Browse Source

Modification : script design, lots of minor updates

master
nemo 4 years ago
parent
commit
1dbccd4f0a
  1. 15
      README.md
  2. 56
      recipe_gentoo.sh
  3. 10
      recipes/common_functions.sh
  4. 1
      recipes/recipe_check_ipam_config.sh
  5. 62
      recipes/recipe_check_mail_alias_config.sh
  6. 82
      recipes/recipe_check_munin_config.sh
  7. 96
      recipes/recipe_check_nrpe_config.sh
  8. 8
      recipes/recipe_check_postfix_protocol_config.sh
  9. 18
      recipes/recipe_check_snmp_config.sh
  10. 6
      recipes/recipe_check_ssh_config.sh
  11. 168
      vars.sh

15
README.md

@ -11,7 +11,6 @@ TO DO :
- Reorganise script to limit text repetitions (make functions for example)
- Check if sending a mail works (find a way to check)
- Check detailled DNS records (PTR, A, AAAA)
- Check if files in etc need to be updated (etc-update)
- Check if borgbackup is configured (+ connexion to backup server)
- Check if auto-update script is configured
- Portage configuration (for VM and Physical)
@ -21,15 +20,15 @@ Checked point :
- Check requirements
- Installed packages
- Hostname configuration
- DNS configuration (resolve external name, configured nameserver and check if all IPs are configured in DNS)
- DNS configuration (resolve external name, configured nameserver and check if all IPs (scope global) are configured in DNS)
- Ping external machine for IPv4 and IPv6
- If Admin IPs are configured
- Services status
- SSH configuration (PasswordAuthentication no, PermitRootLogin no, and ListenAddress only on Admin LAN)
- NRPE basic configuration (allowed_hosts)
- MUNIN basic configuration (allow)
- SNMP basic config (gentAddress, rocommunity and trapsink/trap2sink)
- Mail alias configuration (root mail alias configured)
- Check postfix config (inet_protocols)
- NRPE basic configuration (allowed_hosts, nrpe_user and nrpe_group)
- MUNIN basic configuration (allow and port)
- SNMP basic config (agentAddress, rocommunity, trap2sink, informsink, sysLocation and sysContact)
- Mail alias configuration (root and operator mail alias configured)
- Check postfix config (inet_protocols, mail_owner)
- Add to check service if they are enabled
- Check if IPs are recorded in IPAM
- Check if IPs (scope global) are recorded in IPAM

