Bash script to change ACL for Splunk on RHEL - PLEASE HELP!
by r34per from LinuxQuestions.org on (#4Y5MP)
Hi All,
Looking for a bit of help. I am a novice script writer and I am currently working on setting ACLs for the splunk user on a RHEL server.
My aim is to first search the splunkd.log to identify any permission errors, then to write these errors to a file (/tmp/aclperm) using the 'awk' command to strip it down to show only the file pathway. Then I need to run 'setfacl' against all the files identified in /tmp/aclperm.
This is what I have so far:
Code:#! /bin/bash
################
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/tmp/acllog 2>&1
# Everything below will go to the file '/tmp/acllog'
touch /tmp/aclperm
touch /tmp/aclresults
SUF="/opt/splunkforwarder/var/log/splunk/"
FILES="/tmp/aclperm"
rFILES="/tmp/aclresults"
INPUT='cat $FILES'
# To see full before and after results per file set value to 1
DEBUG=1
# To initialize a test run and verify correct files set value to 1
TEST=0
################
grep permissions $SUF/splunkd.log | grep -v "No such file or directory" | awk -F "'" '{print $2}' >> $FILES
echo `date` >> $rFILES
for f in $INPUT
do
if [ ! -s $FILES ]
then
echo `date` " Processing splunk user rights for $f" >> $rFILES
if [ $DEBUG -eq 1 ]
then
echo "File and Folder update - Before:" >> $rFILES
getfacl $f >> $rFILES
fi
if [ $TEST -eq 0 ]
then
echo "This is not a test run for $f" >> $rFILES
setfacl -m u:splunk:rx $f
else
echo "This is a test run for $f" >> $rFILES
fi
if [ $DEBUG -eq 1 ]
then
echo "File and Folder update - After:" >> $rFILES
getfacl $f >> $rFILES
fi
else
echo `date` "Splunk user rights for $f not needed" >> $rFILES
fi
doneThe above script generates the files in the /tmp directory and /tmp/aclperm is populated with the correct list however it does not apply the ACL to the files listed in /tmp/aclperm - it instead updates the ACL for /tmp/aclperm itself.
I do not know why this is happening - Can someone please help??
Looking for a bit of help. I am a novice script writer and I am currently working on setting ACLs for the splunk user on a RHEL server.
My aim is to first search the splunkd.log to identify any permission errors, then to write these errors to a file (/tmp/aclperm) using the 'awk' command to strip it down to show only the file pathway. Then I need to run 'setfacl' against all the files identified in /tmp/aclperm.
This is what I have so far:
Code:#! /bin/bash
################
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/tmp/acllog 2>&1
# Everything below will go to the file '/tmp/acllog'
touch /tmp/aclperm
touch /tmp/aclresults
SUF="/opt/splunkforwarder/var/log/splunk/"
FILES="/tmp/aclperm"
rFILES="/tmp/aclresults"
INPUT='cat $FILES'
# To see full before and after results per file set value to 1
DEBUG=1
# To initialize a test run and verify correct files set value to 1
TEST=0
################
grep permissions $SUF/splunkd.log | grep -v "No such file or directory" | awk -F "'" '{print $2}' >> $FILES
echo `date` >> $rFILES
for f in $INPUT
do
if [ ! -s $FILES ]
then
echo `date` " Processing splunk user rights for $f" >> $rFILES
if [ $DEBUG -eq 1 ]
then
echo "File and Folder update - Before:" >> $rFILES
getfacl $f >> $rFILES
fi
if [ $TEST -eq 0 ]
then
echo "This is not a test run for $f" >> $rFILES
setfacl -m u:splunk:rx $f
else
echo "This is a test run for $f" >> $rFILES
fi
if [ $DEBUG -eq 1 ]
then
echo "File and Folder update - After:" >> $rFILES
getfacl $f >> $rFILES
fi
else
echo `date` "Splunk user rights for $f not needed" >> $rFILES
fi
doneThe above script generates the files in the /tmp directory and /tmp/aclperm is populated with the correct list however it does not apply the ACL to the files listed in /tmp/aclperm - it instead updates the ACL for /tmp/aclperm itself.
I do not know why this is happening - Can someone please help??