README for OSTools 1.15
=======================

Copyright 2012-2015 Teleflora
$Revision: 1.166 $


OSTools 1.15.0
--------------

The contents of ostools 1.15.0 are the changes to CVS head since the
branch for OSTools 1.14 was generated.  Each change is documented by
a tracker which appear below in reverse chronological order.


##########
196205

If the environment variable "RTI_DIR" is defined with a trailing '/',
the Linux User menu is truncated because the "rtiuser.pl" script can
not be found.

##########
196201

For RHEL6, when initializing a LUKS device, there must be a delay after
the "mkfs" and the "luksClose".  Discovered in testing.  This delay
is not needed for RHEL7.

##########
196131

Script aborts when run on real hardware and using LUKS disk because
crypt key is non.zero.  On real hardware, the LUKS crypt key is the
Dell service tag.  Since this is a string rather than a number, the code
which checks the crypt key bombs because it is expecting only a number.

##########
196075

The code for "--info-production" should be made streamlined.

##########
195895

The "smb.conf" file generated by "updateos.pl --daisy8" should add
port 445 to "smb ports" line per request from Kevin Pugh.

Also changed for RTI per Mike Green.

##########
195704

The menu item "Linux -> OSTools Update" does nothing.

##########
195700

The rtibackup.pl script was not sending a Daisy logevent for backups
done under cron or the tfsupport.pl menus.

##########
195548

Convert tfsupport.pl to use the newly added rtibackup.pl command line
option "--report-is-backup-enabled instead of depending on private
knowledge of the rtibackup.pl internals.

##########
195535

Add command line option "..report.is.backup.enabled" to rtibackup.pl
script.  This feature can be used by tfsupport.pl instead of using
private knowledge of how rtibackup.pl is installed.

##########
195469

Add the "--report.files" command line option to "tfmkpserver.pl".
This option can be used to report the paths to important files and directories.

##########
195458

Update copyright, Perl $VERSION, Perl "use English".

##########
195456

First version of "dsycheck.pl" to be included with ostools 1.15.

##########
195425

Changes to "tfrsync.pl" to reach Perl Critic level 2.

##########
195174

Add the "--validatekey" command line option to "tfrsync.pl" for
compatibility with "rtibackup.pl".

##########
195155

Add the "--showkey" command line option to tfrsync.pl for compatibility
with rtibackup.pl

##########
195102

Add the "--finddev" command line option from "rtibackup.pl" to "tfrsync.pl".

##########
195006

To support backups to the "cloud" and to a backup server on the same
production server, the "tfrsync.pl" script must use separate locations
for the cloud ssh public key file and the backup server public key file.

##########
194724

For RHEL7, do not install the "uucp" rpm package via "updateos.pl --rti14".

##########
194721

For RHEL7, when adding a user via "rtiuser.pl --add", the user should not be added
to the system group "uucp" since it does not exist in RHEL7.

##########
194719

For RHEL7, when adding a user via "dsyuser.pl --add", the user should not be added
to the system group "uucp" since it does not exist in RHEL7.

##########
194651

For RHEL7 systems, add "--configure-grub2" cmd line option to configure
grub2 to be verbose when booting.  Also, do this configuration during
"--baremetal" on RHEL7 systems.

##########
194257

Make all email messages from tfrsync.pl contain consistently
formatted information.

##########
193988

Enhance format, efficiency, reliability and logging of "tfmkpserver.pl".

##########
193968

Add "--send-test-email" to script "tfrsync.pl" to help with debugging
email configuration.

##########
193889

Make script "tfmkpserver.pl" work on RHEL7.

##########
193877

Enhance "updateos.pl --baremetal" to set the default password hash
to sha512.

##########
193811

Add command line option "--keep-ip-addr" to "tfmkpserver.pl" to preserve
backup server ip addr when converting to production server.

##########
193702

Install new system service "systememail" via install-ostools.pl.