56
recipe_gentoo.sh

@ -2,30 +2,29 @@
# Recipe script for a Gentoo system to check basic configuration
# Define colors
# Define colors to print messages
export RED='\033[1;31m'
export BLUE='\033[1;34m'
export GREEN='\033[1;32m'
# No Color
export NC='\033[0m'
REQUIREMENTS="CURL GREP ECHO EMERGE NSLOOKUP IP HOSTNAME AWK SED CUT TR PING JQ CURL"
export NC='\033[0m' # No Color
# Be sure only root can run the script
if [ "$(id -u)" != "0" ]; then
echo "ERROR : This script must be run as root" 1>&2
echo -e "${RED}ERROR : This script must be run as root${NC}" 1>&2
exit 1
fi
# Load variables
VARS_FILE='./vars.sh'
if [ -f ${VARS_FILE} ]; then
source ${VARS_FILE}
else
echo "ERROR : vars file ${VARS_FILE} not found" 1>&2
echo -e "${RED}ERROR : vars file ${VARS_FILE} not found${NC}" 1>&2
exit 1
fi
# Check requirements
REQUIREMENTS="CURL GREP ECHO EMERGE NSLOOKUP IP HOSTNAME AWK SED CUT TR PING JQ"
for requirement in $REQUIREMENTS
do
# Check if requirement tool exit on the system
@ -36,35 +35,17 @@ do
if [ ${RC} -ne 0 ]
then
echo "ERROR : ${requirement} ($(eval echo "\$${requirement}")) is required to use this script. Requirements are : ${REQUIREMENTS}."
echo -e "${RED}ERROR : ${requirement} ($(eval echo "\$${requirement}")) is required to use this script. Requirements are : ${REQUIREMENTS}${NC}"
exit 1
fi
done
# Print packages not installed or with error at end script
# Variables used to print the summary messages at the and of the script
export PACKAGES_TO_CHECK=""
export RESOLV_FAILED=""
export RESOLVER_NOT_IN_ETC_RESOLVCONF=""
export IP_NOT_RECORDED_IN_DNS=""
export PING_FAILED=""
# Get ALL locales IPs except loopback
export LOCALES_IP_WITHOUT_LOOPBACK=$(ip addr show scope global | awk '/inet/ { sub(/\/.*$/, "", $2); print $2 }' | sort | uniq)
export IPV6_ADMIN_LAN_IP=$(echo ${LOCALES_IP_WITHOUT_LOOPBACK} | tr " " "\n" | grep ^${IPV6_ADMIN_NETWORK})
export IPV4_ADMIN_LAN_IP=$(echo ${LOCALES_IP_WITHOUT_LOOPBACK} | tr " " "\n" | grep ^${IPV4_ADMIN_NETWORK})
export BOOL_ADMIN_IPV4_NOT_CONFIGURED=0
export BOOL_ADMIN_IPV6_NOT_CONFIGURED=0
# Print services not started or with error at end script
export SERVICES_NOT_STARTED_OR_ERROR=""
# Print message at end script if hostname *.grif or *.grifon.fr not configured
export BOOL_CHECK_HOSTNAME=0
export SSH_CONFIG_CHECK_FAILED=""
export NRPE_CONFIG_CHECK_FAILED=""
export MUNIN_CONFIG_CHECK_FAILED=""
@ -72,7 +53,17 @@ export MAIL_ALIAS_CONFIG_CHECK_FAILED=""
export SNMP_CONFIG_CHECK_FAILED=""
export POSTFIX_CONFIG_CHECK_FAILED=""
export IPAM_CONFIG_CHECK_FAILED=""
export SERVICES_NOT_STARTED_OR_ERROR=""
export BOOL_CHECK_HOSTNAME=0 # Print message at end script if hostname *.grif or *.grifon.fr not configured
export BOOL_ADMIN_IPV4_NOT_CONFIGURED=0
export BOOL_ADMIN_IPV6_NOT_CONFIGURED=0
# Get ALL locales IPs except loopback
export LOCALES_IP_WITHOUT_LOOPBACK=$(ip addr show scope global | awk '/inet/ { sub(/\/.*$/, "", $2); print $2 }' | sort | uniq)
export IPV6_ADMIN_LAN_IP=$(echo ${LOCALES_IP_WITHOUT_LOOPBACK} | tr " " "\n" | grep ^${IPV6_ADMIN_NETWORK})
export IPV4_ADMIN_LAN_IP=$(echo ${LOCALES_IP_WITHOUT_LOOPBACK} | tr " " "\n" | grep ^${IPV4_ADMIN_NETWORK})
# Help message
usage() {
printf "Usage: ./recipe_gentoo.sh [--physical]\n"
printf "option : \t-P, --physical : if the current server is not a VM but a physical machine\n"
@ -82,7 +73,7 @@ usage() {
# Check parameters
if [ $1 ]; then
if [ $# -gt 1 ]; then
echo "ERROR : to much parameters (one MAX)"
echo -e "${RED}ERROR : to much parameters (one MAX)${NC}"
usage
exit 0
# Print help
@ -95,12 +86,13 @@ if [ $1 ]; then
SERVICES_TO_CHECK+=(${SERVICES_TO_CHECK_PHYSICAL[@]})
# If unknown parameter
else
echo "ERROR : unknown parameter"
echo -e "${RED}ERROR : unknown parameter${NC}"
usage
exit 0
fi
fi
# Load common functions
. recipes/common_functions.sh
print_config_title 'RECIPE GENTOO - CHECK BASIC CONFIG'
@ -109,7 +101,7 @@ print_config_title 'RECIPE GENTOO - CHECK BASIC CONFIG'
#. recipes/recipe_check_packages.sh
. recipes/recipe_check_hostname.sh
#. recipes/recipe_check_hostname.sh
#. recipes/recipe_check_dns_config.sh
@ -123,11 +115,11 @@ print_config_title 'RECIPE GENTOO - CHECK BASIC CONFIG'
#. recipes/recipe_check_nrpe_config.sh
#. recipes/recipe_check_munin_config.sh
. recipes/recipe_check_munin_config.sh
#. recipes/recipe_check_snmp_config.sh
#. recipes/recipe_check_mail_alias_config.sh
. recipes/recipe_check_mail_alias_config.sh
#. recipes/recipe_check_postfix_protocol_config.sh

