home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
ftp.ac-grenoble.fr
/
2015.02.ftp.ac-grenoble.fr.tar
/
ftp.ac-grenoble.fr
/
pub
/
slis
/
updates_rsync
/
slis_update-2.1
< prev
next >
Wrap
Text File
|
2004-06-22
|
82KB
|
2,883 lines
#!/bin/bash
# slis_update-2.1
# Updates for SLIS 2.1
### VARIABLES ###
UPDDIR=/home/hadmin/updates
LOGTAG="slis_update[$$]"
grep HOSTNAME /etc/sysconfig/network > /tmp/hostname
. /tmp/hostname
rm -rf /tmp/hostname
WEBMASTER=`ls -ld /home/httpd/html |awk '{print $3}'`
. /home/hadmin/slis.conf
##################
# Locking
if [ -e /var/lock/slis_upd ]
then
logger -t "$LOGTAG" "Lock found. Update already started."
exit
fi
touch /var/lock/slis_upd
sleep 1
logger -t "$LOGTAG" "Script Version 2.1 started."
############################################################################
### Update 2.1-1 - 13/09/2001
# New script vnc_portfw
# - Bug correction: the firewall was misconfigured when a port redir was done
# - Enhancements for Vtun option: both the ip of the tunnel and the real
# interface are configured for the redir
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.1-1 \) ]
then
# Telechargement du tar
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.1-1.tgz .
cd /
tar zxf /tmp/upd-2.1-1.tgz
RC=$?
# Verification et fin de la MAJ
if [ $RC = 0 ]
then
touch $UPDDIR/2.1-1
logger -t "$LOGTAG" "Update 2.1-1 Done."
else
logger -t "$LOGTAG" "Update 2.1-1 FAILED."
fi
fi
###
############################################################################
### Update SQUID RESTART - 19/09/2001
# Squid needs to be restarted, I don't know why for the moment
# Obsoletes :
############################################################################
if [ "`/bin/ps awux |grep squid|grep -v grep`" = "" ]
then
/etc/rc.d/init.d/runcache restart
logger -t "$LOGTAG" "SQUID WAS DOWN. RESTARTED."
fi
###
############################################################################
### Update 2.1-3 - 18/09/2001
# Places a warning in place of the password changing gateway
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.1-3 \) ]
then
# Telechargement du tar
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.1-3.tgz .
cd /
tar zxf /tmp/upd-2.1-3.tgz
RC=$?
# Verification et fin de la MAJ
if [ $RC = 0 ]
then
touch $UPDDIR/2.1-3
logger -t "$LOGTAG" "Update 2.1-3 Done."
else
logger -t "$LOGTAG" "Update 2.1-3 FAILED."
fi
fi
###
############################################################################
### Update 2.1-4 - 19/09/2001
# Wget RPM was missing
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.1-4 \) ]
then
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/wget-1.5.3-6.i386.rpm .
rpm -U ./wget-1.5.3-6.i386.rpm
RC=$?
# Verification et fin de la MAJ
if [ $RC = 0 ]
then
touch $UPDDIR/2.1-4
logger -t "$LOGTAG" "Update 2.1-4 Done."
else
logger -t "$LOGTAG" "Update 2.1-4 FAILED."
fi
fi
###
############################################################################
### Mise a jour 2.x-40 - 26/09/2001
# Secu updates and bug corrections from RedHat:
# - Secu: fetchmail is updated if fetchmail option is activated, removed else
# - Bug corrected in tmpwatch package
# - Secu: Sendmail local exploit bug corrected
# - Secu: Man local exploit corrected (mktemp package also upgraded)
# Rend obsolete :
############################################################################
if [ ! \( -e $UPDDIR/2.0-40 \) ]
then
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/tmpwatch-2.8-0.6.x.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/sendmail-8.11.6-1.6.x.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/mktemp-1.5-2.1.6x.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/man-1.5i2-0.6x.5.i386.rpm .
rpm -U tmpwatch-2.8-0.6.x.i386.rpm
rpm -U sendmail-8.11.6-1.6.x.i386.rpm
rpm -U mktemp-1.5-2.1.6x.i386.rpm
rpm -U man-1.5i2-0.6x.5.i386.rpm
RC1=0
. /home/hadmin/setup.data
if [ "FETCHMAIL" = "1" ]
then
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/fetchmail-5.9.0-0.6.2.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssl-0.9.5a-7.6.x.i386.rpm .
rpm -U fetchmail-5.9.0-0.6.2.i386.rpm
rpm -U openssl-0.9.5a-7.6.x.i386.rpm
rpm -q fetchmail-5.9.0-0.6.2 2>/dev/null >/dev/null
RC1=$?
else
rpm -e fetchmail
fi
# Verifications et fin de l'install
rpm -q tmpwatch-2.8-0.6.x 2>/dev/null >/dev/null
RC2=$?
rpm -q sendmail-8.11.6-1.6.x 2>/dev/null >/dev/null
RC3=$?
rpm -q man-1.5i2-0.6x.5 2>/dev/null >/dev/null
RC4=$?
if [ $RC1 = 0 -a $RC2 = 0 -a $RC3 = 0 -a $RC4 = 0 ]
then
/etc/rc.d/init.d/sendmail restart
touch $UPDDIR/2.0-40
logger -t "$LOGTAG" "UPDATE 2.0-40 effectuee"
else
logger -t "$LOGTAG" "UPDATE 2.0-40 ECHEC."
fi
fi
###
############################################################################
### UPDATE 2.x-41 - 03/10/2001
# - Installation of a new http interface designed for the users (called clientgw)
# This interface has only got for the moment a gateway for changing passwords.
# It runs on port 2000 under the same uid of hadmin. This update installs
# the config files for the new httpd daemon that will be running.
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-41 \) ]
then
# Download and install
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-41.tgz .
cd /
tar zxf /tmp/upd-2.x-41.tgz
RC=$?
# Check and finish
if [ $RC = 0 ]
then
ln -s /usr/lib/apache /etc/hadmin/clientgw/modules
echo "# Client gateway" >> /etc/rc.d/rc.local
echo "export PHPRC="/etc/hadmin";/usr/sbin/httpd -f /etc/hadmin/clientgw/conf/httpd.conf;export -n PHPRC" >> /etc/rc.d/rc.local
echo "/usr/local/sbin/cg-admind&" >> /etc/rc.d/rc.local
export PHPRC="/etc/hadmin";/usr/sbin/httpd -f /etc/hadmin/clientgw/conf/httpd.conf;export -n PHPRC
/usr/local/sbin/cg-admind&
/usr/local/sbin/permslis
touch $UPDDIR/2.x-41
logger -t "$LOGTAG" "Update 2.x-41 done."
else
logger -t "$LOGTAG" "Update 2.x-41 FAILED."
fi
fi
###
############################################################################
### Update 2.1-42 - 10/10/2001
# Restore system
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.1-42 \) ]
then
# Download
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-42.tgz .
tar zxf upd-2.x-42.tgz --directory /
RC=$?
# Creating tmp dir
mkdir -p /home/hadmin/tmp
chown hadmin.hadmin /home/hadmin/tmp
chmod 700 /home/hadmin/tmp
# patching php.ini
patch /etc/hadmin/php.ini << EOF
208c208
< post_max_size = 8M ; Maximum size of POST data that PHP will accept.
---
> post_max_size = 100M ; Maximum size of POST data that PHP will accept.
245c245
< upload_max_filesize = 2M ; Maximum allowed size for uploaded files
---
> upload_max_filesize = 100M ; Maximum allowed size for uploaded files
EOF
killall -HUP httpd
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.1-42
logger -t "$LOGTAG" "Update 2.1-42 Done."
else
logger -t "$LOGTAG" "Update 2.1-42 FAILED."
fi
fi
###
############################################################################
### Update 2.x-43 - 09/11/2001
# Synchro with CVS. Numerous bug fixes and enhancements.
# THIS UPDATE IS A BIG ONE!
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-43 \) ]
then
# Download the update
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-43.tgz .
# Kill connslogd and cg-admind as they will be replaced by the update
killall connslogd 2>/dev/null
killall cg-admind 2>/dev/null
# If this SLIS has a dns_autoconf daemon running, kill it and set a flag
DNS=`ps awux |grep dns_autoconf |grep -v grep |wc -l`
if [ $DNS = 1 ]
then
killall dns_autoconf
fi
# Untar the core update file
tar zxf upd-2.x-43.tgz --directory /
RC=$?
# A missing directory (not important)
# It's only a place to put some slis files like *.sql
mkdir -p /var/lib/slis
# Reset the permissions
bash /usr/local/sbin/permslis
# Restart the previously killed daemons
/usr/local/sbin/connslogd&
/usr/local/sbin/cg-admind&
if [ $DNS = 1 ]
then
/usr/local/sbin/dns_autoconf&
fi
# Continue the update only if untaring was successfull
if [ $RC = 0 ]
