3.1.1.005-GEN000100.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
#!/bin/bash
# Copyright (C) 2011 simonalsa
# http://www.simonalsa.com
# Author Simon Alonso Sanchez <simonalsa@simonalsa.com>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2
# of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Security Technical Implementation Guide (STIG)
# Security Readiness Review (SRR)
# Tested in GNU/Linux Debian distribution
# STIG|SRR definition
NUMBER="3.1.1.005"
LABEL="GEN000100"
# Section:
SECTION="Linux overview and site information"
# Process:
PROCESS="Operating system"
# Description:
DESCRIPTION="Checks the Linux supported release"
# Include global preferences
if [ -e $PWD/preferences.cfg ]; then
source $PWD/preferences.cfg
else
echo -e "Can not include the global preferences at $PWD/preferences.cfg \r"
exit
fi
# Include local preferences
if [ -e $PWD/$NUMBER-$LABEL.prefs ]; then
source $PWD/$NUMBER-$LABEL.prefs
else
echo -e "Can not include the local preferences at $PWD/$NUMBER-$LABEL.prefs \r"
exit
fi
# Section.Description
echo -e "STIG|SRR definition \r"
echo -e "\t Number: $NUMBER \r"
echo -e "\t Label: $LABEL \r"
echo -e "\t Section: $SECTION \r"
echo -e "\t Process: $PROCESS \r"
echo -e "\t Description: $DESCRIPTION \r"
echo -e "\r"
# Perform
if [ -x $CMD_LSB_RELEASE ]; then
CMD=$($CMD_LSB_RELEASE -d -s)
if [ $? -eq 0 ]; then
echo -e "Linux LSB release: \r"
echo -e "\t $CMD \r"
else
echo -e "Can not locate the Linux LSB release \r"
fi
else
echo -e "Can not locate the $CMD_LSB_RELEASE in the filesystem \r"
exit
fi
if [ -x $CMD_UNAME ]; then
CMD=$($CMD_UNAME)
if [ $? -eq 0 ]; then
KERNEL_NAME=$($CMD_UNAME --kernel-name)
KERNEL_RELEASE=$($CMD_UNAME --kernel-release)
KERNEL_VERSION=$($CMD_UNAME --kernel-version)
KERNEL_MACHINE=$($CMD_UNAME --machine)
KERNEL_PROCESSOR=$($CMD_UNAME --processor)
KERNEL_HARDWARE=$($CMD_UNAME --hardware-platform)
KERNEL_OS=$($CMD_UNAME --operating-system)
echo -e "Kernel release: \r"
echo -e "\t Name: $KERNEL_NAME \r"
echo -e "\t Release: $KERNEL_RELEASE \r"
echo -e "\t Version: $KERNEL_VERSION \r"
echo -e "\t Machine: $KERNEL_MACHINE \r"
echo -e "\t Processor: $KERNEL_PROCESSOR \r"
echo -e "\t Hardware: $KERNEL_HARDWARE \r"
echo -e "\t Operating system: $KERNEL_OS \r"
else
echo -e "Can not locate the Linux Kernel release \r"
fi
else
echo -e "Can not locate the $CMD_UNAME in the filesystem \r"
exit
fi
echo -e "\r" |
3.1.1.005-GEN000100.bash
Sample output
simonalsa@Desktop-01:~/$ bash 3.1.1.005-GEN000100.bash
STIG|SRR definition
Number: 3.1.1.005
Label: GEN000100
Section: Linux overview and site information
Process: Operating system
Description: Checks the Linux supported release
Linux LSB release:
Debian GNU/Linux 6.0.3 (squeeze)
Kernel release:
Name: Linux
Release: 2.6.32-5-amd64
Version: #1 SMP Thu Nov 3 03:41:26 UTC 2011
Machine: x86_64
Processor: unknown
Hardware: unknown
Operating system: GNU/Linux
Tags: Checks, linux, release, SRR, STIG, supported
Debian, Linux, Programación, Scripting, Scripts, Security, Shell, SRR, STIG | salonso | 
January 26, 2012 9:24 pm | 
Comments (0)
The objective is the reuse about variables and why not all GNU/Linux distributions installs the commands by default in the same place
I am going to allocate a variable per each different command. This file will be included in other shell scripts.
