SlideShare a Scribd company logo

pts_ldap

Download as RTF, PDF
A
Adam Currier
1 of 11
#!/usr/bin/perl -w ############################################################################ ## ## Netezza an IBM Company Copyright 2011 ## ## Name: nz-ldap-tools.pl ## ## Author: Adam Currier ## ## Description: ## ------------ ## This script is used for NPS LDAP diagnostics ## It is not written well - only to work. Putting checks into subroutines ## and splitting into modules should be done in the future ;) ## ############################################################################ system $^O eq 'MSWin32' ? 'cls' : 'clear'; $? = 1; # print out buffered text my $REV = "1.0b"; # script revision use Term::ANSIColor; use Cwd; # include list use lib "../install_modules"; use get_system; use print_color; # directories my $DIR = getcwd; # global my $SPACER = 55; # # add time base to file name # my $time = `date`; my ($dummy, $mon, $day, $year); ($dummy, $mon, $day, $time, $dummy, $year) = split(/s+/, $time); my $FINAL_RESULTS_FILE = "../pts_logs/ldap_check_".$mon."_".$day."_".$time."_". $year.".txt"; # # Check user for root # my $user = `whoami`; if ($user !~ /^root$/) { $print = "Check user is root "; print("You must be root to run this script!n"); exit; } else { # print banner my $print = "-------------------------BASE CHECK"; my $line = ("-" x (($SPACER + 6) - length($print))); $print = $print.$line."n"; print_color::color_change_yellow($print, $FINAL_RESULTS_FILE); $print = "Check user is root "; print_color::printout($print, $FINAL_RESULTS_FILE);
print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE) } $nz_file="/nz/lost+found"; if (-e $nz_file) { $print = "Check for active host "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); }else { $print = "Check for active host "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); $print = "-" x ($SPACER + 6); print_color::color_change_yellow("$printn", $FINAL_RESULTS_FILE); print("You must run this from the active host!nnn"); exit; } $print = "Check NPS is Online"; print_color::printout($print, $FINAL_RESULTS_FILE); # check to see if online or not my $state = `su - nz -c "nzstate" 2>&1`; if ($state =~ /Online/i || $state =~ /paused/i) { print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); } # check if we have FTP access: my $ftp = '1'; if ($ftp ne '') { $print = "Check FTP access "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check FTP access "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } $print = "Check LDAP tools installed";
print_color::printout($print, $FINAL_RESULTS_FILE); # check to see if openldap-clients installed or not my $ldap_tools = `rpm -qa | grep openldap-clients`; if ($ldap_tools ne '') { print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); } #check if we have strace installed: my $ftp = `rpm -qa | grep -i strace`; if ($ftp ne '') { $print = "Check STRACE installed "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check STRACE installed "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); } # remove the file system("rm -rf $FINAL_RESULTS_FILE"); # global for failed my $FAIL = 0; # begin main(); # # Function: put the base functionality checks here # sub main { # print banner my $print = "-----------------------SYSTEM CHECK"; my $line = ("-" x (($SPACER + 6) - length($print))); $print = $print.$line."n"; print_color::color_change_yellow($print, $FINAL_RESULTS_FILE); # check /nz/data/pg_hba.conf file for value lowercase my $pghba = `egrep -v '^(#|$)' /nz/data/pg_hba.conf 2>/dev/null | grep lowercase`; if ($pghba eq '') { $print = "Check pg_hba.conf "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER);
print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check pg_hba.conf "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } # check /nz/data/config/ldap.conf' ownership and permissions: my $permission = `ls -al /nz/data/config/ldap.conf 2>/dev/null | egrep '^(-rw).*nz.*nz'`; if ($permission ne '') { $print = "Check ownership and permissions "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check ownership and permissions"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } # check that the libssl.so.4 symlink points to libssl.so.0.9.7a like it's supposed to my $libssl4 = `ls -l /lib/libssl.so.4 | grep "libssl.so.6"`; if ($libssl4 ne '') { $print = "Check libssl.so.4 "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check libssl.so.4"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } # check that the libssl.so.6 symlink points to libssl.so.0.9.8e like it's supposed to my $libssl6 = `ls -l /lib/libssl.so.6 | grep "libssl.so.0.9.8e"`; if ($libssl6 ne '') { $print = "Check libssl.so.6"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check libssl.so.6"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } # check that the libcrypto.so.4 symlink points to libcrypto.so.0.9.7a like it's supposed to my $libcrypto4 = `ls -l /lib/libcrypto.so.4 | grep "libcrypto.so.6"`; if ($libcrypto4 ne '') {
$print = "Check libcrypto.so.4 "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check libcrypto.so.4"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } # check that the libcrypto.so.6 symlink points to libcrypto.so.0.9.8e like it's supposed to my $libcrypto6 = `ls -l /lib/libcrypto.so.6 | grep "libcrypto.so.0.9.8e"`; if ($libcrypto6 ne '') { $print = "Check libcrypto.so.6"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check libcrypto.so.6"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } network_check(); nps_check(); final_out_file(1); # give a total status $FAIL = final_status(); exit($FAIL); } # # Function: put all network checks here # sub network_check { # print banner my $print = "----------------------NETWORK CHECK"; my $line = ("-" x (($SPACER + 6) - length($print))); $print = $print.$line."n"; print_color::color_change_yellow($print, $FINAL_RESULTS_FILE); # Check ping to ldap host # Need to programmatically get the host name my $host = `egrep '^host' /etc/ldap.conf | awk '{ print $2 }'`; $host =~ s/^s+//; $host =~ s/s+$//; # add some exception handling here if ($host eq '') { $host = "fail.localhost.com"; }
#debug #rint "ping -c 1 $host | grep '1 received'`"; if (`ping -c 1 $host | grep '1 received'` ) { $print = "Check ping to LDAP server"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check ping to LDAP server "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } #debug #print "nc -z $host 389 |grep succeeded`"; if ($host eq "fail.localhost.com") { $print = "Check port 389 accessible "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); $print = "Check port 636 accessible "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } else { my $port1 = `nc -z $host 389 |grep succeeded`; if ($port1 ne '') { $print = "Check port 389 accessible "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check port 389 accessible "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } my $port2 = `nc -z $host 636 | grep succeeded`; if ($port2 ne '') { $print = "Check port 636 accessible "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check port 636 accessible "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } } } # # Function: NPS checks go here # sub nps_check { # print banner my $print = "------------------------NPS CHECK";
