From d4a521c6aadfb2b86d8a278d8d850050d14315ee Mon Sep 17 00:00:00 2001 From: Holger Levsen Date: Fri, 25 Mar 2016 14:04:17 -0400 Subject: reproducible debian: pb-build2+6-amd64 have been reinstalled and renamed to pb-build2+6-i386 --- .../usr/local/bin/dsa-check-running-kernel | 252 --------------------- .../usr/local/sbin/nagios-check-libs | 204 ----------------- 2 files changed, 456 deletions(-) delete mode 100755 hosts/profitbricks-build6-amd64/usr/local/bin/dsa-check-running-kernel delete mode 100755 hosts/profitbricks-build6-amd64/usr/local/sbin/nagios-check-libs (limited to 'hosts/profitbricks-build6-amd64/usr') diff --git a/hosts/profitbricks-build6-amd64/usr/local/bin/dsa-check-running-kernel b/hosts/profitbricks-build6-amd64/usr/local/bin/dsa-check-running-kernel deleted file mode 100755 index 80f45bfb..00000000 --- a/hosts/profitbricks-build6-amd64/usr/local/bin/dsa-check-running-kernel +++ /dev/null @@ -1,252 +0,0 @@ -#!/bin/bash - -# Check if the running kernel has the same version string as the on-disk -# kernel image. - -# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader -# Copyright 2009 Stephen Gran -# Copyright 2010,2012,2013 Uli Martens -# Copyright 2011 Alexander Reichle-Schmehl -# -# Permission is hereby granted, free of charge, to any person obtaining -# a copy of this software and associated documentation files (the -# "Software"), to deal in the Software without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, -# distribute, sublicense, and/or sell copies of the Software, and to -# permit persons to whom the Software is furnished to do so, subject to -# the following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -OK=0; -WARNING=1; -CRITICAL=2; -UNKNOWN=3; - -get_offset() { - local file needle - - file="$1" - needle="$2" - - perl -e ' - undef $/; - $i = 0; $k=<>; - while (($i = index($k, "'"$needle"'", $i)) >= 0) { - print $i++,"\n"; - }; ' < "$file" -} - -get_avail() { - # This is wrong, but leaves room for when we have to care for machines running - # myfirstunix-image-0.1-dsa-arm - local prefix="$1"; shift - - local kervers=$(uname -r) - - local metavers='' - - # DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where - # Debian uses versions of the form 2.6.29-2-amd64 - if [ "${kervers#3}" != "$kervers" ]; then - metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/') - elif [ "${kervers//dsa}" != "$kervers" ]; then - metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/') - else - metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+-[A-Za-z0-9\.]+-(.*)/2.\1-\2/') - fi - - # Attempt to track back to a metapackage failed. bail - if [ "$metavers" = "$kervers" ]; then - return 2 - fi - - # We're just going to give up if we can't find a matching metapackage - # I tried being strict once, and it just caused a lot of headaches. We'll see how - # being lax does for us - - local output=$(apt-cache policy ${prefix}-image-${metavers} 2>/dev/null) - local metaavailvers=$(echo "$output" | grep '^ Candidate:' | awk '{print $2}') - local metainstavers=$(echo "$output" | grep '^ Installed:' | awk '{print $2}') - - if [ -z "$metaavailvers" ] || [ "$metaavailvers" = '(none)' ]; then - return 2 - fi - if [ -z "$metainstavers" ] || [ "$metainstavers" = '(none)' ]; then - return 2 - fi - - if [ "$metaavailvers" != "$metainstavers" ] ; then - echo "${prefix}-image-${metavers} $metaavailvers available but $metainstavers installed" - return 1 - fi - - local imagename=0 - # --no-all-versions show shows only the candidate - for vers in $(apt-cache --no-all-versions show ${prefix}-image-${metavers} | sed -n 's/^Depends: //p' | tr ',' '\n' | tr -d ' ' | grep ${prefix}-image | awk '{print $1}' | sort -u); do - if dpkg --compare-versions "1.