Open-AudIT

What's on your network?
It is currently Thu Apr 19, 2018 9:34 pm

All times are UTC + 10 hours




Post new topic Reply to topic  [ 28 posts ]  Go to page Previous  1, 2
Author Message
PostPosted: Thu Aug 04, 2016 10:58 am 
Offline
Newbie

Joined: Tue Aug 02, 2016 9:52 pm
Posts: 11
Quote:
[root@mng10 ~]# lsblk -lno NAME /dev/sda
sda
sda1
sda2
vg_mng10-lv_swap (dm-0)
vg_mng10-lv_root (dm-1)
vg_mng10-sfvm_net01 (dm-2)
vg_mng10-tecnoteca-real (dm-3)
vg_mng10-tecnoteca (dm-4)
vg_mng10-tecnoteca_snap (dm-6)
vg_mng10-tecnoteca_snap-cow (dm-5)
vg_mng10-tecnoteca_snap (dm-6)
vg_mng10-tecnoteca_clone (dm-7)
vg_mng10-josmon0 (dm-8)


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 04, 2016 1:28 pm 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
OK. That's a lot of good information but as a Windows luser I'm out of ideas. I'm not sure, given the output you've posted, you're getting bad values. It seems like $partition is incorrect for some reason possible related to the partitions having parens in the name. I would make a small test case sh file with just the basic loop stuff from line 1703 and try to see what $partition looks like over all the partitions output.

Maybe just comment out the partition_size calculation at line 1728 and see what output that gives for our "echo debug" line.


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 04, 2016 8:42 pm 
Offline
Newbie

Joined: Tue Aug 02, 2016 9:52 pm
Posts: 11
Just comment out the partition_size calculation at line 1728, then result is;
Quote:
[root@mng10 other]# ./audit_linux.sh debugging=2
Starting audit - .
PC . responding to ping
My PID is : 16604
Audit Start Time : 2016-08-04 19:40:56
Audit Location: local
-------------------
System Info
BIOS Info
Processor Info
Memory Info
Motherboard Info
Optical Drives Info
Video Cards Info
Sound Cards Info
Shares Info
Network Cards Info
Hard Disk Info
sda sda1
./audit_linux.sh: line 1728: / 1024 / 1024: syntax error: operand expected (error token is "/ 1024 / 1024")


Top
 Profile  
Reply with quote  
PostPosted: Fri Aug 05, 2016 9:05 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
That error indicates you didn't comment out the calc at line 1728 correctly. You want 1727 and 1728 to look like this:

Code:
#partition_size=$(lsblk -lbo NAME,SIZE /dev/$disk 2>/dev/null | grep "^$partition " | rev | cut -d" " -f1 | rev)
#partition_size=$((partition_size / 1024 / 1024))


Top
 Profile  
Reply with quote  
PostPosted: Fri Aug 05, 2016 1:06 pm 
Offline
Newbie

Joined: Tue Aug 02, 2016 9:52 pm
Posts: 11
Ok, I commented out them.
Quote:
[root@mng10 other]# ./audit_linux.sh debug=2
Starting audit - .
PC . responding to ping
My PID is : 54276
Audit Start Time : 2016-08-05 12:04:03
Audit Location: local
-------------------
System Info
BIOS Info
Processor Info
Memory Info
Motherboard Info
Optical Drives Info
Video Cards Info
Sound Cards Info
Shares Info
Network Cards Info
Hard Disk Info
disk=sda partition=sda1 partition_size=
disk=sda partition=sda2 partition_size=
disk=sda partition=vg_mng10-lv_swap partition_size=
disk=sda partition=(dm-0) partition_size=
disk=sda partition=vg_mng10-lv_root partition_size=
disk=sda partition=(dm-1) partition_size=
disk=sda partition=vg_mng10-sfvm_net01 partition_size=
disk=sda partition=(dm-2) partition_size=
disk=sda partition=vg_mng10-tecnoteca-real partition_size=
disk=sda partition=(dm-3) partition_size=
disk=sda partition=vg_mng10-tecnoteca partition_size=
disk=sda partition=(dm-4) partition_size=
disk=sda partition=vg_mng10-tecnoteca_snap partition_size=
disk=sda partition=(dm-6) partition_size=
disk=sda partition=vg_mng10-tecnoteca_snap-cow partition_size=
disk=sda partition=(dm-5) partition_size=
disk=sda partition=vg_mng10-tecnoteca_snap partition_size=
disk=sda partition=(dm-6) partition_size=
disk=sda partition=vg_mng10-tecnoteca_clone partition_size=
disk=sda partition=(dm-7) partition_size=
disk=sda partition=vg_mng10-josmon0 partition_size=
disk=sda partition=(dm-8) partition_size=
Log Info
Environment Variable Info
Swap Info
User Info
Group Info
Software Info
Service Info
Route Info
Netstat Info
Audit Generated in '35' seconds.
Audit Completed in '35' seconds.


