $subj=$perlvar{'lonHostID'}.' rpm status'; |
if ($< != 0) # Download mode requires 'root'. |
|
{ |
my $checkrpms = '/usr/local/bin/check-rpms'; |
print($out |
# |
'**** ERROR **** Download mode needs to be run as root'."\n"); |
# Check that checkrpms is installed and is the proper version... |
exit(0); # Exit. |
my $mailmsg = ''; |
} |
if (! -e $checkrpms) { |
`rm -Rf /tmp/loncapa_rpm_updates` if $argument eq '--download'; |
$mailmsg = <<END; |
$download='-v -dl -d /tmp/loncapa_rpm_updates'; # Part of check-rpms args. |
|
$mode = 'download'; |
Unable to locate check-rpms on your system. Please go to |
} |
http://www.sfu.ca/acs/security/linux/check-rpms.html, download and |
elsif ($argument eq '--view') |
install check-rpms on this system. |
{ |
|
$mode = 'view'; |
|
} |
|
elsif ($argument eq '--cronmail') |
|
{ |
|
$mode = 'cronmail'; |
|
} |
|
elsif ($ENV{'QUERY_STRING'} or $argument eq '--html') |
|
{ |
|
$mode = 'html'; |
|
} |
|
else |
|
{ |
|
$mode = 'interactive'; |
|
} |
|
|
|
# ================================================== GENERAL INITIAL VARIABLES. |
|
my $command_name=$0; |
|
|
|
# ---------------- The FTP servers (and their directory paths) to check against |
|
my @serverpaths_to_try = |
|
( |
|
'distro.ibiblio.org/pub/linux/distributions/redhat/updates/', |
|
'mirror.pa.msu.edu/linux/redhat/linux/updates/', |
|
'limestone.uoregon.edu/redhat/updates/', |
|
'rufus.w3.org/linux/redhat/linux/updates/', |
|
'opnsrc.support.compaq.com/linux/redhat/updates.redhat.com/', |
|
); |
|
|
|
# -------------------------------------------- Use check-rpms command this way. |
|
my $checkcommand = 'check-rpms '.$download.' --rpmuser www -ftp'; |
|
|
|
my $FTPSERVER; # ------------------------- the server portion of the serverpath |
|
my $FTPUPDATES; # ----------------------------- the actual update root location |
|
my @rpms; # ---------------------------------- this will store the list of RPMs |
|
my $goodoutput; # ------------------------------------ good stuff was returned! |
|
my $reallygoodoutput; # ------------------------------- you are 100% up-to-date |
|
|
|
# ===================================================== Control flow of output. |
|
my $out = \*STDOUT; # Default: go to standard output (directly to terminal). |
|
|
|
if ($mode eq 'cronmail') # If cronmail mode, then save to file. |
|
{ |
|
open(FOUT,'>/tmp/CHECKRPMS.'.$$); |
|
$out = \*FOUT; |
|
} |
|
|
|
$| = 1; # Flush to output whenever possible. |
|
|
|
# ========================================== Variables that must be defineable. |
|
|
|
# --------------------------------------------------- Determine RedHat version. |
|
my $RHversion = (split /\s/, `cat /etc/redhat-release`)[4]; # - 6.2 or 7.3 or ? |
|
|
|
unless ($RHversion) |
|
{ |
|
terminate($mode,$out, |
|
'**** ERROR **** /etc/redhat-release not found'."\n". |
|
'This script does not appear to be running on RedHat.'."\n"); |
|
} |
|
|
|
# ----------------------------------------- Find the check-rpms script location |
|
if (-e './check-rpms') |
|
{ |
|
$commandpre='perl ./'; # Use the check-rpms in the current directory. |
|
} |
|
elsif (-e 'loncom/build/check-rpms') |
|
{ |
|
$commandpre='perl loncom/build/'; # Use check-rpms in the loncom/build dir. |
|
} |
|
elsif (-e '/usr/local/loncapa/bin/check-rpms') |
|
{ |
|
$commandpre='perl /usr/local/loncapa/bin/'; # Use /usr/local dir. |
|
} |
|
else # Cannot find check-rpms, so abort. |
|
{ |
|
terminate($mode,$out, |
|
'**** ERROR **** CANNOT FIND THE check-rpms SCRIPT'."\n"); |
|
} |
|
|
|
# Define check-rpms invocation based on the path to the check-rpms command. |
|
$checkcommand = $commandpre.$checkcommand; |
|
|
|
# ============================================================= Initial output. |
|
|
|
print($out <<END) if $mode eq 'html'; |
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
|
<html> |
|
<head> |
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta> |
|
<title>CHECKRPMS STATUS REPORT</title> |
|
</head> |
|
<body bgcolor="white"> |
|
<h1>CHECKRPMS STATUS REPORT</h1> |
|
