2019-03-30 16:14:57 +01:00
echo "-------------------------------------------------"
echo -e " ------------ ${ BLUE } CHECK SNMP BASIC CONFIG ${ NC } ------------ "
echo -e "-------------------------------------------------\n"
# This does NOT check if SNMP 'monitoring server' has configured this machine
2019-03-30 16:18:28 +01:00
# Check /etc/snmp/snmpd.conf config file agentAddress, rocommunity and trapsink/trap2sink parameters
2019-03-30 16:14:57 +01:00
echo -e " Check ${ BLUE } SNMPD ${ NC } config file /etc/snmp/snmpd.conf "
# Check if agentAddress exist but different than expected (success if return code = 1)
grep "^[[:space:]]*agentAddress" /etc/snmp/snmpd.conf \
| grep -E -q -v \
-e "^[[:space:]]*agentAddress[[:space:]]*udp:127.0.0.1:161[[:space:]]*\$" \
-e " ^[[:space:]]*agentAddress[[:space:]]*udp: ${ IPV4_ADMIN_NETWORK } [0-2]?[0-9]?[0-9]?:161[[:space:]]*\$ " \
-e "^[[:space:]]*agentAddress[[:space:]]*udp6:\[::1\]:161[[:space:]]*\$" \
-e " ^[[:space:]]*agentAddress[[:space:]]*udp6:\[ ${ IPV6_ADMIN_NETWORK } [0-9,a-f,\:]*\]:161[[:space:]]*\$ "
# Return Code
RC = $?
# agentAddress other IP than expected
if [ $RC -eq 0 ]
then
SNMP_CONFIG_CHECK_FAILED = " ${ SNMP_CONFIG_CHECK_FAILED } SNMPD agentAddress allow connection from unexpected IP, expected :\n'agentAddress udp:IPv4AdminLANlistenAddress:161'\n'agentAddress udp6:[IPv6AdminLANlistenAddress]:161'\nOPTIONAL : 'agentAddress udp:127.0.0.1:161'\nOPTIONAL : 'agentAddress udp6:[::1]:161' ;\n "
echo -e " ${ RED } SNMPD agentAddress allow connection from UNEXPECTED IP : check KO ${ NC } \n "
# Does not agentAddress unexpected IP
else
# Check expected IP are configured (IPv4 and IPv6) (success if return code = 0)
grep -E -q " ^[[:space:]]*agentAddress[[:space:]]*udp: ${ IPV4_ADMIN_NETWORK } [0-2]?[0-9]?[0-9]?:161[[:space:]]*\$ " /etc/snmp/snmpd.conf
# Return Code
RCa = $?
grep -E -q " ^[[:space:]]*agentAddress[[:space:]]*udp6:\[ ${ IPV6_ADMIN_NETWORK } [0-9,a-f,\:]*\]:161[[:space:]]*\$ " /etc/snmp/snmpd.conf
# Return Code
RCb = $?
# Expected IP are NOT configured (IPv4 and IPv6)
if [ $RCa -ne 0 ] || [ $RCb -ne 0 ]
then
SNMP_CONFIG_CHECK_FAILED = " ${ SNMP_CONFIG_CHECK_FAILED } All SNMPD agentAddress expected IP (IPv4 and IPv6) are not well configured, expected :\n'agentAddress udp:IPv4AdminLANlistenAddress:161'\n'agentAddress udp6:[IPv6AdminLANlistenAddress]:161'\nOPTIONAL : 'agentAddress udp:127.0.0.1:161'\nOPTIONAL : 'agentAddress udp6:[::1]:161'\n "
echo -e " ${ RED } All SNMPD agentAddress expected IP (IPv4 and IPv6) are NOT well CONFIGURED : check KO ${ NC } \n "
# Expected IP are configured (IPv4 and IPv6)
else
echo -e " ${ GREEN } SNMPD agentAddress expected IP are CONFIGURED : check OK ${ NC } \n "
fi
fi
# Check if rocommunity exist but different than expected (success if return code = 1)
grep "^[[:space:]]*rocommunity" /etc/snmp/snmpd.conf \
| grep -q -v -e "^[[:space:]]*rocommunity[[:space:]]*public[[:space:]]*default[[:space:]]*\$"
# Return Code
RC = $?
# Unexpected rocommunity found
if [ $RC -eq 0 ]
then
SNMP_CONFIG_CHECK_FAILED = " ${ SNMP_CONFIG_CHECK_FAILED } Unexpected rocommunity found, expected : rocommunity public default ;\n "
echo -e " ${ RED } UNEXPECTED rocommunity found : check KO ${ NC } \n "
# No unexpected rocommunity
else
# Check if expected rocommunity configured (success if return code = 0)
grep -q "^[[:space:]]*rocommunity[[:space:]]*public[[:space:]]*default[[:space:]]*\$" /etc/snmp/snmpd.conf
# Return Code
RC = $?
# Expected rocommunity NOT configured
if [ $RC -ne 0 ]
then
SNMP_CONFIG_CHECK_FAILED = " ${ SNMP_CONFIG_CHECK_FAILED } Expected rocommunity not configured, expected : rocommunity public default ;\n "
echo -e " ${ RED } Expected rocommunity NOT CONFIGURED : check KO ${ NC } \n "
# Expected rocommunity configured
else
echo -e " ${ GREEN } Expected rocommunity CONFIGURED : check OK ${ NC } \n "
fi
fi
# Check if trapsink/trap2sink exist but different than expected (success if return code = 1)
grep -E "^[[:space:]]*trap[2]?sink" /etc/snmp/snmpd.conf \
| grep -E -q -v -e " ^[[:space:]]*trap[2]?sink[[:space:]]* ${ NAME_MASTER_MONITORING } [[:space:]]*public[[:space:]]*\$ "
# Return Code
RC = $?
# Unexpected trapsink/trap2sink found
if [ $RC -eq 0 ]
then
SNMP_CONFIG_CHECK_FAILED = " ${ SNMP_CONFIG_CHECK_FAILED } Unexpected trapsink/trap2sink found, expected : trap2sink ${ NAME_MASTER_MONITORING } public ; "
echo -e " ${ RED } UNEXPECTED trapsink/trap2sink found : check KO ${ NC } \n "
# No unexpected trapsink/trap2sink
else
# Check if expected trapsink/trap2sink configured (success if return code = 0)
grep -E -q " ^[[:space:]]*trap2sink[[:space:]]* ${ NAME_MASTER_MONITORING } [[:space:]]*public[[:space:]]*\$ " /etc/snmp/snmpd.conf
# Return Code
RC = $?
# Expected trapsink/trap2sink NOT configured
if [ $RC -ne 0 ]
then
SNMP_CONFIG_CHECK_FAILED = " ${ SNMP_CONFIG_CHECK_FAILED } Expected trapsink/trap2sink not configured, expected : trap2sink ${ NAME_MASTER_MONITORING } public ; "
echo -e " ${ RED } Expected trapsink/trap2sink NOT CONFIGURED : check KO ${ NC } \n "
# Expected trapsink/trap2sink configured
else
echo -e " ${ GREEN } Expected trapsink/trap2sink CONFIGURED : check OK ${ NC } \n "
fi
fi
