Servidores centros secundaria

# Descripcion: Cambia el password de root

# Instrucciones: Abrir el fichero /etc/shadow de nuestro equipo, copiar el password de nuestro usuario y pegarlo donde pone 'Aqui_el_password'.

#

# Manuel Mora Gordillo <manuel.mora.gordillo @no-spam@ gmail.com>

# IES Sta Eulalia - Merida

class cambia-root {

user{ root:

password => 'Aqui_el_password',

ensure => present

}

}

//Pagina de inicio

pref("browser.startup.homepage","http://www.google.es");

//Transferencia

lockPref("network.http.pipelining",true);

lockPref("network.http.proxy.pipelining",true);

lockPref("network.http.pipelining.maxrequest",8);

//Proxy

lockPref("network.proxy.type",0);

//ipv6

lockPref("network.dns.disableIPv6",true);

//cache

lockPref("browser.cache.disk.smart_size.enabled",false);

lockPref("browser.cache.disk.capacity",50000);

// This is the Debian specific preferences file for Iceweasel

// You can make any change in here, it is the purpose of this file.

// You can, with this file and all files present in the

// /etc/iceweasel/pref directory, override any preference that is

// present in /usr/lib/iceweasel/defaults/preferences directory.

// While your changes will be kept on upgrade if you modify files in

// /etc/iceweasel/pref, please note that they won't be kept if you

// do make your changes in /usr/lib/iceweasel/defaults/preferences.

//

// Note that lockPref is allowed in these preferences files if you

// don't want users to be able to override some preferences.

pref("extensions.update.enabled", true);

// Use LANG environment variable to choose locale

pref("intl.locale.matchOS", true);

// Disable default browser checking.

pref("browser.shell.checkDefaultBrowser", false);

//pref("browser.startup.homepage","http://www.google.es");

pref("general.config.obscure_value", 0);

pref("general.config.filename", "iceweasel.cfg");

BREVE DESCRIPCION DE LA EJECUCION DEL MODULO

--------------------------------------------

Destino : Portatiles con la imagen nueva

Acción : Personaliza iceweasel

Notas : Personalizar la configuración de iceweasel, sobre todo por el tema de

la página de inicio. Se puede adaptar a vuestras necesidades tocando el

fichero iceweasel.cfg (yo he puesto las mías).

INSTRUCCIONES DE INSTALACION DEL MODULO

---------------------------------------

Desempaquetar en /etc/puppet/modules

Incluir la linea include "nombre_modulo" en /etc/puppet/manifests/classes/especifica-miniportatil-2011.pp

------------------------------------------------

Creado por:

Francisco Paniagua Sánchez

Administrador Informático del IES Francisco de Orellana (Trujillo).

24-Octubre-2012

class portatiles2012_iceweasel {

file {"/etc/iceweasel/pref/iceweasel.js":

owner => root, group => root, mode => 644,

source => "puppet:///portatiles2012_iceweasel/iceweasel.js"

}

file {"/usr/lib/iceweasel/iceweasel.cfg":

owner => root, group => root, mode => 644,

source => "puppet:///portatiles2012_iceweasel/iceweasel.cfg"

}

}

BREVE DESCRIPCION DE LA EJECUCION DEL MODULO

--------------------------------------------

Destino : Portatiles con la imagen nueva

Acción : Eliminar el menú electricidad del menú principal

Notas :

INSTRUCCIONES DE INSTALACION DEL MODULO

---------------------------------------

Desempaquetar en /etc/puppet/modules

Incluir la linea include "nombre_modulo" en /etc/puppet/manifests/classes/especifica-miniportatil-2011.pp

------------------------------------------------

Creado por:

Francisco Paniagua Sánchez

Administrador Informático del IES Francisco de Orellana (Trujillo).

24-Octubre-2012

class portatiles2012_menuelectricidad {

exec {"borrar-menu-electricidad":

command => "/bin/rm -f /usr/share/extra-xdg-menus/electronics.menu",

onlyif => "/bin/ls /usr/share/extra-xdg-menus/electronics.menu",

}

}

BREVE DESCRIPCION DE LA EJECUCION DEL MODULO

--------------------------------------------

Destino : Portatiles de alumno con la imagen nueva

Acción : Eliminar el warning que da puppet al ejecutarse

Notas : Cambia el fichero de configuración (sustituye puppetmasterd por master)

INSTRUCCIONES DE INSTALACION DEL MODULO

---------------------------------------

Desempaquetar en /etc/puppet/modules

Incluir la linea include "nombre_modulo" en /etc/puppet/manifests/classes/especifica-miniportatil-2011.pp

------------------------------------------------

Creado por:

Francisco Paniagua Sánchez

Administrador Informático del IES Francisco de Orellana (Trujillo).

