Sindbad~EG File Manager
| Current Path : /var/lib/dpkg/info/ |
|
|
| Current File : /var/lib/dpkg/info/scx.postinst |
#!/bin/sh
# UnconfigureScxPAM
#
# Check if pam is configured with single
# configuration file or with configuration
# directory.
#
UnconfigureScxPAM() {
if [ -s /etc/pam.conf ]; then
UnconfigureScxPAM_file
elif [ -d /etc/pam.d ]; then
UnconfigureScxPAM_dir
fi
return 0
}
UnconfigureScxPAM_file() {
# Configured with single file
#
# Get all lines except scx configuration
#
pam_configuration=`grep -v "^[# ]*scx" /etc/pam.conf | grep -v "# The configuration of scx is generated by the scx installer." | grep -v "# End of section generated by the scx installer."`
if [ $? -ne 0 ]; then
# scx not configured in PAM
return 0
fi
#
# Write it back (to the copy first)
#
cp -p /etc/pam.conf /etc/pam.conf.tmp
echo "$pam_configuration" > /etc/pam.conf.tmp
if [ $? -ne 0 ]; then
echo "can't write to /etc/pam.conf.tmp"
return 1
fi
mv /etc/pam.conf.tmp /etc/pam.conf
if [ $? -ne 0 ]; then
echo "can't replace /etc/pam.conf"
return 1
fi
}
UnconfigureScxPAM_dir() {
# Configured with directory
if [ -f /etc/pam.d/scx ]; then rm -f /etc/pam.d/scx
return 0
fi
}
CreateSoftLinkToSudo() {
[ ! -L /etc/opt/microsoft/scx/conf/sudodir ] && ln -s /usr/bin /etc/opt/microsoft/scx/conf/sudodir || true
}
CreateSoftLinkToTmpDir() {
[ ! -L /etc/opt/microsoft/scx/conf/tmpdir ] && ln -s /tmp /etc/opt/microsoft/scx/conf/tmpdir || true
}
WriteInstallInfo() {
date +%Y-%m-%dT%T.0Z > /etc/opt/microsoft/scx/conf/installinfo.txt
echo 1.6.3-1079 >> /etc/opt/microsoft/scx/conf/installinfo.txt
}
ConfigureRunAs() {
if [ -s /etc/opt/microsoft/scx/conf/scxrunas.conf ]; then
# File is not zero size
return 0
fi
/opt/microsoft/scx/bin/tools/scxadmin -config-reset RunAs AllowRoot > /dev/null 2>&1
}
HandleConfigFiles() {
rm -f /etc/opt/microsoft/scx/conf/cimserver_current.conf* /etc/opt/microsoft/scx/conf/cimserver_planned.conf* /etc/opt/microsoft/scx/conf/omiserver.conf*
# File /etc/scxagent-enable-port opens port 1270 for usage with opsmgr
if [ -f /etc/scxagent-enable-port ]; then
# Add port 1270 to the list of ports that OMI will listen on
/opt/omi/bin/omiconfigeditor httpsport -a 1270 < /etc/opt/omi/conf/omiserver.conf > /etc/opt/omi/conf/omiserver.conf_temp
mv /etc/opt/omi/conf/omiserver.conf_temp /etc/opt/omi/conf/omiserver.conf
fi
rm -f /etc/scxagent-enable-port
}
GenerateCertificate() {
if [ ! -f /etc/opt/omi/ssl/.omi_cert_marker ]; then
# No OMI cert marker. This means that OM has installed certificates to this folder, or there's data corruption.
return 0
fi
# Make temporary backups of the omi keys in case we fail to generate keys
if [ -f /etc/opt/omi/ssl/omikey.pem ]; then
mv -f /etc/opt/omi/ssl/omikey.pem /etc/opt/omi/ssl/omikey.pem_temp
fi
if [ -f /etc/opt/omi/ssl/omi.pem ]; then
mv -f /etc/opt/omi/ssl/omi.pem /etc/opt/omi/ssl/omi.pem_temp
fi
if [ -d /etc/opt/omi/ssl ]; then
if [ -f /etc/opt/microsoft/scx/ssl/scx-seclevel1-key.pem ] && [ ! -f /etc/opt/microsoft/scx/ssl/scx-key.pem ]; then
mv -f /etc/opt/microsoft/scx/ssl/scx-seclevel1-key.pem /etc/opt/omi/ssl/omikey.pem
elif [ -f /etc/opt/microsoft/scx/ssl/scx-key.pem ]; then
mv -f /etc/opt/microsoft/scx/ssl/scx-key.pem /etc/opt/omi/ssl/omikey.pem
fi
if [ -f /etc/opt/microsoft/scx/ssl/scx-seclevel1.pem ] && [ ! -f /etc/opt/microsoft/scx/ssl/scx.pem ]; then
rm -f /etc/opt/omi/ssl/omi.pem
mv -f /etc/opt/microsoft/scx/ssl/scx-seclevel1.pem /etc/opt/omi/ssl/omi-host-`hostname`.pem
ln -s -f /etc/opt/microsoft/scx/ssl/omi-host-`hostname`.pem /etc/opt/omi/ssl/omi.pem
elif [ -f /etc/opt/microsoft/scx/ssl/scx.pem ]; then