##########
193698

When doing an upgrade via "rtibackup.pl --upgrade",
don't generate new ".bash_profile" files for users.

When ostools is installed, the "systememail" system service should be installed.
##########
193521

When ostools is installed, the "systememail" system service should be installed.

##########
193517

The subject line of email for the summary report should conform to format
specified by email from Shannon Jackson:

> The tfrsync.pl email summary report notification subject line format should be:
> .   SUCCESS Cloud Backup (rticloud.homelinux.com or IP Address) hostname
> .   SUCCESS Server.to.Server Backup (192.168.1.22) hostname
> .   SUCCESS Local Backup (Passport) hostname
> .   SUCCESS Local Backup (/dev/sdb) hostname
> .   ERROR Cloud Backup (rticloud.homelinux.com or IP Address) hostname
> .   ERROR Server.to.Server Backup (192.168.1.22) hostname
> .   ERROR Local Backup (Passport) hostname
> .   ERROR Local Backup (/dev/sdb) hostname

##########
193509

On T300 systems, the "updateos.pl --ospatches" command should
automatically add "--keepkernels=1".

##########
193352

All ostools scripts should be of consistent style in their "--version"
and "--help" output.

##########
193334

The ostools modules should be installed under /d/ostools for Daisy
systems and /usr2/ostools under RTI systems so that all ostools files
are in one place.

##########
193285

The "tfrsync.pl" script should have a command line option to provide a
method of restoring a file from a LUKS backup device.  The command line
option should be "--luks-restore-file=s" and the command should allow
the use of "--rootdir=s" to specify a destination dir.

##########
193277

The "tfrsync.pl" script should have a command line option to verify
that a specified file exists on the LUKS backup device.  This can then
be used by the "Backup -> Device -> Advanced -> Verify File" menu item.

##########
193226

The tfrsync.pl script should have a "--report-logfile" command line
option to report the path to the logfile being used.

##########
193219

The tfrsync.pl should have a "--luks-backup-date" option to report
the date of last backup on the LUKS device.  This will used by the
tfsupport.pl Backup -> Device -> Advanced -> Backup Date.

##########
193207

The "tfrsync.pl --luks --backup=s" command should record the date of
backup on the backup device.

##########
193135

When getting a list of files from a LUKS disk via "tfrsync.pl --luks
--list=all", the user should be able to use "--luks-dir" to specify a
directory on the LUKS disk other than "today" (the default).

##########
193129

Add "Device Backup Menu" and "Advanced Device Backup Menu" for backing
up to a LUKS disk via "tfrsync.pl --luks".

##########
193112

Major overhaul of "Backup Menu" and "Advanced Backup Menu".

##########
193113

The "--checkfile" option almost always fails to find the specified file
in the backup even if present on the backup device.

##########
192959

The new Red Hat contract requires changes to "updateos.pl --sub-mgr-register".

##########
192954

The "updateos.pl --ostools" code should update ostools without running
"harden_linux.pl".

##########
192884

The "tfrsync.pl" should have a "--luks-getinfo" command line
option to report info on the luks backup device and exit.

##########
192818

Remove obsolete "--sendto" and "--receivefrom" code from rtibackup.pl.

##########
192817

Added support for LUKS disks to backup history in tfsupport.pl:
    Backup -> Backup History -> LUKS Backup History.

##########
192769

The dsyperms.pl script does not check for existence of *.orig files
before it trys to operate on them.

##########
192763

RHEL7 changes required for "tfrsync.pl --restore=osconfigs".

##########
192747

When restoring files from LUKS disks and specifying an alternate dest with
"--root.dir", the restored files should be copied so they are contained in
alt dest, rather than being copied to a path in the alt dest which which
is a copy of the mount point.  For example, restoring "daisyconfigs" to
"--root.dir=/tmp" should result in directories "d" and "etc" in "/tmp"
rather than in "/tmp/mnt/backups/today/d" and "/tmp/mnt/backup/today/etc".