Top
 Profile  
Reply with quote  
PostPosted: Fri Aug 05, 2016 2:40 pm 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
Once again I miss the obvious. So we have spaces in the partition name and the for loop is breaking on the spaces. So we should set the for loop to separate by newlines. Try the following which is just setting the IFS variable. Then I set it back at the end because I'm too lazy to check what the disk for loop uses. You don't need to change all this. Just put the "IFS" lines where I've added them near the beginning and end. Uncomment the partition size calc and see what happens.

Code:
   PREVIFS=$IFS
   IFS="$NEWLINEIFS";
   for partition in $(lsblk -lno NAME /dev/$disk 2>/dev/null | grep -v ^$disk\$ ); do
      if [ -n "$partition" ] && [ "$partition" != "$disk" ]; then

         # partition_mount_type=$(lsblk -lndo TYPE /dev/"$partition" 2>/dev/null)
         partition_mount_type=$(lsblk -lno NAME,TYPE /dev/$disk 2>/dev/null | grep "^$partition " | sed -e "s/$partition//g")
         partition_mount_type=$(trim "$partition_mount_type")
         if [ "$partition_mount_type" = "part" ]; then
            partition_mount_type="partition"
            partition_type="local"
         else
            partition_mount_type="mount point"
            partition_type="$partition_mount_type"
         fi

         #partition_mount_point=$(lsblk -lndo MOUNTPOINT /dev/"$partition" 2>/dev/null)
         partition_mount_point=$(lsblk -lno NAME,MOUNTPOINT /dev/$disk 2>/dev/null | grep "^$partition " | sed -e "s/$partition//g")
         partition_mount_point=$(trim "$partition_mount_point")

         #partition_name=$(lsblk -lndo LABEL /dev/"$partition" 2>/dev/null)
         partition_name=$(lsblk -lno NAME,LABEL /dev/$disk 2>/dev/null | grep "^$partition " | sed -e "s/$partition//g")
         partition_name=$(trim "$partition_name")

         #partition_size=$(lsblk -lbndo SIZE /dev/"$partition" 2>/dev/null)
         #partition_size=$(lsblk -lbo NAME,SIZE /dev/$disk 2>/dev/null | grep "^$partition " | sed -e "s/$partition//g")
         partition_size=$(lsblk -lbo NAME,SIZE /dev/$disk 2>/dev/null | grep "^$partition " | rev | cut -d" " -f1 | rev)
         partition_size=$((partition_size / 1024 / 1024))

         #partition_format=$(lsblk -lndo FSTYPE /dev/"$partition" 2>/dev/null)
         partition_format=$(lsblk -lno NAME,FSTYPE /dev/$disk 2>/dev/null | grep "^$partition " | sed -e "s/$partition//g")
         partition_format=$(trim "$partition_format")

         #partition_caption=$(lsblk -lndo LABEL /dev/"$partition" 2>/dev/null)
         partition_caption=$(lsblk -lno NAME,LABEL /dev/$disk 2>/dev/null | grep "^$partition " | sed -e "s/$partition//g")
         partition_caption=$(trim "$partition_caption")

         partition_device_id="/dev/$partition"
         partition_disk_index="$disk"
         partition_bootable=""
         partition_quotas_supported=""
         partition_quotas_enabled=""