my $line = ("-" x (($SPACER + 6) - length($print))); $print = $print.$line."n"; print_color::color_change_yellow($print, $FINAL_RESULTS_FILE); # Check that NZSQL authentication is set to LDAP my $ldap = `su - nz -c "nzsql -admin -c 'show authentication'" &> /tmp/1`; my $ldap2 = `grep ldap /tmp/1`; if ($ldap2 ne '') { $print = "Check SET AUTHENTICATION"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check SET AUTHENTICATION"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } # Check if we have some users who are authenticated locally (mixed mode) my $mixed = `su - nz -c "nzsql -admin -c 'select count(*) from _t_user where useauth = 1'" &> /tmp/2`; my $mixed2 = `grep 0 /tmp/2`; if ($mixed2 eq '') { $print = "Check Mixed Mode"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check Mixed Mode"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); } } # # Function: this will print out all the files to the log # sub final_status { my $number_of_fail = 1; my $number_of_warn = 1; # print out banner my $print = "---------------------LDAP.CONF CHECK"; my $line = ("-" x (($SPACER + 6) - length($print))); $print = $print.$line."n"; print_color::color_change_yellow($print, $FINAL_RESULTS_FILE); # $print = "Failing message "; # print_color::printout($print, $FINAL_RESULTS_FILE); # print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); # print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); # # $print = "Warning message "; # print_color::printout($print, $FINAL_RESULTS_FILE);
# print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); # print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); # # $print = "Passing message "; # print_color::printout($print, $FINAL_RESULTS_FILE); # print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); # print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); # Check that ldap.conf doesn't have a line that begins with uri. # if it does, warn - it may be legitiamte or it may point to 127.0.0.1 (jira bug# ) my $uri = `egrep '^(uri)' /etc/ldap.conf`; if ($uri eq '') { $print = "Test URI line "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Test URI line "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } # check that search attribute is sAMAccountName (Most often used for Active Directory - otherwise WARN my $pla = `egrep '^pam_login_attribute' /etc/ldap.conf | awk '{ print $2 }'`; $pla =~ s/^s+//; $pla =~ s/s+$//; #print "$pla n"; if ($pla eq 'sAMAccountName') { $print = "Check search attribute "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check search attribute"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); } # check that the bind user isn't blank my $binddn1 = `egrep '^binddn' /etc/ldap.conf | awk '{ print $2 }'`; $binddn1 =~ s/^s+//; $binddn1 =~ s/s+$//; if ($binddn1 ne '') { $print = "Check bind user"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check bind user"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); }
# check that the bind password isn't blank my $bindpw1 = `egrep '^bindpw' /etc/ldap.conf | awk '{ print $2 }'`; $bindpw1 =~ s/^s+//; $bindpw1 =~ s/s+$//; if ($bindpw1 ne '') { $print = "Check bind password"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check bind password"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); } # check that the libcrypto.so.4 symlink points to libcrypto.so.0.9.7a like it's supposed to my $libcrypto4 = `ls -l /lib/libcrypto.so.4 | grep "libcrypto.so.0.9.7a"`; if ($libcrypto4 ne '') { $print = "Check libcrypto.so.4 "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check libcrypto.so.4"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } # check that the libcrypto.so.6 symlink points to libcrypto.so.0.9.8e like it's supposed to my $libcrypto6 = `ls -l /lib/libcrypto.so.6 | grep "libcrypto.so.0.9.8e"`; if ($libcrypto6 ne '') { $print = "Check libcrypto.so.6"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check libcrypto.so.6"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } # print out banner my $print = "--------------------LDAPSEARCH CHECK"; my $line = ("-" x (($SPACER + 6) - length($print))); $print = $print.$line."n"; print_color::color_change_yellow($print, $FINAL_RESULTS_FILE); # Perform some ldapsearch tests: my $host2 = `egrep '^host' /etc/ldap.conf | awk '{ print $2 }'`; $host2 =~ s/^s+//; $host2 =~ s/s+$//; #print "$host2 n";
my $binddn = `egrep '^binddn' /etc/ldap.conf | awk '{ print $2 }'`; $binddn =~ s/^s+//; $binddn =~ s/s+$//; #print "$binddn n"; my $bindpw = `egrep '^bindpw' /etc/ldap.conf | awk '{ print $2 }'`; $bindpw =~ s/^s+//; $bindpw =~ s/s+$//; #print "$bindpw n"; my $base = `egrep '^base' /etc/ldap.conf | awk '{ print $2 }'`; $base =~ s/^s+//; $base =~ s/s+$//; #print "$base n"; # if host is not real then skip these tests and fail: # add some exception handling here if ($host2 eq '') { $host2 = "fail.localhost.com"; } if ($host2 eq "fail.localhost.com") { $print = "Perform test ldapsearch "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); $print = "Perform test ssl ldapsearch "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } else { my $ldaptest = `ldapsearch -x -D "$binddn" -b "$base" -H ldap://$host2 -w $bindpw 2>/dev/null | wc -l`; #print "$ldaptest n"; if ($ldaptest > 25) { $print = "Perform test ldapsearch "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } elsif ($ldaptest > 1) { $print = "Perform test ldapsearch "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); } else { $print = "Perform test ldapsearch "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } my $ldaptest2 = `ldapsearch -x -D "$binddn" -b "$base" -H ldaps://$host2 -w $bindpw 2>/dev/null | wc -l`; #print "$ldaptest n"; if ($ldaptest2 > 25) { $print = "Perform test ssl ldapsearch "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE);
} elsif ($ldaptest2 > 1) { $print = "Perform test ssl ldapsearch "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); } else { $print = "Perform test ssl ldapsearch "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } } # print footer $print = "-" x ($SPACER + 6); print_color::color_change_yellow("$printn", $FINAL_RESULTS_FILE); $print = "Log file - $FINAL_RESULTS_FILE"; print_color::color_change_green("$printn", $FINAL_RESULTS_FILE); $print = "-" x ($SPACER + 6); print_color::color_change_yellow("$printn", $FINAL_RESULTS_FILE); } # # Function: this will print out all the files to the log # sub final_out_file { my $when = $_[0]; if ($when == 1) { # get all the files for (my $sys_idx = 0; $sys_idx < @TESTS_NO_BOOTPSRV; $sys_idx++) { system("cat $TESTS_NO_BOOTPSRV[$sys_idx][$TEST_CMD].txt >> $FINAL_RESULTS_FILE"); open DATA, ">>$FINAL_RESULTS_FILE"; print DATA "n"; close DATA; } } else { for (my $sys_idx = 0; $sys_idx < @TESTS_BOOTPSRV; $sys_idx++) { system("cat $TESTS_BOOTPSRV[$sys_idx][$TEST_CMD].txt >> $FINAL_RESULTS_FILE"); open DATA, ">>$FINAL_RESULTS_FILE"; print DATA "n"; close DATA; } } }

