Posts Tagged script

CIFS it is…


This is the final, fully tested and functional remote backup script for linux… Finally 🙂

#!/bin/bash
# A straght forward system backup script
#
LOGBASE=/var/log/backup/log
BACKUP_ROOT_DIR=”a/facts77 a/can”                       ## Backup dirs; do not prefix /
NOW=$(date +”%a”)                                       ## Get todays day
TSTAMP=$(date +”%l:%M:%S”)                              ## Get time stamp H:M:S
TDATE=$(date -I)                                        ## Get todays date
TAPE=”/oracle55vm_backup”                               ## Backup device name
TAR_ARGS=””                                             ## Exclude file
EXCLUDE_CONF=/root/.backup.exclude.conf                 ## Named file for file exclusion
LOGFILE=$LOGBASE/$TDATE.backup.log                      ## Backup Log file
FILELIST=$LOGBASE/$TDATE.backup.file-listing.log        ## Backup Log file list
UNAME=”xxx”
PWORD=”xxxXXXX”
SYSTEM=”`uname -n|cut -c 1-10`”
# Path to binaries
TAR=/bin/tar
MKDIR=/bin/mkdir
#
full_backup(){
local old=$(pwd)i
cd /
# Mount the samba destination
mount.cifs //bufvmfacts01/G/oracle55vm_backup $TAPE -o username=$UNAME,password=$PWORD
# Search the directory for files older than 7 days and delete them
find /oracle55vm_backup -type f -mtime +7|xargs -r rm -f
# Run the backup
tar -zcvf $TAPE/$SYSTEM.bak.`date -I`.tgz $BACKUP_ROOT_DIR # gzipping these
cd $old
}
# Make sure all dirs exits
verify_backup_dirs(){
local s=0
for d in $BACKUP_ROOT_DIR
do
if [ ! -d /$d ];
then
echo “Error : /$d directory does not exit!”
s=1
fi
done
# if not; just die
[ $s -eq 1 ] && exit 1
}
# Make some kind of status report
report_backup_info(){
touch $LOGBASE/$TDATE.backup.file-listing.log
cd $TAPE
echo ” ”
echo ”                        **** Backup Report ****”
echo ”                        ****   $TDATE  ****”
echo ” ——————————————————————————— ”
echo ” ################################################################################# ”
echo ” _________________________________________________________________________________ ”
echo ” ”
echo ” ”
echo ”  Backup start time: $TSTAMP”
echo ”  Operating System: `cat /etc/redhat-release`”
echo ” ”
echo ”  Size of the complete archive: `tar -ztvf $SYSTEM.bak.$TDATE.tgz|wc -c` Bytes”
echo ”  Size of the logged archive:   `cat $FILELIST|wc -c` Bytes”
echo ” ”
echo ”  File count of the completed archive: `tar -ztvf $SYSTEM.bak.$TDATE.tgz|wc -l` Files”
echo ”  File count of the logged archive:    `cat $FILELIST|wc -l` Files”
echo ” ”
echo ”  Remote CIFS Directory Listing:”
ls -lh
echo ” ”
echo ”  Disk Summary:”
df -h
echo ” ”
echo ” _________________________________________________________________________________ ”
echo ”                                                                                   ”
echo ” ################################################################################# ”
echo ” ——————————————————————————— ”
echo ” ”
cd –
} > $LOGFILE 2>&1
#
#
# Clean Up
clean_up(){
cd /
umount $TAPE # unmount the cifs mount
# Email the report
mail -s “System Backup $SYSTEM” gconklin@proserve-solutions.com < $LOGFILE
}
#
#
#### MAIN ####
#
# Make sure log dir exits
[ ! -d $LOGBASE ] && $MKDIR -p $LOGBASE
#
# Verify dirs
verify_backup_dirs
#
#
# Okay let us start backup procedure
# If it is Monday-Friday make a full backup;
# Weekend no backups
full_backup > $FILELIST 2>&1
#
#
# Make the simple report
report_backup_info
#
# Call the Clean UP function
clean_up

