Difference between revisions of "Audit Tools"
(50 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
{{Languages}} | {{Languages}} | ||
− | |||
===Introduction=== | ===Introduction=== | ||
Line 8: | Line 7: | ||
===Available audit tools=== | ===Available audit tools=== | ||
Below is a list of available audittools, with their function. | Below is a list of available audittools, with their function. | ||
+ | # ls /sbin/e-smith/audittools/ | ||
+ | aliases | ||
+ | events | ||
+ | groups-users | ||
+ | logcheck | ||
+ | newrpms | ||
+ | pseudonyms | ||
+ | repositories | ||
+ | templates | ||
+ | templates2expand | ||
+ | users2domains | ||
+ | virtualdomains2pseudonyms | ||
+ | |||
+ | ====aliases==== | ||
+ | |||
+ | This tools will check the content of qmail alias file (/var/qmail/alias) and add the Account appurtenance (Group/System/Alias...) | ||
====events==== | ====events==== | ||
− | This tool will generate a list of events that are not part of the basic SME Server installation, it will also tell you if the events overrides a default template or if it is an addition. | + | This tool will generate a list of events that are not part of the basic SME Server installation, it will also tell you if the events overrides a default template or if it is an addition.<br /> |
+ | |||
+ | '''This command has no output if no errors are identified''' | ||
+ | |||
+ | ====groups-users==== | ||
+ | The purpose of this tool is to verify correct GID and UID of essential groups and users of SME and to display all users, groups, ibays set in the collaboration panel of server-manager. | ||
+ | ====logcheck==== | ||
+ | Include a way to check log files for possible errors. The main use would be for the development team to check if new packages introduce new errors, such as uninitialised variables. | ||
+ | logcheck [days] [location] | ||
+ | |||
+ | * days lets you specify if only recent logs are checked based on mtime | ||
+ | * location lets you specify where the log should go if not specified then it uses /tmp | ||
+ | |||
+ | Without argument the default is to write to /tmp and check the last two days of logs. The output is in a file log<date>, eg log013114 | ||
+ | The initial strings checked for are | ||
+ | useless|warn|fail|error|disable|remov|unable|exit | ||
+ | |||
+ | Examples of use | ||
− | + | * Check all log files modified in the last 5 days and put the results in the 'one' ibay | |
+ | # /sbin/e-smith/audittools/logcheck 5 /home/e-smith/files/ibays/one/files | ||
+ | Log file: /home/e-smith/files/ibays/one/files/log020214 | ||
− | + | * Default is to write to /tmp and check the last two days of logs | |
− | + | # /sbin/e-smith/audittools/logcheck | |
+ | Log file: /tmp/log020214 | ||
− | + | * Check all log files modified in the last 2 days and put the results in the current directory | |
+ | # /sbin/e-smith/audittools/logcheck . | ||
+ | Log file: ./log020214 | ||
====newrpms==== | ====newrpms==== | ||
This script provides you with a list of RPMs that are installed outside the default repositories. This can be used to determine what RPM packages you have installed additionally. | This script provides you with a list of RPMs that are installed outside the default repositories. This can be used to determine what RPM packages you have installed additionally. | ||
+ | ====pseudonyms==== | ||
+ | Lists illegal or misconfigured pseudonyms found in the accounts db. | ||
+ | |||
+ | Tests include: | ||
+ | * If the pseudonym contains an '@', the '@' symbol must not be the last character (there must be a domain following the '@' (note: nothing is done to confirm that what follows the '@' is a valid email domain name) | ||
+ | * The pseudonym must have a property named 'Account' which is not empty | ||
+ | * The 'Account' property must point to an existing user account or to another pseudonym | ||
+ | * Pseudonyms can be nested at most once: | ||
+ | ** Legal: pseudonym1 -> pseudonym2 -> USER | ||
+ | ** Illegal: pseudonym1 -> pseudonym2 -> pseudonym3 -> USER | ||
+ | ** Illegal: pseudonym1 -> pseudonym1 (circular) | ||
+ | |||
+ | When errors are found, a db command is recommended that changes the account type from 'pseudonym' to 'pseudonym-deleted' (preserving the details of the pseudonym but removing it from all pseudonym template expansions). | ||
− | + | '''This command has no output if no errors are identified.''' | |
− | ==== | + | ====repositories==== |
+ | This tool generates a list of repositories setup on the server under test, and their status (i.e. enabled or disabled). | ||
====templates==== | ====templates==== | ||
− | This tool will generate a list of template fragments that are not part of the basic SME Server installation, it will also tell you if the template fragments overrides a default template or if it is an addition. | + | This tool will generate a list of template fragments that are not part of the basic SME Server installation, it will also tell you if the template fragments overrides a default template or if it is an addition.<br /> |
+ | |||
+ | '''This command has no output if no errors are identified''' | ||
+ | |||
+ | ====templates2expand==== | ||
+ | This tool will list all template-based generated config files, ordered per event (called by the command line "signal-event"). | ||
+ | |||
+ | ====users2domains==== | ||
+ | |||
+ | This tools will display the number of emails received by the server, sorted by users, groups, or mailing-list | ||
− | ==== | + | ====virtualdomains2pseudonyms==== |
− | + | ||
+ | This tools will check if email addresses in the qmail alias file "/var/qmail/control/virtualdomains", have a correct record in account database.<br /> | ||
+ | If not the script display DB commands to set correct records. <br /> | ||
+ | '''This command has no output if no errors are identified.''' | ||
===Usage=== | ===Usage=== | ||
Line 42: | Line 105: | ||
and so on... | and so on... | ||
+ | Below is a list of available audittools. | ||
+ | # ls /sbin/e-smith/audittools/ | ||
+ | aliases | ||
+ | events | ||
+ | groups-users | ||
+ | newrpms | ||
+ | pseudonyms | ||
+ | repositories | ||
+ | templates | ||
+ | templates2expand | ||
+ | users2domains | ||
+ | virtualdomains2pseudonyms | ||
If you are using Putty, you can copy the contents of the screen into the clipboard. | If you are using Putty, you can copy the contents of the screen into the clipboard. | ||
Line 48: | Line 123: | ||
where /path/filename is the path & filename (on your sme server) of where you want to save the report | where /path/filename is the path & filename (on your sme server) of where you want to save the report | ||
[[category:howto]] | [[category:howto]] | ||
+ | [[Category: Administration]] |
Latest revision as of 20:51, 6 February 2014
Introduction
SME Server comes with a set of audit tools. These tools can assist you in getting information about your system, to help you troubleshoot or to provide valuable data to be attached to bug reports. The tools are located in the /sbin/e-smith/audittools/ folder of your server.
