[Samba] [OT] *nix Server/Windows Client Tips and tricks
Jason Balicki
kodak at frontierhomemortgage.com
Tue Nov 23 22:59:15 GMT 2004
Sorry if this is too off topic, but one of the things
that happens when you use a *nix box is you have
opportunities to do some nifty tricks with shell
scripts and whatnot to help maintain your network.
Sometimes, this comes at the expense of using the
tools that come with some windows software and is
the result of necessity. Other times, this comes
because the "nifty" tools that come with other
Windows software is inadequate for your needs.
Yet other times it comes because you need to look
busy and your boss is pacing outside your office.
In the interest of learning what others have done,
I'm going to post a couple of scripts that I've
come up with to take care of some maintenance
tasks on my network. I encourage others to do
the same, but only if this is well received and
isn't considered noise. The scripts I'm interested
in in this particular case are scripts that help
maintain a Samba network specifically, or a *nix
server in a Windows client environment generally.
For example, the first script I'm going to share
is a script that connects to the client machines
in my domain and retrieve my AV logs, process them
and return the results. My AV vendor (Sophos) has
tools for this, but they were more complex to set
up than this was to write, and would have simply
emailed the logs to me on a per machine basis --
which wasn't what I wanted and not very useful.
The second script is just a backup script that
backs up the samba server to a removable hard
drive (IEEE-1394) that gets rotated every
night. Nobody worry, this is a supplementary
backup. :)
I realize both of these scripts are kind of
simple and sophomoric, but this is more of an
"let's get ideas" thing than it is a "let's
get specific details" thing. I just want to
encourage more code sharing. I know I hate
banging my head on something for hours and hours
only to find that someone else did the same
thing with a 2 line perl script 2 years ago
and only piped up when I mention that I finished
some task. :)
I've annotated the scripts a little bit for
your entertainment.
--J(K)
First script:
---begin---
#!/bin/sh
# getsophoslogs
# just a quickie to get the Sophos logs from the workstations,
# and check them to see if Sophos has detected any viruses
# and/or errors.
#
# this script makes the assumption that you use
# Sophos and you have a Sophos user defined for
# your network. This is a requirement of Sophos
# Enterprise Library, although I make the further
# requirement that the user is the same on every
# workstation.
#
# you also must be using WINS and have Sophos installed
# at the default location on every client machine.
#
# last updated: 11-19-2004
WINSFILE=/var/cache/samba/wins.dat
DATE=`date +%m%d%y%h%m%s`
TEMPFILE=/tmp/sophoslog.$DATE
TEMPDIR=/tmp/sophosdir.$DATE
TEMPREPORT=/tmp/sophosreport.$DATE
# you will need to change this bit, obviously
SMBUSER=yoursophosuser
SMBPASS=yoursophospass
MAILTO=root
MOUNTPOINT=/mnt/sophoslogs
# your log location may differ. You'll have to add a bit of logic
# if you've got older 9x (or other) clients. Mine are all XP or 2k
LOGLOCATION=Program\ Files/Sophos\ Sweep\ for\ NT/Reports/Daily.REP
HASVIRUS=0
HASERROR=0
HOSTCOUNT=0
HOSTCOUNTMOUNTED=0
# you can pipe the following grep line through one or more grep -v to get
rid of
# wins listings you know you don't need, like other linux boxes or
# printers or whatnot.
grep \#00 $WINSFILE | cut -d " " -f 1 | cut -d \# -f 1 | cut -d \" -f 2 >
$TEMPFILE
mkdir $TEMPDIR
echo Sophos report for `date` > $TEMPREPORT
echo >> $TEMPREPORT
echo >> $TEMPREPORT
for HOST in `cat $TEMPFILE`; do
if (grep -i $HOST /etc/samba/smbpasswd > /dev/null 2>&1); then
echo $HOST >> $TEMPFILE.indomain
HOSTCOUNT=`expr ${HOSTCOUNT} + 1`;
else
echo $HOST is not listed in domain. >> $TEMPREPORT
fi;
done
echo >> $TEMPREPORT
echo >> $TEMPREPORT
for HOST in `cat $TEMPFILE.indomain`; do
TARGET=//$HOST/c\$
if (mount -t smbfs -o username=$SMBUSER -o password=$SMBPASS $TARGET
$MOUNTPOINT > /dev/null 2>&1); then
if [ -e "$MOUNTPOINT/$LOGLOCATION" ]; then
cp "$MOUNTPOINT/$LOGLOCATION"
$TEMPDIR/$HOST.Daily.log >/dev/null 2>&1
HOSTCOUNTMOUNTED=`expr ${HOSTCOUNTMOUNTED} + 1`;
else
echo WARNING: $HOST mounted, but no daily log found,
check Sophos installation >> $TEMPREPORT
fi
if (umount $MOUNTPOINT);then
true
else
echo WARNING: unable to unmount $TARGET, you might
want to fix this >> $TEMPREPORT
fi
else
echo INFO: could not mount $TARGET, moving on.
