ftp.ac-grenoble.fr

home *** CD-ROM | disk | FTP | other *** search

/ ftp.ac-grenoble.fr / 2015.02.ftp.ac-grenoble.fr.tar / ftp.ac-grenoble.fr / pub / slis / updates_rsync / slis_update-2.1 < prev next >

Wrap

Text File | 2004-06-22 | 82KB | 2,883 lines

#!/bin/bash # slis_update-2.1 # Updates for SLIS 2.1 ### VARIABLES ### UPDDIR=/home/hadmin/updates LOGTAG="slis_update[$$]" grep HOSTNAME /etc/sysconfig/network > /tmp/hostname . /tmp/hostname rm -rf /tmp/hostname WEBMASTER=`ls -ld /home/httpd/html |awk '{print $3}'` . /home/hadmin/slis.conf ################## # Locking if [ -e /var/lock/slis_upd ] then logger -t "$LOGTAG" "Lock found. Update already started." exit fi touch /var/lock/slis_upd sleep 1 logger -t "$LOGTAG" "Script Version 2.1 started." ############################################################################ ### Update 2.1-1 - 13/09/2001 # New script vnc_portfw # - Bug correction: the firewall was misconfigured when a port redir was done # - Enhancements for Vtun option: both the ip of the tunnel and the real # interface are configured for the redir # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.1-1 $ ] then # Telechargement du tar cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.1-1.tgz . cd / tar zxf /tmp/upd-2.1-1.tgz RC=$? # Verification et fin de la MAJ if [ $RC = 0 ] then touch $UPDDIR/2.1-1 logger -t "$LOGTAG" "Update 2.1-1 Done." else logger -t "$LOGTAG" "Update 2.1-1 FAILED." fi fi ### ############################################################################ ### Update SQUID RESTART - 19/09/2001 # Squid needs to be restarted, I don't know why for the moment # Obsoletes : ############################################################################ if [ "`/bin/ps awux |grep squid|grep -v grep`" = "" ] then /etc/rc.d/init.d/runcache restart logger -t "$LOGTAG" "SQUID WAS DOWN. RESTARTED." fi ### ############################################################################ ### Update 2.1-3 - 18/09/2001 # Places a warning in place of the password changing gateway # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.1-3 $ ] then # Telechargement du tar cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.1-3.tgz . cd / tar zxf /tmp/upd-2.1-3.tgz RC=$? # Verification et fin de la MAJ if [ $RC = 0 ] then touch $UPDDIR/2.1-3 logger -t "$LOGTAG" "Update 2.1-3 Done." else logger -t "$LOGTAG" "Update 2.1-3 FAILED." fi fi ### ############################################################################ ### Update 2.1-4 - 19/09/2001 # Wget RPM was missing # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.1-4 $ ] then cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/wget-1.5.3-6.i386.rpm . rpm -U ./wget-1.5.3-6.i386.rpm RC=$? # Verification et fin de la MAJ if [ $RC = 0 ] then touch $UPDDIR/2.1-4 logger -t "$LOGTAG" "Update 2.1-4 Done." else logger -t "$LOGTAG" "Update 2.1-4 FAILED." fi fi ### ############################################################################ ### Mise a jour 2.x-40 - 26/09/2001 # Secu updates and bug corrections from RedHat: # - Secu: fetchmail is updated if fetchmail option is activated, removed else # - Bug corrected in tmpwatch package # - Secu: Sendmail local exploit bug corrected # - Secu: Man local exploit corrected (mktemp package also upgraded) # Rend obsolete : ############################################################################ if [ ! $ -e $UPDDIR/2.0-40 $ ] then cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/tmpwatch-2.8-0.6.x.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/sendmail-8.11.6-1.6.x.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/mktemp-1.5-2.1.6x.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/man-1.5i2-0.6x.5.i386.rpm . rpm -U tmpwatch-2.8-0.6.x.i386.rpm rpm -U sendmail-8.11.6-1.6.x.i386.rpm rpm -U mktemp-1.5-2.1.6x.i386.rpm rpm -U man-1.5i2-0.6x.5.i386.rpm RC1=0 . /home/hadmin/setup.data if [ "FETCHMAIL" = "1" ] then rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/fetchmail-5.9.0-0.6.2.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssl-0.9.5a-7.6.x.i386.rpm . rpm -U fetchmail-5.9.0-0.6.2.i386.rpm rpm -U openssl-0.9.5a-7.6.x.i386.rpm rpm -q fetchmail-5.9.0-0.6.2 2>/dev/null >/dev/null RC1=$? else rpm -e fetchmail fi # Verifications et fin de l'install rpm -q tmpwatch-2.8-0.6.x 2>/dev/null >/dev/null RC2=$? rpm -q sendmail-8.11.6-1.6.x 2>/dev/null >/dev/null RC3=$? rpm -q man-1.5i2-0.6x.5 2>/dev/null >/dev/null RC4=$? if [ $RC1 = 0 -a $RC2 = 0 -a $RC3 = 0 -a $RC4 = 0 ] then /etc/rc.d/init.d/sendmail restart touch $UPDDIR/2.0-40 logger -t "$LOGTAG" "UPDATE 2.0-40 effectuee" else logger -t "$LOGTAG" "UPDATE 2.0-40 ECHEC." fi fi ### ############################################################################ ### UPDATE 2.x-41 - 03/10/2001 # - Installation of a new http interface designed for the users (called clientgw) # This interface has only got for the moment a gateway for changing passwords. # It runs on port 2000 under the same uid of hadmin. This update installs # the config files for the new httpd daemon that will be running. # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-41 $ ] then # Download and install cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-41.tgz . cd / tar zxf /tmp/upd-2.x-41.tgz RC=$? # Check and finish if [ $RC = 0 ] then ln -s /usr/lib/apache /etc/hadmin/clientgw/modules echo "# Client gateway" >> /etc/rc.d/rc.local echo "export PHPRC="/etc/hadmin";/usr/sbin/httpd -f /etc/hadmin/clientgw/conf/httpd.conf;export -n PHPRC" >> /etc/rc.d/rc.local echo "/usr/local/sbin/cg-admind&" >> /etc/rc.d/rc.local export PHPRC="/etc/hadmin";/usr/sbin/httpd -f /etc/hadmin/clientgw/conf/httpd.conf;export -n PHPRC /usr/local/sbin/cg-admind& /usr/local/sbin/permslis touch $UPDDIR/2.x-41 logger -t "$LOGTAG" "Update 2.x-41 done." else logger -t "$LOGTAG" "Update 2.x-41 FAILED." fi fi ### ############################################################################ ### Update 2.1-42 - 10/10/2001 # Restore system # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.1-42 $ ] then # Download cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-42.tgz . tar zxf upd-2.x-42.tgz --directory / RC=$? # Creating tmp dir mkdir -p /home/hadmin/tmp chown hadmin.hadmin /home/hadmin/tmp chmod 700 /home/hadmin/tmp # patching php.ini patch /etc/hadmin/php.ini << EOF 208c208 < post_max_size = 8M ; Maximum size of POST data that PHP will accept. --- > post_max_size = 100M ; Maximum size of POST data that PHP will accept. 245c245 < upload_max_filesize = 2M ; Maximum allowed size for uploaded files --- > upload_max_filesize = 100M ; Maximum allowed size for uploaded files EOF killall -HUP httpd # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.1-42 logger -t "$LOGTAG" "Update 2.1-42 Done." else logger -t "$LOGTAG" "Update 2.1-42 FAILED." fi fi ### ############################################################################ ### Update 2.x-43 - 09/11/2001 # Synchro with CVS. Numerous bug fixes and enhancements. # THIS UPDATE IS A BIG ONE! # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-43 $ ] then # Download the update cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-43.tgz . # Kill connslogd and cg-admind as they will be replaced by the update killall connslogd 2>/dev/null killall cg-admind 2>/dev/null # If this SLIS has a dns_autoconf daemon running, kill it and set a flag DNS=`ps awux |grep dns_autoconf |grep -v grep |wc -l` if [ $DNS = 1 ] then killall dns_autoconf fi # Untar the core update file tar zxf upd-2.x-43.tgz --directory / RC=$? # A missing directory (not important) # It's only a place to put some slis files like *.sql mkdir -p /var/lib/slis # Reset the permissions bash /usr/local/sbin/permslis # Restart the previously killed daemons /usr/local/sbin/connslogd& /usr/local/sbin/cg-admind& if [ $DNS = 1 ] then /usr/local/sbin/dns_autoconf& fi # Continue the update only if untaring was successfull if [ $RC = 0 ] then # Usefull denied_url file in squid conf was removed by error on some 2.1 versions # This file may be used to add some URL to deny in a hurry. It mustn't be # empty, so we add some Xs into it. if [ ! -f /usr/local/squid/etc/denied_url ] then echo "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" > /usr/local/squid/etc/denied_url fi # Bug fix for mail header visualization function into hadmin /usr/sbin/usermod -G mail hadmin killall -HUP httpd # Refresh squid config file (2.1 only) if [ "`cat /etc/version_slis_num`" = "2.1" ] then /usr/local/sbin/mksquidconf fi # Errors from accesslog2sql are not important, so we redirect # output to /dev/null R=$RANDOM crontab -l > /tmp/cron.$R ALREADY=`grep "access.log squid >" /tmp/cron.$R` if [ "$ALREADY" = "" ] then sed "s;access.log squid;access.log squid > /dev/null 2>/dev/null;" /tmp/cron.$R > /tmp/cron.new.$R sed "s;access_log apache;access_log apache > /dev/null 2>/dev/null;" /tmp/cron.new.$R > /tmp/cron.$R crontab /tmp/cron.