Advertisements

, , , , , , , , , , ,

Leave a comment

Backup Takanga… RHEL v5.5… Dancing with CIFS


OK, so a few days ago I did one of these to backup to an internal tape device… This time it’s going on a remote Windows share through CIFS… It is mostly the same as the tape version… I’m sure you’ll notice the subtleties… I am not much of a report writer so please excuse the ugliness of the info, but this really is primarily to facilitate a backup not report on it…  Anyway what I have come up with also uses a nifty find command to manage the remote Windows share in terms of number of backup files… I suggest doing something similar as you will eventually overrun the remote store if you don’t…   In any event.. the script below is fully tested and functional… as always 🙂

#!/bin/bash
# A straght forward system backup script
#
LOGBASE=/var/log/backup/log
BACKUP_ROOT_DIR=”a/facts77 a/can”                       ## Backup dirs; do not prefix /
NOW=$(date +”%a”)                                       ## Get todays day
TSTAMP=$(date +”%l:%M:%S”)                              ## Get time stamp H:M:S
TDATE=$(date -I)                                        ## Get todays date
TAPE=”/oracle55vm_backup”                               ## Backup device name
TAR_ARGS=””                                             ## Exclude file
EXCLUDE_CONF=/root/.backup.exclude.conf                 ## Named file for file exclusion
LOGFILE=$LOGBASE/$TDATE.backup.log                      ## Backup Log file
FILELIST=$LOGBASE/$TDATE.backup.file-listing.log        ## Backup Log file list
UNAME=”xxx”
PWORD=”xxxXXXX”
SYSTEM=`uname -n|cut -c 1-10`
# Path to binaries
TAR=/bin/tar
MKDIR=/bin/mkdir
#
full_backup(){
local old=$(pwd)i
cd /
# Mount the samba destination
mount.cifs //bufvmfacts01/G/oracle55vm_backup $TAPE -o username=$UNAME,password=$PWORD
# Search the directory for files older than 7 days and delete them
find /oracle55vm_backup -type f -mtime +7|xargs -r rm -f
# Run the backup
tar -zcvf $TAPE/$SYSTEM_backup.`date -I`.tgz $BACKUP_ROOT_DIR # gzipping these
cd $old
}
# Make sure all dirs exits
verify_backup_dirs(){
local s=0
for d in $BACKUP_ROOT_DIR
do
if [ ! -d /$d ];
then
echo “Error : /$d directory does not exit!”
s=1
fi
done
# if not; just die
[ $s -eq 1 ] && exit 1
}
# Make some kind of status report
report_backup_info(){
touch $LOGBASE/$TDATE.backup.file-listing.log
cd $TAPE
echo ”                                                                                   ”
echo ”                        **** Backup Report ****                                    ”
echo ”                        **** $TDATE ****                                           ”
echo ” ——————————————————————————— ”
echo ” ################################################################################# ”
echo ” ——————————————————————————— ”
echo “|                                                                                 |”
echo ”  Backup start time: $TSTAMP                                                                ”
echo ”  Operating System: `cat /etc/redhat-release`                                               ”
echo ”  Size of the complete archive: `tar -ztvf $SYSTEM.$TDATE.tgz|wc -c` Bytes                  ”
echo ”  Size of the logged archive:   `cat $FILELIST|wc -c` Bytes                                 ”
echo ”  File count of the completed archive: `tar -ztvf $SYSTEM.$TDATE.tgz|wc -l` Files           ”
echo ”  File count of the logged archive:    `cat $FILELIST|wc -l` Files                          ”
echo ”  Remote CIFS Directory Listing:                                                            ”
echo ”  ls -l                                                                                     ”
echo ”  Disk Summary:                                                                             ”
echo ”  `df -h`                                                                                   ”
echo “|                                                                                 |”
echo ” ——————————————————————————— ”
echo ” ################################################################################# ”
echo ” ——————————————————————————— ”
echo ”                                                                                   ”
cd –
} > $LOGFILE 2>&1
#
#
# Clean Up
clean_up(){
cd /
umount $TAPE # unmount the cifs mount
}
#
#
#### MAIN ####
#
# Make sure log dir exits
[ ! -d $LOGBASE ] && $MKDIR -p $LOGBASE
#
# Verify dirs
verify_backup_dirs
#
#
# Okay let us start backup procedure
# If it is Monday-Friday make a full backup;
# Weekend no backups
full_backup > $FILELIST 2>&1
#
#
# Make the simple report
report_backup_info
#
# Call the Clean UP function
clean_up