         #partition_serial=$(lsblk -lndo UUID /dev/"$partition" 2>/dev/null)
         partition_serial=$(lsblk -lno NAME,UUID /dev/$disk 2>/dev/null | grep "^$partition " | sed -e "s/$partition//g")
         partition_serial=$(trim "$partition_serial")

         #partition_free_space=$(df -m /dev/"$partition" 2>/dev/null | grep /dev/"$partition" | awk '{print $4}')
         partition_free_space=$(df -m --total "$partition_mount_point" 2>/dev/null | grep ^total | awk '{print $4}')
         if [ -z "$partition_free_space" ] && [ -n "$partition_serial" ]; then
            partition_free_space=$(df -m /dev/disk/by-uuid/"$partition_serial" 2>/dev/null | grep "$partition_serial" | awk '{print $4}')
         fi
         #partition_used_space=$(df -m /dev/"$partition" 2>/dev/null | grep /dev/"$partition" | awk '{print $3}')
         partition_used_space=$(df -m --total "$partition_mount_point" 2>/dev/null | grep ^total | awk '{print $3}')
         if [ -z "$partition_used_space" ] && [ -n "$partition_serial" ]; then
            partition_used_space=$(df -m /dev/disk/by-uuid/"$partition_serial" 2>/dev/null | grep "$partition_serial" | awk '{print $3}')
         fi

         if [ "$partition_format" = "swap" ]; then
            partition_used_space=$(free -m | grep -i swap | awk '{print $3}')
            partition_free_space=$(free -m | grep -i swap | awk '{print $4}')
         fi

         partition_result=$partition_result"
      <item>
         <serial>$(escape_xml "$partition_serial")</serial>
         <name>$(escape_xml "$partition_name")</name>
         <description>$(escape_xml "$partition_caption")</description>
         <device>$(escape_xml "$partition_device_id")</device>
         <hard_drive_index>$(escape_xml "$partition_disk_index")</hard_drive_index>
         <partition_disk_index>$(escape_xml "$partition_disk_index")</partition_disk_index>
         <mount_type>$(escape_xml "$partition_mount_type")</mount_type>
         <mount_point>$(escape_xml "$partition_mount_point")</mount_point>
         <size>$(escape_xml "$partition_size")</size>
         <free>$(escape_xml "$partition_free_space")</free>
         <used>$(escape_xml "$partition_used_space")</used>
         <format>$(escape_xml "$partition_format")</format>
         <type>$(escape_xml "$partition_type")</type>
      </item>"

      fi
   done
   IFS=$PREVIFS
done
echo "   </disk>" >> "$xml_file"


Top
 Profile  
Reply with quote  
PostPosted: Fri Aug 05, 2016 3:42 pm 
Offline
Newbie

Joined: Tue Aug 02, 2016 9:52 pm
Posts: 11
still something wrong....
Quote:
[root@mng10 other]# ./audit_linux.sh debug=2
Starting audit - .
PC . responding to ping
My PID is : 44829
Audit Start Time : 2016-08-05 14:39:18
Audit Location: local
-------------------
System Info
BIOS Info
Processor Info
Memory Info
Motherboard Info
Optical Drives Info
Video Cards Info
Sound Cards Info
Shares Info
Network Cards Info
Hard Disk Info
sed: -e expression #1, char 6: unterminated `s' command
sed: -e expression #1, char 6: unterminated `s' command
sed: -e expression #1, char 6: unterminated `s' command
disk=sda partition=sda1
sda2
vg_m partition_size=524288000
249533825024
./audit_linux.sh: line 1733: 524288000
249533825024 / 1024 / 1024: syntax error in expression (error token is "249533825024 / 1024 / 1024")


Top
 Profile  
Reply with quote  
PostPosted: Mon Aug 08, 2016 8:33 pm 
Offline
Newbie

Joined: Tue Aug 02, 2016 9:52 pm
Posts: 11
I added 'sed -e "s/ (/_(/g"' to replace space by underscore in $partition like as;
line 1703
Code:
for partition in $(lsblk -lno NAME /dev/$disk 2>/dev/null | grep -v ^$disk\$ | sed -e "s/ (/_(/g" ); do

line 1727
Code:
partition_size=$(lsblk -lbo NAME,SIZE /dev/$disk 2>/dev/null | sed -e "s/ (/_(/g" | grep "^$partition " | rev | cut -d" " -f1 | rev)

Then it seems to work fine now.
Thanks


Top
 Profile  
Reply with quote  
PostPosted: Tue Aug 09, 2016 9:33 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
So a slight change you can test. It seems a different newlines IFS should be used. All I've changed is the second line.