$R fi if [ ! $ -e $UPDDIR/2.x-43a $ ] then # New subnets activation and schedule subsystem # Init of SQL tables and conversion of old schedules /usr/local/sbin/old_schedules_2sql 2>/dev/null >/dev/null # Crontab modifications R=$RANDOM crontab -l > /tmp/cron.$R grep -v routage_net_o /tmp/cron.$R | grep -v Horaires > /tmp/cron.new.$R grep -v "DO NOT EDIT" /tmp/cron.new.$R | grep -v "installed on " | grep -v "Cron version" > /tmp/cron.$R echo "# Subnets schedules" >> /tmp/cron.$R echo "* * * * * /usr/local/sbin/process_subnets.cron" >> /tmp/cron.$R crontab /tmp/cron.$R # Init scripts update grep -v "/usr/local/sbin/process_subnets" /etc/rc.d/rc.local | \ grep -v "cp -u /home/hadmin/cgi-bin/base/subnet" > /tmp/rc.local.$R if [ -s /tmp/rc.local.$R ] then cp -f /etc/rc.d/rc.local /etc/rc.d/rc.local.2.x-43 mv -f /tmp/rc.local.$R /etc/rc.d/rc.local fi chmod 755 /etc/rc.d/rc.local echo "rm -f /var/lock/process_subnets*" >> /etc/rc.d/rc.local fi # Refresh ip filters (new mkfilters script) /usr/local/sbin/mkfilters # Create a new database for a french application (B2i) export PGPASSWORD=`grep PGSQL_PASS /home/httpd/html/config_pgsql.inc.php|cut -d\" -f2` export PGUSER=`grep PGSQL_USER /home/httpd/html/config_pgsql.inc.php|cut -d\" -f2` psql -tqc "create database b2i" # Change the owner of "slis" database (little bug fix) export PGPASSWORD=`grep POSTGRESPASS /home/hadmin/html/config_pgsql.inc.php|cut -d\" -f2` export PGUSER=`grep POSTGRESUSER /home/hadmin/html/config_pgsql.inc.php|cut -d\" -f2` psql -tqc "update pg_database set datdba = (select usesysid from pg_user where usename = 'slis') where datname = 'slis';" template1 # Send a mail to admin MAIL_ADMIN=`awk '{if (NR==3) print}' $BASE/params_admin.txt` if [ "$MAIL_ADMIN" != "" ] then echo " Message envoye automatiquement par votre SLIS. Votre SLIS vient d'etre mis a jour. Le systeme de gestion d'horaires par sous-reseaux a completement change. Un script a converti vos anciens horaires dans le nouveau systeme, mais nous vous invitons a verifier que tout est en ordre dans les fonctions avancees, "acces par sous-reseaux/horaires". " | mail -s "Mise a jour SLIS" $MAIL_ADMIN fi touch $UPDDIR/2.x-43 logger -t "$LOGTAG" "Update 2.x-43 Done." else logger -t "$LOGTAG" "Update 2.x-43 FAILED." fi fi ############################################################################ ### Update 2.x-43b - 04/12/2001 # Big bug fix! # /etc/named.acls was not correctly updated by process_subnets.cron resulting # in some SLIS refusing DNS queries. # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-43b $ ] then # Download the update cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-43b.tgz . # Untaring tar zxf upd-2.x-43b.tgz --directory / RC=$? /usr/local/sbin/permslis # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-43b logger -t "$LOGTAG" "Update 2.x-43b Done." else logger -t "$LOGTAG" "Update 2.x-43b FAILED." fi fi ### ############################################################################ ### Update 2.1-44 - 21/12/2001 # SECURITY PATCHES # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.1-44 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/wu-ftpd-2.6.1-0.6x.21.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/diffutils-2.7-22.6x.i386.rpm . # rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/ucd-snmp-4.2.1-4.6.x.i386.rpm . # rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/ucd-snmp-utils-4.2.1-4.6.x.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/apache-1.3.22-0.6.i386.rpm . # Do the things... rpm -e samba-client 2>/dev/null rpm -e rpm -e ghostscript rhs-printfilters ghostscript-fonts 2>/dev/null rpm -e lpr 2>/dev/null rpm -F diffutils-2.7-22.6x.i386.rpm RC1=$? # rpm -U ucd-snmp-4.2.1-4.6.x.i386.rpm ucd-snmp-utils-4.2.1-4.6.x.i386.rpm # RC2=$? rpm -F wu-ftpd-2.6.1-0.6x.21.i386.rpm RC3=$? rpm -F apache-1.3.22-0.6.i386.rpm RC4=$? # Check and finish if [ $RC1 = 0 -a $RC3 = 0 -a $RC4 = 0 ] then # Httpd restarting /etc/rc.d/init.d/httpd stop killall httpd sleep 5 /etc/rc.d/init.d/httpd start export PHPRC="/etc/hadmin";/usr/sbin/httpd -f /etc/hadmin/conf/httpd.conf;export -n PHPRC export PHPRC=/etc/hadmin;/usr/sbin/httpd -f /etc/hadmin/clientgw/conf/httpd.conf;export -n PHPRC touch $UPDDIR/2.1-44 logger -t "$LOGTAG" "Update 2.1-44 Done." else logger -t "$LOGTAG" "Update 2.1-44 FAILED." fi fi ### ############################################################################ ### Update 2.x-45 - 21/12/2001 # OpenSSH installation # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-45 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssh-3.0.2p1-1.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssh-server-3.0.2p1-1.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssh-clients-3.0.2p1-1.i386.rpm . # Do the things... rpm -U openssh-3.0.2p1-1.i386.rpm openssh-clients-3.0.2p1-1.i386.rpm openssh-server-3.0.2p1-1.i386.rpm 2>/dev/null rpm -q openssh-server >/dev/null RC1=$? # Check and finish if [ $RC1 = 0 ] then /sbin/chkconfig --add sshd /sbin/chkconfig sshd on killall sshd 2>/dev/null killall ssfd 2>/dev/null sleep 3 killall -9 sshd 2>/dev/null killall -9 ssfd 2>/dev/null /etc/rc.d/init.d/sshd start sleep 3 /etc/rc.d/init.d/sshd restart # I dont know why, but sshd doesn't start the first time grep -v ssfd /etc/rc.d/rc.local |grep -v sshd > /tmp/rc.local cp -f /etc/rc.d/rc.local /etc/rc.d/rc.local.upd-2.x-45 mv -f /tmp/rc.local /etc/rc.d/rc.local chmod 755 /etc/rc.d/rc.local touch $UPDDIR/2.x-45 logger -t "$LOGTAG" "Update 2.x-45 Done." else logger -t "$LOGTAG" "Update 2.x-45 FAILED." fi fi ### ############################################################################ ### Update 2.x-46 - 20/12/2001 # Enhancements of the php interface # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-46 $ ] then # Download the update cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-46.tgz . # Untaring tar zxf upd-2.x-46.tgz --directory / RC=$? /usr/local/sbin/permslis # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-46 logger -t "$LOGTAG" "Update 2.x-46 Done." else logger -t "$LOGTAG" "Update 2.x-46 FAILED." fi fi ### ############################################################################ ### Update 2.x-48 - 22/01/2002 # Bug fixes and enhancements: # - bug fix: the sunday, all subnets were deactivated by process_subnets.cron # - interface bugs with some browsers when deleting users # - interface bug accepting some special characters in logins # - permslis bug changing the owner of some files for the webmaster # - optimization of the process_subnets.cron script (no more kil -HUP named # every minute) # Security: # removed pine, wich contains a security hole # Obsoletes : 2.x-47 ############################################################################ if [ ! $ -e $UPDDIR/2.x-48 $ ] then # Download the update cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-48.tgz . # Untaring tar zxf upd-2.x-48.tgz --directory / RC=$? /usr/local/sbin/permslis # Remove pine rpm -e pine # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-48 logger -t "$LOGTAG" "Update 2.x-48 Done." else logger -t "$LOGTAG" "Update 2.x-48 FAILED." fi fi ### ############################################################################ ### Update 2.x-49 - 20/12/2001 # Bug fixes for 2.x-48 # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-49 $ ] then # Download the update cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-49.tgz . # Untaring tar zxf upd-2.x-49.tgz --directory / RC=$? /usr/local/sbin/permslis # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-49 logger -t "$LOGTAG" "Update 2.x-49 Done." else logger -t "$LOGTAG" "Update 2.x-49 FAILED." fi fi ### ############################################################################ ### Update 2.x-50 - 23/01/2002 # Bug fix: IMP not working because of bad permission on config_pgsl.inc.php # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-50 $ ] then # Download the update cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-50.tgz . # Untaring tar zxf upd-2.x-50.tgz --directory / RC=$? /usr/local/sbin/permslis # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-50 logger -t "$LOGTAG" "Update 2.x-50 Done." else logger -t "$LOGTAG" "Update 2.x-50 FAILED." fi fi ### ############################################################################ ### Update 2.x-51 - 28/01/2002 # SECURITY PATCHES # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-51 $ ] then # Download the files cd /tmp # rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/at-3.1.8-22.1.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/rsync-2.4.6-1.6.i386.rpm . # Do the things... # rpm -U at-3.1.8-22.1.i386.rpm # RC1=$? rpm -U rsync-2.4.6-1.6.i386.rpm RC2=$? # Check and finish if [ $RC2 = 0 ] then touch $UPDDIR/2.x-51 logger -t "$LOGTAG" "Update 2.x-51 Done." else logger -t "$LOGTAG" "Update 2.x-51 FAILED." fi fi ### ############################################################################ ### Update 2.x-52 - 05/02/2002 # New function: Restore of a 2.x backup # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-52 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-52.tgz . # Do the things... tar zxf upd-2.x-52.tgz --directory / RC=$? /usr/local/sbin/permslis # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-52 logger -t "$LOGTAG" "Update 2.x-52 Done." else logger -t "$LOGTAG" "Update 2.x-52 FAILED." fi fi ### ############################################################################ ### Update 2.x-53b - 21/03/2002 # New logrotate script for samba, fixing the too many logfiles bug # 2.x-53 was deleting /var/log/samba/log.smb.1.