Recommended

PHP code examples
PHP code examplesPHP code examples
PHP code examplesprogrammingslides
 
Linux Command Line Introduction for total beginners, Part 2
Linux Command Line Introduction for total beginners, Part 2 Linux Command Line Introduction for total beginners, Part 2
Linux Command Line Introduction for total beginners, Part 2 Corrie Watt
 
The linux command line for total beginners
The linux command line for total beginnersThe linux command line for total beginners
The linux command line for total beginnersCorrie Watt
 
Redis for your boss 2.0
Redis for your boss 2.0Redis for your boss 2.0
Redis for your boss 2.0Elena Kolevska
 
Redis for your boss
Redis for your bossRedis for your boss
Redis for your bossElena Kolevska
 
ReactPHP
ReactPHPReactPHP
ReactPHPPhilip Norton
 
Ethiopian multiplication in Perl6
Ethiopian multiplication in Perl6Ethiopian multiplication in Perl6
Ethiopian multiplication in Perl6Workhorse Computing
 
Perl6 Regexen: Reduce the line noise in your code.
Perl6 Regexen: Reduce the line noise in your code.Perl6 Regexen: Reduce the line noise in your code.
Perl6 Regexen: Reduce the line noise in your code.Workhorse Computing
 

Recommended

PHP code examples
PHP code examplesPHP code examples
PHP code examplesprogrammingslides
 
Linux Command Line Introduction for total beginners, Part 2
Linux Command Line Introduction for total beginners, Part 2 Linux Command Line Introduction for total beginners, Part 2
Linux Command Line Introduction for total beginners, Part 2 Corrie Watt
 
The linux command line for total beginners
The linux command line for total beginnersThe linux command line for total beginners
The linux command line for total beginnersCorrie Watt
 
Redis for your boss 2.0
Redis for your boss 2.0Redis for your boss 2.0
Redis for your boss 2.0Elena Kolevska
 
Redis for your boss
Redis for your bossRedis for your boss
Redis for your bossElena Kolevska
 
ReactPHP
ReactPHPReactPHP
ReactPHPPhilip Norton
 
Ethiopian multiplication in Perl6
Ethiopian multiplication in Perl6Ethiopian multiplication in Perl6
Ethiopian multiplication in Perl6Workhorse Computing
 
Perl6 Regexen: Reduce the line noise in your code.
Perl6 Regexen: Reduce the line noise in your code.Perl6 Regexen: Reduce the line noise in your code.
Perl6 Regexen: Reduce the line noise in your code.Workhorse Computing
 
Perl6 in-production
Perl6 in-productionPerl6 in-production
Perl6 in-productionAndrew Shitov
 
