This documentation supports the 21.3 (12.3) version of BMC Discovery.
Changes to Discovery commands
The following sections show the discovery command changes between BMC Discovery versions.
The following changes are not shown:
- Entirely new discovery platforms
- Changes to comments only
- Commands which have been removed and not replaced
- Changes to echo only statements
Discovery command changes from 21.05 to 21.3
Click here to expand...
Tru64
getDirectoryListing
The following code:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
(cd %(path)s 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -al
else
echo 'PERMISSION DENIED'
fi)
else
echo 'PERMISSION DENIED'
fi
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
(cd %(path)s 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -al
else
echo 'PERMISSION DENIED'
fi)
else
echo 'PERMISSION DENIED'
fi
is replaced with:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -al %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -al %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
Solaris
getDeviceInfo
The following code:
ihn=`hostname 2>/dev/null`
echo 'hostname:' $ihn
if [ -r /etc/resolv.conf ]; then
echo 'dns_domain:' `awk '/^(search|domain)/ { print $2; exit }' /etc/resolv.conf 2>/dev/null`
fi
echo 'domain:' `domainname 2>/dev/null`
os=""
os_ver=`uname -r | cut -d. -f2`
is replaced with:
ihn=`hostname 2>/dev/null`
echo 'hostname:' $ihn
fqdn=`check-hostname 2>/dev/null | awk '{print $NF}'`
echo 'fqdn:' $fqdn
dns_domain=`echo $fqdn | cut -d. -f2-`
if [ "$dns_domain" = "" -a -r /etc/resolv.conf ]; then
dns_domain=`awk '/^(search|domain)/ { print $2; exit }' /etc/resolv.conf 2>/dev/null`
fi
echo 'dns_domain:' $dns_domain
echo 'domain:' `domainname 2>/dev/null`
os=""
os_ver=`uname -r | cut -d. -f2`
echo 'hostname:' $ihn
fqdn=`check-hostname 2>/dev/null | awk '{print $NF}'`
echo 'fqdn:' $fqdn
dns_domain=`echo $fqdn | cut -d. -f2-`
if [ "$dns_domain" = "" -a -r /etc/resolv.conf ]; then
dns_domain=`awk '/^(search|domain)/ { print $2; exit }' /etc/resolv.conf 2>/dev/null`
fi
echo 'dns_domain:' $dns_domain
echo 'domain:' `domainname 2>/dev/null`
os=""
os_ver=`uname -r | cut -d. -f2`
getHostInfo
The following code:
if [ -x /usr/sbin/virtinfo ]; then
# LDOM support for Solaris 11 in system/core-os, and Solaris 9/10 in SUNWcsu
echo 'begin virtinfo:'
/usr/sbin/virtinfo -ap 2>/dev/null
echo 'end virtinfo:'
fi
echo 'begin solaris_uptime_string:'
# LDOM support for Solaris 11 in system/core-os, and Solaris 9/10 in SUNWcsu
echo 'begin virtinfo:'
/usr/sbin/virtinfo -ap 2>/dev/null
echo 'end virtinfo:'
fi
echo 'begin solaris_uptime_string:'
is replaced with:
if [ -x /usr/sbin/virtinfo ]; then
# LDOM support for Solaris 11 in system/core-os, and Solaris 9/10 in SUNWcsu
echo 'begin virtinfo:'
PRIV_VIRTINFO /usr/sbin/virtinfo -ap 2>/dev/null
echo 'end virtinfo:'
fi
echo 'begin solaris_uptime_string:'
# LDOM support for Solaris 11 in system/core-os, and Solaris 9/10 in SUNWcsu
echo 'begin virtinfo:'
PRIV_VIRTINFO /usr/sbin/virtinfo -ap 2>/dev/null
echo 'end virtinfo:'
fi
echo 'begin solaris_uptime_string:'
initialise
The following code:
PRIV_TEST() {
test "$@"
}
is replaced with:
PRIV_TEST() {
test "$@"
}
# virtinfo requires superuser privileges to report serial number information
PRIV_VIRTINFO() {
"$@"
}
test "$@"
}
# virtinfo requires superuser privileges to report serial number information
PRIV_VIRTINFO() {
"$@"
}
getDirectoryListing
The following code:
if [ $? -eq 0 ]; then
PRIV_TEST -x "${P}" -a -r "${P}" > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
(cd "${P}" 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -al
else
echo 'PERMISSION DENIED'
fi)
else
echo 'PERMISSION DENIED'
fi
is replaced with:
if [ $? -eq 0 ]; then
PRIV_TEST -x "${P}" -a -r "${P}" > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -al "${P}" 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
PRIV_TEST -x "${P}" -a -r "${P}" > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -al "${P}" 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
VMware ESXi
getDirectoryListing
The following code:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
(cd %(path)s 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -lae --color=never
else
echo 'PERMISSION DENIED'
fi)
else
echo 'PERMISSION DENIED'
fi
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
(cd %(path)s 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -lae --color=never
else
echo 'PERMISSION DENIED'
fi)
else
echo 'PERMISSION DENIED'
fi
is replaced with:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -la --color=never %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -la --color=never %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
FreeBSD
getDirectoryListing
The following code:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
(cd %(path)s 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -alT
else
echo 'PERMISSION DENIED'
fi)
else
echo 'PERMISSION DENIED'
fi
is replaced with:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -alT %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -alT %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
OpenBSD
getDirectoryListing
The following code:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
(cd %(path)s 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -alT
else
echo 'PERMISSION DENIED'
fi)
else
echo 'PERMISSION DENIED'
fi
is replaced with:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -alT %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -alT %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
VMware ESX
getDeviceInfo
The following code:
dns_domain=`hostname -d 2>/dev/null | sed -e 's/(none)//'`
if [ "$dns_domain" = "" -a -r /etc/resolv.conf ]; then
dns_domain=`awk '/^(domain|search)/ {sub(/\\\\000$/, "", $2); print $2; exit }' /etc/resolv.conf 2>/dev/null`
fi
echo 'dns_domain: ' $dns_domain
is replaced with:
dns_domain=`hostname -d 2>/dev/null | sed -e 's/(none)//'`
if [ "$dns_domain" = "" -a -r /etc/resolv.conf ]; then
dns_domain=`awk '/^(domain|search)/ {sub(/\\\\000$/, "", $2); print $2; exit }' /etc/resolv.conf 2>/dev/null`
fi
if [ "$dns_domain" = "." ]; then
dns_domain=""
fi
echo 'dns_domain: ' $dns_domain
if [ "$dns_domain" = "" -a -r /etc/resolv.conf ]; then
dns_domain=`awk '/^(domain|search)/ {sub(/\\\\000$/, "", $2); print $2; exit }' /etc/resolv.conf 2>/dev/null`
fi
if [ "$dns_domain" = "." ]; then
dns_domain=""
fi
echo 'dns_domain: ' $dns_domain
The following code:
if [ "$os" = "" -a -r /etc/SuSE-release ]; then
os=`cat /etc/SuSE-release | egrep -v '^#'`
fi
if [ "$os" = "" -a -x /usr/bin/lsb_release ]; then
# We'd like to use -ds but that puts quotes in the output!
is replaced with:
