#!/bin/sh # Various distributions have different paths for systemd unit files ... SYSTEMD_UNIT_DIR="" ResolveSystemdPaths() { local UNIT_DIR_LIST="/usr/lib/systemd/system /lib/systemd/system" if [ -d /run/systemd/system ]; then # Find systemd unit directory for i in ${UNIT_DIR_LIST}; do if [ -d $i ]; then SYSTEMD_UNIT_DIR=${i} return 0 fi done # Didn't fine unit directory, that's fatal echo "FATAL: Unable to resolve systemd unit directory!" 1>&2 exit 1 else return 1 fi } RemoveGenericService() { if [ -f /etc/.omi_disable_service_control ]; then return 0 fi SERVICE=$1 if [ -z "$SERVICE" ]; then echo "FATAL: RemoveGenericService requires parameter (service name)" 1>&2 exit 1 fi # Stop the service in case it's running ResolveSystemdPaths # Does systemd install on this system if [ -d /run/systemd/system ]; then # Do we have a systemd unit file? if [ -f ${SYSTEMD_UNIT_DIR}/${SERVICE}.service ]; then /bin/systemctl stop ${SERVICE} fi fi if [ -f /etc/init/${SERVICE}.conf ]; then initctl stop omid fi if [ -f /etc/init.d/${SERVICE} ]; then if [ -x /bin/systemctl ]; then /bin/systemctl stop ${SERVICE} elif [ -x /sbin/service ]; then /sbin/service ${SERVICE} stop elif [ -x /usr/sbin/service ]; then /usr/sbin/service ${SERVICE} stop elif [ -x /usr/sbin/invoke-rc.d ]; then /usr/sbin/invoke-rc.d ${SERVICE} stop else echo "Unrecognized service controller to stop ${SERVICE} service" 1>&2 exit 1 fi fi # Registered as a systemd service? # # Note: We've never deployed systemd unit files automatically in the %Files # section. Thus, for systemd services, it's safe to remove the file. if [ -f ${SYSTEMD_UNIT_DIR}/${SERVICE}.service ]; then echo "Unconfiguring ${SERVICE} (systemd) service ..." /bin/systemctl disable ${SERVICE} rm -f ${SYSTEMD_UNIT_DIR}/${SERVICE}.service /bin/systemctl daemon-reload fi if [ -f /etc/init/omid.conf ]; then echo "Unconfiguring omid (upstart) service ..." rm -f /usr/init/omid.conf initctl reload-configuration fi if [ -f /etc/init.d/${SERVICE} ]; then echo "Unconfiguring ${SERVICE} service ..." if [ -f /usr/sbin/update-rc.d ]; then /usr/sbin/update-rc.d -f ${SERVICE} remove elif [ -x /usr/lib/lsb/remove_initd ]; then /usr/lib/lsb/remove_initd /etc/init.d/${SERVICE} elif [ -x /sbin/chkconfig ]; then chkconfig --del ${SERVICE} > /dev/null else echo "Unrecognized Service Controller to unregister ${SERVICE} Service." exit 1 fi fi } StopOmiService() { /opt/omi/bin/service_control stop } RemoveOmiService() { if [ -f /etc/.omi_disable_service_control ]; then return 0 fi RemoveGenericService omid [ -f /etc/init.d/omid ] && rm /etc/init.d/omid [ -f /etc/init/omid.conf ] && rm /etc/init/omid.conf } ConfigureOmiService() { # If the marker file /etc/.omi_disable_service_control exists, # OMI will not be configured with service manager. This may be used in a container # environment, where service manager does not work reliably. if [ ! -f /etc/.omi_disable_service_control ]; then echo "Configuring OMI service ..." if [ -d /run/systemd/system ]; then # systemd ResolveSystemdPaths cp /opt/omi/bin/support/omid.systemd ${SYSTEMD_UNIT_DIR}/omid.service /bin/systemctl daemon-reload /bin/systemctl enable omid elif [ -x /sbin/initctl -a -f /etc/init/networking.conf -a ! -z "$(/sbin/initctl list >/dev/null 2>&1 && echo $?)" ]; then # If we have /sbin/initctl, we have upstart. # Note that the upstart script requires networking, # so only use upstart if networking is controlled by upstart (not the case in RedHat 6) cp /opt/omi/bin/support/omid.upstart /etc/init/omid.conf # initctl registers it with upstart initctl reload-configuration else cp /opt/omi/bin/support/omid.initd /etc/init.d/omid if [ -x /usr/sbin/update-rc.d ]; then update-rc.d omid defaults > /dev/null elif [ -x /usr/lib/lsb/install_initd ]; then /usr/lib/lsb/install_initd /etc/init.d/omid elif [ -x /sbin/chkconfig ]; then