Modification : script design, lots of minor updates
This commit is contained in:
parent
5976e4c7bd
commit
1dbccd4f0a
15
README.md
15
README.md
|
@ -11,7 +11,6 @@ TO DO :
|
||||||
- Reorganise script to limit text repetitions (make functions for example)
|
- Reorganise script to limit text repetitions (make functions for example)
|
||||||
- Check if sending a mail works (find a way to check)
|
- Check if sending a mail works (find a way to check)
|
||||||
- Check detailled DNS records (PTR, A, AAAA)
|
- Check detailled DNS records (PTR, A, AAAA)
|
||||||
- Check if files in etc need to be updated (etc-update)
|
|
||||||
- Check if borgbackup is configured (+ connexion to backup server)
|
- Check if borgbackup is configured (+ connexion to backup server)
|
||||||
- Check if auto-update script is configured
|
- Check if auto-update script is configured
|
||||||
- Portage configuration (for VM and Physical)
|
- Portage configuration (for VM and Physical)
|
||||||
|
@ -21,15 +20,15 @@ Checked point :
|
||||||
- Check requirements
|
- Check requirements
|
||||||
- Installed packages
|
- Installed packages
|
||||||
- Hostname configuration
|
- Hostname configuration
|
||||||
- DNS configuration (resolve external name, configured nameserver and check if all IPs are configured in DNS)
|
- DNS configuration (resolve external name, configured nameserver and check if all IPs (scope global) are configured in DNS)
|
||||||
- Ping external machine for IPv4 and IPv6
|
- Ping external machine for IPv4 and IPv6
|
||||||
- If Admin IPs are configured
|
- If Admin IPs are configured
|
||||||
- Services status
|
- Services status
|
||||||
- SSH configuration (PasswordAuthentication no, PermitRootLogin no, and ListenAddress only on Admin LAN)
|
- SSH configuration (PasswordAuthentication no, PermitRootLogin no, and ListenAddress only on Admin LAN)
|
||||||
- NRPE basic configuration (allowed_hosts)
|
- NRPE basic configuration (allowed_hosts, nrpe_user and nrpe_group)
|
||||||
- MUNIN basic configuration (allow)
|
- MUNIN basic configuration (allow and port)
|
||||||
- SNMP basic config (gentAddress, rocommunity and trapsink/trap2sink)
|
- SNMP basic config (agentAddress, rocommunity, trap2sink, informsink, sysLocation and sysContact)
|
||||||
- Mail alias configuration (root mail alias configured)
|
- Mail alias configuration (root and operator mail alias configured)
|
||||||
- Check postfix config (inet_protocols)
|
- Check postfix config (inet_protocols, mail_owner)
|
||||||
- Add to check service if they are enabled
|
- Add to check service if they are enabled
|
||||||
- Check if IPs are recorded in IPAM
|
- Check if IPs (scope global) are recorded in IPAM
|
||||||
|
|
|
@ -2,30 +2,29 @@
|
||||||
|
|
||||||
# Recipe script for a Gentoo system to check basic configuration
|
# Recipe script for a Gentoo system to check basic configuration
|
||||||
|
|
||||||
# Define colors
|
# Define colors to print messages
|
||||||
export RED='\033[1;31m'
|
export RED='\033[1;31m'
|
||||||
export BLUE='\033[1;34m'
|
export BLUE='\033[1;34m'
|
||||||
export GREEN='\033[1;32m'
|
export GREEN='\033[1;32m'
|
||||||
# No Color
|
export NC='\033[0m' # No Color
|
||||||
export NC='\033[0m'
|
|
||||||
|
|
||||||
