From ffe420b0e4d6833ac74994b86536a77baa76d82b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Tue, 13 Aug 2019 17:30:49 +0200 Subject: [PATCH 1/5] etc-git: add etc-git-status.sh script for #44 The main idea is to send "non commited /etc" message to all last sysadmins connected in the last 7 days. --- etc-git/files/etc-git-status.sh | 58 +++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 etc-git/files/etc-git-status.sh diff --git a/etc-git/files/etc-git-status.sh b/etc-git/files/etc-git-status.sh new file mode 100644 index 00000000..f1fce51c --- /dev/null +++ b/etc-git/files/etc-git-status.sh @@ -0,0 +1,58 @@ +#!/bin/bash +set -e +export TERM=screen +export LC_ALL=C + +hostname=$(grep HOSTNAME /etc/evomaintenance.cf | cut -d'=' -f2) +hostname=${hostname%%.evolix.net} +template=$(mktemp --tmpdir=/tmp etc-git-status.XXX) +body=$(mktemp --tmpdir=/tmp etc-git-status.XXX) +lastLogOutput=$(mktemp --tmpdir=/tmp etc-git-status.XXX) +gitOutput=$(mktemp --tmpdir=/tmp etc-git-status.XXX) +lastTime=7 +uidRange="2000-2099" + +# Remove temporary files on exit +trap "rm $lastLogOutput" EXIT + +# Get last admins connected +lastlog -t $lastTime -u $uidRange > $lastLogOutput + +# Add these admins to an array if there are +lastLogOutputCount=$(wc -l $lastLogOutput | awk '{ print $1 }') +if [ $lastLogOutputCount -gt 1 ]; then + while read line; do + user=$(awk '{ print $1 }' <<< $line) + if [ $user != "Username" ]; then + lastAdmins="$lastAdmins${user}@evolix.fr, " + fi + done < $lastLogOutput +else + lastAdmins="$lastAdmins" +fi + +# Send the mail +git --git-dir=/etc/.git --work-tree=/etc status --short > $gitOutput +if [ $gitOuput -n ]; then + cat << EOT > $template +Content-Type: text/plain; charset="utf-8" +Reply-To: Équipe Evolix +From: Équipe Evolix +To: $lastAdmins +Subject: Non commited /etc for server $hostname +EOT + cat << EOT > $body +Dear ${lastAdmins} + +As you were connected on $hostname in the last 7 days, please commit modifications on /etc. +You should use evomaintenance for that. + +git status: + +$(<$gitOutput) + +-- +etc-git-status.sh +EOT + mutt -x -e 'set send_charset="utf-8"' -H $template < $body +fi -- 2.39.2 From 9a18ca9c131d9c32e6aee64ffb47d62a877e2aa7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Wed, 14 Aug 2019 09:33:44 +0200 Subject: [PATCH 2/5] etc-git: Cron use etc-git-status.sh script --- etc-git/templates/etc-git-status.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/etc-git/templates/etc-git-status.j2 b/etc-git/templates/etc-git-status.j2 index e1696c54..ee6d9a74 100644 --- a/etc-git/templates/etc-git-status.j2 +++ b/etc-git/templates/etc-git-status.j2 @@ -1,4 +1,4 @@ # {{ ansible_managed }} -@hourly root who > /dev/null || git --git-dir=/etc/.git --work-tree=/etc status --short -21 21 * * * root git --git-dir=/etc/.git --work-tree=/etc status --short +@hourly root who > /dev/null || /usr/share/scripts/etc-git-status.sh +21 21 * * * root /usr/share/scripts/etc-git-status.sh -- 2.39.2 From 0a7c0b582e90e23d7cecb67d9ea85035d881c9d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Wed, 14 Aug 2019 09:35:05 +0200 Subject: [PATCH 3/5] etc-git: Clean all tmpfiles --- etc-git/files/etc-git-status.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc-git/files/etc-git-status.sh b/etc-git/files/etc-git-status.sh index f1fce51c..ceb22d63 100644 --- a/etc-git/files/etc-git-status.sh +++ b/etc-git/files/etc-git-status.sh @@ -13,7 +13,7 @@ lastTime=7 uidRange="2000-2099" # Remove temporary files on exit -trap "rm $lastLogOutput" EXIT +trap "rm $lastLogOutput $template $body $gitOutput" EXIT # Get last admins connected lastlog -t $lastTime -u $uidRange > $lastLogOutput -- 2.39.2 From 8cc59a5a5727b168d207d70d874ab54b3d32383a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Wed, 14 Aug 2019 09:38:45 +0200 Subject: [PATCH 4/5] etc-git: Better comment and use root if no admins connected --- etc-git/files/etc-git-status.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/etc-git/files/etc-git-status.sh b/etc-git/files/etc-git-status.sh index ceb22d63..806d7977 100644 --- a/etc-git/files/etc-git-status.sh +++ b/etc-git/files/etc-git-status.sh @@ -18,7 +18,7 @@ trap "rm $lastLogOutput $template $body $gitOutput" EXIT # Get last admins connected lastlog -t $lastTime -u $uidRange > $lastLogOutput -# Add these admins to an array if there are +# Add these admins to lastAdmins variable if any lastLogOutputCount=$(wc -l $lastLogOutput | awk '{ print $1 }') if [ $lastLogOutputCount -gt 1 ]; then while read line; do @@ -28,10 +28,11 @@ if [ $lastLogOutputCount -gt 1 ]; then fi done < $lastLogOutput else - lastAdmins="$lastAdmins" + # No admin connected in the last 7 days, send to root + lastAdmins="root" fi -# Send the mail +# Send the mail if git status not empty git --git-dir=/etc/.git --work-tree=/etc status --short > $gitOutput if [ $gitOuput -n ]; then cat << EOT > $template -- 2.39.2 From 76919c964939cf3fb1a5a7a59b44df5d3951efd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Wed, 14 Aug 2019 10:10:08 +0200 Subject: [PATCH 5/5] etc-git: Be sure that git status is not empty before sending a mail --- etc-git/files/etc-git-status.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/etc-git/files/etc-git-status.sh b/etc-git/files/etc-git-status.sh index 806d7977..1b78f138 100644 --- a/etc-git/files/etc-git-status.sh +++ b/etc-git/files/etc-git-status.sh @@ -34,7 +34,8 @@ fi # Send the mail if git status not empty git --git-dir=/etc/.git --work-tree=/etc status --short > $gitOutput -if [ $gitOuput -n ]; then +gitOutputNumber=$(wc -l $gitOutput | awk '{ print $1 }') +if [ $gitOutputNumber -gt 0 ]; then cat << EOT > $template Content-Type: text/plain; charset="utf-8" Reply-To: Équipe Evolix -- 2.39.2