diff --git a/Changelog b/Changelog new file mode 100644 index 0000000..5f75484 --- /dev/null +++ b/Changelog @@ -0,0 +1,4 @@ +02-17-2006 - metche 1.0 + + * Initial release. + diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000..8dbb1cc --- /dev/null +++ b/INSTALL @@ -0,0 +1,10 @@ +,------------------------------------------------------------------------------- +| INSTALLATION +`------------------------------------------------------------------------------- + +1. Have a look to the REQUIREMENTS section in the README file. +2. Copy the metche executable to /usr/local/sbin/ +3. As root, mkdir /var/lib/metche +4. Copy the manpage (metche.8) to /usr/local/man/man8/ +5. Read the README file and the manpage + diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..d60c31a --- /dev/null +++ b/LICENSE @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..b324467 --- /dev/null +++ b/Makefile @@ -0,0 +1,17 @@ +all: doc + +metche-manpage.xml: metche-manpage.sgml + sgml2xml -xlower -xid $< > $@ + +metche.8: metche-manpage.xml + db2x_xsltproc -s /usr/share/sgml/docbook/stylesheet/xsl/nwalsh/manpages/docbook.xsl $< + +doc: metche.8 + +clean: + rm -f metche-manpage.xml + +distclean: clean + rm -f metche.8 + +.PHONY: all doc clean distclean diff --git a/README b/README new file mode 100644 index 0000000..ed8df8a --- /dev/null +++ b/README @@ -0,0 +1,130 @@ +metche - reducing root bus factor +homepage : https://poivron.org/dev/metche/ + +,------------------------------------------------------------------------------- +| Copyright (C) 2004-2006 boum.org collective - property is theft ! +`------------------------------------------------------------------------------- + +This program is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free Software +Foundation; either version 2 of the License, or (at your option) any later +version. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY +WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with +this program; if not, write to the Free Software Foundation, Inc., 59 Temple +Place - Suite 330, Boston, MA 02111-1307, USA. + +,------------------------------------------------------------------------------- +| OVERVIEW +`------------------------------------------------------------------------------- + +metche is a tool meant to facilitate collective sysadmin ; basically, it +periodically : + - saves the "system state" to $BACKUP_DIR (default /var/lib/metche), i.e. : + . $WATCHED_DIR (default: /etc) + . $CHANGELOG_FILE (default /root/Changelog) + or $CHANGELOG_DIR/*/Changelog (default: /root/changelogs/*/Changelog) + . Debian packages states and versions (using apt-show-versions) + - sends you, in a nicely formated email, the last changes to the "system + state"; see https://poivron.org/dev/metche/ for an example. + +,------------------------------------------------------------------------------- +| BASIC USAGE +`------------------------------------------------------------------------------- + +When installed and configured, metche is run by a cronjob, and you just have to +read the report emails. Of course, it's not useful at all if you don't : + - set $EMAIL_ADDRESS config variable to your sysadmin collective mailing-list + address ; + - use the Changelog files in a rigorous way. + +Note: it is dangerous to use metche without before reading the SECURITY section +of the manpage. + +For a deeper explanation of the way metche works, read the metche(8) manpage. + +,------------------------------------------------------------------------------- +| REQUIREMENTS +`------------------------------------------------------------------------------- + + * Debian GNU/Linux and apt-show-versions (if Debian packages monitoring is + enabled) + * mutt + * bzip2 + * If you want metche to encrypt the email it sends you : gnupg + * If you want metche to monitor your vservers as well : util-vserver tools + * If you want metche to monitor one manually written Changelog file, + it must be located at $CHANGELOG_FILE. +_or_ If you want metche to monitor multiple manually written Changelog + files, they must be located in $CHANGELOG_DIR/*/Changelog ; + for example, you can have : + /root/ + changelogs/ + common/Changelog + apache/Changelog + postfix/Changelog + +,------------------------------------------------------------------------------- +| INSTALLATION +`------------------------------------------------------------------------------- + +See the included INSTALL file. + +,------------------------------------------------------------------------------- +| CONFIGURATION +`------------------------------------------------------------------------------- + +1. Copy metche.conf.default to /etc/metche.conf and edit it so that it suits + your needs. +2. Read the next sections of this document and the metche(8) manpage. +3. Add to /etc/cron.d/metche something like : + 0-59/5 * * * * root test -x /usr/local/sbin/metche && \ + /usr/local/sbin/metche cron + +,------------------------------------------------------------------------------- +| SECURITY : BIG FAT WARNING +`------------------------------------------------------------------------------- + +Read the SECURITY section of metche(8). Really. + +,------------------------------------------------------------------------------- +| FAQ +`------------------------------------------------------------------------------- + +1. How are the monitored Changelog files ($CHANGELOG_FILE or + $CHANGELOG_DIR/*/Changelog) generated ? + + With Emacs or Vim. Ah ah. They are written by *you* ! They are an important + part of the collective sysadmin process metche is supposed to facilitate. + +2. Hey, how is metche working, and what are the underlying concepts I have to + know ? + + When called with the "cron" command line switch, metche looks if the "system + state" has changed in the last $TESTING_TIME minutes. If it is the case, a + "unstable" state is saved. Otherwise, a "testing state" is saved, and a + report is emailed to you. + + A similar mechanism to automatically turn a "testing" state into a "stable" + one ; see metche(8) for explainations. + +3. How do I see the saved states list ? + + Run "metche list". + +4. I've broken my system, how can I see a report against a previous, known + working, system state ? + + Run "metche report [{stable,testing,unstable}-YYYYMMDDHHMM]". + If no saved state is specified, the latest "testing state" is used as + reference. + +5. How do I create a "stable state" by hand ? + + Run "metche stabilize [testing-YYYYMMDDHHMM]". + This turns the given testing state, if specified, or the latest one, + otherwise, into a "stable state". diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..fc1f643 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +metche (1.0-1) unstable; urgency=low + + * Initial Release. + + -- ricola Thu, 24 Nov 2005 19:18:47 +0100 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..b8626c4 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +4 diff --git a/debian/config b/debian/config new file mode 100644 index 0000000..f1eed50 --- /dev/null +++ b/debian/config @@ -0,0 +1,34 @@ +#!/bin/sh + +CONFIGFILE=/etc/metche.conf +set -e +. /usr/share/debconf/confmodule + +if [ -e $CONFIGFILE ]; then + . $CONFIGFILE || true + db_set metche/email $EMAIL_ADDRESS + db_set metche/changelog/type "No changelog monitoring" + if [ "$CHANGELOG_FILE" ]; then + db_set metche/changelog/type "Single changelog file" + db_set metche/changelog/file $CHANGELOG_FILE + fi + if [ "$CHANGELOG_DIR" ]; then + db_set metche/changelog/type "Multiple changelog files" + db_set metche/changelog/directory $CHANGELOG_DIR + fi +fi + +db_input medium metche/email || true +db_input medium metche/changelog/type || true +db_go || true +db_get metche/changelog/type +case "$RET" in +"Single changelog file") + db_input medium metche/changelog/file || true + db_go || true + ;; +"Multiple changelog files") + db_input medium metche/changelog/directory || true + db_go || true + ;; +esac diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..ede8945 --- /dev/null +++ b/debian/control @@ -0,0 +1,21 @@ +Source: metche +Section: admin +Priority: optional +Maintainer: boum.org collective +Build-Depends-Indep: debhelper (>> 4.0.0), docbook2x, sp, docbook-xsl, docbook-to-man +Standards-Version: 3.6.1 + +Package: metche +Architecture: all +Depends: debconf, mutt, bzip2 +Recommends: apt-show-versions, gnupg +Description: configuration monitor to ease collective administration + metche monitors changes made to a "system state" composed of: + - a "watched" directory (typically: /etc) + - changelogs written by you in one or several files + (e.g. /root/Changelog) + - States and versions of Debian packages (using apt-show-versions) + by periodically: + - saving backups of the corresponding files + - emailing the changes in the system state to your administrator's + mailing list diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..19e8767 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,15 @@ +This package was debianized by boum.org collective on +Thu, 24 Nov 2005 19:18:47 +0100. + +It was downloaded from http://www.poivron.org/dev/metche + +Copyright: + +Upstream Authors: boum.org collective + +Copyright (C) 2004-2006 boum.org collective - property is theft ! + +You are free to distribute this software under the terms of +the GNU General Public License. +On Debian systems, the complete text of the GNU General Public +License can be found in the file `/usr/share/common-licenses/GPL'. diff --git a/debian/cron.d b/debian/cron.d new file mode 100644 index 0000000..214fc85 --- /dev/null +++ b/debian/cron.d @@ -0,0 +1 @@ +0-59/5 * * * * root test -x /usr/sbin/metche && /usr/sbin/metche cron diff --git a/debian/dirs b/debian/dirs new file mode 100644 index 0000000..eecc945 --- /dev/null +++ b/debian/dirs @@ -0,0 +1,5 @@ +etc +etc/cron.d +usr/sbin +usr/share/man/man8 +var/lib/metche diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..00941d3 --- /dev/null +++ b/debian/docs @@ -0,0 +1,2 @@ +README +Changelog diff --git a/debian/postinst b/debian/postinst new file mode 100644 index 0000000..7cba541 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,37 @@ +#!/bin/sh + +CONFIGFILE=/etc/metche.conf +set -e +. /usr/share/debconf/confmodule + +cp -a -f $CONFIGFILE $CONFIGFILE.tmp + +db_get metche/email +EMAIL_ADDRESS="$RET" +sed -e "s/^ *EMAIL_ADDRESS=.*/EMAIL_ADDRESS=\"$EMAIL_ADDRESS\"/" -i $CONFIGFILE.tmp + +db_get metche/changelog/type +case "$RET" in +"Single changelog file") + db_get metche/changelog/file + CHANGELOG_FILE="$RET" + sed -e "s@^[# ]*CHANGELOG_FILE=.*@CHANGELOG_FILE=\"$CHANGELOG_FILE\"@" \ + -e "s@^[# ]*CHANGELOG_DIR@#CHANGELOG_DIR@" -i $CONFIGFILE.tmp + ;; +"Multiple changelog files") + db_get metche/changelog/directory + CHANGELOG_DIR="$RET" + sed -e "s@^[# ]*CHANGELOG_DIR=.*@CHANGELOG_DIR=\"$CHANGELOG_DIR\"@" \ + -e "s@^[# ]*CHANGELOG_FILE@#CHANGELOG_FILE@" -i $CONFIGFILE.tmp + ;; +"No changelog monitoring") + sed -e "s@^[# ]*CHANGELOG_FILE@#CHANGELOG_FILE@" \ + -e "s@^[# ]*CHANGELOG_DIR@#CHANGELOG_DIR@" -i $CONFIGFILE.tmp + ;; +esac + +mv -f $CONFIGFILE.tmp $CONFIGFILE + +metche cron + +#DEBHELPER# diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..07a4f44 --- /dev/null +++ b/debian/rules @@ -0,0 +1,55 @@ +#!/usr/bin/make -f +# debian rules file for metche + +PACKAGE = metche +DESTDIR = $(CURDIR)/debian/$(PACKAGE) + +build: build-stamp +build-stamp: + dh_testdir + $(MAKE) + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + -$(MAKE) clean + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + cp $(CURDIR)/metche $(DESTDIR)/usr/sbin + cp $(CURDIR)/metche.conf.default $(DESTDIR)/etc/metche.conf + cp $(CURDIR)/metche.8 $(DESTDIR)/usr/share/man/man8 + chown root:staff $(DESTDIR)/var/lib/metche + chmod 750 $(DESTDIR)/var/lib/metche + +# Build architecture-independent files here. +binary-indep: build install + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs + dh_installexamples + dh_installdebconf + dh_installcron + dh_installman metche.8 + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install diff --git a/debian/templates b/debian/templates new file mode 100644 index 0000000..d9c6485 --- /dev/null +++ b/debian/templates @@ -0,0 +1,44 @@ +Template: metche/email +Type: string +Default: root +Description: E-mail address receiving metche reports + metche monitors "system state" changes. An hour after the last change has + been recorded an e-mail report is sent describing changes made to: + - files inside the watched directory (/etc by default), + - user maintainted changelog file(s) (if configured to do so), + - the list of installed Debian packages (if configured to do so). + . + Please enter the e-mail that should receive these reports. It typically + corresponds to the alias or mailing-list used by system administators for + this computer. + . + Note: by default, metche does not send detailed diffs describing file changes + as this can leak confidential information. If you want to use this feature, + we strongly encourage you to turn on GPG encryption at the same time. + See the metche(8) man page and the configuration file for more details. + +Template: metche/changelog/type +Type: select +Choices: Single changelog file, Multiple changelog files, No changelog monitoring +Description: Changelog monitoring type. + metche can monitor one or more changelogs written by the system + administrators. + . + These changelogs should contain comments describing the changes made + to the system. The easiest way to organize these comments is to put them all + together in one file. + . + Another possibility is to have a subdirectory for each administrative task + with a file named "Changelog". This