24-Octubre-2012

class portatiles2012_puppetconf {

file {"/etc/puppet/puppet.conf":

owner => root, group => root, mode => 644,

source => "puppet:///portatiles2012_puppetconf/puppet.conf",

}

}

[main]

logdir=/var/log/puppet

vardir=/var/lib/puppet

ssldir=/var/lib/puppet/ssl

rundir=/var/run/puppet

factpath=$vardir/lib/facter

#pluginsync=true

server=puppetinstituto

runinterval=5400

syslogfacility=

report=true

[master]

templatedir=/var/lib/puppet/templates

BREVE DESCRIPCION DE LA EJECUCION DEL MODULO

--------------------------------------------

Destino : Portatiles de alumno con la imagen nueva

Acción : Deshabilita de network-manager la opción de crear wifi

Notas : Configurar gconf, se pueden hacer un montón de cosas por aquí, quitar

salvapantallas, fondo de escritorio, etc, etc, pero yo lo que quería era

quitar la posibilidad de la creación de redes wifi, por aquí los

chavales ya empezaban a hacerlo, por esta razón lo he metido en

mandatory y no en defaults, para que no se pueda modificar. Se puede

también adaptar el fichero a vuestras necesidades, incluso se podrían

poner cosas en default en lugar de en mandatory, sólo habría que cambiar

el directorio de destino y quitar el parámetro --mandatory al

update-gconf-defaults

INSTRUCCIONES DE INSTALACION DEL MODULO

---------------------------------------

Desempaquetar en /etc/puppet/modules

Incluir la linea include "nombre_modulo" en /etc/puppet/manifests/classes/especifica-miniportatil-2011.pp

------------------------------------------------

Creado por:

Francisco Paniagua Sánchez

Administrador Informático del IES Francisco de Orellana (Trujillo).

24-Octubre-2012

class portatiles2012_gconf {

file {"/usr/share/gconf/mandatory/51_ies_fcodeorellana":

owner => root, group => root, mode => 644,

source => "puppet:///portatiles2012_gconf/51_ies_fcodeorellana",

notify => Exec["actualizar-gconf-orellana"],

}

exec { "actualizar-gconf-orellana":

command => "/usr/bin/update-gconf-defaults --mandatory",

subscribe => File["/usr/share/gconf/mandatory/51_ies_fcodeorellana"],

require => File["/usr/share/gconf/mandatory/51_ies_fcodeorellana"],

refreshonly => true

}

}

/apps/nm-applet/disable-wifi-create true

/apps/nautilus/preferences/enable_delete true

/apps/nautilus/preferences/click_policy double

/desktop/gnome/background/picture_filename /home/instituto/fondo.jpg

/desktop/gnome/background/picture_options centered

/desktop/gnome/background/primary_color #1eed18c32e72

/desktop/gnome/background/secondary_color #6666baba0000

/desktop/gnome/background/color_shading_type solid

/apps/gnome-screensaver/user_switch_enabled false

/apps/gnome-screensaver/idle_activation_enabled false

/apps/gnome-screensaver/idle_delay 60

/apps/gnome-screensaver/lock_enabled false

/apps/gnome-session/options/logout_prompt false

/desktop/gnome/lockdown/disable_user_switching true

/apps/panel/objects/btn_exit_screen0/action_type none

BREVE DESCRIPCION DE LA EJECUCION DEL MODULO

--------------------------------------------

Tarea que nos permite incluir configuraciones personalizadas para el gnome simplemente modificando el

archivo 30_config_ies_personalizado. Las configuraciones personalizadas son mandatory, es decir que

tienen prioridad sobre cualquier configuración que tenga el usuario en su home personal.

El fichero 30_config_ies_personalizado trae estas configuraciones, que se deben modificar segun las

necesidades de nuestro centro:

/apps/nautilus/preferences/enable_delete true

Activa el borrado en el menu contextual del nautilus

/apps/nautilus/preferences/click_policy double

Activa el doble click para abrir ficheros y carpetas

/desktop/gnome/background/picture_filename /home/instituto/fondo.jpg

/desktop/gnome/background/picture_options centered

/desktop/gnome/background/primary_color #1eed18c32e72

/desktop/gnome/background/secondary_color #6666baba0000

/desktop/gnome/background/color_shading_type solid

Establece un fondo obligatorio para todo el instituto

/apps/gnome-screensaver/user_switch_enabled false

Desactiva el cambio de usuario desde el protector de pantalla

/apps/gnome-screensaver/idle_activation_enabled false

Desactiva la activacion del protector de pantalla

/apps/gnome-screensaver/idle_delay 60

Fija el tiempo de espera en minutos del protector de pantalla

/apps/gnome-screensaver/lock_enabled false

Desactiva la petición de contraseña del protectod de pantalla

/apps/gnome-session/options/logout_prompt false

No pregunta nada al cerrar sesión el usuario

/desktop/gnome/lockdown/disable_user_switching true

Desactiva el cambio rapido de usuario

/apps/panel/objects/btn_exit_screen0/action_type none

Quita el botón de apagado de la barra de tareas de gnome.

INSTRUCCIONES DE INSTALACION DEL MODULO

---------------------------------------

Desempaquetar en /etc/puppet/modules

Incluir la linea include "nombre_modulo" en /etc/puppet/manifests/classes/clase-especifica.pp

class gnome-mandatory-squeeze {

file {

"/usr/share/gconf/mandatory/30_config_ies_personalizado":

owner => root, group => root, mode => 644,

source => "puppet:///gnome-mandatory-squeeze/30_config_ies_personalizado",

notify => Exec["actualizar-gconf-mandatory"],

}

exec {

"actualizar-gconf-mandatory":

command => "/usr/bin/update-gconf-defaults --mandatory",

refreshonly => true,

subscribe => File["/usr/share/gconf/mandatory/30_config_ies_personalizado"],

require => File["/usr/share/gconf/mandatory/30_config_ies_personalizado"]

}

}

30/03/2011

Añadida funcionalidad apaga_clientes basada en 'ejecutaenhosts' para forzar

el apagado de los clientes cuando se apaga o reinicia el servidor del aula.

utilaula 0.5

Tarea de puppet que añade comandos que hace posible conectarse facilmente

a los ordenadores(portatiles o clientes ligeros) que estan encendidos en un

determinado momento en un aula desde el ordenador del profesor. Para instalar

la tarea solo hay que descomprimir en /etc/puppet/modules del servidor nfs y

añadirla a clase-especifica. Los comandos son los siguientes:

*listahosts: devuelve una lista de las máquinas conectadas(hostname e ip).

