Modification : script design, lots of minor updates

4 years ago · 1dbccd4f0a
parent 5976e4c7bd
commit 1dbccd4f0a
11 changed files with 300 additions and 222 deletions
--- a/README.md
+++ b/README.md
@ -11,7 +11,6 @@ TO DO :
 - Reorganise script to limit text repetitions (make functions for example)
 - Check if sending a mail works (find a way to check)
 - Check detailled DNS records (PTR, A, AAAA)
- Check if files in etc need to be updated (etc-update)
 - Check if borgbackup is configured (+ connexion to backup server)
 - Check if auto-update script is configured
 - Portage configuration (for VM and Physical)
@ -21,15 +20,15 @@ Checked point :
 - Check requirements
 - Installed packages
 - Hostname configuration
- DNS configuration (resolve external name, configured nameserver and check if all IPs are configured in DNS)
+- DNS configuration (resolve external name, configured nameserver and check if all IPs (scope global) are configured in DNS)
 - Ping external machine for IPv4 and IPv6
 - If Admin IPs are configured
 - Services status
 - SSH configuration (PasswordAuthentication no, PermitRootLogin no, and ListenAddress only on Admin LAN)
- NRPE basic configuration (allowed_hosts)
- MUNIN basic configuration (allow)
- SNMP basic config (gentAddress, rocommunity and trapsink/trap2sink)
- Mail alias configuration (root mail alias configured)
- Check postfix config (inet_protocols)
+- NRPE basic configuration (allowed_hosts, nrpe_user and nrpe_group)
+- MUNIN basic configuration (allow and port)
+- SNMP basic config (agentAddress, rocommunity, trap2sink, informsink, sysLocation and sysContact)
+- Mail alias configuration (root and operator mail alias configured)
+- Check postfix config (inet_protocols, mail_owner)
 - Add to check service if they are enabled
- Check if IPs are recorded in IPAM
+- Check if IPs (scope global) are recorded in IPAM
--- a/recipe_gentoo.sh
+++ b/recipe_gentoo.sh
@ -2,30 +2,29 @@

 # Recipe script for a Gentoo system to check basic configuration

-# Define colors
+# Define colors to print messages
 export RED='\033[1;31m'
 export BLUE='\033[1;34m'
 export GREEN='\033[1;32m'
-# No Color
-export NC='\033[0m' 
-
-REQUIREMENTS="CURL GREP ECHO EMERGE NSLOOKUP IP HOSTNAME AWK SED CUT TR PING JQ CURL"
+export NC='\033[0m' # No Color

 # Be sure only root can run the script
 if [ "$(id -u)" != "0" ]; then
-   echo "ERROR : This script must be run as root" 1>&2
+   echo -e "${RED}ERROR : This script must be run as root${NC}" 1>&2
   exit 1
 fi

+# Load variables
 VARS_FILE='./vars.sh'
 if [ -f ${VARS_FILE} ]; then
 	source ${VARS_FILE}
 else
-	echo "ERROR : vars file ${VARS_FILE} not found" 1>&2
+	echo -e "${RED}ERROR : vars file ${VARS_FILE} not found${NC}" 1>&2
 	exit 1
 fi

 # Check requirements
+REQUIREMENTS="CURL GREP ECHO EMERGE NSLOOKUP IP HOSTNAME AWK SED CUT TR PING JQ"
 for requirement in $REQUIREMENTS
 do
    # Check if requirement tool exit on the system
@ -36,35 +35,17 @@ do

    if [ ${RC} -ne 0 ]
    then
-	echo "ERROR : ${requirement} ($(eval echo "\$${requirement}")) is required to use this script. Requirements are : ${REQUIREMENTS}."
+	echo -e "${RED}ERROR : ${requirement} ($(eval echo "\$${requirement}")) is required to use this script. Requirements are : ${REQUIREMENTS}${NC}"
        exit 1
    fi
 done