way, you can store source code or + configuration examples along with the documentation on how they have been used. + +Template: metche/changelog/file +Type: string +Description: Changelog file to be monitored. + This option sets the path of the changelog file to be monitored. + +Template: metche/changelog/directory +Type: string +Description: Changelog directory to be monitored. + This option sets the path to the root directory containing the Changelogs. Each + "Changelog" file should be in a sub-directory of this directory. diff --git a/metche b/metche new file mode 100755 index 0000000..971f0f5 --- /dev/null +++ b/metche @@ -0,0 +1,618 @@ +#! /bin/bash +# -*- mode: sh; sh-basic-offset: 4; indent-tabs-mode: nil; -*- +# +# metche: reducing root bus factor +# Copyright (C) 2004-2006 boum.org collective - property is theft ! +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# + +set -e +shopt -s nullglob + +### +### Auxiliary functions +### + +display_usage() { + ( echo "Usage: `basename $0` list" + echo " `basename $0` report" \ + "[{stable|testing|unstable}-YYYYMMDDHHMM]" + echo " `basename $0` cron" + echo " `basename $0` stabilize [testing-YYYYMMDDHHMM]" + echo "" + ) >&2 +} + +fatal() { + echo -e "$@" >&2 + exit 2 +} + +executable_not_found() { + local executable="$1" + local software="$2" + local option="$3" + + fatal "$executable not found. Please install $software or turn $option off." +} + +debug() { + [ "$DEBUG" != yes ] || echo -e "debug: $@" >&2 +} + +email() { + debug "email $@" + local subject="$_MAIL_SUBJECT : $1" + if [ $ENCRYPT_EMAIL = "yes" ]; then + LC_ALL="$LOCALE" gpg --batch --armor --encrypt \ + --recipient "$EMAIL_ADDRESS" | + LC_ALL="$LOCALE" mutt -s "$subject" "$EMAIL_ADDRESS" + else + LC_ALL="$LOCALE" mutt -s "$subject" "$EMAIL_ADDRESS" + fi +} + +### +### Configuration +### + +DEBUG="yes" +WATCHED_DIR="/etc" +BACKUP_DIR="/var/lib/metche" +# if set, activate single changelog mode +#CHANGELOG_FILE="/root/Changelog" +# if set, activate multiple changelogs mode +#CHANGELOG_DIR="/root/changelogs" +DO_PACKAGES="no" +DO_DETAILS="no" +TESTING_TIME="60" +STABLE_TIME="3" +EMAIL_ADDRESS="root@`hostname -f`" +ENCRYPT_EMAIL="no" +EXCLUDES="*.swp #* *~ *.key ifstate adjtime ld.so.cache shadow* \ + blkid.tab* aumixrc net.enable mtab \ + vdirbase run.rev vdir run.rev" +LOCALE="C" + +_MAIL_SUBJECT="`hostname -f` - changes report" +_NO_DEBIAN_PACKAGES_CHANGE="No change in Debian packages state." +_NO_CHANGE="No change." + +MAIN_HEADER=" + c h a n g e s r e p o r t + --------------------------- + +" + +CHANGELOGS_HEADER=" + +Changelogs +========== + +" + +FILES_HEADER=" + +Changed files +============= + +" + +DEBIAN_PACKAGES_HEADER=" + +Changes in Debian packages +========================== + +" + +FILES_DETAILS_HEADER=" + +Details for changed files +========================= + +" + +if [ "$1" = "-h" ]; then + if [ -f /etc/metche/$2.conf ]; then + . /etc/metche/$2.conf + CMD="$3" + MILESTONE="$4" + else + display_usage + fatal "Config file /etc/metche/$2.conf does not exist." + fi +elif [ -f /etc/metche.conf ]; then + . /etc/metche.conf + CMD="$1" + MILESTONE="$2" +else + display_usage + fatal "Config file not found." +fi + +PATH="/bin:/usr/bin" +unset LC_ALL +unset LC_CTYPE +unset LANGUAGE +unset LANG +umask 077 + +test -d "$WATCHED_DIR" || fatal "WATCHED_DIR ($WATCHED_DIR) does not exist." +test -d "$BACKUP_DIR" || fatal "BACKUP_DIR ($BACKUP_DIR) does not exist." +test -z "$TAR_OPTS" || fatal "TAR_OPTS is deprecated, use EXCLUDES instead." + +if [ "$DO_PACKAGES" = "yes" ]; then + which apt-show-versions > /dev/null || + executable_not_found "apt-show-versions" "it" "DO_PACKAGES" +fi + +if [ "$ENCRYPT_EMAIL" = "yes" ]; then + which gpg > /dev/null || + executable_not_found "gpg" "GnuPG" "ENCRPYT_EMAIL" + gpg --batch --list-public-keys $EMAIL_ADDRESS >/dev/null 2>&1 || + fatal "GnuPG public key for $EMAIL_ADDRESS not found." +fi + +DATE=`date "+%Y%m%d%H%M"` +WATCHED_PARENT=`dirname $WATCHED_DIR` +if [ "$WATCHED_PARENT" != '/' ]; then + WATCHED_PARENT="$WATCHED_PARENT/" +fi + +# How to use $TAR_OPTS: +# - $TAR_OPTS should be used unquoted +# - 'set -o noglob' has to be run before any $TAR_OPTS use +# - 'set +o noglob' has to be run after any $TAR_OPTS use +TAR_OPTS="" +set -o noglob +for pattern in $EXCLUDES; do + TAR_OPTS="$TAR_OPTS --exclude=$pattern" +done +set +o noglob + +# How to use $FIND_OPTS: +# - $FIND_OPTS should appear unquoted between: +# . the (optional) target files and directories +# . the (compulsory) action, such as -print or -exec +# - 'set -o noglob' has