if [ "$os" = "" -a -r /etc/SuSE-release ]; then
os=`cat /etc/SuSE-release | egrep -v '^#'`
fi
if [ "$os" = "" -a -r /etc/photon-release ]; then
os=`cat /etc/photon-release`
fi
if [ "$os" = "" -a -x /usr/bin/lsb_release ]; then
# We'd like to use -ds but that puts quotes in the output!
os=`cat /etc/SuSE-release | egrep -v '^#'`
fi
if [ "$os" = "" -a -r /etc/photon-release ]; then
os=`cat /etc/photon-release`
fi
if [ "$os" = "" -a -x /usr/bin/lsb_release ]; then
# We'd like to use -ds but that puts quotes in the output!
getHostInfo
The following code:
fi
if [ -f /usr/sbin/dmidecode ]; then
# Azure Virtual Machines report their instance ID via the BIOS UUID
PRIV_DMIDECODE /usr/sbin/dmidecode 2>/dev/null | sed -n '/DMI type 1,/,/^Handle 0x0/p' | awk '
$1 ~ /Manufacturer:/ { sub(".*Manufacturer: *", ""); printf("candidate_vendor[]: %s\n", $0); }
$1 ~ /Vendor:/ { sub(".*Vendor: *", ""); printf("candidate_vendor[]: %s\n", $0); }
$1 ~ /Product/ && $2 ~ /Name:/ { sub(".*Product Name: *", ""); printf("candidate_model[]: %s\n", $0); }
if [ -f /usr/sbin/dmidecode ]; then
# Azure Virtual Machines report their instance ID via the BIOS UUID
PRIV_DMIDECODE /usr/sbin/dmidecode 2>/dev/null | sed -n '/DMI type 1,/,/^Handle 0x0/p' | awk '
$1 ~ /Manufacturer:/ { sub(".*Manufacturer: *", ""); printf("candidate_vendor[]: %s\n", $0); }
$1 ~ /Vendor:/ { sub(".*Vendor: *", ""); printf("candidate_vendor[]: %s\n", $0); }
$1 ~ /Product/ && $2 ~ /Name:/ { sub(".*Product Name: *", ""); printf("candidate_model[]: %s\n", $0); }
is replaced with:
fi
if [ -f /usr/sbin/dmidecode ]; then
# Azure Virtual Machines report their instance ID via the BIOS UUID
PRIV_DMIDECODE /usr/sbin/dmidecode 2>/dev/null | sed -n '/DMI type 1,/,/^Handle 0x0/p' | awk '
$1 ~ /Manufacturer:/ { sub(".*Manufacturer: *", ""); printf("candidate_vendor[]: %s\n", $0); }
$1 ~ /Vendor:/ { sub(".*Vendor: *", ""); printf("candidate_vendor[]: %s\n", $0); }
$1 ~ /Product/ && $2 ~ /Name:/ { sub(".*Product Name: *", ""); printf("candidate_model[]: %s\n", $0); }
if [ -f /usr/sbin/dmidecode ]; then
# Azure Virtual Machines report their instance ID via the BIOS UUID
PRIV_DMIDECODE /usr/sbin/dmidecode 2>/dev/null | sed -n '/DMI type 1,/,/^Handle 0x0/p' | awk '
$1 ~ /Manufacturer:/ { sub(".*Manufacturer: *", ""); printf("candidate_vendor[]: %s\n", $0); }
$1 ~ /Vendor:/ { sub(".*Vendor: *", ""); printf("candidate_vendor[]: %s\n", $0); }
$1 ~ /Product/ && $2 ~ /Name:/ { sub(".*Product Name: *", ""); printf("candidate_model[]: %s\n", $0); }
The following code:
$1 ~ /UUID:/ { sub(".*UUID: *", ""); printf( "candidate_uuid[]: %s\n", $0 ); } '
fi
if [ -f /usr/sbin/hwinfo ]; then
PRIV_HWINFO /usr/sbin/hwinfo --bios 2>/dev/null | sed -n '/System Info:/,/Info:/p' | awk '
$1 ~ /Manufacturer:/ { sub(".*Manufacturer: *", ""); gsub("\"", ""); printf("candidate_vendor[]: %s\n", $0); }
$1 ~ /Product:/ { sub(".*Product: *", ""); gsub("\"", ""); printf("candidate_model[]: %s\n", $0); }
$1 ~ /Serial:/ { sub(".*Serial: *", ""); gsub("\"", ""); printf("candidate_serial[]: %s\n", $0); }
$1 ~ /UUID:/ { sub(".*UUID: *", ""); gsub("\"", ""); printf("candidate_uuid[]: %s\n", $0); } '
fi
if [ -d /sys/class/dmi/id ]; then
model=`cat /sys/class/dmi/id/product_name 2>/dev/null`
is replaced with:
$1 ~ /UUID:/ { sub(".*UUID: *", ""); printf( "candidate_uuid[]: %s\n", $0 ); } '
fi
if [ -f /usr/sbin/hwinfo ]; then
PRIV_HWINFO /usr/sbin/hwinfo --bios 2>/dev/null | sed -n '/System Info:/,/Info:/p' | awk '
$1 ~ /Manufacturer:/ { sub(".*Manufacturer: *", ""); gsub("\"", ""); printf("candidate_vendor[]: %s\n", $0); }
$1 ~ /Product:/ { sub(".*Product: *", ""); gsub("\"", ""); printf("candidate_model[]: %s\n", $0); }
$1 ~ /Serial:/ { sub(".*Serial: *", ""); gsub("\"", ""); printf("candidate_serial[]: %s\n", $0); }
$1 ~ /UUID:/ { sub(".*UUID: *", ""); gsub("\"", ""); printf("candidate_uuid[]: %s\n", $0); } '
fi
if [ -f /usr/sbin/lshw ]; then
# We only want the first items reported to avoid picking up pnp devices
PRIV_LSHW /usr/sbin/lshw -class system -quiet 2>/dev/null | awk '
BEGIN { found_vendor=0; found_product=0; found_serial=0; }
$1 ~ /vendor:/ && !found_vendor { sub(".*vendor: *", ""); gsub("\"", ""); printf("candidate_vendor[]: %s\n", $0); found_vendor=1; }
$1 ~ /product:/ && !found_product { sub(".*product: *", ""); gsub("\"", ""); printf("candidate_model[]: %s\n", $0); found_product=1; }
$1 ~ /serial:/ && !found_serial { sub(".*serial: *", ""); gsub("\"", ""); printf("candidate_serial[]: %s\n", $0); found_serial=1; } '
fi
if [ -d /sys/class/dmi/id ]; then
model=`cat /sys/class/dmi/id/product_name 2>/dev/null`
fi
if [ -f /usr/sbin/hwinfo ]; then
PRIV_HWINFO /usr/sbin/hwinfo --bios 2>/dev/null | sed -n '/System Info:/,/Info:/p' | awk '
$1 ~ /Manufacturer:/ { sub(".*Manufacturer: *", ""); gsub("\"", ""); printf("candidate_vendor[]: %s\n", $0); }
$1 ~ /Product:/ { sub(".*Product: *", ""); gsub("\"", ""); printf("candidate_model[]: %s\n", $0); }