-
-
-# Print packages not installed or with error at end script
+# Variables used to print the summary messages at the and of the script 
 export PACKAGES_TO_CHECK=""
 export RESOLV_FAILED=""
 export RESOLVER_NOT_IN_ETC_RESOLVCONF=""
 export IP_NOT_RECORDED_IN_DNS=""
 export PING_FAILED=""
-
-# Get ALL locales IPs except loopback
-export LOCALES_IP_WITHOUT_LOOPBACK=$(ip addr show scope global | awk '/inet/ { sub(/\/.*$/, "", $2); print $2 }' | sort | uniq)
-
-export IPV6_ADMIN_LAN_IP=$(echo ${LOCALES_IP_WITHOUT_LOOPBACK} | tr " " "\n" | grep ^${IPV6_ADMIN_NETWORK})
-export IPV4_ADMIN_LAN_IP=$(echo ${LOCALES_IP_WITHOUT_LOOPBACK} | tr " " "\n" | grep ^${IPV4_ADMIN_NETWORK})
-
-export BOOL_ADMIN_IPV4_NOT_CONFIGURED=0
-export BOOL_ADMIN_IPV6_NOT_CONFIGURED=0
-
-# Print services not started or with error at end script
-export SERVICES_NOT_STARTED_OR_ERROR=""
-
-# Print message at end script if hostname *.grif or *.grifon.fr not configured  
-export BOOL_CHECK_HOSTNAME=0
-
 export SSH_CONFIG_CHECK_FAILED=""
 export NRPE_CONFIG_CHECK_FAILED=""
 export MUNIN_CONFIG_CHECK_FAILED=""
@ -72,7 +53,17 @@ export MAIL_ALIAS_CONFIG_CHECK_FAILED=""
 export SNMP_CONFIG_CHECK_FAILED=""
 export POSTFIX_CONFIG_CHECK_FAILED=""
 export IPAM_CONFIG_CHECK_FAILED=""
+export SERVICES_NOT_STARTED_OR_ERROR=""
+export BOOL_CHECK_HOSTNAME=0 # Print message at end script if hostname *.grif or *.grifon.fr not configured  
+export BOOL_ADMIN_IPV4_NOT_CONFIGURED=0
+export BOOL_ADMIN_IPV6_NOT_CONFIGURED=0
+
+# Get ALL locales IPs except loopback
+export LOCALES_IP_WITHOUT_LOOPBACK=$(ip addr show scope global | awk '/inet/ { sub(/\/.*$/, "", $2); print $2 }' | sort | uniq)
+export IPV6_ADMIN_LAN_IP=$(echo ${LOCALES_IP_WITHOUT_LOOPBACK} | tr " " "\n" | grep ^${IPV6_ADMIN_NETWORK})
+export IPV4_ADMIN_LAN_IP=$(echo ${LOCALES_IP_WITHOUT_LOOPBACK} | tr " " "\n" | grep ^${IPV4_ADMIN_NETWORK})

+# Help message
 usage() {
 	printf "Usage: ./recipe_gentoo.sh [--physical]\n"
 	printf "option : \t-P, --physical : if the current server is not a VM but a physical machine\n"
@ -82,7 +73,7 @@ usage() {
 # Check parameters
 if [ $1 ]; then
 	if [ $# -gt 1 ]; then
-		echo "ERROR : to much parameters (one MAX)"
+		echo -e "${RED}ERROR : to much parameters (one MAX)${NC}"
 		usage
 		exit 0
 	# Print help
@ -95,12 +86,13 @@ if [ $1 ]; then
 		SERVICES_TO_CHECK+=(${SERVICES_TO_CHECK_PHYSICAL[@]})
 	# If unknown parameter
 	else
-		echo "ERROR : unknown parameter"
+		echo -e "${RED}ERROR : unknown parameter${NC}"
 		usage
                exit 0
 	fi
 fi

+# Load common functions
 . recipes/common_functions.sh

 print_config_title 'RECIPE GENTOO - CHECK BASIC CONFIG'
@ -109,7 +101,7 @@ print_config_title 'RECIPE GENTOO - CHECK BASIC CONFIG'

 #. recipes/recipe_check_packages.sh

-. recipes/recipe_check_hostname.sh
+#. recipes/recipe_check_hostname.sh

 #. recipes/recipe_check_dns_config.sh

@ -123,11 +115,11 @@ print_config_title 'RECIPE GENTOO - CHECK BASIC CONFIG'

 #. recipes/recipe_check_nrpe_config.sh

-#. recipes/recipe_check_munin_config.sh
+. recipes/recipe_check_munin_config.sh

 #. recipes/recipe_check_snmp_config.sh

-#. recipes/recipe_check_mail_alias_config.sh
+. recipes/recipe_check_mail_alias_config.sh

