Syslog-ng-debun improvements

contrib/syslog-ng-debun

@@ -7,7 +7,7 @@
 ### This software may be used and distributed according to the terms of GNU GPLv2
 ### http://www.gnu.org/licenses/gpl-2.0.html
 
-version="0.3.6.20170807"
+version="0.3.8.20170913"
 
 ### Check for "local" variable support
 if type local >/dev/null; then
@@ -41,6 +41,7 @@ tracepids=""
 ipconfig="ip addr"
 routeconfig () { netstat -nr ; }
 netstatnlp () { netstat -nlp ; }
+netstatlunp () { netstat -lunp ; }
 netstatsu="netstat -su"
 netstatpunt="netstat -punt"
 binprefix=/opt/syslog-ng
@@ -54,6 +55,7 @@ dfi="df -i"
 duks="du -ks"
 grepq="fgrep -q"
 lddcmd="ldd"
+topcmd () { top -b -n 1 -c >"${1}"; }
 opensslcmd="openssl"
 sed_equivalent_cmd="sed -E"
 mount=mount
@@ -72,7 +74,7 @@ tcpdumpcmd="tcpdump"
 tcpdumpopts="-p -s 1500 -w"
 opensslmajor=0
 getsyslogpids () { pidof syslog-ng ; }
-os_hash_helper () { xargs md5sum ; }
+os_hash_helper () { find . '!' \( -name debun.manifest -o -name syslog-ng.debun.txt \) -type f -print0 | xargs -0 md5sum ; }
 dfk_parser () { tail -1 | while read FS ALL USED AVAIL UPERC MP; do if echo ${AVAIL} | ${grepq} '%'; then echo ${USED} ; else echo ${AVAIL} ; fi done ; }
 trace="strace -s256 -ff -ttT -f"
 initfile="/etc/init.d/syslog-ng"
@@ -277,7 +279,7 @@ debun_do_tarball () {
 
 debun_generate_hashes () {
 	cd ${tmpdir}
-	find . '!' \( -name debun.manifest -o -name syslog-ng.debun.txt \) -type f | os_hash_helper > debun.manifest
+	os_hash_helper > debun.manifest
 }
 
 debun_final() {
@@ -355,10 +357,13 @@ acquire_system_info () {
 	uname -a | tee "${tmpdir}/sys.uname"
 	free >${tmpdir}/sys.free
 	vmstat >${tmpdir}/sys.vmstat
-
+	topcmd "${tmpdir}/sys.top"
 	if is_available ${opensslcmd}; then
 		${opensslcmd} version >${tmpdir}/sys.openssl.version
 	fi
+	if is_available java; then
+		java -version >${tmpdir}/sys.java.version 2>&1
+	fi
 }
 
 acquire_network_info () {
@@ -399,6 +404,7 @@ acquire_system_other_info () {
 	$dmesg >${tmpdir}/sys.dmesg
 	netstatnlp >${tmpdir}/sys.netstat.ltn
 	$netstatpunt >${tmpdir}/sys.netstat.est
+	netstatlunp >${tmpdir}/sys.netstat.lunp
 	$netstatsu >${tmpdir}/sys.netstat.su
 	[ -f /proc/net/udp ] && cp /proc/net/udp ${tmpdir}/sys.proc.net.udp
 }
@@ -473,8 +479,8 @@ pki_parse_public_key () {
 }
 
 pki_guess_certificate () {
-	local header wccout buffer_pubkey buffer_rest hashopts hashnum
-	wccout=$( wc -c "${1}" )
+	local header fsize buffer_pubkey buffer_rest hashopts hashnum
+	fsize=$( wc -c "${1}" | ${sed_equivalent_cmd} 's:^ *([0-9]+) .*$:\1:' )
 
 	if [ ${opensslmajor} -gt 0 ]; then
 			hashopts="-subject_hash -subject_hash_old"
@@ -488,12 +494,13 @@ pki_guess_certificate () {
 	[ "${certcount}" -gt 1 ] && header="STACKED_CERTIFICATE(${certcount});${1};" || header="CERTIFICATE;${1};"
 	buffer_pubkey=$( ${opensslcmd} x509 -in "${1}" -text -noout  2>/dev/null | pki_parse_public_key )
 	buffer_rest=$( ${opensslcmd} x509 -in "${1}" -noout ${hashopts} -serial -dates -fingerprint -subject -issuer | tr '\n' ';' )
-	printf "${header}${wccout% *};${buffer_pubkey}${hashnum}${buffer_rest}"
+	printf "${header}${fsize};${buffer_pubkey}${hashnum}${buffer_rest}"
 }
 
