Difference between revisions of "Audit Tools"

From SME Server
Jump to navigationJump to search
 
(53 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 
{{Languages}}
 
{{Languages}}
{{Incomplete}}
 
  
 
===Introduction===
 
===Introduction===
Line 8: Line 7:
 
===Available audit tools===
 
===Available audit tools===
 
Below is a list of available audittools, with their function.
 
Below is a list of available audittools, with their function.
 +
# ls /sbin/e-smith/audittools/
 +
aliases
 +
events
 +
groups-users
 +
logcheck
 +
newrpms
 +
pseudonyms
 +
repositories
 +
templates
 +
templates2expand
 +
users2domains
 +
virtualdomains2pseudonyms
 +
 +
====aliases====
 +
 +
This tools will check the content of qmail alias file (/var/qmail/alias) and add the Account appurtenance (Group/System/Alias...)
  
 
====events====
 
====events====
This tool will generate a list of events that are not part of the basic SME Server installation, it will also tell you if the events overrides a default template or if it is an addition.
+
This tool will generate a list of events that are not part of the basic SME Server installation, it will also tell you if the events overrides a default template or if it is an addition.<br />
 +
 
 +
'''This command has no output if no errors are identified'''
 +
 
 +
====groups-users====
 +
The purpose of this tool is to verify correct GID and UID of essential groups and users of SME and to display all users, groups, ibays set in the collaboration panel of server-manager.
 +
====logcheck====
 +
Include a way to check log files for possible errors. The main use would be for the development team to check if new packages introduce new errors, such as uninitialised variables.
 +
logcheck [days] [location]
 +
 
 +
* days lets you specify if only recent logs are checked based on mtime
 +
* location lets you specify where the log should go if not specified then it uses  /tmp
 +
 
 +
Without argument the default is to write to /tmp and check the last two days of logs. The output is in a file log<date>, eg log013114
 +
The initial strings checked for are
 +
useless|warn|fail|error|disable|remov|unable|exit
  
====users2domains====
+
Examples of use
 +
 
 +
* Check all log files modified in the last 5 days and put the results in the 'one' ibay
 +
# /sbin/e-smith/audittools/logcheck 5 /home/e-smith/files/ibays/one/files
 +
Log file: /home/e-smith/files/ibays/one/files/log020214
  
====templates2expand====
+
* Default is to write to /tmp and check the last two days of logs
This tools will list all template generated config files, ordered per event.
+
# /sbin/e-smith/audittools/logcheck
 +
Log file: /tmp/log020214
  
====virtualdomains2pseudonyms====
+
* Check all log files modified in the last 2 days and put the results in the current directory
 +
# /sbin/e-smith/audittools/logcheck .
 +
Log file: ./log020214
  
 
====newrpms====
 
====newrpms====
 
This script provides you with a list of RPMs that are installed outside the default repositories. This can be used to determine what RPM packages you have installed additionally.
 
This script provides you with a list of RPMs that are installed outside the default repositories. This can be used to determine what RPM packages you have installed additionally.
 +
====pseudonyms====
 +
Lists illegal or misconfigured pseudonyms found in the accounts db.
  
====aliases====
+
Tests include:
 +
* If the pseudonym contains an '@', the '@' symbol must not be the last character (there must be a domain following the '@'  (note: nothing is done to confirm that what follows the '@' is a valid email domain name)
 +
* The pseudonym must have a property named 'Account' which is not empty
 +
* The 'Account' property must point to an existing user account or to another pseudonym
 +
* Pseudonyms can be nested at most once:
 +
** Legal: pseudonym1 -> pseudonym2 -> USER
 +
** Illegal: pseudonym1 -> pseudonym2 -> pseudonym3 -> USER
 +
** Illegal: pseudonym1 -> pseudonym1 (circular)
 +
 
 +
When errors are found, a db command is recommended that changes the account type from 'pseudonym' to 'pseudonym-deleted' (preserving the details of the pseudonym but removing it from all pseudonym template expansions).
 +
 
 +
'''This command has no output if no errors are identified.'''
  
====pseudonyms====
+
====repositories====
 +
This tool generates a list of repositories setup on the server under test, and their status (i.e. enabled or disabled).
  
 
====templates====
 
====templates====
This tool will generate a list of template fragments that are not part of the basic SME Server installation, it will also tell you if the template fragments overrides a default template or if it is an addition.
+
This tool will generate a list of template fragments that are not part of the basic SME Server installation, it will also tell you if the template fragments overrides a default template or if it is an addition.<br />
 +
 
 +
'''This command has no output if no errors are identified'''
 +
 
 +
====templates2expand====
 +
This tool will list all template-based generated config files, ordered per event (called by the command line "signal-event").
 +
 
 +
====users2domains====
 +
 
 +
This tools will display the number of emails received by the server, sorted by users, groups, or mailing-list
 +
 
 +
====virtualdomains2pseudonyms====
 +
 
 +
This tools will check if email addresses in the qmail alias file "/var/qmail/control/virtualdomains", have a correct record in account database.<br />
 +
 
 +
If not the script display DB commands to set correct records. <br />
 +
'''This command has no output if no errors are identified.'''
 +
 