*conectahost: abre una sesión de ssh como root en la maquina que se le indique.

(No es necesario teclear el nombre entero,basta con los primeros caracteres)

*ejecutaenhosts: ejecuta el comando que se le pase como parámetro en todos los hosts

(Con el parametro -p se ejecuta en paralelo en todos los equipos)

*arreglosportatil: ejecuta los comandos de configuracion basica de los portatiles.

(mirar dentro del script para mas detalles)

*reincio: reincia el servidor de aula si no hay nadie logeado.

*apagado: apaga el servidor de aula si no hay nadie logeado

Ricardo Salgado Cid

IESO Galisteo

Febrero 2011

16/02/11 v0.7 Corregidos permisos en la carpeta files

10/02/11 v0·6 Corregido bug(No se creaba la carpeta .ssh dentro del root de la imagen ltsp)

10/02/11 v0.5 Release incial

class ltsp_utilaula {

package { "finger":

ensure => latest,

}

user { "portatil":

uid => '900',

ensure => present,

home => '/var/lib/portatil',

managehome => true,

shell => '/bin/bash',

}

file {

"/etc/init.d/apaga_clientes":

owner => root, group => root, mode => 750,

source => "puppet:///ltsp_utilaula/apaga_clientes",

require => Package["finger"],

notify => Exec[crear_enlaces_ejecucion];

"/usr/bin/chequea_login":

owner => root, group => root, mode => 750,

source => "puppet:///ltsp_utilaula/chequea_login";

"/sbin/conectahost":

owner => root, group => root, mode => 750,

source => "puppet:///ltsp_utilaula/conectahost";

"/sbin/listahosts":

owner => root, group => root, mode => 750,

source => "puppet:///ltsp_utilaula/listahosts";

"/sbin/ejecutaenhosts":

owner => root, group => root, mode => 750,

source => "puppet:///ltsp_utilaula/ejecutaenhosts";

"/sbin/arreglosportatil":

owner => root, group => root, mode => 750,

source => "puppet:///ltsp_utilaula/arreglosportatil";

"/sbin/apagado":

owner => root, group => root, mode => 750,

source => "puppet:///ltsp_utilaula/apagado";

"/sbin/reinicio":

owner => root, group => root, mode => 750,

source => "puppet:///ltsp_utilaula/reinicio";

"/var/lib/portatil/.ssh":

owner => root, group => root, mode => 700,

require => User["portatil"],

ensure => directory;

"/var/lib/portatil/.ssh/id_rsa":

owner => root, group => root, mode => 600,

source => "puppet:///ltsp_utilaula/id_rsa",

require => File["/var/lib/portatil/.ssh"];

"/var/lib/portatil/.ssh/id_rsa.pub":

owner => root, group => root, mode => 600,

source => "puppet:///ltsp_utilaula/id_rsa.pub",

require => File["/var/lib/portatil/.ssh"],

before => File["/opt/ltsp/i386/root/.ssh/authorized_keys2"];

"/opt/ltsp/i386/root/.ssh/authorized_keys2":

owner => root, group => root, mode => 600,

source => "/var/lib/portatil/.ssh/id_rsa.pub",

notify => Exec["crear-imagen-utilaula"];

}

exec { "crear-imagen-utilaula":

command => "/usr/sbin/ltsp-update-image --arch i386",

refreshonly => true;

}

exec { "crear_enlaces_ejecucion":

command => "/usr/sbin/update-rc.d apaga_clientes stop 01 0 6 .",

refreshonly => true;

}

cron {

"chequea-login":

command => "/usr/bin/chequea_login",

user => root,

hour => '8-20',

minute => '*/2',

weekday => '1-5',

}

}

#!/bin/bash

#

#Ricardo Salgado(IESO Galisteo)

#

#Conecta a un host (portatil o workstation) que esté conectado a la red del aula en ese momento

#toma como parametro el nombre del host(o una parte de el)

#

#Ricardo Salgado Cid

#IESO Galisteo

#

#26/01/11 Release incial ()

#09/02/11 Opciones mas restrictivas en los ssh para evitar esperas infinitas

if [ $# -ne 1 ]; then

echo "Conecta a un host (portatil o workstation) que este conectado a la red del aula en ese momento"

echo "Uso: $0 nombre_equipo"

exit

fi

hostip=$(avahi-browse -trpk -d local _workstation._tcp 2>/dev/null | grep 192.168.0. | grep -v '\-pro\|_pro' | grep $1.* | cut -d";" -f7,8 | sed 's/.local//' | sort | tail -1 )

host=$(echo $hostip | cut -d";" -f1)

ip=$(echo $hostip | cut -d";" -f2)

echo "Conectando a $host($ip)"

ssh -o StrictHostKeyChecking=no -o ConnectTimeout=9 -o ServerAliveCountMax=2 -o ServerAliveInterval=15 -i /var/lib/portatil/.ssh/id_rsa root@$ip