 pki_guess_private_key () {
-	local header wccout buffer_pubkey buffer_error
-	wccout=$( wc -c "${1}" )
+	local header fsize buffer_pubkey buffer_error
+	fsize=$( wc -c "${1}" | ${sed_equivalent_cmd} 's:^ *([0-9]+) .*$:\1:' )
+
 	if pki_is_encrypted "${1}"; then
 		header="PRIVATE_ENCRYPTED;${1};"
 	else
@@ -518,15 +525,16 @@ pki_guess_private_key () {
 			buffer_pubkey=";"
 		fi
 	fi
-	printf "${header}${wccout% *};${buffer_pubkey}"
+	printf "${header}${fsize};${buffer_pubkey}"
 }
 
 pki_guess_public_key () {
 	# Public keys do not have their type in the PEM header/footer
 
-	local header wccout buffer_pubkey buffer_error
+	local header fsize buffer_pubkey buffer_error
 	header="PUBLIC;${1};"
-	wccout=$( wc -c "${1}" )
+	fsize=$( wc -c "${1}" | ${sed_equivalent_cmd} 's:^ *([0-9]+) .*$:\1:' )
+
 	if [ ${opensslmajor} -gt 0 ]; then
 		buffer_error=$( ${opensslcmd} pkey -pubin -in "${1}" -noout -text 2>&1 >/dev/null )
 		if echo "${buffer_error}" | ${grepq} "unable to load"; then
@@ -560,13 +568,13 @@ pki_guess_public_key () {
 			buffer_pubkey=$( ${opensslcmd} rsa -pubin -in "${1}" -noout -text 2>/dev/null | pki_parse_public_key )
 		fi
 	fi
-	printf "${header}${wccout% *};${buffer_pubkey}"
+	printf "${header}${fsize};${buffer_pubkey}"
 }
 
 pki_other_file () {
-	local wccout
-	wccout=$( wc -c "${1}" )
-	printf "OTHER_FILE;${1};${wccout% *};"
+	local fsize
+	fsize=$( wc -c "${1}" | ${sed_equivalent_cmd} 's:^ *([0-9]+) .*$:\1:' )
+	printf "OTHER_FILE;${1};${fsize};"
 }
 
 pki_process_file () {
@@ -688,7 +696,7 @@ acquire_syslog_info () {
 	done
 
 	$syslogbin -s --preprocess-into "${tmpdir}/syslog.pp.conf"
-	remove_passwords_from_file "${tmpdir}/syslog.pp.conf"
+	[ -f "${tmpdir}/syslog.pp.conf" ] && remove_passwords_from_file "${tmpdir}/syslog.pp.conf"
 }
 
 acquire_syslog_var () {
@@ -717,7 +725,7 @@ acquire_syslog_var () {
 	else
 		printf "TOO LOW free disk space on the filesystem holding ${tmpdir}\n"
 		printf "to create a full copy of ${vardir}!\nOnly copying most important files.\n"
-		find . -name "*.persist" -o -name "*.pid" | grep -v "syslog-ng.*\.ctl" | cpio -pd ${tmpdir}/var
+		find . \( -name "*.persist" -o -name "*.pid" \) | grep -v "syslog-ng.*\.ctl" | cpio -pd ${tmpdir}/var
 	fi
 }
 
@@ -890,6 +898,17 @@ debun_extra_genlinux () {
 		echo "No getenforce in path." >"${tmpdir}/sys.selinux"
 	fi
 
+	if is_available sysstat ; then
+		sysstat -P ALL 1 5 >${tmpdir}/sys.sar.cpu
+		sysstat -d 1 5 >${tmpdir}/sys.sar.disk
+	elif is_available sar ; then
+		sar -P ALL 1 5 >${tmpdir}/sys.sar.cpu
+		sar -d 1 5 >${tmpdir}/sys.sar.disk
+	fi
+	if is_available top; then
+		top -b -H -n 1 -c >${tmpdir}/sys.top.threads
+	fi
+
 	[ -n "$privacy_mode" ] && return
 	if is_available dmidecode; then
 		dmidecode >"${tmpdir}/sys.dmidecode"
@@ -937,6 +956,13 @@ debun_extra_gensolaris () {
 	if is_available showrev ; then
 		showrev >${tmpdir}/sys.showrev
 	fi
+	if is_available sar ; then
+		sar -u 1 5 >${tmpdir}/sys.sar.cpu
+		sar -d 1 5 >${tmpdir}/sys.sar.disk
+	fi
+	if is_available top; then
+		top -b -t -n 1 -c >${tmpdir}/sys.top.threads
+	fi
 }
 