REQUIREMENTS="CURL GREP ECHO EMERGE NSLOOKUP IP HOSTNAME AWK SED CUT TR PING JQ CURL"
|
|
||||||
|
|
||||||
# Be sure only root can run the script
|
# Be sure only root can run the script
|
||||||
if [ "$(id -u)" != "0" ]; then
|
if [ "$(id -u)" != "0" ]; then
|
||||||
echo "ERROR : This script must be run as root" 1>&2
|
echo -e "${RED}ERROR : This script must be run as root${NC}" 1>&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Load variables
|
||||||
VARS_FILE='./vars.sh'
|
VARS_FILE='./vars.sh'
|
||||||
if [ -f ${VARS_FILE} ]; then
|
if [ -f ${VARS_FILE} ]; then
|
||||||
source ${VARS_FILE}
|
source ${VARS_FILE}
|
||||||
else
|
else
|
||||||
echo "ERROR : vars file ${VARS_FILE} not found" 1>&2
|
echo -e "${RED}ERROR : vars file ${VARS_FILE} not found${NC}" 1>&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check requirements
|
# Check requirements
|
||||||
|
REQUIREMENTS="CURL GREP ECHO EMERGE NSLOOKUP IP HOSTNAME AWK SED CUT TR PING JQ"
|
||||||
for requirement in $REQUIREMENTS
|
for requirement in $REQUIREMENTS
|
||||||
do
|
do
|
||||||
# Check if requirement tool exit on the system
|
# Check if requirement tool exit on the system
|
||||||
|
@ -36,35 +35,17 @@ do
|
||||||
|
|
||||||
if [ ${RC} -ne 0 ]
|
if [ ${RC} -ne 0 ]
|
||||||
then
|
then
|
||||||
echo "ERROR : ${requirement} ($(eval echo "\$${requirement}")) is required to use this script. Requirements are : ${REQUIREMENTS}."
|
echo -e "${RED}ERROR : ${requirement} ($(eval echo "\$${requirement}")) is required to use this script. Requirements are : ${REQUIREMENTS}${NC}"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# Variables used to print the summary messages at the and of the script
|
||||||
|
|
||||||
# Print packages not installed or with error at end script
|
|
||||||
export PACKAGES_TO_CHECK=""
|
export PACKAGES_TO_CHECK=""
|
||||||
export RESOLV_FAILED=""
|
export RESOLV_FAILED=""
|
||||||
export RESOLVER_NOT_IN_ETC_RESOLVCONF=""
|
export RESOLVER_NOT_IN_ETC_RESOLVCONF=""
|
||||||
export IP_NOT_RECORDED_IN_DNS=""
|
export IP_NOT_RECORDED_IN_DNS=""
|
||||||
export PING_FAILED=""
|
export PING_FAILED=""
|
||||||
|
|
||||||
# Get ALL locales IPs except loopback
|
|
||||||
export LOCALES_IP_WITHOUT_LOOPBACK=$(ip addr show scope global | awk '/inet/ { sub(/\/.*$/, "", $2); print $2 }' | sort | uniq)
|
|
||||||
|
|
||||||
export IPV6_ADMIN_LAN_IP=$(echo ${LOCALES_IP_WITHOUT_LOOPBACK} | tr " " "\n" | grep ^${IPV6_ADMIN_NETWORK})
|
|
||||||
export IPV4_ADMIN_LAN_IP=$(echo ${LOCALES_IP_WITHOUT_LOOPBACK} | tr " " "\n" | grep ^${IPV4_ADMIN_NETWORK})
|
|
||||||
|
|
||||||
export BOOL_ADMIN_IPV4_NOT_CONFIGURED=0
|
|
||||||
export BOOL_ADMIN_IPV6_NOT_CONFIGURED=0
|
|
||||||
|
|
||||||
# Print services not started or with error at end script
|
|
||||||
export SERVICES_NOT_STARTED_OR_ERROR=""
|
|
||||||
|
|
||||||
# Print message at end script if hostname *.grif or *.grifon.fr not configured
|
|
||||||
export BOOL_CHECK_HOSTNAME=0
|
|
||||||
|
|
||||||
export SSH_CONFIG_CHECK_FAILED=""
|
export SSH_CONFIG_CHECK_FAILED=""
|
||||||
export NRPE_CONFIG_CHECK_FAILED=""
|
export NRPE_CONFIG_CHECK_FAILED=""
|
||||||
export MUNIN_CONFIG_CHECK_FAILED=""
|
export MUNIN_CONFIG_CHECK_FAILED=""
|
||||||
|
@ -72,7 +53,17 @@ export MAIL_ALIAS_CONFIG_CHECK_FAILED=""
|