Code:
   PREVIFS=$IFS
   IFS=$'\n';
   for partition in $(lsblk -lno NAME /dev/$disk 2>/dev/null | grep -v ^$disk\$ ); do
      if [ -n "$partition" ] && [ "$partition" != "$disk" ]; then

         # partition_mount_type=$(lsblk -lndo TYPE /dev/"$partition" 2>/dev/null)
         partition_mount_type=$(lsblk -lno NAME,TYPE /dev/$disk 2>/dev/null | grep "^$partition " | sed -e "s/$partition//g")
         partition_mount_type=$(trim "$partition_mount_type")
         if [ "$partition_mount_type" = "part" ]; then
            partition_mount_type="partition"
            partition_type="local"
         else
            partition_mount_type="mount point"
            partition_type="$partition_mount_type"
         fi

         #partition_mount_point=$(lsblk -lndo MOUNTPOINT /dev/"$partition" 2>/dev/null)
         partition_mount_point=$(lsblk -lno NAME,MOUNTPOINT /dev/$disk 2>/dev/null | grep "^$partition " | sed -e "s/$partition//g")
         partition_mount_point=$(trim "$partition_mount_point")

         #partition_name=$(lsblk -lndo LABEL /dev/"$partition" 2>/dev/null)
         partition_name=$(lsblk -lno NAME,LABEL /dev/$disk 2>/dev/null | grep "^$partition " | sed -e "s/$partition//g")
         partition_name=$(trim "$partition_name")

         #partition_size=$(lsblk -lbndo SIZE /dev/"$partition" 2>/dev/null)
         #partition_size=$(lsblk -lbo NAME,SIZE /dev/$disk 2>/dev/null | grep "^$partition " | sed -e "s/$partition//g")
         partition_size=$(lsblk -lbo NAME,SIZE /dev/$disk 2>/dev/null | grep "^$partition " | rev | cut -d" " -f1 | rev)
         partition_size=$((partition_size / 1024 / 1024))

         #partition_format=$(lsblk -lndo FSTYPE /dev/"$partition" 2>/dev/null)
         partition_format=$(lsblk -lno NAME,FSTYPE /dev/$disk 2>/dev/null | grep "^$partition " | sed -e "s/$partition//g")
         partition_format=$(trim "$partition_format")

         #partition_caption=$(lsblk -lndo LABEL /dev/"$partition" 2>/dev/null)
         partition_caption=$(lsblk -lno NAME,LABEL /dev/$disk 2>/dev/null | grep "^$partition " | sed -e "s/$partition//g")
         partition_caption=$(trim "$partition_caption")

         partition_device_id="/dev/$partition"
         partition_disk_index="$disk"
         partition_bootable=""
         partition_quotas_supported=""
         partition_quotas_enabled=""

         #partition_serial=$(lsblk -lndo UUID /dev/"$partition" 2>/dev/null)
         partition_serial=$(lsblk -lno NAME,UUID /dev/$disk 2>/dev/null | grep "^$partition " | sed -e "s/$partition//g")
         partition_serial=$(trim "$partition_serial")

         #partition_free_space=$(df -m /dev/"$partition" 2>/dev/null | grep /dev/"$partition" | awk '{print $4}')
         partition_free_space=$(df -m --total "$partition_mount_point" 2>/dev/null | grep ^total | awk '{print $4}')
         if [ -z "$partition_free_space" ] && [ -n "$partition_serial" ]; then
            partition_free_space=$(df -m /dev/disk/by-uuid/"$partition_serial" 2>/dev/null | grep "$partition_serial" | awk '{print $4}')
         fi
         #partition_used_space=$(df -m /dev/"$partition" 2>/dev/null | grep /dev/"$partition" | awk '{print $3}')
         partition_used_space=$(df -m --total "$partition_mount_point" 2>/dev/null | grep ^total | awk '{print $3}')
         if [ -z "$partition_used_space" ] && [ -n "$partition_serial" ]; then
            partition_used_space=$(df -m /dev/disk/by-uuid/"$partition_serial" 2>/dev/null | grep "$partition_serial" | awk '{print $3}')
         fi