 ### Here comes solaris specific parts
@@ -947,7 +973,9 @@ debun_solaris () {
 }
 
 debun_extra_freebsd() {
-	:
+	if is_available top; then
+		top -b -d1 -H >${tmpdir}/sys.top.threads
+	fi
 }
 
 debun_freebsd() {
@@ -957,6 +985,11 @@ debun_freebsd() {
 debun_extra_hpux () {
 	sysdef >${tmpdir}/sys.sysdef
 	swlist >${tmpdir}/sys.swlist
+
+	if is_available sar ; then
+		sar -u 1 5 >${tmpdir}/sys.sar.cpu
+		sar -d 1 5 >${tmpdir}/sys.sar.disk
+	fi
 }
 
 debun_hpux () {
@@ -965,6 +998,11 @@ debun_hpux () {
 
 debun_extra_aix () {
 	alog -o -t console >${tmpdir}/sys.console-log
+
+	if is_available sar ; then
+		sar -u 1 5 >${tmpdir}/sys.sar.cpu 2>/dev/null
+		sar -b 1 5 >${tmpdir}/sys.sar.disk 2>/dev/null1
+	fi
 }
 
 debun_aix () {
@@ -1185,8 +1223,10 @@ setup_env_solaris () {
 
 	unset -f mypidof
 	unset -f getsyslogpids
+	unset -f netstatlunp
 	unset -f netstatnlp
 	unset -f myplimit
+	unset -f topcmd
 	unset -f free
 	unset -f distpkgoffile
 	unset -f distpkgstatus
@@ -1197,6 +1237,7 @@ setup_env_solaris () {
 	mypidof () { $pseao pid,comm | while read pid bin ; do [ "$bin" = "$1" ] && echo $pid ; done ; }
 	getsyslogpids () { mypidof "${syslogrealbin}" ; }
 	netstatnlp () { netstat -na ; }
+	netstatlunp () { netstat -P udp -na ; }
 	myplimit () { plimit $1 ; }
 	free () { prtconf | grep Mem ; printf Pagesize:\  ; pagesize -a ; }
 	distpkgoffile () {
@@ -1213,12 +1254,22 @@ setup_env_solaris () {
 		echo ""
 	}
 
-	if is_available digest; then
+	if is_available top; then
+		topcmd ()  { top -b -n 1 -c > "${1}" ; }
+	else
+		topcmd () { ( uptime ; echo ; echo "::memstat" | mdb -k ; sar -u 1 1 ; echo ; ps -eao user,pid,ppid,pcpu,pmem,vsz,rss,tty,s,stime,args | head -n 1; ps -eao user,pid,ppid,pcpu,pmem,vsz,rss,tty,s,stime,args | grep -v COMMAND | sort -rn +3 ) >"${1}" 2>/dev/null ; }
+	fi
+
+	if is_available md5sum; then
 		os_hash_helper () {
-			xargs digest -a md5 -v | /usr/xpg4/bin/awk -F'[()= ]' '{print $7"  "$3;}'
+			find . '!' \( -name debun.manifest -o -name syslog-ng.debun.txt \) -type f -print0 | xargs -0 md5sum ;
+		}
+	elif is_available digest; then
+		os_hash_helper () {
+			find . '!' \( -name debun.manifest -o -name syslog-ng.debun.txt \) -type f -exec digest -a md5 -v '{}' \; | sed -e 's:^md5 (\(.*\)) = \([a-z0-9]\{32\}\)$:\2  \1:'
 		}
 	else
-		os_hash_helper () { cat &>/dev/null ; }
+		os_hash_helper () { : ; }
 	fi
 
 	if is_available svcadm ; then
@@ -1247,20 +1298,24 @@ setup_env_freebsd () {
 
 	unset -f free
 	unset -f netstatnlp
+	unset -f netstatlunp
 	unset -f mypidof
+	unset -f topcmd
 	unset -f getsyslogpids
 	unset -f distpkgoffile
 	unset -f distpkgstatus
 	unset -f os_hash_helper
 
 	free () { top -bt 0 ; }
 	netstatnlp () { sockstat ; }
+	netstatlunp () { netstat -na | grep -E "(Internet|Proto|udp)" ; }
+	topcmd ()  { top -b -d1 > "${1}" ; }
 	mypidof () { $pseao pid,comm | while read pid bin ; do [ "$bin" = "$1" ] && echo $pid ; done; }
 	getsyslogpids () { mypidof syslog-ng ; }
 	distpkgoffile () { : ; }
 	distpkgstatus () { : ; }
 	os_hash_helper () {
-		xargs md5 | awk -F'[()= ]' '{print $7"  "$3;}'
+		find . '!' \( -name debun.manifest -o -name syslog-ng.debun.txt \) -type f -exec md5 '{}' \; | sed -e 's:^MD5 (\(.*\)) = \([a-z0-9]\{32\}\)$:\2  \1:'
 	}
 }
 
