|
Packit Service |
deda86 |
#!/usr/bin/env bash
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
# Copyright 2015 Martin Preisler <martin@preisler.me>
|
|
Packit |
517ee8 |
#
|
|
Packit |
517ee8 |
# This library is free software; you can redistribute it and/or
|
|
Packit |
517ee8 |
# modify it under the terms of the GNU Lesser General Public
|
|
Packit |
517ee8 |
# License as published by the Free Software Foundation; either
|
|
Packit |
517ee8 |
# version 2 of the License, or (at your option) any later version.
|
|
Packit |
517ee8 |
#
|
|
Packit |
517ee8 |
# This library is distributed in the hope that it will be useful,
|
|
Packit |
517ee8 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
517ee8 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
517ee8 |
# Lesser General Public License for more details.
|
|
Packit |
517ee8 |
#
|
|
Packit |
517ee8 |
# You should have received a copy of the GNU Lesser General Public
|
|
Packit |
517ee8 |
# License along with this library; if not, write to the Free Software
|
|
Packit |
517ee8 |
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
function die()
|
|
Packit |
517ee8 |
{
|
|
Packit |
517ee8 |
echo "$*" >&2
|
|
Packit |
517ee8 |
exit 1
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
function invalid()
|
|
Packit |
517ee8 |
{
|
|
Packit |
517ee8 |
echo -e "$*\n" >&2
|
|
Packit |
517ee8 |
usage
|
|
Packit |
517ee8 |
exit 1
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
function usage()
|
|
Packit |
517ee8 |
{
|
|
Packit |
517ee8 |
echo "oscap-ssh -- Tool for running oscap over SSH and collecting results."
|
|
Packit |
517ee8 |
echo
|
|
Packit |
517ee8 |
echo "Usage:"
|
|
Packit |
517ee8 |
echo
|
|
Packit |
517ee8 |
echo "$ oscap-ssh user@host 22 info INPUT_CONTENT"
|
|
Packit |
517ee8 |
echo "$ oscap-ssh user@host 22 xccdf eval [options] INPUT_CONTENT"
|
|
Packit |
517ee8 |
echo
|
|
Packit |
517ee8 |
echo "Only source datastreams are supported as INPUT_CONTENT!"
|
|
Packit |
517ee8 |
echo
|
|
Packit |
517ee8 |
echo "supported oscap xccdf eval options are:"
|
|
Packit |
517ee8 |
echo " --profile"
|
|
Packit |
517ee8 |
echo " --tailoring-file"
|
|
Packit |
517ee8 |
echo " --tailoring-id"
|
|
Packit |
517ee8 |
echo " --cpe (external OVAL dependencies are not supported yet!)"
|
|
Packit |
517ee8 |
# --check-engine-results is not supported
|
|
Packit |
517ee8 |
# use --results-arf instead
|
|
Packit |
517ee8 |
echo " --oval-results"
|
|
Packit |
517ee8 |
echo " --results"
|
|
Packit |
517ee8 |
echo " --results-arf"
|
|
Packit |
517ee8 |
echo " --report"
|
|
Packit |
517ee8 |
echo " --skip-valid"
|
|
Packit |
517ee8 |
echo " --fetch-remote-resources"
|
|
Packit |
517ee8 |
echo " --progress"
|
|
Packit |
517ee8 |
echo " --datastream-id"
|
|
Packit |
517ee8 |
echo " --xccdf-id"
|
|
Packit |
517ee8 |
echo " --benchmark-id"
|
|
Packit |
517ee8 |
echo " --remediate"
|
|
Packit |
517ee8 |
echo
|
|
Packit |
517ee8 |
echo "$ oscap-ssh user@host 22 oval eval [options] INPUT_CONTENT"
|
|
Packit |
517ee8 |
echo
|
|
Packit |
517ee8 |
echo "supported oscap oval eval options are:"
|
|
Packit |
517ee8 |
echo " --id"
|
|
Packit |
517ee8 |
echo " --variables"
|
|
Packit |
517ee8 |
echo " --directives"
|
|
Packit |
517ee8 |
echo " --results"