$1 ~ /Serial:/ { sub(".*Serial: *", ""); gsub("\"", ""); printf("candidate_serial[]: %s\n", $0); }
$1 ~ /UUID:/ { sub(".*UUID: *", ""); gsub("\"", ""); printf("candidate_uuid[]: %s\n", $0); } '
fi
if [ -f /usr/sbin/lshw ]; then
# We only want the first items reported to avoid picking up pnp devices
PRIV_LSHW /usr/sbin/lshw -class system -quiet 2>/dev/null | awk '
BEGIN { found_vendor=0; found_product=0; found_serial=0; }
$1 ~ /vendor:/ && !found_vendor { sub(".*vendor: *", ""); gsub("\"", ""); printf("candidate_vendor[]: %s\n", $0); found_vendor=1; }
$1 ~ /product:/ && !found_product { sub(".*product: *", ""); gsub("\"", ""); printf("candidate_model[]: %s\n", $0); found_product=1; }
$1 ~ /serial:/ && !found_serial { sub(".*serial: *", ""); gsub("\"", ""); printf("candidate_serial[]: %s\n", $0); found_serial=1; } '
fi
if [ -d /sys/class/dmi/id ]; then
model=`cat /sys/class/dmi/id/product_name 2>/dev/null`
The following code:
# Cloud instance metadata
tw_detect_cloud_platform
if [ $? -eq 0 ]; then
if [ "$TW_CLOUD_PLATFORM" == "AWS" ]; then
echo "aws_instance_id: $TW_CLOUD_ID"
echo "candidate_model[]: Amazon Virtual Machine"
echo "candidate_vendor[]: Amazon"
is replaced with:
# Cloud instance metadata
tw_detect_cloud_platform
if [ $? -eq 0 ]; then
if [ "$TW_CLOUD_PLATFORM" = "AWS" ]; then
echo "aws_instance_id: $TW_CLOUD_ID"
echo "candidate_model[]: Amazon Virtual Machine"
echo "candidate_vendor[]: Amazon"
tw_detect_cloud_platform
if [ $? -eq 0 ]; then
if [ "$TW_CLOUD_PLATFORM" = "AWS" ]; then
echo "aws_instance_id: $TW_CLOUD_ID"
echo "candidate_model[]: Amazon Virtual Machine"
echo "candidate_vendor[]: Amazon"
The following code:
fi
fi
elif [ "$TW_CLOUD_PLATFORM" == "AZURE" ]; then
echo "azure_vm_id: $TW_CLOUD_ID"
echo "candidate_model[]: Virtual Machine"
echo "candidate_vendor[]: Microsoft Corporation"
elif [ "$TW_CLOUD_PLATFORM" == "GCE" ]; then
echo "gce_instance_id: " "$TW_CLOUD_ID"
echo "candidate_model[]: Google Compute Engine"
echo "candidate_vendor[]: Google"
is replaced with:
fi
fi
elif [ "$TW_CLOUD_PLATFORM" = "AZURE" ]; then
echo "azure_vm_id: $TW_CLOUD_ID"
echo "candidate_model[]: Virtual Machine"
echo "candidate_vendor[]: Microsoft Corporation"
elif [ "$TW_CLOUD_PLATFORM" = "GCE" ]; then
echo "gce_instance_id: " "$TW_CLOUD_ID"
echo "candidate_model[]: Google Compute Engine"
echo "candidate_vendor[]: Google"
echo "scope: $scope"
fi
elif [ "$TW_CLOUD_PLATFORM" = "OPENSTACK" ]; then
echo "openstack_instance_id: $TW_CLOUD_ID"
echo "candidate_model[]: OpenStack Compute"
elif [ "$TW_CLOUD_PLATFORM" = "ALIBABA" ]; then
echo "alibaba_instance_id: $TW_CLOUD_ID"
echo "candidate_model[]: Alibaba Virtual Machine"
echo "candidate_vendor[]: Alibaba"
# Get primary MAC so we can find VPC
primary_mac=`$TW_CLOUD_IMDS_CMD/mac 2>/dev/null`
if [ "$primary_mac" != "" ]; then
scope=`$TW_CLOUD_IMDS_CMD/network/interfaces/macs/$primary_mac/vpc-id 2>/dev/null | egrep '^vpc-[0-9a-f]+$'`
if [ "$scope" != "" ]; then
echo "scope: $scope"
fi
fi
fi
fi
fi
elif [ "$TW_CLOUD_PLATFORM" = "AZURE" ]; then
echo "azure_vm_id: $TW_CLOUD_ID"
echo "candidate_model[]: Virtual Machine"
echo "candidate_vendor[]: Microsoft Corporation"
elif [ "$TW_CLOUD_PLATFORM" = "GCE" ]; then
echo "gce_instance_id: " "$TW_CLOUD_ID"
echo "candidate_model[]: Google Compute Engine"
echo "candidate_vendor[]: Google"
echo "scope: $scope"
fi
elif [ "$TW_CLOUD_PLATFORM" = "OPENSTACK" ]; then
echo "openstack_instance_id: $TW_CLOUD_ID"
echo "candidate_model[]: OpenStack Compute"
elif [ "$TW_CLOUD_PLATFORM" = "ALIBABA" ]; then
echo "alibaba_instance_id: $TW_CLOUD_ID"
echo "candidate_model[]: Alibaba Virtual Machine"
echo "candidate_vendor[]: Alibaba"
# Get primary MAC so we can find VPC
primary_mac=`$TW_CLOUD_IMDS_CMD/mac 2>/dev/null`
if [ "$primary_mac" != "" ]; then
scope=`$TW_CLOUD_IMDS_CMD/network/interfaces/macs/$primary_mac/vpc-id 2>/dev/null | egrep '^vpc-[0-9a-f]+$'`
if [ "$scope" != "" ]; then
echo "scope: $scope"
fi
fi
fi
fi
initialise
The following code:
export TW_CLOUD_IMDS_CMD=
# We need curl to make the required requests
if [ ! -x /usr/bin/curl ]; then
return 1
fi
# Trying to detect Amazon EC2
return 0
fi
is replaced with:
export TW_CLOUD_IMDS_CMD=
# We need curl to make the required requests
# Check if curl found.
if ! [ -x "$(command -v curl)" ]; then
return 1
fi
# Trying to detect Amazon EC2
return 0
fi
# Try Alibaba Cloud
# see: https://www.alibabacloud.com/help/doc-detail/108460.htm
# Try security hardening mode approach first
TOKEN=`curl --connect-timeout 5 --max-time 10 --fail -X PUT "http://100.100.100.200/latest/api/token" -H "X-aliyun-ecs-metadata-token-ttl-seconds: 1800" 2>/dev/null`
if [ ! -z "$TOKEN" ]; then
TW_CLOUD_IMDS_CMD="curl --connect-timeout 5 --max-time 10 --fail -H \"X-aws-ec2-metadata-token: $TOKEN\" http://100.100.100.200/latest/meta-data"
else
# Not in security hardening mode
TW_CLOUD_IMDS_CMD="curl --connect-timeout 5 --max-time 10 --fail http://100.100.100.200/latest/meta-data"