preferences.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| CMD_AWK="/usr/bin/awk"
CMD_CAT="/bin/cat"
CMD_CHGRP="/bin/chgrp"
CMD_CHMOD="/bin/chmod"
CMD_DD="/bin/dd"
CMD_DIFF="/usr/bin/diff"
CMD_ECHO="/bin/echo"
CMD_FIND="/usr/bin/find"
CMD_GREP="/bin/grep"
CMD_LAST="/usr/bin/last"
CMD_LASTB="/usr/bin/lastb"
CMD_LS="/bin/ls"
CMD_LSB_RELEASE="/usr/bin/lsb_release"
CMD_MKDIR="/bin/mkdir"
CMD_MKFS="/sbin/mkfs.ext2"
CMD_MKNOD="/bin/mknod"
CMD_MOUNT="/bin/mount"
CMD_MYSQL="/usr/bin/mysql"
CMD_PHP="/usr/bin/php5"
CMD_SED="/bin/sed"
CMD_SEQ="/usr/bin/seq"
CMD_SORT="/usr/bin/sort"
CMD_STAT="/usr/bin/stat"
CMD_TAIL="/usr/bin/tail"
CMD_TOUCH="/bin/touch"
CMD_TUNE2FS="/sbin/tune2fs"
CMD_UNAME="/bin/uname"
CMD_YES="/usr/bin/yes"
CMD_WC="/usr/bin/wc" |
This shell script "preferences.bash" checks the availability about each command defined in the variables saved in the data file "preferences.cfg".
preferences.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| #!/bin/bash
# Check the availability about the commands that will be used
# Include global preferences
source $PWD/preferences.cfg
CMD=$($CMD_CAT $PWD/preferences.cfg)
echo -e "Check the availability about the commands that will be used \r"
# Checks if path is ok
for line in $CMD;
do
TEST=$($CMD_ECHO "$line" | $CMD_AWK -F= '{ print $2 }' | $CMD_SED 's/"//g')
echo -n ""
if [ -e $TEST ]; then
echo -n "[Passed]"
else
echo -n "[Failed]"
fi
echo -n " ... $TEST"
echo -e "\r"
done; |
Sample output
Check the availability about the commands that will be used
[Passed] … /usr/bin/awk
[Passed] … /bin/cat
[Passed] … /bin/chgrp
[Passed] … /bin/chmod
[Passed] … /bin/dd
[Passed] … /usr/bin/diff
[Passed] … /bin/echo
[Passed] … /usr/bin/find
[Passed] … /bin/grep
[Passed] … /usr/bin/last
[Passed] … /usr/bin/lastb
[Passed] … /bin/ls
[Passed] … /usr/bin/lsb_release
[Passed] … /bin/mkdir
[Passed] … /sbin/mkfs.ext2
[Passed] … /bin/mknod
[Passed] … /bin/mount
[Failed] … /usr/bin/mysql
[Failed] … /usr/bin/php5
[Passed] … /bin/sed
[Passed] … /usr/bin/seq
[Passed] … /usr/bin/sort
[Passed] … /usr/bin/stat
[Passed] … /usr/bin/tail
[Passed] … /bin/touch
[Passed] … /sbin/tune2fs
[Passed] … /bin/uname
[Passed] … /usr/bin/yes
[Passed] … /usr/bin/wc
Tags: available, bash, commands, filesystem, shell script, testing
Linux, Programación, Scripting, Scripts, Security, Shell, SRR, STIG | salonso | 8:21 pm | Comments (0)
This bash shell script reads from file the configuration (Memory.pref) about the predefined virtual machines memory ram values and sets the values for each one virtual machines available (DMC dynamic and static range limits) in a Xen XCP domain.
