cmd/aset/aset.sh

	aset.sh revision 7c478bd95313f5f23a4c958a745db2134aa03244
#!/bin/sh
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 1990, 1991 Sun Microsystems, Inc.  All Rights Reserved.
#
#
#ident	"%Z%%M%	%I%	%E% SMI"

# This is the startup script to invoke all ASET utilities.
# option:
#	-n user@host	notify user at machine host: send output
#			to that user thru e-mail. If this option is
#			not specified, the output is sent to stdout.
#	-d aset_dir	working directory for ASET
#	-l sec_level	security level = low/med/high
#	-u user_file	specify file of users to check environment
#	-p		periodic schedule

# clean up upon exit
clean_up()
{
	if [ "$nflag" = "true" -a "$user" != "" ]
	then
		# find a mail program
		if [ -x /usr/ucb/mail ]
		then
			/usr/ucb/mail -s "ASET Execution Log" $user < $log
		elif [ -x /bin/mail ]
		then
			/bin/mail $user < $log
		else
			echo
			echo "ASET failed: no mail program found." \
			> /dev/console
			exit 3
		fi
	else
		$CAT $log > /dev/tty 2>&1
	fi
	$RM $log
}

print_usage()
{
	echo
	echo "ASET failed."
	echo "Usage: aset [-n user[@host]]"
	echo "            [-d aset_dir]"
	echo "            [-l sec_level]"
	echo "            [-u user_file]"
	echo "            [-p]"
}

get_prev_level()
# Get security level of previous ASET execution.
# Get_prev_level sets PREV_ASETSECLEVEL and exports it.
# If it fails to get a valid previous level, it sets the variable to "null".
{
	arch=${ASETDIR}/archives/asetseclevel.arch
	if [ ! -s $arch ]
	then
		PREV_ASETSECLEVEL=null
	else
		PREV_ASETSECLEVEL=`/usr/ucb/tail -1 $arch`
		case $PREV_ASETSECLEVEL in
		low | med | high)
	        	;;
		*)
			PREV_ASETSECLEVEL=null;;
		esac
	fi
	export PREV_ASETSECLEVEL
}

downgrading()
# downgrading - decide whether we are downgrading security level.
# return:   0 - yes, downgrading
#           1 - no, not downgrading
#           2 - can't decide
{
	if [ "$PREV_ASETSECLEVEL" = "" -o "$ASETSECLEVEL" = "" ]
	then
		echo
		echo "Cannot decide current and previous security levels."
   		return 2
	fi

	case $PREV_ASETSECLEVEL in
	high)
   		if [ "$ASETSECLEVEL" != "high" ]
   		then
			return 0
		fi;;
	med)
		if [ "$ASETSECLEVEL" = "low" -o "$ASETSECLEVEL" = "null" ]
   		then
      			return 0
   		fi;;
	low)
		if [ "$ASETSECLEVEL" = "null" ]
   		then
      			return 0
   		fi;;
	*)
		return 1;;
	esac
	return 1
}


#------------------------------------------------------------ initialization
banner='                ======= ASET Execution Log ======= '
usageerr=false
nflag=false
lflag=false
dflag=false
myname=aset
log=/tmp/asetlog

#--------------------------------------------------------- process arguments
if [ $# -gt 0 ]
then
	while getopts n:pd:l:u: c
	do
		case $c in
		n)	nflag=true;
			case $OPTARG in
			"" | -*)
				user=""
				usageerr=true;
				break;;
			*) 	user=$OPTARG;;
			esac
			newargs="$newargs -n $OPTARG";;
		p)	pflag=true;;
		d)	dflag=true;
			case $OPTARG in
			"" | -*)
				usageerr=true;
				break;;
			*)	ASETDIR=$OPTARG;;
			esac;;
		l)	lflag=true;
			case $OPTARG in
			"" | -*)
				usageerr=true;
				break;;
			*)	ASETSECLEVEL=$OPTARG;;
			esac
			newargs="$newargs -l $OPTARG";;
		u)	uflag=true;
			case $OPTARG in
			"" | -*)
				usageerr=true;
				break;;
			*)	CHECK_USERS=$OPTARG;;
			esac
			newargs="$newargs -u $OPTARG";;
		\?)	usageerr=true;
			break;;
		esac
	done
fi

#----------------------------------------------------------- check arguments
if [ "$usageerr" = "true" ]
then
	print_usage
	exit 1
fi