<hr /> |
|
<pre> |
|
END |
|
|
|
# Notify user of current action. |
|
print($out <<END); |
|
THIS SCRIPT IS NOW PROBING SEVERAL FTP SERVERS.... |
|
PLEASE BE PATIENT, THIS MAY TAKE A FEW MINUTES. |
|
END |
|
|
|
# ============== Go through all the servers until a decent connection is found. |
|
SERVERLOOP: foreach my $serverpath (@serverpaths_to_try) |
|
{ |
|
$serverpath=~/^(.*?)\//; # Pattern match the ip name. |
|
$FTPSERVER=$1; # Set to the ip name. |
|
print($out "Trying $FTPSERVER...\n"); # Notify of attempts with ip name. |
|
`ping -c 1 $FTPSERVER 2>/dev/null`; # Ping ftp server (are you out there?). |
|
if ($?==0) # If the ftp server can be pinged. |
|
{ |
|
print($out "$FTPSERVER found...\n"); # Tell user ftp server is found. |
|
`ncftpls ftp://$FTPSERVER`; # Try to access server with ftp protocol. |
|
if ($?==0) # If the ftp server can be accessed with the ftp protocol. |
|
{ |
|
$FTPUPDATES="$serverpath$RHversion/en/os"; # The full update path. |
|
# Print the check-rpms command that will be executed. |
|
print($out $checkcommand.' '.$FTPUPDATES."\n"); |
|
if ($mode eq 'download') # Was CHECKRPMS run in download mode? |
|
{ |
|
$|=1; # Try to send things immediately to stdout; err umm.... |
|
# Tell the user about the /tmp/loncapa_rpm_updates directory. |
|
print($out '**** NOTE **** '. |
|
'To check the status of the download, you can '. |
|
'periodically inspect the contents of the '. |
|
'/tmp/loncapa_rpm_updates directory. '. |
|
'Please be patient; this download may take a while.'. |
|
"\n"); |
|
# Do the download. |
|
print($out `$checkcommand $FTPUPDATES 2>\&1`); |
|
# Tell the user about what action they need to take with the |
|
# downloaded RPMs. |
|
print($out |
|
'You may now wish to visit the /tmp/loncapa_rpm_updates'. |
|
' directory and upgrade the RPMs. '."\n". |
|
'If this is a critical server (it is currently being'. |
|
' used for classes) and you do not know how to upgrade'. |
|
' RPMs, you should consult someone who has experience '. |
|
'with the "rpm" command.'."\n"); |
|
clean_exit($mode,$out,0); # Assume everything is okay and exit. |
|
} |
|
@rpms=`$checkcommand $FTPUPDATES 2>\&1`; # Read in list of RPMs. |
|
# Create a text string that can be pattern matched. |
|
my $rpmtext=join('',@rpms); |
|
if ($rpmtext=~/You do not seem to have a/) # No www? |
|
{ |
|
print($out "You do not have a 'www' user on your system.\n". |
|
"Please add this user and try this command again.\n"); |
|
clean_exit($mode,$out,0); |
|
} |
|
if ($rpmtext=~/This account is currently not/) # ------------ uh-oh |
|
{ |
|
print($out "...strange error, moving on ($FTPSERVER)\n"); |
|
} |
|
else # --------------------------------------- the output is "good" |
|
{ |
|
$goodoutput=$rpmtext; |
|
unless (@rpms) # If there are no RPMs to update. |
|
{ |
|
$reallygoodoutput = <<END; |
|
**** NOTE **** All RPMS on your system appear to be up to date. |
|
END |
|
$goodoutput = ' '; |
|
} |
|
last SERVERLOOP; |
|
} |
|
} |
|
print($out '...cannot establish an ftp session with '.$FTPSERVER."\n"); |
|
} |
|
else |
|
{ |
|
print($out "...cannot find $FTPSERVER on the network\n"); |
|
} |
|
} |
|
if (!$goodoutput) # If never received any useable output, assume "no server". |
|
{ |
|
print($out '**** ERROR **** Cannot find a working ftp server.'."\n"); |
|
clean_exit($mode,$out,0); |
|
} |
|
elsif ($reallygoodoutput) # Everything is peachy keen and up-to-date already. |
|
{ |
|
print($out $reallygoodoutput); |
|
} |
|
else # There are RPMs that need to be updated; show list to user. |
|
{ |
|
my $rpmcount=scalar(@rpms); # Count up size of RPM list. |
|
print($out <<END); # Print out an advisory warning to user. |
|
**** WARNING **** You need to update at least $rpmcount RPMS shown in |
|
the list below. THIS IS IMPORTANT FOR SECURITY. |
|
|
|
END |
|
print($out $goodoutput); # Output the RPM list. |
|
if ($mode eq 'interactive') |
|
{ |
|
print($out <<END); |
|
Do you want to download the RPMs listed above (y/n)? |
|
END |
|
my $in=<>; |
|
if ($in=~/^y/) |
|
{ |
|