, , , , , , , , , ,

Leave a comment

wp-make-me-happy


Ok this is kind of a repeat but instead of editing the original post I thought I would just repost it in its new form.  I was working on setting up a backup blog of this very blog to have on a local server… I don’t know in case of disaster… actually it was to see what it looked like with some new themes I have as this site is somewhat limited in it’s design choices… not complaining mind you, just wanted to see what it would look like with some nifty designs I made… The original post, WordPress Automation, was from a while back and I had the need to actually make a new host just for this occasion as I had blown away all of my web servers recently (I don’t actually recall why…???).  I was going through my script pad and found a really simple setup script I wrote that was better than the original post I put here… although it really is the same thing just without any comments… LOL Sorry I take for granted that you are just going to trust that it works and run it !!! Scary 🙂  I did find a few hiccups however… My sed lines didn’t take although they are correct… and this was a stinker… The repo I like to create here, although mostly this is if you were going to run multiple vhosts on the same physical server, (It does allow you to have only 1 repo for ALL themes and plugins for ALL users) does NOT work with the Worpdpress Import plugin… So I ended up un-linking the plugins link and just re-instating the original one, good thing I copied it to a backup in this script instead of just blowing it away huh??? 🙂  As I stated earlier, the entire script is based on the setup that Virtualmin creates in its vhost creation module so if you are using something else or doing that manually, you may need to change this up a bit… 29 lines on this one… sorry 😦  LOL

#/bin/bash
#
echo “Make sure you have created this VHost using virtualmin FIRST…”
sleep 5
echo “OK… moving on then”
sleep 2
echo “Enter the name of your new site, then press [ENTER}”
read newblog
cd /home/$newblog/public_html
wget http://www.wordpress.org/latest.tar.gz
tar xzf latest.tar.gz
rm -Rf latest.tar.gz
mv wordpress/* .
rm -Rf wordpress
chmod 777 .
cd /home/$newblog/public_html/wp-content
mv themes bak.themes # <– Just in case we hose everything 😦
mkdir -p /var/www/repo/themes
ln -s /var/www/repo/themes /home/$newblog/public_html/wp-content/themes
mv plugins bak.plugins
mkdir -p /var/www/repo/plugins
ln -s /var/www/repo/plugins /home/$newblog/public_html/wp-content/plugins
cd ../
cp wp-config-sample.php wp-config.php
sed -i ‘s/putyourdbnamehere/’$newblog’/’ wp-config.php
sed -i ‘s/usernamehere/’$newblog’/’ wp-config.php
sed -i ‘s/yourpasswordhere/’$newblog’/’ wp-config.php
chown -R $newblog:$newblog *
# EOF

, , , , , , , ,

Leave a comment

WVC-min… all 3-in-1


I used to be a pure command line junky… maybe that was just immaturity as an admin… thinking I was cool because I didn’t rely on any type of GUI… Well I have moved on from that thought process and I use a GUI quite a bit now… well a lot more than I used to anyway… so I thought I would share the 9-liner that I use to get it all running…