Web Apps in Perl - HTTP 101
Web Apps in Perl - HTTP 101Web Apps in Perl - HTTP 101
Web Apps in Perl - HTTP 101hendrikvb
 
Hypers and Gathers and Takes! Oh my!
Hypers and Gathers and Takes! Oh my!Hypers and Gathers and Takes! Oh my!
Hypers and Gathers and Takes! Oh my!Workhorse Computing
 
PerlでWeb API入門
PerlでWeb API入門PerlでWeb API入門
PerlでWeb API入門Yusuke Wada
 
Codeigniter4の比較と検証
Codeigniter4の比較と検証Codeigniter4の比較と検証
Codeigniter4の比較と検証ME iBotch
 
Perl6 grammars
Perl6 grammarsPerl6 grammars
Perl6 grammarsAndrew Shitov
 
The Joy of Smartmatch
The Joy of SmartmatchThe Joy of Smartmatch
The Joy of SmartmatchAndrew Shitov
 
Webrtc mojo
Webrtc mojoWebrtc mojo
Webrtc mojobpmedley
 
Unix 1st sem lab programs a - VTU Karnataka
Unix 1st sem lab programs a - VTU KarnatakaUnix 1st sem lab programs a - VTU Karnataka
Unix 1st sem lab programs a - VTU KarnatakaiCreateWorld
 
Perl web frameworks
Perl web frameworksPerl web frameworks
Perl web frameworksdiego_k
 
Memory Manglement in Raku
Memory Manglement in RakuMemory Manglement in Raku
Memory Manglement in RakuWorkhorse Computing
 
Ch1(introduction to php)
Ch1(introduction to php)Ch1(introduction to php)
Ch1(introduction to php)Chhom Karath
 
Unix lab manual
Unix lab manualUnix lab manual
Unix lab manualChaitanya Kn
 
Intro to PHP
Intro to PHPIntro to PHP
Intro to PHPSandy Smith
 
Intro to php
Intro to phpIntro to php
Intro to phpSp Singh
 
Perl5i
Perl5iPerl5i
Perl5iMarcos Rebelo
 
BSDM with BASH: Command Interpolation
BSDM with BASH: Command InterpolationBSDM with BASH: Command Interpolation
BSDM with BASH: Command InterpolationWorkhorse Computing
 
Findbin libs
Findbin libsFindbin libs
Findbin libsWorkhorse Computing
 
Mojo as a_client
Mojo as a_clientMojo as a_client
Mojo as a_clientMarcus Ramberg
 
Leveraging APIs without Programming in FME Server Provisioning
Leveraging APIs without Programming in FME Server ProvisioningLeveraging APIs without Programming in FME Server Provisioning
Leveraging APIs without Programming in FME Server ProvisioningSafe Software
 
Lecture19-20
Lecture19-20Lecture19-20
Lecture19-20tutorialsruby
 
Lecture19-20
Lecture19-20Lecture19-20
Lecture19-20tutorialsruby
 

More Related Content

What's hot

Web Apps in Perl - HTTP 101
Web Apps in Perl - HTTP 101Web Apps in Perl - HTTP 101
Web Apps in Perl - HTTP 101hendrikvb
 
Hypers and Gathers and Takes! Oh my!
Hypers and Gathers and Takes! Oh my!Hypers and Gathers and Takes! Oh my!
Hypers and Gathers and Takes! Oh my!Workhorse Computing
 
PerlでWeb API入門
PerlでWeb API入門PerlでWeb API入門
PerlでWeb API入門Yusuke Wada
 
Codeigniter4の比較と検証
Codeigniter4の比較と検証Codeigniter4の比較と検証
Codeigniter4の比較と検証ME iBotch
 
The Joy of Smartmatch
The Joy of SmartmatchThe Joy of Smartmatch
The Joy of SmartmatchAndrew Shitov
 
Webrtc mojo
Webrtc mojoWebrtc mojo
Webrtc mojobpmedley
 
Unix 1st sem lab programs a - VTU Karnataka
Unix 1st sem lab programs a - VTU KarnatakaUnix 1st sem lab programs a - VTU Karnataka
Unix 1st sem lab programs a - VTU KarnatakaiCreateWorld
 
Perl web frameworks
Perl web frameworksPerl web frameworks
Perl web frameworksdiego_k
 
Ch1(introduction to php)
Ch1(introduction to php)Ch1(introduction to php)
Ch1(introduction to php)Chhom Karath
 
Intro to php
Intro to phpIntro to php
Intro to phpSp Singh
 
BSDM with BASH: Command Interpolation
BSDM with BASH: Command InterpolationBSDM with BASH: Command Interpolation
BSDM with BASH: Command InterpolationWorkhorse Computing
 
Leveraging APIs without Programming in FME Server Provisioning
Leveraging APIs without Programming in FME Server ProvisioningLeveraging APIs without Programming in FME Server Provisioning
Leveraging APIs without Programming in FME Server ProvisioningSafe Software
 

What's hot (20)

Perl6 in-production
Perl6 in-productionPerl6 in-production
Perl6 in-production
 
Web Apps in Perl - HTTP 101
Web Apps in Perl - HTTP 101Web Apps in Perl - HTTP 101
Web Apps in Perl - HTTP 101
 
Hypers and Gathers and Takes! Oh my!
Hypers and Gathers and Takes! Oh my!Hypers and Gathers and Takes! Oh my!
Hypers and Gathers and Takes! Oh my!
 
