aset.sh revision 7c478bd95313f5f23a4c958a745db2134aa03244
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License"). You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 1990, 1991 Sun Microsystems, Inc. All Rights Reserved.
#
#
#ident "%Z%%M% %I% %E% SMI"
# This is the startup script to invoke all ASET utilities.
# option:
# -n user@host notify user at machine host: send output
# to that user thru e-mail. If this option is
# not specified, the output is sent to stdout.
# -d aset_dir working directory for ASET
# -u user_file specify file of users to check environment
# -p periodic schedule
# clean up upon exit
clean_up()
{
then
# find a mail program
then
then
else
echo
echo "ASET failed: no mail program found." \
exit 3
fi
else
fi
}
{
echo
echo "ASET failed."
echo "Usage: aset [-n user[@host]]"
echo " [-d aset_dir]"
echo " [-l sec_level]"
echo " [-u user_file]"
echo " [-p]"
}
# Get security level of previous ASET execution.
# Get_prev_level sets PREV_ASETSECLEVEL and exports it.
# If it fails to get a valid previous level, it sets the variable to "null".
{
if [ ! -s $arch ]
then
else
PREV_ASETSECLEVEL=`/usr/ucb/tail -1 $arch`
case $PREV_ASETSECLEVEL in
;;
*)
esac
fi
export PREV_ASETSECLEVEL
}
# downgrading - decide whether we are downgrading security level.
# return: 0 - yes, downgrading
# 1 - no, not downgrading
# 2 - can't decide
{
then
echo
echo "Cannot decide current and previous security levels."
return 2
fi
case $PREV_ASETSECLEVEL in
high)
then
return 0
fi;;
med)
then
return 0
fi;;
low)
then
return 0
fi;;
*)
return 1;;
esac
return 1
}
#------------------------------------------------------------ initialization
banner=' ======= ASET Execution Log ======= '
usageerr=false
nflag=false
lflag=false
dflag=false
#--------------------------------------------------------- process arguments
if [ $# -gt 0 ]
then
while getopts n:pd:l:u: c
do
case $c in
n) nflag=true;
"" | -*)
user=""
usageerr=true;
break;;
esac
p) pflag=true;;
d) dflag=true;
"" | -*)
usageerr=true;
break;;
esac;;
l) lflag=true;
"" | -*)
usageerr=true;
break;;
*) ASETSECLEVEL=$OPTARG;;
esac
u) uflag=true;
"" | -*)
usageerr=true;
break;;
*) CHECK_USERS=$OPTARG;;
esac
\?) usageerr=true;
break;;
esac
done
fi
#----------------------------------------------------------- check arguments
if [ "$usageerr" = "true" ]
then
exit 1
fi
# redirect stdout to logfile
trap clean_up 0
# print banner
echo $banner
# the -d option has the highest priority
if [ "$dflag" = "false" ]
then
# then check the environment
if [ "$ASETDIR" = "" ]
then
# otherwise set to the default value
fi
fi
if [ ! -d $ASETDIR ]
then
echo
echo "ASET startup unsuccessful:"
echo "Working directory $ASETDIR missing"
exit 2
fi
# expand the working directory to the full path
if [ "$ASETDIR" = "" ]
then
echo
echo "ASET startup unsuccessful:"
echo "Cannot expand $ASETDIR to full pathname."
exit 2
fi
export ASETDIR
# check the -u argument
if [ "$uflag" = "true" ]
then
if [ ! -r $CHECK_USERS ]
then
echo
echo "ASET startup unsuccessful:"
echo "File $CHECK_USERS doesn't exist or is not readable."
exit 2
else
export CHECK_USERS
fi
fi
# the -l option has the highest priority
if [ "$lflag" = "false" ]
then
# then test the environment
if [ "$ASETSECLEVEL" = "" ]
then
# otherwise set the default value
fi
fi
export ASETSECLEVEL
# get user id
export UID
# check the environment file
if [ ! -f $envfile ]
then
echo
echo "ASET startup unsuccessful:"
echo "Environment file asetenv not found in $ASETDIR"
exit 2
fi
# invoke the environment script
# check -p option argument from asetenv
if [ "$pflag" = "true" ]
then
if [ "$PERIODIC_SCHEDULE" = "" ]
then
echo
echo "ASET startup unsuccessful:"
echo "Schecule undefined for periodic invocation."
echo "No tasks executed or scheduled. Check asetenv file."
exit 2
fi
fi
# report security level, time and working directory
echo
echo "ASET running at security level $ASETSECLEVEL"
echo
echo
#--------------------------------------------------------- execute the tasks
if [ "$pflag" = "true" ]
then
# if -p option then just schedule cron for periodic invocation
$CRONTAB -l > $tmpcrontab
then
echo
echo "Warning! Duplicate ASET execution scheduled."
echo " Check crontab file."
fi
echo "$PERIODIC_SCHEDULE ${ASETDIR}/aset $newargs -d ${ASETDIR}" \
>> $tmpcrontab
echo
echo "ASET execution scheduled through cron."
$RM -f $tmpcrontab
else
# start tasks in the list
# get the security level set at last execution.
if downgrading
then
DOWNGRADE=true
echo
echo "Downgrading security level: "
echo "Previous level = $PREV_ASETSECLEVEL; \c"
echo "Current level = $ASETSECLEVEL"
else
DOWNGRADE=false
fi
export DOWNGRADE
if [ "$TASKS" = "" ]
then
echo
echo "Tasklist undefined. No task performed."
exit
fi
echo
echo "Executing task list ..."
do
echo " $task"
done
do
done &
echo
echo "All tasks executed. Some background tasks may still be running."
echo
echo
echo "where aset_dir is ASET's operating directory,\c"
echo "currently=${ASETDIR}."
echo
echo "When the tasks complete, the reports can be found in:"
echo "You can view them by:"
# update security level
# leave a copy of execution log
fi
# Done
exit 0