10
recipes/common_functions.sh

@ -3,8 +3,9 @@
# Parameters
# - 1 : name of service (ex : SSH)
# - 2 : config file (ex : /etc/ssh/sshd_config)
# - 3 : expected pattern to search without start and end spaces, can be multiple (ex : ListenAddress[[:space:]]*${IPV4_ADMIN_LAN_IP} ListenAddress[[:space:]]*${IPV6_ADMIN_LAN_IP})
# - 4 : name of param key (ex : ListenAddress)
# - 3 : name of param key (ex : ListenAddress)
# - 4 : expected pattern to search without start and end spaces, can be multiple (ex : ${IPV4_ADMIN_LAN_IP} ${IPV6_ADMIN_LAN_IP})
# Note for 4th parameter, if there is a space in one param, you can use regex like [[:space::]]
#
# Return = 0 -> OK value is set
# Return = 1 -> Error (wrong number of param or other)
@ -131,15 +132,14 @@ print_config_title () {
return 1
fi
# Get title param
title=${1}
basic_len=48
# Find number of "-" for title
title_len=$(echo -n " ${title} " | wc -c)
modulo2=$((${title_len} % 2))
# Echo title with 48 chars
echo "------------------------------------------------"
# If title_len <= 48

1
recipes/recipe_check_ipam_config.sh

@ -1,5 +1,6 @@
print_config_title 'CHECK IPAM CONFIG'
# Get IPAM Token
RES_AUTHENT=$(${CURL} -k -X POST --user ${USER_IPAM}:${PASSWORD_IPAM} ${URL}/user/ 2>/dev/null)
CODE_RETOUR_RES_AUTHENT=$(echo ${RES_AUTHENT} | jq '.code')
TOKEN=$(echo ${RES_AUTHENT} | jq -r '.data.token')

62
recipes/recipe_check_mail_alias_config.sh

@ -1,33 +1,45 @@
print_config_title 'CHECK MAIL ALIAS CONFIG'
# This does not check if send mail works and if alias have been reloaded
# Check /etc/mail/aliases config file
echo -e "Check ${BLUE}MAIL ALIAS${NC} config file /etc/mail/aliases"
# Check /etc/mail/aliases config file, checked param : root/operator
# Check if root alias is configured
grep -q -E "^[[:space:]]*root:?[[:space:]]*${MAIL_ALIAS_ROOT}[[:space:]]*$" /etc/mail/aliases
# root
check_value_in_conf_file "MUNIN" "/etc/mail/aliases" "root" "${MAIL_ALIAS_ROOT}"
# Return Code
RC=$?
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during root alias check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" root alias is not well configured or has other value, set root: ${MAIL_ALIAS_ROOT};"
;;
3) # All expected values are NOT configured
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" root alias is not well configured, set root: ${MAIL_ALIAS_ROOT};"
;;
*) # Unknown return code...
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check root alias;"
;;
esac
# Root alias not configured
if [ $RC -ne 0 ]
then
MAIL_ALIAS_CONFIG_CHECK_FAILED="${MAIL_ALIAS_CONFIG_CHECK_FAILED} root alias NOT CONFIGURED or WRONG mail address, check /etc/mail/aliases and reload aliases"
echo -e "${RED}Mail alias root NOT CONFIGURED or WRONG mail address : check KO${NC}\n"
# Root alias configured
else
# Check multiple root alias line in the file
line_number=$(grep -E "^[[:space:]]*root:?" /etc/mail/aliases |wc -l)
# If linue_number different than 1
if [ $line_number -ne 1 ]
then
MAIL_ALIAS_CONFIG_CHECK_FAILED="${MAIL_ALIAS_CONFIG_CHECK_FAILED} more than 1 line for root mail alias, check /etc/mail/aliases and reload aliases"
echo -e "${RED}More than 1 line for root mail alias : check KO${NC}\n"
else
echo -e "${GREEN}Mail alias root CONFIGURED : check OK${NC}\n"
fi
fi
# root
check_value_in_conf_file "MUNIN" "/etc/mail/aliases" "operator" "${MAIL_ALIAS_ROOT}"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during operator alias check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" operator alias is not well configured or has other value, set operator: ${MAIL_ALIAS_ROOT};"
;;
3) # All expected values are NOT configured
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" operator alias is not well configured, set operator: ${MAIL_ALIAS_ROOT};"
;;
*) # Unknown return code...
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check operator alias;"
;;
esac