# redirect stdout to logfile
exec > $log 2>&1
trap clean_up 0

# print banner
echo $banner

# the -d option has the highest priority
if [ "$dflag" = "false" ]
then
	# then check the environment
	if [ "$ASETDIR" = "" ]
	then
		# otherwise set to the default value
		ASETDIR=/usr/aset
	fi
fi

if [ ! -d $ASETDIR ]
then
	echo
	echo "ASET startup unsuccessful:"
	echo "Working directory $ASETDIR missing"
	exit 2
fi

# expand the working directory to the full path
ASETDIR=`$ASETDIR/util/realpath $ASETDIR`
if [ "$ASETDIR" = "" ]
then
	echo
	echo "ASET startup unsuccessful:"
	echo "Cannot expand $ASETDIR to full pathname."
	exit 2
fi
export ASETDIR

# check the -u argument
if [ "$uflag" = "true" ]
then
	if [ ! -r $CHECK_USERS ]
	then
		echo
		echo "ASET startup unsuccessful:"
		echo "File $CHECK_USERS doesn't exist or is not readable."
		exit 2
	else
		export CHECK_USERS
	fi
fi

# the -l option has the highest priority
if [ "$lflag" = "false" ]
then
	# then test the environment
	if [ "$ASETSECLEVEL" = "" ]
	then
		# otherwise set the default value
		ASETSECLEVEL=low
	fi

fi
export ASETSECLEVEL

# get user id
UID=`id | sed -n 's/uid=\([0-9]*\).*/\1/p'`
export UID

# check the environment file
envfile=$ASETDIR/asetenv
if [ ! -f $envfile ]
then
	echo
	echo "ASET startup unsuccessful:"
	echo "Environment file asetenv not found in $ASETDIR"
	exit 2
fi

# invoke the environment script
. $ASETDIR/asetenv

# check -p option argument from asetenv
if [ "$pflag" = "true" ]
then
	if [ "$PERIODIC_SCHEDULE" = "" ]
	then
		echo
		echo "ASET startup unsuccessful:"
		echo "Schecule undefined for periodic invocation."
		echo "No tasks executed or scheduled. Check asetenv file."
		exit 2
	fi
fi

# report security level, time and working directory
echo
echo "ASET running at security level $ASETSECLEVEL"
echo
echo "Machine = `uname -n`; Current time = $TIMESTAMP"
echo
echo "$myname: Using $ASETDIR as working directory"

#--------------------------------------------------------- execute the tasks
if [ "$pflag" = "true" ]
then
# if -p option then just schedule cron for periodic invocation

	tmpcrontab=${ASETDIR}/tmp/tmpcrontab.$$
	$CRONTAB -l > $tmpcrontab
	if $GREP -s "aset" $tmpcrontab
	then
		echo
		echo "Warning! Duplicate ASET execution scheduled."
		echo "         Check crontab file."
	fi

	echo "$PERIODIC_SCHEDULE ${ASETDIR}/aset $newargs -d ${ASETDIR}"  \
		>> $tmpcrontab
	$CRONTAB $tmpcrontab
	echo
	echo "ASET execution scheduled through cron."

	$RM -f $tmpcrontab
	$CAT $log > $REPORT/execution.log
else
# start tasks in the list

	# get the security level set at last execution.
	get_prev_level
	if downgrading
	then
		DOWNGRADE=true
		echo
		echo "Downgrading security level: "
		echo "Previous level = $PREV_ASETSECLEVEL; \c"
		echo "Current level = $ASETSECLEVEL"
	else
		DOWNGRADE=false
	fi
	export DOWNGRADE

	if [ "$TASKS" = "" ]
	then
	   echo
	   echo "Tasklist undefined. No task performed."
	   exit
	fi

	echo
	echo "Executing task list ..."

	for task in $TASKS
	do
	   echo "	$task"
	done

	for task in $TASKS
	do
	   (/bin/sh ${ASETDIR}/tasks/${task} \
		> ${REPORT}/${task}.rpt 2>&1; \
		echo "Task $task is done." >> ${REPORT}/taskstatus)
	done &

	echo
	echo "All tasks executed. Some background tasks may still be running."
	echo
	echo "Run ${ASETDIR}/util/taskstat to check their status:"
	echo "     ${ASETDIR}/util/taskstat     [aset_dir]"
	echo
	echo "where aset_dir is ASET's operating directory,\c"
	echo "currently=${ASETDIR}."
	echo
	echo "When the tasks complete, the reports can be found in:"
	echo "     ${ASETDIR}/reports/latest/*.rpt"
	echo "You can view them by:"
	echo "     more ${ASETDIR}/reports/latest/*.rpt"

	# update security level
	echo "$ASETSECLEVEL" >> ${ASETDIR}/archives/asetseclevel.arch

	# leave a copy of execution log
	$CAT $log > $REPORT/execution.log
fi

# Done
exit 0