 +
===Usage===
 +
To run a report issue the command in this style
 +
 
 +
/sbin/e-smith/audittools/audittoolname
 +
eg
 +
/sbin/e-smith/audittools/newrpms
 +
/sbin/e-smith/audittools/groups-users
 +
and so on...
 +
 
 +
Below is a list of available audittools.
 +
# ls /sbin/e-smith/audittools/
 +
aliases
 +
events
 +
groups-users
 +
newrpms
 +
pseudonyms
 +
repositories
 +
templates
 +
templates2expand
 +
users2domains
 +
virtualdomains2pseudonyms
 +
If you are using Putty, you can copy the contents of the screen into the clipboard.
 +
 
 +
Alternatively issue the command like this
 +
/sbin/e-smith/audittools/newrpms > /path/filename
 +
where /path/filename is the path & filename (on your sme server) of where you want to save the report
 +
[[category:howto]]
 +
[[Category: Administration]]

Latest revision as of 20:51, 6 February 2014


Introduction

SME Server comes with a set of audit tools. These tools can assist you in getting information about your system, to help you troubleshoot or to provide valuable data to be attached to bug reports. The tools are located in the /sbin/e-smith/audittools/ folder of your server.

Available audit tools

Below is a list of available audittools, with their function.

# ls /sbin/e-smith/audittools/
aliases 
events 
groups-users
logcheck
newrpms 
pseudonyms 
repositories 
templates 
templates2expand 
users2domains 
virtualdomains2pseudonyms

aliases

This tools will check the content of qmail alias file (/var/qmail/alias) and add the Account appurtenance (Group/System/Alias...)

events

This tool will generate a list of events that are not part of the basic SME Server installation, it will also tell you if the events overrides a default template or if it is an addition.

This command has no output if no errors are identified

groups-users

The purpose of this tool is to verify correct GID and UID of essential groups and users of SME and to display all users, groups, ibays set in the collaboration panel of server-manager.

logcheck

Include a way to check log files for possible errors. The main use would be for the development team to check if new packages introduce new errors, such as uninitialised variables.

logcheck [days] [location]
  • days lets you specify if only recent logs are checked based on mtime
  • location lets you specify where the log should go if not specified then it uses /tmp

Without argument the default is to write to /tmp and check the last two days of logs. The output is in a file log<date>, eg log013114 The initial strings checked for are

useless|warn|fail|error|disable|remov|unable|exit

Examples of use

  • Check all log files modified in the last 5 days and put the results in the 'one' ibay
# /sbin/e-smith/audittools/logcheck 5 /home/e-smith/files/ibays/one/files
Log file: /home/e-smith/files/ibays/one/files/log020214
  • Default is to write to /tmp and check the last two days of logs
# /sbin/e-smith/audittools/logcheck
Log file: /tmp/log020214
  • Check all log files modified in the last 2 days and put the results in the current directory
# /sbin/e-smith/audittools/logcheck .
Log file: ./log020214

newrpms

This script provides you with a list of RPMs that are installed outside the default repositories. This can be used to determine what RPM packages you have installed additionally.

pseudonyms

Lists illegal or misconfigured pseudonyms found in the accounts db.

Tests include:

  • If the pseudonym contains an '@', the '@' symbol must not be the last character (there must be a domain following the '@' (note: nothing is done to confirm that what follows the '@' is a valid email domain name)
  • The pseudonym must have a property named 'Account' which is not empty
  • The 'Account' property must point to an existing user account or to another pseudonym
  • Pseudonyms can be nested at most once:
    • Legal: pseudonym1 -> pseudonym2 -> USER
    • Illegal: pseudonym1 -> pseudonym2 -> pseudonym3 -> USER
    • Illegal: pseudonym1 -> pseudonym1 (circular)

When errors are found, a db command is recommended that changes the account type from 'pseudonym' to 'pseudonym-deleted' (preserving the details of the pseudonym but removing it from all pseudonym template expansions).

This command has no output if no errors are identified.

repositories

This tool generates a list of repositories setup on the server under test, and their status (i.e. enabled or disabled).

templates

This tool will generate a list of template fragments that are not part of the basic SME Server installation, it will also tell you if the template fragments overrides a default template or if it is an addition.

This command has no output if no errors are identified

templates2expand

This tool will list all template-based generated config files, ordered per event (called by the command line "signal-event").

users2domains

This tools will display the number of emails received by the server, sorted by users, groups, or mailing-list

virtualdomains2pseudonyms

This tools will check if email addresses in the qmail alias file "/var/qmail/control/virtualdomains", have a correct record in account database.

If not the script display DB commands to set correct records.
This command has no output if no errors are identified.

Usage

To run a report issue the command in this style

/sbin/e-smith/audittools/audittoolname

eg

/sbin/e-smith/audittools/newrpms
/sbin/e-smith/audittools/groups-users

and so on...

Below is a list of available audittools.

# ls /sbin/e-smith/audittools/
aliases 
events 
groups-users
newrpms 
pseudonyms 
repositories 
templates 
templates2expand 
users2domains 
virtualdomains2pseudonyms

If you are using Putty, you can copy the contents of the screen into the clipboard.

Alternatively issue the command like this

/sbin/e-smith/audittools/newrpms > /path/filename

where /path/filename is the path & filename (on your sme server) of where you want to save the report