fi
TW_CLOUD_ID=`$TW_CLOUD_IMDS_CMD/instance-id 2>/dev/null`
if [ -n "$TW_CLOUD_ID" ]; then
TW_CLOUD_PLATFORM=ALIBABA
return 0
fi
TW_CLOUD_PLATFORM=None
return 1
}
# We need curl to make the required requests
# Check if curl found.
if ! [ -x "$(command -v curl)" ]; then
return 1
fi
# Trying to detect Amazon EC2
return 0
fi
# Try Alibaba Cloud
# see: https://www.alibabacloud.com/help/doc-detail/108460.htm
# Try security hardening mode approach first
TOKEN=`curl --connect-timeout 5 --max-time 10 --fail -X PUT "http://100.100.100.200/latest/api/token" -H "X-aliyun-ecs-metadata-token-ttl-seconds: 1800" 2>/dev/null`
if [ ! -z "$TOKEN" ]; then
TW_CLOUD_IMDS_CMD="curl --connect-timeout 5 --max-time 10 --fail -H \"X-aws-ec2-metadata-token: $TOKEN\" http://100.100.100.200/latest/meta-data"
else
# Not in security hardening mode
TW_CLOUD_IMDS_CMD="curl --connect-timeout 5 --max-time 10 --fail http://100.100.100.200/latest/meta-data"
fi
TW_CLOUD_ID=`$TW_CLOUD_IMDS_CMD/instance-id 2>/dev/null`
if [ -n "$TW_CLOUD_ID" ]; then
TW_CLOUD_PLATFORM=ALIBABA
return 0
fi
TW_CLOUD_PLATFORM=None
return 1
}
The following code:
PRIV_HWINFO() {
sudo "$@"
}
# lputil requires superuser privileges to display any HBA information
PRIV_LPUTIL() {
sudo "$@"
is replaced with:
PRIV_HWINFO() {
sudo "$@"
}
# lshw requires superuser privileges to report all hardware data
PRIV_LSHW() {
sudo "$@"
}
# lputil requires superuser privileges to display any HBA information
PRIV_LPUTIL() {
sudo "$@"
sudo "$@"
}
# lshw requires superuser privileges to report all hardware data
PRIV_LSHW() {
sudo "$@"
}
# lputil requires superuser privileges to display any HBA information
PRIV_LPUTIL() {
sudo "$@"
The following code:
PRIV_HWINFO() {
"$@"
}
# lputil requires superuser privileges to display any HBA information
PRIV_LPUTIL() {
"$@"
is replaced with:
PRIV_HWINFO() {
"$@"
}
# lshw requires superuser privileges to report all hardware data
PRIV_LSHW() {
"$@"
}
# lputil requires superuser privileges to display any HBA information
PRIV_LPUTIL() {
"$@"
"$@"
}
# lshw requires superuser privileges to report all hardware data
PRIV_LSHW() {
"$@"
}
# lputil requires superuser privileges to display any HBA information
PRIV_LPUTIL() {
"$@"
getDirectoryListing
The following code:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
(cd %(path)s 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -a --full-time --color=never
else
echo 'PERMISSION DENIED'
fi)
else
echo 'PERMISSION DENIED'
fi
is replaced with:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -a --full-time --color=never %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -a --full-time --color=never %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
AIX
getDirectoryListing
The following code:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
(cd %(path)s 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -al
else
echo 'PERMISSION DENIED'
fi)
else
echo 'PERMISSION DENIED'
fi
is replaced with:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -al %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -al %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
Mac OS X
getDirectoryListing
The following code:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
(cd %(path)s 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -alT
else
echo 'PERMISSION DENIED'
fi)
else
echo 'PERMISSION DENIED'
fi
is replaced with:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -alT %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -alT %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
Linux
getDeviceInfo
The following code:
dns_domain=`hostname -d 2>/dev/null | sed -e 's/(none)//'`
if [ "$dns_domain" = "" -a -r /etc/resolv.conf ]; then
dns_domain=`awk '/^(domain|search)/ {sub(/\\\\000$/, "", $2); print $2; exit }' /etc/resolv.conf 2>/dev/null`
fi
echo 'dns_domain: ' $dns_domain
is replaced with:
dns_domain=`hostname -d 2>/dev/null | sed -e 's/(none)//'`
if [ "$dns_domain" = "" -a -r /etc/resolv.conf ]; then
dns_domain=`awk '/^(domain|search)/ {sub(/\\\\000$/, "", $2); print $2; exit }' /etc/resolv.conf 2>/dev/null`
fi
if [ "$dns_domain" = "." ]; then
dns_domain=""
fi
echo 'dns_domain: ' $dns_domain
if [ "$dns_domain" = "" -a -r /etc/resolv.conf ]; then
dns_domain=`awk '/^(domain|search)/ {sub(/\\\\000$/, "", $2); print $2; exit }' /etc/resolv.conf 2>/dev/null`
fi
if [ "$dns_domain" = "." ]; then
dns_domain=""
fi
echo 'dns_domain: ' $dns_domain
The following code:
# (see below)
if [ "$os" = "" -a -r /etc/SuSE-release ]; then
os=`cat /etc/SuSE-release | egrep -v '^#'`
fi
if [ "$os" = "" -a -x /usr/bin/lsb_release ]; then
# We'd like to use -ds but that puts quotes in the output!
is replaced with:
# (see below)
if [ "$os" = "" -a -r /etc/SuSE-release ]; then
os=`cat /etc/SuSE-release | egrep -v '^#'`
fi
if [ "$os" = "" -a -r /etc/photon-release ]; then
os=`cat /etc/photon-release`
fi
if [ "$os" = "" -a -x /usr/bin/lsb_release ]; then
# We'd like to use -ds but that puts quotes in the output!
if [ "$os" = "" -a -r /etc/SuSE-release ]; then
os=`cat /etc/SuSE-release | egrep -v '^#'`
fi
if [ "$os" = "" -a -r /etc/photon-release ]; then
os=`cat /etc/photon-release`
fi
if [ "$os" = "" -a -x /usr/bin/lsb_release ]; then
# We'd like to use -ds but that puts quotes in the output!
getHostInfo
The following code:
fi
if [ -f /usr/sbin/dmidecode ]; then
# Azure Virtual Machines report their instance ID via the BIOS UUID
PRIV_DMIDECODE /usr/sbin/dmidecode 2>/dev/null | sed -n '/DMI type 1,/,/^Handle 0x0/p' | awk '
$1 ~ /Manufacturer:/ { sub(".*Manufacturer: *", ""); printf("candidate_vendor[]: %s\n", $0); }
$1 ~ /Vendor:/ { sub(".*Vendor: *", ""); printf("candidate_vendor[]: %s\n", $0); }
$1 ~ /Product/ && $2 ~ /Name:/ { sub(".*Product Name: *", ""); printf("candidate_model[]: %s\n", $0); }
is replaced with:
fi
if [ -f /usr/sbin/dmidecode ]; then
# Azure Virtual Machines report their instance ID via the BIOS UUID
PRIV_DMIDECODE /usr/sbin/dmidecode 2>/dev/null | sed -n '/DMI type 1,/,/^Handle 0x0/p' | awk '
$1 ~ /Manufacturer:/ { sub(".*Manufacturer: *", ""); printf("candidate_vendor[]: %s\n", $0); }
$1 ~ /Vendor:/ { sub(".*Vendor: *", ""); printf("candidate_vendor[]: %s\n", $0); }
$1 ~ /Product/ && $2 ~ /Name:/ { sub(".*Product Name: *", ""); printf("candidate_model[]: %s\n", $0); }
if [ -f /usr/sbin/dmidecode ]; then
# Azure Virtual Machines report their instance ID via the BIOS UUID
PRIV_DMIDECODE /usr/sbin/dmidecode 2>/dev/null | sed -n '/DMI type 1,/,/^Handle 0x0/p' | awk '