 #. recipes/recipe_check_postfix_protocol_config.sh

--- a/recipes/common_functions.sh
+++ b/recipes/common_functions.sh
@ -3,8 +3,9 @@
 # Parameters
 # - 1 : name of service (ex : SSH)
 # - 2 : config file (ex : /etc/ssh/sshd_config)
-# - 3 : expected pattern to search without start and end spaces, can be multiple (ex : ListenAddress[[:space:]]*${IPV4_ADMIN_LAN_IP} ListenAddress[[:space:]]*${IPV6_ADMIN_LAN_IP})
-# - 4 : name of param key (ex : ListenAddress)
+# - 3 : name of param key (ex : ListenAddress)
+# - 4 : expected pattern to search without start and end spaces, can be multiple (ex : ${IPV4_ADMIN_LAN_IP} ${IPV6_ADMIN_LAN_IP})
+# Note for 4th parameter, if there is a space in one param, you can use regex like [[:space::]]
 #
 # Return = 0 -> OK value is set
 # Return = 1 -> Error (wrong number of param or other)
@ -131,15 +132,14 @@ print_config_title () {
 		return 1
 	fi
 	
+	# Get title param
 	title=${1}
 	basic_len=48
 	
 	# Find number of "-" for title
 	title_len=$(echo -n " ${title} " | wc -c)
 	modulo2=$((${title_len} % 2))
-	
-	
-	
+		
 	# Echo title with 48 chars
 	echo "------------------------------------------------"
 	# If title_len <= 48
--- a/recipes/recipe_check_ipam_config.sh
+++ b/recipes/recipe_check_ipam_config.sh
@ -1,5 +1,6 @@
 print_config_title 'CHECK IPAM CONFIG'

+# Get IPAM Token
 RES_AUTHENT=$(${CURL} -k -X POST --user ${USER_IPAM}:${PASSWORD_IPAM} ${URL}/user/ 2>/dev/null)
 CODE_RETOUR_RES_AUTHENT=$(echo ${RES_AUTHENT} | jq '.code')
 TOKEN=$(echo ${RES_AUTHENT} | jq -r '.data.token')
--- a/recipes/recipe_check_mail_alias_config.sh
+++ b/recipes/recipe_check_mail_alias_config.sh
@ -1,33 +1,45 @@
 print_config_title 'CHECK MAIL ALIAS CONFIG'

 # This does not check if send mail works and if alias have been reloaded
-# Check /etc/mail/aliases config file
-echo -e "Check ${BLUE}MAIL ALIAS${NC} config file /etc/mail/aliases"
+# Check /etc/mail/aliases config file, checked param : root/operator

-# Check if root alias is configured
-grep -q -E "^[[:space:]]*root:?[[:space:]]*${MAIL_ALIAS_ROOT}[[:space:]]*$" /etc/mail/aliases
+# root
+check_value_in_conf_file "MUNIN" "/etc/mail/aliases" "root" "${MAIL_ALIAS_ROOT}"

-# Return Code
-RC=$?
+case ${?} in
+0) # OK, nothing to do
+	;;
+1) # Error (wrong number of param or other)
+	MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during root alias check with function check_value_in_conf_file, maybe incorrect number of parameter;" 
+	;;
+2) # Unexpected value is set
+	MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" root alias is not well configured or has other value, set root: ${MAIL_ALIAS_ROOT};"
+	;;
+3) # All expected values are NOT configured
+	MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" root alias is not well configured, set root: ${MAIL_ALIAS_ROOT};"
+	;;
+*) # Unknown return code...
+	MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check root alias;" 
+	;;
+esac

-# Root alias not configured
-if [ $RC -ne 0 ]
-then
-	MAIL_ALIAS_CONFIG_CHECK_FAILED="${MAIL_ALIAS_CONFIG_CHECK_FAILED} root alias NOT CONFIGURED or WRONG mail address, check /etc/mail/aliases and reload aliases"
-	echo -e "${RED}Mail alias root NOT CONFIGURED or WRONG mail address : check KO${NC}\n"

-# Root alias configured
-else
-	# Check multiple root alias line in the file
-	line_number=$(grep -E "^[[:space:]]*root:?" /etc/mail/aliases |wc -l)
-	
-	# If linue_number different than 1
-	if [ $line_number -ne 1 ]
-	then
-		MAIL_ALIAS_CONFIG_CHECK_FAILED="${MAIL_ALIAS_CONFIG_CHECK_FAILED} more than 1 line for root mail alias, check /etc/mail/aliases and reload aliases"
-		echo -e "${RED}More than 1 line for root mail alias : check KO${NC}\n"
-	else
-		echo -e "${GREEN}Mail alias root CONFIGURED : check OK${NC}\n"
-	fi
-fi
+# root
+check_value_in_conf_file "MUNIN" "/etc/mail/aliases" "operator" "${MAIL_ALIAS_ROOT}"