|
|
Packit |
517ee8 |
echo " --report"
|
|
Packit |
517ee8 |
echo " --skip-valid"
|
|
Packit |
517ee8 |
echo " --datastream-id"
|
|
Packit |
517ee8 |
echo " --oval-id"
|
|
Packit |
517ee8 |
echo
|
|
Packit |
517ee8 |
echo "$ oscap-ssh user@host 22 oval collect [options] INPUT_CONTENT"
|
|
Packit |
517ee8 |
echo
|
|
Packit |
517ee8 |
echo "supported oscap oval collect options are:"
|
|
Packit |
517ee8 |
echo " --id"
|
|
Packit |
517ee8 |
echo " --syschar"
|
|
Packit |
517ee8 |
echo " --variables"
|
|
Packit |
517ee8 |
echo " --skip-valid"
|
|
Packit |
517ee8 |
echo
|
|
Packit |
517ee8 |
echo "specific option for oscap-ssh (must be first argument):"
|
|
Packit |
517ee8 |
echo " --sudo"
|
|
Packit |
517ee8 |
echo
|
|
Packit |
517ee8 |
echo "To supply additional options to ssh/scp, define the SSH_ADDITIONAL_OPTIONS variable"
|
|
Packit |
517ee8 |
echo "For instance, to ignore known hosts records, define SSH_ADDITIONAL_OPTIONS='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'"
|
|
Packit |
517ee8 |
echo
|
|
Packit |
517ee8 |
echo "specific option for oscap-ssh (must be first argument):"
|
|
Packit |
517ee8 |
echo
|
|
Packit |
517ee8 |
echo "See \`man oscap\` to learn more about semantics of these options."
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
# $1, $2, ... SSH options (pass them as separate arguments)
|
|
Packit |
517ee8 |
function ssh_execute_with_options {
|
|
Packit |
517ee8 |
ssh -o ControlPath="$MASTER_SOCKET" $SSH_ADDITIONAL_OPTIONS "$@" -p "$SSH_PORT" "$SSH_HOST"
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
# $1: The SSH command.
|
|
Packit |
517ee8 |
# $2: More of additional options (optional, pass one space-separated string)
|
|
Packit |
517ee8 |
function ssh_execute_with_command_and_options {
|
|
Packit |
517ee8 |
ssh -o ControlPath="$MASTER_SOCKET" $SSH_ADDITIONAL_OPTIONS $2 -p "$SSH_PORT" "$SSH_HOST" "$1"
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
# $1: Local filename to copy
|
|
Packit |
517ee8 |
# $2: Remote destination
|
|
Packit |
517ee8 |
function scp_copy_to_temp_dir {
|
|
Packit |
517ee8 |
scp -o ControlPath="$MASTER_SOCKET" -P "$SSH_PORT" $SSH_ADDITIONAL_OPTIONS "$1" "$SSH_HOST:$REMOTE_TEMP_DIR/$2"
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
# $1: Remote filename to get
|
|
Packit |
517ee8 |
# $2: Local destination
|
|
Packit |
517ee8 |
function scp_retreive_from_temp_dir {
|
|
Packit |
517ee8 |
scp -o ControlPath="$MASTER_SOCKET" -P "$SSH_PORT" $SSH_ADDITIONAL_OPTIONS "$SSH_HOST:$REMOTE_TEMP_DIR/$1" "$2"
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
# $1: The name of the array holding command elements
|
|
Packit |
517ee8 |
# Returns: String, where individual command components are double-quoted, so they are not interpreted by the shell.
|
|
Packit |
517ee8 |
# For example, an array ('-p' '(all)') will be transformed to "\"-p\" \"(all)\"", so after the shell expansion, it will end up as "-p" "(all)".
|
|
Packit |
517ee8 |
function command_array_to_string {
|
|
Packit |
517ee8 |
eval "printf '\"%s\" ' \"\${$1[@]}\""
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
function first_argument_is_sudo {
|
|
Packit |
517ee8 |
[ "$1" == "sudo" ] || [ "$1" == "--sudo" ]
|
|
Packit |
517ee8 |
return $?