Oh and the pic here is from my son… the Artists’ rendering of “Super Diaper Baby,” I felt it appropriate since I just took mine off 🙂

#!/bin/bash
# Virtualmin, Webmin & Cloudmin Installation
yum install -y wget
cd /usr/src
wget http://software.virtualmin.com/gpl/scripts/install.sh
sh install.sh
wget http://cloudmin.virtualmin.com/gpl/scripts/cloudmin-gpl-redhat-install.sh
sh cloudmin-gpl-redhat-install.sh
# END

, , , , , , , , , , , ,

Leave a comment

Nagios Core 3.2.1 “Insta-Install”


I think I already posted something here about Nagios… but maybe not as I was doing a test install last week following a DEMO of ScienceLogic EM7 appliances and I couldn’t find any easy steps… so this one may have slipped through the cracks… I have added the script I just made below…  This does nothing more than make Nagios usable, you will need to do all of the customization on your own…  I also made a nice vm but since I am a ‘cheapo’ on here it is too big to host it… I will try to find a free host and put the link up here as that would save even more time if you plan to use it as a vm guest 🙂

#!/bin/bash
cd /home
mkdir software
cd  software/
mkdir nagios
cd nagios/
wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.2.1.tar.gz
mkdir plugins
cd plugins
wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.14.tar.gz
cd ..
mkdir addons
cd addons
for i in nrpe-2.12.tar.gz nsca-2.7.2.tar.gz ndoutils-1.4b9.tar.gz; do wget http://prdownloads.sourceforge.net/sourceforge/nagios/$i; done
cd ..
yum install -y gcc glibc glibc-common httpd php gd gd-devel
/usr/sbin/useradd -m nagios
passwd nagios
/usr/sbin/groupadd nagcmd
/usr/sbin/usermod -a -G nagcmd nagios
/usr/sbin/usermod -a -G nagcmd apache
tar xzf nagios-3.2.1.tar.gz
cd nagios-3.2.1
./configure –with-command-group=nagcmd
make all
make install
make install-init
make install-config
make install-commandmode
sed -i ‘s/nagios@localhost/networksupport@proserve-solutions.com/’ /usr/local/nagios/etc/objects/contacts.cfg
make install-webconf
htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
service httpd restart
cd ../plugins
tar xzf nagios-plugins-1.4.14.tar.gz
cd nagios-plugins-1.4.14
./configure –with-nagios-user=nagios –with-nagios-group=nagios
make
make install
chkconfig –add nagios
chkconfig nagios on
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
service nagios start
getenforce # just checks your selinux status
# EOF

, , , , , , , ,

2 Comments

iSCSI SAN for CentOS 5.4


Well I guess I could have used OpenFiler for this… BUT here are a few steps to creating your own SAN-type-thing on CentOS 5.4…

#!/bin/bash
# iSCSI SAN for CentOS5.4
cd /usr/src
# Get the iscsi package
wget http://sourceforge.net/projects/iscsitarget/files/iscsitarget/1.4.20/iscsitarget-1.4.20.tar.gz/download
yum -y install kernel-devel openssl-devel gcc rpm-build make automake autoconf # you may already have these, this was a newer build for me so I didn’t…
tar -xzvf iscsitarget-1.4.20.tar.gz
cd iscsitarget-1.4.20
make
make install

