#!/bin/sh #+ # NAME: # sophos_update # PURPOSE: # Update Sophos engine and virus database # CALLING SEQUENCE: # sophos_update [ ] # INPUTS: # server Sophos server # If not specified then the Sophos server should already # be mounted or the procedures aborts. # user user name on Sophos server # password password on Sophos server # If username and password are not specified then # an attempt is made to get them from $HOME/.netrc # If not specified and not found in .netrc the procedure # aborts. # RESTRICTIONS: # > Can only be run on the root account # PROCEDURE: # Configuration files. # # /etc/sav.conf contains: (currently NOT USED) # SAV virus data directory = /usr/local/sav # # /etc/eminstall.conf # EM install CID = /media/sophos_server/unixinst/linux/intel_libc6_glib2_2 # EM cache dir = /usr/local/sav # protocol = smbfs # # The "EM cache dir" is stored in local symbol SOP_SAVE_DIR. # (The same directory is defined in /etc/sav.conf under "SAV virus data directory") # # The part of "EM install CID" preceding '/unixinst' is stored in local symbol # SOP_SERVER_MNTPNT (the mount point for the Samba mount to the SOP server). # # # =============== # The old method: # # SAV=$(grep "SAV virus data directory" /etc/sav.conf | gawk '{print $6}') # GET=$SAV/get # LOG=/tmp/update_sophos.log.$$ # wget -a$LOG -P$GET http://www.sophos.com/downloads/ide/ides.zip # unzip -o $GET/ides.zip -d $SAV/ # chmod 644 $SAV/*.ide # rm -f $GET/ides.zip > /dev/null # # MODIFICATION HISTORY: # Original version by Paul Yeatman # NOV-2005, Paul Hick (UCSD/CASS) # Updated for SMEI cluster. #- MYNAME=$(basename $0 .sh) echo_msg() { echo $MYNAME, $* echo $MYNAME, $* | mail -s "$MYNAME failed" root return } # =================== # Begin Sanity Checks # Only root is allowed to run this. if [ "$USER" != "root" ]; then echo_msg "only run sweep from the root account. Aborting !!!" exit 0 fi UPDATE_CONF=/etc/eminstall.conf # Update configuration file # Make sure config file exists if [ ! -f $UPDATE_CONF ]; then echo_msg "$UPDATE_CONF does not exist. Aborting !!!" exit 0 fi # Config file exists: extract location of remote eminstall.sh, # mount point and save directory # The mount point will be created if it doesn't exist. # The save directory must exists (it contains the install # script eminstall.sh) SOP_REMOTE_EXEDIR=$(grep CID $UPDATE_CONF | gawk '{print $5}') SOP_SERVER_MNTPNT=$(echo $SOP_REMOTE_EXEDIR | gawk -F /unixinst '{print $1}') if [ ! -d $SOP_SERVER_MNTPNT ]; then mkdir -v $SOP_SERVER_MNTPNT fi SOP_SAVE_DIR=$(grep "EM cache dir" $UPDATE_CONF | gawk '{print $5}') if [ ! -d $SOP_SAVE_DIR ]; then echo_msg "$SOP_SAVE_DIR does not exist (Sophos not installed ??). Aborting !!!" exit 0 fi # Make sure that smbmount is present. #SMBMOUNT=$(which smbmount) SMBMOUNT=$(which mount.cifs) if [ -z "$SMBMOUNT" ]; then echo_msg "$SMBMOUNT does not exist. Aborting !!!" exit 0 fi # End Sanity Checks # =================== # Pick up command line arguments. # (username and password can also be provided by putting them in $HOME/.netrc SOP_SERVER=$1 SOP_SERVER_USER=$2 SOP_SERVER_PASSWORD=$3 # Check whether SOP_SERVER_MNTPNT is already mounted. If not, mount it. grep -q "$SOP_SERVER_MNTPNT" /etc/mtab if [ $? != 0 ]; then if [ -z "$SOP_SERVER" ]; then echo_msg "no SOPHOS server specified" exit 0 fi if [ -z "$SOP_SERVER_USER" ]; then if [ -f $HOME/.netrc ]; then SOP_SERVER_USER=$(grep $SOP_SERVER $HOME/.netrc | gawk '{print $4}') fi if [ -z "$SOP_SERVER_USER" ]; then echo_msg "no username specified for $SOP_SERVER" exit 0 fi fi if [ -z "$SOP_SERVER_PASSWORD" ]; then if [ -f $HOME/.netrc ]; then SOP_SERVER_PASSWORD=$(grep $SOP_SERVER $HOME/.netrc | grep $SOP_SERVER_USER | gawk '{print $6}') fi if [ -z "$SOP_SERVER_PASSWORD" ]; then echo_msg "no password specified for $SOP_SERVER_USER@$SOP_SERVER" exit 0 fi fi SMBCMD="$SMBMOUNT //$SOP_SERVER/InterChk $SOP_SERVER_MNTPNT -o ro,username=$SOP_SERVER_USER,password=$SOP_SERVER_PASSWORD" #echo $SMBCMD $SMBCMD if [ $? != 0 ]; then echo_msg "failed mounting $SOP_SERVER. Aborting !!!" exit 0 fi df | grep InterChk fi # Check for presences of eminstall.sh. If it doesn't exist then try to get it # from the SOP_SERVER UPDATE_EXEC_LOCAL=$SOP_SAVE_DIR/eminstall.sh UPDATE_EXEC_REMOTE=$SOP_REMOTE_EXEDIR/eminstall.sh if [ ! -x $UPDATE_EXEC_LOCAL ]; then echo $MYNAME, $UPDATE_EXEC_LOCAL missing. Try to get it from $SOP_SERVER cp -vp $UPDATE_EXEC_REMOTE $UPDATE_EXEC_LOCAL if [ ! -x $UPDATE_EXEC_LOCAL ]; then echo_msg "$UPDATE_EXEC_LOCAL does not exist. Aborting !!!" exit 0 fi fi $UPDATE_EXEC_LOCAL 2>&1 | mail -s "$MYNAME" root # $UPDATE_EXEC_LOCAL seems to delete itself when updates are found # (py 11-10-04) if [ ! -x $UPDATE_EXEC_LOCAL ]; then echo $MYNAME, $UPDATE_EXEC_LOCAL disappeared. Get it again. cp -vp $UPDATE_EXEC_REMOTE $UPDATE_EXEC_LOCAL fi # Unmount the SOP_SERVER again. umount $SOP_SERVER_MNTPNT if [ $? != 0 ]; then echo_msg "failed unmounting $SOP_SERVER. Aborting !!!" exit 0 fi # $UPDATE_EXEC seems to delete link when new version of vdl-???.dat # is installed (py 11-10-04) if [ ! -e $SOP_SAVE_DIR/vdl.dat ]; then echo $MYNAME, soft link $SOP_SAVE_DIR/vdl.dat disappeared. Create it. cd $SOP_SAVE_DIR ln -vs vdl*.dat vdl.dat cd $OLDPWD fi # Remove the mount point again if [ -d $SOP_SERVER_MNTPNT ]; then rm -rvf $SOP_SERVER_MNTPNT fi exit 0