Memory.bash
1 #!/bin/bash
2 VM_NAMES=$(for i in `xe vm-list params=name-label | grep "name-label" | grep -v "Control" | sort | awk -F": " ‘{ print $2 }’`; do echo $i ; done)
3 for VM_NAME in $VM_NAMES;
4 do
5 UUID=$(xe vm-list name-label=$VM_NAME params=uuid | grep uuid | awk -F": " ‘{ print $2 }’)
6 if [ $? -eq 0 ]; then
7 LIMITS=$(cat Memory.prefs | grep $VM_NAME)
8 if [ $? -eq 0 ]; then
9 MINIMUM_DYN=$(echo $LIMITS | awk -F":" ‘{ print $2 }’)
10 MINI_DYN=$[$MINIMUM_DYN * 1024 * 1024]
11 MAXIMUM_DYN=$(echo $LIMITS | awk -F":" ‘{ print $3 }’)
12 MAXI_DYN=$[$MAXIMUM_DYN * 1024 * 1024]
13
14 MINIMUM_ST=$(echo $LIMITS | awk -F":" ‘{ print $4 }’)
15 MINI_ST=$[$MINIMUM_ST * 1024 * 1024]
16 MAXIMUM_ST=$(echo $LIMITS | awk -F":" ‘{ print $5 }’)
17 MAXI_ST=$[$MAXIMUM_ST * 1024 * 1024]
18
19 #echo "DYN: $MINIMUM_DYN as $MINI_DYN ….VS… $MAXIMUM_DYN as $MAXI_DYN"
20 #echo "ST: $MINIMUM_ST as $MINI_ST ….VS… $MAXIMUM_ST as $MAXI_ST"
21
22 CHECK1=false
23 SETPARAM=$(xe vm-param-set uuid=$UUID memory-static-min=$MINI_ST)
24 if [ $? -eq 0 ]; then
25 CHECK1=true;
26 fi
27 SETPARAM=$(xe vm-param-set uuid=$UUID memory-static-max=$MAXI_ST)
28 if [ $? -eq 0 ]; then
29 CHECK2=true;
30 fi
31
32 if [ $CHECK1 = true ]; then
33 if [ $CHECK2 = true ]; then
34 echo "The DMC static range ( $MINIMUM_ST … $MAXIMUM_ST ) about $VM_NAME virtual machine has been updated successfully"
35 else
36 echo "Can not update the maximun DMC static range about $VM_NAME virtual machine"
37 fi
38 else
39 echo "Can not update the minimum DMC static range about $VM_NAME virtual machine"
40 fi
41
42 SETPARAM=$(xe vm-memory-dynamic-range-set uuid=$UUID min=$MINI_DYN max=$MAXI_DYN)
43 if [ $? -eq 0 ]; then
44 echo "The DMC dynamic range ( $MINIMUM_DYN … $MAXIMUM_DYN ) about $VM_NAME virtual machine has been updated successfully"
45 else
46 echo "Can not update the DMC dynamic range about $VM_NAME virtual machine"
47 fi
48 fi
49 fi
50 done
Set the default memory ram values for each virtual machine in "Memory.prefs"
Fields:
1- Virtual machine name as "name-label"
2.- DMC’s dynamic lower limit value about as "memory-dynamic-min"
3.- DMC’s dynamic higger limit value about as "memory-dynamic-max"
4.- DMC’s static lower limit as "memory-static-min"
5.- DMC’s static higger as "memory-static-max"
Memory.prefs
1 Application-Server-01:256:512:192:576
2 Application-Server-02:256:512:192:576
3 Application-Server-03:256:512:192:576
4 Debian-Desktop-1.0:256:384:224:416
5 DNS-Server-1.0:64:88:48:104
6 DNS-Server-2.0:64:88:48:104
7 File-Server-1.0:128:192:96:224
8 File-Server-2.0:128:192:96:224
9 LDAP-Server-1.0:64:88:48:104
10 LDAP-Server-2.0:64:88:48:104
11 Log-Server-1.0:64:88:48:104
12 Sql-Server-1.0:128:256:96:224
13 Web-Server-1.0:88:152:72:168
14 Web-Server-2.0:88:152:72:168
15 Web-Server-3.0:88:152:72:168
Output
[root@thor ~]# bash Memory.bash
The DMC static range ( 192 … 576 ) about Application-Server-01 virtual machine has been updated successfully
The DMC dynamic range ( 256 … 512 ) about Application-Server-01 virtual machine has been updated successfully
The DMC static range ( 192 … 576 ) about Application-Server-02 virtual machine has been updated successfully
