##########################################################################

# "Generate_Batchf.3.0" #

# perl script that reads a log file (lansauk.log generated from hfcheck) #

# containing a list of PC and their missing security patches #

# The PC name, OS and missing patch are retrieved to generate #

# a batch file (one per PC) which will apply the relevant security patch #

# for that PC #

# Written by Dom Cressatti (05/2002) #

# ######### #

# version 1 #

# ######### #

# version 2 #

# since we had the IP address instead of the PC Name in the the log #

# file we ditched the PC Name and use the IP address which we resolve #

# to it's name #

# ######### #

# version 3 #

# we don't try to resolve the IP address anymore if no patch are #

# required for a given PC #

###################### #

# version 4 (15/05/02) #

# added the "ping" in the header to check if the PC is up before running #

# the batch file as if the PC is down it hangs the server #

# #################### #

# version 5 (16/05/02) #

# made the pattern matching for QXXXXXXX in readdir subroutine case #

# insensitve so if we're looking for QXYZ but have qXYZ it still works # 

# #################### #

# version 6 (1/7/03)                                                     #

# added Media Player override                                            #

##########################################################################

unlink '\\\\mars\\services\\addons\\security\\scripts\\patchdir.log'; # delete the log file "patch.log"

system 'dir \\\\mars\\services\\addons\\security\\patches /b > \\\\mars\\services\\addons\\security\\scripts\\patchdir.log';

open (INPUT_FILE_HANDLE, '\\\\mars\services\\addons\\security\\scripts\\lansauk.log'); # Open log file containing the list of PCs requiring a patch 

@lines = <INPUT_FILE_HANDLE>;                 # Read it into an array

#### scan log file loop ####

MAIN_LOOP:

foreach $_ (@lines)

{

##### check for PC Name and IP address loop ####

if (/\(10.44/) # look for the IP address

{

&Footer; # call Footer subroutine

close (OUTPUT_FILE_HANDLE);

$IPResolved = 0; # reset the IP address resolved flag

$OutputFileLockFlag = 0; # reset output file flag 

@PCName_IPAddressString = split (/\s/);

# $PCName = @PCName_IPAddressString [0]; # retrieve the PCName part

$PC_IPAddress = @PCName_IPAddressString [1]; # retrive IP address part (still in parenthesis)

$PC_IPAddress =~ s/^\(|\)$//g; # strip the open and closing parenthesis

}

##### OS identification loop #####

if (/WINDOWS/) # look for "WINDOWS" and retrive the OS part

{

#

# Variables:  OSString is an array containing items of windows level and Service pack

#             OSString[1] is a *

#      OSString[2] is the OS name ie WINDOWS

#             OSString[3] is the version ie 2000 or XP

#             OSString[4] is the service pack level or SERVER

#             OSString[5] is the service pack level if it is a SERVER otherwise it is blank

#

#      OS_SP is the service pack string

#

#             OSREGKEY is the key to the registry

#

$PatchArgument = "-z -m";

@OSString = split (/\s/); # Split OS string into an array using spaces as delimiter

$OS = @OSString[3];

#

$OS_SP = @OSString[4]; # we are grabing service pack level.

if ($OS_SP eq "SERVER")

{

$OS_SP = @OSString[5]; # if a server then we need the 5th element.  CRAP or what!

}

#

($OS eq "2000") && do{

$OS = "W2K";       # if $OS = 2000 convert it to W2K

};

($OS eq "XP") && do{

$OS = "WXP";       # if $OS = XP convert it to WXP

};

if (substr($OS_SP,0,2) eq "SP")

{

&CheckPatch;

}

}

if (/INTERNET EXPLORER 6/) 

{

$PatchArgument = "/q /r:n";

}

if (/MEDIA PLAYER/) 

{

$PatchArgument = "/q /r:n";

}

##### patch string output loop ##### 

if (/Patch NOT Found/) # look for "Patch NOT Found" and retrieve "MS..." and "Q..." strings

{

@PatchStringPart = split (/\s/);

$MSPart = @PatchStringPart[4];

$QPart = @PatchStringPart[5];

$FullQPart = &readdir($OS, $MSPart, $QPart); # call readdir subroutine passing the OS, the MSPart, QPart and return the completed part of QPart (FullQPart) or "PATCH MISSING" if it doesn't exist

# print "FullQPart = $FullQPart\n";

if ($FullQPart ne "PATCH MISSING") # if FullQPart is not "PATCH MISSING" then print the string

{

$FQN = &ResolveIPAddress ($PC_IPAddress); # call &ResolveIPAddress which return FQN from given the IP address in parenthesis

@HostName = split (/\./, $FQN); # strip the domain part from the FQN leaving just the Host Name

$PCName = @HostName[0];

&CreateOutputFile; # call CreateOutputFile subroutine

print OUTPUT_FILE_HANDLE "psexec \\\\$PCName -s -i \\\\mars\\services\\addons\\security\\$OS\\$MSPart\\$FullQPart $PatchArgument\n";