Available audit tools
Below is a list of available audittools, with their function.
# ls /sbin/e-smith/audittools/ aliases events groups-users logcheck newrpms pseudonyms repositories templates templates2expand users2domains virtualdomains2pseudonyms
aliases
This tools will check the content of qmail alias file (/var/qmail/alias) and add the Account appurtenance (Group/System/Alias...)
events
This tool will generate a list of events that are not part of the basic SME Server installation, it will also tell you if the events overrides a default template or if it is an addition.
This command has no output if no errors are identified
groups-users
The purpose of this tool is to verify correct GID and UID of essential groups and users of SME and to display all users, groups, ibays set in the collaboration panel of server-manager.
logcheck
Include a way to check log files for possible errors. The main use would be for the development team to check if new packages introduce new errors, such as uninitialised variables.
logcheck [days] [location]
- days lets you specify if only recent logs are checked based on mtime
- location lets you specify where the log should go if not specified then it uses /tmp
Without argument the default is to write to /tmp and check the last two days of logs. The output is in a file log<date>, eg log013114 The initial strings checked for are
useless|warn|fail|error|disable|remov|unable|exit
Examples of use
- Check all log files modified in the last 5 days and put the results in the 'one' ibay
# /sbin/e-smith/audittools/logcheck 5 /home/e-smith/files/ibays/one/files Log file: /home/e-smith/files/ibays/one/files/log020214
- Default is to write to /tmp and check the last two days of logs
# /sbin/e-smith/audittools/logcheck Log file: /tmp/log020214
- Check all log files modified in the last 2 days and put the results in the current directory
# /sbin/e-smith/audittools/logcheck . Log file: ./log020214
newrpms
This script provides you with a list of RPMs that are installed outside the default repositories. This can be used to determine what RPM packages you have installed additionally.
pseudonyms
Lists illegal or misconfigured pseudonyms found in the accounts db.
Tests include:
- If the pseudonym contains an '@', the '@' symbol must not be the last character (there must be a domain following the '@' (note: nothing is done to confirm that what follows the '@' is a valid email domain name)
- The pseudonym must have a property named 'Account' which is not empty
- The 'Account' property must point to an existing user account or to another pseudonym
- Pseudonyms can be nested at most once:
- Legal: pseudonym1 -> pseudonym2 -> USER
- Illegal: pseudonym1 -> pseudonym2 -> pseudonym3 -> USER
- Illegal: pseudonym1 -> pseudonym1 (circular)
When errors are found, a db command is recommended that changes the account type from 'pseudonym' to 'pseudonym-deleted' (preserving the details of the pseudonym but removing it from all pseudonym template expansions).
This command has no output if no errors are identified.
repositories
This tool generates a list of repositories setup on the server under test, and their status (i.e. enabled or disabled).
templates
This tool will generate a list of template fragments that are not part of the basic SME Server installation, it will also tell you if the template fragments overrides a default template or if it is an addition.
This command has no output if no errors are identified
templates2expand
This tool will list all template-based generated config files, ordered per event (called by the command line "signal-event").
users2domains
This tools will display the number of emails received by the server, sorted by users, groups, or mailing-list
virtualdomains2pseudonyms
This tools will check if email addresses in the qmail alias file "/var/qmail/control/virtualdomains", have a correct record in account database.
If not the script display DB commands to set correct records.
This command has no output if no errors are identified.
Usage
To run a report issue the command in this style
/sbin/e-smith/audittools/audittoolname
eg
/sbin/e-smith/audittools/newrpms /sbin/e-smith/audittools/groups-users
and so on...
Below is a list of available audittools.
# ls /sbin/e-smith/audittools/ aliases events groups-users newrpms pseudonyms repositories templates templates2expand users2domains virtualdomains2pseudonyms
If you are using Putty, you can copy the contents of the screen into the clipboard.
Alternatively issue the command like this
/sbin/e-smith/audittools/newrpms > /path/filename
where /path/filename is the path & filename (on your sme server) of where you want to save the report