From 65f52ead41dc6df73671ddd3a8c6a2edecb6dfb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Fri, 21 Jul 2017 14:58:13 +0200 Subject: Initial base files ... more to come --- utils/echo | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ utils/identify | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ utils/syscheck | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 157 insertions(+) create mode 100644 utils/echo create mode 100644 utils/identify create mode 100644 utils/syscheck (limited to 'utils') diff --git a/utils/echo b/utils/echo new file mode 100644 index 0000000..c936f63 --- /dev/null +++ b/utils/echo @@ -0,0 +1,54 @@ +# vim:ft=sh:noexpandtab +# Various echo functions + +ECHO_VERBOSE=0 + +echo_info() { + set +x + [ $ECHO_VERBOSE -ge 0 ] || return + echo -e "\e[1;34m$@\e[0m" >&2 + [ $ECHO_VERBOSE -lt 3 ] || set -x +} + +echo_warn() { + set +x + [ $ECHO_VERBOSE -ge -1 ] || return + echo -e "\e[1;33m$@\e[0m" >&2 + [ $ECHO_VERBOSE -lt 3 ] || set -x +} + +echo_error() { + set +x + [ $ECHO_VERBOSE -ge -2 ] || return + echo -e "\e[1;31m$@\e[0m" >&2 + [ $ECHO_VERBOSE -lt 3 ] || set -x +} + +echo_die() { + set +x + if [ $ECHO_VERBOSE -ge -2 ]; then + echo -e "\e[1;31m$@\e[0m" >&2 + fi + [ $ECHO_VERBOSE -lt 3 ] || set -x + # Suicide + kill $$ +} + +echo_dbg() { + set +x + [ $ECHO_VERBOSE -ge 1 ] || return + echo -e "\e[1;90m$@\e[0m" >&2 + [ $ECHO_VERBOSE -lt 3 ] || set -x +} + +echo_trace() { + set +x + [ $ECHO_VERBOSE -ge 2 ] || return + echo -e "\e[1;90m$@\e[0m" >&2 + [ $ECHO_VERBOSE -lt 3 ] || set -x +} + +echo_verbose() { + ECHO_VERBOSE=$(expr $ECHO_VERBOSE $1 $2) + [ $ECHO_VERBOSE -ge 3 ] && set -x || set +x +} diff --git a/utils/identify b/utils/identify new file mode 100644 index 0000000..2223d8f --- /dev/null +++ b/utils/identify @@ -0,0 +1,55 @@ +# vim:ft=sh:noexpandtab +# Identify and set some variables that can be used later by operations + +# Variables: +# DC_OS - Operation system kernel name (uname -s) +# DC_OS_VERSION - Version of kernel used (uname -r) +# DC_ARCH - Machine architecture (uname -m) +# DC_DISTRIBUTION - Distribution of operation system +# DC_INIT - Init system used (service manager) +# On Archlinux: +# DC_PACAUR - This is set to "true" if pacaur is installed on archlinux + +DC_OS="$(uname -s)" +DC_OS_VERSION="$(uname -r)" +DC_ARCH="$(uname -m)" + +if [ "$DC_OS" = "Linux" ]; then + if [ -f /etc/arch-release ]; then + DC_DISTRIBUTION="arch" + elif [ -f /etc/turris-version ]; then + DC_DISTRIBUTION="turris" + elif [ -f /etc/os-release ]; then + # Use as DISTRIBUTION ID field + DC_DISTRIBUTION="$(sed -nE 's/^ID=(.*)/\1/p' /etc/os-release)" + else + DC_DISTRIBUTION="unknown" + fi + # Identify init (only systemd and openrc are supported on linux) + if pidof systemd >/dev/null; then + # Systemd is running on accessed machine + DC_INIT="systemd" + elif pidof procd >/dev/null; then + DC_INIT="procd" + elif rc-status -v 2>/dev/null >/dev/null; then + DC_INIT="openrc" + else + DC_INIT="unknown" + fi + echo_dbg "Detected Linux. Distribution $DC_DISTRIBUTION. With $DC_INIT init system." +elif [ "$DC_OS" = "FreeBSD" ]; then + DC_DISTRIBUTION="FreeBSD" # This makes no sense on FreeBSD so set same as OS + DC_INIT="FreeBSD" + echo_dbg "Detected FreeBSD." +else + echo_die "Unknown or unsupported kernel detected on accessed machine." +fi + +# Archlinux +DC_PACAUR=false +if [ "$DC_DISTRIBUTION" = "arch" ]; then + if which pacaur >/dev/null; then + DC_PACAUR=true + echo_dbg "Accessed machine has pacaur" + fi +fi diff --git a/utils/syscheck b/utils/syscheck new file mode 100644 index 0000000..a0c29a0 --- /dev/null +++ b/utils/syscheck @@ -0,0 +1,48 @@ +# vim:ft=sh:noexpandtab +# System sanity checks + +# Check that we are root (this tool can be run only as root) +# TODO uncomment +# [ "$(id -u)" = "0" ] || echo_die "Distconfig have to be run as root." + +# We have sudo or su +which sudo >/dev/null || which su >/dev/null || echo_die "There is no sudo or su command." + +# Check that we are not using csh or tcsh +# Note: variable shell should be defined only on csh or tcsh (note lowercase) +[ -z "$shell" ] || echo_die "Distconfig doesn't support csh nor tcsh." + +# Check that we have gpg +which gpg >/dev/null || echo_die "There is no gpg command." + +# Check that trunk is signed using correct key +# TODO + +# Check root owner (should be root) +# TODO uncomment +#[ "$(stat -c '%u')" = 0 ] || echo_die "Root directory of distconfig isn't owned by root! Investigate why!" + +# Check access right to root (only root should have access) +# TODO uncomment +#[ "$(stat -c '%a')" = "700" ] || echo_die "Root directory of distconfig has incorect access rights. 700 expected!" + +# Check that we have openssl +which openssl >/dev/null || echo_die "There is no openssl command." + +# Check that we can decrypt using openssl and aes-192-cbc +OPENSSL_TEST_PASSWORD="XduF2T_opDknbzN0EyJJCBFyS1i6yaBU5Beb6IZkFVHWZGWOIZCF1Cc0zrupjEaV" +[ "$(openssl aes-192-cbc -d -a -k "$OPENSSL_TEST_PASSWORD" < files/openssl_test_file)" = "It works!" ] || \ + echo_die "Test message couldn't been decrypted." + +# Check that we have key file +[ -n "$KEY_FILE" ] || echo_die "No key specified. Please pass --key." + +# Check that given key works with our machinery +# TODO + +# Check that we have internet connection +DC_INTERNET=true +if ! ping -c 5 -w 30 cynerd.cz >/dev/null; then + echo_warn "No internet connection detected. All operations requiring internet connection will be skipped" + DC_INTERNET=false +fi -- cgit v1.2.3