82
recipes/recipe_check_munin_config.sh

@ -2,40 +2,48 @@ print_config_title 'CHECK MUNIN BASIC CONFIG'
# This does not check if 'munin-node-configure --shell | sh -x' has been executed
# This does not check if MUNIN 'monitoring server' has configured this machine
# Check /etc/munin/munin-node.conf config file
echo -e "Check ${BLUE}MUNIN${NC} config file /etc/munin/munin-node.conf"
# Check if allow exist but different than expected (success if return code = 1)
grep "^[[:space:]]*allow" /etc/munin/munin-node.conf |grep -q -v -e "^[[:space:]]*allow[[:space:]]*^127\\\.0\\\.0\\\.1\\$\$" -e "^[[:space:]]*allow[[:space:]]*^::1\\$\$" -e "^[[:space:]]*allow[[:space:]]*${IPV4_MASTER_MUNIN}[[:space:]]*$" -e "^[[:space:]]*allow[[:space:]]*${IPV6_MASTER_MUNIN}[[:space:]]*$"
# Return Code
RC=$?
# Allow other IP than expected
if [ $RC -eq 0 ]
then
MUNIN_CONFIG_CHECK_FAILED="${MUNIN_CONFIG_CHECK_FAILED} munin-node allow connection from unexpected IP"
echo -e "${RED}munin-node allow connection from UNEXPECTED IP : check KO${NC}\n"
# Does not allow unexpected IP
else
# Check expected IP are configured (IPv4 and IPv6) (success if return code = 0)
grep -q "^[[:space:]]*allow[[:space:]]*${IPV4_MASTER_MUNIN}[[:space:]]*$" /etc/munin/munin-node.conf
# Return Code
RCa=$?
grep -q "^[[:space:]]*allow[[:space:]]*${IPV6_MASTER_MUNIN}[[:space:]]*$" /etc/munin/munin-node.conf
# Return Code
RCb=$?
# Expected IP are NOT configured (IPv4 and IPv6)
if [ $RCa -ne 0 ] || [ $RCb -ne 0 ]
then
MUNIN_CONFIG_CHECK_FAILED="${MUNIN_CONFIG_CHECK_FAILED} All Munin Expected IP (IPv4 and IPv6) are not configured, expected :\n'allow ${IPV4_MASTER_MUNIN_PRINT}'\n'allow ${IPV6_MASTER_MUNIN_PRINT}'\nOPTIONAL : 'allow ^127\.0\.0\.1$'\nOPTIONAL : 'allow ^::1$'"
echo -e "${RED}All Munin Expected IP (IPv4 and IPv6) are NOT CONFIGURED : check KO${NC}\n"
# Expected IP are configured (IPv4 and IPv6)
else
echo -e "${GREEN}Munin expected IP are CONFIGURED : check OK${NC}\n"
fi
fi
# Check /etc/munin/munin-node.conf config file, checked parameters : allow/port
# allow
check_value_in_conf_file "MUNIN" "/etc/munin/munin-node.conf" "allow" '\^127\\\.0\\\.0\\\.1\$ \^::1\$'" ${IPV4_MASTER_MUNIN} ${IPV6_MASTER_MUNIN}"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during allow check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" allow param is not well configured or has other value, set allow param (IPv6+IPv4) for localhost and Munin server;"
;;
3) # All expected values are NOT configured
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" allow param is not well configured, set allow param (IPv6+IPv4) for localhost and Munin server;"
;;
*) # Unknown return code...
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check allow param;"
;;
esac
# port
check_value_in_conf_file "MUNIN" "/etc/munin/munin-node.conf" "port" "4949"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during port check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" port is not well configured or has other value, set 'port 4949';"
;;
3) # All expected values are NOT configured
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" port is not well configured, set 'port 4949';"
;;
*) # Unknown return code...
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check port;"
;;
esac