The DMC dynamic range ( 256 … 512 ) about Application-Server-02 virtual machine has been updated successfully
The DMC static range ( 192 … 576 ) about Application-Server-03 virtual machine has been updated successfully
The DMC dynamic range ( 256 … 512 ) about Application-Server-03 virtual machine has been updated successfully
The DMC static range ( 224 … 416 ) about Debian-Desktop-1.0 virtual machine has been updated successfully
The DMC dynamic range ( 256 … 384 ) about Debian-Desktop-1.0 virtual machine has been updated successfully
The DMC static range ( 48 … 104 ) about DNS-Server-1.0 virtual machine has been updated successfully
The DMC dynamic range ( 64 … 88 ) about DNS-Server-1.0 virtual machine has been updated successfully
The DMC static range ( 48 … 104 ) about DNS-Server-2.0 virtual machine has been updated successfully
The DMC dynamic range ( 64 … 88 ) about DNS-Server-2.0 virtual machine has been updated successfully
The DMC static range ( 96 … 224 ) about File-Server-1.0 virtual machine has been updated successfully
The DMC dynamic range ( 128 … 192 ) about File-Server-1.0 virtual machine has been updated successfully
The DMC static range ( 96 … 224 ) about File-Server-2.0 virtual machine has been updated successfully
The DMC dynamic range ( 128 … 192 ) about File-Server-2.0 virtual machine has been updated successfully
The DMC static range ( 48 … 104 ) about LDAP-Server-1.0 virtual machine has been updated successfully
The DMC dynamic range ( 64 … 88 ) about LDAP-Server-1.0 virtual machine has been updated successfully
The DMC static range ( 48 … 104 ) about LDAP-Server-2.0 virtual machine has been updated successfully
The DMC dynamic range ( 64 … 88 ) about LDAP-Server-2.0 virtual machine has been updated successfully
The DMC static range ( 48 … 104 ) about Log-Server-1.0 virtual machine has been updated successfully
The DMC dynamic range ( 64 … 88 ) about Log-Server-1.0 virtual machine has been updated successfully
The DMC static range ( 96 … 224 ) about Sql-Server-1.0 virtual machine has been updated successfully
The DMC dynamic range ( 128 … 256 ) about Sql-Server-1.0 virtual machine has been updated successfully
The DMC static range ( 72 … 168 ) about Web-Server-1.0 virtual machine has been updated successfully
The DMC dynamic range ( 88 … 152 ) about Web-Server-1.0 virtual machine has been updated successfully
The DMC static range ( 72 … 168 ) about Web-Server-2.0 virtual machine has been updated successfully
The DMC dynamic range ( 88 … 152 ) about Web-Server-2.0 virtual machine has been updated successfully
The DMC static range ( 72 … 168 ) about Web-Server-3.0 virtual machine has been updated successfully
The DMC dynamic range ( 88 … 152 ) about Web-Server-3.0 virtual machine has been updated successfully
Runtime RAM values
"xentop"
Tags: bash, DMC, domain, dynamic, limits, memory, RAM, range, set, shell script, values, Virtual Machines, VM, XCP, Xen
Configuración, Virtualization, XEN | salonso | January 22, 2012 12:37 am | Comments (0)
Dynamic Memory Control (DMC) is a technology provided by Xen Cloud Platform (XCP).
DMC allows you to change the amount of host memory assigned to any running virtual server, without rebooting it.