$1 ~ /Manufacturer:/ { sub(".*Manufacturer: *", ""); printf("candidate_vendor[]: %s\n", $0); }
$1 ~ /Vendor:/ { sub(".*Vendor: *", ""); printf("candidate_vendor[]: %s\n", $0); }
$1 ~ /Product/ && $2 ~ /Name:/ { sub(".*Product Name: *", ""); printf("candidate_model[]: %s\n", $0); }
The following code:
$1 ~ /UUID:/ { sub(".*UUID: *", ""); printf( "candidate_uuid[]: %s\n", $0 ); } '
fi
if [ -f /usr/sbin/hwinfo ]; then
PRIV_HWINFO /usr/sbin/hwinfo --bios 2>/dev/null | sed -n '/System Info:/,/Info:/p' | awk '
$1 ~ /Manufacturer:/ { sub(".*Manufacturer: *", ""); gsub("\"", ""); printf("candidate_vendor[]: %s\n", $0); }
$1 ~ /Product:/ { sub(".*Product: *", ""); gsub("\"", ""); printf("candidate_model[]: %s\n", $0); }
$1 ~ /Serial:/ { sub(".*Serial: *", ""); gsub("\"", ""); printf("candidate_serial[]: %s\n", $0); }
$1 ~ /UUID:/ { sub(".*UUID: *", ""); gsub("\"", ""); printf("candidate_uuid[]: %s\n", $0); } '
fi
if [ -d /sys/class/dmi/id ]; then
model=`cat /sys/class/dmi/id/product_name 2>/dev/null`
noformat}
s replaced with:
noformat}
$1 ~ /UUID:/ { sub(".*UUID: *", ""); printf( "candidate_uuid[]: %s\n", $0 ); } '
fi
if [ -f /usr/sbin/hwinfo ]; then
PRIV_HWINFO /usr/sbin/hwinfo --bios 2>/dev/null | sed -n '/System Info:/,/Info:/p' | awk '
$1 ~ /Manufacturer:/ { sub(".*Manufacturer: *", ""); gsub("\"", ""); printf("candidate_vendor[]: %s\n", $0); }
$1 ~ /Product:/ { sub(".*Product: *", ""); gsub("\"", ""); printf("candidate_model[]: %s\n", $0); }
$1 ~ /Serial:/ { sub(".*Serial: *", ""); gsub("\"", ""); printf("candidate_serial[]: %s\n", $0); }
$1 ~ /UUID:/ { sub(".*UUID: *", ""); gsub("\"", ""); printf("candidate_uuid[]: %s\n", $0); } '
fi
if [ -f /usr/sbin/lshw ]; then
# We only want the first items reported to avoid picking up pnp devices
PRIV_LSHW /usr/sbin/lshw -class system -quiet 2>/dev/null | awk '
BEGIN { found_vendor=0; found_product=0; found_serial=0; }
$1 ~ /vendor:/ && !found_vendor { sub(".*vendor: *", ""); gsub("\"", ""); printf("candidate_vendor[]: %s\n", $0); found_vendor=1; }
$1 ~ /product:/ && !found_product { sub(".*product: *", ""); gsub("\"", ""); printf("candidate_model[]: %s\n", $0); found_product=1; }
$1 ~ /serial:/ && !found_serial { sub(".*serial: *", ""); gsub("\"", ""); printf("candidate_serial[]: %s\n", $0); found_serial=1; } '
fi
if [ -d /sys/class/dmi/id ]; then
model=`cat /sys/class/dmi/id/product_name 2>/dev/null`
The following code:
# Cloud instance metadata
tw_detect_cloud_platform
if [ $? -eq 0 ]; then
if [ "$TW_CLOUD_PLATFORM" == "AWS" ]; then
echo "aws_instance_id: $TW_CLOUD_ID"
echo "candidate_model[]: Amazon Virtual Machine"
echo "candidate_vendor[]: Amazon"
is replaced with:
# Cloud instance metadata
tw_detect_cloud_platform
if [ $? -eq 0 ]; then
if [ "$TW_CLOUD_PLATFORM" = "AWS" ]; then
echo "aws_instance_id: $TW_CLOUD_ID"
echo "candidate_model[]: Amazon Virtual Machine"
echo "candidate_vendor[]: Amazon"
tw_detect_cloud_platform
if [ $? -eq 0 ]; then
if [ "$TW_CLOUD_PLATFORM" = "AWS" ]; then
echo "aws_instance_id: $TW_CLOUD_ID"
echo "candidate_model[]: Amazon Virtual Machine"
echo "candidate_vendor[]: Amazon"
The following code:
elif [ "$TW_CLOUD_PLATFORM" == "AZURE" ]; then
echo "azure_vm_id: $TW_CLOUD_ID"
echo "candidate_model[]: Virtual Machine"
echo "candidate_vendor[]: Microsoft Corporation"
elif [ "$TW_CLOUD_PLATFORM" == "GCE" ]; then
echo "gce_instance_id: " "$TW_CLOUD_ID"
echo "candidate_model[]: Google Compute Engine"
echo "candidate_vendor[]: Google"
is replaced with:
elif [ "$TW_CLOUD_PLATFORM" = "AZURE" ]; then
echo "azure_vm_id: $TW_CLOUD_ID"
echo "candidate_model[]: Virtual Machine"
echo "candidate_vendor[]: Microsoft Corporation"
elif [ "$TW_CLOUD_PLATFORM" = "GCE" ]; then
echo "gce_instance_id: " "$TW_CLOUD_ID"
echo "candidate_model[]: Google Compute Engine"
echo "candidate_vendor[]: Google"
echo "azure_vm_id: $TW_CLOUD_ID"
echo "candidate_model[]: Virtual Machine"
echo "candidate_vendor[]: Microsoft Corporation"
elif [ "$TW_CLOUD_PLATFORM" = "GCE" ]; then
echo "gce_instance_id: " "$TW_CLOUD_ID"
echo "candidate_model[]: Google Compute Engine"
echo "candidate_vendor[]: Google"
The following code:
echo "scope: $scope"
fi
elif [ "$TW_CLOUD_PLATFORM" == "OPENSTACK" ]; then
echo "openstack_instance_id: $TW_CLOUD_ID"
echo "candidate_model[]: OpenStack Compute"
fi
fi
is replaced with:
echo "scope: $scope"
fi
elif [ "$TW_CLOUD_PLATFORM" = "OPENSTACK" ]; then
echo "openstack_instance_id: $TW_CLOUD_ID"
echo "candidate_model[]: OpenStack Compute"
elif [ "$TW_CLOUD_PLATFORM" = "ALIBABA" ]; then
echo "alibaba_instance_id: $TW_CLOUD_ID"
echo "candidate_model[]: Alibaba Virtual Machine"
echo "candidate_vendor[]: Alibaba"
# Get primary MAC so we can find VPC
primary_mac=`$TW_CLOUD_IMDS_CMD/mac 2>/dev/null`
if [ "$primary_mac" != "" ]; then
scope=`$TW_CLOUD_IMDS_CMD/network/interfaces/macs/$primary_mac/vpc-id 2>/dev/null | egrep '^vpc-[0-9a-f]+$'`
if [ "$scope" != "" ]; then
echo "scope: $scope"
fi
fi
fi
fi
fi
elif [ "$TW_CLOUD_PLATFORM" = "OPENSTACK" ]; then
echo "openstack_instance_id: $TW_CLOUD_ID"
echo "candidate_model[]: OpenStack Compute"
elif [ "$TW_CLOUD_PLATFORM" = "ALIBABA" ]; then
echo "alibaba_instance_id: $TW_CLOUD_ID"
echo "candidate_model[]: Alibaba Virtual Machine"
echo "candidate_vendor[]: Alibaba"
# Get primary MAC so we can find VPC
primary_mac=`$TW_CLOUD_IMDS_CMD/mac 2>/dev/null`
if [ "$primary_mac" != "" ]; then
scope=`$TW_CLOUD_IMDS_CMD/network/interfaces/macs/$primary_mac/vpc-id 2>/dev/null | egrep '^vpc-[0-9a-f]+$'`
if [ "$scope" != "" ]; then
echo "scope: $scope"
fi
fi
fi
fi
initialise
The following code:
export TW_CLOUD_IMDS_CMD=
# We need curl to make the required requests
if [ ! -x /usr/bin/curl ]; then
return 1
fi
# Trying to detect Amazon EC2
is replaced with:
export TW_CLOUD_IMDS_CMD=
# We need curl to make the required requests
# Check if curl found.
if ! [ -x "$(command -v curl)" ]; then
return 1
fi
# Trying to detect Amazon EC2
return 0
fi
# Try Alibaba Cloud
# see: https://www.alibabacloud.com/help/doc-detail/108460.htm
# Try security hardening mode approach first
TOKEN=`curl --connect-timeout 5 --max-time 10 --fail -X PUT "http://100.100.100.200/latest/api/token" -H "X-aliyun-ecs-metadata-token-ttl-seconds: 1800" 2>/dev/null`
if [ ! -z "$TOKEN" ]; then
TW_CLOUD_IMDS_CMD="curl --connect-timeout 5 --max-time 10 --fail -H \"X-aws-ec2-metadata-token: $TOKEN\" http://100.100.100.200/latest/meta-data"
else
# Not in security hardening mode
TW_CLOUD_IMDS_CMD="curl --connect-timeout 5 --max-time 10 --fail http://100.100.100.200/latest/meta-data"