96
recipes/recipe_check_nrpe_config.sh

@ -1,35 +1,67 @@
print_config_title 'CHECK NRPE BASIC CONFIG'
# Check /etc/nagios/nrpe.cfg config file
# Check /etc/nagios/nrpe.cfg config file, checked parameters : allowed_hosts/nrpe_user/nrpe_group
# This does not check if NRPE 'monitoring server' has configured this machine
echo -e "Check ${BLUE}NRPE${NC} config file /etc/nagios/nrpe.cfg"
# Check if allowed_hosts exist but different than expected (success if return code = 1)
grep "^[[:space:]]*allowed_hosts=" /etc/nagios/nrpe.cfg | grep -q -v -e "^[[:space:]]*allowed_hosts=127.0.0.1,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64[[:space:]]*$" -e "^[[:space:]]*allowed_hosts=127.0.0.1,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24[[:space:]]*$"
# Return Code
RC=$?
# allowed_hosts exist but different than expected
if [ $RC -eq 0 ]
then
NRPE_CONFIG_CHECK_FAILED="${NRPE_CONFIG_CHECK_FAILED} allowed_hosts misconfigured, expected : 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64'"
echo -e "${RED}Service NRPE has BAD CONFIGURATION for allowed_hosts, exist but different than expected : check KO${NC}\n"
# allowed_hosts well configured or does not exist
else
# Check if allowed_hosts is well configured (success if return code = 0)
grep -q -e "^[[:space:]]*allowed_hosts=127.0.0.1,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64[[:space:]]*$" -e "^[[:space:]]*allowed_hosts=127.0.0.1,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24[[:space:]]*$" /etc/nagios/nrpe.cfg
# Return Code
RC=$?
# allowed_hosts miscondigured or string mismatch
if [ $RC -ne 0 ]
then
NRPE_CONFIG_CHECK_FAILED="${NRPE_CONFIG_CHECK_FAILED} allowed_hosts misconfigured, expected : 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64'"
echo -e "${RED}Service NRPE has BAD CONFIGURATION for allowed_hosts, expected configuration not found : check KO${NC}\n"
# allowed_hosts well configured
else
echo -e "${GREEN}Service NRPE has GOOD CONFIGURATION for allowed_hosts : check OK${NC}\n"
fi
fi
# allowed_hosts
check_value_in_conf_file "NRPE" "/etc/nagios/nrpe.cfg" "allowed_hosts" "127.0.0.1,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error during allowed_hosts check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" allowed_hosts are not well configured or has other value, set 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64';"
;;
3) # All expected values are NOT configured
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" allowed_hosts are not well configured, set 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64';"
;;
*) # Unknown return code...
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check allowed_hosts;"
;;
esac
# nrpe_user
check_value_in_conf_file "NRPE" "/etc/nagios/nrpe.cfg" "nrpe_user" "nagios"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error during nrpe_user check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_user is not well configured or has other value, set 'nrpe_user=nagios';"
;;
3) # All expected values are NOT configured
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_user is not well configured, set 'nrpe_user=nagios';"
;;
*) # Unknown return code...
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check nrpe_user;"
;;
esac
# nrpe_group
check_value_in_conf_file "NRPE" "/etc/nagios/nrpe.cfg" "nrpe_group" "nagios"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error during nrpe_group check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_group is not well configured or has other value, set 'nrpe_group=nagios';"
;;
3) # All expected values are NOT configured
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_group is not well configured, set 'nrpe_group=nagios';"
;;
*) # Unknown return code...
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check nrpe_group;"
;;
esac

8
recipes/recipe_check_postfix_protocol_config.sh

@ -3,7 +3,7 @@ print_config_title 'CHECK POSTFIX BASIC CONFIG'
# Check /etc/postfix/main.cf config file mail_owner/inet_protocols parameters
# mail_owner
check_value_in_conf_file "SNMP" "/etc/postfix/main.cf" "mail_owner" "postfix"
check_value_in_conf_file "POSTFIX" "/etc/postfix/main.cf" "mail_owner" "postfix"
case ${?} in
0) # OK, nothing to do
@ -12,10 +12,10 @@ case ${?} in
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" Error during mail_owner check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner are not well configured or has other value, set 'mail_owner = postfix';"
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner is not well configured or has other value, set 'mail_owner = postfix';"
;;
3) # All expected values are NOT configured
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner are not well configured, set 'mail_owner = postfix';"
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner is not well configured, set 'mail_owner = postfix';"
;;
*) # Unknown return code...
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check mail_owner;"
@ -24,7 +24,7 @@ esac
# inet_protocols
check_value_in_conf_file "SNMP" "/etc/postfix/main.cf" "inet_protocols" "all"
check_value_in_conf_file "POSTFIX" "/etc/postfix/main.cf" "inet_protocols" "all"
case ${?} in
0) # OK, nothing to do

