Index: branches/locker-dev/locker/sbin/check-ldap-cert.pl =================================================================== --- branches/locker-dev/locker/sbin/check-ldap-cert.pl (revision 1847) +++ branches/locker-dev/locker/sbin/check-ldap-cert.pl (revision 1847) @@ -0,0 +1,32 @@ +#!/usr/bin/perl + +use strict; +use File::Basename; +use Date::Parse; +use Sys::Hostname; + +my @servers = qw(localhost); + +my $hostname = hostname(); + +my $now = time(); + +my $dir = dirname($0); + +our $verbose = 0; +$verbose = 1 if ($ARGV[0] eq "-v"); + +use constant WARNING => 60*60*24*14; # Warn if a cert is expiring within 14 days + +foreach my $server (@servers) { + open(X509, "-|", "$dir/ssl-get-endtime", "$server:636") or die "Couldn't invoke ssl-get-endtime: $!"; + chomp(my $exp = ); + close(X509); + $exp =~ s/^notAfter=// or warn "Cert appears broken: $server"; + + my $time = str2time($exp); + + if ($verbose || ($time - $now) <= WARNING) { + printf "$hostname: Certificate expiring in %.2f days: %s\n", (($time - $now) / (60.0*60*24)), $server; + } +} Index: branches/locker-dev/locker/sbin/get-ldap-admins =================================================================== --- branches/locker-dev/locker/sbin/get-ldap-admins (revision 1847) +++ branches/locker-dev/locker/sbin/get-ldap-admins (revision 1847) @@ -0,0 +1,3 @@ +#!/bin/sh +# This script can be run on or off of scripts +ldapsearch -x -h scripts.mit.edu -b dc=scripts,dc=mit,dc=edu -LLL 'cn=Directory Administrators' uniqueMember Index: branches/locker-dev/locker/sbin/rpm-master.sh =================================================================== --- branches/locker-dev/locker/sbin/rpm-master.sh (revision 1847) +++ branches/locker-dev/locker/sbin/rpm-master.sh (revision 1847) @@ -0,0 +1,35 @@ +#!/bin/sh + +echo "Entering correct directory..." +mkdir -p /mit/scripts/cron_scripts/rpm-sync/ +cd /mit/scripts/cron_scripts/rpm-sync/ + +echo "Cleaning up environment..." +rm -rf *.rpmlist *.diff rpmlist.master missing.rpms + +servers=`finger @scripts-director.mit.edu | grep "\->" | grep EDU | awk '{print $2}' | cut -d: -f1 | sort | uniq` + +for server in $servers; do + echo "Connecting to $server..." + { ssh $server /mit/scripts/sbin/rpmlist.sh 2>&1 >&3 | grep -Fxv 'If you have trouble logging in, see http://scripts.mit.edu/faq/41/.'; } 3>&1 >&2 +done + +echo "Creating master package list..." +cat *.rpmlist | sort | uniq > rpmlist.master + +echo "Comparing scripts servers to overall rpm list..." +touch missing.rpms +for server in *.rpmlist; do + diff -U3 $server rpmlist.master > $server.diff + serverPretty=`basename $server .rpmlist` + echo "Server $serverPretty is missing:" >> missing.rpms + grep "^+[^+]" $server.diff | cut -b 1 --complement >> missing.rpms + echo >> missing.rpms +done + +if [ `egrep -c -v '(missing)|(^$)' missing.rpms` -gt 0 ]; then + echo "Sending email..." + cat missing.rpms | mail -s "scripts.mit.edu servers are out of sync" root@scripts.mit.edu +else + echo "No email needs to be sent! scripts.mit.edu is up to date." +fi Index: branches/locker-dev/locker/sbin/rpmlist.sh =================================================================== --- branches/locker-dev/locker/sbin/rpmlist.sh (revision 1847) +++ branches/locker-dev/locker/sbin/rpmlist.sh (revision 1847) @@ -0,0 +1,10 @@ +#!/bin/sh + +copyTo='/mit/scripts/cron_scripts/rpm-sync/' +packages=`mktemp --tmpdir rpmlist.XXXXXX` +rpm -qa --queryformat '%{NAME}.%{ARCH}\n' | sort | uniq > $packages + +host=`hostname` +extension='.rpmlist' +file="$copyTo/$host$extension" +mv $packages $file Index: branches/locker-dev/locker/sbin/ssl-get-endtime =================================================================== --- branches/locker-dev/locker/sbin/ssl-get-endtime (revision 1847) +++ branches/locker-dev/locker/sbin/ssl-get-endtime (revision 1847) @@ -0,0 +1,3 @@ +#!/bin/sh + +echo '' | openssl s_client -connect $1 2>/dev/null | openssl x509 -enddate -noout