+case ${?} in
+0) # OK, nothing to do
+	;;
+1) # Error (wrong number of param or other)
+	MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during operator alias check with function check_value_in_conf_file, maybe incorrect number of parameter;" 
+	;;
+2) # Unexpected value is set
+	MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" operator alias is not well configured or has other value, set operator: ${MAIL_ALIAS_ROOT};"
+	;;
+3) # All expected values are NOT configured
+	MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" operator alias is not well configured, set operator: ${MAIL_ALIAS_ROOT};"
+	;;
+*) # Unknown return code...
+	MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check operator alias;" 
+	;;
+esac
--- a/recipes/recipe_check_munin_config.sh
+++ b/recipes/recipe_check_munin_config.sh
@ -2,40 +2,48 @@ print_config_title 'CHECK MUNIN BASIC CONFIG'

 # This does not check if 'munin-node-configure --shell | sh -x' has been executed
 # This does not check if MUNIN 'monitoring server' has configured this machine
-# Check /etc/munin/munin-node.conf config file
-echo -e "Check ${BLUE}MUNIN${NC} config file /etc/munin/munin-node.conf"
-
-# Check if allow exist but different than expected (success if return code = 1)
-grep "^[[:space:]]*allow" /etc/munin/munin-node.conf |grep -q -v -e "^[[:space:]]*allow[[:space:]]*^127\\\.0\\\.0\\\.1\\$\$" -e "^[[:space:]]*allow[[:space:]]*^::1\\$\$" -e "^[[:space:]]*allow[[:space:]]*${IPV4_MASTER_MUNIN}[[:space:]]*$" -e "^[[:space:]]*allow[[:space:]]*${IPV6_MASTER_MUNIN}[[:space:]]*$"
-
-# Return Code
-RC=$?
-
-# Allow other IP than expected
-if [ $RC -eq 0 ]
-then
-	MUNIN_CONFIG_CHECK_FAILED="${MUNIN_CONFIG_CHECK_FAILED} munin-node allow connection from unexpected IP"
-	echo -e "${RED}munin-node allow connection from UNEXPECTED IP : check KO${NC}\n"
-# Does not allow unexpected IP
-else
-	# Check expected IP are configured (IPv4 and IPv6) (success if return code = 0)
-	grep -q "^[[:space:]]*allow[[:space:]]*${IPV4_MASTER_MUNIN}[[:space:]]*$" /etc/munin/munin-node.conf
-	
-	# Return Code
-	RCa=$?
-	
-	grep -q "^[[:space:]]*allow[[:space:]]*${IPV6_MASTER_MUNIN}[[:space:]]*$" /etc/munin/munin-node.conf
-	
-	# Return Code
-	RCb=$?
-
-	# Expected IP are NOT configured (IPv4 and IPv6)
-	if [ $RCa -ne 0 ] || [ $RCb -ne 0 ]
-	then
-			MUNIN_CONFIG_CHECK_FAILED="${MUNIN_CONFIG_CHECK_FAILED} All Munin Expected IP (IPv4 and IPv6) are not configured, expected :\n'allow ${IPV4_MASTER_MUNIN_PRINT}'\n'allow ${IPV6_MASTER_MUNIN_PRINT}'\nOPTIONAL : 'allow ^127\.0\.0\.1$'\nOPTIONAL : 'allow ^::1$'"
-			echo -e "${RED}All Munin Expected IP (IPv4 and IPv6) are NOT CONFIGURED : check KO${NC}\n"
-	# Expected IP are configured (IPv4 and IPv6)
-	else
-			echo -e "${GREEN}Munin expected IP are CONFIGURED : check OK${NC}\n"
-	fi
-fi
+# Check /etc/munin/munin-node.conf config file, checked parameters : allow/port
+
+
+# allow
+check_value_in_conf_file "MUNIN" "/etc/munin/munin-node.conf" "allow" '\^127\\\.0\\\.0\\\.1\$ \^::1\$'" ${IPV4_MASTER_MUNIN} ${IPV6_MASTER_MUNIN}"
+
+case ${?} in
+0) # OK, nothing to do
+	;;
+1) # Error (wrong number of param or other)
+	MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during allow check with function check_value_in_conf_file, maybe incorrect number of parameter;" 
+	;;
+2) # Unexpected value is set
+	MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" allow param is not well configured or has other value, set allow param (IPv6+IPv4) for localhost and Munin server;"
+	;;
+3) # All expected values are NOT configured
+	MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" allow param is not well configured, set allow param (IPv6+IPv4) for localhost and Munin server;"
+	;;
+*) # Unknown return code...
+	MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check allow param;" 
+	;;
+esac
+
+
+# port
+check_value_in_conf_file "MUNIN" "/etc/munin/munin-node.conf" "port" "4949"
+
+case ${?} in
+0) # OK, nothing to do
+	;;
+1) # Error (wrong number of param or other)
+	MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during port check with function check_value_in_conf_file, maybe incorrect number of parameter;" 
+	;;
+2) # Unexpected value is set
+	MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" port is not well configured or has other value, set 'port 4949';"
+	;;
+3) # All expected values are NOT configured
+	MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" port is not well configured, set 'port 4949';"
+	;;
+*) # Unknown return code...
+	MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check port;" 
+	;;
+esac
+
+
--- a/recipes/recipe_check_nrpe_config.sh
+++ b/recipes/recipe_check_nrpe_config.sh
@ -1,35 +1,67 @@
 print_config_title 'CHECK NRPE BASIC CONFIG'