then
# Usefull denied_url file in squid conf was removed by error on some 2.1 versions
# This file may be used to add some URL to deny in a hurry. It mustn't be
# empty, so we add some Xs into it.
if [ ! -f /usr/local/squid/etc/denied_url ]
then
echo "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" > /usr/local/squid/etc/denied_url
fi
# Bug fix for mail header visualization function into hadmin
/usr/sbin/usermod -G mail hadmin
killall -HUP httpd
# Refresh squid config file (2.1 only)
if [ "`cat /etc/version_slis_num`" = "2.1" ]
then
/usr/local/sbin/mksquidconf
fi
# Errors from accesslog2sql are not important, so we redirect
# output to /dev/null
R=$RANDOM
crontab -l > /tmp/cron.$R
ALREADY=`grep "access.log squid >" /tmp/cron.$R`
if [ "$ALREADY" = "" ]
then
sed "s;access.log squid;access.log squid > /dev/null 2>/dev/null;" /tmp/cron.$R > /tmp/cron.new.$R
sed "s;access_log apache;access_log apache > /dev/null 2>/dev/null;" /tmp/cron.new.$R > /tmp/cron.$R
crontab /tmp/cron.$R
fi
if [ ! \( -e $UPDDIR/2.x-43a \) ]
then
# New subnets activation and schedule subsystem
# Init of SQL tables and conversion of old schedules
/usr/local/sbin/old_schedules_2sql 2>/dev/null >/dev/null
# Crontab modifications
R=$RANDOM
crontab -l > /tmp/cron.$R
grep -v routage_net_o /tmp/cron.$R | grep -v Horaires > /tmp/cron.new.$R
grep -v "DO NOT EDIT" /tmp/cron.new.$R | grep -v "installed on " | grep -v "Cron version" > /tmp/cron.$R
echo "# Subnets schedules" >> /tmp/cron.$R
echo "* * * * * /usr/local/sbin/process_subnets.cron" >> /tmp/cron.$R
crontab /tmp/cron.$R
# Init scripts update
grep -v "/usr/local/sbin/process_subnets" /etc/rc.d/rc.local | \
grep -v "cp -u /home/hadmin/cgi-bin/base/subnet" > /tmp/rc.local.$R
if [ -s /tmp/rc.local.$R ]
then
cp -f /etc/rc.d/rc.local /etc/rc.d/rc.local.2.x-43
mv -f /tmp/rc.local.$R /etc/rc.d/rc.local
fi
chmod 755 /etc/rc.d/rc.local
echo "rm -f /var/lock/process_subnets*" >> /etc/rc.d/rc.local
fi
# Refresh ip filters (new mkfilters script)
/usr/local/sbin/mkfilters
# Create a new database for a french application (B2i)
export PGPASSWORD=`grep PGSQL_PASS /home/httpd/html/config_pgsql.inc.php|cut -d\" -f2`
export PGUSER=`grep PGSQL_USER /home/httpd/html/config_pgsql.inc.php|cut -d\" -f2`
psql -tqc "create database b2i"
# Change the owner of "slis" database (little bug fix)
export PGPASSWORD=`grep POSTGRESPASS /home/hadmin/html/config_pgsql.inc.php|cut -d\" -f2`
export PGUSER=`grep POSTGRESUSER /home/hadmin/html/config_pgsql.inc.php|cut -d\" -f2`
psql -tqc "update pg_database set datdba = (select usesysid from pg_user where usename = 'slis') where datname = 'slis';" template1
# Send a mail to admin
MAIL_ADMIN=`awk '{if (NR==3) print}' $BASE/params_admin.txt`
if [ "$MAIL_ADMIN" != "" ]
then
echo "
Message envoye automatiquement par votre SLIS.
Votre SLIS vient d'etre mis a jour.
Le systeme de gestion d'horaires par sous-reseaux a
completement change. Un script a converti vos anciens
horaires dans le nouveau systeme, mais nous vous
invitons a verifier que tout est en ordre dans les
fonctions avancees, "acces par sous-reseaux/horaires".
" | mail -s "Mise a jour SLIS" $MAIL_ADMIN
fi
touch $UPDDIR/2.x-43
logger -t "$LOGTAG" "Update 2.x-43 Done."
else
logger -t "$LOGTAG" "Update 2.x-43 FAILED."
fi
fi
############################################################################
### Update 2.x-43b - 04/12/2001
# Big bug fix!
# /etc/named.acls was not correctly updated by process_subnets.cron resulting
# in some SLIS refusing DNS queries.
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-43b \) ]
then
# Download the update
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-43b.tgz .
# Untaring
tar zxf upd-2.x-43b.tgz --directory /
RC=$?
/usr/local/sbin/permslis
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-43b
logger -t "$LOGTAG" "Update 2.x-43b Done."
else
logger -t "$LOGTAG" "Update 2.x-43b FAILED."
fi
fi
###
############################################################################
### Update 2.1-44 - 21/12/2001
# SECURITY PATCHES
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.1-44 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/wu-ftpd-2.6.1-0.6x.21.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/diffutils-2.7-22.6x.i386.rpm .
# rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/ucd-snmp-4.2.1-4.6.x.i386.rpm .
# rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/ucd-snmp-utils-4.2.1-4.6.x.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/apache-1.3.22-0.6.i386.rpm .
# Do the things...
rpm -e samba-client 2>/dev/null
rpm -e rpm -e ghostscript rhs-printfilters ghostscript-fonts 2>/dev/null
rpm -e lpr 2>/dev/null
rpm -F diffutils-2.7-22.6x.i386.rpm
RC1=$?
# rpm -U ucd-snmp-4.2.1-4.6.x.i386.rpm ucd-snmp-utils-4.2.1-4.6.x.i386.rpm
# RC2=$?
rpm -F wu-ftpd-2.6.1-0.6x.21.i386.rpm
RC3=$?
rpm -F apache-1.3.22-0.6.i386.rpm
RC4=$?
# Check and finish
if [ $RC1 = 0 -a $RC3 = 0 -a $RC4 = 0 ]
then
# Httpd restarting
/etc/rc.d/init.d/httpd stop
killall httpd
sleep 5
/etc/rc.d/init.d/httpd start
export PHPRC="/etc/hadmin";/usr/sbin/httpd -f /etc/hadmin/conf/httpd.conf;export -n PHPRC
export PHPRC=/etc/hadmin;/usr/sbin/httpd -f /etc/hadmin/clientgw/conf/httpd.conf;export -n PHPRC
touch $UPDDIR/2.1-44
logger -t "$LOGTAG" "Update 2.1-44 Done."
else
logger -t "$LOGTAG" "Update 2.1-44 FAILED."
fi
fi
###
############################################################################
### Update 2.x-45 - 21/12/2001
# OpenSSH installation
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-45 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssh-3.0.2p1-1.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssh-server-3.0.2p1-1.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssh-clients-3.0.2p1-1.i386.rpm .
# Do the things...
rpm -U openssh-3.0.2p1-1.i386.rpm openssh-clients-3.0.2p1-1.i386.rpm openssh-server-3.0.2p1-1.i386.rpm 2>/dev/null
rpm -q openssh-server >/dev/null
RC1=$?
# Check and finish
if [ $RC1 = 0 ]
then
/sbin/chkconfig --add sshd
/sbin/chkconfig sshd on
killall sshd 2>/dev/null
killall ssfd 2>/dev/null
sleep 3
killall -9 sshd 2>/dev/null
killall -9 ssfd 2>/dev/null
/etc/rc.d/init.d/sshd start
sleep 3
/etc/rc.d/init.d/sshd restart # I dont know why, but sshd doesn't start the first time
grep -v ssfd /etc/rc.d/rc.local |grep -v sshd > /tmp/rc.local
cp -f /etc/rc.d/rc.local /etc/rc.d/rc.local.upd-2.x-45
mv -f /tmp/rc.local /etc/rc.d/rc.local
chmod 755 /etc/rc.d/rc.local
touch $UPDDIR/2.x-45
logger -t "$LOGTAG" "Update 2.x-45 Done."
else
logger -t "$LOGTAG" "Update 2.x-45 FAILED."
fi
fi
###
############################################################################
### Update 2.x-46 - 20/12/2001
# Enhancements of the php interface
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-46 \) ]
then
# Download the update
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-46.tgz .
# Untaring
tar zxf upd-2.x-46.tgz --directory /
RC=$?
/usr/local/sbin/permslis
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-46
logger -t "$LOGTAG" "Update 2.x-46 Done."
else
logger -t "$LOGTAG" "Update 2.x-46 FAILED."
fi
fi
###
############################################################################
### Update 2.x-48 - 22/01/2002
# Bug fixes and enhancements:
# - bug fix: the sunday, all subnets were deactivated by process_subnets.cron
# - interface bugs with some browsers when deleting users
# - interface bug accepting some special characters in logins
# - permslis bug changing the owner of some files for the webmaster
# - optimization of the process_subnets.cron script (no more kil -HUP named
# every minute)
# Security:
# removed pine, wich contains a security hole
# Obsoletes : 2.x-47
############################################################################
if [ ! \( -e $UPDDIR/2.x-48 \) ]
then
# Download the update
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-48.tgz .
# Untaring
tar zxf upd-2.x-48.tgz --directory /
RC=$?
/usr/local/sbin/permslis
# Remove pine
rpm -e pine
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-48
logger -t "$LOGTAG" "Update 2.x-48 Done."
else
logger -t "$LOGTAG" "Update 2.x-48 FAILED."
fi
fi
###
############################################################################
### Update 2.x-49 - 20/12/2001
# Bug fixes for 2.x-48
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-49 \) ]
then
# Download the update
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-49.tgz .
# Untaring
tar zxf upd-2.x-49.tgz --directory /
RC=$?
/usr/local/sbin/permslis
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-49
logger -t "$LOGTAG" "Update 2.x-49 Done."
else
logger -t "$LOGTAG" "Update 2.x-49 FAILED."
fi
fi
###
############################################################################
### Update 2.x-50 - 23/01/2002
# Bug fix: IMP not working because of bad permission on config_pgsl.inc.php
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-50 \) ]
then
# Download the update
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-50.tgz .
# Untaring
tar zxf upd-2.x-50.tgz --directory /
RC=$?
/usr/local/sbin/permslis
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-50
logger -t "$LOGTAG" "Update 2.x-50 Done."
else
logger -t "$LOGTAG" "Update 2.x-50 FAILED."
fi
fi
###
############################################################################
### Update 2.x-51 - 28/01/2002
# SECURITY PATCHES
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-51 \) ]
then
# Download the files
cd /tmp
# rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/at-3.1.8-22.1.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/rsync-2.4.6-1.6.i386.rpm .
# Do the things...
# rpm -U at-3.1.8-22.1.i386.rpm
# RC1=$?
rpm -U rsync-2.4.6-1.6.i386.rpm
RC2=$?
# Check and finish
if [ $RC2 = 0 ]
then
touch $UPDDIR/2.x-51
logger -t "$LOGTAG" "Update 2.x-51 Done."
else
logger -t "$LOGTAG" "Update 2.x-51 FAILED."
fi
fi
###
############################################################################
### Update 2.x-52 - 05/02/2002
# New function: Restore of a 2.x backup
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-52 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-52.tgz .
