Wednesday, November 14, 2012

Using "tar" to backup and exclude files in a script.

I needed to create a manual backup script that I could easily modify to backup specific directories and files while excluding others.  I was having a difficult time excluding files and directories without having to type out each exclusion using --exclude=somefile --exclude=some_other_file --exclude=somedirectory.  My "tar" command would have grown quite large and, in my opinion, is not easy to read. So, I decided to use an array to accomplish my goal.

Tuesday, October 2, 2012

Managing Self Signed Certs and When They Expire

Have you ever walked in to work one morning to have people jump on you stating nothing is working?  You never got any pages from your monitoring system.  Everything appears to still be up.  Come to find out one of your self sign SSL certificates expired and needs updating.  Well, it has happened to some of the Windows Admins I have worked with.  It is difficult to track and manage self signed certificates.  Even if you have a good handle on it, and have automated reminders about certificates that will expire, it can slip by.  I came across a utility (script) called "ssl-cert-check.bash" found here:  http://prefetch.net/articles/checkcertificate.html  And, this does almost exactly what I want.  This will show you and even e-mail you if you have any servers with expired certificates.  I wanted to take it one simple step further...  I want a report e-mailed to my department regarding the status of all certificated whether they expired or not.  So here is what I did.  On a linux server I put the "ssl_cert-check.bash" file in my utility user's home "bin" directory.  I then created a file called ssldomains.txt (following the format described in the link above) containing the list of servers that have ssl certificates.  I then created a file called "cert_report.bash" in the same bin directory.  It's contents looks like this:
-----------------------------------------
#!/bin/bash
#
# SCRIPT: cert_report.bash
# AUTHOR: Bob
# DATE: Sep 24, 2012
# REV: 1.1.P (Valid are A, B, D, T, Q, and P)
# (For Alpha, Beta, Dev, Test, QA, and Production)
#
# PLATFORM: Not platform dependent
#
# PURPOSE: This script will call another script to report SSL Cert
# expiration days, save to a text file, and e-mail that text
# file.
#
# set -n # Uncomment to check script syntax, without execution.
# # NOTE: Do not forget to put the # comment back in or
# # the shell script will never execute!
# set -x # Uncomment to debug this shell script
#
##########################################################
# DEFINE FILES AND VARIABLES HERE
##########################################################
THIS_SCRIPT=$(basename )

##########################################################
# DEFINE FUNCTIONS HERE
##########################################################
 

##########################################################
# BEGINNING OF MAIN
##########################################################
~/bin/ssl_cert_check.bash -f ~/bin/ssldomains.txt > /tmp/SSL_Cert_Report.txt

echo "Attached is the bi-monthly SSL Certificate Expiration Report." | mutt -s "SSL Cert Check Report" -a /tmp/SSL_Cert_Report.txt mydepartment@mydomain.com

# End of script
----------------------------------------------

I then added an entry in cron for this to run twice a month.
0 8 1,15 * * ~/bin/cert_report.bash

This delivers a nicely formatted report of my servers and their certificate status.  Here is an example of the e-mailed report.