##########
192671

The "tfrsync.pl --luks-install" attempts to read the config file before
installing it.

##########
192666

There are RHEL7 services on the "white list" that can be removed now
that we are up to RHEL7.2: accounts.daemon.service, avahi.daemon.service,
bluetooth.service, display.manager.service, rtkit.daemon.service.

##########
192661

The "dsyperms.pl" script is not run after a "--restore=daisy"
in the tfrsync.pl script.

##########
192650

The updateos.pl script requires a modification to support
stopping daisy on RHEL7.

##########
192649

Add support to rtibackup.pl for starting/stopping Daisy on RHEL7.

##########
192598

In tfrsync.pl, the code to start and stop Daisy does not support RHEL7.

##########
192484

When running "updateos.pl ..ipaddr=192.168.1.21", the netmask and gateway
are set to  null in the /etc/sysconfig/network.scripts/ifcfg.eth0 config
file, thus causing issues with the network after the network service
is restarted.

##########
192467

The "tfrsync.pl" script should backup files "/etc/init/tty*.conf"
on Daisy systems running RHEL6.

##########
192429

The rtibackup.pl script should backup the RHEL6 upstart files in /etc/init for
Daisy virtual consoles.

##########
192427

For RHEL7, tfremote.pl requires changes to config file generation and system
service management.

##########
192403

For RHEL7, changes are required to the subs for getting the IP addr and the
netmask.

192405

When restoring from a LUKS backup disk with tfrsync.pl, the user should be
able to specify the directory to restore from.

192409

For RHEL7, the tfrsync.pl script should not backup
"/etc/sysconfig/networking/profiles" - it does not exist.

192410

When restoring files "in place" with "tfrsync.pl", only SERVER and CLOUD
restores should restore perms with "setfacl".

192411

When restoring files from a LUKS disk, the "tfrsync.pl" script should not use
"--relative" on the rsync command.

192412

For RHEL7, when restoring "usr2" with "tfrsync.pl", the TCC links should be
updated.

192413

For RHEL7, the system utility "udevadm" should be used as it is on RHEL6 .
this utility is used to find devices on the USB bus.

##########
192400

The "applypatch.pl" should accept "--convert-to-elavon" but do nothing to
match changes to "postpatch.pl".

##########
192374

The command to register RHEL5/6 systems with Red Hat Portal needs to be
updated with new options.

##########
191926
------

The "rtibackup.pl --upgrade" command does not restore the "smb.conf" file
correctly.

##########
191881
------

For CentOS support, "upateos.pl --baremetal" must not exit if not registered
with RHN.

##########
191730
------

The tfrsync.pl script should rotate the summary log file.

##########
191710
------

The "tfinfo.pl" script should support RTI as well as Daisy.

##########
191665
------

The "tfsupport.pl" script was using the incorrect path to the TCC binary for
Daisy systems.

##########
191653
------

The "tfinfo.pl" script does not report the correct florist directory release
date.

##########
191647
------

For RHEL7, the "tfsupport.pl" menu "Linux -> Advanced -> Samba Stop/Start"
should use "systemctl".

##########
191643
------

For RHEL7, the "tfsupport.pl" menu "Network -> Advanced -> Restart"
should use "systemctl" instead of "service".

##########
191608
------

For RHEL7, the "smbstatus" command in tfsupport.pl must be run under "sudo" .
this is a change from RHEL5 and RHEL6.

##########
191604
------

For RHEL7, tfsupport.pl should use systemctl to get apcupsd system service
status instead of /sbin/service.

##########
191602
------

For RHEL7, tfsupport.pl should use systemctl to get CUPS printer status
instead of /sbin/service.

##########
191503
------

For RHEL7 and CentOS, do not require RHN registration for
"updateos.pl --rti14".