}

}

}

close (INPUT_FILE_HANDLE);

close (OUTPUT_FILE_HANDLE);

############################ subroutine section #####################################

sub CreateOutputFile #### CreateOutputFile subroutine ####

{

if ($OutputFileLockFlag == 0) # check if the Output file is already open (fileopen flag)

{

$OutputFile = '\\\\mars\services\\addons\\security\\scripts\\pc\\'.$PCName.'.bat';

open (OUTPUT_FILE_HANDLE, ">$OutputFile"); # create a batch file named after the PC name which will contain the script for applying the patch

$OutputFileLockFlag = 1; # create fileopen flag

&Header; # call Header subroutine

print "."; # print small progress dot

}

}

# -- end CreateOutputFile subroutine --

sub Header #### Header subroutine ####

{

### add a call the kix32 (for the moment)to display the message

### but in the future it should be replaced by perl messsage (commented out 4 the moment)

### will do the following: 

### "add a Display a Windows message box warning end user that

### the updates are going to be installed"

#use Win32;

#Win32::MsgBox('Some security updates are going to be installed on your PC.'.chr(10).'Please feel free to carry on working while this is happening.'.chr(10).chr(10).'Thanks you for your cooperation.',MB_ICONINFORMATION,'Info');

print OUTPUT_FILE_HANDLE "\@echo off\n";

print OUTPUT_FILE_HANDLE "for /f %%a in ('\"ping -n 1 $PCName \|find \"Reply\"\"') do goto :pcup\n";

print OUTPUT_FILE_HANDLE "goto :pcdown\n";

print OUTPUT_FILE_HANDLE "\n";

print OUTPUT_FILE_HANDLE ":pcup\n";

print OUTPUT_FILE_HANDLE "call \\\\mars\\services\\addons\\security\\scripts\\headerMsg.bat $PCName\n";

}

# -- end header subroutine --

sub Footer #### Footer subroutine ####

{

### add qchain.exe at the end of the patch lines

### add a call the kix32 (for the moment)to display the message

### but in the future it should be replaced by perl messsage (commented out 4 the moment)

### will do the following: 

### "Display a Windows message box warning end user that

### the updates have been installed and that they have

### reboot their PC but only when they want to"

### add start del %0 so the batch file delete itself once

### it has been processed

#use Win32;

#Win32::MsgBox('The security updates have been installed.'.chr(10).chr(10).'They will only be effective after you have'.chr(10).'restarted your computer.'.chr(10).chr(10).'This can be done when it is most convenient'.chr(10).'for you.',MB_ICONINFORMATION,'Info');

print OUTPUT_FILE_HANDLE "psexec \\\\$PCName -s -i \\\\mars\\services\\addons\\security\\scripts\\qchain.exe\n";

print OUTPUT_FILE_HANDLE "call \\\\mars\\services\\addons\\security\\scripts\\footerMsg.bat $PCName\n";

print OUTPUT_FILE_HANDLE "del \\\\mars\\services\\addons\\security\\scripts\\pc\\$PCName.bat";

print OUTPUT_FILE_HANDLE "\n";

print OUTPUT_FILE_HANDLE ":pcdown\n";

print OUTPUT_FILE_HANDLE "echo pc is down\n";

}

# -- end footer subroutine --

sub readdir #### accept OS, MSPart and QPart, check if we have the patch on the server and return the completed part of QPart

{

$dir = '\\\\mars\\services\\addons\\security\\'.$_[0].'\\'.$_[1].'\\';

opendir ( DIR, $dir) || do

{

# print "dir [0] = @dir[0]\n";

@dir[0] = "PATCH MISSING"; # if the patch is missing return PATCH MISSING

return @dir[0];

};

@dir = readdir DIR;

 # print "required patch = $QPart\n";

# print "read patch name = @dir[2]\n";

if (@dir[2] =~ /$QPart/i)

{

# print "sending back @dir[2]\n";

return @dir[2]; # if QPart match the header of the patch on server, return the patch file name

}

closedir DIR;

}

# end --readdir subroutine --

sub ResolveIPAddress #### return the FQN given an IP address

{

use Socket;

if ($IPResolved == 0)

{

$ip = @_[0];

@numbers = split(/\./, $ip);

$address = pack("C4", @numbers);

$FQN = gethostbyaddr ($address, AF_INET);

$IPResolved = 1; # set the IP address flag so we don't try to resolve it again for that PC.

}

return $FQN;

}

# end -- ResolveIPAddress subroutine --

sub CheckPatch

{

# check for this PC if we need any patches

# if patch required

# &CreateOutputFile; # call CreateOutputFile subroutine

# print OUTPUT_FILE_HANDLE "psexec \\\\$PCName -s -i \\\\mars\\services\\addons\\patch\\$filename $PatchArgument\n";

# end if

}