# Do the things...
tar zxf upd-2.x-52.tgz --directory /
RC=$?
/usr/local/sbin/permslis
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-52
logger -t "$LOGTAG" "Update 2.x-52 Done."
else
logger -t "$LOGTAG" "Update 2.x-52 FAILED."
fi
fi
###
############################################################################
### Update 2.x-53b - 21/03/2002
# New logrotate script for samba, fixing the too many logfiles bug
# 2.x-53 was deleting /var/log/samba/log.smb.1.*
# 2.x-53b deletes /var/log/samba/log.smb.*.*
# Obsoletes : 2.x-53
############################################################################
if [ ! \( -e $UPDDIR/2.x-53b \) ]
then
/usr/sbin/logrotate /etc/logrotate.conf
echo "
/var/log/samba/log.nmb {
notifempty
missingok
postrotate
/usr/bin/killall -HUP nmbd
endscript
}
/var/log/samba/log.smb {
notifempty
missingok
postrotate
/usr/bin/killall -HUP smbd
endscript
}
" > /etc/logrotate.d/samba
rm -rf /var/log/samba/log.smb.*.*
rm -rf /var/log/samba/log.nmb.*.*
grep -v samba /var/lib/logrotate.status > /tmp/logrotate.status
mv -f /tmp/logrotate.status /var/lib/logrotate.status
/usr/sbin/logrotate /etc/logrotate.conf
touch $UPDDIR/2.x-53b
logger -t "$LOGTAG" "Update 2.x-53b Done."
fi
###
############################################################################
### Update 2.x-54 - 28/02/2002
# Enhancement: added icmp type time-excedeed allowed through the firewall (mkfilters)
# Bug fix: the home of the webmaster was deleted if the user was deleted (valid)
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-54 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-54.tgz .
# Do the things...
tar zxf upd-2.x-54.tgz --directory /
RC=$?
/usr/local/sbin/permslis
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-54
logger -t "$LOGTAG" "Update 2.x-54 Done."
else
logger -t "$LOGTAG" "Update 2.x-54 FAILED."
fi
fi
###
############################################################################
### Update 2.x-55 - 08/03/2002
# SECURITY FIX: php uploads bug
# ENHANCEMENT: added client support for mysql and ldap in the php module
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-55 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/php-4.0.6-1slis2x.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/php-imap-4.0.6-1slis2x.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/php-ldap-4.0.6-1slis2x.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/php-pgsql-4.0.6-1slis2x.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/mysql-3.20.32a-3.i386.rpm .
# Do the things...
killall httpd
rpm -U php-4.0.6-1slis2x.i386.rpm php-imap-4.0.6-1slis2x.i386.rpm php-ldap-4.0.6-1slis2x.i386.rpm php-pgsql-4.0.6-1slis2x.i386.rpm mysql-3.20.32a-3.i386.rpm
RC1=$?
/etc/rc.d/init.d/httpd start
export PHPRC="/etc/hadmin";/usr/sbin/httpd -f /etc/hadmin/conf/httpd.conf;export -n PHPRC
export PHPRC=/etc/hadmin;/usr/sbin/httpd -f /etc/hadmin/clientgw/conf/httpd.conf;export -n PHPRC
/sbin/chkconfig mysql off
# Check and finish
if [ $RC1 = 0 ]
then
touch $UPDDIR/2.x-55
logger -t "$LOGTAG" "Update 2.x-55 Done."
else
logger -t "$LOGTAG" "Update 2.x-55 FAILED."
fi
fi
###
############################################################################
### Update 2.1-56 - 08/03/2002
# New /etc/rc.d/init.d/runcache with a test if /www-cache is 100% full,then
# the cache is deleted and reconstructed.
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.1-56 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.1-56.tgz .
# Do the things...
tar zxf upd-2.1-56.tgz --directory /
RC=$?
/usr/local/sbin/permslis
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.1-56
logger -t "$LOGTAG" "Update 2.1-56 Done."
else
logger -t "$LOGTAG" "Update 2.1-56 FAILED."
fi
fi
###
############################################################################
### Update 2.x-57 - 08/03/2002
# Deletion of /var/lock/process_subnets.cron at boot
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-57 \) ]
then
echo "rm -f /var/lock/process_subnets.cron" > /etc/rc.d/rc3.d/S39Lock_cleaning
chmod 755 /etc/rc.d/rc3.d/S39Lock_cleaning
touch $UPDDIR/2.x-57
logger -t "$LOGTAG" "Update 2.x-57 Done."
fi
###
############################################################################
### Update 2.1-58 - 12/03/2002
# Bug fix: preg_grep syntax has changed since php 4.0.4
# Secu: Added a blocking filter to prevent users from login into ADSL alcatel modems by telnet
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-58 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-58.tgz .
# Do the things...
tar zxf upd-2.x-58.tgz --directory /
RC=$?
/usr/local/sbin/permslis
/usr/local/sbin/mkfilters
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-58
logger -t "$LOGTAG" "Update 2.x-58 Done."
else
logger -t "$LOGTAG" "Update 2.x-58 FAILED."
fi
fi
###
############################################################################
### Update 2.x-59 - 17/03/2002
# SECURITY FIX: openssh (http://www.openbsd.org/advisories/ssh_channelalloc.txt)
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-59 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssl095a-0.9.5a-9.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssl-0.9.6-9.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssh-3.1p1-1.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssh-clients-3.1p1-1.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssh-server-3.1p1-1.i386.rpm .
# Do the things...
rpm -U openssl095a-0.9.5a-9.i386.rpm openssl-0.9.6-9.i386.rpm openssh-3.1p1-1.i386.rpm openssh-clients-3.1p1-1.i386.rpm openssh-server-3.1p1-1.i386.rpm
RC1=$?
/sbin/chkconfig sshd on
# Check and finish
if [ $RC1 = 0 ]
then
touch $UPDDIR/2.x-59
logger -t "$LOGTAG" "Update 2.x-59 Done."
else
logger -t "$LOGTAG" "Update 2.x-59 FAILED."
fi
fi
###
############################################################################
### Update 2.x-60 - 17/03/2002
# SECURITY UPDATES FROM REDHAT:
# atd, telnet and ucd-snmp
# http://www.redhat.com/support/errata/RHSA-2002-015.html
# http://www.redhat.com/support/errata/RHSA-2001-099.html
# http://www.redhat.com/support/errata/RHSA-2001-163.html
# Obsoletes : Some parts of 2.1-44 and 2.x-51
############################################################################
if [ ! \( -e $UPDDIR/2.x-60 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/at-3.1.8-22.2.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/telnet-0.17.6x-18.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/ucd-snmp-4.2.3-1.6.x.3.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/ucd-snmp-utils-4.2.3-1.6.x.3.i386.rpm .
# Do the things...
# telnetd is dangerous and no more usefull now (ssh)
rpm -e telnet-server
# The updates
rpm -F at-3.1.8-22.2.i386.rpm telnet-0.17.6x-18.i386.rpm ucd-snmp-4.2.3-1.6.x.3.i386.rpm ucd-snmp-utils-4.2.3-1.6.x.3.i386.rpm
RC1=$?
# Check and finish
if [ $RC1 = 0 ]
then
touch $UPDDIR/2.x-60
logger -t "$LOGTAG" "Update 2.x-60 Done."
else
logger -t "$LOGTAG" "Update 2.x-60 FAILED."
fi
fi
###
############################################################################
### Update 2.x-61 - 25/03/2002
# Squid update (SECURITY)
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-61 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-61.tgz .
# Do the things...
/etc/rc.d/init.d/runcache stop
sleep 60
killall -9 squid 2>/dev/null
killall -9 squidGuard 2>/dev/null
tar zxf upd-2.x-61.tgz --directory /
RC=$?
/usr/local/sbin/permslis
/etc/rc.d/init.d/runcache start
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-61
logger -t "$LOGTAG" "Update 2.x-61 Done."
else
logger -t "$LOGTAG" "Update 2.x-61 FAILED."
fi
fi
###
############################################################################
### Update 2.x-62 - 25/03/2002
# SECURITY UPDATE FROM REDHAT:
# http://www.redhat.com/support/errata/RHSA-2002-026.html
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-62 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/zlib-1.1.3-25.6.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/rsync-2.4.6-3.6.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/rmt-0.4b19-5.6x.1.i386.rpm .
# Do the things...
rpm -F zlib-1.1.3-25.6.i386.rpm rsync-2.4.6-3.6.i386.rpm rmt-0.4b19-5.6x.1.i386.rpm
RC=$?
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-62
logger -t "$LOGTAG" "Update 2.x-62 Done."
else
logger -t "$LOGTAG" "Update 2.x-62 FAILED."
fi
fi
###
############################################################################
### Update 2.x-63 - 25/03/2002
# Kernel update
# !! THIS UPDATE WILL BE DONE ONLY BY NIGHT AS IT IS A KERNEL UPDATE !!
# !! WHICH WILL REBOOT THE MACHINE !!
# Obsoletes :
############################################################################
declare -i HOUR
declare -i R
HOUR=`date +%k`
R=$RANDOM
# "$R -lt 3277" in the following line means that this update
# will be executed with a probability of 1/10. This is done to
# prevent an overload of the rsync server.
# To be sure that all your SLIS are up to date, remove this part
# of the test in a couple of weeks, commenting this line and
# commenting out the next one.
#if [ ! \( -e $UPDDIR/2.x-63 \) -a $HOUR -lt 6 -a $R -lt 10000 ]
if [ ! \( -e $UPDDIR/2.x-63 \) -a $HOUR -lt 6 ]
then
if [ "`/bin/uname -v|/bin/grep SMP`" = "" ]
then
SMP=""
SMP2=""
else
SMP="-smp"
SMP2="smp"
fi
PROC=`/bin/uname -m`
if [ "$PROC" = "i486" ]
then
PROC="i386"
fi
. /home/hadmin/setup.data
SMP3=""
if [ "$VTUN" = "1" ]
then
SMP="-smp"
SMP2="smp"
SMP3="smp"
fi
RELEASE=`/bin/uname -r |sed s/smp//`
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/kernel`echo $SMP`-2.2.19-6.2.16.`echo $PROC`.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/mount-2.10r-0.6.x.i386.rpm .