#!/bin/bash

#Apaga el servidor de aula si no hay nadie logeado. Tambien apaga

#los ordenadores de los host conectados(Evita que se queden fritos

#algunos tipos de clientes ligeros como los Dominion)

#No tiene en cuenta si hay logeados alumnos

if ! who | grep -q "(:0)"; then

ejecutaenhosts "poweroff -f"

/sbin/shutdown -h now

fi

#!/bin/bash

#

# Ricardo Salgado(IESO Galisteo)

#

# Ejecuta los comandos contenidos en la variable "comandos" en todos los portatiles conectados al aula.

# Los comandos deben terminar con el caracter ";" a excepcion del ultimo

# Pensado solo para los portatiles, cuidado con ejecutarlo sobre los clientes ligeros

# Pasando como parametro -p al script los comandos se ejecutaran en paralelo en todos los host.

# Sin parametros se ejecutaran host a host

comandos="

/etc/init.d/puppet stop;

dpkg --configure -a --force-all;

puppetd -tv;

pkgsync;

nss_updatedb ldap;

apt-get -y -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold--reinstall install autofs5;

/etc/init.d/puppet start

"

if [ "$1" \= "-p" ] ; then

/sbin/ejecutaenhosts -p $comandos

else

/sbin/ejecutaenhosts $comandos

fi

#!/bin/bash

#Lista los hosts, sean portatiles o clientes ligeros que esten conectados en esa clase

#en ese instante.

#

#Ricardo Salgado Cid

#IESO Galisteo

#

#09/02/11 Release incial ()

listahosts=$(avahi-browse -trpk -d local _workstation._tcp 2>/dev/null | grep 192.168.0. | grep -v '_pro\|\-pro' | cut -d";" -f7,8 | sed 's/.local//' | sort)

if [ -z "$listahosts" ]; then

echo "No se ha encontrado ninguna maquina conectada"

exit 2

else

echo "Hay $(echo $listahosts | tr " " "\n" | wc -l ) maquina/s conectadas:"

fi

for hostip in $listahosts

do

host=$(echo $hostip | cut -d";" -f1)

ip=$(echo $hostip | cut -d";" -f2)

echo "--$host($ip)"

done

#! /bin/sh

/sbin/ejecutaenhosts -p "poweroff -f"