to be run before any $FIND_OPTS use +# - 'set +o noglob' has to be run after any $FIND_OPTS use +FIND_OPTS="" +set -o noglob +# DO NOT fix me: the final -or at the end of $FIND_OPTS is really needed +for pattern in $EXCLUDES; do + FIND_OPTS="$FIND_OPTS -path */$pattern -prune -or" +done +set +o noglob + +### +### Modules enabling/disabling +### + +DO_CHANGELOGS="no" +if [ "$CHANGELOG_DIR" ]; then + if [ -d "$CHANGELOG_DIR" ]; then + DO_CHANGELOGS="dir" + fi +elif [ -f "$CHANGELOG_FILE" ]; then + DO_CHANGELOGS="file" +fi + +# Debian packages +# Enabled/disabled by $DO_PACKAGES, initialized to "yes", can be +# overriden by the sourced conf file. + + +### +### A few functions to do the real work +### + +# Returns 0 if, and only if, specified milestone exists. +milestone_exists() { + local milestone="$1" + if [ -f "${BACKUP_DIR}/${milestone}.tar.bz2" -o \ + -L "${BACKUP_DIR}/${milestone}.tar.bz2" ]; then + return 0 + else + return 1 + fi +} + +# Echoes the given milestone's version (i.e. "stable", "testing", "unstable") +# if it has a valid version, else "none". +# The given milestone can be inexistant. +milestone_version() { + local milestone="$1" + local version="`echo $milestone | sed 's/-.*$//'`" + case $version in + stable|testing|unstable) + echo $version;; + *) + echo "none";; + esac +} + +# Echoes given milestone's date. +# Symlinks (e.g.: *-latest) are dereferenced if needed. +# The given milestone can be inexistant. +milestone_date() { + local milestone="$1" + + if [ -L "${BACKUP_DIR}/${milestone}.tar.bz2" ]; then + milestone="`readlink ${BACKUP_DIR}/${milestone}.tar.bz2`" + fi + echo `basename $milestone` | sed 's/.*-//' | sed 's/\..*$//' +} + +# Returns 0 if, and only if, the given milestone ($1) is the latest one +# of its type. +# The given milestone can be inexistant. +is_latest() { + local file milestone ref_milestone ref_date ref_version + + ref_milestone="$1" + ref_date="`milestone_date $ref_milestone`" + ref_version="`milestone_version $ref_milestone`" + for file in "${BACKUP_DIR}/${ref_version}-"*.tar.bz2; do + milestone=`basename $file | sed 's/\.tar\.bz2$//'` + if [ "`milestone_date $milestone`" -gt "$ref_date" ]; then + return 1 + fi + done + return 0 +} + +# This will save an archive of the watched directory with the given prefix +save_files() { + debug " - save_files $@" + set -o noglob + tar jcf "$BACKUP_DIR/$1-$DATE".tar.bz2 \ + -C "$WATCHED_PARENT" $TAR_OPTS `basename "$WATCHED_DIR"` + set +o noglob + ln -sf "$1-$DATE".tar.bz2 "$BACKUP_DIR/$1"-latest.tar.bz2 +} + +# This will save packages list with the given prefix +save_packages() { + debug " - save_packages $@" + apt-show-versions -i + apt-show-versions | + sort > "$BACKUP_DIR/$1-$DATE".packages + ln -sf "$1-$DATE".packages "$BACKUP_DIR/$1"-latest.packages +} + +# This will save Changelogs with the given prefix +save_changelogs() { + debug " - save_changelogs $@" + local changelog domain file + + if [ "$DO_CHANGELOGS" = "dir" ]; then + for file in "$CHANGELOG_DIR"/*/Changelog; do + changelog="${file##$CHANGELOG_DIR/}" + domain="${changelog%%/Changelog}" + cat "$file" > "$BACKUP_DIR/$1-$DATE.$domain.Changelog" + ln -sf "$1-$DATE.$domain.Changelog" \ + "$BACKUP_DIR/$1-latest.$domain.Changelog" + done + elif [ "$DO_CHANGELOGS" = "file" ]; then + cat "$CHANGELOG_FILE" > "$BACKUP_DIR/$1-$DATE.Changelog" + ln -sf "$1-$DATE.Changelog" "$BACKUP_DIR/$1-latest.Changelog" + fi +} + +# Save whatever reflect the current state with the given prefix +save_state() { + debug "save_state $@" + save_files "$1" + [ $DO_PACKAGES = "no" ] || save_packages "$1" + [ $DO_CHANGELOGS = "no" ] || save_changelogs "$1" +} + +# Report changes against given version to standard output +report_changes() { + debug "report_changes $@" + local tmp tmpdir changelog domain diff tar_diff diff_diff + local files old new tmp_packages file + + # File to store results + tmp=`mktemp -q` + # We need to diff against given version, so extract it + tmpdir=`mktemp -d -q` + tar jxf "$BACKUP_DIR/$1".tar.bz2 -C "$tmpdir" + + echo "$MAIN_HEADER" >> "$tmp" + + if [ $DO_CHANGELOGS = "dir" ]; then + echo "$CHANGELOGS_HEADER" >> "$tmp" + for file in "$CHANGELOG_DIR"/*/Changelog; do + changelog="${file##$CHANGELOG_DIR/}" + domain="${changelog%%/Changelog}" + diff=`LC_ALL=$LOCALE \ + diff -wEbBN "$BACKUP_DIR/$1.