/sbin/insmod loop
rpm -e kernel-utils 2>/dev/null
rpm -F mount-2.10r-0.6.x.i386.rpm
rpm -i kernel`echo $SMP`-2.2.19-6.2.16.`echo $PROC`.rpm
cd /lib/modules/2.2.19-6.2.16`echo $SMP2`/net
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/tun.o .
RC=$?
if [ $RC = 0 ]
then
/sbin/mkinitrd /boot/initrd-2.2.19-6.2.16.img 2.2.19-6.2.16 2>/dev/null
/sbin/mkinitrd /boot/initrd-2.2.19-6.2.16smp.img 2.2.19-6.2.16smp 2>/dev/null
sed "s/$RELEASE/2.2.19-6.2.16$SMP3/g" /etc/lilo.conf > /tmp/lilo.conf
if [ -s /tmp/lilo.conf ]
then
mv -f /tmp/lilo.conf /etc/lilo.conf
/sbin/lilo
rm -f /var/lock/slis_upd*
touch $UPDDIR/2.x-63
logger -t "$LOGTAG" "Update 2.x-63 Done."
/sbin/reboot
killall slis_update
killall slis_update.dev
exit
fi
else
logger -t "$LOGTAG" "Update 2.x-63 FAILED."
fi
fi
###
############################################################################
### Update 2.x-64 - 26/03/2002
# SECURITY: Horde IMP
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-64 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-64.tgz .
# Do the things...
tar zxf upd-2.x-64.tgz --directory /
RC=$?
/usr/local/sbin/permslis
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-64
logger -t "$LOGTAG" "Update 2.x-64 Done."
else
logger -t "$LOGTAG" "Update 2.x-64 FAILED."
fi
fi
###
############################################################################
### Update 2.x-65 - 27/03/2002
# Bug fix: process_subnets.cron was not testing the connection to the
# pgsql server.
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-65 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-65.tgz .
# Do the things...
tar zxf upd-2.x-65.tgz --directory /
RC=$?
/usr/local/sbin/permslis
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-65
logger -t "$LOGTAG" "Update 2.x-65 Done."
else
logger -t "$LOGTAG" "Update 2.x-65 FAILED."
fi
fi
###
############################################################################
### Update 2.x-66 - 03/04/2002
# Performance optimization: changed squid logs rotation script, replaced
# prostat by webalizer, optimized accesslog2sql script, reprogrammed
# crontab.
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-66 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-66.tgz .
# Do the things...
tar zxf upd-2.x-66.tgz --directory /
RC=$?
/usr/local/sbin/permslis
# Check and finish
if [ $RC = 0 ]
then
# Crontab edition
R=$RANDOM
crontab -l |grep -v "access.log squid" | \
grep -v "access_log apache" | \
grep -v "DO NOT EDIT THIS FILE" | \
grep -v "installed on" | \
grep -v "squid_purge" | \
sed "s/Purge squid//" | \
grep -v "Squid rotation/stats calculations" | \
grep -v "Cron version --" > /tmp/cron.$R
echo >> /tmp/cron.$R
echo "# Access logs rotation, sql storing and stats calculation" >> /tmp/cron.$R
echo "30 23 * * * /usr/local/sbin/squid_rotate > /dev/null 2>/dev/null" >> /tmp/cron.$R
echo "30 0 * * * export LANG=C;/usr/local/sbin/accesslog2sql /var/log/httpd/access_log apache > /dev/null 2>/dev/null" >> /tmp/cron.$R
crontab -l > /home/hadmin/updates/cron.2.x-66.bak
crontab /tmp/cron.$R
# Webalizer installation
mkdir /home/hadmin/html/cache_usage
if [ "$LANGUAGE" = "french" ]
then
ln -s /usr/local/sbin/webalizer_french /usr/local/sbin/webalizer
else
ln -s /usr/local/sbin/webalizer_english /usr/local/sbin/webalizer
fi
/usr/local/sbin/webalizer
# Very little bugfix of a previous update
touch /var/log/mysql.log
touch $UPDDIR/2.x-66
logger -t "$LOGTAG" "Update 2.x-66 Done."
else
logger -t "$LOGTAG" "Update 2.x-66 FAILED."
fi
fi
###
############################################################################
### Update 2.x-67 - 10/06/2002
# Bug fix: ADSL was not supported by port redirection function
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-67 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-67.tgz .
# Do the things...
tar zxf upd-2.x-67.tgz --directory /
RC=$?
/usr/local/sbin/permslis
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-67
logger -t "$LOGTAG" "Update 2.x-67 Done."
else
logger -t "$LOGTAG" "Update 2.x-67 FAILED."
fi
fi
###
############################################################################
### Update 2.x-68 - 25/06/2002
# SECURITY: apache
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-68 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/apache-1.3.22-5.6.i386.rpm .
# Do the things...
rpm -U apache-1.3.22-5.6.i386.rpm
RC=$?
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-68
# Httpd restarting
/etc/rc.d/init.d/httpd stop
killall httpd
sleep 5
export PHPRC="/etc"
/etc/rc.d/init.d/httpd start
export PHPRC="/etc/hadmin";/usr/sbin/httpd -f /etc/hadmin/conf/httpd.conf;export -n PHPRC
export PHPRC="/etc/hadmin";/usr/sbin/httpd -f /etc/hadmin/clientgw/conf/httpd.conf;export -n PHPRC
logger -t "$LOGTAG" "Update 2.x-68 Done."
else
logger -t "$LOGTAG" "Update 2.x-68 FAILED."
fi
fi
###
############################################################################
### Update 2.x-69 - 25/06/2002
# SECURITY: imap, fetchmail
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-69 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/imap-2001a-1.62.0.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/fetchmail-5.9.0-9.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/tcpdump-3.6.2-11.6.2.0.i386.rpm .
# Do the things...
rpm -U fetchmail-5.9.0-9.i386.rpm imap-2001a-1.62.0.i386.rpm tcpdump-3.6.2-11.6.2.0.i386.rpm
RC=$?
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-69
logger -t "$LOGTAG" "Update 2.x-69 Done."
else
logger -t "$LOGTAG" "Update 2.x-69 FAILED."
fi
fi
###
############################################################################
### Update 2.x-70 - 25/06/2002
# Bug fix: config_pgsl.inc.php must be world readable if we want IMP working
# and webmaster's scripts able to use it, because of safe mode. It's not a
# problem since there's only one webmaster for the moment. Later, we'll have
# to use a doublon of this file.
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-70 \) ]
then
# Download the update
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-70.tgz .
# Untaring
tar zxf upd-2.x-70.tgz --directory /
RC=$?
/usr/local/sbin/permslis
# Make a backup of config_pgsl.inc.php
cp /home/httpd/html/config_pgsql.inc.php /home/hadmin/
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-70
logger -t "$LOGTAG" "Update 2.x-70 Done."
else
logger -t "$LOGTAG" "Update 2.x-70 FAILED."
fi
fi
###
############################################################################
### Update 2.x-71 - 09/07/2002
# SECURITY: squid
# We use squid from RPM now, so a few more symlinks are created (I like
# spaghettis!)
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-71 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/squid-2.4.STABLE6-6.6.2.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-71.tgz .
# Do the things...
rpm -e squid 2>/dev/null
rpm -U squid-2.4.STABLE6-6.6.2.i386.rpm
RC1=$?
tar zxf upd-2.x-71.tgz --directory /
RC2=$?
# Check and finish
if [ $RC1 = 0 -a $RC2 = 0 ]
then
touch $UPDDIR/2.x-71
/etc/rc.d/init.d/runcache stop
killall -9 RunCache;killall -9 squid;sleep 3
rm -f /etc/squid/squid.conf
ln -s /usr/local/squid/etc/squid.conf /etc/squid/squid.conf
rm -rf /var/log/squid
ln -s /usr/local/squid/logs /var/log/squid
mv -f /usr/local/squid/bin/squid /usr/local/squid/bin/squid.orig
ln -s /usr/sbin/squid /usr/local/squid/bin/squid
/etc/rc.d/init.d/runcache start
logger -t "$LOGTAG" "Update 2.x-71 Done."
else
logger -t "$LOGTAG" "Update 2.x-71 FAILED."
fi
fi
###
############################################################################
### Update 2.x-72 - 09/07/2002
# Unused packages removal (preventive security)
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-72 \) ]
then
rpm -e inews
rpm -e binutils
rpm -e pnm2ppa
rpm -e utempter
rpm -e dosfstools
rpm -e rdist
rpm -e rsh
touch $UPDDIR/2.x-72
logger -t "$LOGTAG" "Update 2.x-72 Done."
fi
###
############################################################################
### Update 2.x-73 - 06/09/2002
# Bug fix: Creating users may be impossible after a restore from scracth
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-73 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-73.tgz .
# Do the things...
tar zxf upd-2.x-73.tgz --directory /
RC=$?
/usr/local/sbin/permslis
# Check and finish
if [ $RC = 0 ]
then
/usr/local/sbin/fix_tables
touch $UPDDIR/2.x-73
logger -t "$LOGTAG" "Update 2.x-73 Done."
else
logger -t "$LOGTAG" "Update 2.x-73 FAILED."
fi
fi
###
############################################################################
### Update 2.x-74 - 14/10/2002
# SECURITY
# Obsoletes :
############################################################################
declare -i HOUR
declare -i R
HOUR=`date +%k`
R=$RANDOM
# "$R -lt 3277" in the following line means that this update
# will be executed with a probability of 1/10. This is done to
# prevent an overload of the rsync server.
# To be sure that all your SLIS are up to date, remove this part
# of the test in a couple of weeks, commenting this line and
# commenting out the next one.
#if [ ! \( -e $UPDDIR/2.x-74 \) -a $HOUR -lt 6 -a $R -lt 3277 ]
if [ ! \( -e $UPDDIR/2.x-74 \) ]
then
# Clean /tmp as we need some space
/usr/sbin/tmpwatch -f 720 /tmp/
rm -f /tmp/kernel*
# Download the files
cd /tmp
# Obsoleted by 2.x-80:
# rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/glibc-2.1.3-27.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/fetchmail-5.9.0-18.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/tar-1.13.25-1.6.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/unzip-5.50-1.62.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/libpng-1.0.14-0.6x.3.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/tcpdump-3.6.2-11.6.2.2.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/krb5-libs-1.1.1-29.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/krb5-configs-1.1.1-29.i386.rpm .