-----BEGIN RSA PRIVATE KEY-----

MIIEogIBAAKCAQEAx22Iui6IIuIImE5VnN0pMCTIkF/5Nhmb0gaTvPPL8UpToynC

bwynNQze90RdGhN0lZs7slyVM8RnbFPik1m1MRFw/7ZClFavAUH6h3Q9B9FgxNGn

S6e62ek6v8j4aazri4TVLaogt7uT2mJa8D1qvVngPQErgEpgr7w4YcWpd3FXYe63

kzCb6g6ElEedfuAG7veDg26Hk6j3OAWfA+zInT/HkHe0B+jgAr6neVvhBdLnDTCd

Ra3MpgTrW1q/3/o82adJMBXQf2xAxkACMw7e0aaOPHJsA6wvSOL7PhY/FFOv2ad1

cmMHOXtcnwGwGk6f+29SgNw1Vnebsw63tLik0QIBIwKCAQEAvAgwdQdNKDQz/VEs

Ji+b3O97RkvcV5R8+TlmuXgmsE1kzQoduSkv8DC098QdRHi+YSv2dPg056qNZiM0

ttDsqptqirMo1QFF6z41WyR0Dq94fw7Q74+ESc1GBUh1MG/WxV/8Ml6T4G8Hv0bK

xUE4wSjavSz9ITAvRpuFngOCho3EITf+3cR0NwbJOLS8XuW0bkr5MEaSlPkCTnmd

p0mubgotQ1cDqrBcG2fIrVmLuUATWQVsnotLK+y8jaMOnnwT97PHW0V87Ge7frYs

NFeCt0lh/FATtYGK3/h12aJTPR5y8TBXkmWVxtrW91HvTPGnfq4v35Mzfy1B8xPx

0YC9FwKBgQD1TH69GcAi3E1FPrMoKCz+xPFkO55PEP9frBPaUTebkr7Kj4kN5uDR

ijEmOGYCAb0P1L54yhYQDRA8xIR37/AB11CgZgj7Wdf85Y88/PVHdOrYSOEmO+9X

sF7FCIv/heBVUrjAHklfnbEBtsm7bU5ESWHBBvFXfbrL72rVFSU/vwKBgQDQIMA5

vMbmhdFSpRLUVuYxhoBNSuo4MjyknY/P6gIuOLRBXGuSuZLTkcoZBTnOs/irbWxj

tGjZeeJTNutH8p3nxVIqrxC1gC4A5e+OkfrWa8r4sajy0O2hZSdcICupNlrRGoUi

JW/aNX1nZcnIU6L3oA8BnE6+gGYF8GAvuZ4/bwKBgH4nVx9sVC8veDI9gLWRATKR

K6/kJYe/mUclTAngoEFhaW99BKgQVl0if61Bk4wA5OOR+46T0NUOCFnEJt6Yp1Fn

a0stKTDPHp9RfN2JaDNgs0qpI1V96M4C7uj9FMyN/lfEJIAPk3MApCzEZ796Cv6M

I6UZg27S8lpAnVekeY5/AoGAF8k6ikF10TPdaIfk5RE+4Ravk84MI634TVPV6+A6

w3Qx25WIow3k5Pq4AtwGm0fEpeCerE8h7Pf8m8vDHipbMG5SiIkJOVB6ST7ZjKL4

GIFZBnq0OQHvRaUpEdfKeb0RsX9frCGJIECgnhpC8lKzigOp8Y404pJUzXqOpl5b

OnMCgYEA1bngJ88HGe/YlKTXH9THm140spVy/qeJmnbqTWB8RQobbp5Y7igLxnG2

Yvb7oSNeTCAhVqvnnwe5yan5tihTiredfr3lkPrw7B91Im8IfKlKnQwT72xkBDFB

bTSROCdpGrTYFvl6AriDU5Bzj5xHYm8GVpkeuI3xMgdmhxT+6+E=

-----END RSA PRIVATE KEY-----

#!/bin/bash

#Reinicia el servidor de aula si no hay nadie logeado. Tambien apaga

#los ordenadores de los host conectados(Evita que se queden fritos

#algunos tipos de clientes ligeros como los Dominion)

#No tiene en cuenta si hay logeados alumnos

if ! who | grep -q "(:0)"; then

ejecutaenhosts "poweroff -f"

/sbin/shutdown -r now

fi

#!/bin/sh

# Comprueba si hay algún profesor logueado en el servidor de aula y en caso contrario

# apaga los terminales que estuvieran encendidos

usuario=`finger -s | grep "tty" | head -1 | cut -d " " -f 1`

groups $usuario | grep -v "teachers" >/dev/null

if [ $? -eq 0 ]; then

echo "No hay profes logueados `date`" >> /tmp/chequeo_login

/etc/init.d/apaga_clientes

else

echo "Sí hay profes logueados `date`" >> /tmp/chequeo_login

fi

exit 0

#!/bin/bash

#Permite ejecutar el comando que se le pase como parámetro en todos los hosts, ya

#sean portatiles o clientes ligeros que esten conectados en esa clase en ese instante.

#Con el parametro -p se ejecuta en paralelo en todos los equipos(la salida resultante

#se almacena en un fichero), sin el parametro -p el comando se va ejecutando maquina a

#maquina

#

#Ricardo Salgado Cid

#IESO Galisteo

#

#26/01/11 Release incial ()

#09/02/11 Opciones mas restrictivas en los ssh para evitar esperas infinitas

if [ $# -lt 1 ]; then

echo "Permite ejecutar el comando que se le pase como parametro en todos los hosts"

echo "sean portatiles o clientes ligeros que esten conectados en esa clase en ese instante."

echo "Con el parametro -p se ejecuta en paralelo en todos los equipos"

echo "Uso: $0 [-p] comando"

exit

fi

if [ "$1" \= "-p" ] ; then

enparalelo="yes"

shift

fi

listahosts=$(avahi-browse -trpk -d local _workstation._tcp 2>/dev/null | grep 192.168.0. | grep -v '_pro\|\-pro' | cut -d";" -f7,8 | sed 's/.local//' | sort)

if [ -z "$listahosts" ]; then

echo "No se ha encontrado ninguna maquina conectada"

exit 2

else

echo "El comando se ejecutará sobre $(echo $listahosts | tr " " "\n" | wc -l ) maquina/s"

fi

for hostip in $listahosts

do

if [ -z $enparalelo ]; then

salida=/dev/stdout

else

salida=/dev/null

fi

host=$(echo $hostip | cut -d";" -f1)

ip=$(echo $hostip | cut -d";" -f2)

echo "Salida del comando en el host $host($ip):" > $salida

echo __________________________________________________________________________ >> $salida

if [ -z $enparalelo ]; then

ssh -o StrictHostKeyChecking=no -o ConnectTimeout=9 -o ServerAliveCountMax=2 -o ServerAliveInterval=15 -i /var/lib/portatil/.ssh/id_rsa root@$ip $* >> /tmp/salida_host_$host.log 2>&1

else

ssh -o StrictHostKeyChecking=no -o ConnectTimeout=9 -o ServerAliveCountMax=2 -o ServerAliveInterval=15 -i /var/lib/portatil/.ssh/id_rsa root@$ip $* >> /tmp/salida_host_$host.log 2>&1 &

fi

echo __________________________________________________________________________ >> $salida

echo -e "\n\n" >> $salida

done

if [ -z "$enparalelo" ]; then

exit 0

else

salida="/tmp/salidas_comando_$(date +%Y%m%d_%H%M).log"

echo -n "Esperando a que terminen los procesos "

for job in $(jobs -p)

do

echo -n "."

wait $job

done

echo -e "\n"

echo "Hecho!"

echo "Salidas del comando: \"$*\"" > $salida

echo $(date) >> $salida

for hostip in $listahosts

do

host=$(echo $hostip | cut -d";" -f1)

ip=$(echo $hostip | cut -d";" -f2)

echo "Salida del comando en el host $host($ip):" >> $salida

echo __________________________________________________________________________ >> $salida

cat /tmp/salida_host_${host}.log >> $salida

rm /tmp/salida_host_${host}.log

echo __________________________________________________________________________ >> $salida

done

echo "Salidas almacenadas en el fichero: $salida"