mv /etc/opt/microsoft/scx/ssl/scx.pem /etc/opt/omi/ssl/omi.pem
fi
( set +e; [ -f /etc/profile ] && . /etc/profile; set -e; /opt/microsoft/scx/bin/tools/scxsslconfig )
if [ $? -ne 0 ]; then
# Restore previous omi keys if they exist
if [ -f /etc/opt/omi/ssl/omikey.pem_temp ]; then
mv -f /etc/opt/omi/ssl/omikey.pem_temp /etc/opt/omi/ssl/omikey.pem
fi
if [ -f /etc/opt/omi/ssl/omi.pem_temp ]; then
mv -f /etc/opt/omi/ssl/omi.pem_temp /etc/opt/omi/ssl/omi.pem
fi
exit 1
else
# Certificate generated successfully. Remove /etc/opt/omi/ssl/.omi_cert_marker to signify that we have overwritten omi's cert
rm -f /etc/opt/omi/ssl/.omi_cert_marker
rm -f /etc/opt/omi/ssl/omikey.pem_temp /etc/opt/omi/ssl/omi.pem_temp
fi
else
# /etc/opt/omi/ssl : directory does not exist
exit 1
fi
}
set -e
CreateSoftLinkToSudo
CreateSoftLinkToTmpDir
WriteInstallInfo
set +e
UnconfigureScxPAM
ConfigureRunAs
HandleConfigFiles
# Open port 1270 on install if it was open at uninstall
if [ -f /etc/opt/microsoft/scx/conf/scxagent-enable-port ]; then
/opt/omi/bin/omiconfigeditor httpsport -a 1270 < /etc/opt/omi/conf/omiserver.conf > /etc/opt/omi/conf/omiserver.conf_temp
mv /etc/opt/omi/conf/omiserver.conf_temp /etc/opt/omi/conf/omiserver.conf
fi
rm -f /etc/opt/microsoft/scx/conf/scxagent-enable-port
set -e
GenerateCertificate
# Create link from SSL_DIR/scx.pem to OMI_SSL_DIR/omi.pem
if [ -f /etc/opt/microsoft/scx/ssl/scx.pem ]; then
mv /etc/opt/microsoft/scx/ssl/scx.pem /etc/opt/microsoft/scx/ssl/scx.pem_backup
fi
ln -s /etc/opt/omi/ssl/omi.pem /etc/opt/microsoft/scx/ssl/scx.pem
/opt/omi/bin/service_control reload
# Have we previously installed a Universal Kit before? Keep track of that!
# This is used by the OS provider to mimic non-universal kit installations ...
if ! egrep -q '^ORIGINAL_KIT_TYPE=' /etc/opt/microsoft/scx/conf/scxconfig.conf; then
if [ -s /etc/opt/microsoft/scx/conf/scx-release ]; then
echo 'ORIGINAL_KIT_TYPE=Universal' >> /etc/opt/microsoft/scx/conf/scxconfig.conf
else
echo 'ORIGINAL_KIT_TYPE=!Universal' >> /etc/opt/microsoft/scx/conf/scxconfig.conf
fi
fi
# Generate the conf/scx-release file
/opt/microsoft/scx/bin/tools/GetLinuxOS.sh
# Set up a cron job to logrotate
if [ ! -f /etc/cron.d/scxagent ]; then
echo "0 */4 * * * root /usr/sbin/logrotate /etc/logrotate.d/scxagent --state /var/opt/microsoft/scx/log/scx-logrotate.status >/dev/null 2>&1" > /etc/cron.d/scxagent
fi
if [ -e /usr/sbin/semodule ]; then
echo "System appears to have SELinux installed, attempting to install selinux policy module for logrotate"
echo " Trying /usr/share/selinux/packages/scxagent-logrotate/scxagent-logrotate.pp ..."
sestatus=`sestatus|grep status|awk '{print $3}'`
if [ -e /usr/bin/dpkg-deb -a "$sestatus" = "disabled" ]; then
echo "WARNING: scxagent-logrotate selinux policy module has not yet installed due to selinux is disabled."
echo "When enabling selinux, load scxagent-logrotate module manually with following commands for logrotate feature to work properly for scx logs."
echo "/usr/sbin/semodule -i $SEPKG_DIR_SCXAGENT/scxagent-logrotate.pp >/dev/null 2>&1"
echo "/sbin/restorecon -R /var/opt/microsoft/scx/log > /dev/null 2>&1"
else
/usr/sbin/semodule -i /usr/share/selinux/packages/scxagent-logrotate/scxagent-logrotate.pp >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "ERROR: scxagent-logrotate selinux policy module versions could not be installed"
exit 0
fi
# Labeling scxagent log files
/sbin/restorecon -R /var/opt/microsoft/scx/log > /dev/null 2>&1
fi
fi
exit 0
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists