From f3a248f94349cd3816286f0bb7b60fd971608cdf Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Fri, 8 Aug 2014 21:32:03 -0300
Subject: Make it a puppet module

---
 Makefile                         |  6 +--
 files/99_smartmonster_sleep.d.sh | 60 ++++++++++++++++++++++++++
 files/file_system_reporter.sh    | 92 ++++++++++++++++++++++++++++++++++++++++
 files/update_power_counter.sh    | 70 ++++++++++++++++++++++++++++++
 manifests/init.pp                | 25 +++++++++++
 src/99_smartmonster_sleep.d.sh   | 60 --------------------------
 src/file_system_reporter.sh      | 92 ----------------------------------------
 src/update_power_counter.sh      | 70 ------------------------------
 8 files changed, 250 insertions(+), 225 deletions(-)
 create mode 100755 files/99_smartmonster_sleep.d.sh
 create mode 100755 files/file_system_reporter.sh
 create mode 100755 files/update_power_counter.sh
 create mode 100644 manifests/init.pp
 delete mode 100755 src/99_smartmonster_sleep.d.sh
 delete mode 100755 src/file_system_reporter.sh
 delete mode 100755 src/update_power_counter.sh

diff --git a/Makefile b/Makefile
index 619c4e1..d8dabb9 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
 install:
-	cp src/file_system_reporter.sh $(DESTDIR)/usr/bin/
-	cp src/update_power_counter.sh $(DESTDIR)/usr/bin/
-	cp src/99_smartmonster_sleep.d.sh $(DESTDIR)/etc/pm/sleep.d/
+	cp files/file_system_reporter.sh $(DESTDIR)/usr/bin/
+	cp files/update_power_counter.sh $(DESTDIR)/usr/bin/
+	cp files/99_smartmonster_sleep.d.sh $(DESTDIR)/etc/pm/sleep.d/
diff --git a/files/99_smartmonster_sleep.d.sh b/files/99_smartmonster_sleep.d.sh
new file mode 100755
index 0000000..2977bdb
--- /dev/null
+++ b/files/99_smartmonster_sleep.d.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+#
+# smartmonster_sleep.d.sh - hook sleep, hibernate and shutdown events
+#
+#
+
+if [ "$USER" != "root" ];
+then
+  echo "You must be root!";
+  exit 1;
+fi
+
+STATE_DIR="/var/lib/smartmonster";
+HOOK_DIR="/etc/pm/sleep.d/";
+HIBERNATE_DATE_STAMP="$STATE_DIR/hibernate.stamp";
+SUSPEND_DATE_STAMP="$STATE_DIR/suspend.stamp";
+THAW_DATE_STAMP="$STATE_DIR/thaw.stamp";
+RESUME_DATE_STAMP="$STATE_DIR/resume.stamp";
+UNHANDLED_STAMP="$STATE_DIR/unhandled.stamp";
+
+# XXX: Hello TOCTOU!
+if [ ! -d "$STATE_DIR" ];
+then
+  echo "You have no $STATE_DIR; creating it!";
+  mkdir -p $STATE_DIR;
+
+  if [ $? != 0 ];
+  then
+    echo "Unable to create $STATE_DIR!";
+    exit 1;
+  fi
+
+fi
+
+# Load the common power related functions
+. /usr/lib/pm-utils/functions
+
+case "$1" in
+  hibernate)
+    update_power_counter.sh;
+    date -R > $HIBERNATE_DATE_STAMP;
+    ;;
+  suspend)
+    update_power_counter.sh;
+    date -R > $SUSPEND_DATE_STAMP;
+    ;;
+  thaw)
+    date -R > $THAW_DATE_STAMP;
+    ;;
+  resume)
+    update_power_counter.sh;
+    date -R > $RESUME_DATE_STAMP;
+    ;;
+
+    *)
+    echo "Unhandled case: $1" > $UNHANDLED_STAMP;
+    ;;
+esac
+
+exit $?
diff --git a/files/file_system_reporter.sh b/files/file_system_reporter.sh
new file mode 100755
index 0000000..e88d70d
--- /dev/null
+++ b/files/file_system_reporter.sh
@@ -0,0 +1,92 @@
+#!/bin/bash
+#
+# file_system_reporter.sh - hash the files on the boot device and compare
+#
+# This hashes files in $BOOTDEVICE_FILESYSTEM recursively and hashes the entire
+# $BOOTDEVICE as well This must be run as root or as a user that has access to
+# the specific device.