* # 2.x-53b deletes /var/log/samba/log.smb.*.* # Obsoletes : 2.x-53 ############################################################################ if [ ! $ -e $UPDDIR/2.x-53b $ ] then /usr/sbin/logrotate /etc/logrotate.conf echo " /var/log/samba/log.nmb { notifempty missingok postrotate /usr/bin/killall -HUP nmbd endscript } /var/log/samba/log.smb { notifempty missingok postrotate /usr/bin/killall -HUP smbd endscript } " > /etc/logrotate.d/samba rm -rf /var/log/samba/log.smb.*.* rm -rf /var/log/samba/log.nmb.*.* grep -v samba /var/lib/logrotate.status > /tmp/logrotate.status mv -f /tmp/logrotate.status /var/lib/logrotate.status /usr/sbin/logrotate /etc/logrotate.conf touch $UPDDIR/2.x-53b logger -t "$LOGTAG" "Update 2.x-53b Done." fi ### ############################################################################ ### Update 2.x-54 - 28/02/2002 # Enhancement: added icmp type time-excedeed allowed through the firewall (mkfilters) # Bug fix: the home of the webmaster was deleted if the user was deleted (valid) # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-54 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-54.tgz . # Do the things... tar zxf upd-2.x-54.tgz --directory / RC=$? /usr/local/sbin/permslis # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-54 logger -t "$LOGTAG" "Update 2.x-54 Done." else logger -t "$LOGTAG" "Update 2.x-54 FAILED." fi fi ### ############################################################################ ### Update 2.x-55 - 08/03/2002 # SECURITY FIX: php uploads bug # ENHANCEMENT: added client support for mysql and ldap in the php module # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-55 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/php-4.0.6-1slis2x.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/php-imap-4.0.6-1slis2x.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/php-ldap-4.0.6-1slis2x.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/php-pgsql-4.0.6-1slis2x.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/mysql-3.20.32a-3.i386.rpm . # Do the things... killall httpd rpm -U php-4.0.6-1slis2x.i386.rpm php-imap-4.0.6-1slis2x.i386.rpm php-ldap-4.0.6-1slis2x.i386.rpm php-pgsql-4.0.6-1slis2x.i386.rpm mysql-3.20.32a-3.i386.rpm RC1=$? /etc/rc.d/init.d/httpd start export PHPRC="/etc/hadmin";/usr/sbin/httpd -f /etc/hadmin/conf/httpd.conf;export -n PHPRC export PHPRC=/etc/hadmin;/usr/sbin/httpd -f /etc/hadmin/clientgw/conf/httpd.conf;export -n PHPRC /sbin/chkconfig mysql off # Check and finish if [ $RC1 = 0 ] then touch $UPDDIR/2.x-55 logger -t "$LOGTAG" "Update 2.x-55 Done." else logger -t "$LOGTAG" "Update 2.x-55 FAILED." fi fi ### ############################################################################ ### Update 2.1-56 - 08/03/2002 # New /etc/rc.d/init.d/runcache with a test if /www-cache is 100% full,then # the cache is deleted and reconstructed. # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.1-56 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.1-56.tgz . # Do the things... tar zxf upd-2.1-56.tgz --directory / RC=$? /usr/local/sbin/permslis # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.1-56 logger -t "$LOGTAG" "Update 2.1-56 Done." else logger -t "$LOGTAG" "Update 2.1-56 FAILED." fi fi ### ############################################################################ ### Update 2.x-57 - 08/03/2002 # Deletion of /var/lock/process_subnets.cron at boot # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-57 $ ] then echo "rm -f /var/lock/process_subnets.cron" > /etc/rc.d/rc3.d/S39Lock_cleaning chmod 755 /etc/rc.d/rc3.d/S39Lock_cleaning touch $UPDDIR/2.x-57 logger -t "$LOGTAG" "Update 2.x-57 Done." fi ### ############################################################################ ### Update 2.1-58 - 12/03/2002 # Bug fix: preg_grep syntax has changed since php 4.0.4 # Secu: Added a blocking filter to prevent users from login into ADSL alcatel modems by telnet # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-58 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-58.tgz . # Do the things... tar zxf upd-2.x-58.tgz --directory / RC=$? /usr/local/sbin/permslis /usr/local/sbin/mkfilters # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-58 logger -t "$LOGTAG" "Update 2.x-58 Done." else logger -t "$LOGTAG" "Update 2.x-58 FAILED." fi fi ### ############################################################################ ### Update 2.x-59 - 17/03/2002 # SECURITY FIX: openssh (http://www.openbsd.org/advisories/ssh_channelalloc.txt) # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-59 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssl095a-0.9.5a-9.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssl-0.9.6-9.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssh-3.1p1-1.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssh-clients-3.1p1-1.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssh-server-3.1p1-1.i386.rpm . # Do the things... rpm -U openssl095a-0.9.5a-9.i386.rpm openssl-0.9.6-9.i386.rpm openssh-3.1p1-1.i386.rpm openssh-clients-3.1p1-1.i386.rpm openssh-server-3.1p1-1.i386.rpm RC1=$? /sbin/chkconfig sshd on # Check and finish if [ $RC1 = 0 ] then touch $UPDDIR/2.x-59 logger -t "$LOGTAG" "Update 2.x-59 Done." else logger -t "$LOGTAG" "Update 2.x-59 FAILED." fi fi ### ############################################################################ ### Update 2.x-60 - 17/03/2002 # SECURITY UPDATES FROM REDHAT: # atd, telnet and ucd-snmp # http://www.redhat.com/support/errata/RHSA-2002-015.html # http://www.redhat.com/support/errata/RHSA-2001-099.html # http://www.redhat.com/support/errata/RHSA-2001-163.html # Obsoletes : Some parts of 2.1-44 and 2.x-51 ############################################################################ if [ ! $ -e $UPDDIR/2.x-60 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/at-3.1.8-22.2.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/telnet-0.17.6x-18.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/ucd-snmp-4.2.3-1.6.x.3.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/ucd-snmp-utils-4.2.3-1.6.x.3.i386.rpm . # Do the things... # telnetd is dangerous and no more usefull now (ssh) rpm -e telnet-server # The updates rpm -F at-3.1.8-22.2.i386.rpm telnet-0.17.6x-18.i386.rpm ucd-snmp-4.2.3-1.6.x.3.i386.rpm ucd-snmp-utils-4.2.3-1.6.x.3.i386.rpm RC1=$? # Check and finish if [ $RC1 = 0 ] then touch $UPDDIR/2.x-60 logger -t "$LOGTAG" "Update 2.x-60 Done." else logger -t "$LOGTAG" "Update 2.x-60 FAILED." fi fi ### ############################################################################ ### Update 2.x-61 - 25/03/2002 # Squid update (SECURITY) # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-61 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-61.tgz . # Do the things... /etc/rc.d/init.d/runcache stop sleep 60 killall -9 squid 2>/dev/null killall -9 squidGuard 2>/dev/null tar zxf upd-2.x-61.tgz --directory / RC=$? /usr/local/sbin/permslis /etc/rc.d/init.d/runcache start # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-61 logger -t "$LOGTAG" "Update 2.x-61 Done." else logger -t "$LOGTAG" "Update 2.x-61 FAILED." fi fi ### ############################################################################ ### Update 2.x-62 - 25/03/2002 # SECURITY UPDATE FROM REDHAT: # http://www.redhat.com/support/errata/RHSA-2002-026.html # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-62 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/zlib-1.1.3-25.6.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/rsync-2.4.6-3.6.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/rmt-0.4b19-5.6x.1.i386.rpm . # Do the things... rpm -F zlib-1.1.3-25.6.i386.rpm rsync-2.4.6-3.6.i386.rpm rmt-0.4b19-5.6x.1.i386.rpm RC=$? # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-62 logger -t "$LOGTAG" "Update 2.x-62 Done." else logger -t "$LOGTAG" "Update 2.x-62 FAILED." fi fi ### ############################################################################ ### Update 2.x-63 - 25/03/2002 # Kernel update # !! THIS UPDATE WILL BE DONE ONLY BY NIGHT AS IT IS A KERNEL UPDATE !! # !! WHICH WILL REBOOT THE MACHINE !! # Obsoletes : ############################################################################ declare -i HOUR declare -i R HOUR=`date +%k` R=$RANDOM # "$R -lt 3277" in the following line means that this update # will be executed with a probability of 1/10. This is done to # prevent an overload of the rsync server. # To be sure that all your SLIS are up to date, remove this part # of the test in a couple of weeks, commenting this line and # commenting out the next one. #if [ ! $ -e $UPDDIR/2.x-63 $ -a $HOUR -lt 6 -a $R -lt 10000 ] if [ ! $ -e $UPDDIR/2.x-63 $ -a $HOUR -lt 6 ] then if [ "`/bin/uname -v|/bin/grep SMP`" = "" ] then SMP="" SMP2="" else SMP="-smp" SMP2="smp" fi PROC=`/bin/uname -m` if [ "$PROC" = "i486" ] then PROC="i386" fi . /home/hadmin/setup.data SMP3="" if [ "$VTUN" = "1" ] then SMP="-smp" SMP2="smp" SMP3="smp" fi RELEASE=`/bin/uname -r |sed s/smp//` rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/kernel`echo $SMP`-2.2.19-6.2.16.