         if [ "$partition_format" = "swap" ]; then
            partition_used_space=$(free -m | grep -i swap | awk '{print $3}')
            partition_free_space=$(free -m | grep -i swap | awk '{print $4}')
         fi

         partition_result=$partition_result"
      <item>
         <serial>$(escape_xml "$partition_serial")</serial>
         <name>$(escape_xml "$partition_name")</name>
         <description>$(escape_xml "$partition_caption")</description>
         <device>$(escape_xml "$partition_device_id")</device>
         <hard_drive_index>$(escape_xml "$partition_disk_index")</hard_drive_index>
         <partition_disk_index>$(escape_xml "$partition_disk_index")</partition_disk_index>
         <mount_type>$(escape_xml "$partition_mount_type")</mount_type>
         <mount_point>$(escape_xml "$partition_mount_point")</mount_point>
         <size>$(escape_xml "$partition_size")</size>
         <free>$(escape_xml "$partition_free_space")</free>
         <used>$(escape_xml "$partition_used_space")</used>
         <format>$(escape_xml "$partition_format")</format>
         <type>$(escape_xml "$partition_type")</type>
      </item>"

      fi
   done
   IFS=$PREVIFS
done
echo "   </disk>" >> "$xml_file"


Top
 Profile  
Reply with quote  
PostPosted: Tue Aug 09, 2016 9:37 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
The $'...' syntax seems to be bash specific. So this may not work everywhere. So maybe it should be to replace line 93 with:
Code:
NEWLINEIFS=$(echo -en "\n\b");

Then use my original code with
Code:
PREVIFS=$IFS
IFS="$NEWLINEIFS";

The audit_linux.sh already has multiple ways of setting IFS to newlines. Line 1802 is different than line 93.


Top
 Profile  
Reply with quote  
PostPosted: Tue Aug 09, 2016 8:09 pm 
Offline
Newbie

Joined: Tue Aug 02, 2016 9:52 pm
Posts: 11
It doesn't work.
$partition is still contain multiple lines.

Quote:
[root@mng10 other]# ./audit_linux.sh debug=2
Starting audit - .
PC . responding to ping
My PID is : 25478
Audit Start Time : 2016-08-09 19:07:24
Audit Location: local
-------------------
System Info
BIOS Info
Processor Info
Memory Info
Motherboard Info
Optical Drives Info
Video Cards Info
Sound Cards Info
Shares Info
Network Cards Info
Hard Disk Info
partition=sda1
sda2
vg_m
sed: -e expression #1, char 6: unterminated `s' command
sed: -e expression #1, char 6: unterminated `s' command
sed: -e expression #1, char 6: unterminated `s' command
disk=sda partition=sda1
sda2
vg_m partition_size=524288000
249533825024
./audit_linux.sh: line 1734: 524288000
249533825024 / 1024 / 1024: syntax error in expression (error token is "249533825024 / 1024 / 1024")


When using
Code:
 
   PREVIFS=$IFS
   IFS=$'\n';

it works.


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 10, 2016 2:04 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
It turns out I'm not good at copy-paste either. I've actually tested this time and changed my answer above to fix the non-BASH specific NEWLINEFS stuff.

So if we change the definition for the NEWLINEFS to
Code:
NEWLINEIFS=$(echo -en "\n\b");

or
Code:
NEWLINEIFS='
'


Then this should work where the script is run on a machine which links /bin/sh against a non-posix shell.
Code:
PREVIFS=$IFS
IFS="$NEWLINEIFS";


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 10, 2016 10:24 pm 
Offline
Newbie

Joined: Tue Aug 02, 2016 9:52 pm
Posts: 11
Finally, it works fine!
Thank you very much!


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 28 posts ]  Go to page Previous  1, 2

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group