CrowdStrike Azure VM
Ir para navegação
Ir para pesquisar
#!/bin/bash
export MOUNTPATH=/root/osmountpath
export MAINTSUB=
export MAINTNAME=
export MAINTRG=
export ZONE=2
function GET_VM_DISK() {
while read VMID
do
export SUB=$(echo $VMID | awk -F / '{print $3}')
export RG=$(echo $VMID | awk -F / '{print $5}')
export VMNAME=$(echo $VMID | awk -F / '{print $9}')
BANNER "GET DISK info $VMID"
az vm show \
--ids $VMID | \
jq -r '[.storageProfile.osDisk.managedDisk.id,.zones[]]|@tsv' | \
while read DISK VMZONE
do
if [ $ZONE -eq $VMZONE ]
then
echo $SUB $RG $VMNAME $(echo $DISK | awk -F / '{print $9}')
fi
done
done
}
function DISK_SNAP() {
while read SUB RG VMNAME DISKID
do
BANNER "DISK SNAP $SUB/$RG/$VMNAME $DISKID"
az snapshot create \
--subscription $SUB \
-g $RG \
-n ${DISKID}-snap-240719 \
--source /subscriptions/$SUB/resourceGroups/$RG/providers/Microsoft.Compute/disks/$DISKID >&2
if [ $? -eq 0 ]
then
echo $SUB $RG $VMNAME $DISKID
fi
done
}
function DISK_CREATE() {
while read SUB RG VMNAME DISKID
do
BANNER "DISK CREATE $SUB/$RG/$VMNAME $DISKID"
az disk create \
--subscription $SUB \
-g $RG \
-n ${DISKID}-disk-240719 \
--source /subscriptions/$SUB/resourceGroups/$RG/providers/Microsoft.Compute/snapshots/$DISKID \
--zone $ZONE >&2
if [ $? -eq 0 ]
then
echo $SUB $RG $VMNAME $DISKID
fi
done
}
function DIFF_ANTES() {
while read SUB RG VMNAME DISKID
do
BANNER "DIFF DISK $1/$2/$3 $DISKID"
lsscsi > antes
if [ $? -eq 0 ]
then
echo $SUB $RG $VMNAME $DISKID
fi
done
}
function DISK_ATTACH() {
while read SUB RG VMNAME DISKID
do
BANNER "DISK ATTACH $SUB/$RG/$VMNAME $DISKID"
az vm disk attach \
--subscription $MAINTSUB \
-g $MAINTRG \
--vm-name $MAINTNAME \
--name /subscriptions/$SUB/resourceGroups/$RG/providers/Microsoft.Compute/disks/${DISKID}-disk-240719 >&2
if [ $? -eq 0 ]
then
echo $SUB $RG $VMNAME $DISKID
fi
done
}
function DISK_MAINT() {
while read SUB RG VMNAME DISKID
do
BANNER "DISK MAINT $SUB/$RG/$VMNAME $MOUNTPATH"
mkdir -p $MOUNTPATH >&2
lsscsi > depois
ntfsfix $(diff antes depois | awk '{print $8}' | egrep -v "^$")$1 >&2
mount $(diff antes depois | awk '{print $8}' | egrep -v "^$")$1 $MOUNTPATH >&2
if [ $(find $MOUNTPATH/Windows/System32/drivers/CrowdStrike -type f -name C-00000291\*.sys| wc -l) -ne 0 ]
then
BANNER "DELETING FILES $SUB/$RG/$VMNAME $MOUNTPATH"
rm -fr $MOUNTPATH/Windows/System32/drivers/CrowdStrike/C-00000291*.sys >&2
if [ $? -eq 0 ]
then
echo $SUB $RG $VMNAME $DISKID
else
echo $SUB $RG $VMNAME $DISKID
fi
fi
umount $(diff antes depois | awk '{print $8}' | egrep -v "^$")$1 $MOUNTPATH >&2
done
}
function DISK_DETACH() {
while read SUB RG VMNAME DISKID
do
BANNER "UMOUNT $SUB/$RG/$VMNAME $MOUNTPATH"
az vm disk detach \
--subscription ${MAINTSUB} \
-g $MAINTRG \
--vm-name $MAINTNAME \
--name ${DISKID}-disk-240719 >&2
if [ $? -eq 0 ]
then
echo $SUB $RG $VMNAME $DISKID
fi
done
}
function VM_STOP() {
while read SUB RG VMNAME DISKID
do
BANNER "STOP $SUB/$RG/$VMNAME $DISKID"
az vm deallocate \
--subscription $SUB \
-g $RG \
-n $VMNAME \
--no-wait >&2
if [ $? -eq 0 ]
then
echo $SUB $RG $VMNAME $DISKID
fi
done
}
function VM_REPLACE() {
while read SUB RG VMNAME DISKID
do
BANNER "REPLACE DISK $SUB/$RG/$VMNAME $DISKID"
az vm update \
--subscription $SUB \
-g $RG \
-n $VMNAME \
--os-disk /subscriptions/$SUB/resourceGroups/$RG/providers/Microsoft.Compute/disks/${DISKID}-disk-240719 >&2
if [ $? -eq 0 ]
then
echo $SUB $RG $VMNAME
fi
done
}
function VM_START() {
while read SUB RG VMNAME
do
BANNER "START $1/$2/$3"
az vm start \
--subscription $SUB \
-g $RG \
-n $VMNAME \
--no-wait >&2
done
}
function BANNER() {
echo "$(date) ${1}" >&2
}
echo <VMID> | GET_VM_DISK | DISK_SNAP | DISK_CREATE | DIFF_ANTES | DISK_ATTACH | DISK_MAINT 4 | DISK_DETACH | VM_STOP | VM_REPLACE | VM_START