# Name the disk
echo “Ok, I am going to name the disk for you”
echo “iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead” # awk only needed if u use FQDN’s
echo “BUT… you need to tell me what disk to use…”
df -h
echo “Type in the full path to your disk, i.e.(/dev/<md3>)”
read dname
touch /etc/initiators.allow
idname=”`echo iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead:$dname`”
echo “$idname 192.168.11.0/24” >> /etc/initiators.allow
touch /etc/initiators.deny
echo “ALL:ALL” >> /etc/initiators.deny
touch /etc/ietd.conf
echo “Target iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead:$dname” >> /etc/ietd.conf
echo ”        IncomingUser <uname>    <passwd>” >> /etc/ietd.conf
echo ”        OutgoingUser <uname>    <passwd>” >> /etc/ietd.conf
echo ”        Lun 0 Path=/dev/SAN/diskname,Type=fileio,IOMode=wb” >> /etc/ietd.conf
echo ”        Alias iSCSI for diskname” >> /etc/ietd.conf
echo ”        ImmediateData Yes” >> /etc/ietd.conf
echo ”        MaxConnections 1″ >> /etc/ietd.conf
echo ”        InitialR2T Yes” >> /etc/ietd.conf
yum -y install iscsi-initiator-utils open-iscsi
echo “InitiatorName=iqn.2010-04.factslx01-sanhead:factslx01” >> /etc/iscsi/initiatorname.iscsi
# /etc/iscsi/iscsid.conf
mv /etc/iscsi/iscsid.conf /etc/iscsi/iscsid.conf.bak
touch /etc/iscsi/iscsid.conf
chmod 600 /etc/iscsi/iscsid.conf
echo “# Default Settings” /etc/iscsi/iscsid.conf
echo “# Default Settings” /etc/iscsi/iscsid.conf
echo “#node.startup = automatic” /etc/iscsi/iscsid.conf
echo “#node.session.timeo.replacement_timeout = 120” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.login_timeout = 15” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.logout_timeout = 15” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.noop_out_interval = 5” /etc/iscsi/iscsid.conf
echo “#node.conn[0].timeo.noop_out_timeout = 5” /etc/iscsi/iscsid.conf
echo “#node.session.err_timeo.abort_timeout = 15” /etc/iscsi/iscsid.conf
echo “#node.session.err_timeo.lu_reset_timeout = 20” /etc/iscsi/iscsid.conf
echo “#node.session.initial_login_retry_max = 8” /etc/iscsi/iscsid.conf
echo “#node.session.cmds_max = 128” /etc/iscsi/iscsid.conf
echo “#node.session.queue_depth = 32” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.InitialR2T = No” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.ImmediateData = Yes” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.FirstBurstLength = 262144” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.MaxBurstLength = 16776192” /etc/iscsi/iscsid.conf
echo “#node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144” /etc/iscsi/iscsid.conf
echo “#discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768” /etc/iscsi/iscsid.conf
echo “#node.conn[0].iscsi.HeaderDigest = None” /etc/iscsi/iscsid.conf
echo “#node.session.iscsi.FastAbort = Yes” /etc/iscsi/iscsid.conf
echo “#” /etc/iscsi/iscsid.conf
echo “# Custom Settings” /etc/iscsi/iscsid.conf
echo “node.startup = automatic” /etc/iscsi/iscsid.conf
echo “node.session.auth.authmethod = CHAP” /etc/iscsi/iscsid.conf
echo “node.session.auth.username = <uname>” /etc/iscsi/iscsid.conf
echo “node.session.auth.password = <passwd>” /etc/iscsi/iscsid.conf
echo “node.session.auth.username_in = <uname>” /etc/iscsi/iscsid.conf
echo “node.session.auth.password_in = <passwd>” /etc/iscsi/iscsid.conf
echo “node.session.timeo.replacement_timeout = 120” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.login_timeout = 15” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.logout_timeout = 15” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.noop_out_interval = 10” /etc/iscsi/iscsid.conf
echo “node.conn[0].timeo.noop_out_timeout = 15” /etc/iscsi/iscsid.conf
echo “node.session.initial_login_retry_max = 10” /etc/iscsi/iscsid.conf
echo “node.session.cmds_max = 128” /etc/iscsi/iscsid.conf
echo “node.session.queue_depth = 32” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.InitialR2T = No” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.ImmediateData = Yes” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.FirstBurstLength = 262144” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.MaxBurstLength = 16776192” /etc/iscsi/iscsid.conf
echo “node.conn[0].iscsi.MaxRecvDataSegmentLength = 131072” /etc/iscsi/iscsid.conf
echo “discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768” /etc/iscsi/iscsid.conf
echo “node.session.iscsi.FastAbort = No” /etc/iscsi/iscsid.conf
echo “# EOF” /etc/iscsi/iscsid.conf
service iscsi start
i=”`ifconfig |grep -v 127.0.0.1|grep “inet addr:” |awk -F “:” ‘{print $2}’|cut -c 1-14`”
iscsiadm -m discovery -t st -p $i # IP for iSCSI host
iscsiadm -m node -p $i -T iqn.`date -I`.`hostname |awk -F “.” ‘{print $1’}`-sanhead:$dname –login