Host                                                    Status        Expires        Days
-------------------------------------------  ------------ ------------      ----
appsrv.mydomain.com:443                Valid       Jul 7 2014      643
lync1001.mydomain.com:443            Valid       Feb 13 2013   134
monitor01.mydomain.com:443          Valid       Feb 13 2013   134
idm.mydomain.com:443                     Valid       Oct 14 2021   3299
mail.mydomain.com:443                    Valid       Jul 10 2014   646
ntsrv1.mydomain.net:3471                 Valid       Aug 30 2013 332
ops1003.mydomain.net:3471              Valid       Feb 13 2013 134
web1003.mydomain.net:4443             Valid       Oct 14 2021 3299
web1004.mydomain.net:4443             Valid       Oct 14 2021 3299
report.mydomain.com:443                  Valid       Jul 7 2014    643
reportdev.mydomain.com:443            Valid       Jul 7 2014    643
srvavautil.mydomain.net:443              Valid      Mar 15 2019 2355
srvmail1002.mydomain.net:443          Valid      Jul 10 2014   646
srvmom01.mydomain.net:443             Valid      Mar 3 2028   5631
srvmoss001.mydomain.net:443           Valid      Aug 1 2013   303
srvocs2001.mydomain.net:443            Valid     Dec 29 2012   88
srvrecord2001.mydomain.net:443       Valid      Feb 13 2013   134
srvslshd1001.mydomain.net:443          Valid      Dec 14 2014   803
srvunibackup1001.mydomain.net:443  Valid      Sep 6 2014    704
srvvault2001.mydomain.net:443          Valid       Sep 6 2014   704
srvwas2001.mydomain.net:443            Valid       Jan 5 2020   2651
srvwcs2001.mydomain.net:443            Expired   Dec 16 2011 -291
app.mydomain.com:443                       Valid       Jul 9 2014     645
sftp.mydomain.com:443                       Valid       Feb 10 2015  861
solarwinds.mydomain.com:443            Valid       Feb 13 2013  134
support.mydomain.com:443                 Valid       Jul 9 2014     645
vcenter01.mydomain.com:443             Valid       Sep 27 2021   3282

Friday, April 6, 2012

Easy way to clean up old (unneeded) files and directories on Windows

As a System Administrator, Care and Feeding of your servers is a crucial task.  Imagine you have a directory containing daily transaction (substitute log, backup, or just about anything else) files.  You need to keep these files for a period of time for auditing purposes, but space is limited and you don't want or need to keep them indefinitely.  What is an Admin to do?  Set a quarterly task to do general clean up?  Yuck.

In Linux it is pretty easy to accomplish this task with the "find" command and its various switches.  How do you do it on a Windows server?  What I am about to show you works on Windows 2008 Servers.  It may not work on Windows 2003 as I believe the syntax for our magic command "forfiles" was a little different.

Below is are the commands you need in a batch file to delete files and/or folders older than "x" days.
Open up notepad or your favorite Windows plain text editor (I like Notepad++ btw).
Enter the following text between the "-----" but not including the "-----"

--------------------------------------------------------
@echo off
rem - The following line is a cya testing line.  It will display the files or
rem - folder that are older than "x" days but does not delete them.
rem - Where you see /d -x
rem - replace x with your criteria.  I will use 30 do anything older than 30 days.
rem - also change your path.  In this example, I want to clean up files in the
rem - E:\SharePointBackup directory older than 30 days.
rem - Uncomment the following "forfiles" line for testing,
rem - but make sure all other lines are commented out.
rem FORFILES /p "E:\SharePointBackup" /s /m *.* /d -30 /c "CMD /C ECHO @FILE"

rem - The following line will delete files older than "30" in given directory
rem - This will just delete files and not remove directories or anything else.
rem - Uncomment the following "forfiles" line to delete files older than 30 days, but make sure
rem - all other lines are commented out.
rem FORFILES /p "E:\SharePointBackup" /s /m *.* /d -30 /c "CMD /C del /Q @FILE"

rem - This will look for directories in a given path older than 30 days
rem - and delete it and all of its contents.  All files and subdirectories in directories
rem - that are older than 30 days.
rem - Uncomment the following "forfiles" line to delete directories older than 30 days, but make sure
rem - all other lines are commented out.
rem FORFILES /p "E:\SharePointBackup" /d -30 /c "CMD /C if @isdir==TRUE RMDIR /S /Q @path"
----------------------------------------------------------------

Save this file on your server as whatever you want with a ".bat" extension.  Example:  delete_older_than_30.bat

Make sure you "test" this on data you wouldn't mind losing before putting it in production.  Once you have tested and have verified it will do what you want it to do, you can schedule a daily (or whatever you'd like) task using the scheduler calling this batch file.

I hope this helps some of you out there.