-# Check /etc/nagios/nrpe.cfg config file
+# Check /etc/nagios/nrpe.cfg config file, checked parameters : allowed_hosts/nrpe_user/nrpe_group
 # This does not check if NRPE 'monitoring server' has configured this machine
-echo -e "Check ${BLUE}NRPE${NC} config file /etc/nagios/nrpe.cfg"
-
-# Check if allowed_hosts exist but different than expected (success if return code = 1)
-grep "^[[:space:]]*allowed_hosts=" /etc/nagios/nrpe.cfg | grep -q -v -e "^[[:space:]]*allowed_hosts=127.0.0.1,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64[[:space:]]*$" -e "^[[:space:]]*allowed_hosts=127.0.0.1,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24[[:space:]]*$"
-
-# Return Code
-RC=$?
-
-# allowed_hosts exist but different than expected
-if [ $RC -eq 0 ]
-then
-	NRPE_CONFIG_CHECK_FAILED="${NRPE_CONFIG_CHECK_FAILED} allowed_hosts misconfigured, expected : 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64'"
-	echo -e "${RED}Service NRPE has BAD CONFIGURATION for allowed_hosts, exist but different than expected : check KO${NC}\n"
-# allowed_hosts well configured or does not exist
-else
-	# Check if allowed_hosts is well configured (success if return code = 0)
-	grep -q -e "^[[:space:]]*allowed_hosts=127.0.0.1,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64[[:space:]]*$" -e "^[[:space:]]*allowed_hosts=127.0.0.1,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24[[:space:]]*$" /etc/nagios/nrpe.cfg
-	
-	# Return Code
-	RC=$?
-
-	# allowed_hosts miscondigured or string mismatch
-	if [ $RC -ne 0 ]
-	then
-			NRPE_CONFIG_CHECK_FAILED="${NRPE_CONFIG_CHECK_FAILED} allowed_hosts misconfigured, expected : 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64'"
-			echo -e "${RED}Service NRPE has BAD CONFIGURATION for allowed_hosts, expected configuration not found : check KO${NC}\n"
-	# allowed_hosts well configured
-	else
-			echo -e "${GREEN}Service NRPE has GOOD CONFIGURATION for allowed_hosts : check OK${NC}\n"
-	fi
-fi
+
+# allowed_hosts
+check_value_in_conf_file "NRPE" "/etc/nagios/nrpe.cfg" "allowed_hosts" "127.0.0.1,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64"
+
+case ${?} in
+0) # OK, nothing to do
+	;;
+1) # Error (wrong number of param or other)
+	NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error during allowed_hosts check with function check_value_in_conf_file, maybe incorrect number of parameter;" 
+	;;
+2) # Unexpected value is set
+	NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" allowed_hosts are not well configured or has other value, set 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64';"
+	;;
+3) # All expected values are NOT configured
+	NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" allowed_hosts are not well configured, set 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64';"
+	;;
+*) # Unknown return code...
+	NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check allowed_hosts;" 
+	;;
+esac
+
+
+# nrpe_user
+check_value_in_conf_file "NRPE" "/etc/nagios/nrpe.cfg" "nrpe_user" "nagios"
+
+case ${?} in
+0) # OK, nothing to do
+	;;
+1) # Error (wrong number of param or other)
+	NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error during nrpe_user check with function check_value_in_conf_file, maybe incorrect number of parameter;" 
+	;;
+2) # Unexpected value is set
+	NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_user is not well configured or has other value, set 'nrpe_user=nagios';"
+	;;
+3) # All expected values are NOT configured
+	NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_user is not well configured, set 'nrpe_user=nagios';"
+	;;
+*) # Unknown return code...
+	NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check nrpe_user;" 
+	;;
+esac
+
+
+# nrpe_group
+check_value_in_conf_file "NRPE" "/etc/nagios/nrpe.cfg" "nrpe_group" "nagios"
+
+case ${?} in
+0) # OK, nothing to do
+	;;
+1) # Error (wrong number of param or other)
+	NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error during nrpe_group check with function check_value_in_conf_file, maybe incorrect number of parameter;" 
+	;;
+2) # Unexpected value is set
+	NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_group is not well configured or has other value, set 'nrpe_group=nagios';"
+	;;
+3) # All expected values are NOT configured
+	NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_group is not well configured, set 'nrpe_group=nagios';"
+	;;
+*) # Unknown return code...
+	NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check nrpe_group;" 
+	;;
+esac
+
--- a/recipes/recipe_check_postfix_protocol_config.sh
+++ b/recipes/recipe_check_postfix_protocol_config.sh
@ -3,7 +3,7 @@ print_config_title 'CHECK POSTFIX BASIC CONFIG'
 # Check /etc/postfix/main.cf config file mail_owner/inet_protocols parameters