# Do the things...
rpm -U fetchmail-5.9.0-18.i386.rpm \
tar-1.13.25-1.6.i386.rpm unzip-5.50-1.62.i386.rpm \
libpng-1.0.14-0.6x.3.i386.rpm tcpdump-3.6.2-11.6.2.2.i386.rpm \
krb5-libs-1.1.1-29.i386.rpm krb5-configs-1.1.1-29.i386.rpm
RC=$?
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-74
logger -t "$LOGTAG" "Update 2.x-74 Done."
else
logger -t "$LOGTAG" "Update 2.x-74 FAILED."
fi
fi
###
############################################################################
### Update 2.x-75b - 02/04/2003
# SECURITY: openssl
# Obsoletes : 2.x-75
############################################################################
if [ ! \( -e $UPDDIR/2.x-75b \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssl-0.9.6b-32.62.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssl095a-0.9.5a-20.62.i386.rpm .
# Do the things...
rpm -F --nodeps openssl-0.9.6b-32.62.i386.rpm \
openssl095a-0.9.5a-20.62.i386.rpm
RC1=$?
# Check and finish
if [ $RC1 = 0 ]
then
ln -s /lib/libcrypto.so.0.9.6b /lib/libcrypto.so.1 2>/dev/null
/etc/rc.d/init.d/sshd restart
touch $UPDDIR/2.x-75b
logger -t "$LOGTAG" "Update 2.x-75b Done."
else
logger -t "$LOGTAG" "Update 2.x-75b FAILED."
fi
fi
###
############################################################################
### Update 2.x_3.x-01 - 21/10/2002
# Enhancement: Backup/Restore takes now ldap passwords into account
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x_3.x-01 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x_3.x-01.tgz .
# Do the things...
tar zxf upd-2.x_3.x-01.tgz --exclude usr/local/ --directory /
RC=$?
/usr/local/sbin/permslis
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x_3.x-01
logger -t "$LOGTAG" "Update 2.x_3.x-01 Done."
else
logger -t "$LOGTAG" "Update 2.x_3.x-01 FAILED."
fi
fi
###
############################################################################
### Update 2.x-76 - 08/11/2002
# Bug fixes / Enhancements:
# - Set php max_execution_time to 10 minutes, for hadmin
# - Allow .htaccess file creation into /home/httpd/html for authconfigs
# - Added a rm of /var/lib/logrotate.status if empty into squid_rotate
# - Fixed a little bug into administrator.php (erase of hadmin http users
# that contain "admin") thanks to Rennes
# - Fixed the bug for too long urls into accesslog2sql
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-76 \) ]
then
# Increase the php max execution time for hadmin
cp -f /etc/hadmin/php.ini /etc/hadmin/php.ini.upd-2.x-76
perl -pi -e 's/max_execution_time.*=.*/max_execution_time = 600/' /etc/hadmin/php.ini
# New httpd.conf and squid_rotate
cp -f /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.upd-2.x-76
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-76.tgz .
tar zxf upd-2.x-76.tgz --exclude usr/local/ --directory /
RC=$?
/usr/local/sbin/permslis
# Check and finish
if [ $RC = 0 ]
then
killall -HUP httpd
touch $UPDDIR/2.x-76
logger -t "$LOGTAG" "Update 2.x-76 Done."
else
logger -t "$LOGTAG" "Update 2.x-76 FAILED."
fi
fi
###
############################################################################
### Update 2.x-77 - 13/11/2002
# SECURITY: bind
# Enhancement: upgrade to bind 9: same config as for SLIS 3.0, with views
# (new mknamedconf)
# WARNING: you have to set the variable "DEFAULT_DNS" at the top of
# this update.
# CAUTION: UPDATE IS NOT DONE IF KERNEL VERSION < 2.2.19 !!
# Obsoletes :
############################################################################
declare -i KREL=`uname -r |cut -f1 -d-|sed s"/\.//g"`
if [ $KREL -lt 2219 ]
then
logger -t "$LOGTAG" "ALERT: Update 2.x-77 SKIPPED BECAUSE KERNEL IS NOT UP TO DATE!"
logger -t "$LOGTAG" "ALERT: update kernel to 2.2.19 or newer, you have big security holes!"
else
if [ ! \( -e $UPDDIR/2.x-77 \) ]
then
DEFAULT_DNS=193.54.149.10 # Only used if actual nameserver config
# could not be guessed.
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-77.tgz .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/bind-9.2.1-0.6x.3.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/bind-utils-9.2.1-0.6x.3.i386.rpm .
# Do the things...
tar zxf upd-2.x-77.tgz --directory /
rpm -F bind-9.2.1-0.6x.3.i386.rpm bind-utils-9.2.1-0.6x.3.i386.rpm
RC=$?
/usr/local/sbin/permslis
# Check and finish
if [ $RC = 0 ]
then
# Actual DNS configuration guessing
FORWARDERS=`grep forwarders /etc/named.conf \
|head -1|awk -F'[{;}]' '{print $2 " " $3}'`
NS1=`echo $FORWARDERS|awk '{print $1'} \
|egrep "^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}"`
NS2=`echo $FORWARDERS|awk '{print $2'} \
|egrep "^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}"`
# Adding missing variables if needed
# DNS_PRIMARY
if [ "`grep DNS_PRIMARY /home/hadmin/slis.conf.pl`" = "" ]
then
if [ "$NS1" != "" ]
then
echo "DNS_PRIMARY=$NS1" >> /home/hadmin/slis.conf
echo "\$DNS_PRIMARY=\"$NS1\";" >> /home/hadmin/slis.conf.pl
else
echo "DNS_PRIMARY=$DEFAULT_DNS" >> /home/hadmin/slis.conf
echo "\$DNS_PRIMARY=\"$DEFAULT_DNS\";" >> /home/hadmin/slis.conf.pl
fi
fi
# DNS_SECONDARY
if [ "`grep DNS_SECONDARY /home/hadmin/slis.conf.pl`" = "" ]
then
if [ "$NS2" != "" ]
then
echo "DNS_SECONDARY=$NS2" >> /home/hadmin/slis.conf
echo "\$DNS_SECONDARY=\"$NS2\";" >> /home/hadmin/slis.conf.pl
else
if [ "$NS1" != "" ]
then
echo "DNS_SECONDARY=$NS1" >> /home/hadmin/slis.conf
echo "\$DNS_SECONDARY=\"$NS1\";" >> /home/hadmin/slis.conf.pl
else
echo "DNS_SECONDARY=$DEFAULT_DNS" >> /home/hadmin/slis.conf
echo "\$DNS_SECONDARY=\"$DEFAULT_DNS\";" >> /home/hadmin/slis.conf.pl
fi
fi
fi
# GATEWAY
if [ "`grep GATEWAY /home/hadmin/slis.conf.pl`" = "" ]
then
GATEWAY=`grep "ROUTEUR=" /home/hadmin/slis.conf.pl |cut -f2 -d\"`
echo "\$GATEWAY=\"$GATEWAY\";" >> /home/hadmin/slis.conf.pl
fi
# ROUTER_TYPE
if [ "`grep ROUTER_TYPE /home/hadmin/slis.conf.pl`" = "" ]
then
if [ "`ps awux |grep pppoe|grep -v grep`" != "" ]
then
echo "\$ROUTER_TYPE=\"9\";" >> /home/hadmin/slis.conf.pl
fi
fi
# Zones creation
/usr/local/sbin/mknamedzones
# For a SLIS pppoe in auto mode, we need to restart the connection to force
# a DNS reconfiguration
if [ "`ps awux |grep pppoe|grep -v grep`" != "" -a \
"`egrep "DNS_PRIMARY.*auto" /home/hadmin/slis.conf.pl`" != "" ]
then
killall pppoe 2>/dev/null
sleep 30
# Else, we restart normaly
else
cp -f /etc/named.conf /etc/named.conf.upd-2.x-77
/usr/local/sbin/mknamedconf > /etc/named.conf
/etc/rc.d/init.d/named restart
fi
touch $UPDDIR/2.x-77
logger -t "$LOGTAG" "Update 2.x-77 Done."
else
logger -t "$LOGTAG" "Update 2.x-77 FAILED."
fi
sleep 60
fi
fi
###
############################################################################
### Update 2.x-78b - 27/11/2002
# Kernel update
# !! THIS UPDATE WILL BE DONE ONLY BY NIGHT AS IT IS A KERNEL UPDATE !!
# !! WHICH WILL REBOOT THE MACHINE !!
# Obsoletes : 2.x-63, 2.x-78
############################################################################
declare -i HOUR
declare -i R
HOUR=`date +%k`
R=$RANDOM
# "$R -lt 3277" in the following line means that this update
# will be executed with a probability of 1/10. This is done to
# prevent an overload of the rsync server.
# To be sure that all your SLIS are up to date, remove this part
# of the test in a couple of weeks, commenting this line and
# commenting out the next one.
#if [ ! \( -e $UPDDIR/2.x-78b \) -a $HOUR -lt 6 -a $R -lt 3277 ]
if [ ! \( -e $UPDDIR/2.x-78b \) -a $HOUR -lt 6 ]
then
if [ "`/bin/uname -v|/bin/grep SMP`" = "" ]
then
SMP=""
SMP2=""
else
SMP="-smp"
SMP2="smp"
fi
PROC=`/bin/uname -m`
if [ "$PROC" = "i486" ]
then
PROC="i386"
fi
. /home/hadmin/setup.data
SMP3=""
if [ "$VTUN" = "1" ]
then
SMP="-smp"
SMP2="smp"
SMP3="smp"
fi
RELEASE=`/bin/uname -r |sed s/smp//`
# Some 2.1 have a bugged lilo.conf:
if [ "$RELEASE" = "2.2.19-6.2.1" -o "$RELEASE" = "2.2.19-6.2.1smp" ]
then
perl -pi -e 's/2.2.19-6.2.16/2.2.19-6.2.1/' /etc/lilo.conf
fi
cd /tmp
rm -f kernel-*
rm -f glibc-*
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/kernel`echo $SMP`-2.2.22-6.2.3.`echo $PROC`.rpm .