Using DMC, it’s possible to operate a guest virtual machine in one of two modes:
1) Target Mode
The administrator specifies a memory target for the guest. XCP adjusts the guest’s memory allocation to meet the target.
2) Dynamic Range Mode
The administrator specifies a dynamic memory range for the guest. XCP chooses a target from within the range and adjusts the guest’s memory allocation to meet the target. Dynamic memory range represents the lower and upper limit of a dynamic memory range. It’s the minimum and maximun amount of memory that the administrator is happy for a guest to use.
You can alter the VM’s DMC mode "as you want" online without reboot it.
Check http://wiki.xensource.com/xenwiki/Dynamic_Memory_Control for more information
For example:
1) Mode As Target Mode ( 160 MB )
[root@thor ~]# xe vm-memory-target-set uuid=9e07177c-5bee-61a3-f743-6675f6a6a81e target=167772160
[root@thor ~]# xe vm-param-list uuid=9e07177c-5bee-61a3-f743-6675f6a6a81e | grep "memory-" | grep -v "last" | grep -v "recomendation"
…
…
memory-static-max ( RW): 167772160
memory-static-min ( RW): 67108864
…
…
[root@thor ~]# xe vm-param-get uuid=9e07177c-5bee-61a3-f743-6675f6a6a81e param-name=memory-target
167772160
"DNS-Server-XX"
2) Mode As Dynamic Range Mode ( [64...128] MB )
Set VM’s DMC limits
[root@thor ~]# xe vm-memory-dynamic-range-set uuid=9e07177c-5bee-61a3-f743-6675f6a6a81e min=67108864 max=134217728
Check VM’s DMS limits
[root@thor ~]# xe vm-param-list uuid=9e07177c-5bee-61a3-f743-6675f6a6a81e | grep "memory-" | grep -v "last" | grep -v "recommendations"
…
…
memory-dynamic-max ( RW): 134217728
memory-dynamic-min ( RW): 67108864
…
…
[root@thor ~]# xe vm-param-get uuid=9e07177c-5bee-61a3-f743-6675f6a6a81e param-name=memory-target
134217728
"DNS-Server-XX"
Really nice powerfull feature
This script export all the virtual machines that are in halted state availables in Xen XCP’s domain.
The process is simple. Exports the virtual machine to the filesystem and compress the exported virtual machine into the filesystem. Repeat the process for each one virtual machine available in the Xen XCP’s domain.
Finally (as you want) shut down the host
Backup.bash
1 #/bin/bash
2
3 DATESTAMP=$(date +%F)
4
5 UUIDS=$(xe vm-list | grep uuid | awk -F: ‘ { print $2 }’ | sed ‘s/ //g’)
6
7 for UUID in $UUIDS
8 do
9 NAME=$(xe vm-list uuid=$UUID | grep name | awk -F: ‘ { print $2 }’ | sed ‘s/ //g’)
10 if [ $NAME != "Controldomainonhost" ]; then
11 xe vm-export filename=/backup/$UUID\_$NAME\_$DATESTAMP.xva uuid=$UUID
12 if [ $? -eq 0 ]; then
13 echo -e "The virtual machine $NAME has been exported"
14 else
15 echo -e "Can not export the virtual machine $NAME"
16 fi
17
18 gzip -9 /backup/$UUID\_$NAME\_$DATESTAMP.xva
19 rm -f /backup/$UUID\_$NAME\_$DATESTAMP.xva
20 fi
21 done
22
23
24 shutdown -h now
Result
[root@thor 20120118]# ls -lh *.gz | awk ‘{ print $9,"(",$5,")" }’
10761c7f-70a2-1263-43d4-53fdd059cf81_Log-Server-1.0_2012-01-18.xva.gz ( 417M )
16d0b2d3-51c1-e692-7f90-2473277b0f50_Web-Server-2.0_2012-01-18.xva.gz ( 1.1G )