PerlでWeb API入門
PerlでWeb API入門PerlでWeb API入門
PerlでWeb API入門
 
Codeigniter4の比較と検証
Codeigniter4の比較と検証Codeigniter4の比較と検証
Codeigniter4の比較と検証
 
Perl6 grammars
Perl6 grammarsPerl6 grammars
Perl6 grammars
 
The Joy of Smartmatch
The Joy of SmartmatchThe Joy of Smartmatch
The Joy of Smartmatch
 
Webrtc mojo
Webrtc mojoWebrtc mojo
Webrtc mojo
 
Unix 1st sem lab programs a - VTU Karnataka
Unix 1st sem lab programs a - VTU KarnatakaUnix 1st sem lab programs a - VTU Karnataka
Unix 1st sem lab programs a - VTU Karnataka
 
Perl web frameworks
Perl web frameworksPerl web frameworks
Perl web frameworks
 
Memory Manglement in Raku
Memory Manglement in RakuMemory Manglement in Raku
Memory Manglement in Raku
 
Ch1(introduction to php)
Ch1(introduction to php)Ch1(introduction to php)
Ch1(introduction to php)
 
Unix lab manual
Unix lab manualUnix lab manual
Unix lab manual
 
Intro to PHP
Intro to PHPIntro to PHP
Intro to PHP
 
Intro to php
Intro to phpIntro to php
Intro to php
 
Perl5i
Perl5iPerl5i
Perl5i
 
BSDM with BASH: Command Interpolation
BSDM with BASH: Command InterpolationBSDM with BASH: Command Interpolation
BSDM with BASH: Command Interpolation
 
Findbin libs
Findbin libsFindbin libs
Findbin libs
 
Mojo as a_client
Mojo as a_clientMojo as a_client
Mojo as a_client
 
Leveraging APIs without Programming in FME Server Provisioning
Leveraging APIs without Programming in FME Server ProvisioningLeveraging APIs without Programming in FME Server Provisioning
Leveraging APIs without Programming in FME Server Provisioning
 

Similar to pts_ldap

Good Evils In Perl (Yapc Asia)
Good Evils In Perl (Yapc Asia)Good Evils In Perl (Yapc Asia)
Good Evils In Perl (Yapc Asia)Kang-min Liu
 
Programming in perl style
Programming in perl styleProgramming in perl style
Programming in perl styleBo Hua Yang
 
PHP and Rich Internet Applications
PHP and Rich Internet ApplicationsPHP and Rich Internet Applications
PHP and Rich Internet Applicationselliando dias
 
The Hidden Power of HTMLBars (or, Scope in Ember.js Templates)
The Hidden Power of HTMLBars (or, Scope in Ember.js Templates)The Hidden Power of HTMLBars (or, Scope in Ember.js Templates)
The Hidden Power of HTMLBars (or, Scope in Ember.js Templates)Matthew Beale
 
One Sass File, So Many Sites
One Sass File, So Many SitesOne Sass File, So Many Sites
One Sass File, So Many SitesMina Markham
 
I, For One, Welcome Our New Perl6 Overlords
I, For One, Welcome Our New Perl6 OverlordsI, For One, Welcome Our New Perl6 Overlords
I, For One, Welcome Our New Perl6 Overlordsheumann
 
Dealing with Legacy Perl Code - Peter Scott
Dealing with Legacy Perl Code - Peter ScottDealing with Legacy Perl Code - Peter Scott
Dealing with Legacy Perl Code - Peter ScottO'Reilly Media
 
Perl on Amazon Elastic MapReduce
Perl on Amazon Elastic MapReducePerl on Amazon Elastic MapReduce
Perl on Amazon Elastic MapReducePedro Figueiredo
 
Introduction to Perl
Introduction to PerlIntroduction to Perl
Introduction to Perlworr1244
 
PHP and Rich Internet Applications
PHP and Rich Internet ApplicationsPHP and Rich Internet Applications
PHP and Rich Internet Applicationselliando dias
 
R57php 1231677414471772-2
R57php 1231677414471772-2R57php 1231677414471772-2
R57php 1231677414471772-2ady36
 
What's New in Perl? v5.10 - v5.16
What's New in Perl? v5.10 - v5.16What's New in Perl? v5.10 - v5.16
What's New in Perl? v5.10 - v5.16Ricardo Signes
 
Simple Ways To Be A Better Programmer (OSCON 2007)
Simple Ways To Be A Better Programmer (OSCON 2007)Simple Ways To Be A Better Programmer (OSCON 2007)
Simple Ways To Be A Better Programmer (OSCON 2007)Michael Schwern
 

Similar to pts_ldap (20)

Lecture19-20
Lecture19-20Lecture19-20
Lecture19-20
 
Lecture19-20
Lecture19-20Lecture19-20
Lecture19-20
 
Good Evils In Perl (Yapc Asia)
Good Evils In Perl (Yapc Asia)Good Evils In Perl (Yapc Asia)
Good Evils In Perl (Yapc Asia)
 
Programming in perl style
Programming in perl styleProgramming in perl style
Programming in perl style
 
PHP and Rich Internet Applications
PHP and Rich Internet ApplicationsPHP and Rich Internet Applications
PHP and Rich Internet Applications
 