RC=$?
/sbin/insmod loop
rpm --rebuilddb
rpm -e kernel-utils 2>/dev/null
if [ -e $UPDDIR/2.x-78 ]
then
rpm -U kernel`echo $SMP`-2.2.22-6.2.3.`echo $PROC`.rpm
else
# Keep the old kernel in case of a problem
rpm -i kernel`echo $SMP`-2.2.22-6.2.3.`echo $PROC`.rpm
fi
cd /lib/modules/2.2.22-6.2.3`echo $SMP2`/net
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/tun.o.2.2.22-6.2.3 ./tun.o
if [ $RC = 0 ]
then
/sbin/mkinitrd /boot/initrd-2.2.22-6.2.3.img 2.2.22-6.2.3 2>/dev/null
/sbin/mkinitrd /boot/initrd-2.2.22-6.2.3smp.img 2.2.22-6.2.3smp 2>/dev/null
sed "s/$RELEASE/2.2.22-6.2.3/g" /etc/lilo.conf > /tmp/lilo.conf
if [ -s /tmp/lilo.conf ]
then
mv -f /tmp/lilo.conf /etc/lilo.conf
/sbin/lilo; LILORC=$?
rm -f /var/lock/slis_upd*
touch $UPDDIR/2.x-78b
logger -t "$LOGTAG" "Update 2.x-78b Done."
if [ $LILORC = 0 ]
then
/sbin/reboot
else
logger -t "$LOGTAG" "Update 2.x-78b: ERROR INTO LILO CONFIG"
echo "$HOSTNAME problem with lilo" | mail -s "ERREUR MAJ 2.x-78b" $SLISMASTER
fi
killall slis_update
killall slis_update.dev
exit
fi
else
logger -t "$LOGTAG" "Update 2.x-78b FAILED."
fi
fi
###
############################################################################
### Update 2.x-79 - 22/11/2002
# SECURITY: krb5 and ypserv
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-79 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/krb5-libs-1.1.1-30.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/krb5-configs-1.1.1-30.i386.rpm .
# Do the things...
rpm -e ypserv 2>/dev/null
rpm -F krb5-libs-1.1.1-30.i386.rpm krb5-configs-1.1.1-30.i386.rpm
RC=$?
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-79
logger -t "$LOGTAG" "Update 2.x-79 Done."
else
logger -t "$LOGTAG" "Update 2.x-79 FAILED."
fi
fi
###
############################################################################
### Update 2.x-80 - 28/11/2002
# SECURITY: https://rhn.redhat.com/errata/RHSA-2002-197.html
# Obsoletes : A part of 2.x-74
############################################################################
declare -i HOUR
declare -i R
HOUR=`date +%k`
R=$RANDOM
# "$R -lt 3277" in the following line means that this update
# will be executed with a probability of 1/10. This is done to
# prevent an overload of the rsync server.
# To be sure that all your SLIS are up to date, remove this part
# of the test in a couple of weeks, commenting this line and
# commenting out the next one.
if [ ! \( -e $UPDDIR/2.x-80 \) -a $HOUR -lt 6 -a $R -lt 3277 ]
#if [ ! \( -e $UPDDIR/2.x-80 \) ]
then
# Clean /tmp as we need some space
/usr/sbin/tmpwatch -f 720 /tmp/
rm -f /tmp/kernel*
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/glibc-2.1.3-28.i386.rpm .
# Do the things...
rpm -F glibc-2.1.3-28.i386.rpm
RC=$?
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-80
logger -t "$LOGTAG" "Update 2.x-80 Done."
else
logger -t "$LOGTAG" "Update 2.x-80 FAILED."
fi
fi
###
############################################################################
### Update 2.x-81 - 06/12/2002
# Bug fix: Passwd changing does not work when supplied password is >8 chars
# Obsoletes : 2.x_3.x-02: it was not good for 2.x version, only 3.x working.
############################################################################
if [ ! \( -e $UPDDIR/2.x-81 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-81.tgz .
# Do the things...
tar zxf upd-2.x-81.tgz --directory /
RC=$?
/usr/local/sbin/permslis
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-81
logger -t "$LOGTAG" "Update 2.x-81 Done."
else
logger -t "$LOGTAG" "Update 2.x-81 FAILED."
fi
fi
###
############################################################################
### Update 2.x-82 - 06/12/2002
# Security: Secure sshd configuration, thanks to Pierre Barabagelata (Nice)
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-82 \) ]
then
perl -pi -e 's/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
perl -pi -e 's/#PAMAuthenticationViaKbdInt yes/PAMAuthenticationViaKbdInt no/' /etc/ssh/sshd_config
/etc/rc.d/init.d/sshd restart
touch $UPDDIR/2.x-82
logger -t "$LOGTAG" "Update 2.x-82 Done."
fi
###
############################################################################
### Update 2.x-83 - 11/12/2002
# Security: https://rhn.redhat.com/errata/RHSA-2002-229.html
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/3.x-83 -o -e $UPDDIR/2.x-83 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/wget-1.8.2-4.6x.i386.rpm .
# Do the things...
rpm -F wget-1.8.2-4.6x.i386.rpm
RC1=$?
# Check and finish
if [ $RC1 = 0 ]
then
touch $UPDDIR/2.x-83
logger -t "$LOGTAG" "Update 2.x-83 Done."
else
logger -t "$LOGTAG" "Update 2.x-83 FAILED."
fi
fi
###
############################################################################
### Update 2.x-84 - 17/12/2002
# Security: Apache update: https://rhn.redhat.com/errata/RHSA-2002-222.html
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-84 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/apache-1.3.27-1.6.2.i386.rpm .
# Do the things...
if [ -e /home/httpd/html/index.html ]
then
INDEX_EXISTS=1
else
INDEX_EXISTS=0
fi
rpm -F apache-1.3.27-1.6.2.i386.rpm
RC1=$?
# Check and finish
if [ $RC1 = 0 ]
then
# This is to prevent the apache test page from appearing instead of
# an already index.php or index.htm present page:
if [ $INDEX_EXISTS = 0 ]
then
mv -f /home/httpd/html/index.html /home/httpd/html/index.html.rpm 2>/dev/null
fi
/etc/rc.d/init.d/httpd stop > /dev/null
killall httpd 2> /dev/null
sleep 5
killall -9 httpd 2> /dev/null
sleep 2
/etc/rc.d/init.d/httpd start > /dev/null
export PHPRC="/etc/hadmin";/usr/sbin/httpd -f /etc/hadmin/conf/httpd.conf;export -n PHPRC
export PHPRC=/etc/hadmin;/usr/sbin/httpd -f /etc/hadmin/clientgw/conf/httpd.conf;export -n PHPRC
touch $UPDDIR/2.x-84
logger -t "$LOGTAG" "Update 2.x-84 Done."
else
logger -t "$LOGTAG" "Update 2.x-84 FAILED."
fi
fi
###
############################################################################
### Update 2.x-85 - 18/12/2002
# Security: https://rhn.redhat.com/errata/RHSA-2002-293.html
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-85 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/fetchmail-5.9.0-21.6.2.i386.rpm .
# Do the things...
rpm -F fetchmail-5.9.0-21.6.2.i386.rpm
RC1=$?
# Check and finish
if [ $RC1 = 0 ]
then
touch $UPDDIR/2.x-85
logger -t "$LOGTAG" "Update 2.x-85 Done."
else
logger -t "$LOGTAG" "Update 2.x-85 FAILED."
fi
fi
###
############################################################################
### Update 2.x-86 - 19/12/2002
# Bug fix: Safe mode restriction did not allowed inclusion of config_pgsql.inc.php
# from custom php scripts and webmail working at the same time because of
# permissions on this file.
# Obsoletes:
############################################################################
if [ ! \( -e $UPDDIR/2.x-86 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-86.tgz .
# Do the things...
tar zxf upd-2.x-86.tgz --directory /
RC=$?
cp -f /home/httpd/html/config_pgsql.inc.php /usr/share/php/
perl -pi -e "s,\.\./\.\./config_pgsql\.inc\.php,config_pgsql.inc.php," /home/httpd/html/horde/imp/config/defaults.php3
bash /usr/local/sbin/permslis
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-86
logger -t "$LOGTAG" "Update 2.x-86 Done."
else
logger -t "$LOGTAG" "Update 2.x-86 FAILED."
fi
fi
###
############################################################################
### Update 2.x-89 - 07/02/2003
# Bug fix: logrotate not up to date, so apache log files are not rotated
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-89 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/logrotate-3.5.2-0.6.i386.rpm .
# Do the things...
rpm -F logrotate-3.5.2-0.6.i386.rpm
RC1=$?
# Check and finish
if [ $RC1 = 0 ]
then
touch $UPDDIR/2.x-89
logger -t "$LOGTAG" "Update 2.x-89 Done."
else
logger -t "$LOGTAG" "Update 2.x-89 FAILED."
fi
fi
###
############################################################################
### Update 2.x-90 - 11/02/2003
# SECURITY:
# https://rhn.redhat.com/errata/RHSA-2003-006.html
# https://rhn.redhat.com/errata/RHSA-2002-297.html
# https://rhn.redhat.com/errata/RHSA-2003-020.html
# https://rhn.redhat.com/errata/RHSA-2003-040.html
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-90 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/vim-common-6.1-18.6x.3.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/vim-minimal-6.1-18.6x.3.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/krb5-libs-1.1.1-32.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/krb5-configs-1.1.1-32.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openldap-1.2.13-2.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openldap-servers-1.2.13-2.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/libpng-1.0.14-0.6x.4.i386.rpm .