||||||
export SNMP_CONFIG_CHECK_FAILED=""
|
export SNMP_CONFIG_CHECK_FAILED=""
|
||||||
export POSTFIX_CONFIG_CHECK_FAILED=""
|
export POSTFIX_CONFIG_CHECK_FAILED=""
|
||||||
export IPAM_CONFIG_CHECK_FAILED=""
|
export IPAM_CONFIG_CHECK_FAILED=""
|
||||||
|
export SERVICES_NOT_STARTED_OR_ERROR=""
|
||||||
|
export BOOL_CHECK_HOSTNAME=0 # Print message at end script if hostname *.grif or *.grifon.fr not configured
|
||||||
|
export BOOL_ADMIN_IPV4_NOT_CONFIGURED=0
|
||||||
|
export BOOL_ADMIN_IPV6_NOT_CONFIGURED=0
|
||||||
|
|
||||||
|
# Get ALL locales IPs except loopback
|
||||||
|
export LOCALES_IP_WITHOUT_LOOPBACK=$(ip addr show scope global | awk '/inet/ { sub(/\/.*$/, "", $2); print $2 }' | sort | uniq)
|
||||||
|
export IPV6_ADMIN_LAN_IP=$(echo ${LOCALES_IP_WITHOUT_LOOPBACK} | tr " " "\n" | grep ^${IPV6_ADMIN_NETWORK})
|
||||||
|
export IPV4_ADMIN_LAN_IP=$(echo ${LOCALES_IP_WITHOUT_LOOPBACK} | tr " " "\n" | grep ^${IPV4_ADMIN_NETWORK})
|
||||||
|
|
||||||
|
# Help message
|
||||||
usage() {
|
usage() {
|
||||||
printf "Usage: ./recipe_gentoo.sh [--physical]\n"
|
printf "Usage: ./recipe_gentoo.sh [--physical]\n"
|
||||||
printf "option : \t-P, --physical : if the current server is not a VM but a physical machine\n"
|
printf "option : \t-P, --physical : if the current server is not a VM but a physical machine\n"
|
||||||
|
@ -82,7 +73,7 @@ usage() {
|
||||||
# Check parameters
|
# Check parameters
|
||||||
if [ $1 ]; then
|
if [ $1 ]; then
|
||||||
if [ $# -gt 1 ]; then
|
if [ $# -gt 1 ]; then
|
||||||
echo "ERROR : to much parameters (one MAX)"
|
echo -e "${RED}ERROR : to much parameters (one MAX)${NC}"
|
||||||
usage
|
usage
|
||||||
exit 0
|
exit 0
|
||||||
# Print help
|
# Print help
|
||||||
|
@ -95,12 +86,13 @@ if [ $1 ]; then
|
||||||
SERVICES_TO_CHECK+=(${SERVICES_TO_CHECK_PHYSICAL[@]})
|
SERVICES_TO_CHECK+=(${SERVICES_TO_CHECK_PHYSICAL[@]})
|
||||||
# If unknown parameter
|
# If unknown parameter
|
||||||
else
|
else
|
||||||
echo "ERROR : unknown parameter"
|
echo -e "${RED}ERROR : unknown parameter${NC}"
|
||||||
usage
|
usage
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Load common functions
|
||||||
. recipes/common_functions.sh
|
. recipes/common_functions.sh
|
||||||
|
|
||||||
print_config_title 'RECIPE GENTOO - CHECK BASIC CONFIG'
|
print_config_title 'RECIPE GENTOO - CHECK BASIC CONFIG'
|
||||||
|
@ -109,7 +101,7 @@ print_config_title 'RECIPE GENTOO - CHECK BASIC CONFIG'
|
||||||
|
|
||||||
#. recipes/recipe_check_packages.sh
|
#. recipes/recipe_check_packages.sh
|
||||||
|
|
||||||
. recipes/recipe_check_hostname.sh
|
#. recipes/recipe_check_hostname.sh
|
||||||
|
|
||||||
#. recipes/recipe_check_dns_config.sh
|
#. recipes/recipe_check_dns_config.sh
|
||||||
|
|
||||||
|
@ -123,11 +115,11 @@ print_config_title 'RECIPE GENTOO - CHECK BASIC CONFIG'
|
||||||
|
|
||||||
#. recipes/recipe_check_nrpe_config.sh
|
#. recipes/recipe_check_nrpe_config.sh
|
||||||
|
|
||||||
#. recipes/recipe_check_munin_config.sh
|
. recipes/recipe_check_munin_config.sh
|
||||||
|
|
||||||
#. recipes/recipe_check_snmp_config.sh
|
#. recipes/recipe_check_snmp_config.sh
|
||||||
|
|
||||||
#. recipes/recipe_check_mail_alias_config.sh
|
. recipes/recipe_check_mail_alias_config.sh
|
||||||
|
|
||||||
