I needed to create a manual backup script that I could easily modify to backup specific directories and files while excluding others. I was having a difficult time excluding files and directories without having to type out each exclusion using --exclude=somefile --exclude=some_other_file --exclude=somedirectory. My "tar" command would have grown quite large and, in my opinion, is not easy to read. So, I decided to use an array to accomplish my goal.
Wednesday, November 14, 2012
Tuesday, October 2, 2012
Managing Self Signed Certs and When They Expire
Have you ever walked in to work one morning to have people jump on you stating nothing is working? You never got any pages from your monitoring system. Everything appears to still be up. Come to find out one of your self sign SSL certificates expired and needs updating. Well, it has happened to some of the Windows Admins I have worked with. It is difficult to track and manage self signed certificates. Even if you have a good handle on it, and have automated reminders about certificates that will expire, it can slip by. I came across a utility (script) called "ssl-cert-check.bash" found here: http://prefetch.net/articles/checkcertificate.html And, this does almost exactly what I want. This will show you and even e-mail you if you have any servers with expired certificates. I wanted to take it one simple step further... I want a report e-mailed to my department regarding the status of all certificated whether they expired or not. So here is what I did. On a linux server I put the "ssl_cert-check.bash" file in my utility user's home "bin" directory. I then created a file called ssldomains.txt (following the format described in the link above) containing the list of servers that have ssl certificates. I then created a file called "cert_report.bash" in the same bin directory. It's contents looks like this:
-----------------------------------------
#!/bin/bash
#
# SCRIPT: cert_report.bash
# AUTHOR: Bob
# DATE: Sep 24, 2012
# REV: 1.1.P (Valid are A, B, D, T, Q, and P)
# (For Alpha, Beta, Dev, Test, QA, and Production)
#
# PLATFORM: Not platform dependent
#
# PURPOSE: This script will call another script to report SSL Cert
# expiration days, save to a text file, and e-mail that text
# file.
#
# set -n # Uncomment to check script syntax, without execution.
# # NOTE: Do not forget to put the # comment back in or
# # the shell script will never execute!
# set -x # Uncomment to debug this shell script
#
##########################################################
# DEFINE FILES AND VARIABLES HERE
##########################################################
THIS_SCRIPT=$(basename )
##########################################################
# DEFINE FUNCTIONS HERE
##########################################################
##########################################################
# BEGINNING OF MAIN
##########################################################
~/bin/ssl_cert_check.bash -f ~/bin/ssldomains.txt > /tmp/SSL_Cert_Report.txt
echo "Attached is the bi-monthly SSL Certificate Expiration Report." | mutt -s "SSL Cert Check Report" -a /tmp/SSL_Cert_Report.txt mydepartment@mydomain.com
# End of script
----------------------------------------------
I then added an entry in cron for this to run twice a month.
0 8 1,15 * * ~/bin/cert_report.bash
This delivers a nicely formatted report of my servers and their certificate status. Here is an example of the e-mailed report.