$domain.Changelog" \ + "$file"` || + # diff returns false when files differ + (echo "$domain:" ; echo "$diff" | + grep -v '^[0-9-]\|^\\') >> "$tmp" + done + fi + if [ $DO_CHANGELOGS = "file" ]; then + echo "$CHANGELOGS_HEADER" >> "$tmp" + diff=`LC_ALL=$LOCALE \ + diff -wEbBN "$BACKUP_DIR/$1.Changelog" "$CHANGELOG_FILE"` || + # diff returns false when files differ + (echo "$diff" | grep -v '^[0-9-]\|^\\') >> "$tmp" + fi + + echo "$FILES_HEADER" >> "$tmp" + + # Find differences with tar + set -o noglob + tar_diff=$(tar jdf "$BACKUP_DIR/$1".tar.bz2 \ + -C "$WATCHED_PARENT" $TAR_OPTS 2>&1 | + # transform: + # etc/issue: Gid differs -> etc/issue + # tar: etc/irssi.conf: ... -> etc/irssi.conf + sed -e 's/\(tar: \)\?\([^:]*\):.*/\2/') + # Get new files + diff_diff=$(diff -qr $TAR_OPTS "$tmpdir"/`basename "$WATCHED_DIR"` \ + "$WATCHED_DIR" 2>/dev/null | + # Only in test/etc: issue -> test/etc/issue + sed -n -e "s,^Only in $WATCHED_PARENT\([^:]*\): \(.*\),\1/\2,p") + files="`echo "$tar_diff$diff_diff" | sort -u`" + set +o noglob + if [ -z "$files" ]; then + echo "$_NO_CHANGE" >> "$tmp" + else + for file in $files; do + old="$tmpdir"/"$file" + new="$WATCHED_PARENT$file" + if [ -e "$old" -a -e "$new" ]; then + echo -n '< ' + ls -ld "$old" | sed -e "s;$tmpdir/;;" + echo -n '> ' + ls -ld "$new" | sed -e "s;$WATCHED_PARENT;;" + elif [ -e "$old" ]; then + echo -n '- ' + ls -ld "$old" | sed -e "s;$tmpdir/;;" + elif [ -e "$new" ]; then + echo -n '+ ' + ls -ld "$new" | sed -e "s;$WATCHED_PARENT;;" + fi + done >> "$tmp" + fi + + if [ "$DO_PACKAGES" = "yes" ]; then + echo "$DEBIAN_PACKAGES_HEADER" >> "$tmp" + + tmp_packages=`mktemp -q` + apt-show-versions -i + apt-show-versions | sort > "$tmp_packages" + if diff -wEbB "$BACKUP_DIR/$1".packages "$tmp_packages"; then + echo "$_NO_DEBIAN_PACKAGES_CHANGE" + fi | grep -v '^[0-9-]' >> "$tmp" + fi + + if [ "$DO_DETAILS" = "yes" ]; then + echo "$FILES_DETAILS_HEADER" >> "$tmp" + + # Just diff it! + set -o noglob + if (LC_ALL=$LOCALE diff -urBN $TAR_OPTS \ + --minimal "$tmpdir"/`basename "$WATCHED_DIR"` \ + "$WATCHED_DIR" 2>/dev/null); then + echo "$_NO_CHANGE" + fi | grep -v '^--- \|diff ' | + sed -e "s;^+++ $WATCHED_PARENT\([^ ]*\) .*;+++ \1;" \ + >> "$tmp" + set +o noglob + fi + + # Put on standard output + cat "$tmp" + + # Clean temporaries + rm -rf "$tmp" "$tmpdir" +} + +# Turns into stable the given testing. +# NB: argument validity is supposed to have been already checked. +stabilize_state() { + debug "stabilize_state $@" + local testing stable file dst + + testing="$1" + # follow symlink if needed + if [ -L "${BACKUP_DIR}/$testing".tar.bz2 ]; then + testing="`readlink ${BACKUP_DIR}/${testing}.tar.bz2`" + testing="`basename $testing | sed 's/\..*//'`" + fi + stable="`echo $testing | sed 's/^testing/stable/'`" + for file in "${BACKUP_DIR}/${testing}"*; do + dst="`echo $file | sed 's/\/testing-/\/stable-/'`" + cp "$file" "$dst" + # create/change stable-latest* links if, and only if, + # it's really the latest + if is_latest $stable; then + ln -sf "`basename $dst`" "${BACKUP_DIR}/`basename $dst | + sed 's/-[0-9]*\./-latest\./'`" + fi + done +} + +# Print watched directory and files separated by spaces +# (suitable for find) +# Note: this function needs pathname expansion, but is called from places where +# it is disabled; that's why we need to save the pathname expansion status +# in the beginning and reset it to end with. +print_watched_files() { + local files + local reset_noglob_status_cmd + + files="$WATCHED_DIR" + reset_noglob_status_cmd="`set +o | grep 'set .o noglob'`" + set +o noglob + if [ "$DO_CHANGELOGS" = "dir" ]; then + files="$files `echo "$CHANGELOG_DIR"/*/Changelog`" + elif [ "$DO_CHANGELOGS" = "file" ]; then + files="$files $CHANGELOG_FILE" + fi + $reset_noglob_status_cmd + echo "$files" +} + +# Return true if watched files has not changed since $1 minutes +no_change_since() { + local time + + time="$1" + set -o noglob + if [ -z "$(find $(print_watched_files) $FIND_OPTS -cmin "-$time" -print | head -1)" ]; then + set +o noglob + return 0 + else + set +o noglob + return 1 + fi +} + +# Return true if watched files has changed since file $1 last modification +changed_from() { + local ref_file + + ref_file="$1" + set -o noglob + if [ "$(find $(print_watched_files) $FIND_OPTS -newer "$ref_file" -print | head -1)" ]; then + set +o noglob + return 0 + else + set +o noglob + return 1 + fi +} + +### +### Main +### + +# make sure we've got at least one testing and one stable +milestone_exists testing-latest || save_state "testing" +milestone_exists stable-latest || stabilize_state "testing-latest" + +case "$CMD" in + + report) + DO_DETAILS="yes" + if [ -z "$MILESTONE" ]; then + report_changes "testing-latest" + elif milestone_exists "$MILESTONE"; then + report_changes "$MILESTONE" + else + display_usage + fatal "The specified state does not exist." + fi + ;; + + list) + for file in "$BACKUP_DIR"/*.tar.bz2; do + echo `basename ${file%%.tar.bz2}` + done + ;; + + cron) + STABLE_TIME_MIN=`expr 24 '*' 60 '*' "$STABLE_TIME"` + + ### Algorithm + # + # if (no change happened for TESTING_TIME) then + # if (something has changed since the last testing) then + # send a report against last testing + # save a new testing state + # delete all saved unstable states + # elif (no change happened for STABLE_TIME) then + # if (something has changed since the last stable) then + # save a new stable state and notify EMAIL_ADDRESS + # delete all saved testing states older than STABLE_TIME + # fi + # fi + # elif (last unstable exists) then + # if (something has changed since the last unstable) then + # save a new unstable state + # fi + # else + # save a new unstable state + # fi + if no_change_since "$TESTING_TIME"; then + debug "no change since TESTING_TIME" + if changed_from "$BACKUP_DIR"/testing-latest.tar.bz2; then + debug "changed from testing-latest" + report_changes "testing-latest" | email "testing-$DATE" + save_state "testing" + debug "removing all saved unstable states." + find "$BACKUP_DIR" -name 'unstable-*' -exec rm "{}" \; + elif no_change_since "$STABLE_TIME_MIN"; then + if changed_from "$BACKUP_DIR"/stable-latest.tar.bz2; then + save_state "stable" + echo "metche saved a new stable state : stable-${DATE}." | + email "stable-$DATE" + debug "removing all saved testing states older " \ + "than STABLE_TIME ($STABLE_TIME)." + find "$BACKUP_DIR" -name 'testing-*' \ + -ctime +"$STABLE_TIME" -exec rm "{}" \; + fi + fi + elif milestone_exists unstable-latest; then + if changed_from "$BACKUP_DIR"/unstable-latest.tar.bz2; then + debug "changed from unstable-latest" + save_state "unstable" + fi + else + save_state "unstable" + fi + ;; + + stabilize) + if [ -z "$MILESTONE" ]; then + stabilize_state "testing-latest" + elif [ "`milestone_version $MILESTONE`" = "testing" -a \ + milestone_exists $MILESTONE ]; then + stabilize_state "$MILESTONE" + else + display_usage + fatal "The specified state is not an existing testing state." + fi + ;; + + test) + milestone_version "stable-200507040202" + milestone_version "testing-latest" + milestone_version "testing-200507030047" + milestone_version "testing-200507030047qsfd" + milestone_date "stable-200507040202" + milestone_date "testing-latest" + milestone_date "testing-200507030047" + milestone_date "testing-200507030047qsfd" + (is_latest testing-latest && echo oui) || echo non + (is_latest testing-200507031821 && echo oui) || echo non + (is_latest stable-200507031831 && echo oui) || echo non + (is_latest stable-200507040202 && echo oui) || echo non + ;; + + *) + display_usage + exit 1 + ;; +esac + +# vim: et sw=4 diff --git a/metche-manpage.sgml b/metche-manpage.sgml new file mode 100644 index 0000000..0b95994 --- /dev/null +++ b/metche-manpage.sgml @@ -0,0 +1,184 @@ + + + + + + metche + 8 + + + + metche + reducing root bus factor + + + + + metche + + cron + report + + + stable + testing + unstable + -YYYYMMDDHHMM + + + list + stabilize testing-YYYYMMDDHHMM + + + + + + + DESCRIPTION + + metche is a tool meant to facilitate collective sysadmin by + monitoring changes in the system configuration. + + metche basic usage is to monitor changes in a directory, usually + /etc ; optionally, metche can also + monitor: + + + one or more user maintained changelog files, + + + the state of Debian packages and versions. + + + + metche should be installed with a cronjob that regularly runs to + automatically save the system state as needed. These states are saved in a + way similar to the Debian development model: + + + unstable states are saved as soon as + a change is detected. They are kept until a new + testing state appears. + + + testing states is created from the last + unstable state that has not been changed + after a short amount of time (by default, one hour). Old + unstable states are deleted afterwards. + + + stable states are created from the last + testing state, either manually, or after a + long amount of time (by default, 3 days). Old testing states are deleted afterwards. + + + + When a new testing state is saved, an email is + sent to a configurable address, giving an overwiew of + the differences with the previous testing. + A notification is also sent when a new stable state is + saved. + + metche's configuration is read from + /etc/metche.conf. Various settings like changelog + monitoring or time between system state switches are described + there. + + + + + OPTIONS + + One of the following commands must be specified on the + command line: + + + + report + + When run with the report command, metche + displays a report against the specified saved state, or if unspecified, + against the latest testing state. This is useful when you + have broken your system and want to know which changes have been made + since a given, known working, system state. + + + list + + When run with the list command, metche + displays a list of all the saved states. + + + stabilize + + When run with the stabilize command, metche + turns a "testing state" into a "stable state". By default, it will + use the last "testing state", but this can be overriden by giving + a specific state as argument. + + + cron + + This command should not be called manually, but used from + a cronjob. When called, it can perform various operations like: + saving "unstable", "testing" or "stable" states as needed and + sending reports and notification if configured to do so. + + + + + + + FILES + /etc/metche.conf contains metche configuration. + + + When configured to monitor one changelog, + CHANGELOG_FILE (default + /root/Changelog). + + + When configured to monitor multiple changelogs, + CHANGELOG_DIR/*/Changelog + (default : /root/changelogs). + + System states are saved in + BACKUP_DIR (default + /var/lib/metche). + + + SECURITY + metche is able to use GnuPG to encrypt the email it sends, but does + not by default; just enable the ENCRYPT_EMAIL configuration + option, and make sure EMAIL_ADDRESS' public key is in root's + keyring, trusted enough to be used blindly by metche. + + In its default setup (ENCRYPT_EMAIL configuration + option disabled) metche sends in clear text email the + changes made to the watched directory... either make sure that the + TAR_OPTS configuration variable prevents it to send sensitive + information, or triple check that secure connections will be used end-to-end + on the email path. If unsure, set EMAIL_ADDRESS configuration + variable to a local mailbox. + + metche stores, in BACKUP_DIR (default : + /var/lib/metche), various backups of + WATCHED_DIR. Make sure that this backup place is at least as + secured as the source. + + + BUGS + See metche's ticket + system for known bugs, missing features, and the development + road-map. + + + AUTHOR + This manual page was written by the boum collective + boum@anargeek.net. + + + + diff --git a/metche.conf.default b/metche.conf.default new file mode 100644 index 0000000..60abcd2 --- /dev/null +++ b/metche.conf.default @@ -0,0 +1,71 @@ +####################################################################### +# +# metche configuration +# + +# Directory watched by metche +WATCHED_DIR="/etc" + +# Directory containing backups +BACKUP_DIR="/var/lib/metche" + +# Activate single changelog file monitoring +CHANGELOG_FILE="/root/Changelog" + +# Activate multiple changelogs file monitoring. +# Each "Changelog" should be in a sub-directory of CHANGELOG_DIR. +# (Override CHANGELOG_FILE if both are set) +#CHANGELOG_DIR="/root/changelogs" + +# Debian packages monitoring (need apt-show-versions) +DO_PACKAGES="no" + +# Show diff details for modified files +# WARNING! This can send sensitive data by e-mail if not used with encryption. +DO_DETAILS="no" + +# Minutes until unstable goes to testing +TESTING_TIME="60" + +# Days until testing goes to stable +STABLE_TIME="3" + +# Address receiving testing changes report +EMAIL_ADDRESS="root@localhost" + +# Encrypt emails with GnuPG ? (uncomment next line to do so) +#ENCRYPT_EMAIL="yes" + +# Filename patterns to ignore (space-separated list) +# GNU tar --exclude pattern matching rules are used: +# - If a pattern matches a directory, all the files beneath it are +# recursively excluded. +# - Periods (`.') or forward slashes (`/') are not considered special for +# wildcard matches. +# Example (default value): +#EXCLUDES="*.swp #* *~ *.key ifstate adjtime ld.so.cache shadow* \ +# blkid.tab* aumixrc net.enable mtab \ +# vdirbase run.rev vdir run.rev" + +# Locale (will be used to feed LC_ALL) +# Warning: values different from "C" are untested. +LOCALE="C" + +# Set this to yes to get more debugging output. +DEBUG="no" + +####################################################################### +# +# Localizable strings +# + +# Add your custom headers below + +#_MAIL_SUBJECT="`hostname -f` - changes report" +#_NO_DEBIAN_PACKAGES_CHANGE="No change in Debian packages state." +#_NO_CHANGE="No change." +#MAIN_HEADER="" +#CHANGELOGS_HEADER="" +#FILES_HEADER="" +#DEBIAN_PACKAGES_HEADER="" +#FILES_DETAILS_HEADER=""