The Hidden Power of HTMLBars (or, Scope in Ember.js Templates)
The Hidden Power of HTMLBars (or, Scope in Ember.js Templates)The Hidden Power of HTMLBars (or, Scope in Ember.js Templates)
The Hidden Power of HTMLBars (or, Scope in Ember.js Templates)
 
One Sass File, So Many Sites
One Sass File, So Many SitesOne Sass File, So Many Sites
One Sass File, So Many Sites
 
I, For One, Welcome Our New Perl6 Overlords
I, For One, Welcome Our New Perl6 OverlordsI, For One, Welcome Our New Perl6 Overlords
I, For One, Welcome Our New Perl6 Overlords
 
Dealing with Legacy Perl Code - Peter Scott
Dealing with Legacy Perl Code - Peter ScottDealing with Legacy Perl Code - Peter Scott
Dealing with Legacy Perl Code - Peter Scott
 
Wsomdp
WsomdpWsomdp
Wsomdp
 
My shell
My shellMy shell
My shell
 
Perl on Amazon Elastic MapReduce
Perl on Amazon Elastic MapReducePerl on Amazon Elastic MapReduce
Perl on Amazon Elastic MapReduce
 
Introduction to Perl
Introduction to PerlIntroduction to Perl
Introduction to Perl
 
Perl basics for Pentesters
Perl basics for PentestersPerl basics for Pentesters
Perl basics for Pentesters
 
Introduction to Perl
Introduction to PerlIntroduction to Perl
Introduction to Perl
 
PHP and Rich Internet Applications
PHP and Rich Internet ApplicationsPHP and Rich Internet Applications
PHP and Rich Internet Applications
 
R57php 1231677414471772-2
R57php 1231677414471772-2R57php 1231677414471772-2
R57php 1231677414471772-2
 
What's New in Perl? v5.10 - v5.16
What's New in Perl? v5.10 - v5.16What's New in Perl? v5.10 - v5.16
What's New in Perl? v5.10 - v5.16
 
Php hacku
Php hackuPhp hacku
Php hacku
 
Simple Ways To Be A Better Programmer (OSCON 2007)
Simple Ways To Be A Better Programmer (OSCON 2007)Simple Ways To Be A Better Programmer (OSCON 2007)
Simple Ways To Be A Better Programmer (OSCON 2007)
 