@@ -1281,7 +1336,10 @@ setup_env_hpux () {
 
 	unset -f free
 	unset -f netstatnlp
+	unset -f netstatlunp
 	unset -f mypidof
+	unset -f topcmd
+	unset -f os_hash_helper
 	unset -f getsyslogpids
 	unset -f getparent
 	unset -f getchilds
@@ -1293,8 +1351,13 @@ setup_env_hpux () {
 
 	is_available () { which "$1" | $grepq "no $1 in" && return 1 || return 0 ; }
 	free () { swapinfo -tam ; }
-	netstatnlp () { netstat -na ; }
+	netstatnlp () { netstat -na | grep -E "(Internet|Proto|LISTEN)" ; }
+	netstatlunp () { netstat -na | grep -E "(Internet|Proto|udp)" ; }
+	topcmd ()  { top -d 1 -f "${1}" ; }
 	dfk_parser () { grep free | while read AVAIL REST_TEXT; do echo ${AVAIL}; done }
+	os_hash_helper () {
+		find . '!' \( -name debun.manifest -o -name syslog-ng.debun.txt \) -type f -exec md5sum '{}' \;
+	}
 	mypidof () { ps -e -f | while read uid pid ppid c stime tty time command extra ; do
 		if [ "${stime%%:*}" = "${stime}" ]
 		then
@@ -1368,19 +1431,23 @@ setup_env_aix () {
 
 	unset -f initfile
 	unset -f netstatnlp
+	unset -f netstatlunp
 	unset -f routeconfig
 	unset -f free
 	unset -f dfk_parser
 	unset -f getsyslogpids
 	unset -f mypidof
+	unset -f topcmd
 	unset -f format_ldd_output
 	unset -f os_hash_helper
 
 	format_ldd_output () { sed -e 's:^[^/]*\(.*\)$:\1:' -e 's:^\(.*\)(.*)$:\1:'; }
-	netstatnlp () { netstat -na | grep LISTEN ; }
+	netstatnlp () { netstat -na | grep -E "(Active|Proto|LISTEN)" ; }
+	netstatlunp () { netstat -na | grep -E "(Internet|Proto|udp)" ; }
 	dfk_parser () { tail -1 | while read FS ALL AVAIL UPERC IUPERC MP; do echo ${AVAIL}; done }
 	routeconfig () { if netstat -nr 2>&1 | $grepq 'Permission error' ; then echo 'WPAR without its own routing table.' ; else netstat -nr ; fi ; }
 	free () { svmon -G -O unit=KB ; }
+	topcmd () { ( uptime ; svmon -G | head -n 3 ; sar -u 1 1 ; echo ; ps auxwww | head -n 1; ps auxwww | grep -v COMMAND | sort -rn +2 ) >"${1}" 2>/dev/null ; }
 	mypidof () { ps -eaf | while read user pid ppid c stime tty time cmd extra; do
 		if [ "${stime%%:*}" = "${stime}" ]
 		then
@@ -1405,7 +1472,7 @@ setup_env_aix () {
 		printf "\n"
 	}
 	os_hash_helper () {
-		xargs csum -h MD5
+		find . '!' \( -name debun.manifest -o -name syslog-ng.debun.txt \) -type f -exec csum -h MD5 '{}' \;
 	}
 }
 
@@ -1416,11 +1483,13 @@ setup_env_generic_pre () {
 setup_env_generic_post () {
 	### Check if ss is available (should only be present on Linux)
 	if is_available ss ; then
-		unset routeconfig
-		unset netstatnlp
+		unset -f routeconfig
+		unset -f netstatnlp
+		unset -f netstatlunp
 
 		routeconfig () { ip route show ; }
 		netstatnlp () { ss -nlp ; }
+		netstatlunp () { ss -lunp ; }
 		netstatpunt="ss -punt"
 	fi
 	if is_available netstat; then