18
recipes/recipe_check_snmp_config.sh

@ -1,7 +1,7 @@
print_config_title 'CHECK SNMP BASIC CONFIG'
# This does NOT check if SNMP 'monitoring server' has configured this machine
# Check /etc/snmp/snmpd.conf config file agentAddress, rocommunity and trapsink/trap2sink/informsink/sysLocation/sysContact parameters
# Check /etc/snmp/snmpd.conf config file rocommunity/agentAddress/trap2sink/informsink/sysLocation/sysContact parameters
#agentAddress
check_value_in_conf_file "SNMP" "/etc/snmp/snmpd.conf" "agentAddress" "udp:127.0.0.1:161 udp:${IPV4_ADMIN_LAN_IP}:161 udp6:\[::1\]:161 udp6:\[${IPV6_ADMIN_LAN_IP}\]:161"
@ -56,10 +56,10 @@ case ${?} in
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during trap2sink check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink are not well configured or has other value, set 'trap2sink ${NAME_MASTER_MONITORING} public;"
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink is not well configured or has other value, set 'trap2sink ${NAME_MASTER_MONITORING} public;"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink are not well configured, set 'trap2sink ${NAME_MASTER_MONITORING} public';"
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink is not well configured, set 'trap2sink ${NAME_MASTER_MONITORING} public';"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check trap2sink;"
@ -77,10 +77,10 @@ case ${?} in
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during informsink check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink are not well configured or has other value, set 'informsink ${NAME_MASTER_MONITORING} public;"
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink is not well configured or has other value, set 'informsink ${NAME_MASTER_MONITORING} public;"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink are not well configured, set 'informsink ${NAME_MASTER_MONITORING} public';"
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink is not well configured, set 'informsink ${NAME_MASTER_MONITORING} public';"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check informsink;"
@ -98,10 +98,10 @@ case ${?} in
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during sysLocation check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation are not well configured or has other value, set 'sysLocation ${DC}';"
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation is not well configured or has other value, set 'sysLocation ${DC}';"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation are not well configured, set 'sysLocation ${DC}';"
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation is not well configured, set 'sysLocation ${DC}';"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check sysLocation;"
@ -119,10 +119,10 @@ case ${?} in
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during sysContact check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact are not well configured or has other value, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact is not well configured or has other value, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact are not well configured, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact is not well configured, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check sysContact;"

6
recipes/recipe_check_ssh_config.sh

@ -1,5 +1,7 @@
print_config_title 'CHECK SSH CONFIG'
# PasswordAuthentication
check_value_in_conf_file "SSH" "/etc/ssh/sshd_config" "PasswordAuthentication" "no"
case ${?} in
@ -19,6 +21,8 @@ case ${?} in
;;
esac
# PermitRootLogin
check_value_in_conf_file "SSH" "/etc/ssh/sshd_config" "PermitRootLogin" "no"
case ${?} in
@ -38,6 +42,8 @@ case ${?} in
;;
esac
# ListenAddress
check_value_in_conf_file "SSH" "/etc/ssh/sshd_config" "ListenAddress" "${IPV4_ADMIN_LAN_IP} ${IPV6_ADMIN_LAN_IP}"
case ${?} in