fi
TW_CLOUD_ID=`$TW_CLOUD_IMDS_CMD/instance-id 2>/dev/null`
if [ -n "$TW_CLOUD_ID" ]; then
TW_CLOUD_PLATFORM=ALIBABA
return 0
fi
TW_CLOUD_PLATFORM=None
return 1
}
# We need curl to make the required requests
# Check if curl found.
if ! [ -x "$(command -v curl)" ]; then
return 1
fi
# Trying to detect Amazon EC2
return 0
fi
# Try Alibaba Cloud
# see: https://www.alibabacloud.com/help/doc-detail/108460.htm
# Try security hardening mode approach first
TOKEN=`curl --connect-timeout 5 --max-time 10 --fail -X PUT "http://100.100.100.200/latest/api/token" -H "X-aliyun-ecs-metadata-token-ttl-seconds: 1800" 2>/dev/null`
if [ ! -z "$TOKEN" ]; then
TW_CLOUD_IMDS_CMD="curl --connect-timeout 5 --max-time 10 --fail -H \"X-aws-ec2-metadata-token: $TOKEN\" http://100.100.100.200/latest/meta-data"
else
# Not in security hardening mode
TW_CLOUD_IMDS_CMD="curl --connect-timeout 5 --max-time 10 --fail http://100.100.100.200/latest/meta-data"
fi
TW_CLOUD_ID=`$TW_CLOUD_IMDS_CMD/instance-id 2>/dev/null`
if [ -n "$TW_CLOUD_ID" ]; then
TW_CLOUD_PLATFORM=ALIBABA
return 0
fi
TW_CLOUD_PLATFORM=None
return 1
}
The following code:
PRIV_HWINFO() {
sudo "$@"
}
# lputil requires superuser privileges to display any HBA information
PRIV_LPUTIL() {
sudo "$@"
is replaced with:
PRIV_HWINFO() {
sudo "$@"
}
# lshw requires superuser privileges to report all hardware data
PRIV_LSHW() {
sudo "$@"
}
# lputil requires superuser privileges to display any HBA information
PRIV_LPUTIL() {
sudo "$@"
sudo "$@"
}
# lshw requires superuser privileges to report all hardware data
PRIV_LSHW() {
sudo "$@"
}
# lputil requires superuser privileges to display any HBA information
PRIV_LPUTIL() {
sudo "$@"
The following code:
PRIV_HWINFO() {
"$@"
}
# lputil requires superuser privileges to display any HBA information
PRIV_LPUTIL() {
"$@"
is replaced with:
PRIV_HWINFO() {
"$@"
}
# lshw requires superuser privileges to report all hardware data
PRIV_LSHW() {
"$@"
}
# lputil requires superuser privileges to display any HBA information
PRIV_LPUTIL() {
"$@"
"$@"
}
# lshw requires superuser privileges to report all hardware data
PRIV_LSHW() {
"$@"
}
# lputil requires superuser privileges to display any HBA information
PRIV_LPUTIL() {
"$@"
getDirectoryListing
The following code:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
(cd %(path)s 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -a --full-time --color=never
else
echo 'PERMISSION DENIED'
fi)
else
echo 'PERMISSION DENIED'
fi
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
(cd %(path)s 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -a --full-time --color=never
else
echo 'PERMISSION DENIED'
fi)
else
echo 'PERMISSION DENIED'
fi
is replaced with:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -a --full-time --color=never %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -a --full-time --color=never %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
NetBSD
getDirectoryListing
The following code:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
(cd %(path)s 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -alT
else
echo 'PERMISSION DENIED'
fi)
else
echo 'PERMISSION DENIED'
fi
is replaced with:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -alT %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -alT %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
UnixWare
getDirectoryListing
The following code:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
(cd %(path)s 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -al
else
echo 'PERMISSION DENIED'
fi)
else
echo 'PERMISSION DENIED'
fi
is replaced with:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -al %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -al %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
IRIX
getDirectoryListing
The following code:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
(cd %(path)s 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -al
else
echo 'PERMISSION DENIED'
fi)
else
echo 'PERMISSION DENIED'
fi
is replaced with:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -al %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -al %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
HP-UX
getFileContent
The following code:
PRIV_TEST -f "${P}" -a -r "${P}"
if [ $? -eq 0 ]; then
echo "begin content:"
PRIV_CAT "${P}" | sed -e 's/[^[:print:][:blank:]]//g;$a\'
fi
if [ $? -eq 0 ]; then
echo "begin content:"
PRIV_CAT "${P}" | sed -e 's/[^[:print:][:blank:]]//g;$a\'
fi
is replaced with:
PRIV_TEST -f "${P}" -a -r "${P}"
if [ $? -eq 0 ]; then
echo "begin content:"
echo "`PRIV_CAT "${P}"`"
fi
if [ $? -eq 0 ]; then
echo "begin content:"
echo "`PRIV_CAT "${P}"`"
fi
getDirectoryListing
The following code:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
(cd %(path)s 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -al
else
echo 'PERMISSION DENIED'
fi)
else
echo 'PERMISSION DENIED'
fi
is replaced with:
if [ $? -eq 0 ]; then
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -al %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
PRIV_TEST -x %(path)s -a -r %(path)s > /dev/null 2> /dev/null
if [ $? -eq 0 ]; then
PRIV_LS -al %(path)s 2> /dev/null
if [ $? -gt 0 ]; then
echo 'PERMISSION DENIED'
fi
else
echo 'PERMISSION DENIED'
fi
Windows
getNetworkInterfaces
The following code:
# DNS servers. IPv6 servers are not reported so we need to look in the registry
$dns_servers = @()
if ($config.DNSServerSearchOrder) {
$dns_server = $dns_servers + $config.DNSServerSearchOrder
}
if ($config.SettingID) {
$tmp = Get-ItemProperty -Path "HKLM:SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\$config.SettingID" -Name NameServer -ErrorAction SilentlyContinue
if ($tmp) {
$dns_server = $dns_servers + $tmp.Split(",")
}
}
if ($dns_servers) {
"dns_servers: {0}" -f $dns_servers
}
if ($config.DefaultIPGateway) {
"default_gateway: {0}" -f $config.DefaultIPGateway
}
if ($config.Index -ne $null) {
is replaced with:
# DNS servers. IPv6 servers are not reported so we need to look in the registry
$dns_servers = @()
if ($config.DNSServerSearchOrder) {
$dns_servers = $dns_servers + $config.DNSServerSearchOrder
}
if ($config.SettingID) {
$tmp = Get-ItemProperty -Path "HKLM:SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\$config.SettingID" -Name NameServer -ErrorAction SilentlyContinue
if ($tmp) {
$dns_servers = $dns_servers + $tmp.Split(",")
}
}
if ($dns_servers) {
"dns_servers: {0}" -f ($dns_servers -Join ",")
}
if ($config.DefaultIPGateway) {
"default_gateway: {0}" -f ($config.DefaultIPGateway -Join ",")
}
if ($config.Index -ne $null) {
$dns_servers = @()
if ($config.DNSServerSearchOrder) {
$dns_servers = $dns_servers + $config.DNSServerSearchOrder
}
if ($config.SettingID) {
$tmp = Get-ItemProperty -Path "HKLM:SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\$config.SettingID" -Name NameServer -ErrorAction SilentlyContinue
if ($tmp) {
$dns_servers = $dns_servers + $tmp.Split(",")
}
}
if ($dns_servers) {
"dns_servers: {0}" -f ($dns_servers -Join ",")
}
if ($config.DefaultIPGateway) {
"default_gateway: {0}" -f ($config.DefaultIPGateway -Join ",")
}
if ($config.Index -ne $null) {
initialise
The following code:
function tw_detect_cloud_platform {
# Have we already detected the cloud platform?
if ($global:TW_CLOUD_PLATFORM) {
Write-Debug ("Cloud platform detected as {0}" -f $global:TW_CLOUD_PLATFORM)
return
}
# We need PowerShell 3.0 or later to make REST requests
if ($PSVersionTable.PSVersion.Major -lt 3) {
Write-Debug "Cannot detect cloud platform as PowerShell version < 3"
return
}
is replaced with:
function tw_detect_cloud_platform {
# Have we already detected the cloud platform?
if ($global:TW_CLOUD_PLATFORM) {
return
}
# We need PowerShell 3.0 or later to make REST requests
if ($PSVersionTable.PSVersion.Major -lt 3) {
return
}
# Have we already detected the cloud platform?
if ($global:TW_CLOUD_PLATFORM) {
return
}
# We need PowerShell 3.0 or later to make REST requests
if ($PSVersionTable.PSVersion.Major -lt 3) {
return
}
The following code:
}
$token = $null
try {
Write-Debug "Try AWS IMDSv2"
$token = Invoke-RestMethod -Method PUT -TimeoutSec 5 -Uri "http://169.254.169.254/latest/api/token" -headers $headers -ErrorAction SilentlyContinue
}
catch {
# Ignore errors
}
if ($token) {
Write-Debug "Use AWS IMDSv2"
$global:TW_CLOUD_IMDS_HEADERS = @{
"X-aws-ec2-metadata-token" = $token
}
is replaced with:
}
$token = $null
try {
$token = Invoke-RestMethod -Method PUT -TimeoutSec 5 -Uri "http://169.254.169.254/latest/api/token" -headers $headers -ErrorAction SilentlyContinue
}
catch {
# Ignore errors
}
if ($token) {
$global:TW_CLOUD_IMDS_HEADERS = @{
"X-aws-ec2-metadata-token" = $token
}
$token = $null
try {
$token = Invoke-RestMethod -Method PUT -TimeoutSec 5 -Uri "http://169.254.169.254/latest/api/token" -headers $headers -ErrorAction SilentlyContinue
}
catch {
# Ignore errors
}
if ($token) {
$global:TW_CLOUD_IMDS_HEADERS = @{
"X-aws-ec2-metadata-token" = $token
}
The following code:
}
else {
# No token, try IMDSv1
Write-Debug "Try AWS IMDSv1"
try {
$global:TW_CLOUD_ID = Invoke-RestMethod -TimeoutSec 5 -Uri "http://169.254.169.254/latest/meta-data/instance-id" -ErrorAction SilentlyContinue
}
is replaced with:
}
else {
# No token, try IMDSv1
Write-Debug "Try AWS IMDSv1"
try {
$global:TW_CLOUD_ID = Invoke-RestMethod -TimeoutSec 5 -Uri "http://169.254.169.254/latest/meta-data/instance-id" -ErrorAction SilentlyContinue
}
else {
# No token, try IMDSv1
Write-Debug "Try AWS IMDSv1"
try {
$global:TW_CLOUD_ID = Invoke-RestMethod -TimeoutSec 5 -Uri "http://169.254.169.254/latest/meta-data/instance-id" -ErrorAction SilentlyContinue
}
The following code:
}
if ($global:TW_CLOUD_ID) {
# We need to check for OpenStack EC2-compatible metadata
Write-Debug "Check for OpenStack EC2-compatible metadata"
try {
$openstack = Invoke-RestMethod -TimeoutSec 5 -Uri "http://169.254.169.254/openstack" -ErrorAction SilentlyContinue
}
is replaced with:
}
if ($global:TW_CLOUD_ID) {
# We need to check for OpenStack EC2-compatible metadata
try {
$openstack = Invoke-RestMethod -TimeoutSec 5 -Uri "http://169.254.169.254/openstack" -ErrorAction SilentlyContinue
}
if ($global:TW_CLOUD_ID) {
# We need to check for OpenStack EC2-compatible metadata
try {
$openstack = Invoke-RestMethod -TimeoutSec 5 -Uri "http://169.254.169.254/openstack" -ErrorAction SilentlyContinue
}
The following code:
# Cloud platform is AWS
$global:TW_CLOUD_PLATFORM="AWS"
}
Write-Debug ("Cloud platform detected as {0}" -f $global:TW_CLOUD_PLATFORM)
return
}
###################################################################
# Try Azure
# see: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/instance-metadata-service
Write-Debug "Try Azure"
try {
$global:TW_CLOUD_ID = Invoke-RestMethod -Headers @{"Metadata"="true"} -URI "http://169.254.169.254/metadata/instance/compute/vmId?api-version=2019-06-01&format=text" -Method get -ErrorAction SilentlyContinue
}
is replaced with:
# Cloud platform is AWS
$global:TW_CLOUD_PLATFORM="AWS"
}
return
}
###################################################################
# Try Azure
# see: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/instance-metadata-service
try {
$global:TW_CLOUD_ID = Invoke-RestMethod -Headers @{"Metadata"="true"} -URI "http://169.254.169.254/metadata/instance/compute/vmId?api-version=2019-06-01&format=text" -Method get -ErrorAction SilentlyContinue
}
$global:TW_CLOUD_PLATFORM="AWS"
}
return
}
###################################################################
# Try Azure
# see: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/instance-metadata-service
try {
$global:TW_CLOUD_ID = Invoke-RestMethod -Headers @{"Metadata"="true"} -URI "http://169.254.169.254/metadata/instance/compute/vmId?api-version=2019-06-01&format=text" -Method get -ErrorAction SilentlyContinue
}
The following code:
}
if ($global:TW_CLOUD_ID) {
$global:TW_CLOUD_PLATFORM="AZURE"
Write-Debug ("Cloud platform detected as {0}" -f $global:TW_CLOUD_PLATFORM)
return
}
###################################################################
# Try Google Compute engine
# see: https://cloud.google.com/compute/docs/storing-retrieving-metadata
Write-Debug "Try GCE"
try {
$global:TW_CLOUD_ID = Invoke-RestMethod -Headers @{"Metadata-Flavor"="Google"} -URI "http://metadata.google.internal/computeMetadata/v1/instance/id" -Method get -ErrorAction SilentlyContinue
}
is replaced with:
}
if ($global:TW_CLOUD_ID) {
$global:TW_CLOUD_PLATFORM="AZURE"
return
}
###################################################################
# Try Google Compute engine
# see: https://cloud.google.com/compute/docs/storing-retrieving-metadata
try {
$global:TW_CLOUD_ID = Invoke-RestMethod -Headers @{"Metadata-Flavor"="Google"} -URI "http://metadata.google.internal/computeMetadata/v1/instance/id" -Method get -ErrorAction SilentlyContinue
}
if ($global:TW_CLOUD_ID) {
$global:TW_CLOUD_PLATFORM="AZURE"
return
}
###################################################################
# Try Google Compute engine
# see: https://cloud.google.com/compute/docs/storing-retrieving-metadata
try {
$global:TW_CLOUD_ID = Invoke-RestMethod -Headers @{"Metadata-Flavor"="Google"} -URI "http://metadata.google.internal/computeMetadata/v1/instance/id" -Method get -ErrorAction SilentlyContinue
}
The following code:
}
if ($global:TW_CLOUD_ID) {
$global:TW_CLOUD_PLATFORM="GCE"
Write-Debug ("Cloud platform detected as {0}" -f $global:TW_CLOUD_PLATFORM)
return
}
Write-Debug "No cloud platform detected"
is replaced with:
}
if ($global:TW_CLOUD_ID) {
$global:TW_CLOUD_PLATFORM="GCE"