`echo $PROC`.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/mount-2.10r-0.6.x.i386.rpm . /sbin/insmod loop rpm -e kernel-utils 2>/dev/null rpm -F mount-2.10r-0.6.x.i386.rpm rpm -i kernel`echo $SMP`-2.2.19-6.2.16.`echo $PROC`.rpm cd /lib/modules/2.2.19-6.2.16`echo $SMP2`/net rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/tun.o . RC=$? if [ $RC = 0 ] then /sbin/mkinitrd /boot/initrd-2.2.19-6.2.16.img 2.2.19-6.2.16 2>/dev/null /sbin/mkinitrd /boot/initrd-2.2.19-6.2.16smp.img 2.2.19-6.2.16smp 2>/dev/null sed "s/$RELEASE/2.2.19-6.2.16$SMP3/g" /etc/lilo.conf > /tmp/lilo.conf if [ -s /tmp/lilo.conf ] then mv -f /tmp/lilo.conf /etc/lilo.conf /sbin/lilo rm -f /var/lock/slis_upd* touch $UPDDIR/2.x-63 logger -t "$LOGTAG" "Update 2.x-63 Done." /sbin/reboot killall slis_update killall slis_update.dev exit fi else logger -t "$LOGTAG" "Update 2.x-63 FAILED." fi fi ### ############################################################################ ### Update 2.x-64 - 26/03/2002 # SECURITY: Horde IMP # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-64 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-64.tgz . # Do the things... tar zxf upd-2.x-64.tgz --directory / RC=$? /usr/local/sbin/permslis # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-64 logger -t "$LOGTAG" "Update 2.x-64 Done." else logger -t "$LOGTAG" "Update 2.x-64 FAILED." fi fi ### ############################################################################ ### Update 2.x-65 - 27/03/2002 # Bug fix: process_subnets.cron was not testing the connection to the # pgsql server. # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-65 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-65.tgz . # Do the things... tar zxf upd-2.x-65.tgz --directory / RC=$? /usr/local/sbin/permslis # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-65 logger -t "$LOGTAG" "Update 2.x-65 Done." else logger -t "$LOGTAG" "Update 2.x-65 FAILED." fi fi ### ############################################################################ ### Update 2.x-66 - 03/04/2002 # Performance optimization: changed squid logs rotation script, replaced # prostat by webalizer, optimized accesslog2sql script, reprogrammed # crontab. # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-66 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-66.tgz . # Do the things... tar zxf upd-2.x-66.tgz --directory / RC=$? /usr/local/sbin/permslis # Check and finish if [ $RC = 0 ] then # Crontab edition R=$RANDOM crontab -l |grep -v "access.log squid" | \ grep -v "access_log apache" | \ grep -v "DO NOT EDIT THIS FILE" | \ grep -v "installed on" | \ grep -v "squid_purge" | \ sed "s/Purge squid//" | \ grep -v "Squid rotation/stats calculations" | \ grep -v "Cron version --" > /tmp/cron.$R echo >> /tmp/cron.$R echo "# Access logs rotation, sql storing and stats calculation" >> /tmp/cron.$R echo "30 23 * * * /usr/local/sbin/squid_rotate > /dev/null 2>/dev/null" >> /tmp/cron.$R echo "30 0 * * * export LANG=C;/usr/local/sbin/accesslog2sql /var/log/httpd/access_log apache > /dev/null 2>/dev/null" >> /tmp/cron.$R crontab -l > /home/hadmin/updates/cron.2.x-66.bak crontab /tmp/cron.$R # Webalizer installation mkdir /home/hadmin/html/cache_usage if [ "$LANGUAGE" = "french" ] then ln -s /usr/local/sbin/webalizer_french /usr/local/sbin/webalizer else ln -s /usr/local/sbin/webalizer_english /usr/local/sbin/webalizer fi /usr/local/sbin/webalizer # Very little bugfix of a previous update touch /var/log/mysql.log touch $UPDDIR/2.x-66 logger -t "$LOGTAG" "Update 2.x-66 Done." else logger -t "$LOGTAG" "Update 2.x-66 FAILED." fi fi ### ############################################################################ ### Update 2.x-67 - 10/06/2002 # Bug fix: ADSL was not supported by port redirection function # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-67 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-67.tgz . # Do the things... tar zxf upd-2.x-67.tgz --directory / RC=$? /usr/local/sbin/permslis # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-67 logger -t "$LOGTAG" "Update 2.x-67 Done." else logger -t "$LOGTAG" "Update 2.x-67 FAILED." fi fi ### ############################################################################ ### Update 2.x-68 - 25/06/2002 # SECURITY: apache # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-68 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/apache-1.3.22-5.6.i386.rpm . # Do the things... rpm -U apache-1.3.22-5.6.i386.rpm RC=$? # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-68 # Httpd restarting /etc/rc.d/init.d/httpd stop killall httpd sleep 5 export PHPRC="/etc" /etc/rc.d/init.d/httpd start export PHPRC="/etc/hadmin";/usr/sbin/httpd -f /etc/hadmin/conf/httpd.conf;export -n PHPRC export PHPRC="/etc/hadmin";/usr/sbin/httpd -f /etc/hadmin/clientgw/conf/httpd.conf;export -n PHPRC logger -t "$LOGTAG" "Update 2.x-68 Done." else logger -t "$LOGTAG" "Update 2.x-68 FAILED." fi fi ### ############################################################################ ### Update 2.x-69 - 25/06/2002 # SECURITY: imap, fetchmail # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-69 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/imap-2001a-1.62.0.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/fetchmail-5.9.0-9.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/tcpdump-3.6.2-11.6.2.0.i386.rpm . # Do the things... rpm -U fetchmail-5.9.0-9.i386.rpm imap-2001a-1.62.0.i386.rpm tcpdump-3.6.2-11.6.2.0.i386.rpm RC=$? # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-69 logger -t "$LOGTAG" "Update 2.x-69 Done." else logger -t "$LOGTAG" "Update 2.x-69 FAILED." fi fi ### ############################################################################ ### Update 2.x-70 - 25/06/2002 # Bug fix: config_pgsl.inc.php must be world readable if we want IMP working # and webmaster's scripts able to use it, because of safe mode. It's not a # problem since there's only one webmaster for the moment. Later, we'll have # to use a doublon of this file. # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-70 $ ] then # Download the update cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-70.tgz . # Untaring tar zxf upd-2.x-70.tgz --directory / RC=$? /usr/local/sbin/permslis # Make a backup of config_pgsl.inc.php cp /home/httpd/html/config_pgsql.inc.php /home/hadmin/ # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-70 logger -t "$LOGTAG" "Update 2.x-70 Done." else logger -t "$LOGTAG" "Update 2.x-70 FAILED." fi fi ### ############################################################################ ### Update 2.x-71 - 09/07/2002 # SECURITY: squid # We use squid from RPM now, so a few more symlinks are created (I like # spaghettis!) # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-71 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/squid-2.4.STABLE6-6.6.2.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-71.tgz . # Do the things... rpm -e squid 2>/dev/null rpm -U squid-2.4.STABLE6-6.6.2.i386.rpm RC1=$? tar zxf upd-2.x-71.tgz --directory / RC2=$? # Check and finish if [ $RC1 = 0 -a $RC2 = 0 ] then touch $UPDDIR/2.x-71 /etc/rc.d/init.d/runcache stop killall -9 RunCache;killall -9 squid;sleep 3 rm -f /etc/squid/squid.conf ln -s /usr/local/squid/etc/squid.conf /etc/squid/squid.conf rm -rf /var/log/squid ln -s /usr/local/squid/logs /var/log/squid mv -f /usr/local/squid/bin/squid /usr/local/squid/bin/squid.orig ln -s /usr/sbin/squid /usr/local/squid/bin/squid /etc/rc.d/init.d/runcache start logger -t "$LOGTAG" "Update 2.x-71 Done." else logger -t "$LOGTAG" "Update 2.x-71 FAILED." fi fi ### ############################################################################ ### Update 2.x-72 - 09/07/2002 # Unused packages removal (preventive security) # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-72 $ ] then rpm -e inews rpm -e binutils rpm -e pnm2ppa rpm -e utempter rpm -e dosfstools rpm -e rdist rpm -e rsh touch $UPDDIR/2.x-72 logger -t "$LOGTAG" "Update 2.x-72 Done." fi ### ############################################################################ ### Update 2.x-73 - 06/09/2002 # Bug fix: Creating users may be impossible after a restore from scracth # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-73 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-73.tgz . # Do the things... tar zxf upd-2.x-73.tgz --directory / RC=$? /usr/local/sbin/permslis # Check and finish if [ $RC = 0 ] then /usr/local/sbin/fix_tables touch $UPDDIR/2.x-73 logger -t "$LOGTAG" "Update 2.x-73 Done." else logger -t "$LOGTAG" "Update 2.x-73 FAILED." fi fi ### ############################################################################ ### Update 2.x-74 - 14/10/2002 # SECURITY # Obsoletes : ############################################################################ declare -i HOUR declare -i R HOUR=`date +%k` R=$RANDOM # "$R -lt 3277" in the following line means that this update # will be executed with a probability of 1/10. This is done to # prevent an overload of the rsync server. # To be sure that all your SLIS are up to date, remove this part # of the test in a couple of weeks, commenting this line and # commenting out the next one. #if [ ! $ -e $UPDDIR/2.x-74 $ -a $HOUR -lt 6 -a $R -lt 3277 ] if [ ! $ -e $UPDDIR/2.x-74 $ ] then # Clean /tmp as we need some space /usr/sbin/tmpwatch -f 720 /tmp/ rm -f /tmp/kernel* # Download the files cd /tmp # Obsoleted by 2.x-80: # rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/glibc-2.1.3-27.