# read -n1 -p "¿Mostrar fichero? (s/N) "

# echo

# [[ $REPLY == [sSyY] ]] && less /root/$salida

#

# read -n1 -p "¿Borrar fichero? (s/N) "

# echo

# [[ $REPLY == [sSyY\n] ]] && rm $salida

fi

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAx22Iui6IIuIImE5VnN0pMCTIkF/5Nhmb0gaTvPPL8UpToynCbwynNQze90RdGhN0lZs7slyVM8RnbFPik1m1MRFw/7ZClFavAUH6h3Q9B9FgxNGnS6e62ek6v8j4aazri4TVLaogt7uT2mJa8D1qvVngPQErgEpgr7w4YcWpd3FXYe63kzCb6g6ElEedfuAG7veDg26Hk6j3OAWfA+zInT/HkHe0B+jgAr6neVvhBdLnDTCdRa3MpgTrW1q/3/o82adJMBXQf2xAxkACMw7e0aaOPHJsA6wvSOL7PhY/FFOv2ad1cmMHOXtcnwGwGk6f+29SgNw1Vnebsw63tLik0Q== portatil@servidor

#!/bin/bash

#----------------------------------------------------------

# Copyright (c) 2010 - Antonio J. Abasolo Sierra

# Fecha: Abril-2010. Ultima rev.: Abril-2010

#----------------------------------------------------------

#

# Revisado: Esteban M. Navas Martín

# Fecha: 12/12/2012

# Corregido bug poara que busque el comienzo del nombre del servidor LTSP:

# ipLTSP=`grep ^$LTSP /tmp/ListaPcs | cut -f2 -d,`

# Evitamos que el script falle cuando el nombre de un equipo sea parte del de otro.

# Se producíaun error cuando hab?a equipos con nombres: a01-pro dlengua01-pro, a02-pro dmatematicas02-pro...

#

# VARIABLES --------------------------------------------------------------------------------

DN="dc=instituto,dc=extremadura,dc=es"

BASESEARCH=" -xLLL -h ldap -b "

FICHERO=/etc/squid/proxys_intermedios.conf

# ----------------------------------------------------------------------------------------------

DOMINIO=`egrep "search|domain" /etc/resolv.conf | head -1 |awk '{print $2}'`

ipLDAP=`host ldap | awk '{print $4}'`

#ipLDAP=`ldapsearch $BASESEARCH dc=$dominio,ou=hosts,$DN "(dc=ldap)" aRecord | grep aRecord | awk '{print $2}'`

echo "

# Proxys Intermedios

# ------------------

# Para identificar al proxy padre: debe ponerse la ip/host del gateway principal

cache_peer $ipLDAP parent 3128 3130 proxy-only

# Para identificar a proxy's hermanos: ip's de cada servidor de aula, menos él mismo " > $FICHERO

ldapsearch $BASESEARCH dc=$DOMINIO,ou=hosts,$DN aRecord dc > /tmp/ListaIps

rm -f /tmp/ListaPcs 2> /dev/null

cat /tmp/ListaIps | while read KEY VALUE ; do

case "$KEY" in

dn:)

PC=

IP=

;;

dc:) PC=$VALUE ;;

aRecord:) IP=$VALUE ;;

"") echo "$PC,$IP" >> /tmp/ListaPcs ;;

esac

done

ldapsearch $BASESEARCH ou=Netgroup,$DN "(cn=ltsp-server-hosts)" | grep nisNetgroupTriple | cut -f2 -d'(' | cut -f1 -d',' > /tmp/ListaLTSP

grep -vw `hostname|cut -f1 -d.` /tmp/ListaLTSP | sort | while read LTSP ; do

ipLTSP=`grep ^$LTSP /tmp/ListaPcs | cut -f2 -d,`

echo "#Servidor de Aula: $LTSP" >> $FICHERO

echo "cache_peer $ipLTSP sibling 80 3130 proxy-only" >> $FICHERO

done

rm -f /tmp/ListaLTSP /tmp/ListaIps /tmp/ListaPcs

cat $FICHERO

# sarg.conf

#

# TAG: language

# Available languages:

# Bulgarian_windows1251

# Catalan

# Czech

# Dutch

# English

# French

# German

# Greek

# Hungarian

# Indonesian

# Italian

# Japanese

# Latvian

# Polish

# Portuguese

# Romanian

# Russian_koi8

# Russian_UFT-8

# Russian_windows1251

# Serbian

# Slovak

# Spanish

# Turkish

#

#language Spanish

# TAG: access_log file

# Where is the access.log file

# sarg -l file

#

access_log /var/log/squid/access.log

# TAG: graphs yes|no

# Use graphics where is possible.

# graph_days_bytes_bar_color blue|green|yellow|orange|brown|red

#

graphs yes

graph_days_bytes_bar_color orange

# TAG: title

# Especify the title for html page.

#

title "Squid: Informe de Accesos de los Usuarios"

# TAG: font_face

# Especify the font for html page.

#

font_face Tahoma,Verdana,Arial

# TAG: header_color

# Especify the header color

#

header_color darkblue

# TAG: header_bgcolor

# Especify the header bgcolor

#

header_bgcolor blanchedalmond

# TAG: font_size

# Especify the text font size

#

font_size 9px

# TAG: header_font_size

# Especify the header font size

#

#header_font_size 9px

# TAG: title_font_size

# Especify the title font size

#

#title_font_size 11px

# TAG: background_color

# TAG: background_color

# Html page background color

#

background_color white

# TAG: text_color

# Html page text color

#

text_color #000000

# TAG: text_bgcolor

# Html page text background color

#

text_bgcolor lavender

# TAG: title_color

# Html page title color

#

title_color green

# TAG: logo_image

# Html page logo.

#

#logo_image none

# TAG: logo_text

# Html page logo text.

#

logo_text "Squid"