$vers" gt "1.$imagename"; then - imagename=$vers - fi - done - - if [ -z "$imagename" ] || [ "$imagename" = 0 ]; then - return 2 - fi - - if [ "$imagename" != "${prefix}-image-${kervers}" ]; then - if dpkg --compare-versions 1."$imagename" lt 1."${prefix}-image-${kervers}"; then - return 2 - fi - echo "$imagename" != "${prefix}-image-${kervers}" - return 1 - fi - - local availvrs=$(apt-cache policy ${imagename} 2>/dev/null | grep '^ Candidate' | awk '{print $2}') - local kernelversion=$(apt-cache policy ${prefix}-image-${kervers} 2>/dev/null | grep '^ Installed:' | awk '{print $2}') - - if [ "$availvrs" = "$kernelversion" ]; then - return 0 - fi - - echo "$kernelversion != $availvrs" - return 1 -} - -cat_vmlinux() { - local image header filter hdroff - - image="$1" - header="$2" - filter="$3" - hdroff="$4" - - get_offset "$image" $header | head -n 5 | while read off; do - (if [ "$off" != 0 ]; then - dd ibs="$((off+hdroff))" skip=1 count=0 - fi && - dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null - done -} - -get_image_linux() { - local image - - image="$1" - - # gzip compressed image - cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0 - cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0 - # lzma compressed image - cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1 - cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1 - # xz compressed image - cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0 - - echo "ERROR: Unable to extract kernel image." 2>&1 - exit 1 -} - - -freebsd_check_running_version() { - local imagefile="$1"; shift - - local r="$(uname -r)" - local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')" - - local q='@(#)FreeBSD '"$r $v" - - if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then - echo "OK" - else - echo "not OK" - fi -} - -STRINGS=""; -if [ -x "$(which strings)" ]; then - STRINGS="$(which strings)" -elif [ -x "$(which busybox)" -a "$( echo foobar | $(which busybox) strings 2>/dev/null)" = "foobar" ]; then - STRINGS="$(which busybox) strings" -fi - -searched="" -for on_disk in \ - "/boot/vmlinuz-`uname -r`"\ - "/boot/vmlinux-`uname -r`"\ - "/boot/kfreebsd-`uname -r`.gz"; do - - if [ -e "$on_disk" ]; then - if [ -z "$STRINGS" ]; then - echo "UNKNOWN: 'strings' command missing, perhaps install binutils or busybox?" - exit $UNKNOWN - fi - if [ "${on_disk/vmlinu}" != "$on_disk" ]; then - on_disk_version="`get_image_linux "$on_disk" | $STRINGS | grep 'Linux version' | head -n1`" - if [ -x /usr/bin/lsb_release ] ; then - vendor=$(lsb_release -i -s) - if [ -n "$vendor" ] && [ "xDebian" != "x$vendor" ] ; then - on_disk_version=$( echo $on_disk_version|sed -e "s/ ($vendor [[:alnum:]\.-]\+ [[:alnum:]\.]\+)//") - fi - fi - [ -z "$on_disk_version" ] || break - on_disk_version="`cat "$on_disk" | $STRINGS | grep 'Linux version' | head -n1`" - [ -z "$on_disk_version" ] || break - - echo "UNKNOWN: Failed to get a version string from image $on_disk" - exit $UNKNOWN - else - on_disk_version="$(zcat $on_disk | $STRINGS | grep Debian | head -n 1 | sed -e 's/Debian [[:alnum:]]\+ (\(.