+#
+
+BOOTDEVICE="/dev/sda1";
+BOOTDEVICE_FILESYSTEM="/boot/";
+STATE_DIR="/var/lib/smartmonster";
+PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE="$STATE_DIR/previous_bootdevice_files_state";
+CURRENT_BOOTDEVICE_FILESYSTEM_FILE="$STATE_DIR/current_bootdevice_files_state";
+PREVIOUS_BOOTDEVICE_RAW_FILE="$STATE_DIR/previous_bootdevice_raw_state";
+CURRENT_BOOTDEVICE_RAW_FILE="$STATE_DIR/current_bootdevice_raw_state";
+TAMPER=0;
+HASHER="`which sha256deep`";
+HASHER_ARGS="-r";
+
+if [ "$USER" != "root" ];
+then
+  echo "You must be root!";
+  exit 1;
+fi
+
+# XXX: Hello TOCTOU!
+if [ ! -d "$STATE_DIR" ];
+then
+  echo "You have no $STATE_DIR; creating it!";
+  mkdir -p $STATE_DIR;
+
+  if [ $? != 0 ];
+  then
+    echo "Unable to create $STATE_DIR!";
+    exit 1;
+  fi
+
+fi
+
+# Hash all files and store the state in $STATE_DIR
+echo "Hashing files in $BOOTDEVICE_FILESYSTEM";
+if [ ! -f "$PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE" ];
+then
+  echo "You have no $PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE!";
+  echo "Assuming first run and populating with hashes!";
+  $HASHER $HASHER_ARGS $BOOTDEVICE_FILESYSTEM > $PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE;
+  cp -f $PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE $CURRENT_BOOTDEVICE_FILESYSTEM_FILE;
+else
+  $HASHER $HASHER_ARGS $BOOTDEVICE_FILESYSTEM > $CURRENT_BOOTDEVICE_FILESYSTEM_FILE;
+fi
+
+# Diff and recurse
+HASHER_ARGS="-r -x";
+# Now attempt to detect a miss-match of hashes in the $BOOTDEVICE_FILE path
+$HASHER $HASHER_ARGS $PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE $BOOTDEVICE_FILESYSTEM;
+HASHER_RESULT=$?;
+if [ "$HASHER_RESULT" -ge 2 ];
+then
+  echo "Files on $BOOTDEVICE_FILESYSTEM appear to be mismatched - tampering detected?";
+  TAMPER=1;
+fi
+
+# Hash $BOOTDEVICE and store the state in $STATE_DIR
+echo "Hashing $BOOTDEVICE";
+if [ ! -f "$PREVIOUS_BOOTDEVICE_RAW_FILE" ];
+then
+  echo "You have no $PREVIOUS_BOOTDEVICE_RAW_FILE!";
+  echo "Assuming first run and populating with hashes!";
+  $HASHER $BOOTDEVICE > $PREVIOUS_BOOTDEVICE_RAW_FILE;
+else
+  $HASHER $BOOTDEVICE > $CURRENT_BOOTDEVICE_RAW_FILE;
+fi
+
+# Diff
+HASHER_ARGS="-x";
+# Now attempt to detect a miss-match with the $BOOTDEVICE itself
+$HASHER $HASHER_ARGS $PREVIOUS_BOOTDEVICE_RAW_FILE $BOOTDEVICE;
+HASHER_RESULT=$?;
+if [ "$HASHER_RESULT" -ge 3 ];
+then
+  echo "Files on $BOOTDEVICE_FILESYSTEM appear to be mismatched - tampering detected?";
+  TAMPER=1;
+fi
+
+if [ "$TAMPER" -eq 1 ];
+then
+  echo "Possible tampering detected - please inspect with caution!";
+  exit 1;
+else
+  exit 0;
+fi
diff --git a/files/update_power_counter.sh b/files/update_power_counter.sh
new file mode 100755
index 0000000..785dc1e
--- /dev/null
+++ b/files/update_power_counter.sh
@@ -0,0 +1,70 @@
+#!/bin/bash
+#
+# update_power_counter.sh - query the S.M.A.R.T. data and store the state
+#
+# This fetches the current power count and stores it. It also prints the
+# previous power count state and the next expected state. This must be run as
+# root or as a user that has access to the specific device.
+#
+
+DEVICE="/dev/sda";
+STATE_DIR="/var/lib/smartmonster";
+PREVIOUS_POWER_COUNT_FILE="$STATE_DIR/previous_power_count";
+CURRENT_POWER_COUNT_FILE="$STATE_DIR/current_power_count";
+EXPECTED_POWER_COUNT_FILE="$STATE_DIR/expected_power_count";
+POWER_INCREMENT=1;
+
+if [ "$USER" != "root" ];
+then
+  echo "You must be root!";
+  exit 1;
+fi
+
+# XXX: Hello TOCTOU!