chkconfig --add omid > /dev/null else echo "Unrecognized Service Controller to configure OMI Service." exit 1 fi fi fi /opt/omi/bin/service_control start } ConfigureCronForLogRotate() { echo "Checking if cron is installed..." # warn user that he need to install cron if cron doesn't install which cron >/dev/null 2>&1 if [ $? -ne 0 ]; then which crond >/dev/null 2>&1 if [ $? -ne 0 ]; then echo "WARNING: LogRotate can't be enabled, please install cron at first!" return fi fi echo "Checking if cron/crond service is started..." # warn user that he need to start cron/crond service if cron doesn't start cronid=$(pidof cron > /dev/null 2>&1) crondid=$(pidof crond > /dev/null 2>&1) if [ ! -z "$cronid" -a ! -z "$crondid" ]; then echo "WARNING: LogRotate can be enabled, but please start cron/crond service!" fi echo "Set up a cron job to OMI logrotate every 15 minutes" # create the cron file if it doesn't exist if [ ! -f /etc/cron.d/omilogrotate ]; then (echo "*/15 * * * * root /usr/sbin/logrotate /etc/logrotate.d/omi --state /var/opt/omi/log/omi-logrotate.status >/dev/null 2>&1" > /etc/cron.d/omilogrotate) > /dev/null 2>&1 fi } # dpkg -P omi will remove /opt, to fix the issue, we touch a file under /opt/omi if [ "$1" = "purge" -o "$1" = "remove" ]; then [ ! -f /opt/omi/.omi_not_delete ] && touch /opt/omi/.omi_not_delete fi # If we're called for upgrade, don't do anything if [ "$1" != "upgrade" -a "$1" != "purge" ]; then RemoveOmiService /opt/omi/bin/support/config_keytab_update.sh --unconfigure fi GetNewPAMConfig_file() { # # See if we have special marker file to use for PAM # For ease in customer debugging, return bad config if file is bad # if [ -f /etc/opt/omi/conf/pam.conf ]; then # PAM configuration file found; use that omi_conf=`cat /etc/opt/omi/conf/pam.conf` if [ $? -ne 0 ]; then # We had some sort of problem reading file # STDERR should have output; just return failure return 1 fi echo "Used custom PAM configuration from /etc/opt/omi/conf/pam.conf" return 0 fi # # Get configuration for sshd, service modules types auth and account # sshd_conf=`egrep "^[# ]*sshd[ ]+(auth|account)" /etc/pam.conf` if [ $? -ne 0 ]; then # No match found # sshd not explicitly configured. # Check to see if "other" is configured other_conf=`egrep "^[# ]*other[ ]+(auth|account)" /etc/pam.conf` if [ $? -eq 0 ]; then # "other" was found - use that (do not write any sort of new PAM configuraton) return 0 fi # Use passwd if [ -e "/etc/debian_version" ]; then sshd_conf=`printf "omi auth required pam_env.so\nomi auth required pam_unix.so nullok_secure\nomi account required pam_unix.so\nomi session required pam_limits.so"` elif [ ! -e "/etc/sysconfig/networking" ] && [ ! -e"/etc/sysconfig/network-scripts"]; then sshd_conf=`printf "omi auth include common-auth\nomi auth required pam_nologin.so\nomi account include common-account"` else sshd_conf=`printf "omi auth include system-auth\nomi account required pam_nologin.so\nomi account include system-auth"` fi fi # # Substitute sshd with omi. # omi_conf=`echo "$sshd_conf" | sed "s/sshd/omi/g"` if [ $? -ne 0 ]; then echo "can't parse /etc/pam.conf" return 1 fi } GetNewPAMConfig_dir() { # # See if we have special marker file to use for PAM # For ease in customer debugging, return bad config if file is bad # if [ -f /etc/opt/omi/conf/pam.conf ]; then # PAM configuration file found; use that omi_conf=`cat /etc/opt/omi/conf/pam.conf` if [ $? -ne 0 ]; then # We had some sort of problem reading file # STDERR should have output; just return failure return 1 fi echo "Used custom PAM configuration from /etc/opt/omi/conf/pam.conf" return 0 fi # # Get configuration for sshd, service modules types auth and account # sshd_conf=`egrep "(auth|account)" /etc/pam.d/sshd 2> /dev/null` if [ $? -ne 0 ]; then # No match found # sshd not explicitly configured. # Use passwd