#. recipes/recipe_check_postfix_protocol_config.sh
|
#. recipes/recipe_check_postfix_protocol_config.sh
|
||||||
|
|
||||||
|
|
|
@ -3,8 +3,9 @@
|
||||||
# Parameters
|
# Parameters
|
||||||
# - 1 : name of service (ex : SSH)
|
# - 1 : name of service (ex : SSH)
|
||||||
# - 2 : config file (ex : /etc/ssh/sshd_config)
|
# - 2 : config file (ex : /etc/ssh/sshd_config)
|
||||||
# - 3 : expected pattern to search without start and end spaces, can be multiple (ex : ListenAddress[[:space:]]*${IPV4_ADMIN_LAN_IP} ListenAddress[[:space:]]*${IPV6_ADMIN_LAN_IP})
|
# - 3 : name of param key (ex : ListenAddress)
|
||||||
# - 4 : name of param key (ex : ListenAddress)
|
# - 4 : expected pattern to search without start and end spaces, can be multiple (ex : ${IPV4_ADMIN_LAN_IP} ${IPV6_ADMIN_LAN_IP})
|
||||||
|
# Note for 4th parameter, if there is a space in one param, you can use regex like [[:space::]]
|
||||||
#
|
#
|
||||||
# Return = 0 -> OK value is set
|
# Return = 0 -> OK value is set
|
||||||
# Return = 1 -> Error (wrong number of param or other)
|
# Return = 1 -> Error (wrong number of param or other)
|
||||||
|
@ -131,6 +132,7 @@ print_config_title () {
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Get title param
|
||||||
title=${1}
|
title=${1}
|
||||||
basic_len=48
|
basic_len=48
|
||||||
|
|
||||||
|
@ -138,8 +140,6 @@ print_config_title () {
|
||||||
title_len=$(echo -n " ${title} " | wc -c)
|
title_len=$(echo -n " ${title} " | wc -c)
|
||||||
modulo2=$((${title_len} % 2))
|
modulo2=$((${title_len} % 2))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Echo title with 48 chars
|
# Echo title with 48 chars
|
||||||
echo "------------------------------------------------"
|
echo "------------------------------------------------"
|
||||||
# If title_len <= 48
|
# If title_len <= 48
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
print_config_title 'CHECK IPAM CONFIG'
|
print_config_title 'CHECK IPAM CONFIG'
|
||||||
|
|
||||||
|
# Get IPAM Token
|
||||||
RES_AUTHENT=$(${CURL} -k -X POST --user ${USER_IPAM}:${PASSWORD_IPAM} ${URL}/user/ 2>/dev/null)
|
RES_AUTHENT=$(${CURL} -k -X POST --user ${USER_IPAM}:${PASSWORD_IPAM} ${URL}/user/ 2>/dev/null)
|
||||||
CODE_RETOUR_RES_AUTHENT=$(echo ${RES_AUTHENT} | jq '.code')
|
CODE_RETOUR_RES_AUTHENT=$(echo ${RES_AUTHENT} | jq '.code')
|
||||||
TOKEN=$(echo ${RES_AUTHENT} | jq -r '.data.token')
|
TOKEN=$(echo ${RES_AUTHENT} | jq -r '.data.token')
|
||||||
|
|
|
@ -1,33 +1,45 @@
|
||||||
print_config_title 'CHECK MAIL ALIAS CONFIG'
|
print_config_title 'CHECK MAIL ALIAS CONFIG'
|
||||||
|
|
||||||
# This does not check if send mail works and if alias have been reloaded
|
# This does not check if send mail works and if alias have been reloaded
|
||||||
# Check /etc/mail/aliases config file
|
# Check /etc/mail/aliases config file, checked param : root/operator
|
||||||
echo -e "Check ${BLUE}MAIL ALIAS${NC} config file /etc/mail/aliases"
|
|
||||||
|
|
||||||
# Check if root alias is configured
|
# root
|
||||||
grep -q -E "^[[:space:]]*root:?[[:space:]]*${MAIL_ALIAS_ROOT}[[:space:]]*$" /etc/mail/aliases
|
check_value_in_conf_file "MUNIN" "/etc/mail/aliases" "root" "${MAIL_ALIAS_ROOT}"
|
||||||
|
|
||||||
# Return Code
|
case ${?} in
|
||||||
RC=$?