+if [ ! -d "$STATE_DIR" ];
+then
+  echo "You have no $STATE_DIR; creating it!";
+  mkdir -p $STATE_DIR;
+
+  if [ $? != 0 ];
+  then
+    echo "Unable to create $STATE_DIR!";
+    exit 1;
+  fi
+
+fi
+
+SMARTCTL="`which smartctl`";
+SMARTCTL_ARGS="-A";
+POWER_COUNT="Power_Cycle_Count"
+
+CURRENT_POWER_COUNT=`$SMARTCTL $SMARTCTL_ARGS $DEVICE|grep $POWER_COUNT|awk '{print $10}'`;
+
+if [ ! -f "$PREVIOUS_POWER_COUNT_FILE" ];
+then
+  echo "You have no $PREVIOUS_POWER_COUNT_FILE!";
+  echo "Assuming first run and populating with CURRENT_POWER_COUNT";
+  echo $CURRENT_POWER_COUNT > $PREVIOUS_POWER_COUNT_FILE;
+  echo $PREVIOUS_POWER_COUNT=$CURRENT_POWER_COUNT;
+else
+  PREVIOUS_POWER_COUNT="`cat $PREVIOUS_POWER_COUNT_FILE`";
+  if [ -z $PREVIOUS_POWER_COUNT ];
+  then
+     PREVIOUS_POWER_COUNT=$CURRENT_POWER_COUNT;
+  fi
+fi
+
+EXPECTED_NEXT_COUNT="$(expr $CURRENT_POWER_COUNT + $POWER_INCREMENT)";
+
+# Print/export the count data
+echo "PREVIOUS_POWER_COUNT=$PREVIOUS_POWER_COUNT";
+echo "CURRENT_POWER_COUNT=$CURRENT_POWER_COUNT";
+echo "EXPECTED_NEXT_COUNT=$EXPECTED_NEXT_COUNT";
+export PREVIOUS_POWER_COUNT=$PREVIOUS_POWER_COUNT;
+export CURRENT_POWER_COUNT=$CURRENT_POWER_COUNT;
+export EXPECTED_NEXT_COUNT=$EXPECTED_NEXT_COUNT;
+
+# Update the state files
+echo $PREVIOUS_POWER_COUNT > $PREVIOUS_POWER_COUNT_FILE;
+echo $CURRENT_POWER_COUNT > $CURRENT_POWER_COUNT_FILE;
+echo $EXPECTED_NEXT_COUNT > $EXPECTED_POWER_COUNT_FILE;
diff --git a/manifests/init.pp b/manifests/init.pp
new file mode 100644
index 0000000..93166a2
--- /dev/null
+++ b/manifests/init.pp
@@ -0,0 +1,25 @@
+class smartmonster {
+  file { '/usr/local/sbin/file_system_reporter.sh':
+    ensure => present,
+    owner  => root,
+    group  => root,
+    mode   => 0755,
+    source => 'puppet:///modules/smartmonster/file_system_reporter.sh',
+  }
+
+  file { '/usr/local/sbin/update_power_counter.sh':
+    ensure => present,
+    owner  => root,
+    group  => root,
+    mode   => '0755',
+    source => 'puppet:///modules/smartmonster/update_power_counter.sh',
+  }
+
+  file { '/etc/pm/sleep.d/99_smartmonster_sleep.d.sh':
+    ensure => present,
+    owner  => root,
+    group  => root,
+    mode   => '0755',
+    source => 'puppet:///modules/smartmonster/99_smartmonster_sleep.d.sh',
+  }
+}
diff --git a/src/99_smartmonster_sleep.d.sh b/src/99_smartmonster_sleep.d.sh
deleted file mode 100755
index 2977bdb..0000000
--- a/src/99_smartmonster_sleep.d.sh
+++ /dev/null
@@ -1,60 +0,0 @@
-#!/bin/bash
-#
-# smartmonster_sleep.d.sh - hook sleep, hibernate and shutdown events
-#
-#
-
-if [ "$USER" != "root" ];
-then
-  echo "You must be root!";
-  exit 1;
-fi
-
-STATE_DIR="/var/lib/smartmonster";
-HOOK_DIR="/etc/pm/sleep.d/";
-HIBERNATE_DATE_STAMP="$STATE_DIR/hibernate.stamp";
-SUSPEND_DATE_STAMP="$STATE_DIR/suspend.stamp";
-THAW_DATE_STAMP="$STATE_DIR/thaw.stamp";
-RESUME_DATE_STAMP="$STATE_DIR/resume.stamp";
-UNHANDLED_STAMP="$STATE_DIR/unhandled.stamp";
-
-# XXX: Hello TOCTOU!