So there it is !!! Now go use OpenFiler… LOL -> http://www.openfiler.com/

, , , , , , , , , ,

2 Comments

Solaris 10 in jail


Well I took a stab @ this one last week… although it seems to be lacking in one respect… It is a good start.  If you didn’t already notice, I have decided to start mocking up scripts from the steps I am taking to perform these little diddy’s to complete the automation/repetitive goal of administration.

#!/bin/sh
# Solaris FTP chroot jail
cd /
mkdir /ftpjail
cd /ftpjail
mkdir -p dev etc etc/ftpd etc/default usr/bin usr/sbin usr/lib/security usr/lib/locale usr/lib/security/sparcv9 usr/lib usr/share/lib/zoneinfo upload ftpuser
chmod 100 usr/sbin
chmod 444 dev etc/default usr/share usr/share/lib usr/share/lib/zoneinfo
chmod 555 etc etc/ftpd usr usr/bin usr/lib usr/lib/locale usr/lib/security
chmod 777 upload
ln -s usr/bin bin
cd /ftpjail/dev
mknod conslog c 21 0
mknod null c 13 2
mknod zero c 13 12
mknod tcp c 42 0
mknod ticlts c 105 2
mknod ticotsord c 105 1
mknod udp c 41 0
chmod 666 conslog null tcp ticlts ticotsord udp zero
cd ..
# vi etc/group
# “etc/group” [New file]
touch etc/group
echo “other::1:root” >> etc/group
echo “ftp::30000:” >> etc/group
#
# vi etc/pam.conf
# “etc/pam.conf” [New file]
touch etc/pam
echo “ftp auth required /usr/lib/security/pam_unix.so.1” >> etc/pam.conf
echo “ftp account required /usr/lib/security/pam_unix.so.1” >> etc/pam.conf
echo “ftp session required /usr/lib/security/pam_unix.so.1” >> etc/pam.conf
#
# vi etc/passwd
# “etc/passwd” [New file]
touch etc/passwd
echo “root:x:0:1:::” >> etc/passwd
echo “ftp:x:30000:30000::/upload:/bin/false” >> etc/passwd
echo “ftpuser:x:30000:30000::/ftpuser:/bin/sh” >> etc/passwd
#
# vi etc/shadow
# “etc/shadow” [New file]
touch etc/shadow
echo “root:*LK*:6445::::::” >> etc/shadow
echo “ftp:*LK*:13651::::::” >> etc/shadow
echo “ftpuser:cdHH60rUQrF3Q:13651::::::” >> etc/shadow # passwd = “ftpuser”
#
# vi etc/shells
# “etc/shells” [New file]
touch etc/shells
echo “/bin/sh” >> etc/shells
#
# vi etc/ftpd/ftpaccess
# “etc/ftpd/ftpaccess” [New file]
touch etc/ftpd/ftpaccess
echo “hostname ftpserver” >> etc/ftpd/ftpaccess
echo “defaultserver private” >> etc/ftpd/ftpaccess
echo “class   all   real,guest,anonymous  *” >> etc/ftpd/ftpaccess
echo “# all the following default to “yes” for everybody” >> etc/ftpd/ftpaccess
echo “delete          no      real,guest,anonymous” >> etc/ftpd/ftpaccess