# Do the things...
rpm -F vim-common-6.1-18.6x.3.i386.rpm vim-minimal-6.1-18.6x.3.i386.rpm \
krb5-libs-1.1.1-32.i386.rpm krb5-configs-1.1.1-32.i386.rpm \
openldap-1.2.13-2.i386.rpm openldap-servers-1.2.13-2.i386.rpm \
libpng-1.0.14-0.6x.4.i386.rpm
RC1=$?
# Check and finish
if [ $RC1 = 0 ]
then
touch $UPDDIR/2.x-90
logger -t "$LOGTAG" "Update 2.x-90 Done."
else
logger -t "$LOGTAG" "Update 2.x-90 FAILED."
fi
fi
###
############################################################################
### Update 2.x-91 - 21/02/2003
# SECURITY:
# https://rhn.redhat.com/errata/RHSA-2003-029.html
# https://rhn.redhat.com/errata/RHSA-2003-015.html
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-91 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/lynx-2.8.3-2.1.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/fileutils-4.0-21.1.i386.rpm .
# Do the things...
rpm -F lynx-2.8.3-2.1.i386.rpm fileutils-4.0-21.1.i386.rpm
RC1=$?
# Check and finish
if [ $RC1 = 0 ]
then
touch $UPDDIR/2.x-91
logger -t "$LOGTAG" "Update 2.x-91 Done."
else
logger -t "$LOGTAG" "Update 2.x-91 FAILED."
fi
fi
###
############################################################################
### Update 2.x-92 - 19/03/2003
# SECURITY: sendmail, file
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-92 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/sendmail-8.11.6-1.62.2.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/file-3.39-8.6x.i386.rpm .
# Do the things...
rpm -F sendmail-8.11.6-1.62.2.i386.rpm file-3.39-8.6x.i386.rpm
RC1=$?
# Check and finish
if [ $RC1 = 0 ]
then
/etc/rc.d/init.d/sendmail restart
touch $UPDDIR/2.x-92
logger -t "$LOGTAG" "Update 2.x-92 Done."
else
logger -t "$LOGTAG" "Update 2.x-92 FAILED."
fi
fi
###
############################################################################
### Update 2.x-93 - 19/03/2003
# SECURITY: openssl
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-93 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssl-0.9.6b-30.62.i386.rpm .
# Do the things...
rpm -F --nodeps openssl-0.9.6b-30.62.i386.rpm
RC1=$?
# Check and finish
if [ $RC1 = 0 ]
then
touch $UPDDIR/2.x-93
logger -t "$LOGTAG" "Update 2.x-93 Done."
else
logger -t "$LOGTAG" "Update 2.x-93 FAILED."
fi
fi
###
############################################################################
### Update 2.x-80b - 20/03/2003
# SECURITY: https://rhn.redhat.com/errata/RHSA-2003-089.html
# Obsoletes : 2.x-80, a part of 2.x-74
############################################################################
declare -i HOUR
declare -i R
HOUR=`date +%k`
R=$RANDOM
# "$R -lt 3277" in the following line means that this update
# will be executed with a probability of 1/10. This is done to
# prevent an overload of the rsync server.
# To be sure that all your SLIS are up to date, remove this part
# of the test in a couple of weeks, commenting this line and
# commenting out the next one.
if [ ! \( -e $UPDDIR/2.x-80b \) -a $HOUR -lt 6 -a $R -lt 3277 ]
#if [ ! \( -e $UPDDIR/2.x-80b \) ]
then
# Clean /tmp as we need some space
/usr/sbin/tmpwatch -f 720 /tmp/
rm -f /tmp/kernel*
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/glibc-2.1.3-29.i386.rpm .
# Do the things...
rpm -F glibc-2.1.3-29.i386.rpm
RC=$?
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-80b
logger -t "$LOGTAG" "Update 2.x-80b Done."
else
logger -t "$LOGTAG" "Update 2.x-80b FAILED."
fi
fi
###
############################################################################
### Update 2.x-94 - 01/04/2003
# SECURITY: sendmail, krb, samba
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-94 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/sendmail-8.11.6-1.62.3.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/krb5-libs-1.1.1-40.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/krb5-configs-1.1.1-40.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/samba-2.0.10-1.62.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/samba-common-2.0.10-1.62.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/samba-client-2.0.10-1.62.i386.rpm .
# Do the things...
rpm -F sendmail-8.11.6-1.62.3.i386.rpm krb5-libs-1.1.1-40.i386.rpm \
krb5-configs-1.1.1-40.i386.rpm samba-client-2.0.10-1.62.i386.rpm \
samba-2.0.10-1.62.i386.rpm samba-common-2.0.10-1.62.i386.rpm
RC1=$?
# Check and finish
if [ $RC1 = 0 ]
then
/etc/rc.d/init.d/sendmail restart
mv -f /etc/logrotate.d/samba.rpmsave /etc/logrotate.d/samba
touch $UPDDIR/2.x-94
logger -t "$LOGTAG" "Update 2.x-94 Done."
else
logger -t "$LOGTAG" "Update 2.x-94 FAILED."
fi
fi
###
############################################################################
### Update 2.x-95 - 08/04/2003
# SECURITY: samba
# Obsoletes :
############################################################################
#if [ ! \( -e $UPDDIR/2.x-95 \) ]
#then
# Download the files
# cd /tmp
# rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/samba-2.2.7-3.6.2.i386.rpm .
# rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/samba-common-2.2.7-3.6.2.i386.rpm .
# rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/samba-client-2.2.7-3.6.2.i386.rpm .
# Do the things...
# cp /etc/smb.conf /etc/smb.conf.2.x-95
# rpm -F --nodeps samba-common-2.2.7-3.6.2.i386.rpm samba-2.2.7-3.6.2.i386.rpm samba-client-2.2.7-3.6.2.i386.rpm
# mv -f /etc/smb.conf.2.x-95 /etc/smb.conf
# RC1=$?
# Check and finish
# if [ $RC1 = 0 ]
# then
# mv /etc/samba/smb.conf /etc/samba/smb.conf.rpm
# ln -s /etc/smb.conf /etc/samba/smb.conf
# mv -f /etc/logrotate.d/samba /etc/logrotate.d/samba.old
# mv -f /etc/logrotate.d/samba.rpmnew /etc/logrotate.d/samba
# /etc/rc.d/init.d/smb restart
# touch $UPDDIR/2.x-95
# logger -t "$LOGTAG" "Update 2.x-95 Done."
# else
# logger -t "$LOGTAG" "Update 2.x-95 FAILED."
# fi
#fi
###
############################################################################
### Update 2.x-95b - 11/04/2003
# SECURITY: samba
# Obsoletes : 2.x-95 (was bugged)
############################################################################
if [ ! \( -e $UPDDIR/2.x-95b \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/samba-2.2.8a-1.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-95b.tgz .
# Do the things...
cp /etc/smb.conf /etc/smb.conf.2.x-95b
rpm -F samba-2.2.8a-1.i386.rpm
RC1=$?
tar zxf upd-2.x-95b.tgz --exclude usr/local/ --directory /
RC2=$?
# Check and finish
if [ $RC1 = 0 -a $RC2 = 0 ]
then
RUNNING=`ps awux |grep smb |grep -v grep`
if [ "$RUNNING" != "" ]
then
/etc/rc.d/init.d/smb stop
sleep 5
/etc/rc.d/init.d/smb start
fi
touch $UPDDIR/2.x-95b
logger -t "$LOGTAG" "Update 2.x-95b Done."
else
logger -t "$LOGTAG" "Update 2.x-95b FAILED."
fi
fi
###
############################################################################
### Update 2.x-96 - 11/04/2003
# SECURITY: samba does not start at boot since 2.x-95
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-96 \) ]
then
. /home/hadmin/slis.conf
if [ "$SAMBA" = "1" -o "$CYBERECOLE" = "1" -o "CYBERSCHOOL" = 1 ]
then
/sbin/chkconfig --add smb
/sbin/chkconfig smb on
fi
touch $UPDDIR/2.x-96
logger -t "$LOGTAG" "Update 2.x-96 Done."
fi
###
############################################################################
### Update 2.x-97 - 14/04/2003
# SECURITY: some smb.conf disapeared!
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-97 \) ]
then
cp -f /etc/smb.conf /etc/smb.conf.2.x-97
mv -f /etc/samba/smb.conf /etc/samba/smb.conf.orig
ln -s /etc/smb.conf /etc/samba/smb.conf
/usr/local/sbin/valid
touch $UPDDIR/2.x-97
logger -t "$LOGTAG" "UPDATE 2.x-97 Done."
fi
############################################################################
### Update 2.x-98 - 15/04/2003
# Bug fix: when deleting and creating again a group, the home into
# cyberschool directory had not the good perms.
# Obsoletes:
############################################################################
if [ ! \( -e $UPDDIR/2.x-98 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-98.tgz .
# Do the things...
tar zxf upd-2.x-98.tgz --directory /
RC=$?
# Check and finish
if [ $RC = 0 ]
then
/usr/local/sbin/valid
touch $UPDDIR/2.x-98
logger -t "$LOGTAG" "Update 2.x-98 Done."
else
logger -t "$LOGTAG" "Update 2.x-98 FAILED."
fi
fi
###
############################################################################
### Update 2.x-95c - 15/04/2003
# SECURITY: samba
# This is the RH 6.2 update SRPM patched from
# http://fi.samba.org/samba/ftp/WHATSNEW-2.2.8a.txt
# Obsoletes : 2.x-95 (was bugged) and 2.x-95b (samba 2.2.8a was instable on
# redhat 6.2)
############################################################################
if [ ! \( -e $UPDDIR/2.x-95c \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/samba-2.0.10-2.62.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/samba-common-2.0.10-2.62.i386.rpm .
# Do the things...
cp /etc/smb.conf /etc/smb.conf.2.x-95c
rpm --oldpackage -U samba-2.0.10-2.62.i386.rpm samba-common-2.0.10-2.62.i386.rpm
RC1=$?