Host Status Expires Days
------------------------------------------- ------------ ------------ ----
appsrv.mydomain.com:443 Valid Jul 7 2014 643
lync1001.mydomain.com:443 Valid Feb 13 2013 134
monitor01.mydomain.com:443 Valid Feb 13 2013 134
idm.mydomain.com:443 Valid Oct 14 2021 3299
mail.mydomain.com:443 Valid Jul 10 2014 646
ntsrv1.mydomain.net:3471 Valid Aug 30 2013 332
ops1003.mydomain.net:3471 Valid Feb 13 2013 134
web1003.mydomain.net:4443 Valid Oct 14 2021 3299
web1004.mydomain.net:4443 Valid Oct 14 2021 3299
report.mydomain.com:443 Valid Jul 7 2014 643
reportdev.mydomain.com:443 Valid Jul 7 2014 643
srvavautil.mydomain.net:443 Valid Mar 15 2019 2355
srvmail1002.mydomain.net:443 Valid Jul 10 2014 646
srvmom01.mydomain.net:443 Valid Mar 3 2028 5631
srvmoss001.mydomain.net:443 Valid Aug 1 2013 303
srvocs2001.mydomain.net:443 Valid Dec 29 2012 88
srvrecord2001.mydomain.net:443 Valid Feb 13 2013 134
srvslshd1001.mydomain.net:443 Valid Dec 14 2014 803
srvunibackup1001.mydomain.net:443 Valid Sep 6 2014 704
srvvault2001.mydomain.net:443 Valid Sep 6 2014 704
srvwas2001.mydomain.net:443 Valid Jan 5 2020 2651
srvwcs2001.mydomain.net:443 Expired Dec 16 2011 -291
app.mydomain.com:443 Valid Jul 9 2014 645
sftp.mydomain.com:443 Valid Feb 10 2015 861
solarwinds.mydomain.com:443 Valid Feb 13 2013 134
support.mydomain.com:443 Valid Jul 9 2014 645
vcenter01.mydomain.com:443 Valid Sep 27 2021 3282
-----------------------------------------
#!/bin/bash
#
# SCRIPT: cert_report.bash
# AUTHOR: Bob
# DATE: Sep 24, 2012
# REV: 1.1.P (Valid are A, B, D, T, Q, and P)
# (For Alpha, Beta, Dev, Test, QA, and Production)
#
# PLATFORM: Not platform dependent
#
# PURPOSE: This script will call another script to report SSL Cert
# expiration days, save to a text file, and e-mail that text
# file.
#
# set -n # Uncomment to check script syntax, without execution.
# # NOTE: Do not forget to put the # comment back in or
# # the shell script will never execute!
# set -x # Uncomment to debug this shell script
#
##########################################################
# DEFINE FILES AND VARIABLES HERE
##########################################################
THIS_SCRIPT=$(basename )
##########################################################
# DEFINE FUNCTIONS HERE
##########################################################
##########################################################
# BEGINNING OF MAIN
##########################################################
~/bin/ssl_cert_check.bash -f ~/bin/ssldomains.txt > /tmp/SSL_Cert_Report.txt
echo "Attached is the bi-monthly SSL Certificate Expiration Report." | mutt -s "SSL Cert Check Report" -a /tmp/SSL_Cert_Report.txt mydepartment@mydomain.com
# End of script
----------------------------------------------
I then added an entry in cron for this to run twice a month.
0 8 1,15 * * ~/bin/cert_report.bash
This delivers a nicely formatted report of my servers and their certificate status. Here is an example of the e-mailed report.
Host Status Expires Days
------------------------------------------- ------------ ------------ ----
appsrv.mydomain.com:443 Valid Jul 7 2014 643
lync1001.mydomain.com:443 Valid Feb 13 2013 134
monitor01.mydomain.com:443 Valid Feb 13 2013 134
idm.mydomain.com:443 Valid Oct 14 2021 3299
mail.mydomain.com:443 Valid Jul 10 2014 646
ntsrv1.mydomain.net:3471 Valid Aug 30 2013 332
ops1003.mydomain.net:3471 Valid Feb 13 2013 134
web1003.mydomain.net:4443 Valid Oct 14 2021 3299
web1004.mydomain.net:4443 Valid Oct 14 2021 3299
report.mydomain.com:443 Valid Jul 7 2014 643
reportdev.mydomain.com:443 Valid Jul 7 2014 643
srvavautil.mydomain.net:443 Valid Mar 15 2019 2355
srvmail1002.mydomain.net:443 Valid Jul 10 2014 646
srvmom01.mydomain.net:443 Valid Mar 3 2028 5631
srvmoss001.mydomain.net:443 Valid Aug 1 2013 303
srvocs2001.mydomain.net:443 Valid Dec 29 2012 88
srvrecord2001.mydomain.net:443 Valid Feb 13 2013 134
srvslshd1001.mydomain.net:443 Valid Dec 14 2014 803
srvunibackup1001.mydomain.net:443 Valid Sep 6 2014 704
srvvault2001.mydomain.net:443 Valid Sep 6 2014 704
srvwas2001.mydomain.net:443 Valid Jan 5 2020 2651
srvwcs2001.mydomain.net:443 Expired Dec 16 2011 -291
app.mydomain.com:443 Valid Jul 9 2014 645
sftp.mydomain.com:443 Valid Feb 10 2015 861
solarwinds.mydomain.com:443 Valid Feb 13 2013 134
support.mydomain.com:443 Valid Jul 9 2014 645
vcenter01.mydomain.com:443 Valid Sep 27 2021 3282
Labels:
Certificates,
Expiration,
Linux,
SSL,
Windows
Friday, April 6, 2012
Easy way to clean up old (unneeded) files and directories on Windows
As a System Administrator, Care and Feeding of your servers is a crucial task. Imagine you have a directory containing daily transaction (substitute log, backup, or just about anything else) files. You need to keep these files for a period of time for auditing purposes, but space is limited and you don't want or need to keep them indefinitely. What is an Admin to do? Set a quarterly task to do general clean up? Yuck.