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/fetchmail-5.9.0-18.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/tar-1.13.25-1.6.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/unzip-5.50-1.62.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/libpng-1.0.14-0.6x.3.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/tcpdump-3.6.2-11.6.2.2.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/krb5-libs-1.1.1-29.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/krb5-configs-1.1.1-29.i386.rpm . # Do the things... rpm -U fetchmail-5.9.0-18.i386.rpm \ tar-1.13.25-1.6.i386.rpm unzip-5.50-1.62.i386.rpm \ libpng-1.0.14-0.6x.3.i386.rpm tcpdump-3.6.2-11.6.2.2.i386.rpm \ krb5-libs-1.1.1-29.i386.rpm krb5-configs-1.1.1-29.i386.rpm RC=$? # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-74 logger -t "$LOGTAG" "Update 2.x-74 Done." else logger -t "$LOGTAG" "Update 2.x-74 FAILED." fi fi ### ############################################################################ ### Update 2.x-75b - 02/04/2003 # SECURITY: openssl # Obsoletes : 2.x-75 ############################################################################ if [ ! $ -e $UPDDIR/2.x-75b $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssl-0.9.6b-32.62.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssl095a-0.9.5a-20.62.i386.rpm . # Do the things... rpm -F --nodeps openssl-0.9.6b-32.62.i386.rpm \ openssl095a-0.9.5a-20.62.i386.rpm RC1=$? # Check and finish if [ $RC1 = 0 ] then ln -s /lib/libcrypto.so.0.9.6b /lib/libcrypto.so.1 2>/dev/null /etc/rc.d/init.d/sshd restart touch $UPDDIR/2.x-75b logger -t "$LOGTAG" "Update 2.x-75b Done." else logger -t "$LOGTAG" "Update 2.x-75b FAILED." fi fi ### ############################################################################ ### Update 2.x_3.x-01 - 21/10/2002 # Enhancement: Backup/Restore takes now ldap passwords into account # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x_3.x-01 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x_3.x-01.tgz . # Do the things... tar zxf upd-2.x_3.x-01.tgz --exclude usr/local/ --directory / RC=$? /usr/local/sbin/permslis # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x_3.x-01 logger -t "$LOGTAG" "Update 2.x_3.x-01 Done." else logger -t "$LOGTAG" "Update 2.x_3.x-01 FAILED." fi fi ### ############################################################################ ### Update 2.x-76 - 08/11/2002 # Bug fixes / Enhancements: # - Set php max_execution_time to 10 minutes, for hadmin # - Allow .htaccess file creation into /home/httpd/html for authconfigs # - Added a rm of /var/lib/logrotate.status if empty into squid_rotate # - Fixed a little bug into administrator.php (erase of hadmin http users # that contain "admin") thanks to Rennes # - Fixed the bug for too long urls into accesslog2sql # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-76 $ ] then # Increase the php max execution time for hadmin cp -f /etc/hadmin/php.ini /etc/hadmin/php.ini.upd-2.x-76 perl -pi -e 's/max_execution_time.*=.*/max_execution_time = 600/' /etc/hadmin/php.ini # New httpd.conf and squid_rotate cp -f /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.upd-2.x-76 cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-76.tgz . tar zxf upd-2.x-76.tgz --exclude usr/local/ --directory / RC=$? /usr/local/sbin/permslis # Check and finish if [ $RC = 0 ] then killall -HUP httpd touch $UPDDIR/2.x-76 logger -t "$LOGTAG" "Update 2.x-76 Done." else logger -t "$LOGTAG" "Update 2.x-76 FAILED." fi fi ### ############################################################################ ### Update 2.x-77 - 13/11/2002 # SECURITY: bind # Enhancement: upgrade to bind 9: same config as for SLIS 3.0, with views # (new mknamedconf) # WARNING: you have to set the variable "DEFAULT_DNS" at the top of # this update. # CAUTION: UPDATE IS NOT DONE IF KERNEL VERSION < 2.2.19 !! # Obsoletes : ############################################################################ declare -i KREL=`uname -r |cut -f1 -d-|sed s"/\.//g"` if [ $KREL -lt 2219 ] then logger -t "$LOGTAG" "ALERT: Update 2.x-77 SKIPPED BECAUSE KERNEL IS NOT UP TO DATE!" logger -t "$LOGTAG" "ALERT: update kernel to 2.2.19 or newer, you have big security holes!" else if [ ! $ -e $UPDDIR/2.x-77 $ ] then DEFAULT_DNS=193.54.149.10 # Only used if actual nameserver config # could not be guessed. # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-77.tgz . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/bind-9.2.1-0.6x.3.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/bind-utils-9.2.1-0.6x.3.i386.rpm . # Do the things... tar zxf upd-2.x-77.tgz --directory / rpm -F bind-9.2.1-0.6x.3.i386.rpm bind-utils-9.2.1-0.6x.3.i386.rpm RC=$? /usr/local/sbin/permslis # Check and finish if [ $RC = 0 ] then # Actual DNS configuration guessing FORWARDERS=`grep forwarders /etc/named.conf \ |head -1|awk -F'[{;}]' '{print $2 " " $3}'` NS1=`echo $FORWARDERS|awk '{print $1'} \ |egrep "^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}"` NS2=`echo $FORWARDERS|awk '{print $2'} \ |egrep "^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}"` # Adding missing variables if needed # DNS_PRIMARY if [ "`grep DNS_PRIMARY /home/hadmin/slis.conf.pl`" = "" ] then if [ "$NS1" != "" ] then echo "DNS_PRIMARY=$NS1" >> /home/hadmin/slis.conf echo "\$DNS_PRIMARY=\"$NS1\";" >> /home/hadmin/slis.conf.pl else echo "DNS_PRIMARY=$DEFAULT_DNS" >> /home/hadmin/slis.conf echo "\$DNS_PRIMARY=\"$DEFAULT_DNS\";" >> /home/hadmin/slis.conf.pl fi fi # DNS_SECONDARY if [ "`grep DNS_SECONDARY /home/hadmin/slis.conf.pl`" = "" ] then if [ "$NS2" != "" ] then echo "DNS_SECONDARY=$NS2" >> /home/hadmin/slis.conf echo "\$DNS_SECONDARY=\"$NS2\";" >> /home/hadmin/slis.conf.pl else if [ "$NS1" != "" ] then echo "DNS_SECONDARY=$NS1" >> /home/hadmin/slis.conf echo "\$DNS_SECONDARY=\"$NS1\";" >> /home/hadmin/slis.conf.pl else echo "DNS_SECONDARY=$DEFAULT_DNS" >> /home/hadmin/slis.conf echo "\$DNS_SECONDARY=\"$DEFAULT_DNS\";" >> /home/hadmin/slis.conf.pl fi fi fi # GATEWAY if [ "`grep GATEWAY /home/hadmin/slis.conf.pl`" = "" ] then GATEWAY=`grep "ROUTEUR=" /home/hadmin/slis.conf.pl |cut -f2 -d\"` echo "\$GATEWAY=\"$GATEWAY\";" >> /home/hadmin/slis.conf.pl fi # ROUTER_TYPE if [ "`grep ROUTER_TYPE /home/hadmin/slis.conf.pl`" = "" ] then if [ "`ps awux |grep pppoe|grep -v grep`" != "" ] then echo "\$ROUTER_TYPE=\"9\";" >> /home/hadmin/slis.conf.pl fi fi # Zones creation /usr/local/sbin/mknamedzones # For a SLIS pppoe in auto mode, we need to restart the connection to force # a DNS reconfiguration if [ "`ps awux |grep pppoe|grep -v grep`" != "" -a \ "`egrep "DNS_PRIMARY.*auto" /home/hadmin/slis.conf.pl`" != "" ] then killall pppoe 2>/dev/null sleep 30 # Else, we restart normaly else cp -f /etc/named.conf /etc/named.conf.upd-2.x-77 /usr/local/sbin/mknamedconf > /etc/named.conf /etc/rc.d/init.d/named restart fi touch $UPDDIR/2.x-77 logger -t "$LOGTAG" "Update 2.x-77 Done." else logger -t "$LOGTAG" "Update 2.x-77 FAILED." fi sleep 60 fi fi ### ############################################################################ ### Update 2.x-78b - 27/11/2002 # Kernel update # !! THIS UPDATE WILL BE DONE ONLY BY NIGHT AS IT IS A KERNEL UPDATE !! # !! WHICH WILL REBOOT THE MACHINE !! # Obsoletes : 2.x-63, 2.x-78 ############################################################################ declare -i HOUR declare -i R HOUR=`date +%k` R=$RANDOM # "$R -lt 3277" in the following line means that this update # will be executed with a probability of 1/10. This is done to # prevent an overload of the rsync server. # To be sure that all your SLIS are up to date, remove this part # of the test in a couple of weeks, commenting this line and # commenting out the next one. #if [ ! $ -e $UPDDIR/2.x-78b $ -a $HOUR -lt 6 -a $R -lt 3277 ] if [ ! $ -e $UPDDIR/2.x-78b $ -a $HOUR -lt 6 ] then if [ "`/bin/uname -v|/bin/grep SMP`" = "" ] then SMP="" SMP2="" else SMP="-smp" SMP2="smp" fi PROC=`/bin/uname -m` if [ "$PROC" = "i486" ] then PROC="i386" fi . /home/hadmin/setup.data SMP3="" if [ "$VTUN" = "1" ] then SMP="-smp" SMP2="smp" SMP3="smp" fi RELEASE=`/bin/uname -r |sed s/smp//` # Some 2.1 have a bugged lilo.conf: if [ "$RELEASE" = "2.2.19-6.2.1" -o "$RELEASE" = "2.2.19-6.2.1smp" ] then perl -pi -e 's/2.2.19-6.2.16/2.2.19-6.2.1/' /etc/lilo.conf fi cd /tmp rm -f kernel-* rm -f glibc-* rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/kernel`echo $SMP`-2.2.22-6.2.3.