 # mail_owner
-check_value_in_conf_file "SNMP" "/etc/postfix/main.cf" "mail_owner" "postfix"
+check_value_in_conf_file "POSTFIX" "/etc/postfix/main.cf" "mail_owner" "postfix"

 case ${?} in
 0) # OK, nothing to do
@ -12,10 +12,10 @@ case ${?} in
 	POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" Error during mail_owner check with function check_value_in_conf_file, maybe incorrect number of parameter;" 
 	;;
 2) # Unexpected value is set
-	POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner are not well configured or has other value, set 'mail_owner = postfix';"
+	POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner is not well configured or has other value, set 'mail_owner = postfix';"
 	;;
 3) # All expected values are NOT configured
-	POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner are not well configured, set 'mail_owner = postfix';"
+	POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner is not well configured, set 'mail_owner = postfix';"
 	;;
 *) # Unknown return code...
 	POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check mail_owner;" 
@ -24,7 +24,7 @@ esac


 # inet_protocols
-check_value_in_conf_file "SNMP" "/etc/postfix/main.cf" "inet_protocols" "all"
+check_value_in_conf_file "POSTFIX" "/etc/postfix/main.cf" "inet_protocols" "all"

 case ${?} in
 0) # OK, nothing to do
--- a/recipes/recipe_check_snmp_config.sh
+++ b/recipes/recipe_check_snmp_config.sh
@ -1,7 +1,7 @@
 print_config_title 'CHECK SNMP BASIC CONFIG'

 # This does NOT check if SNMP 'monitoring server' has configured this machine
-# Check /etc/snmp/snmpd.conf config file agentAddress, rocommunity and trapsink/trap2sink/informsink/sysLocation/sysContact parameters
+# Check /etc/snmp/snmpd.conf config file rocommunity/agentAddress/trap2sink/informsink/sysLocation/sysContact parameters