In Linux it is pretty easy to accomplish this task with the "find" command and its various switches. How do you do it on a Windows server? What I am about to show you works on Windows 2008 Servers. It may not work on Windows 2003 as I believe the syntax for our magic command "forfiles" was a little different.
Below is are the commands you need in a batch file to delete files and/or folders older than "x" days.
Open up notepad or your favorite Windows plain text editor (I like Notepad++ btw).
Enter the following text between the "-----" but not including the "-----"
--------------------------------------------------------
@echo off
rem - The following line is a cya testing line. It will display the files or
rem - folder that are older than "x" days but does not delete them.
rem - Where you see /d -x
rem - replace x with your criteria. I will use 30 do anything older than 30 days.
rem - also change your path. In this example, I want to clean up files in the
rem - E:\SharePointBackup directory older than 30 days.
rem - Uncomment the following "forfiles" line for testing,
rem - but make sure all other lines are commented out.
rem FORFILES /p "E:\SharePointBackup" /s /m *.* /d -30 /c "CMD /C ECHO @FILE"
rem - The following line will delete files older than "30" in given directory
rem - This will just delete files and not remove directories or anything else.
rem - Uncomment the following "forfiles" line to delete files older than 30 days, but make sure
rem - all other lines are commented out.
rem FORFILES /p "E:\SharePointBackup" /s /m *.* /d -30 /c "CMD /C del /Q @FILE"
rem - This will look for directories in a given path older than 30 days
rem - and delete it and all of its contents. All files and subdirectories in directories
rem - that are older than 30 days.
rem - Uncomment the following "forfiles" line to delete directories older than 30 days, but make sure
rem - all other lines are commented out.
rem FORFILES /p "E:\SharePointBackup" /d -30 /c "CMD /C if @isdir==TRUE RMDIR /S /Q @path"
----------------------------------------------------------------
Save this file on your server as whatever you want with a ".bat" extension. Example: delete_older_than_30.bat
Make sure you "test" this on data you wouldn't mind losing before putting it in production. Once you have tested and have verified it will do what you want it to do, you can schedule a daily (or whatever you'd like) task using the scheduler calling this batch file.
I hope this helps some of you out there.
In Linux it is pretty easy to accomplish this task with the "find" command and its various switches. How do you do it on a Windows server? What I am about to show you works on Windows 2008 Servers. It may not work on Windows 2003 as I believe the syntax for our magic command "forfiles" was a little different.
Below is are the commands you need in a batch file to delete files and/or folders older than "x" days.
Open up notepad or your favorite Windows plain text editor (I like Notepad++ btw).
Enter the following text between the "-----" but not including the "-----"
--------------------------------------------------------
@echo off
rem - The following line is a cya testing line. It will display the files or
rem - folder that are older than "x" days but does not delete them.
rem - Where you see /d -x
rem - replace x with your criteria. I will use 30 do anything older than 30 days.
rem - also change your path. In this example, I want to clean up files in the
rem - E:\SharePointBackup directory older than 30 days.
rem - Uncomment the following "forfiles" line for testing,
rem - but make sure all other lines are commented out.
rem FORFILES /p "E:\SharePointBackup" /s /m *.* /d -30 /c "CMD /C ECHO @FILE"
rem - The following line will delete files older than "30" in given directory
rem - This will just delete files and not remove directories or anything else.
rem - Uncomment the following "forfiles" line to delete files older than 30 days, but make sure
rem - all other lines are commented out.
rem FORFILES /p "E:\SharePointBackup" /s /m *.* /d -30 /c "CMD /C del /Q @FILE"
rem - This will look for directories in a given path older than 30 days
rem - and delete it and all of its contents. All files and subdirectories in directories
rem - that are older than 30 days.
rem - Uncomment the following "forfiles" line to delete directories older than 30 days, but make sure
rem - all other lines are commented out.
rem FORFILES /p "E:\SharePointBackup" /d -30 /c "CMD /C if @isdir==TRUE RMDIR /S /Q @path"
----------------------------------------------------------------
Save this file on your server as whatever you want with a ".bat" extension. Example: delete_older_than_30.bat
Make sure you "test" this on data you wouldn't mind losing before putting it in production. Once you have tested and have verified it will do what you want it to do, you can schedule a daily (or whatever you'd like) task using the scheduler calling this batch file.
I hope this helps some of you out there.
Labels:
Clean Up,
Delete Older Than,
Windows
Subscribe to:
Posts (Atom)