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
function sanity_check_arguments {
|
|
Packit |
517ee8 |
if [ $# -lt 1 ]; then
|
|
Packit |
517ee8 |
invalid "No arguments provided."
|
|
Packit |
517ee8 |
elif [ "$1" == "-h" ] || [ "$1" == "--help" ]; then
|
|
Packit |
517ee8 |
usage
|
|
Packit |
517ee8 |
exit 0
|
|
Packit |
517ee8 |
elif first_argument_is_sudo "$@"; then
|
|
Packit |
517ee8 |
OSCAP_SUDO="sudo"
|
|
Packit |
517ee8 |
# force pseudo-tty allocation so that users can type their password if necessary
|
|
Packit |
517ee8 |
SSH_TTY_ALLOCATION_OPTION="-t"
|
|
Packit |
517ee8 |
shift
|
|
Packit |
517ee8 |
fi
|
|
Packit |
517ee8 |
if [ $# -lt 2 ]; then
|
|
Packit |
517ee8 |
invalid "Missing ssh host and ssh port."
|
|
Packit |
517ee8 |
fi
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
function check_oscap_arguments {
|
|
Packit |
517ee8 |
if [ "$1" == "--v" ] || [ "$1" == "--version" ]; then
|
|
Packit |
517ee8 |
true
|
|
Packit |
517ee8 |
elif [ "$1" == "-h" ] || [ "$1" == "--help" ]; then
|
|
Packit |
517ee8 |
true
|
|
Packit |
517ee8 |
elif [ "$1" == "info" ]; then
|
|
Packit |
517ee8 |
true
|
|
Packit |
517ee8 |
elif [ "$1 $2" == "xccdf eval" ]; then
|
|
Packit |
517ee8 |
true
|
|
Packit |
517ee8 |
elif [ "$1 $2" == "oval eval" ]; then
|
|
Packit |
517ee8 |
true
|
|
Packit |
517ee8 |
elif [ "$1 $2" == "oval collect" ]; then
|
|
Packit |
517ee8 |
true
|
|
Packit |
517ee8 |
else
|
|
Packit |
517ee8 |
die "This script only supports 'sudo' as first argument, '-h', '--help', '--v', '--version', 'info', 'xccdf eval', 'oval eval' and 'oval collect'."
|
|
Packit |
517ee8 |
fi
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
hash ssh 2> /dev/null || die "Cannot find ssh, please install the OpenSSH client."
|
|
Packit |
517ee8 |
hash scp 2> /dev/null || die "Cannot find scp, please install the OpenSSH client."
|
|
Packit |
517ee8 |
hash mktemp 2> /dev/null || die "Cannot find mktemp, please install coreutils."
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
OSCAP_SUDO=""
|
|
Packit |
517ee8 |
# SSH_ADDITIONAL_OPTIONS may be defined in the calling shell
|
|
Packit |
517ee8 |
SSH_TTY_ALLOCATION_OPTION=""
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
sanity_check_arguments "$@"
|
|
Packit |
517ee8 |
first_argument_is_sudo "$@" && shift
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
SSH_HOST="$1"
|
|
Packit |
517ee8 |
SSH_PORT="$2"
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
shift 2
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
check_oscap_arguments "$@"
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
MASTER_SOCKET_DIR=$(mktemp -d)
|
|
Packit |
517ee8 |
MASTER_SOCKET="$MASTER_SOCKET_DIR/ssh_socket"
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
echo "Connecting to '$SSH_HOST' on port '$SSH_PORT'..."
|
|
Packit |
517ee8 |
ssh_execute_with_options -M -f -N -o ServerAliveInterval=60 || die "Failed to connect!"
|
|
Packit |
517ee8 |
echo "Connected!"
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
REMOTE_TEMP_DIR=$(ssh_execute_with_command_and_options "mktemp -d") || die "Failed to create remote temporary directory!"