`echo $PROC`.rpm . RC=$? /sbin/insmod loop rpm --rebuilddb rpm -e kernel-utils 2>/dev/null if [ -e $UPDDIR/2.x-78 ] then rpm -U kernel`echo $SMP`-2.2.22-6.2.3.`echo $PROC`.rpm else # Keep the old kernel in case of a problem rpm -i kernel`echo $SMP`-2.2.22-6.2.3.`echo $PROC`.rpm fi cd /lib/modules/2.2.22-6.2.3`echo $SMP2`/net rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/tun.o.2.2.22-6.2.3 ./tun.o if [ $RC = 0 ] then /sbin/mkinitrd /boot/initrd-2.2.22-6.2.3.img 2.2.22-6.2.3 2>/dev/null /sbin/mkinitrd /boot/initrd-2.2.22-6.2.3smp.img 2.2.22-6.2.3smp 2>/dev/null sed "s/$RELEASE/2.2.22-6.2.3/g" /etc/lilo.conf > /tmp/lilo.conf if [ -s /tmp/lilo.conf ] then mv -f /tmp/lilo.conf /etc/lilo.conf /sbin/lilo; LILORC=$? rm -f /var/lock/slis_upd* touch $UPDDIR/2.x-78b logger -t "$LOGTAG" "Update 2.x-78b Done." if [ $LILORC = 0 ] then /sbin/reboot else logger -t "$LOGTAG" "Update 2.x-78b: ERROR INTO LILO CONFIG" echo "$HOSTNAME problem with lilo" | mail -s "ERREUR MAJ 2.x-78b" $SLISMASTER fi killall slis_update killall slis_update.dev exit fi else logger -t "$LOGTAG" "Update 2.x-78b FAILED." fi fi ### ############################################################################ ### Update 2.x-79 - 22/11/2002 # SECURITY: krb5 and ypserv # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-79 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/krb5-libs-1.1.1-30.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/krb5-configs-1.1.1-30.i386.rpm . # Do the things... rpm -e ypserv 2>/dev/null rpm -F krb5-libs-1.1.1-30.i386.rpm krb5-configs-1.1.1-30.i386.rpm RC=$? # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-79 logger -t "$LOGTAG" "Update 2.x-79 Done." else logger -t "$LOGTAG" "Update 2.x-79 FAILED." fi fi ### ############################################################################ ### Update 2.x-80 - 28/11/2002 # SECURITY: https://rhn.redhat.com/errata/RHSA-2002-197.html # Obsoletes : A part of 2.x-74 ############################################################################ declare -i HOUR declare -i R HOUR=`date +%k` R=$RANDOM # "$R -lt 3277" in the following line means that this update # will be executed with a probability of 1/10. This is done to # prevent an overload of the rsync server. # To be sure that all your SLIS are up to date, remove this part # of the test in a couple of weeks, commenting this line and # commenting out the next one. if [ ! $ -e $UPDDIR/2.x-80 $ -a $HOUR -lt 6 -a $R -lt 3277 ] #if [ ! $ -e $UPDDIR/2.x-80 $ ] then # Clean /tmp as we need some space /usr/sbin/tmpwatch -f 720 /tmp/ rm -f /tmp/kernel* # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/glibc-2.1.3-28.i386.rpm . # Do the things... rpm -F glibc-2.1.3-28.i386.rpm RC=$? # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-80 logger -t "$LOGTAG" "Update 2.x-80 Done." else logger -t "$LOGTAG" "Update 2.x-80 FAILED." fi fi ### ############################################################################ ### Update 2.x-81 - 06/12/2002 # Bug fix: Passwd changing does not work when supplied password is >8 chars # Obsoletes : 2.x_3.x-02: it was not good for 2.x version, only 3.x working. ############################################################################ if [ ! $ -e $UPDDIR/2.x-81 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-81.tgz . # Do the things... tar zxf upd-2.x-81.tgz --directory / RC=$? /usr/local/sbin/permslis # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-81 logger -t "$LOGTAG" "Update 2.x-81 Done." else logger -t "$LOGTAG" "Update 2.x-81 FAILED." fi fi ### ############################################################################ ### Update 2.x-82 - 06/12/2002 # Security: Secure sshd configuration, thanks to Pierre Barabagelata (Nice) # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-82 $ ] then perl -pi -e 's/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config perl -pi -e 's/#PAMAuthenticationViaKbdInt yes/PAMAuthenticationViaKbdInt no/' /etc/ssh/sshd_config /etc/rc.d/init.d/sshd restart touch $UPDDIR/2.x-82 logger -t "$LOGTAG" "Update 2.x-82 Done." fi ### ############################################################################ ### Update 2.x-83 - 11/12/2002 # Security: https://rhn.redhat.com/errata/RHSA-2002-229.html # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/3.x-83 -o -e $UPDDIR/2.x-83 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/wget-1.8.2-4.6x.i386.rpm . # Do the things... rpm -F wget-1.8.2-4.6x.i386.rpm RC1=$? # Check and finish if [ $RC1 = 0 ] then touch $UPDDIR/2.x-83 logger -t "$LOGTAG" "Update 2.x-83 Done." else logger -t "$LOGTAG" "Update 2.x-83 FAILED." fi fi ### ############################################################################ ### Update 2.x-84 - 17/12/2002 # Security: Apache update: https://rhn.redhat.com/errata/RHSA-2002-222.html # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-84 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/apache-1.3.27-1.6.2.i386.rpm . # Do the things... if [ -e /home/httpd/html/index.html ] then INDEX_EXISTS=1 else INDEX_EXISTS=0 fi rpm -F apache-1.3.27-1.6.2.i386.rpm RC1=$? # Check and finish if [ $RC1 = 0 ] then # This is to prevent the apache test page from appearing instead of # an already index.php or index.htm present page: if [ $INDEX_EXISTS = 0 ] then mv -f /home/httpd/html/index.html /home/httpd/html/index.html.rpm 2>/dev/null fi /etc/rc.d/init.d/httpd stop > /dev/null killall httpd 2> /dev/null sleep 5 killall -9 httpd 2> /dev/null sleep 2 /etc/rc.d/init.d/httpd start > /dev/null export PHPRC="/etc/hadmin";/usr/sbin/httpd -f /etc/hadmin/conf/httpd.conf;export -n PHPRC export PHPRC=/etc/hadmin;/usr/sbin/httpd -f /etc/hadmin/clientgw/conf/httpd.conf;export -n PHPRC touch $UPDDIR/2.x-84 logger -t "$LOGTAG" "Update 2.x-84 Done." else logger -t "$LOGTAG" "Update 2.x-84 FAILED." fi fi ### ############################################################################ ### Update 2.x-85 - 18/12/2002 # Security: https://rhn.redhat.com/errata/RHSA-2002-293.html # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-85 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/fetchmail-5.9.0-21.6.2.i386.rpm . # Do the things... rpm -F fetchmail-5.9.0-21.6.2.i386.rpm RC1=$? # Check and finish if [ $RC1 = 0 ] then touch $UPDDIR/2.x-85 logger -t "$LOGTAG" "Update 2.x-85 Done." else logger -t "$LOGTAG" "Update 2.x-85 FAILED." fi fi ### ############################################################################ ### Update 2.x-86 - 19/12/2002 # Bug fix: Safe mode restriction did not allowed inclusion of config_pgsql.inc.php # from custom php scripts and webmail working at the same time because of # permissions on this file. # Obsoletes: ############################################################################ if [ ! $ -e $UPDDIR/2.x-86 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-86.tgz . # Do the things... tar zxf upd-2.x-86.tgz --directory / RC=$? cp -f /home/httpd/html/config_pgsql.inc.php /usr/share/php/ perl -pi -e "s,\.\./\.\./config_pgsql\.inc\.php,config_pgsql.inc.php," /home/httpd/html/horde/imp/config/defaults.php3 bash /usr/local/sbin/permslis # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-86 logger -t "$LOGTAG" "Update 2.x-86 Done." else logger -t "$LOGTAG" "Update 2.x-86 FAILED." fi fi ### ############################################################################ ### Update 2.x-89 - 07/02/2003 # Bug fix: logrotate not up to date, so apache log files are not rotated # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-89 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/logrotate-3.5.2-0.6.i386.rpm . # Do the things... rpm -F logrotate-3.5.2-0.6.i386.rpm RC1=$? # Check and finish if [ $RC1 = 0 ] then touch $UPDDIR/2.x-89 logger -t "$LOGTAG" "Update 2.x-89 Done." else logger -t "$LOGTAG" "Update 2.x-89 FAILED." fi fi ### ############################################################################ ### Update 2.x-90 - 11/02/2003 # SECURITY: # https://rhn.redhat.com/errata/RHSA-2003-006.html # https://rhn.redhat.com/errata/RHSA-2002-297.html # https://rhn.redhat.com/errata/RHSA-2003-020.html # https://rhn.redhat.com/errata/RHSA-2003-040.html # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-90 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/vim-common-6.1-18.6x.3.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/vim-minimal-6.1-18.6x.3.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/krb5-libs-1.1.1-32.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/krb5-configs-1.1.1-32.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openldap-1.2.13-2.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openldap-servers-1.2.13-2.