-if [ ! -d "$STATE_DIR" ];
-then
-  echo "You have no $STATE_DIR; creating it!";
-  mkdir -p $STATE_DIR;
-
-  if [ $? != 0 ];
-  then
-    echo "Unable to create $STATE_DIR!";
-    exit 1;
-  fi
-
-fi
-
-# Load the common power related functions
-. /usr/lib/pm-utils/functions
-
-case "$1" in
-  hibernate)
-    update_power_counter.sh;
-    date -R > $HIBERNATE_DATE_STAMP;
-    ;;
-  suspend)
-    update_power_counter.sh;
-    date -R > $SUSPEND_DATE_STAMP;
-    ;;
-  thaw)
-    date -R > $THAW_DATE_STAMP;
-    ;;
-  resume)
-    update_power_counter.sh;
-    date -R > $RESUME_DATE_STAMP;
-    ;;
-
-    *)
-    echo "Unhandled case: $1" > $UNHANDLED_STAMP;
-    ;;
-esac
-
-exit $?
diff --git a/src/file_system_reporter.sh b/src/file_system_reporter.sh
deleted file mode 100755
index e88d70d..0000000
--- a/src/file_system_reporter.sh
+++ /dev/null
@@ -1,92 +0,0 @@
-#!/bin/bash
-#
-# file_system_reporter.sh - hash the files on the boot device and compare
-#
-# This hashes files in $BOOTDEVICE_FILESYSTEM recursively and hashes the entire
-# $BOOTDEVICE as well This must be run as root or as a user that has access to
-# the specific device.
-#
-
-BOOTDEVICE="/dev/sda1";
-BOOTDEVICE_FILESYSTEM="/boot/";
-STATE_DIR="/var/lib/smartmonster";
-PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE="$STATE_DIR/previous_bootdevice_files_state";
-CURRENT_BOOTDEVICE_FILESYSTEM_FILE="$STATE_DIR/current_bootdevice_files_state";
-PREVIOUS_BOOTDEVICE_RAW_FILE="$STATE_DIR/previous_bootdevice_raw_state";
-CURRENT_BOOTDEVICE_RAW_FILE="$STATE_DIR/current_bootdevice_raw_state";
-TAMPER=0;
-HASHER="`which sha256deep`";
-HASHER_ARGS="-r";
-
-if [ "$USER" != "root" ];
-then
-  echo "You must be root!";
-  exit 1;
-fi
-
-# XXX: Hello TOCTOU!
-if [ ! -d "$STATE_DIR" ];
-then
-  echo "You have no $STATE_DIR; creating it!";
-  mkdir -p $STATE_DIR;
-
-  if [ $? != 0 ];
-  then
-    echo "Unable to create $STATE_DIR!";
-    exit 1;
-  fi
-
-fi
-
-# Hash all files and store the state in $STATE_DIR
-echo "Hashing files in $BOOTDEVICE_FILESYSTEM";
-if [ ! -f "$PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE" ];
-then
-  echo "You have no $PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE!";
-  echo "Assuming first run and populating with hashes!";
-  $HASHER $HASHER_ARGS $BOOTDEVICE_FILESYSTEM > $PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE;
-  cp -f $PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE $CURRENT_BOOTDEVICE_FILESYSTEM_FILE;
-else
-  $HASHER $HASHER_ARGS $BOOTDEVICE_FILESYSTEM > $CURRENT_BOOTDEVICE_FILESYSTEM_FILE;
-fi
-
-# Diff and recurse
-HASHER_ARGS="-r -x";
-# Now attempt to detect a miss-match of hashes in the $BOOTDEVICE_FILE path
-$HASHER $HASHER_ARGS $PREVIOUS_BOOTDEVICE_FILESYSTEM_FILE $BOOTDEVICE_FILESYSTEM;
-HASHER_RESULT=$?;
-if [ "$HASHER_RESULT" -ge 2 ];
-then
-  echo "Files on $BOOTDEVICE_FILESYSTEM appear to be mismatched - tampering detected?";
-  TAMPER=1;
-fi
-
-# Hash $BOOTDEVICE and store the state in $STATE_DIR
-echo "Hashing $BOOTDEVICE";