echo “overwrite       no      real,guest,anonymous” >> etc/ftpd/ftpaccess
echo “rename          no      real,guest,anonymous” >> etc/ftpd/ftpaccess
echo “chmod           no      real,guest,anonymous” >> etc/ftpd/ftpaccess
echo “umask           no      real,guest,anonymous” >> etc/ftpd/ftpaccess
echo “# specify the upload directory information” >> etc/ftpd/ftpaccess
echo “upload  /       *       no” >> etc/ftpd/ftpaccess
echo “upload  /       /upload yes” >> etc/ftpd/ftpaccess
echo “greeting terse” >> etc/ftpd/ftpaccess
echo “noretrieve” >> etc/ftpd/ftpaccess
echo “#allow-retrieve /upload/” >> etc/ftpd/ftpaccess
echo “defumask 777” >> etc/ftpd/ftpaccess
#
useradd ftpuser
sed -i ‘s/ftpuser:*LK*:::::::/ftpuser:cdHH60rUQrF3Q:14722::::::/’ /etc/shadow
echo “/usr/sbin/in.ftpd -P 2020 -p 2021 -S -u 022 -W -a -Q” >> usr/bin/runme
#
cd /ftpjail/etc
chmod 444 group pam.conf passwd shadow shells /ftpjail/etc/ftpd/ftpaccess
chmod 100 /ftpjail/usr/bin/runme
#
cp -p /etc/default/init default/init
cp /usr/bin/sh /ftpjail/usr/bin/sh; chmod 111 /ftpjail/usr/bin/sh
cp /usr/sbin/in.ftpd /ftpjail/usr/sbin/in.ftpd; chmod 6100 /ftpjail/usr/sbin/in.ftpd; chown 30000:30000 /ftpjail/usr/sbin/in.ftpd
cp -rp /usr/lib/locale/* /ftpjail/usr/lib/locale
cp -rp /usr/share/lib/zoneinfo/* usr/share/lib/zoneinfo
cd /ftpjail/usr/lib
cp -p /usr/lib/libbsm.so.1 .
cp -p /usr/lib/libc.so.1 .
cp -p /usr/lib/libcmd.so.1 .
cp -p /usr/lib/libdl.so.1 .
cp -p /usr/lib/libgen.so.1 .
cp -p /usr/lib/libmd5.so.1 .
cp -p /usr/lib/libmp.so.2 .
cp -p /usr/lib/libnsl.so.1 .
cp -p /usr/lib/libpam.so.1 .
cp -p /usr/lib/libresolv.so.2 .
cp -p /usr/lib/libsecdb.so.1 .
cp -p /usr/lib/libsocket.so.1 .
cp -p /usr/lib/ld.so.1 .
cp -p /usr/lib/nss_user.so.1 .
cp -p /usr/lib/nss_files.so.1 .
chmod 555 *
cd /ftpjail/usr/lib/security
cp -p /usr/lib/security/crypt_bsdbf.so.1 .
cp -p /usr/lib/security/crypt_bsdmd5.so.1 .
cp -p /usr/lib/security/crypt_sunmd5.so.1 .
cp -p /usr/lib/security/pam* .
cd /ftpjail/usr/lib/security/sparcv9
cp -p /usr/lib/security/sparcv9/* .
# Give out the ‘ls’ command
cp /usr/bin/ls /ftpjail/usr/bin/ls; chmod 111 /ftpjail/usr/bin/ls
# Test commands
# chroot /ftpjail /usr/bin/sh
# If the above is successful, start up the server:
chroot /ftpjail /usr/bin/sh -c runme
# Check to see if the server has started:
ps -ef|grep ftpd
#
# ftp 192.168.11.34 2021
# login ftpuser/ftpuser
# EOF

So that’s basically it…

, , , , , , ,

Leave a comment