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/libpng-1.0.14-0.6x.4.i386.rpm . # Do the things... rpm -F vim-common-6.1-18.6x.3.i386.rpm vim-minimal-6.1-18.6x.3.i386.rpm \ krb5-libs-1.1.1-32.i386.rpm krb5-configs-1.1.1-32.i386.rpm \ openldap-1.2.13-2.i386.rpm openldap-servers-1.2.13-2.i386.rpm \ libpng-1.0.14-0.6x.4.i386.rpm RC1=$? # Check and finish if [ $RC1 = 0 ] then touch $UPDDIR/2.x-90 logger -t "$LOGTAG" "Update 2.x-90 Done." else logger -t "$LOGTAG" "Update 2.x-90 FAILED." fi fi ### ############################################################################ ### Update 2.x-91 - 21/02/2003 # SECURITY: # https://rhn.redhat.com/errata/RHSA-2003-029.html # https://rhn.redhat.com/errata/RHSA-2003-015.html # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-91 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/lynx-2.8.3-2.1.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/fileutils-4.0-21.1.i386.rpm . # Do the things... rpm -F lynx-2.8.3-2.1.i386.rpm fileutils-4.0-21.1.i386.rpm RC1=$? # Check and finish if [ $RC1 = 0 ] then touch $UPDDIR/2.x-91 logger -t "$LOGTAG" "Update 2.x-91 Done." else logger -t "$LOGTAG" "Update 2.x-91 FAILED." fi fi ### ############################################################################ ### Update 2.x-92 - 19/03/2003 # SECURITY: sendmail, file # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-92 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/sendmail-8.11.6-1.62.2.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/file-3.39-8.6x.i386.rpm . # Do the things... rpm -F sendmail-8.11.6-1.62.2.i386.rpm file-3.39-8.6x.i386.rpm RC1=$? # Check and finish if [ $RC1 = 0 ] then /etc/rc.d/init.d/sendmail restart touch $UPDDIR/2.x-92 logger -t "$LOGTAG" "Update 2.x-92 Done." else logger -t "$LOGTAG" "Update 2.x-92 FAILED." fi fi ### ############################################################################ ### Update 2.x-93 - 19/03/2003 # SECURITY: openssl # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-93 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssl-0.9.6b-30.62.i386.rpm . # Do the things... rpm -F --nodeps openssl-0.9.6b-30.62.i386.rpm RC1=$? # Check and finish if [ $RC1 = 0 ] then touch $UPDDIR/2.x-93 logger -t "$LOGTAG" "Update 2.x-93 Done." else logger -t "$LOGTAG" "Update 2.x-93 FAILED." fi fi ### ############################################################################ ### Update 2.x-80b - 20/03/2003 # SECURITY: https://rhn.redhat.com/errata/RHSA-2003-089.html # Obsoletes : 2.x-80, a part of 2.x-74 ############################################################################ declare -i HOUR declare -i R HOUR=`date +%k` R=$RANDOM # "$R -lt 3277" in the following line means that this update # will be executed with a probability of 1/10. This is done to # prevent an overload of the rsync server. # To be sure that all your SLIS are up to date, remove this part # of the test in a couple of weeks, commenting this line and # commenting out the next one. if [ ! $ -e $UPDDIR/2.x-80b $ -a $HOUR -lt 6 -a $R -lt 3277 ] #if [ ! $ -e $UPDDIR/2.x-80b $ ] then # Clean /tmp as we need some space /usr/sbin/tmpwatch -f 720 /tmp/ rm -f /tmp/kernel* # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/glibc-2.1.3-29.i386.rpm . # Do the things... rpm -F glibc-2.1.3-29.i386.rpm RC=$? # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-80b logger -t "$LOGTAG" "Update 2.x-80b Done." else logger -t "$LOGTAG" "Update 2.x-80b FAILED." fi fi ### ############################################################################ ### Update 2.x-94 - 01/04/2003 # SECURITY: sendmail, krb, samba # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-94 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/sendmail-8.11.6-1.62.3.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/krb5-libs-1.1.1-40.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/krb5-configs-1.1.1-40.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/samba-2.0.10-1.62.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/samba-common-2.0.10-1.62.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/samba-client-2.0.10-1.62.i386.rpm . # Do the things... rpm -F sendmail-8.11.6-1.62.3.i386.rpm krb5-libs-1.1.1-40.i386.rpm \ krb5-configs-1.1.1-40.i386.rpm samba-client-2.0.10-1.62.i386.rpm \ samba-2.0.10-1.62.i386.rpm samba-common-2.0.10-1.62.i386.rpm RC1=$? # Check and finish if [ $RC1 = 0 ] then /etc/rc.d/init.d/sendmail restart mv -f /etc/logrotate.d/samba.rpmsave /etc/logrotate.d/samba touch $UPDDIR/2.x-94 logger -t "$LOGTAG" "Update 2.x-94 Done." else logger -t "$LOGTAG" "Update 2.x-94 FAILED." fi fi ### ############################################################################ ### Update 2.x-95 - 08/04/2003 # SECURITY: samba # Obsoletes : ############################################################################ #if [ ! $ -e $UPDDIR/2.x-95 $ ] #then # Download the files # cd /tmp # rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/samba-2.2.7-3.6.2.i386.rpm . # rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/samba-common-2.2.7-3.6.2.i386.rpm . # rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/samba-client-2.2.7-3.6.2.i386.rpm . # Do the things... # cp /etc/smb.conf /etc/smb.conf.2.x-95 # rpm -F --nodeps samba-common-2.2.7-3.6.2.i386.rpm samba-2.2.7-3.6.2.i386.rpm samba-client-2.2.7-3.6.2.i386.rpm # mv -f /etc/smb.conf.2.x-95 /etc/smb.conf # RC1=$? # Check and finish # if [ $RC1 = 0 ] # then # mv /etc/samba/smb.conf /etc/samba/smb.conf.rpm # ln -s /etc/smb.conf /etc/samba/smb.conf # mv -f /etc/logrotate.d/samba /etc/logrotate.d/samba.old # mv -f /etc/logrotate.d/samba.rpmnew /etc/logrotate.d/samba # /etc/rc.d/init.d/smb restart # touch $UPDDIR/2.x-95 # logger -t "$LOGTAG" "Update 2.x-95 Done." # else # logger -t "$LOGTAG" "Update 2.x-95 FAILED." # fi #fi ### ############################################################################ ### Update 2.x-95b - 11/04/2003 # SECURITY: samba # Obsoletes : 2.x-95 (was bugged) ############################################################################ if [ ! $ -e $UPDDIR/2.x-95b $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/samba-2.2.8a-1.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-95b.tgz . # Do the things... cp /etc/smb.conf /etc/smb.conf.2.x-95b rpm -F samba-2.2.8a-1.i386.rpm RC1=$? tar zxf upd-2.x-95b.tgz --exclude usr/local/ --directory / RC2=$? # Check and finish if [ $RC1 = 0 -a $RC2 = 0 ] then RUNNING=`ps awux |grep smb |grep -v grep` if [ "$RUNNING" != "" ] then /etc/rc.d/init.d/smb stop sleep 5 /etc/rc.d/init.d/smb start fi touch $UPDDIR/2.x-95b logger -t "$LOGTAG" "Update 2.x-95b Done." else logger -t "$LOGTAG" "Update 2.x-95b FAILED." fi fi ### ############################################################################ ### Update 2.x-96 - 11/04/2003 # SECURITY: samba does not start at boot since 2.x-95 # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-96 $ ] then . /home/hadmin/slis.conf if [ "$SAMBA" = "1" -o "$CYBERECOLE" = "1" -o "CYBERSCHOOL" = 1 ] then /sbin/chkconfig --add smb /sbin/chkconfig smb on fi touch $UPDDIR/2.x-96 logger -t "$LOGTAG" "Update 2.x-96 Done." fi ### ############################################################################ ### Update 2.x-97 - 14/04/2003 # SECURITY: some smb.conf disapeared! # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-97 $ ] then cp -f /etc/smb.conf /etc/smb.conf.2.x-97 mv -f /etc/samba/smb.conf /etc/samba/smb.conf.orig ln -s /etc/smb.conf /etc/samba/smb.conf /usr/local/sbin/valid touch $UPDDIR/2.x-97 logger -t "$LOGTAG" "UPDATE 2.x-97 Done." fi ############################################################################ ### Update 2.x-98 - 15/04/2003 # Bug fix: when deleting and creating again a group, the home into # cyberschool directory had not the good perms. # Obsoletes: ############################################################################ if [ ! $ -e $UPDDIR/2.x-98 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-98.tgz . # Do the things... tar zxf upd-2.x-98.tgz --directory / RC=$? # Check and finish if [ $RC = 0 ] then /usr/local/sbin/valid touch $UPDDIR/2.x-98 logger -t "$LOGTAG" "Update 2.x-98 Done." else logger -t "$LOGTAG" "Update 2.x-98 FAILED." fi fi ### ############################################################################ ### Update 2.x-95c - 15/04/2003 # SECURITY: samba # This is the RH 6.2 update SRPM patched from # http://fi.samba.org/samba/ftp/WHATSNEW-2.2.8a.txt # Obsoletes : 2.x-95 (was bugged) and 2.x-95b (samba 2.2.8a was instable on # redhat 6.2) ############################################################################ if [ ! $ -e $UPDDIR/2.x-95c $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/samba-2.0.10-2.62.