#!/bin/csh -f

# setrootpass.sh
#
# Uses Expect to ssh into each unix server as nagios, su to root
# and then change the root password, test that change, report the
# success or failure of that change then exit and move on to the next
# host.
#
# Written by Kevin P. Inscoe (kevin@inscoe.org)
#
# All the scripts can be found at
# http://kevininscoe.com/pub/scripts/password_management/setrootpass/
#
# Requirements:
#
# Expect 5, Tcl 8.4, OpenSSH 3.8, csh (generic)
#
# Assumptions:
#
# The low level account exists as the same login this script is being run under
# for each and every hostname in hosttab, that the name of the host in hosttab
# is either resolvable or in /etc/hosts with the correct address and that either
# a trust exists already in openssh between the login the script is being run as 
# and the remote host 
# (see http://kevininscoe.com/pub/scripts/pushkeys.txt)
# or the low level password will be used when prompted.
#
# Steps:
#
# Create a file in /usr/local/etc/hosttab with the following format:
#
# hostname:old password:new password:low level password:{optional}O/S type
#
# O/S type - s=Solaris, l=Linux, f=FreeBSD, w=Microsoft Windows, c=Cisco Router
#
# If an plus ("+") is used as the host name the associated passwords
# will be used by default if left blank on subsequent lines.
#

# Variables
setenv HOSTTAB "/usr/local/etc/hosttab"
set OUT="setrootpass.log"

# Cleanup from previous failed runs
if ( -e $OUT ) rm -f $OUT

# Test file first
if ( ! -e $HOSTTAB ) then
        echo $0 ": error opening" $HOSTTAB
        exit 1
endif

# Reset the perms on hosttab in case our owner did not
chmod 700 $HOSTTAB

foreach rec ( "`cat $HOSTTAB`" )
        set fc = `echo "$rec" | cut -c1`
        set host = `echo "$rec" | awk -F: '{ print $1 }' | tr " " ""`
        set old = `echo "$rec" | awk -F: '{ print $2 }'`
        set new = `echo "$rec" | awk -F: '{ print $3 }'`
        set low = `echo "$rec" | awk -F: '{ print $4 }'`
        if  ( "$fc" != "#" ) then
                if  ( "$host" == "+" ) then
                        set defold = $old
                        set defnew = $new
                        set deflow = $low
                else
# If low, old and new are blank use the previous defaults
                        if ( $?old ) set old = $defold
                        if ( $?new ) set new = $defnew
                        if ( $?low ) set low = $deflow
                        echo "Setting host: $host..."
                        /usr/local/admin/setrootpass.exp $host "$old" "$new" "$low" >> $OUT
                        /usr/local/admin/checkrootpass.exp "$host" "$new" "$low" >> $OUT
                endif
        else
                set name=`echo $host | cut -d'#' -f2`
                echo "host $name commented out"
        endif
end

# Failure report
if ( -e $OUT ) grep "SU FAILED FOR" $OUT
if ( -e $OUT ) grep -i "su:" $OUT
if ( -e $OUT ) grep -i "can't" $OUT