Script repository

From NBSWiki

This page contains some adminitrative scripts I use under Linux (probably Gentoo specific) to ease it's management.
NOTE: I don't make these scripts stupid proof...so you have to make sure you have all required apps (ie: glsa-check has to be installed for CriticalUpdate.sh to work).

1 System Administration
- 1.1 Automating Gentoo Linux Security Advisory updates
- 1.2 Packaging your system
2 System Cloning
- 2.1 Exact copy
- 2.2 File Copy
3 Misc
- 3.1 CHROOT script
4 Display Formatting
- 4.1 remove comments

System Administration

Automating Gentoo Linux Security Advisory updates

You could use app-portage/kuroo or... After running either emerge sync or esync I run this script:

Code: Critical Update scritp

#!/bin/bash
echo Scanning for vulnerable packages...
PKG_LIST=`glsa-check -nl 2>&1 |grep '[0-9] \[N'`
if [ -z $PKG_LIST]
then
        echo "There are no packages in the GLSA listing (your system is not knowingly vulnerable)"
else
        echo $'\nOne or more vulnerable package(s) found!!!\n'
        echo $PKG_LIST $'\n'
        echo Generating update list
        emerge -av `echo $PKG_LIST | grep '[0-9] \[N'|sed -e's:.*( \(.*\) ):\1:'`
fi

exit 0

Packaging your system

This one-liner will build packages of your entire system to be used with emerge -k ....

quickpkg `for I in $(emerge --nospinner --nocolor -qpuNDe world | sed -e 's:.*] \(.*\):\1:'); do echo =${I}; done`

For a networked version of the cloning, start by looking at HOWTO Clone a Gentoo Server or Workstation. I'll update it to include the following techniques eventually ;)

System Cloning

Here I present the basic concepts behind cloning of a system. Of course, adapt the commands to your system's config. All of these steps are performed from a booted CD so that we don't have to worry about opened/special files and all.

Exact copy

Preparing for Compression

Start by clearing the unused space on all HDD devices (including swap) to make the compression of the images much more efficient:

cd /
dd if=/dev/zero of=ZeroFiller bs=64M

Here we fill up the unused space of the root partition with zeros by creating a file named ZeroFiller. Tune the bs=60M to the writing capacity of your HDD so that the process goes faster than the CPU hogging default of 512 bytes. Repeat the process for all file partitions. For the SWAP partition, you will most probably have to write the command as follows:

dd if=/dev/zero of=/dev/hda2 bs=64M

Where /dev/hda2 is your SWAP partition.

Creating the Compressed the Image

You can now create a compressed HDD image onto another disk by calling the following command. Assuming that the receiving medium is mounted in /mnt/LotsOfSpace:

bzip2 -c -k -9 /dev/hda > /mnt/LotsOfSpace/HDA_image.bz2

Using the Compressed Image

We can now uncompress that exact system copy onto another same-sized of larger disk with:

bunzip2 -c -k /mnt/LotsOfSpace/HDA_image.bz2 > /dev/hdc

Obviously, we can skip the whole compression bit and just copy the HDDs from one disk to another, depending on the intended use of the image:

dd if=/dev/hda of=/dev/hdb bs=64M

File Copy

The steps to a file copy can go much faster but is also greatly dependant on the filesystem used for storing these files. This technique is actually useful to migrate from one filesystem to another and to merge a split directory tree. The following commands are repeated for each individual folder (on each partition):

cp -ax /oldROOT/ /newROOT/

The x is to make sure we don't cross over to another filesystem. If your intent is to merge multiple mounts, you may ignore that option.

Misc

CHROOT script

This script eases the chrooting into a Gentoo dir (loop-mounting portage, overlays, proc, sys). WARNING: you can do many calls this script but it doesn't perform any checks before unmounting /proc or /sys! {{Box Code|Critical Update scritp|

#!/bin/bash
# Author: Eric Thibodeau May 2006, feel free to re-distribute ;)
#
shopt -s xpg_echo

ROOT=${1}
# Source make.conf to get PORTDIR_OVERLAY
source /etc/make.conf
MOUNTS="/usr/portage ${PORTDIR_OVERLAY}"


if [ $# -lt 1 ]
then
        echo "Usage: $0 <Path to CHROOT environemnt>"
        exit 1
fi

if [ ! -d ${ROOT} ]
        then echo "${ROOT} is not a directory, exiting"
        exit 1
fi

## Calls unmount on all $MOUNTS
function unmounts(){
    for I in ${MOUNTS}
    do
        umount -v ${ROOT}${I}
   done
        umount -v ${ROOT}/proc
        umount -v ${ROOT}/sys
}

## Calls mount on all $MOUNTS
function mounts(){
        for I in ${MOUNTS}
        do
                if [ ! -d ${ROOT}${I} ]; then
                        echo "WARNING! Silently creating missing destination folder!!!"
                        echo "Adding ${ROOT}${I}"
                        mkdir -p ${ROOT}${I}
                fi

                mount -v -o bind,noatime ${I} ${ROOT}${I}
                if [ $? != 0 ]; then
                        echo "Unable to mount ${ROOT}${I}, exiting!"
                        unmounts
                        exit 1
                fi
        done
        mount -t proc none ${ROOT}/proc
        mount -o bind /sys ${ROOT}/sys
}

mounts
cp -Lf /etc/resolv.conf ${ROOT}/etc/resolv.conf
echo "\nChrooting into the ${ROOT} environment, don't forget to run:\n"
echo "env-update && source /etc/profile && PS1='\[\\\\033[01;31m\]${ROOT}\[\\\\033[01;34m\] \W \\$\[\\\\033[00m\] '"

if [ `uname -m` = "x86_64" ]; then
        linux32 chroot ${ROOT} /bin/bash
else
        chroot ${ROOT} /bin/bash
fi

unmounts

Display Formatting

remove comments

Comments sometimes obfuscate the contents of config files and scripts, the nocom alias comes in handy in this case:

alias nocom='egrep -v '\(^#|^$|^\W*#)'\'

usage:

nocom [script file]

Retrieved from "http://wiki.neuralbs.com/index.php/Script_repository"