# TAG: logo_text_color

# Html page logo texti color.

#

logo_text_color #000000

# TAG: logo_image_size

# Html page logo image size.

# width height

#

image_size 80 45

# TAG: background_image

# Html page background image

#

background_image none

# TAG: password

# User password file used by authentication

# If used here, reports will be generated only for that users.

#

#password none

# TAG: temporary_dir

# Temporary directory name for work files

# sarg -w dir

#

temporary_dir /tmp

# TAG: output_dir

# The reports will be saved in that directory

# sarg -o dir

#

#output_dir /var/www/html/squid-reports

output_dir /var/www/squid-reports

# TAG: output_email

# Email address to send the reports. If you use this tag, no html reports will be generated.

# sarg -e email

#

#output_email none

# TAG: resolve_ip yes/no

# Convert ip address to dns name

# sarg -n

resolve_ip no

# TAG: user_ip yes/no

# Use Ip Address instead userid in reports.

# sarg -p

user_ip yes

# TAG: topuser_sort_field field normal/reverse

# Sort field for the Topuser Report.

# Allowed fields: USER CONNECT BYTES TIME

#

topuser_sort_field BYTES reverse

# TAG: user_sort_field field normal/reverse

# Sort field for the User Report.

# Allowed fields: SITE CONNECT BYTES TIME

#

user_sort_field BYTES reverse

# TAG: exclude_users file

# users within the file will be excluded from reports.

# you can use indexonly to have only index.html file.

#

exclude_users /etc/sarg/exclude_users

# TAG: exclude_hosts file

# Hosts, domains or subnets will be excluded from reports.

#

# Eg.: 192.168.10.10 - exclude ip address only

# 192.168.10.0 - exclude full C class

# s1.acme.foo - exclude hostname only

# acme.foo - exclude full domain name

#

exclude_hosts /etc/sarg/exclude_hosts

# TAG: useragent_log file

# useragent.log file patch to generate useragent report.

#

#useragent_log none

# TAG: date_format

# Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww)