|
0) # OK, nothing to do
|
||||||
|
;;
|
||||||
|
1) # Error (wrong number of param or other)
|
||||||
|
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during root alias check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
||||||
|
;;
|
||||||
|
2) # Unexpected value is set
|
||||||
|
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" root alias is not well configured or has other value, set root: ${MAIL_ALIAS_ROOT};"
|
||||||
|
;;
|
||||||
|
3) # All expected values are NOT configured
|
||||||
|
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" root alias is not well configured, set root: ${MAIL_ALIAS_ROOT};"
|
||||||
|
;;
|
||||||
|
*) # Unknown return code...
|
||||||
|
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check root alias;"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
# Root alias not configured
|
|
||||||
if [ $RC -ne 0 ]
|
|
||||||
then
|
|
||||||
MAIL_ALIAS_CONFIG_CHECK_FAILED="${MAIL_ALIAS_CONFIG_CHECK_FAILED} root alias NOT CONFIGURED or WRONG mail address, check /etc/mail/aliases and reload aliases"
|
|
||||||
echo -e "${RED}Mail alias root NOT CONFIGURED or WRONG mail address : check KO${NC}\n"
|
|
||||||
|
|
||||||
# Root alias configured
|
# root
|
||||||
else
|
check_value_in_conf_file "MUNIN" "/etc/mail/aliases" "operator" "${MAIL_ALIAS_ROOT}"
|
||||||
# Check multiple root alias line in the file
|
|
||||||
line_number=$(grep -E "^[[:space:]]*root:?" /etc/mail/aliases |wc -l)
|
|
||||||
|
|
||||||
# If linue_number different than 1
|
|
||||||
if [ $line_number -ne 1 ]
|
|
||||||
then
|
|
||||||
MAIL_ALIAS_CONFIG_CHECK_FAILED="${MAIL_ALIAS_CONFIG_CHECK_FAILED} more than 1 line for root mail alias, check /etc/mail/aliases and reload aliases"
|
|
||||||
echo -e "${RED}More than 1 line for root mail alias : check KO${NC}\n"
|
|
||||||
else
|
|
||||||
echo -e "${GREEN}Mail alias root CONFIGURED : check OK${NC}\n"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
case ${?} in
|
||||||
|
0) # OK, nothing to do
|
||||||
|
;;
|
||||||
|
1) # Error (wrong number of param or other)
|
||||||
|
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during operator alias check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
||||||
|
;;
|
||||||
|
2) # Unexpected value is set
|
||||||
|
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" operator alias is not well configured or has other value, set operator: ${MAIL_ALIAS_ROOT};"
|
||||||
|
;;
|
||||||
|
3) # All expected values are NOT configured
|
||||||
|
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" operator alias is not well configured, set operator: ${MAIL_ALIAS_ROOT};"
|
||||||
|
;;
|
||||||
|
*) # Unknown return code...
