summaryrefslogtreecommitdiff
path: root/eg/scan/scanner
blob: e73cdc88151582cc3ac2f8690ecfe2395becfb70 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#!/usr/bin/perl

# $RCSfile: scanner,v $$Revision: 4.1 $$Date: 92/08/07 17:20:44 $

# This runs all the scan_* routines on all the machines in /etc/ghosts.
# We run this every morning at about 6 am:

#	!/bin/sh
#	cd /usr/adm/private
#	decrypt scanner | perl >scan.out 2>&1
#	mail admin <scan.out

# Note that the scan_* files should be encrypted with the key "-inquire", and
# scanner should be encrypted somehow so that people can't find that key.
# I leave it up to you to figure out how to unencrypt it before executing.

$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin:/usr/ucb:.';

$| = 1;		# command buffering on stdout

print "Subject: bizarre happenings\n\n";

(chdir '/usr/adm/private') || die "Can't cd to /usr/adm/private: $!\n";

if ($#ARGV >= 0) {
    @scanlist = @ARGV;
} else {
    @scanlist = split(/[ \t\n]+/,`echo scan_*`);
}

scan: while ($scan = shift(@scanlist)) {
    print "\n********** $scan **********\n";
    $showhost++;

    $systype = 'all';

    open(ghosts, '/etc/ghosts') || die 'No /etc/ghosts file';

    $one_of_these = ":$systype:";
    if ($systype =~ s/\+/[+]/g) {
	$one_of_these =~ s/\+/:/g;
    }

    line: while (<ghosts>) {
	s/[ \t]*\n//;
	if (!$_ || /^#/) {
	    next line;
	}
	if (/^([a-zA-Z_0-9]+)=(.+)/) {
	    $name = $1; $repl = $2;
	    $repl =~ s/\+/:/g;
	    $one_of_these =~ s/:$name:/:$repl:/;
	    next line;
	}
	@gh = split;
	$host = $gh[0];
	if ($showhost) { $showhost = "$host:\t"; }
	class: while ($class = pop(gh)) {
	    if (index($one_of_these,":$class:") >=0) {
		$iter = 0;
		`exec crypt -inquire <$scan >.x 2>/dev/null`;
		unless (open(scan,'.x')) {
		    print "Can't run $scan: $!\n";
		    next scan;
		}
		$cmd = <scan>;
		unless ($cmd =~ s/#!(.*)\n/$1/) {
		    $cmd = '/usr/bin/perl';
		}
		close(scan);
		if (open(PIPE,"exec rsh $host '$cmd' <.x|")) {
		    sleep(5);
		    unlink '.x';
		    while (<PIPE>) {
			last if $iter++ > 1000;		# must be looping
			next if /^[0-9.]+u [0-9.]+s/;
			print $showhost,$_;
		    }
		    close(PIPE);
		} else {
		    print "(Can't execute rsh: $!)\n";
		}
		last class;
	    }
	}
    }
}