pts_ldap

  • 1. #!/usr/bin/perl -w ############################################################################ ## ## Netezza an IBM Company Copyright 2011 ## ## Name: nz-ldap-tools.pl ## ## Author: Adam Currier ## ## Description: ## ------------ ## This script is used for NPS LDAP diagnostics ## It is not written well - only to work. Putting checks into subroutines ## and splitting into modules should be done in the future ;) ## ############################################################################ system $^O eq 'MSWin32' ? 'cls' : 'clear'; $? = 1; # print out buffered text my $REV = "1.0b"; # script revision use Term::ANSIColor; use Cwd; # include list use lib "../install_modules"; use get_system; use print_color; # directories my $DIR = getcwd; # global my $SPACER = 55; # # add time base to file name # my $time = `date`; my ($dummy, $mon, $day, $year); ($dummy, $mon, $day, $time, $dummy, $year) = split(/s+/, $time); my $FINAL_RESULTS_FILE = "../pts_logs/ldap_check_".$mon."_".$day."_".$time."_". $year.".txt"; # # Check user for root # my $user = `whoami`; if ($user !~ /^root$/) { $print = "Check user is root "; print("You must be root to run this script!n"); exit; } else { # print banner my $print = "-------------------------BASE CHECK"; my $line = ("-" x (($SPACER + 6) - length($print))); $print = $print.$line."n"; print_color::color_change_yellow($print, $FINAL_RESULTS_FILE); $print = "Check user is root "; print_color::printout($print, $FINAL_RESULTS_FILE);
  • 2. print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE) } $nz_file="/nz/lost+found"; if (-e $nz_file) { $print = "Check for active host "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); }else { $print = "Check for active host "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); $print = "-" x ($SPACER + 6); print_color::color_change_yellow("$printn", $FINAL_RESULTS_FILE); print("You must run this from the active host!nnn"); exit; } $print = "Check NPS is Online"; print_color::printout($print, $FINAL_RESULTS_FILE); # check to see if online or not my $state = `su - nz -c "nzstate" 2>&1`; if ($state =~ /Online/i || $state =~ /paused/i) { print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); } # check if we have FTP access: my $ftp = '1'; if ($ftp ne '') { $print = "Check FTP access "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check FTP access "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } $print = "Check LDAP tools installed";
  • 3. print_color::printout($print, $FINAL_RESULTS_FILE); # check to see if openldap-clients installed or not my $ldap_tools = `rpm -qa | grep openldap-clients`; if ($ldap_tools ne '') { print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); } #check if we have strace installed: my $ftp = `rpm -qa | grep -i strace`; if ($ftp ne '') { $print = "Check STRACE installed "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check STRACE installed "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); } # remove the file system("rm -rf $FINAL_RESULTS_FILE"); # global for failed my $FAIL = 0; # begin main(); # # Function: put the base functionality checks here # sub main { # print banner my $print = "-----------------------SYSTEM CHECK"; my $line = ("-" x (($SPACER + 6) - length($print))); $print = $print.$line."n"; print_color::color_change_yellow($print, $FINAL_RESULTS_FILE); # check /nz/data/pg_hba.conf file for value lowercase my $pghba = `egrep -v '^(#|$)' /nz/data/pg_hba.conf 2>/dev/null | grep lowercase`; if ($pghba eq '') { $print = "Check pg_hba.conf "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER);
  • 4. print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check pg_hba.conf "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } # check /nz/data/config/ldap.conf' ownership and permissions: my $permission = `ls -al /nz/data/config/ldap.conf 2>/dev/null | egrep '^(-rw).*nz.*nz'`; if ($permission ne '') { $print = "Check ownership and permissions "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check ownership and permissions"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } # check that the libssl.so.4 symlink points to libssl.so.0.9.7a like it's supposed to my $libssl4 = `ls -l /lib/libssl.so.4 | grep "libssl.so.6"`; if ($libssl4 ne '') { $print = "Check libssl.so.4 "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check libssl.so.4"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } # check that the libssl.so.6 symlink points to libssl.so.0.9.8e like it's supposed to my $libssl6 = `ls -l /lib/libssl.so.6 | grep "libssl.so.0.9.8e"`; if ($libssl6 ne '') { $print = "Check libssl.so.6"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check libssl.so.6"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } # check that the libcrypto.so.4 symlink points to libcrypto.so.0.9.7a like it's supposed to my $libcrypto4 = `ls -l /lib/libcrypto.so.4 | grep "libcrypto.so.6"`; if ($libcrypto4 ne '') {
  • 5. $print = "Check libcrypto.so.4 "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check libcrypto.so.4"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } # check that the libcrypto.so.6 symlink points to libcrypto.so.0.9.8e like it's supposed to my $libcrypto6 = `ls -l /lib/libcrypto.so.6 | grep "libcrypto.so.0.9.8e"`; if ($libcrypto6 ne '') { $print = "Check libcrypto.so.6"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check libcrypto.so.6"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } network_check(); nps_check(); final_out_file(1); # give a total status $FAIL = final_status(); exit($FAIL); } # # Function: put all network checks here # sub network_check { # print banner my $print = "----------------------NETWORK CHECK"; my $line = ("-" x (($SPACER + 6) - length($print))); $print = $print.$line."n"; print_color::color_change_yellow($print, $FINAL_RESULTS_FILE); # Check ping to ldap host # Need to programmatically get the host name my $host = `egrep '^host' /etc/ldap.conf | awk '{ print $2 }'`; $host =~ s/^s+//; $host =~ s/s+$//; # add some exception handling here if ($host eq '') { $host = "fail.localhost.com"; }
  • 6. #debug #rint "ping -c 1 $host | grep '1 received'`"; if (`ping -c 1 $host | grep '1 received'` ) { $print = "Check ping to LDAP server"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check ping to LDAP server "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } #debug #print "nc -z $host 389 |grep succeeded`"; if ($host eq "fail.localhost.com") { $print = "Check port 389 accessible "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); $print = "Check port 636 accessible "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } else { my $port1 = `nc -z $host 389 |grep succeeded`; if ($port1 ne '') { $print = "Check port 389 accessible "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check port 389 accessible "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } my $port2 = `nc -z $host 636 | grep succeeded`; if ($port2 ne '') { $print = "Check port 636 accessible "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check port 636 accessible "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } } } # # Function: NPS checks go here # sub nps_check { # print banner my $print = "------------------------NPS CHECK";
  • 7. my $line = ("-" x (($SPACER + 6) - length($print))); $print = $print.$line."n"; print_color::color_change_yellow($print, $FINAL_RESULTS_FILE); # Check that NZSQL authentication is set to LDAP my $ldap = `su - nz -c "nzsql -admin -c 'show authentication'" &> /tmp/1`; my $ldap2 = `grep ldap /tmp/1`; if ($ldap2 ne '') { $print = "Check SET AUTHENTICATION"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check SET AUTHENTICATION"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } # Check if we have some users who are authenticated locally (mixed mode) my $mixed = `su - nz -c "nzsql -admin -c 'select count(*) from _t_user where useauth = 1'" &> /tmp/2`; my $mixed2 = `grep 0 /tmp/2`; if ($mixed2 eq '') { $print = "Check Mixed Mode"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check Mixed Mode"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); } } # # Function: this will print out all the files to the log # sub final_status { my $number_of_fail = 1; my $number_of_warn = 1; # print out banner my $print = "---------------------LDAP.CONF CHECK"; my $line = ("-" x (($SPACER + 6) - length($print))); $print = $print.$line."n"; print_color::color_change_yellow($print, $FINAL_RESULTS_FILE); # $print = "Failing message "; # print_color::printout($print, $FINAL_RESULTS_FILE); # print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); # print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); # # $print = "Warning message "; # print_color::printout($print, $FINAL_RESULTS_FILE);
  • 8. # print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); # print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); # # $print = "Passing message "; # print_color::printout($print, $FINAL_RESULTS_FILE); # print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); # print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); # Check that ldap.conf doesn't have a line that begins with uri. # if it does, warn - it may be legitiamte or it may point to 127.0.0.1 (jira bug# ) my $uri = `egrep '^(uri)' /etc/ldap.conf`; if ($uri eq '') { $print = "Test URI line "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Test URI line "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } # check that search attribute is sAMAccountName (Most often used for Active Directory - otherwise WARN my $pla = `egrep '^pam_login_attribute' /etc/ldap.conf | awk '{ print $2 }'`; $pla =~ s/^s+//; $pla =~ s/s+$//; #print "$pla n"; if ($pla eq 'sAMAccountName') { $print = "Check search attribute "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check search attribute"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); } # check that the bind user isn't blank my $binddn1 = `egrep '^binddn' /etc/ldap.conf | awk '{ print $2 }'`; $binddn1 =~ s/^s+//; $binddn1 =~ s/s+$//; if ($binddn1 ne '') { $print = "Check bind user"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check bind user"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); }
  • 9. # check that the bind password isn't blank my $bindpw1 = `egrep '^bindpw' /etc/ldap.conf | awk '{ print $2 }'`; $bindpw1 =~ s/^s+//; $bindpw1 =~ s/s+$//; if ($bindpw1 ne '') { $print = "Check bind password"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check bind password"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); } # check that the libcrypto.so.4 symlink points to libcrypto.so.0.9.7a like it's supposed to my $libcrypto4 = `ls -l /lib/libcrypto.so.4 | grep "libcrypto.so.0.9.7a"`; if ($libcrypto4 ne '') { $print = "Check libcrypto.so.4 "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check libcrypto.so.4"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } # check that the libcrypto.so.6 symlink points to libcrypto.so.0.9.8e like it's supposed to my $libcrypto6 = `ls -l /lib/libcrypto.so.6 | grep "libcrypto.so.0.9.8e"`; if ($libcrypto6 ne '') { $print = "Check libcrypto.so.6"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } else { $print = "Check libcrypto.so.6"; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } # print out banner my $print = "--------------------LDAPSEARCH CHECK"; my $line = ("-" x (($SPACER + 6) - length($print))); $print = $print.$line."n"; print_color::color_change_yellow($print, $FINAL_RESULTS_FILE); # Perform some ldapsearch tests: my $host2 = `egrep '^host' /etc/ldap.conf | awk '{ print $2 }'`; $host2 =~ s/^s+//; $host2 =~ s/s+$//; #print "$host2 n";
  • 10. my $binddn = `egrep '^binddn' /etc/ldap.conf | awk '{ print $2 }'`; $binddn =~ s/^s+//; $binddn =~ s/s+$//; #print "$binddn n"; my $bindpw = `egrep '^bindpw' /etc/ldap.conf | awk '{ print $2 }'`; $bindpw =~ s/^s+//; $bindpw =~ s/s+$//; #print "$bindpw n"; my $base = `egrep '^base' /etc/ldap.conf | awk '{ print $2 }'`; $base =~ s/^s+//; $base =~ s/s+$//; #print "$base n"; # if host is not real then skip these tests and fail: # add some exception handling here if ($host2 eq '') { $host2 = "fail.localhost.com"; } if ($host2 eq "fail.localhost.com") { $print = "Perform test ldapsearch "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); $print = "Perform test ssl ldapsearch "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } else { my $ldaptest = `ldapsearch -x -D "$binddn" -b "$base" -H ldap://$host2 -w $bindpw 2>/dev/null | wc -l`; #print "$ldaptest n"; if ($ldaptest > 25) { $print = "Perform test ldapsearch "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE); } elsif ($ldaptest > 1) { $print = "Perform test ldapsearch "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); } else { $print = "Perform test ldapsearch "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } my $ldaptest2 = `ldapsearch -x -D "$binddn" -b "$base" -H ldaps://$host2 -w $bindpw 2>/dev/null | wc -l`; #print "$ldaptest n"; if ($ldaptest2 > 25) { $print = "Perform test ssl ldapsearch "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_green("[PASS]n", $FINAL_RESULTS_FILE);
  • 11. } elsif ($ldaptest2 > 1) { $print = "Perform test ssl ldapsearch "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_yellow("[WARN]n", $FINAL_RESULTS_FILE); } else { $print = "Perform test ssl ldapsearch "; print_color::printout($print, $FINAL_RESULTS_FILE); print_color::print_space($print, $FINAL_RESULTS_FILE, $SPACER); print_color::color_change_red("[FAIL]n", $FINAL_RESULTS_FILE); } } # print footer $print = "-" x ($SPACER + 6); print_color::color_change_yellow("$printn", $FINAL_RESULTS_FILE); $print = "Log file - $FINAL_RESULTS_FILE"; print_color::color_change_green("$printn", $FINAL_RESULTS_FILE); $print = "-" x ($SPACER + 6); print_color::color_change_yellow("$printn", $FINAL_RESULTS_FILE); } # # Function: this will print out all the files to the log # sub final_out_file { my $when = $_[0]; if ($when == 1) { # get all the files for (my $sys_idx = 0; $sys_idx < @TESTS_NO_BOOTPSRV; $sys_idx++) { system("cat $TESTS_NO_BOOTPSRV[$sys_idx][$TEST_CMD].txt >> $FINAL_RESULTS_FILE"); open DATA, ">>$FINAL_RESULTS_FILE"; print DATA "n"; close DATA; } } else { for (my $sys_idx = 0; $sys_idx < @TESTS_BOOTPSRV; $sys_idx++) { system("cat $TESTS_BOOTPSRV[$sys_idx][$TEST_CMD].txt >> $FINAL_RESULTS_FILE"); open DATA, ">>$FINAL_RESULTS_FILE"; print DATA "n"; close DATA; } } }