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
oscap_args=("$@")
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
LOCAL_CONTENT_PATH=""
|
|
Packit |
517ee8 |
LOCAL_TAILORING_PATH=""
|
|
Packit |
517ee8 |
LOCAL_CPE_PATH=""
|
|
Packit |
517ee8 |
LOCAL_VARIABLES_PATH=""
|
|
Packit |
517ee8 |
LOCAL_DIRECTIVES_PATH=""
|
|
Packit |
517ee8 |
TARGET_RESULTS=""
|
|
Packit |
517ee8 |
TARGET_RESULTS_ARF=""
|
|
Packit |
517ee8 |
TARGET_REPORT=""
|
|
Packit |
517ee8 |
TARGET_SYSCHAR=""
|
|
Packit |
517ee8 |
OVAL_RESULTS=""
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
# We have to rewrite various paths to a remote temp dir
|
|
Packit |
517ee8 |
for i in $(seq 0 `expr $# - 1`); do
|
|
Packit |
517ee8 |
let j=i+1
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
case "${oscap_args[i]}" in
|
|
Packit |
517ee8 |
("--tailoring-file")
|
|
Packit |
517ee8 |
LOCAL_TAILORING_PATH=${oscap_args[j]}
|
|
Packit |
517ee8 |
oscap_args[j]="$REMOTE_TEMP_DIR/tailoring.xml"
|
|
Packit |
517ee8 |
;;
|
|
Packit |
517ee8 |
("--cpe")
|
|
Packit |
517ee8 |
LOCAL_CPE_PATH=${oscap_args[j]}
|
|
Packit |
517ee8 |
oscap_args[j]="$REMOTE_TEMP_DIR/cpe.xml"
|
|
Packit |
517ee8 |
;;
|
|
Packit |
517ee8 |
("--variables")
|
|
Packit |
517ee8 |
LOCAL_VARIABLES_PATH=${oscap_args[j]}
|
|
Packit |
517ee8 |
oscap_args[j]="$REMOTE_TEMP_DIR/variables.xml"
|
|
Packit |
517ee8 |
;;
|
|
Packit |
517ee8 |
("--directives")
|
|
Packit |
517ee8 |
LOCAL_DIRECTIVES_PATH=${oscap_args[j]}
|
|
Packit |
517ee8 |
oscap_args[j]="$REMOTE_TEMP_DIR/directives.xml"
|
|
Packit |
517ee8 |
;;
|
|
Packit |
517ee8 |
("--results")
|
|
Packit |
517ee8 |
TARGET_RESULTS=${oscap_args[j]}
|
|
Packit |
517ee8 |
oscap_args[j]="$REMOTE_TEMP_DIR/results.xml"
|
|
Packit |
517ee8 |
;;
|
|
Packit |
517ee8 |
("--results-arf")
|
|
Packit |
517ee8 |
TARGET_RESULTS_ARF=${oscap_args[j]}
|
|
Packit |
517ee8 |
oscap_args[j]="$REMOTE_TEMP_DIR/results-arf.xml"
|
|
Packit |
517ee8 |
;;
|
|
Packit |
517ee8 |
("--report")
|
|
Packit |
517ee8 |
TARGET_REPORT=${oscap_args[j]}
|
|
Packit |
517ee8 |
oscap_args[j]="$REMOTE_TEMP_DIR/report.html"
|
|
Packit |
517ee8 |
;;
|
|
Packit |
517ee8 |
("--syschar")
|
|
Packit |
517ee8 |
TARGET_SYSCHAR=${oscap_args[j]}
|
|
Packit |
517ee8 |
oscap_args[j]="$REMOTE_TEMP_DIR/syschar.xml"
|
|
Packit |
517ee8 |
;;
|
|
Packit |
517ee8 |
("--oval-results")
|
|
Packit |
517ee8 |
OVAL_RESULTS="yes"
|
|
Packit |
517ee8 |
;;
|
|
Packit |
517ee8 |
*)
|
|
Packit |
517ee8 |
;;
|
|
Packit |
517ee8 |
esac
|
|
Packit |
517ee8 |
done
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
if [ "$1" != "--v" ] && [ "$1" != "--version" ] && [ "$1" != "-h" ] && [ "$1" != "--help" ]; then
|
|
Packit |
517ee8 |
# Last argument should be the content path
|
|
Packit |
517ee8 |
LOCAL_CONTENT_PATH="${oscap_args[`expr $# - 1`]}"
|
|
Packit |
517ee8 |
oscap_args[`expr $# - 1`]="$REMOTE_TEMP_DIR/input.xml"
|
|
Packit |
517ee8 |
fi
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
[ "$LOCAL_CONTENT_PATH" == "" ] || [ -f "$LOCAL_CONTENT_PATH" ] || die "Expected the last argument to be an input file, '$LOCAL_CONTENT_PATH' isn't a valid file path or the file doesn't exist!"