>>$TEMPREPORT;
fi;
done
echo >> $TEMPREPORT
echo >> $TEMPREPORT
echo ${HOSTCOUNTMOUNTED} of ${HOSTCOUNT} hosts in domain had retrieveable
logs. >> $TEMPREPORT
echo >> $TEMPREPORT
echo >> $TEMPREPORT
echo Virus summary: >> $TEMPREPORT
for LOG in `ls $TEMPDIR`; do
HN=`echo $LOG | cut -d "." -f 1`;
if (grep Virus $TEMPDIR/$LOG | grep detected>/dev/null 2>&1);then
echo Found one or more viruses in $HN >> $TEMPREPORT
HASVIRUS=1
fi;
done
if [ $HASVIRUS -eq 0 ]; then
echo Sophos reports no viruses found on any machine scanned. >>
$TEMPREPORT
fi
echo >> $TEMPREPORT
echo >> $TEMPREPORT
echo Errors summary: >> $TEMPREPORT
for LOG in `ls $TEMPDIR`; do
HN=`echo $LOG | cut -d "." -f 1`;
if (grep Error: $TEMPDIR/$LOG >/dev/null 2>&1);then
echo Found one or more errors in $HN >> $TEMPREPORT
HASERROR=1
fi;
done
if [ $HASERROR -eq 0 ]; then
echo Sophos reports no errors found on any machine scanned. >>
$TEMPREPORT
fi
echo >> $TEMPREPORT
echo >> $TEMPREPORT
echo Report Details: >> $TEMPREPORT;
echo >> $TEMPREPORT
echo >> $TEMPREPORT
for LOG in `ls $TEMPDIR`; do
HN=`echo $LOG | cut -d "." -f 1`;
echo $LOG: >>$TEMPREPORT;
grep Info: $TEMPDIR/$LOG | grep started >> $TEMPREPORT;
grep Version $TEMPDIR/$LOG >> $TEMPREPORT;
grep Includes $TEMPDIR/$LOG | grep detection >> $TEMPREPORT;
if (grep Virus $TEMPDIR/$LOG | grep detected >> $TEMPREPORT);then
true
else
echo -n No viruses detected by Sophos on\ >>$TEMPREPORT
echo $HN >> $TEMPREPORT
fi;
if (grep Error: $TEMPDIR/$LOG >> $TEMPREPORT);then
true
else
echo -n No errors detected by Sophos on\ >>$TEMPREPORT
echo $HN >> $TEMPREPORT
fi;
echo >> $TEMPREPORT;
done
mail -s "Virus report" $MAILTO < $TEMPREPORT
if (df | grep $MOUNTPOINT > /dev/null 2>&1); then
echo WARNING: it appears $MOUNTPOINT is still mounted. >>$TEMPREPORT
fi
#clean up /tmp
rm -rf $TEMPFILE $TEMPDIR $TEMPREPORT
---end---
---begin backup script---
#!/bin/bash
#
# Backup to removable media (specificaly 2x250GB lacie
# hard drives, rotated off-site nightly
#
# Jason Balicki 5/3/2004
# Latest rev: 10/26/2004
#
# "Lacie" is the manufacturer of the external HDD
# we use.
#
# This script requires an external script "rescan-scsi-bus.sh"
# that can be easily found by googling for it.
#
# This is meant to be run in a cron job, and the stdout will
# be emailed to the cron specified user.
#
# backup device (hard disk device)
TARGETDEV=/dev/sda1
# backup mount point
MOUNTPOINT=/mnt/lacie
BUSERVER=YOURSERVERNAME
# next line has list of shares, space seperated
# you MUST have a /mnt/sharename for each share
# listed here.
BUSHARES="share1 share2 share3"
BUSER=backupuser
BPASS=backuppassword
WEEKDAY=`date +%a`
echo Backup device is $TARGETDEV, backup mountpoint is $MOUNTPOINT, day is
$WEEKDAY.
echo Backup directories are: $BUSHARES
echo Backup will now continue.
echo Did Lacie dissapear on us again? Let\'s find out!
