-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathsyscleanup.sh
executable file
·136 lines (118 loc) · 3.92 KB
/
syscleanup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
#!/bin/sh
#
# Copyright Karanbir Singh, kbsingh@karan.org, http://www.karan.org/ ;Feb 2010
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# ---------------------------------------------------------------------------
# Usage:
# sudo ./syscleanup > run.report
#
# This script outputs _lots_ of text, so its a good idea to push it into a file
#
# Notes:
# - check if we are running as root, not doing so can cause false positives as we might
# not have perms to check some of the file/package payloads
# - save a load of time by not letting find descend into directories we never want to
# compare
# - Not sure why were testing yum sanity; given that were not doing anything with it!
# - This is not a securty audit script, so dont treat it as such
#
TAG=$(date +%Y%m%d_%H:%M:%S)
FindOpts=()
SysFileList=/tmp/scu-syslist.$TAG
RpmFileList=/tmp/scu-rpmlist.$TAG
RpmModList=/tmp/scu-rpmmod.$TAG
# clear list is for points that rpm never provides any files under
ClearList=(/home /media /misc /mnt /net /opt /root /srv)
# ignorelist is for points where we expect local content - may not be a big deal
IgnoreList=(/var/cache /var/log /var/tmp /tmp)
# whitelist is for things that we know dont come from rpms, but need to be ignored
WhiteList=(/dev /proc /sys /selinux)
check_sanity(){
# make sure that rpmdb can be queried
rpmout=$( rpm --qf '%{name}\n' -qf /etc/inittab )
if [ $rpmout != 'initscripts' ] ; then
echo "RPM faild sanity test"
return -1
fi
# Just a basic test to make sure yum is usable on the machine
python -c 'import yum'
if [ $? -ne 0 ]; then
echo 'YUM failed sanity test'
return -1
fi
}
build_findopts() {
i=${#FindOpts[*]}
Supp_list=( ${ClearList[@]} ${IgnoreList[@]} )
Supp_list=( ${Supp_list[@]} ${WhiteList[@]} )
for d in "${Supp_list[@]}"; do
FindOpts[i++]="-wholename"
FindOpts[i++]="$d/*"
FindOpts[i++]="-prune"
FindOpts[i++]="-o"
done
}
get_AllSystemFileList() {
# Get a list of all files we care about
build_findopts
find / "${FindOpts[@]}" -print
}
get_AllRpmFileList() {
# Get a list of all files in the rpmdb
rpm -qal
}
find_clearlist_files() {
# All files under points defied as ClearList are non-rpm-packaged
for dir in "${ClearList[@]}"; do
find $dir
done
# Compare /tmp/scu-syslist and /tmp/scu-rpmlist to workout diff's
}
find_mod_rpms() {
#get a list of rpms that provided files which have been locally modified
for pkg in `rpm -qa`; do
rpmout=$(rpm -V $pkg )
if [ `echo $rpmout | grep -v '^$' | wc -l` -gt 0 ]; then
echo '--: ' $pkg
echo "$rpmout"
fi
done
}
find_rpms_origin(){
rpm --qf "%{vendor} : %{name}-%{version}-%{release}\n" -qa | sort
}
runas_root(){
# Check if were running as root
if [ `id -n -u` != 'root' ]; then
return 1
fi
}
runas_root
if [ $? -ne 0 ];then echo -e ' .. \n .. Running this script as root would reduce false positives !\n' ; fi
check_sanity
if [ $? -ne 0 ];then exit 1 ; fi
get_AllSystemFileList | sort > ${SysFileList}
get_AllRpmFileList | sort | uniq > ${RpmFileList}
find_mod_rpms > ${RpmModList}
echo " .. \n .. Sysclean Run : " `date`
diff -uNr ${RpmFileList} ${SysFileList}
echo " .. \n .. ClearList Files: \n"
find_clearlist_files
echo -e " .. \n .. Content that has changed from what RPM brought in \n"
cat ${RpmModList}
echo -e " .. \n .. Origin of the RPMS Installed \n"
find_rpms_origin
exit 0