#

date_format e

# TAG: per_user_limit file MB

# Saves userid on file if download exceed n MB.

# This option allow you to disable user access if user exceed a download limit.

#

#per_user_limit none

# TAG: lastlog n

# How many reports files must be keept in reports directory.

# The oldest report file will be automatically removed.

# 0 - no limit.

#

lastlog 0

# TAG: remove_temp_files yes

# Remove temporary files: geral, usuarios, top, periodo from root report directory.

#

remove_temp_files yes

# TAG: index yes|no|only

# Generate the main index.html.

# only - generate only the main index.html

#

index yes

# TAG: index_tree date|file

# How to generate the index.

#

index_tree file

# TAG: overwrite_report yes|no

# yes - if report date already exist then will be overwrited.

# no - if report date already exist then will be renamed to filename.n, filename.n+1

#

overwrite_report yes

# TAG: records_without_userid ignore|ip|everybody

# What can I do with records without user id (no authentication) in access.log file ?

#

# ignore - This record will be ignored.

# ip - Use ip address instead. (default)

# everybody - Use "everybody" instead.

#

records_without_userid ip

# TAG: use_comma no|yes

# Use comma instead point in reports.

# Eg.: use_comma yes => 23,450,110

# use_comma no => 23.450.110

#

use_comma no

# TAG: mail_utility mail|mailx

# Mail command to use to send reports via SMTP

#

mail_utility mailx

# TAG: topsites_num n

# How many sites in topsites report.

#

topsites_num 100

# TAG: topsites_sort_order CONNECT|BYTES A|D

# Sort for topsites report, where A=Ascendent, D=Descendent

#

topsites_sort_order CONNECT D

# TAG: index_sort_order A/D

# Sort for index.html, where A=Ascendent, D=Descendent

#

index_sort_order D

# TAG: exclude_codes file

# Ignore records with these codes. Eg.: NONE/400

#

exclude_codes /etc/sarg/exclude_codes

# TAG: replace_index string

# Replace "index.html" in the main index file with this string

# If null "index.html" is used

#

#replace_index <?php echo str_replace(".", "_", $REMOTE_ADDR); echo ".html"; ?>

# TAG: max_elapsed milliseconds

# If elapsed time is recorded in log is greater than max_elapsed use 0 for elapsed time.

# Use 0 for no checking

#

#max_elapsed 0

# 8 Hours

max_elapsed 28800000

# TAG: report_type type

# What kind of reports to generate.

# topusers - users, sites, times, bytes, connects, links to accessed sites, etc

# topsites - site, connect and bytes report

# sites_users - users and sites report

# users_sites - accessed sites by the user report

# date_time - bytes used per day and hour report

# denied - denied sites with full URL report

# auth_failures - autentication failures report

# site_user_time_date - sites, dates, times and bytes report

# downloads - downloads per user report

#

# Eg.: report_type topsites denied

#

#report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads

report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads

# TAG: usertab filename

# You can change the "userid" or the "ip address" to be a real user name on the reports.

# Table syntax:

# userid name or ip address name

# Eg:

# SirIsaac Isaac Newton

# vinci Leonardo da Vinci

# 192.168.10.1 Karol Wojtyla

#

# Each line must be terminated with '\n'

#

usertab /etc/sarg/usertab

# TAG: long_url yes|no

# If yes, the full url is showed in report.

# If no, only the site will be showed

#

# YES option generate very big sort files and reports.

#

long_url no

# TAG: date_time_by bytes|elap

# Date/Time reports will use bytes or elapsed time?

#

date_time_by bytes

# TAG: charset name

# ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit)

# graphic character sets for writing in alphabetic languages

# You can use the following charsets:

# Latin1 - West European

# Latin2 - East European

# Latin3 - South European

# Latin4 - North European

# Cyrillic

# Arabic

# Greek

# Hebrew

# Latin5 - Turkish

# Latin6

# Windows-1251

# Koi8-r

#

charset Latin1

# TAG: user_invalid_char "&/"

# Records that contain invalid characters in userid will be ignored by Sarg.

#

#user_invalid_char "&/"

# TAG: privacy yes|no

# privacy_string "***.***.***.***"

# privacy_string_color blue

# In some countries the sysadm cannot see the visited sites by a restrictive law.

# Using privacy yes the visited url will be changes by privacy_string and the link

# will be removed from reports.

#

#privacy no

#privacy_string "***.***.***.***"

#privacy_string_color blue

# TAG: include_users "user1:user2:...:usern"

# Reports will be generated only for listed users.

#

#include_users none

# TAG: exclude_string "string1:string2:...:stringn"

# Records from access.log file that contain one of listed strings will be ignored.

#

#exclude_string none

# TAG: show_successful_message yes|no

# Shows "Successful report generated on dir" at end of process.

#

show_successful_message no

# TAG: show_read_statistics yes|no

# Shows some reading statistics.

#

show_read_statistics no

# TAG: topuser_fields

# Which fields must be in Topuser report.

#

topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE

# TAG: user_report_fields

# Which fields must be in User report.

#

user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE

# TAG: topuser_num n

# How many users in topsites report. 0 = no limit

#

topuser_num 0

# TAG: site_user_time_date_type list|table

# generate reports for site_user_time_date in list or table format

#

#site_user_time_date_type table

# TAG: datafile file

# Save the report results in a file to populate some database

#

#datafile none

# TAG: datafile_delimiter ";"

# ascii character to use as a field separator in datafile

#

#datafile_delimiter ";"

# TAG: datafile_fields all

# Which data fields must be in datafile

# user;date;time;url;connect;bytes;in_cache;out_cache;elapsed

#

#datafile_fields user;date;time;url;connect;bytes;in_cache;out_cache;elapsed

# TAG: datafile_url ip|name

# Saves the URL as ip or name in datafile

#

#datafile ip

# TAG: weekdays

# The weekdays to take account ( Sunday->0, Saturday->6 )

# Example:

#weekdays 1-3,5

# Default:

#weekdays 0-6

# TAG: hours

# The hours to take account

# Example:

#hours 7-12,14,16,18-20

# Default:

#hours 0-23

# TAG: dansguardian_conf file

# DansGuardian.conf file path

# Generate reports from DansGuardian logs.

# Use 'none' to disable it.

# dansguardian_conf /usr/dansguardian/dansguardian.conf

#

#dansguardian_conf none

# TAG: dansguardian_ignore_date on|off

# Use 'on' use the record even the date range is different from the used squid access.log file.

# Use 'off' use the record only if the date range is in the used squid access.log file.

#

#dansguardian_ignore_date off

# TAG: squidguard_conf file

# path to squidGuard.conf file

# Generate reports from SquidGuard logs.

# Use 'none' to disable.

# You can use sarg -L filename to use an alternate squidGuard log.

# squidguard_conf /usr/local/squidGuard/squidGuard.conf

#

#squidguard_conf none

# TAG: squidguard_ignore_date on|off

# Use 'on' use the record even the date range is different from the used squid access.log file.

# Use 'off' use the record only if the date range is in the used squid access.log file.

#

#squidguard_ignore_date off

# TAG: squidguard_log_format

# Format string SquidGuard logs.

# REJIK #year#-#mon#-#day# #hour# #list#:#tmp# #ip# #user# #tmp#/#tmp#/#url#/#end#

# SQUIDGUARD #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#

#squidguard_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#

# TAG: show_sarg_info yes|no

# shows sarg information and site path on each report bottom

#

#show_sarg_info yes

# TAG: show_sarg_logo yes|no

# shows sarg logo

#

#show_sarg_logo yes

# TAG: parsed_output_log directory

# Saves the processed log in a sarg format after parsing the squid log file.

# This is a way to dump all of the data structures out, after parsing from

# the logs (presumably this data will be much smaller than the log files themselves),

# and pull them back in for later processing and merging with data from previous logs.

#

#parsed_output_log none

# TAG: parsed_output_log_compress /bin/gzip|/usr/bin/bzip2|nocompress

# sarg logs compress util

#

#parsed_output_log_compress /bin/gzip

# TAG: displayed_values bytes|abbreviation

# how the values will be displayed in reports.

# eg. bytes - 209.526

# abbreviation - 210K

#

#displayed_values bytes

# Report limits