print($out 'Please be patient... downloading into '. |
|
'/tmp/loncapa_rpm_updates'."\n"); |
|
print($out `perl $command_name --download`); |
|
clean_exit($mode,$out,0); |
|
} |
|
} |
|
print($out <<END); # Output instructions to user about taking action. |
|
|
|
Please visit ftp://$FTPUPDATES |
|
and download the RPMS you need. |
|
For instructions on working with (and upgrading) RPMS, please |
|
visit http://www.rpm.org/max-rpm/. |
|
To automatically download these RPMs to /tmp/loncapa_rpm_updates/, |
|
run the CHECKRPMS command as "./CHECKRPMS --download" |
|
END |
|
if ($mode eq 'cronmail') |
|
{ |
|
print($out <<END); # Output more instructions to user. |
|
CHECKRPMS should be located in /usr/local/loncapa/bin/. |
|
END |
|
} |
|
} |
|
|
|
clean_exit($mode,$out,0); |
|
|
|
# ================================================================ Subroutines. |
|
|
|
sub clean_exit |
|
{ |
|
my ($mode,$out,$code)=@_; |
|
|
|
if ($mode eq 'cronmail') # If cronmail mode, then mail LON-CAPA sys admin. |
|
{ |
|
close(FOUT); |
|
# Read in configuration to get e-mail addresses. |
|
my $perlvarref = read_conf('loncapa.conf'); |
|
my %perlvar = %{$perlvarref}; |
|
undef $perlvarref; |
|
delete $perlvar{'lonReceipt'}; # remove since sensitive |
|
delete $perlvar{'lonSqlAccess'}; # remove since sensitive |
|
|
|
# Set metadata for the e-mail. |
|
my $emailto = "$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}"; |
|
# my $emailto = "sharrison\@users.sourceforge.net"; |
|
my $subj="LON: $perlvar{'lonHostID'}, RPMS to upgrade"; |
|
system( |
|
'metasend -b -t '.$emailto.' -s '. |
|
"'$subj' -f /tmp/CHECKRPMS.$$ -m text/plain"); |
|
} |
|
|
|
print($out <<END) if $mode eq 'html'; # If html mode, print ending tags. |
|
</pre> |
|
</body> |
|
</html> |
|
END |
END |
exit($code); |
|
} |
|
|
|
sub terminate |
|
{ |
|
my ($mode,$out,$output); |
|
if ($mode eq 'html') |
|
{ |
|
print($out <<END); |
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
|
<html> |
|
<head> |
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta> |
|
<title>CHECKRPMS ERROR</title> |
|
</head> |
|
<body bgcolor="white"> |
|
<h1>CHECKRPMS ERROR</h1> |
|
<hr /> |
|
<p><font color="red"><font size="+1"> |
|
END |
|
} |
|
print($out $output); |
|
if ($mode eq 'html') |
|
{ |
|
print($out <<END); |
|
</font></font></p></body></html> |
|
END |
|
} |
|
} |
|
|
|
|
|
# - read_conf: read LON-CAPA server configuration, especially PerlSetVar values |
} |
sub read_conf |
|
{ |
# |
my (@conf_files)=@_; |
# Run check-rpms and capture its output |
my %perlvar; |
$mailmsg = `$checkrpms`; |
my $confdir='/etc/httpd/conf/'; |
|
foreach my $filename (@conf_files,'loncapa_apache.conf') |
# |
{ |
# Email the user the output of checkrpms |
open(CONFIG,'<'.$confdir.$filename) or |
if ($mailmsg ne '') { |
die("Can't read $confdir$filename"); |
$mailmsg =<<"END"; |
while (my $configline=<CONFIG>) |
checkrpms checked the status of the packages on your system and |
{ |
produced the following output: |
if ($configline =~ /^[^\#]*PerlSetVar/) |
------------------------------------------------------- |
{ |
$mailmsg |
my ($unused,$varname,$varvalue)=split(/\s+/,$configline); |
------------------------------------------------------- |
chomp($varvalue); |
If there are rpms which need to be installed, please log into |
$perlvar{$varname}=$varvalue; |
$perlvar{'lonHostID'} and run the following command |
} |
|
} |
$checkrpms --update |
close(CONFIG); |
|
} |
If there are kernel packages to be installed, use |
my $perlvarref=\%perlvar; |
|
return ($perlvarref); |
$checkrpms --update --install-kernel |
} |
|
|
Keeping your system up to date is very important. |
|
Ensuring you are using up to date software is a prerequisite for a |
|
secure system. |
|
|
|
END |
|
my $mail_file = '/tmp/CHECKRPMS.'.$$; |
|
open(MAILFILE,">$mail_file") || die("Unable to write to ".$mail_file); |
|
print MAILFILE $mailmsg.$/; |
|
close(MAILFILE); |
|
my $mailcommand = "mail -s '$subj' $emailto <$mail_file"; |
|
print STDERR $mailcommand; |
|
system($mailcommand); |
|
} |
|
|
|
exit; |