 #agentAddress
 check_value_in_conf_file "SNMP" "/etc/snmp/snmpd.conf" "agentAddress" "udp:127.0.0.1:161 udp:${IPV4_ADMIN_LAN_IP}:161 udp6:\[::1\]:161 udp6:\[${IPV6_ADMIN_LAN_IP}\]:161"
@ -56,10 +56,10 @@ case ${?} in
 	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during trap2sink check with function check_value_in_conf_file, maybe incorrect number of parameter;" 
 	;;
 2) # Unexpected value is set
-	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink are not well configured or has other value, set 'trap2sink ${NAME_MASTER_MONITORING} public;"
+	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink is not well configured or has other value, set 'trap2sink ${NAME_MASTER_MONITORING} public;"
 	;;
 3) # All expected values are NOT configured
-	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink are not well configured, set 'trap2sink ${NAME_MASTER_MONITORING} public';"
+	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink is not well configured, set 'trap2sink ${NAME_MASTER_MONITORING} public';"
 	;;
 *) # Unknown return code...
 	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check trap2sink;" 
@ -77,10 +77,10 @@ case ${?} in
 	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during informsink check with function check_value_in_conf_file, maybe incorrect number of parameter;" 
 	;;
 2) # Unexpected value is set
-	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink are not well configured or has other value, set 'informsink ${NAME_MASTER_MONITORING} public;"
+	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink is not well configured or has other value, set 'informsink ${NAME_MASTER_MONITORING} public;"
 	;;
 3) # All expected values are NOT configured
-	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink are not well configured, set 'informsink ${NAME_MASTER_MONITORING} public';"
+	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink is not well configured, set 'informsink ${NAME_MASTER_MONITORING} public';"
 	;;
 *) # Unknown return code...
 	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check informsink;" 
@ -98,10 +98,10 @@ case ${?} in
 	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during sysLocation check with function check_value_in_conf_file, maybe incorrect number of parameter;" 
 	;;
 2) # Unexpected value is set
-	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation are not well configured or has other value, set 'sysLocation ${DC}';"
+	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation is not well configured or has other value, set 'sysLocation ${DC}';"
 	;;
 3) # All expected values are NOT configured
-	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation are not well configured, set 'sysLocation ${DC}';"
+	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation is not well configured, set 'sysLocation ${DC}';"
 	;;
 *) # Unknown return code...
 	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check sysLocation;" 
@ -119,10 +119,10 @@ case ${?} in
 	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during sysContact check with function check_value_in_conf_file, maybe incorrect number of parameter;" 
 	;;
 2) # Unexpected value is set
-	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact are not well configured or has other value, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
+	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact is not well configured or has other value, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
 	;;
 3) # All expected values are NOT configured
-	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact are not well configured, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
+	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact is not well configured, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
 	;;
 *) # Unknown return code...
 	SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check sysContact;" 
--- a/recipes/recipe_check_ssh_config.sh
+++ b/recipes/recipe_check_ssh_config.sh
@ -1,5 +1,7 @@
 print_config_title 'CHECK SSH CONFIG'

+
+# PasswordAuthentication
 check_value_in_conf_file "SSH" "/etc/ssh/sshd_config" "PasswordAuthentication" "no"

 case ${?} in
@ -19,6 +21,8 @@ case ${?} in
 	;;
 esac

+
+# PermitRootLogin
 check_value_in_conf_file "SSH" "/etc/ssh/sshd_config" "PermitRootLogin" "no"

 case ${?} in
@ -38,6 +42,8 @@ case ${?} in
 	;;
 esac

+
+# ListenAddress
 check_value_in_conf_file "SSH" "/etc/ssh/sshd_config" "ListenAddress" "${IPV4_ADMIN_LAN_IP} ${IPV6_ADMIN_LAN_IP}"

 case ${?} in
--- a/vars.sh
+++ b/vars.sh
@ -1,83 +1,111 @@
-GREP="/bin/grep"
-ECHO="/bin/echo"
-EMERGE="/usr/bin/emerge"
-NSLOOKUP="/usr/bin/nslookup"
-IP="/bin/ip"
-HOSTNAME="/bin/hostname"
-AWK="/bin/awk"
-SED="/bin/sed"
-CUT="/bin/cut"
-TR="/bin/tr"
-PING="/bin/ping"
+# Set absolute PATH for tools
+export GREP="/bin/grep"
+export ECHO="/bin/echo"
+export EMERGE="/usr/bin/emerge"
+export NSLOOKUP="/usr/bin/nslookup"
+export IP="/bin/ip"
+export HOSTNAME="/bin/hostname"
+export AWK="/bin/awk"
+export SED="/bin/sed"
+export CUT="/bin/cut"
+export TR="/bin/tr"
+export PING="/bin/ping"
+export CURL="/usr/bin/curl"
+export JQ="/usr/bin/jq"

 # Packages to check (it's a list to simplify comment)
-PACKAGES=(
-#	'virtual/ssh'
-#	'app-admin/rsyslog'
-#	'net-misc/ntp'
-#	'app-backup/borgbackup'
-#	'virtual/cron'
-#	'sys-process/cronie'
-#	'net-analyzer/munin'
-#	'app-portage/eix',
-#	'app-portage/gentoolkit',
-#	'app-portage/genlop',
-#	'app-misc/tmux',
-#	'net-analyzer/tcpdump',
-#	'app-editors/vim',
-#	'sys-process/htop-2.2.0',
-#	'app-admin/sysklogd'
-#	'dev-vcs/git'
-#	'net-analyzer/nrpe'
-#	'net-analyzer/net-snmp'
-#	'net-dns/bind-tools'
-#	'dev-vcs/git'
-#	'mail-mta/postfix'
-#	'mail-mta/eeeepostfix'
-	)
+export PACKAGES="
+	virtual/ssh
+	app-admin/rsyslog
+	net-misc/ntp
+	app-backup/borgbackup
+	virtual/cron
+	sys-process/cronie
+	net-analyzer/munin
+	app-portage/eix'
+	app-portage/gentoolkit'
+	app-portage/genlop'
+	app-misc/tmux'
+	net-analyzer/tcpdump'
+	app-editors/vim'
+	sys-process/htop-2.2.0'
+	app-admin/sysklogd
+	dev-vcs/git
+	net-analyzer/nrpe
+	net-analyzer/net-snmp
+	net-dns/bind-tools
+	dev-vcs/git
+	mail-mta/postfix
+	mail-mta/postfix
+	app-admin/sudo
+	"