*\))/\1/')" - fi - fi - searched="$searched $on_disk" -done - -if ! [ -e "$on_disk" ]; then - echo "WARNING: Did not find a kernel image (checked$searched) - I have no idea which kernel I am running" - exit $WARNING -fi - -if [ "$(uname -s)" = "Linux" ]; then - running_version="`cat /proc/version`" - if [ -z "$running_version" ] ; then - echo "UNKNOWN: Failed to get a version string from running system" - exit $UNKNOWN - fi - - if [ "$running_version" != "$on_disk_version" ]; then - echo "WARNING: Running kernel does not match on-disk kernel image: [$running_version != $on_disk_version]" - exit $WARNING - fi - - ret="$(get_avail linux)" - if [ $? = 1 ]; then - echo "WARNING: Kernel needs upgrade [$ret]" - exit $WARNING - fi -else - image_current=$(freebsd_check_running_version $on_disk) - running_version="`uname -s` `uname -r` `uname -v`" - if [ "$image_current" != "OK" ]; then - approx_time="$(date -d "@`stat -c '%Y' "$on_disk"`" +"%Y-%m-%d %H:%M:%S")" - echo "WARNING: Currently running kernel ($running_version) does not match on disk image (~ $approx_time)" - exit $WARNING; - fi - - ret="$(get_avail linux)" - if [ $? = 1 ]; then - echo "WARNING: Kernel needs upgrade [$ret]" - exit $WARNING - fi -fi - -echo "OK: Running kernel matches on disk image: [$running_version]" -exit $OK diff --git a/hosts/profitbricks-build6-amd64/usr/local/sbin/nagios-check-libs b/hosts/profitbricks-build6-amd64/usr/local/sbin/nagios-check-libs deleted file mode 100755 index 77b37805..00000000 --- a/hosts/profitbricks-build6-amd64/usr/local/sbin/nagios-check-libs +++ /dev/null @@ -1,204 +0,0 @@ -#!/usr/bin/perl -w - -# Copyright (C) 2005, 2006, 2007, 2008, 2012, 2015 Peter Palfrader -# 2012 Uli Martens -# -# Permission is hereby granted, free of charge, to any person obtaining -# a copy of this software and associated documentation files (the -# "Software"), to deal in the Software without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, -# distribute, sublicense, and/or sell copies of the Software, and to -# permit persons to whom the Software is furnished to do so, subject to -# the following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -use strict; -use English; -use Getopt::Long; - -$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin'; -delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; - -my $LSOF = '/usr/bin/lsof -F0'; -my $VERSION = '0.2015012901'; - -# nagios exit codes -my $OK = 0; -my $WARNING = 1; -my $CRITICAL = 2; -my $UNKNOWN = 3; - -my $params; -my $config; - -Getopt::Long::config('bundling'); - -sub dief { - print STDERR @_; - exit $UNKNOWN; -} - -if (!GetOptions ( - '--help' => \$params->{'help'}, - '--version' => \$params->{'version'}, - '--quiet' => \$params->{'quiet'}, - '--verbose' => \$params->{'verbose'}, - '-v' => \$params->{'verbose'}, - '--config=s' => \$params->{'config'}, - )) { - dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=]\n"); -}; -if ($params->{'help'}) { - print "$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=]\n"; - print "Reports processes that are linked against libraries that no longer exist.\n"; - print "The optional config file can specify ignore rules - see the sample config file.\n"; - exit (0); -}; -if ($params->{'version'}) { - print "nagios-check-libs $VERSION\n"; - print "nagios check for availability of debian (security) updates\n"; - print "Copyright (c) 2005, 2006, 2007, 2008, 2012 Peter Palfrader \n"; - exit (0); -}; - -if (! defined $params->{'config'}) { - $params->{'config'} = '/etc/nagios/check-libs.conf'; -} elsif (! -e $params->{'config'}) { - dief("Config file $params->{'config'} does not exist.\n"); -} - -if (-e $params->{'config'}) { - eval "use YAML::Syck; 1" or dief "you need YAML::Syck (libyaml-syck-perl) to load a config file"; - open(my $fh, '<', $params->{'config'}) or dief "Cannot open config file $params->{'config'}: $!"; - $config = LoadFile($fh); - close($fh); - if (!(ref($config) eq "HASH")) { - dief("Loaded config is not a hash!\n"); - } -} else { - $config = { - 'ignorelist' => [ - '$path =~ m#^/proc/#', - '$path =~ m#^/var/tmp/#', - '$path =~ m#^/SYS#', - '$path =~ m#^/drm$# # xserver stuff', - '$path =~ m#^/dev/zero#', - '$path =~ m#^/dev/shm/#', - ] - }; -} - -if (! exists $config->{'ignorelist'}) { - $config->{'ignorelist'} = []; -} elsif (! (ref($config->{'ignorelist'}) eq 'ARRAY')) { - dief("Config->ignorelist is not an array!\n"); -} - - -my %processes; - -sub getPIDs($$) { - my ($user, $process) = @_; - return join(', ', sort keys %{ $processes{$user}->{$process} }); -}; -sub getProcs($) { - my ($user) = @_; - - return join(', ', map { $_.' ('.getPIDs($user, $_).')' } (sort {$a cmp $b} keys %{ $processes{$user} })); -}; -sub getUsers() { - return join('; ', (map { $_.': '.getProcs($_) } (sort {$a cmp $b} keys %processes))); -}; -sub inVserver() { - my ($f, $key); - if (-e "/proc/self/vinfo" ) { - $f = "/proc/self/vinfo"; - $key = "XID"; - } else { - $f = "/proc/self/status"; - $key = "s_context"; - }; - open(F, "< $f") or return 0; - while () { - my ($k, $v) = split(/: */, $_, 2); - if ($k eq $key) { - close F; - return ($v > 0); - }; - }; - close F; - return 0; -} - -my $INVSERVER = inVserver(); - -print STDERR "Running $LSOF -n\n" if $params->{'verbose'}; -open (LSOF, "$LSOF -n|") or dief ("Cannot run $LSOF -n: $!\n"); -my @lsof=; -close LSOF; -if ($CHILD_ERROR) { # program failed - dief("$LSOF -n returned with non-zero exit code: ".($CHILD_ERROR / 256)."\n"); -}; - -my ($process, $pid, $user); -LINE: for my $line (@lsof) { - if ( $line =~ /^p/ ) { - my %fields = map { m/^(.)(.*)$/ ; $1 => $2 } grep { defined $_ and length $_ >1} split /\0/, $line; - $process = $fields{c}; - $pid = $fields{p}; - $user = $fields{L}; - next; - } - - unless ( $line =~ /^f/ ) { - dief("UNKNOWN strange line read from lsof\n"); - # don't print it because it contains NULL characters... - } - - my %fields = map { m/^(.)(.*)$/ ; $1 => $2 } grep { defined $_ and length $_ >1} split /\0/, $line; - - my $fd = $fields{f}; - my $inode = $fields{i}; - my $path = $fields{n}; - if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $path =~ m#/\.nfs# || $fd eq 'DEL') { - my $deleted_in_path = ($path =~ m/\(deleted\)/ || $path =~ m/\.nfs/); - next if ($deleted_in_path && $fd =~ /^[0-9]*$/); # Ignore deleted files that are open via normal file handles. - next if ($deleted_in_path && $fd eq 'cwd'); # Ignore deleted directories that we happen to be in. - - $path =~ s/^\(deleted\)//; # in some cases "(deleted)" is at the beginning of the string - for my $i (@{$config->{'ignorelist'}}) { - my $ignore = eval($i); - next LINE if $ignore; - } - next if ($INVSERVER && ($process eq 'init') && ($pid == 1) && ($user eq 'root')); - if ( $params->{'verbose'} ) { - print STDERR "adding $process($pid) because of [$path]:\n"; - print STDERR $line; - } - $processes{$user}->{$process}->{$pid} = 1; - }; -}; - - - -my $message=''; -my $exit = $OK; -if (keys %processes) { - $exit = $WARNING; - $message = 'The following processes have libs linked that were upgraded: '. getUsers()."\n"; -} else { - $message = "No upgraded libs linked in running processes\n" unless $params->{'quiet'}; -}; - -print $message; -exit $exit; -- cgit v1.2.3-70-g09d2