1b8feb8e-04fe-2a4e-5716-dde1e375b2f9_LDAP-Server-2.0_2012-01-18.xva.gz ( 394M )
3e7ae452-52fb-7f3b-b105-087981a8a8b0_Application-Server-01_2012-01-18.xva.gz ( 994M )
46f069fb-0ca1-cbb0-d64c-2a5ea1d2a4bb_File-Server-2.0_2012-01-18.xva.gz ( 37G )
526e3294-b61b-7c39-debb-325d238c85f9_DNS-Server-1.0_2012-01-18.xva.gz ( 731M )
668d4e9b-cb44-24f7-7d23-2e0efc6627c3_Sql-Server-1.0_2012-01-18.xva.gz ( 7.4G )
6a7bea88-8b49-bc77-6cc9-06601aea6eaf_XCP-Server-1.1_2012-01-18.xva.gz ( 515M )
88357478-ac9e-51d1-b27d-2a9da6d75a3d_LDAP-Server-1.0_2012-01-18.xva.gz ( 380M )
910cbd07-3dde-974d-5595-3021103ad656_File-Server-1.0_2012-01-18.xva.gz ( 78G )
9e07177c-5bee-61a3-f743-6675f6a6a81e_DNS-Server-2.0_2012-01-18.xva.gz ( 435M )
f8c2291a-a387-69ca-a95e-e0383f717f83_Debian-Desktop-1.0_2012-01-18.xva.gz ( 1.1G )
Tags: backup, compress, domain, Export, Virtual Machines, XCP, Xen
Linux, Programación, Scripting, Scripts, Shell, Virtualization, XEN | salonso | January 19, 2012 8:54 pm | Comments (1)
This simple script lets read the uuid and name about each Xen XCP’s VM and shutdown one by one if the Xen Guest Tools are installed in each VM
Take care about NFS’s mounts because if the NFS server goes offline before the NFS clients then you must stop the services manually before the shutdown process will be effective
The script must be runned as Xen XCP domain administrator privileges
Shutdown.bash
1 #/bin/bash
2
3 DATESTAMP=$(date +%F)
4
5 UUIDS=$(xe vm-list | grep uuid | awk -F: ‘ { print $2 }’ | sed ‘s/ //g’)
6
7 for UUID in $UUIDS
8 do
9 NAME=$(xe vm-list uuid=$UUID | grep name | awk -F: ‘ { print $2 }’ | sed ‘s/ //g’)
10 if [ $NAME != "Controldomainonhost" ]; then
11 xe vm-shutdown uuid=$UUID
12 if [ $? -eq 0 ]; then
13 echo -e "The virtual machine $NAME has been stopped"
14 else
15 echo -e "Can not stop the virtual machine $NAME"
16 fi
17 fi
18 done
19
20
21 #shutdown -h now
Console stdout
[root@thor Script]# bash Shutdown.bash
The virtual machine Application-Server-01 has been stopped
The virtual machine LDAP-Server-1.0 has been stopped
The virtual machine LDAP-Server-2.0 has been stopped
The virtual machine File-Server-1.0 has been stopped
The virtual machine Web-Server-2.0 has been stopped
The virtual machine File-Server-2.0 has been stopped
You attempted an operation on a VM that was not in an appropriate power state at the time; for example, you attempted to start a VM that was already running. The parameters returned are the VM’s handle, and the expected and actual VM state at the time of the call.
vm: 10761c7f-70a2-1263-43d4-53fdd059cf81 (Log-Server-1.0)
expected: running
actual: halted
Can not stop the virtual machine Log-Server-1.0
The virtual machine Application-Server-03 has been stopped
The virtual machine Debian-Desktop-1.0 has been stopped
The virtual machine DNS-Server-1.0 has been stopped
The virtual machine Application-Server-02 has been stopped
The virtual machine DNS-Server-2.0 has been stopped
The virtual machine Sql-Server-1.0 has been stopped
The virtual machine Web-Server-1.0 has been stopped
The virtual machine Web-Server-3.0 has been stopped
Subscribe