##########
191499
------

Restoring files via "rtibackup.pl" results in ifcfg.eth0 becoming corrupted.

##########
191439
------

For RHEL7, add support to "Printers -> Restart" menu in "tfsupport.pl".

##########
191436
------

Add "--rti15" command line option to "udpateos.pl" which incorporates
functionality of "update_bbj_15.pl".

##########
191428
------

Support RHEL7 in the "Linux -> Advanced -> Services" menu
in tfsupport.pl.

##########
191268
------

Enhance the tfsupport "Backup History" menu to support
cloud/server/device backups by tfrsync.pl.

##########
191142
------

For RHEL7, add "Review Logs" menu item to "Daisy" menu.

##########
191114
------

Add entry "List Daisy Dirs" in "Daisy" menu of tfsupport.pl with support
for RHEL7.

##########
191096
------

Add support for RHEL7 to "Update Directory" in "Daisy" menu of tfsupport.pl.

##########
191018
------

Add support for RHEL7 to "Update Software" in "Daisy" menu of tfsupport.pl.

##########
190994
------

Add support for RHEL7 to "Daisy Start" and "Daisy Stop" in tfsupport.pl
"Daisy Menu".

##########
190831
------

For RHEL7, added new command line option to report the system architecture
"updateos.pl --report-arch".

##########
190813
------

For RTI on RHEL7, code cleanup for "updateos.pl --rti14".

##########
190741
------

For RHEL7, the "updateos.pl --ospatches" command allows all kernel rpms to be
removed if "--keepkernels=0".

##########
190733
------

In the tfrsync.pl script, add the rsync exit status of "12" to be one that
causes a backup retry like exit status 30 and 255.

##########
190628
------

For RHEL7, document the updateos.pl script by filling in all the missing
documentation in the POD section.

##########
190625
------

For RHEL7, install-ostools.pl should be able to handle more than one
README file.

##########
190624
------

For RHEL7, modify updateos.pl --reboot to not use "service" for attempting to
stop Daisy and RTI.

##########
190623
------

For RHEL7, modify "updateos.pl --purgeprint" to use systemctl instead of
service.

##########
190622
------

When backing up to an image file with rtibackup.pl, an error msg
is output stating the backup device is not a block device.

##########
190617
------

For RHEL7, bring code managing APC UPS rpm and system service up to new
ostools standards.

##########
190586
------

For RHEL7, update "updateos.pl --kernel-msg-console", ie use "systemctl"
instead of "service" to restart the syslog system service.

##########
190526
------

For RHEL7, when updateos.pl updates syslog config files, it should use
systemctl to restart system service.

##########
190450
------

For RHEL7, "updateos.pl --baremetal" should use "systemctl" to
restart rsyslog system service.

##########
190403
------

The "harden_linux.pl --sudo" command was using "sudo" to run "visudo" to check
syntax which is unnecessary since the "harden_linux.pl" command must be run as
root or under "sudo".

##########
190402
------

Per Shannon Jackson: The "updateos.pl --daisy8" command should add the
default password for the Daisy "tfsupport" account without prompting
the user.  The issue with this change is that the default password for the
"tfsupport" account now resides in clear text on the system and currently,
the "tfsupport" account's password is not rotated on Daisy systems like
it is on RTI systems.  However, this change is required to make the large
number of RHEL5 to RHEL6 upgrades possible in the time available.

##########
190307
------

For RHEL7, "updateos.pl --baremetal" should use "systemctl" to restart CUPS.

##########
190296
------

For RHEL7, the "updateos.pl --baremetal" command should check Red Hat
subscription status before trying to register.

##########
190290
------

For RHEL7, "updateos.pl --daisy8" reports an error when trying to restart
Samba after generating a new config file.

##########
190268
------

For RHEL7, modify "updateos.pl --samba-rebuild-passdb" to support
RHEL7 platform.

##########
190172
------

For RHEL7, update "harden_linux.pl --iptables" to support RHEL7.