-if [ ! -f "$PREVIOUS_BOOTDEVICE_RAW_FILE" ];
-then
-  echo "You have no $PREVIOUS_BOOTDEVICE_RAW_FILE!";
-  echo "Assuming first run and populating with hashes!";
-  $HASHER $BOOTDEVICE > $PREVIOUS_BOOTDEVICE_RAW_FILE;
-else
-  $HASHER $BOOTDEVICE > $CURRENT_BOOTDEVICE_RAW_FILE;
-fi
-
-# Diff
-HASHER_ARGS="-x";
-# Now attempt to detect a miss-match with the $BOOTDEVICE itself
-$HASHER $HASHER_ARGS $PREVIOUS_BOOTDEVICE_RAW_FILE $BOOTDEVICE;
-HASHER_RESULT=$?;
-if [ "$HASHER_RESULT" -ge 3 ];
-then
-  echo "Files on $BOOTDEVICE_FILESYSTEM appear to be mismatched - tampering detected?";
-  TAMPER=1;
-fi
-
-if [ "$TAMPER" -eq 1 ];
-then
-  echo "Possible tampering detected - please inspect with caution!";
-  exit 1;
-else
-  exit 0;
-fi
diff --git a/src/update_power_counter.sh b/src/update_power_counter.sh
deleted file mode 100755
index 785dc1e..0000000
--- a/src/update_power_counter.sh
+++ /dev/null
@@ -1,70 +0,0 @@
-#!/bin/bash
-#
-# update_power_counter.sh - query the S.M.A.R.T. data and store the state
-#
-# This fetches the current power count and stores it. It also prints the
-# previous power count state and the next expected state. This must be run as
-# root or as a user that has access to the specific device.
-#
-
-DEVICE="/dev/sda";
-STATE_DIR="/var/lib/smartmonster";
-PREVIOUS_POWER_COUNT_FILE="$STATE_DIR/previous_power_count";
-CURRENT_POWER_COUNT_FILE="$STATE_DIR/current_power_count";
-EXPECTED_POWER_COUNT_FILE="$STATE_DIR/expected_power_count";
-POWER_INCREMENT=1;
-
-if [ "$USER" != "root" ];
-then
-  echo "You must be root!";
-  exit 1;
-fi
-
-# XXX: Hello TOCTOU!
-if [ ! -d "$STATE_DIR" ];
-then
-  echo "You have no $STATE_DIR; creating it!";
-  mkdir -p $STATE_DIR;
-
-  if [ $? != 0 ];
-  then
-    echo "Unable to create $STATE_DIR!";
-    exit 1;
-  fi
-
-fi
-
-SMARTCTL="`which smartctl`";
-SMARTCTL_ARGS="-A";
-POWER_COUNT="Power_Cycle_Count"
-
-CURRENT_POWER_COUNT=`$SMARTCTL $SMARTCTL_ARGS $DEVICE|grep $POWER_COUNT|awk '{print $10}'`;
-
-if [ ! -f "$PREVIOUS_POWER_COUNT_FILE" ];
-then
-  echo "You have no $PREVIOUS_POWER_COUNT_FILE!";
-  echo "Assuming first run and populating with CURRENT_POWER_COUNT";
-  echo $CURRENT_POWER_COUNT > $PREVIOUS_POWER_COUNT_FILE;
-  echo $PREVIOUS_POWER_COUNT=$CURRENT_POWER_COUNT;
-else
-  PREVIOUS_POWER_COUNT="`cat $PREVIOUS_POWER_COUNT_FILE`";
-  if [ -z $PREVIOUS_POWER_COUNT ];
-  then
-     PREVIOUS_POWER_COUNT=$CURRENT_POWER_COUNT;
-  fi
-fi
-
-EXPECTED_NEXT_COUNT="$(expr $CURRENT_POWER_COUNT + $POWER_INCREMENT)";
-
-# Print/export the count data
-echo "PREVIOUS_POWER_COUNT=$PREVIOUS_POWER_COUNT";
-echo "CURRENT_POWER_COUNT=$CURRENT_POWER_COUNT";
-echo "EXPECTED_NEXT_COUNT=$EXPECTED_NEXT_COUNT";
-export PREVIOUS_POWER_COUNT=$PREVIOUS_POWER_COUNT;
-export CURRENT_POWER_COUNT=$CURRENT_POWER_COUNT;
-export EXPECTED_NEXT_COUNT=$EXPECTED_NEXT_COUNT;
-
-# Update the state files
-echo $PREVIOUS_POWER_COUNT > $PREVIOUS_POWER_COUNT_FILE;
-echo $CURRENT_POWER_COUNT > $CURRENT_POWER_COUNT_FILE;
-echo $EXPECTED_NEXT_COUNT > $EXPECTED_POWER_COUNT_FILE;
-- 
cgit v1.2.3