# Check and finish
if [ $RC1 = 0 ]
then
RUNNING=`ps awux |grep smb |grep -v grep`
if [ "$RUNNING" != "" ]
then
/etc/rc.d/init.d/smb stop
sleep 5
/etc/rc.d/init.d/smb start
fi
/usr/local/sbin/valid
touch $UPDDIR/2.x-95c
logger -t "$LOGTAG" "Update 2.x-95c Done."
else
logger -t "$LOGTAG" "Update 2.x-95c FAILED."
fi
fi
###
############################################################################
### Update 2.x-99 - 16/04/2003
# SECURITY: postgresql
# Obsoletes : 2.x-87 (never published)
############################################################################
if [ ! \( -e $UPDDIR/2.x-99 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/postgresql-server-7.0.3-9.2.62.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/postgresql-7.0.3-9.2.62.i386.rpm .
# Do the things...
/etc/rc.d/init.d/postgresql stop
sleep 10
rpm -F --nodeps postgresql-server-7.0.3-9.2.62.i386.rpm postgresql-7.0.3-9.2.62.i386.rpm
RC1=$?
# Check and finish
if [ $RC1 = 0 ]
then
killall postmaster
sleep 1
killall -9 postmaster
sleep 1
rm -f /var/lib/pgsql/data/postmaster.pid
/etc/rc.d/init.d/postgresql start
touch $UPDDIR/2.x-99
logger -t "$LOGTAG" "Update 2.x-99 Done."
else
logger -t "$LOGTAG" "Update 2.x-99 FAILED."
fi
fi
###
############################################################################
### Update 2.x-100 - 10/07/2003
# Smarter slis_update script. It tests the connection to the rsync
# host before starting the updates.
# Warning! This update needs TESTFILES.* to be in place, not only upd-2.x-100.tgz!
# Obsolletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-100 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-100.tgz .
# Do the things....
tar zxf upd-2.x-100.tgz
RC=$?
# Check and finish
if [ $RC = 0 ]
then
echo "mv -f /tmp/slis_update_3_1_slisv2.bash /usr/local/sbin/slis_update" | at now + 20 minutes
touch $UPDDIR/2.x-100
logger -t "$LOGTAG" "Update 2.x-100 Done."
else
logger -t "$LOGTAG" "Update 2.x-100 FAILED."
fi
fi
###
############################################################################
### Update 2.x-101 - 08/09/2003
# SECURITY: ftpd
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-101 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/wu-ftpd-2.6.2-11.73-62.1.i386.rpm .
# Do the things...
ln -s /lib/libssl.so.0.9.6b /lib/libssl.so.1
rpm -F --nodeps wu-ftpd-2.6.2-11.73-62.1.i386.rpm
RC1=$?
# Check and finish
if [ $RC1 = 0 ]
then
/etc/init.d/inet restart
touch $UPDDIR/2.x-101
logger -t "$LOGTAG" "Update 2.x-101 Done."
else
logger -t "$LOGTAG" "Update 2.x-101 FAILED."
fi
fi
###
############################################################################
### Update 2.x-102 - 08/09/2003
# SECURITY: Disabling swat, telnet (unusefull) and auth
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-102 \) ]
then
/bin/cp -f /etc/inetd.conf /etc/inetd.conf.2.x-102
/usr/bin/perl -pi -e "s/^swat/#swat/" /etc/inetd.conf
/usr/bin/perl -pi -e "s/^telnet/#telnet/" /etc/inetd.conf
/etc/rc.d/init.d/inet restart
/etc/rc.d/init.d/identd stop
/sbin/chkconfig identd off
touch $UPDDIR/2.x-102
logger -t "$LOGTAG" "Update 2.x-102 Done."
fi
###
############################################################################
### Update 2.x-104 - 18/09/2003
# SECURITY: openssh
# Obsoletes : 2.x-103
############################################################################
if [ ! \( -e $UPDDIR/2.x-104 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssh-3.1p1-13slis2x.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssh-server-3.1p1-13slis2x.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/openssh-clients-3.1p1-13slis2x.i386.rpm .
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/sendmail-8.11.6-27.62.i386.rpm .
# Do the things...
rpm -F --nodeps openssh-3.1p1-13slis2x.i386.rpm \
openssh-server-3.1p1-13slis2x.i386.rpm \
openssh-clients-3.1p1-13slis2x.i386.rpm \
sendmail-8.11.6-27.62.i386.rpm
RC1=$?
# Check and finish
if [ $RC1 = 0 ]
then
/etc/rc.d/init.d/sshd restart
/etc/rc.d/init.d/sendmail stop
sleep 5
killall -9 sendmail 2> /dev/null
sleep 1
/etc/rc.d/init.d/sendmail start
touch $UPDDIR/2.x-104
logger -t "$LOGTAG" "Update 2.x-104 Done."
else
logger -t "$LOGTAG" "Update 2.x-104 FAILED."
fi
fi
###
############################################################################
### Update 2.x-105b - 18/05/2004
# SECURITY: firewall is not started at boot since update CP-2
# Obsoletes : 2.x-105
############################################################################
if [ ! \( -e $UPDDIR/2.x-105b \) ]
then
NEEDED=`grep mkfilters /etc/rc.d/rc.local`
if [ "$NEEDED" = "" ]
then
perl -pi -e "s;Activation du routage avec translation.*;Router and Firewall activation\n /usr/local/sbin/mkfilters;" /etc/rc.d/rc.local
perl -pi -e "s;NAT activation.*;Router and Firewall activation\n /usr/local/sbin/mkfilters;" /etc/rc.d/rc.local
/usr/local/sbin/mkfilters
fi
touch $UPDDIR/2.x-105b
logger -t "$LOGTAG" "Update 2.x-105b Done."
fi
############################################################################
# Update 2.x-106 - 06/05/2004
# SECURITY: Fixes a vulnerability of the web server configuration: one could
# do a privilege escalation by using SSI and a mistake in the permission of
# the httpd.conf file. Thanx to Jean Diraison, from Versailles!
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-106 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-106.tgz .
# Do the things ...
tar xfz upd-2.x-106.tgz --exclude usr/local/ --directory /
RC=$?
bash /usr/local/sbin/permslis
perl -pi -e "s/AddHandler server-parsed/#AddHandler server-parsed/" /etc/httpd/conf/httpd.conf
killall -HUP httpd
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-106
logger -t "$LOGTAG" "Update 2.x-106 Done."
else
logger -t "$LOGTAG" "Update 2.x-106 FAILED."
fi
fi
###
############################################################################
# Update 2.x-107 - 11/05/2004
# BUG FIX: 2.x-106 side effect: administrator could not change passwd anymore
# SECURITY: The admin could pass arbitrary commands to root by using well
# constructed urls sent to the services.php script. (Thanx to Jean Diraison)
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-107 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-107.tgz .
# Do the things ...
tar xfz upd-2.x-107.tgz --exclude usr/local/ --directory /
RC=$?
bash /usr/local/sbin/permslis
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-107
logger -t "$LOGTAG" "Update 2.x-107 Done."
else
logger -t "$LOGTAG" "Update 2.x-107 FAILED."
fi
fi
###
############################################################################
# Update 2.x-108 - 23/06/2004
# Bug fix: precompiled adult database was not loaded by squidguard
# (new mksquidguardconf script)
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/2.x-108 \) ]
then
# Download the files
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/upd-2.x-108.tgz .
# Do the things ...
tar xfz upd-2.x-108.tgz --exclude usr/local/ --directory /
RC=$?
bash /usr/local/sbin/permslis
/usr/local/sbin/mksquidguardconf
killall -HUP squid
# Check and finish
if [ $RC = 0 ]
then
touch $UPDDIR/2.x-108
logger -t "$LOGTAG" "Update 2.x-108 Done."
else
logger -t "$LOGTAG" "Update 2.x-108 FAILED."
fi
fi
###
############################################################################
### Mise a jour PQ - 05/04/2000
# Nouveau script /usr/local/sbin/process_queue
# Rend obsolete : 004-0 a 004-7 et PQ-1 PQ-2 PQ-3 PQ-4 PQ-5 PQ-6 PQ-7 ...
# Si un nouveau process_queue est rΘalisΘ, juste remplacer le numero de
# version et le fichier.
# ATTENTION: Laisser cette UPD en fin de fichier, avant les UPD KERNEL.
############################################################################
VERSION=15
DELAI=5 # Delai en minutes. C'est le temps estime que prendra l'execution de
# la fin de ce script plus une marge (install d'un nouveau slis)...
if [ ! \( -e $UPDDIR/PQ-$VERSION \) ]
then
PAS_UPD_KERNEL=1 # Empeche de faire une update du noyau
# Telechargement du nouveau fichier
cd /tmp
rsync rsync://$RSYNC_HOST/$RSYNC_MODULE/process_queue-2.x .
mv -f process_queue-2.x process_queue
# Si slis_update est lance par process_queue, il faut faire attention
# a ne pas le remplacer tout de suite:
PS=`ps auwx | grep process_queue|grep -v grep`
if [ "$PS" != "" ]
then
echo "mv -f /tmp/process_queue /usr/local/sbin/ ; chmod 700 /usr/local/sbin/process_queue" | at now + $DELAI minutes
else
mv -f /tmp/process_queue /usr/local/sbin/ ; chmod 700 /usr/local/sbin/process_queue
fi
touch $UPDDIR/PQ-$VERSION
logger -t "$LOGTAG" "UPDATE PQ-$VERSION effectuee."
fi
###
############################################################################
### NOTIFY update - 29/04/99
# Notify installation of a new SLIS
# Obsoletes :
############################################################################
if [ ! \( -e $UPDDIR/NOTIFY-2.1 \) ]
then
echo "$HOSTNAME installed" | mail -s "New SLIS 2.1" $SLISMASTER
sleep 2
/usr/lib/sendmail -q
killall crond
sleep 1
crond
touch $UPDDIR/NOTIFY-2.1
logger -t "$LOGTAG" "NOTIFY sent."
fi
###
##############################
logger -t "$LOGTAG" "Script Version 2.1 ended."
/bin/rm -rf /var/lock/slis_upd