 # Package to check if it's a physical machine
-PACKAGES_PHYSICAL=(
-	'sys-apps/smartmontools'
-	)
+export PACKAGES_PHYSICAL="
+	sys-apps/smartmontools
+	"

-NAMES_TO_RESOLV_AND_PING=(
-	'grifon.fr'
-	'arn-fai.net'
-	'grifonfesfdsfdsf.fr'
-	)
+# Hostname to be resolved in recipes
+export NAMES_TO_RESOLV_AND_PING="
+	grifon.fr
+	arn-fai.net
+	grifonfesfdsfdsf.fr
+	"

-RESOLVERS=(
-	'2a00:5884::7'
-	'89.234.186.4'
-	)
+# Resolver to check if they are in /etc/resolv.conf
+export RESOLVERS="
+	2a00:5884::7
+	89.234.186.4
+	"

-SERVICES_TO_CHECK=(
-	'rsyslog'
-	'ntpd'
-	'munin-node'
-	'iptables'
-	'ip6tables'
-	'sshd'
-	'postfix'
-	'nrpe'
-	'snmpd'
-	'hostname'
-	)
+# Services to check if they are working/running
+export SERVICES_TO_CHECK="
+	rsyslog
+	ntpd
+	munin-node
+	iptables
+	ip6tables
+	sshd
+	postfix
+	nrpe
+	snmpd
+	hostname
+	"

-SERVICES_TO_CHECK_PHYSICAL=(
-	'smard'
-	)
+# Same but with physical host services 
+export SERVICES_TO_CHECK_PHYSICAL="
+	smard
+	"

-IPV4_ADMIN_NETWORK="172.16.0."
-IPV6_ADMIN_NETWORK="fd01:1e02:40:"
+# Admin network
+export IPV4_ADMIN_NETWORK="111.111.111."
+export IPV6_ADMIN_NETWORK="1111:1111:1111:"

-NAME_MASTER_MONITORING=""
+# AS IPs ranges
+export RANGE_IPV4_1_NETWORK="111.111.111."
+export RANGE_IPV4_2_NETWORK="111.111.112."
+export RANGE_IPV6_NETWORK="1111:1111:"

-IPV4_MASTER_MUNIN='^172\\\.16\\\.0\\\.13\$'
-IPV6_MASTER_MUNIN='^fd01:1e02:40::3\$'
-IPV4_MASTER_MUNIN_PRINT='^172\.16\.0\.13$'
-IPV6_MASTER_MUNIN_PRINT='^fd01:1e02:40::3$'
+# Admin hostname of the Monitoring server (Munin + libreNMS)
+export NAME_MASTER_MONITORING="conan.grif"

-MAIL_ALIAS_ROOT="admin6@email.emailr"
+# Address of the Monitoring server in Munin's configuration format
+export IPV4_MASTER_MUNIN='^111\\\.111\\\.111\\\.111\$'
+export IPV6_MASTER_MUNIN='^111:111:111::1\$'

+# root/operator aliases for mailing
+export MAIL_ALIAS_ROOT="adminsys@grifon.fr"
+
+# General informations
+export DC="The DC of City"
+export DC_for_function_check_value_in_conf_file=$(echo -e ${DC} | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | sed -e 's/[[:space:]]/[[:space:]]*/g')
+export ENTITY="Entity"
+export ENTITY_for_function_check_value_in_conf_file=$(echo -e ${ENTITY} | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | sed -e 's/[[:space:]]/[[:space:]]*/g')
+
+
+# User and password to request a token on phpIPAM API
+export USER_IPAM='user'
+export PASSWORD_IPAM='password'
+
+# URL of the API
+export URL="https://ipam.example/api/${USER_IPAM}"