##########
190116
------

For RHEL7, the updateos.pl script should use the RHEL7 specific version
of the "apcupsd" rpm package.

##########
190078
------

For RHEL7, modify "updateos.pl --samba-set-passdb" to support RHEL7.

##########
190067
------

For RHEL7, fix bugs and add support for RHEL7 to "updateos.pl --forensics".

##########
190010
------

The command "updateos.pl --hostname=$name" emits an error message even
though the change was successful.

##########
189997
------

For server to server backup, tfrsync.pl should not copy /var/log from
primary server to /var/log on backup server.

##########
189936
------

For RHEL7, update code for "harden_linux.pl --ssh".

##########
189930
------

For RHEL7, modify "harden_linux.pl --pam" to run on RHEL7 platform.

##########
189923
------

For RHEL7, add support for RHEL7 system services to
"harden_linux.pl --services".

##########
189922
------

Per Shannon Jackson, add new Kaseya agent RHEL5/6 system service
name to system service  white list in harden_linux.pl

##########
189915
------

For RHEL7, obsolete "harden_linux.pl --ids" - there was never the
infrastructure to work correctly as an IDS.

##########
189877
------

For RHEL7, the "updateos.pl --ostools" option should be updated to use the
ostools 1.15.installer.

##########
189874
------

For RHEL7, verify that "harden_linux.pl --logging" configures the logrotate
schedule correctly.

##########
189856
------

For RHEL7, modify "harden_linux.pl --time" to work on RHEL7 platforms.

##########
189846
------

For RHEL7, modify "harden_linux.pl --bastille" to add support for RHEL7.

##########
189804
------

For RHEL7, to get ip address from hostname, use method from perlfaq9
instead of "hostname -i".  The RHEL7 man page for hostname(1) states that
"hostname -i" should not be used.

##########
189792
------

For RHEL7, added "--swap-size" option to updateos.pl to replace need for shell
code in kickstart file.

##########
189776
------

For RHEL7, add code to "updateos.pl --sub.mgr.reg" to attach to the
appropriate pool after registering.

##########
189772
------

For RHEL7, add code to "updateos.pl --baremetal" to configure system
to use NTP.

##########
189712
------

When running either "updateos --rti14" or "updateos --daisyv8" on RHEL7
systems, after remounting the "/teleflora" as either "/usr2" or "/d",
the script should add the "nofail" mount option for either the "/usr2"
or "/d" fstab entry.

##########
189412
------

For RHEL7: add the "--default.target" command line option to the
updateos.pl script. This command line option sets the systemd
default target to "multi.user".

##########
189394
------

Per JJ, in scripts tfconfed.pl and harden_linux.pl, add
opening up TCP port 8888 to iptables host firewall.

##########
189341
------

For RHEL7, add the "updateos.pl --locale" command line option to set the
system locale.

##########
189338
------

For RHEL7, updateos.pl should not modify the grub.conf file when doing a
remount of file systems.

##########
189331
------

RHEL7 support for "updateos.pl --daisy8" - don't put entry in /etc/fstab
for cdrom.

##########
189313
------

RHEL7 support for "updateos.pl --yum".

##########
189240
------

Added the "--i18n" option to updateos.pl for configuration of
internationalization.

##########
189195
------

Add support for RHEL7 to "updateos.pl --nameserver=s", that is, make sure
updateos.pl has the ability to generate a new /etc/resolv.conf file on
RHEL7 platforms.

##########
189121
------

Add support for RHEL7 to "updateos.pl --ipaddr=s", that is, allow
updateos.pl to change the ip address on RHEL7 systems

##########
188858
------

The rtibackup.pl script must put RETURN/LINEFEED line endings for output
sent to the printer.  The used to be done for ostools 1.13 but was
changed for 1.14 since it was understood that there would be no more
"raw" printers as part of a Daisy configuration, ie printers would be
able to print Linux text files.  Guess that's not true.