return
}
###################################################################
# Try Alibaba Cloud
# see: https://www.alibabacloud.com/help/doc-detail/108460.htm
# Try security hardening mode first.
$headers = @{
"X-aliyun-ecs-metadata-token-ttl-seconds" = "1800"
}
$token = $null
try {
$token = Invoke-RestMethod -Method PUT -TimeoutSec 5 -Uri "http://100.100.100.200/latest/api/token" -headers $headers -ErrorAction SilentlyContinue
}
catch {
# Ignore errors
}
if ($token) {
$global:TW_CLOUD_IMDS_HEADERS = @{
"X-aliyun-ecs-metadata-token" = $token
}
try {
$global:TW_CLOUD_ID = Invoke-RestMethod -TimeoutSec 5 -Headers $global:TW_CLOUD_IMDS_HEADERS -Uri "http://100.100.100.200/latest/api/token/instance-id" -ErrorAction SilentlyContinue
}
catch {
# Ignore errors
}
}
else {
try {
$global:TW_CLOUD_ID = Invoke-RestMethod -URI "http://100.100.100.200/latest/meta-data/instance-id" -Method get -ErrorAction SilentlyContinue
}
catch {
# Ignore errors
}
}
if ($global:TW_CLOUD_ID) {
$global:TW_CLOUD_PLATFORM="ALIBABA"
return
}
$global:TW_CLOUD_PLATFORM="None"
}
if ($global:TW_CLOUD_ID) {
$global:TW_CLOUD_PLATFORM="GCE"
return
}
###################################################################
# Try Alibaba Cloud
# see: https://www.alibabacloud.com/help/doc-detail/108460.htm
# Try security hardening mode first.
$headers = @{
"X-aliyun-ecs-metadata-token-ttl-seconds" = "1800"
}
$token = $null
try {
$token = Invoke-RestMethod -Method PUT -TimeoutSec 5 -Uri "http://100.100.100.200/latest/api/token" -headers $headers -ErrorAction SilentlyContinue
}
catch {
# Ignore errors
}
if ($token) {
$global:TW_CLOUD_IMDS_HEADERS = @{
"X-aliyun-ecs-metadata-token" = $token
}
try {
$global:TW_CLOUD_ID = Invoke-RestMethod -TimeoutSec 5 -Headers $global:TW_CLOUD_IMDS_HEADERS -Uri "http://100.100.100.200/latest/api/token/instance-id" -ErrorAction SilentlyContinue
}
catch {
# Ignore errors
}
}
else {
try {
$global:TW_CLOUD_ID = Invoke-RestMethod -URI "http://100.100.100.200/latest/meta-data/instance-id" -Method get -ErrorAction SilentlyContinue
}
catch {
# Ignore errors
}
}
if ($global:TW_CLOUD_ID) {
$global:TW_CLOUD_PLATFORM="ALIBABA"
return
}
$global:TW_CLOUD_PLATFORM="None"
}
The following code is added:
return $False
}
function tw_paths {
param (
$path,
$redirect
)
$paths = @($path)
# check for file system redirection on Windows 64-bit platforms
# -match is case insensitive
if ($redirect) {
$system_path = ($Env:WINDIR + "\system32")
if ($paths[0] -match $system_path.Replace("\", "\\")) {
$extra_path = $Env:WINDIR + '\SysWOW64' + $paths[0].SubString($system_path.Length)
$paths += $extra_path
}
else {
$system_path = ($Env:WINDIR + "\lastgood\system32")
if ($paths[0] -match $system_path.Replace("\", "\\")) {
$extra_path = $Env:WINDIR + '\lastgood\SysWOW64' + $paths[0].SubString($system_path.Length)
$paths += $extra_path
}
}
}
return $paths
}
getHostInfo
The following code is added:
elseif ($TW_CLOUD_PLATFORM -eq "OPENSTACK") {
"openstack_instance_id: {0}" -f $TW_CLOUD_ID
"candidate_model[]: OpenStack Compute"
}
elseif ($TW_CLOUD_PLATFORM -eq "ALIBABA") {
"alibaba_instance_id: {0}" -f $TW_CLOUD_ID
"candidate_model[]: Alibaba Virtual Machine"
"candidate_vendor[]: Alibaba"
# Get primary MAC so we can find VPC
try {
$primary_mac = Invoke-RestMethod -TimeoutSec 5 -Headers $TW_CLOUD_IMDS_HEADERS -Uri "http://100.100.100.200/latest/meta-data/mac" -ErrorAction SilentlyContinue
}
catch {
# Ignore errors
}
if ($primary_mac) {
try {
$scope = Invoke-RestMethod -TimeoutSec 5 -Headers $TW_CLOUD_IMDS_HEADERS -Uri "http://100.100.100.200/latest/meta-data/network/interfaces/macs/$primary_mac/vpc-id" -ErrorAction SilentlyContinue
}
catch {
# Ignore errors
}
if ($scope -match '^vpc-[0-9a-f]+$') {
"scope: {0}" -f $scope
}
}
}
getFileMetadata
The following code:
$filepaths = @(%(path)s)
$system32 = Join-Path -Path $env:WINDIR -ChildPath "System32"
$regex = "^{0}" -f ($system32 -replace "\\", "\\")
if ($%(win64_redirect)s -And $filepaths[0] -match $regex) {
$tmp = $filepaths[0] -replace $regex, "$env:WINDIR\SysWOW64"
$filepaths = $filepaths + $tmp
}
$found = $false
foreach ($filepath in $filepaths) {
is replaced with:
$filepaths = tw_paths -Path %(path)s -Redirect $%(win64_redirect)s
$found = $false
foreach ($filepath in $filepaths) {
$found = $false
foreach ($filepath in $filepaths) {
getDirectoryListing
The following code:
}
}
$paths = @(%(path)s)
# check for file system redirection on Windows 64-bit platforms
# -match is case insensitive
if ($%(win64_redirect)s) {
$system_path = ($Env:WINDIR + "\system32")
if ($paths[0] -match $system_path.Replace("\", "\\")) {
$extra_path = $Env:WINDIR + '\SysWOW64' + $paths[0].SubString($system_path.Length)
"extra_path {0}" -f $extra_path
$paths += $extra_path
}
else {
$system_path = ($Env:WINDIR + "\lastgood\system32")
if ($paths[0] -match $system_path.Replace("\", "\\")) {
$extra_path = $Env:WINDIR + '\lastgood\SysWOW64' + $paths[0].SubString($system_path.Length)
"extra_path {0}" -f $extra_path
$paths += $extra_path
}
}
}
$found = $False
foreach ($path in $paths) {
is replaced with:
}
}
$paths = tw_paths -Path %(path)s -Redirect $%(win64_redirect)s
$found = $False
foreach ($path in $paths) {
}
$paths = tw_paths -Path %(path)s -Redirect $%(win64_redirect)s
$found = $False
foreach ($path in $paths) {
getFileContent
The following code:
$filepaths = @(%(path)s)
$system32 = Join-Path -Path $env:WINDIR -ChildPath "System32"
$regex = "^{0}" -f ($system32 -replace "\\", "\\")
if ($%(win64_redirect)s -And $filepaths[0] -match $regex) {
$tmp = $filepaths[0] -replace $regex, "$env:WINDIR\SysWOW64"
$filepaths = $filepaths + $tmp
}
$found = $false
foreach ($filepath in $filepaths) {
is replaced with:
$filepaths = tw_paths -Path %(path)s -Redirect $%(win64_redirect)s
$found = $false
foreach ($filepath in $filepaths) {
$found = $false
foreach ($filepath in $filepaths) {