|
|
Packit |
517ee8 |
[ "$LOCAL_TAILORING_PATH" == "" ] || [ -f "$LOCAL_TAILORING_PATH" ] || die "Tailoring file path '$LOCAL_TAILORING_PATH' isn't a valid file path or the file doesn't exist!"
|
|
Packit |
517ee8 |
[ "$LOCAL_CPE_PATH" == "" ] || [ -f "$LOCAL_CPE_PATH" ] || die "CPE file path '$LOCAL_CPE_PATH' isn't a valid file path or the file doesn't exist!"
|
|
Packit |
517ee8 |
[ "$LOCAL_VARIABLES_PATH" == "" ] || [ -f "$LOCAL_VARIABLES_PATH" ] || die "OVAL variables file path '$LOCAL_VARIABLES_PATH' isn't a valid file path or the file doesn't exist!"
|
|
Packit |
517ee8 |
[ "$LOCAL_DIRECTIVES_PATH" == "" ] || [ -f "$LOCAL_DIRECTIVES_PATH" ] || die "OVAL directives file path '$LOCAL_DIRECTIVES_PATH' isn't a valid file path or the file doesn't exist!"
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
if [ "$LOCAL_CONTENT_PATH" != "" ]; then
|
|
Packit |
517ee8 |
echo "Copying input file '$LOCAL_CONTENT_PATH' to remote working directory '$REMOTE_TEMP_DIR'..."
|
|
Packit |
517ee8 |
scp_copy_to_temp_dir "$LOCAL_CONTENT_PATH" input.xml || die "Failed to copy input file to remote temporary directory!"
|
|
Packit |
517ee8 |
fi
|
|
Packit |
517ee8 |
if [ "$LOCAL_TAILORING_PATH" != "" ]; then
|
|
Packit |
517ee8 |
echo "Copying tailoring file '$LOCAL_TAILORING_PATH' to remote working directory '$REMOTE_TEMP_DIR'..."
|
|
Packit |
517ee8 |
scp_copy_to_temp_dir "$LOCAL_TAILORING_PATH" tailoring.xml || die "Failed to copy tailoring file to remote temporary directory!"
|
|
Packit |
517ee8 |
fi
|
|
Packit |
517ee8 |
if [ "$LOCAL_CPE_PATH" != "" ]; then
|
|
Packit |
517ee8 |
echo "Copying CPE file '$LOCAL_CPE_PATH' to remote working directory '$REMOTE_TEMP_DIR'..."
|
|
Packit |
517ee8 |
scp_copy_to_temp_dir "$LOCAL_CPE_PATH" cpe.xml || die "Failed to copy CPE file to remote temporary directory!"
|
|
Packit |
517ee8 |
fi
|
|
Packit |
517ee8 |
if [ "$LOCAL_VARIABLES_PATH" != "" ]; then
|
|
Packit |
517ee8 |
echo "Copying OVAL variables file '$LOCAL_VARIABLES_PATH' to remote working directory '$REMOTE_TEMP_DIR'..."
|
|
Packit |
517ee8 |
scp_copy_to_temp_dir "$LOCAL_VARIABLES_PATH" variables.xml || die "Failed to copy OVAL variables file to remote temporary directory!"
|
|
Packit |
517ee8 |
fi
|
|
Packit |
517ee8 |
if [ "$LOCAL_DIRECTIVES_PATH" != "" ]; then
|
|
Packit |
517ee8 |
echo "Copying OVAL directives file '$LOCAL_DIRECTIVES_PATH' to remote working directory '$REMOTE_TEMP_DIR'..."