if [ -e "/etc/debian_version" ]; then sshd_conf=`printf "auth required pam_env.so\n auth required pam_unix.so nullok_secure\n account required pam_unix.so\n session required pam_limits.so"` elif [ ! -e "/etc/sysconfig/networking" ] && [ ! -e"/etc/sysconfig/network-scripts"]; then sshd_conf=`printf "auth include common-auth\n auth required pam_nologin.so\n account include common-account"` else sshd_conf=`printf "auth include system-auth\n account required pam_nologin.so\n account include system-auth"` fi fi omi_conf=$sshd_conf } # # # ConfigurePAM # # ConfigurePAM_file() { # # First check if omi is already configured in pam.conf # grep -s "^[# ]*omi" /etc/pam.conf > /dev/null 2>&1 if [ $? -eq 0 ]; then # Match found # Looks like omi is already configured echo "omi already configured" return 0 fi GetNewPAMConfig_file # # Only update pam.conf if we are returning some new configuration if [ "$omi_conf" ]; then # Write the final configuration to pam.conf # # copy file first and modify this copy, so in case of low disk space we preserve the original file cp /etc/pam.conf /etc/pam.conf.omi-copy && printf "# The configuration of omi is generated by the omi installer.\n$omi_conf\n# End of section generated by the omi installer.\n" >> /etc/pam.conf.omi-copy if [ $? -ne 0 ]; then echo "can't update file /etc/pam.conf.omi-copy" rm -f /etc/pam.conf.omi-copy return 1 fi # verify that complete file was written grep "# End of section generated by the omi installer." /etc/pam.conf.omi-copy > /dev/null 2>&1 if [ $? -ne 0 ]; then echo "can't update file /etc/pam.conf.omi-copy" rm -f /etc/pam.conf.omi-copy return 1 fi # use move to substitute original file with verified copy mv /etc/pam.conf.omi-copy /etc/pam.conf if [ $? -ne 0 ]; then echo "can't replace /etc/pam.conf" return 1 fi fi } ConfigurePAM_dir() { # # First check if omi is already configured # if [ -f /etc/pam.d/omi ]; then # Match found # Looks like omi is already configured echo "omi already configured" return 0 fi GetNewPAMConfig_dir echo "#%%PAM-1.0 # The configuration of omi is generated by the omi installer. $omi_conf" > /etc/pam.d/omi if [ $? -ne 0 ]; then echo "can't create /etc/pam.d/omi" return 1 fi } ConfigurePAM() { # # Check if pam is configured with single # configuration file or with configuration # directory. # if [ -s /etc/pam.conf ]; then ConfigurePAM_file elif [ -d /etc/pam.d ]; then ConfigurePAM_dir else # No pam configuration. echo "PAM does not seem to be configured." echo "Checked both /etc/pam.conf and /etc/pam.d." return 1 fi return 0 } GetCurrentPAMConfig_file() { omi_current_conf=`grep "^[#\t]*omi" /etc/pam.conf` } GetCurrentPAMConfig_dir() { omi_current_conf=`cat /etc/pam.d/omi | grep -v "#%%PAM-1.0" | grep -v "# The configuration of omi is generated by the omi installer."` } # # # UnconfigurePAM # # UnconfigurePAM_file() { # Configured with single file # # Get all lines except omi configuration # pam_configuration=`grep -v "^[# ]*omi" /etc/pam.conf | grep -v "# The configuration of omi is generated by the omi installer." | grep -v "# End of section generated by the omi installer."` if [ $? -ne 0 ]; then # omi not configured in PAM return 0 fi # # Write it back (to the copy first) # cp -p /etc/pam.conf /etc/pam.conf.tmp echo "$pam_configuration" > /etc/pam.conf.tmp if [ $? -ne 0 ]; then echo "can't write to /etc/pam.conf.tmp" return 1 fi mv /etc/pam.conf.tmp /etc/pam.conf if [ $? -ne 0 ]; then echo "can't replace /etc/pam.conf" return 1 fi } UnconfigurePAM_dir() { # Configured with directory if [ -f /etc/pam.d/omi ]; then rm -f /etc/pam.d/omi return 0 fi } UnconfigurePAM() { # # Check if pam is configured with single # configuration file or with configuration # directory. # if [ -s /etc/pam.conf ]; then UnconfigurePAM_file elif [ -d /etc/pam.d ]; then UnconfigurePAM_dir fi } UnconfigurePAM exit 0