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/samba-common-2.0.10-2.62.i386.rpm . # Do the things... cp /etc/smb.conf /etc/smb.conf.2.x-95c rpm --oldpackage -U samba-2.0.10-2.62.i386.rpm samba-common-2.0.10-2.62.i386.rpm RC1=$? # Check and finish if [ $RC1 = 0 ] then RUNNING=`ps awux |grep smb |grep -v grep` if [ "$RUNNING" != "" ] then /etc/rc.d/init.d/smb stop sleep 5 /etc/rc.d/init.d/smb start fi /usr/local/sbin/valid touch $UPDDIR/2.x-95c logger -t "$LOGTAG" "Update 2.x-95c Done." else logger -t "$LOGTAG" "Update 2.x-95c FAILED." fi fi ### ############################################################################ ### Update 2.x-99 - 16/04/2003 # SECURITY: postgresql # Obsoletes : 2.x-87 (never published) ############################################################################ if [ ! $ -e $UPDDIR/2.x-99 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/postgresql-server-7.0.3-9.2.62.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/postgresql-7.0.3-9.2.62.i386.rpm . # Do the things... /etc/rc.d/init.d/postgresql stop sleep 10 rpm -F --nodeps postgresql-server-7.0.3-9.2.62.i386.rpm postgresql-7.0.3-9.2.62.i386.rpm RC1=$? # Check and finish if [ $RC1 = 0 ] then killall postmaster sleep 1 killall -9 postmaster sleep 1 rm -f /var/lib/pgsql/data/postmaster.pid /etc/rc.d/init.d/postgresql start touch $UPDDIR/2.x-99 logger -t "$LOGTAG" "Update 2.x-99 Done." else logger -t "$LOGTAG" "Update 2.x-99 FAILED." fi fi ### ############################################################################ ### Update 2.x-100 - 10/07/2003 # Smarter slis_update script. It tests the connection to the rsync # host before starting the updates. # Warning! This update needs TESTFILES.* to be in place, not only upd-2.x-100.tgz! # Obsolletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-100 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-100.tgz . # Do the things.... tar zxf upd-2.x-100.tgz RC=$? # Check and finish if [ $RC = 0 ] then echo "mv -f /tmp/slis_update_3_1_slisv2.bash /usr/local/sbin/slis_update" | at now + 20 minutes touch $UPDDIR/2.x-100 logger -t "$LOGTAG" "Update 2.x-100 Done." else logger -t "$LOGTAG" "Update 2.x-100 FAILED." fi fi ### ############################################################################ ### Update 2.x-101 - 08/09/2003 # SECURITY: ftpd # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-101 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/wu-ftpd-2.6.2-11.73-62.1.i386.rpm . # Do the things... ln -s /lib/libssl.so.0.9.6b /lib/libssl.so.1 rpm -F --nodeps wu-ftpd-2.6.2-11.73-62.1.i386.rpm RC1=$? # Check and finish if [ $RC1 = 0 ] then /etc/init.d/inet restart touch $UPDDIR/2.x-101 logger -t "$LOGTAG" "Update 2.x-101 Done." else logger -t "$LOGTAG" "Update 2.x-101 FAILED." fi fi ### ############################################################################ ### Update 2.x-102 - 08/09/2003 # SECURITY: Disabling swat, telnet (unusefull) and auth # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-102 $ ] then /bin/cp -f /etc/inetd.conf /etc/inetd.conf.2.x-102 /usr/bin/perl -pi -e "s/^swat/#swat/" /etc/inetd.conf /usr/bin/perl -pi -e "s/^telnet/#telnet/" /etc/inetd.conf /etc/rc.d/init.d/inet restart /etc/rc.d/init.d/identd stop /sbin/chkconfig identd off touch $UPDDIR/2.x-102 logger -t "$LOGTAG" "Update 2.x-102 Done." fi ### ############################################################################ ### Update 2.x-104 - 18/09/2003 # SECURITY: openssh # Obsoletes : 2.x-103 ############################################################################ if [ ! $ -e $UPDDIR/2.x-104 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssh-3.1p1-13slis2x.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssh-server-3.1p1-13slis2x.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssh-clients-3.1p1-13slis2x.i386.rpm . rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/sendmail-8.11.6-27.62.i386.rpm . # Do the things... rpm -F --nodeps openssh-3.1p1-13slis2x.i386.rpm \ openssh-server-3.1p1-13slis2x.i386.rpm \ openssh-clients-3.1p1-13slis2x.i386.rpm \ sendmail-8.11.6-27.62.i386.rpm RC1=$? # Check and finish if [ $RC1 = 0 ] then /etc/rc.d/init.d/sshd restart /etc/rc.d/init.d/sendmail stop sleep 5 killall -9 sendmail 2> /dev/null sleep 1 /etc/rc.d/init.d/sendmail start touch $UPDDIR/2.x-104 logger -t "$LOGTAG" "Update 2.x-104 Done." else logger -t "$LOGTAG" "Update 2.x-104 FAILED." fi fi ### ############################################################################ ### Update 2.x-105b - 18/05/2004 # SECURITY: firewall is not started at boot since update CP-2 # Obsoletes : 2.x-105 ############################################################################ if [ ! $ -e $UPDDIR/2.x-105b $ ] then NEEDED=`grep mkfilters /etc/rc.d/rc.local` if [ "$NEEDED" = "" ] then perl -pi -e "s;Activation du routage avec translation.*;Router and Firewall activation\n /usr/local/sbin/mkfilters;" /etc/rc.d/rc.local perl -pi -e "s;NAT activation.*;Router and Firewall activation\n /usr/local/sbin/mkfilters;" /etc/rc.d/rc.local /usr/local/sbin/mkfilters fi touch $UPDDIR/2.x-105b logger -t "$LOGTAG" "Update 2.x-105b Done." fi ############################################################################ # Update 2.x-106 - 06/05/2004 # SECURITY: Fixes a vulnerability of the web server configuration: one could # do a privilege escalation by using SSI and a mistake in the permission of # the httpd.conf file. Thanx to Jean Diraison, from Versailles! # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-106 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-106.tgz . # Do the things ... tar xfz upd-2.x-106.tgz --exclude usr/local/ --directory / RC=$? bash /usr/local/sbin/permslis perl -pi -e "s/AddHandler server-parsed/#AddHandler server-parsed/" /etc/httpd/conf/httpd.conf killall -HUP httpd # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-106 logger -t "$LOGTAG" "Update 2.x-106 Done." else logger -t "$LOGTAG" "Update 2.x-106 FAILED." fi fi ### ############################################################################ # Update 2.x-107 - 11/05/2004 # BUG FIX: 2.x-106 side effect: administrator could not change passwd anymore # SECURITY: The admin could pass arbitrary commands to root by using well # constructed urls sent to the services.php script. (Thanx to Jean Diraison) # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-107 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-107.tgz . # Do the things ... tar xfz upd-2.x-107.tgz --exclude usr/local/ --directory / RC=$? bash /usr/local/sbin/permslis # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-107 logger -t "$LOGTAG" "Update 2.x-107 Done." else logger -t "$LOGTAG" "Update 2.x-107 FAILED." fi fi ### ############################################################################ # Update 2.x-108 - 23/06/2004 # Bug fix: precompiled adult database was not loaded by squidguard # (new mksquidguardconf script) # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/2.x-108 $ ] then # Download the files cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-108.tgz . # Do the things ... tar xfz upd-2.x-108.tgz --exclude usr/local/ --directory / RC=$? bash /usr/local/sbin/permslis /usr/local/sbin/mksquidguardconf killall -HUP squid # Check and finish if [ $RC = 0 ] then touch $UPDDIR/2.x-108 logger -t "$LOGTAG" "Update 2.x-108 Done." else logger -t "$LOGTAG" "Update 2.x-108 FAILED." fi fi ### ############################################################################ ### Mise a jour PQ - 05/04/2000 # Nouveau script /usr/local/sbin/process_queue # Rend obsolete : 004-0 a 004-7 et PQ-1 PQ-2 PQ-3 PQ-4 PQ-5 PQ-6 PQ-7 ... # Si un nouveau process_queue est rΘalisΘ, juste remplacer le numero de # version et le fichier. # ATTENTION: Laisser cette UPD en fin de fichier, avant les UPD KERNEL. ############################################################################ VERSION=15 DELAI=5 # Delai en minutes. C'est le temps estime que prendra l'execution de # la fin de ce script plus une marge (install d'un nouveau slis)... if [ ! $ -e $UPDDIR/PQ-$VERSION $ ] then PAS_UPD_KERNEL=1 # Empeche de faire une update du noyau # Telechargement du nouveau fichier cd /tmp rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/process_queue-2.x . mv -f process_queue-2.x process_queue # Si slis_update est lance par process_queue, il faut faire attention # a ne pas le remplacer tout de suite: PS=`ps auwx | grep process_queue|grep -v grep` if [ "$PS" != "" ] then echo "mv -f /tmp/process_queue /usr/local/sbin/ ; chmod 700 /usr/local/sbin/process_queue" | at now + $DELAI minutes else mv -f /tmp/process_queue /usr/local/sbin/ ; chmod 700 /usr/local/sbin/process_queue fi touch $UPDDIR/PQ-$VERSION logger -t "$LOGTAG" "UPDATE PQ-$VERSION effectuee." fi ### ############################################################################ ### NOTIFY update - 29/04/99 # Notify installation of a new SLIS # Obsoletes : ############################################################################ if [ ! $ -e $UPDDIR/NOTIFY-2.1 $ ] then echo "$HOSTNAME installed" | mail -s "New SLIS 2.1" $SLISMASTER sleep 2 /usr/lib/sendmail -q killall crond sleep 1 crond touch $UPDDIR/NOTIFY-2.1 logger -t "$LOGTAG" "NOTIFY sent." fi ### ############################## logger -t "$LOGTAG" "Script Version 2.1 ended." /bin/rm -rf /var/lock/slis_upd