##########
188798
------

Per email from JJ, open additional inbound IP ports via iptables code
in harden_linux.pl.  Here is the list of ports from JJ that need to be
opened in addition to the ports it it already opening:

Ports 2000 thru 2009
And 2100, 2103, 2552

##########
188793
------

When installing the "rtibackup.pl" script, it should not comment out the
"lone-tar" entry from the root crontab file

##########
188438
------

Add support for LUKS devices to tfrsync.pl.

##########
188330
------

The code for each RHEL7 subscription manager cmd line option  should exit
after completion as does the rest of the command line handling code in
updateos.pl.

##########
188317
------

The ostools install script should put a symlink for tfrsync.pl in the
Daisy bin directory like it does for RTI.

##########
188315
------

The tfrsync.pl did not report the rsync transfer stats correctly
when the rsync command exit status was "24" (vanished files).

##########
188254
------

The dsyuser.pl should add the alias "l=ls -l" to the generated .bash_profile
file.

##########
188252
------

The rtiuser.pl script uses the /etc/profile.d/pro5.sh file which is now
obsolete and should be removed.

##########
188100
------

Add calls to "/d/daisy/logevent" and "/d/daisy/action" to rtibackup.pl
per requirements from Chris Moth.

##########
188069
------

Add support for RHEL7 to "--ipv6" option of harden_linux.pl,
ie add code to disable ipv6 on a RHEL7 system.

##########
188050
------

Add support for RHEL7 for the "--hostname" command line option to
updateos.pl.

##########
188040
------

Remove RHEL4 support from harden_linux.pl.

##########
188039
------

Remove RHEL4 and RHWS5 support from updateos.pl.

##########
187922
------

The tfrsync.pl script should observe the "--retry-reps" and "--retry-wait"
values when attempting to establish SSH tunnel.

##########
187918
------

The tfrsync.pl script should not accept a non-standard cloud account name
without verification from the user.

##########
187907
------

Updated all code associated with "harden_linux.pl --iptables" with respect
to RHEL7 and Perl Best Practices

##########
187903
------

The code for "updateos.pl --baremetal" was not updated to use the RHEL7
subscription mgr for registering the system.

##########
187900
------

Modified "updateos.pl --rtiv14" so it exits before trying to install
Java and BBJ since that is not yet working.  The code for installing
Java and BBJ is to be provided by the RTI Group and they are not ready to
deliver it yet. So for the time being, this commit will exit the "--rti14"
code just before installing Java and BBJ; thus, testing on v1.15 of the
ostools package can continue without it.

##########
187896
------

Updated all code associated with "harden_linux.pl --pam" with respect
to RHEL7 and Perl Best Practices

##########
187837
------

Initial changes to support RHEL7 platform in the tfsupport.pl script.

##########
187836
------

Initial changes to support RHEL7 platform in the rtibackup.pl script.

##########
187835
------

The updateos.pl "--rti14" option must verify the Red Hat sub mgr id on
RHEL7 systems rather than the rhn system id as on RHEL6 and RHEL5 systems.

##########
187747
------

Initial support for RHEL7 platform in ostools 1.15.

##########
187743
------

In the tfrsync.pl script, when doing a "restore upgrade", for all restore
types, remove excluded files from list of files to be restored.

##########
187697
------

If the tfrsync.pl script gets an exit status of 24 from
rsync during a backup, the transfer stats reported are
incorrect.

##########
187696
------

When restoring files with tfrsync.pl, if there are no user files
specified, don't attempt to restore and don't report an error

##########
187684
------

When doing a "tfrsync.pl --cloud --restore-upgrade" and restoring from
RHEL5 to RHEL6, don't restore "/etc/rsyslog.conf" since that file does
not exist on RHEL5 systems.

##########
187601
------

The tfrsync.pl must set the owner and group of the home directory of
any users added by "restore upgrade".

##########