168
vars.sh

@ -1,83 +1,111 @@
GREP="/bin/grep"
ECHO="/bin/echo"
EMERGE="/usr/bin/emerge"
NSLOOKUP="/usr/bin/nslookup"
IP="/bin/ip"
HOSTNAME="/bin/hostname"
AWK="/bin/awk"
SED="/bin/sed"
CUT="/bin/cut"
TR="/bin/tr"
PING="/bin/ping"
# Set absolute PATH for tools
export GREP="/bin/grep"
export ECHO="/bin/echo"
export EMERGE="/usr/bin/emerge"
export NSLOOKUP="/usr/bin/nslookup"
export IP="/bin/ip"
export HOSTNAME="/bin/hostname"
export AWK="/bin/awk"
export SED="/bin/sed"
export CUT="/bin/cut"
export TR="/bin/tr"
export PING="/bin/ping"
export CURL="/usr/bin/curl"
export JQ="/usr/bin/jq"
# Packages to check (it's a list to simplify comment)
PACKAGES=(
# 'virtual/ssh'
# 'app-admin/rsyslog'
# 'net-misc/ntp'
# 'app-backup/borgbackup'
# 'virtual/cron'
# 'sys-process/cronie'
# 'net-analyzer/munin'
# 'app-portage/eix',
# 'app-portage/gentoolkit',
# 'app-portage/genlop',
# 'app-misc/tmux',
# 'net-analyzer/tcpdump',
# 'app-editors/vim',
# 'sys-process/htop-2.2.0',
# 'app-admin/sysklogd'
# 'dev-vcs/git'
# 'net-analyzer/nrpe'
# 'net-analyzer/net-snmp'
# 'net-dns/bind-tools'
# 'dev-vcs/git'
# 'mail-mta/postfix'
# 'mail-mta/eeeepostfix'
)
export PACKAGES="
virtual/ssh
app-admin/rsyslog
net-misc/ntp
app-backup/borgbackup
virtual/cron
sys-process/cronie
net-analyzer/munin
app-portage/eix'
app-portage/gentoolkit'
app-portage/genlop'
app-misc/tmux'
net-analyzer/tcpdump'
app-editors/vim'
sys-process/htop-2.2.0'
app-admin/sysklogd
dev-vcs/git
net-analyzer/nrpe
net-analyzer/net-snmp
net-dns/bind-tools
dev-vcs/git
mail-mta/postfix
mail-mta/postfix
app-admin/sudo
"
# Package to check if it's a physical machine
PACKAGES_PHYSICAL=(
'sys-apps/smartmontools'
)
export PACKAGES_PHYSICAL="
sys-apps/smartmontools
"
NAMES_TO_RESOLV_AND_PING=(
'grifon.fr'
'arn-fai.net'
'grifonfesfdsfdsf.fr'
)
# Hostname to be resolved in recipes
export NAMES_TO_RESOLV_AND_PING="
grifon.fr
arn-fai.net
grifonfesfdsfdsf.fr
"
RESOLVERS=(
'2a00:5884::7'
'89.234.186.4'
)
# Resolver to check if they are in /etc/resolv.conf
export RESOLVERS="
2a00:5884::7
89.234.186.4
"
SERVICES_TO_CHECK=(
'rsyslog'
'ntpd'
'munin-node'
'iptables'
'ip6tables'
'sshd'
'postfix'
'nrpe'
'snmpd'
'hostname'
)
# Services to check if they are working/running
export SERVICES_TO_CHECK="
rsyslog
ntpd
munin-node
iptables
ip6tables
sshd
postfix
nrpe
snmpd
hostname
"
SERVICES_TO_CHECK_PHYSICAL=(
'smard'
)
# Same but with physical host services
export SERVICES_TO_CHECK_PHYSICAL="
smard
"
IPV4_ADMIN_NETWORK="172.16.0."
IPV6_ADMIN_NETWORK="fd01:1e02:40:"
# Admin network
export IPV4_ADMIN_NETWORK="111.111.111."
export IPV6_ADMIN_NETWORK="1111:1111:1111:"
NAME_MASTER_MONITORING=""
# AS IPs ranges
export RANGE_IPV4_1_NETWORK="111.111.111."
export RANGE_IPV4_2_NETWORK="111.111.112."
export RANGE_IPV6_NETWORK="1111:1111:"
IPV4_MASTER_MUNIN='^172\\\.16\\\.0\\\.13\$'
IPV6_MASTER_MUNIN='^fd01:1e02:40::3\$'
IPV4_MASTER_MUNIN_PRINT='^172\.16\.0\.13$'
IPV6_MASTER_MUNIN_PRINT='^fd01:1e02:40::3$'
# Admin hostname of the Monitoring server (Munin + libreNMS)
export NAME_MASTER_MONITORING="conan.grif"
MAIL_ALIAS_ROOT="admin6@email.emailr"
# Address of the Monitoring server in Munin's configuration format
export IPV4_MASTER_MUNIN='^111\\\.111\\\.111\\\.111\$'
export IPV6_MASTER_MUNIN='^111:111:111::1\$'
# root/operator aliases for mailing
export MAIL_ALIAS_ROOT="adminsys@grifon.fr"
# General informations
export DC="The DC of City"
export DC_for_function_check_value_in_conf_file=$(echo -e ${DC} | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | sed -e 's/[[:space:]]/[[:space:]]*/g')
export ENTITY="Entity"
export ENTITY_for_function_check_value_in_conf_file=$(echo -e ${ENTITY} | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | sed -e 's/[[:space:]]/[[:space:]]*/g')
# User and password to request a token on phpIPAM API
export USER_IPAM='user'
export PASSWORD_IPAM='password'
# URL of the API
export URL="https://ipam.example/api/${USER_IPAM}"

Loading…
Cancel
Save