# set target
BUTARG=$MOUNTPOINT/$WEEKDAY
if (cat /proc/scsi/scsi | grep WD25 > /dev/null 2>&1); then
echo Lacie exists;
else
echo Lacie does not exist. Trying rescan.
/sbin/rescan-scsi-bus.sh > /dev/null 2>&1;
if (cat /proc/scsi/scsi | grep WD25 > /dev/null 2>&1); then
echo Lacie found via scan.
else
echo Unable to find Lacie drive. Exiting.
exit 1;
fi
fi
echo Determining status of mountpoint
# check to see if mountpoint is mounted, if it is,
# unmount. If we can't unmount, then we die.
if [ -d $MOUNTPOINT/lost\+found ]; then
echo Mountpoint already mounted, attempting to unmount because it\'s
easier than fixing the rest of this script.;
if (umount $TARGETDEV); then
echo $TARGETDEV unmounted
echo Attempting to re-mount $TARGET file system to
$MOUNTPOINT.
else
echo Unable to unmount $TARGETDEV, it\'s not going to happen
today, partner.\nI require exclusive device access, otherwise I could be
running over myself \(this is a long backup.\)
# No Mr. Script, I expect you to DIE!
exit 1;
fi
fi
#
# BUILD IN A TIMEOUT, IF YOU CAN. IF MOUNT DIES, MOUNTPOINT IS
# INACCESSIBLE UNTIL NEXT BOOT!
# This should no longer be an issue, if we can't unmount we die above.
#
# can we mount the filesystem?
if mount -t ext3 $TARGETDEV $MOUNTPOINT >& /dev/null;
then
# create directory if necessary and generate date file
if [ -d $BUTARG ];
then
echo $BUTARG exists, generating date file.
echo Starting: `date` >
$BUTARG/00-Date-File;
else
echo Creating $BUTARG.
echo Generating date file.
mkdir $BUTARG
echo Starting: `date`
echo Starting: `date` >
$BUTARG/00-Date-File;
fi
echo Starting backups of $BUSHARES
for i in $BUSHARES; do
echo;
echo Starting $i at `date +%T`;
echo Backing up //$BUSERVER/$i to $BUTARG/$i;
RETVAL0=0;
RETVAL1=0;
echo Attempting to mount /mnt/$i;
if (mount -t smbfs -o username=$BUSER -o
password=$BPASS //$BUSERVER/$i /mnt/$i >& /dev/null); then
echo Mount of $i successful.
else
echo ERROR: Mount of $i FAILED, please
investigate. Returned: $?
fi;
if (rsync -rlptD --links
--exclude=/export/samba/public/offices/
--exclude=/export/samba/public/office/
--exclude=/export/samba/public/officexp/
--exclude=/export/samba/public/recycler/ --delete --delete-excluded /mnt/$i
$BUTARG/$i >& /dev/null); then
echo Rsync of $i successful.
else
echo ERROR: Rsync of $i FAILED, please
investigate. Returned: $?
fi;
echo unmounting /mnt/$i;
if (umount /mnt/$i >& /dev/null); then
echo $i unmounted
else
echo WARNING: unable to unmount $i.
Returned: $?
fi;
echo Ending $i at `date +%T`;
done
echo
echo Writing stop time to date file.
echo Ending: `date`
echo Ending: `date` >> $BUTARG/00-Date-File
# verify?
#is there any need?
# unmount
echo Unmounting $TARGETDEV filesystem.
if (umount $TARGETDEV); then
echo Unmount of $TARGETDEV sucessful
else
echo WARNING: unable to unmount $TARGETDEV
fi
else
# guess not... die
echo Unable to mount $TARGETDEV, quitting. Please check logs
to try to determine what went wrong.
exit 1;
fi
#This should be unnecessary, but I left it out of superstition.
if [ -d "$MOUNTPOINT/lost+found" ]; then
echo Unmounting $TARGETDEV filesystem.
if (umount $TARGETDEV); then
umount $TARGETDEV
echo Unmount of $TARGETDEV sucessful
else
echo WARNING: unable to unmount $TARGETDEV
fi
fi
exit 0
---end backup script---
More information about the samba
mailing list