|
|
Packit |
517ee8 |
scp_copy_to_temp_dir "$LOCAL_DIRECTIVES_PATH" directives.xml || die "Failed to copy OVAL directives file to remote temporary directory!"
|
|
Packit |
517ee8 |
fi
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
echo "Starting the evaluation..."
|
|
Packit |
517ee8 |
# changing directory because of --oval-results support. oval results files are
|
|
Packit |
517ee8 |
# dumped into PWD, and we can't be sure by the file names - we need controlled
|
|
Packit |
517ee8 |
# environment
|
|
Packit |
517ee8 |
if [ -z "$OSCAP_SUDO" ]; then
|
|
Packit |
517ee8 |
ssh_execute_with_command_and_options "cd $REMOTE_TEMP_DIR; oscap $(command_array_to_string oscap_args)" "$SSH_TTY_ALLOCATION_OPTION"
|
|
Packit |
517ee8 |
else
|
|
Packit |
517ee8 |
OSCAP_CMD="oscap $(command_array_to_string oscap_args); rc=\$?; chown \$SUDO_USER $REMOTE_TEMP_DIR/*; exit \$rc"
|
|
Packit |
517ee8 |
ssh_execute_with_command_and_options "cd $REMOTE_TEMP_DIR; $OSCAP_SUDO sh -c '$OSCAP_CMD'" "$SSH_TTY_ALLOCATION_OPTION"
|
|
Packit |
517ee8 |
fi
|
|
Packit |
517ee8 |
OSCAP_EXIT_CODE=$?
|
|
Packit |
517ee8 |
echo "oscap exit code: $OSCAP_EXIT_CODE"
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
echo "Copying back requested files..."
|
|
Packit |
517ee8 |
if [ "$TARGET_RESULTS" != "" ]; then
|
|
Packit |
517ee8 |
scp_retreive_from_temp_dir results.xml "$TARGET_RESULTS" || die "Failed to copy the results file back to local machine!"
|
|
Packit |
517ee8 |
fi
|
|
Packit |
517ee8 |
if [ "$TARGET_RESULTS_ARF" != "" ]; then
|
|
Packit |
517ee8 |
scp_retreive_from_temp_dir results-arf.xml "$TARGET_RESULTS_ARF" || die "Failed to copy the ARF file back to local machine!"
|
|
Packit |
517ee8 |
fi
|
|
Packit |
517ee8 |
if [ "$TARGET_REPORT" != "" ]; then
|
|
Packit |
517ee8 |
scp_retreive_from_temp_dir report.html "$TARGET_REPORT" || die "Failed to copy the HTML report back to local machine!"
|
|
Packit |
517ee8 |
fi
|
|
Packit |
517ee8 |
if [ "$TARGET_SYSCHAR" != "" ]; then
|
|
Packit |
517ee8 |
scp_retreive_from_temp_dir syschar.xml "$TARGET_SYSCHAR" || die "Failed to copy the OVAL syschar file back to local machine!"
|
|
Packit |
517ee8 |
fi
|
|
Packit |
517ee8 |
if [ "$OVAL_RESULTS" == "yes" ]; then
|
|
Packit |
517ee8 |
scp_retreive_from_temp_dir '*.result.xml' "./" || die "Failed to copy OVAL result files back to local machine!"
|
|
Packit |
517ee8 |
fi
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
echo "Removing remote temporary directory..."
|
|
Packit |
517ee8 |
ssh_execute_with_command_and_options "rm -r $REMOTE_TEMP_DIR" || die "Failed to remove remote temporary directory!"
|
|
Packit |
517ee8 |
echo "Disconnecting ssh and removing master ssh socket directory..."
|
|
Packit |
517ee8 |
ssh_execute_with_options -O exit || die "Failed to disconnect!"
|
|
Packit |
517ee8 |
rm -r "$MASTER_SOCKET_DIR" || die "Failed to remove local master SSH socket directory!"
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
exit $OSCAP_EXIT_CODE
|