|
||||||
|
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check operator alias;"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
|
@ -2,40 +2,48 @@ print_config_title 'CHECK MUNIN BASIC CONFIG'
|
||||||
|
|
||||||
# This does not check if 'munin-node-configure --shell | sh -x' has been executed
|
# This does not check if 'munin-node-configure --shell | sh -x' has been executed
|
||||||
# This does not check if MUNIN 'monitoring server' has configured this machine
|
# This does not check if MUNIN 'monitoring server' has configured this machine
|
||||||
# Check /etc/munin/munin-node.conf config file
|
# Check /etc/munin/munin-node.conf config file, checked parameters : allow/port
|
||||||
echo -e "Check ${BLUE}MUNIN${NC} config file /etc/munin/munin-node.conf"
|
|
||||||
|
|
||||||
# Check if allow exist but different than expected (success if return code = 1)
|
|
||||||
grep "^[[:space:]]*allow" /etc/munin/munin-node.conf |grep -q -v -e "^[[:space:]]*allow[[:space:]]*^127\\\.0\\\.0\\\.1\\$\$" -e "^[[:space:]]*allow[[:space:]]*^::1\\$\$" -e "^[[:space:]]*allow[[:space:]]*${IPV4_MASTER_MUNIN}[[:space:]]*$" -e "^[[:space:]]*allow[[:space:]]*${IPV6_MASTER_MUNIN}[[:space:]]*$"
|
|
||||||
|
|
||||||
# Return Code
|
# allow
|
||||||
RC=$?
|
check_value_in_conf_file "MUNIN" "/etc/munin/munin-node.conf" "allow" '\^127\\\.0\\\.0\\\.1\$ \^::1\$'" ${IPV4_MASTER_MUNIN} ${IPV6_MASTER_MUNIN}"
|
||||||
|
|
||||||
# Allow other IP than expected
|
case ${?} in
|
||||||
if [ $RC -eq 0 ]
|
0) # OK, nothing to do
|
||||||
then
|
;;
|
||||||
MUNIN_CONFIG_CHECK_FAILED="${MUNIN_CONFIG_CHECK_FAILED} munin-node allow connection from unexpected IP"
|
1) # Error (wrong number of param or other)
|
||||||
echo -e "${RED}munin-node allow connection from UNEXPECTED IP : check KO${NC}\n"
|
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during allow check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
||||||
# Does not allow unexpected IP
|
;;
|
||||||
else
|
2) # Unexpected value is set
|
||||||
# Check expected IP are configured (IPv4 and IPv6) (success if return code = 0)
|
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" allow param is not well configured or has other value, set allow param (IPv6+IPv4) for localhost and Munin server;"
|
||||||
grep -q "^[[:space:]]*allow[[:space:]]*${IPV4_MASTER_MUNIN}[[:space:]]*$" /etc/munin/munin-node.conf
|
;;
|
||||||
|
3) # All expected values are NOT configured
|
||||||
|
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" allow param is not well configured, set allow param (IPv6+IPv4) for localhost and Munin server;"
|
||||||
|
;;
|
||||||
|
*) # Unknown return code...
|
||||||
|
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check allow param;"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
# Return Code
|
|
||||||
RCa=$?
|
|
||||||
|
|
||||||
grep -q "^[[:space:]]*allow[[:space:]]*${IPV6_MASTER_MUNIN}[[:space:]]*$" /etc/munin/munin-node.conf
|
# port
|
||||||
|
check_value_in_conf_file "MUNIN" "/etc/munin/munin-node.conf" "port" "4949"
|
||||||
|
|
||||||
|
case ${?} in
|
||||||
|
0) # OK, nothing to do
|
||||||
|
;;
|
||||||
|
1) # Error (wrong number of param or other)
|
||||||
|
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during port check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
||||||
|
;;
|
||||||
|
2) # Unexpected value is set
|
||||||
|
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" port is not well configured or has other value, set 'port 4949';"
|
||||||
|
;;
|
||||||
|
3) # All expected values are NOT configured
|
||||||
|
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" port is not well configured, set 'port 4949';"
|
||||||
|
;;
|
||||||
|
*) # Unknown return code...
|
||||||
|
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check port;"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
# Return Code
|
|
||||||
RCb=$?
|
|
||||||
|
|
||||||
# Expected IP are NOT configured (IPv4 and IPv6)
|
|
||||||
if [ $RCa -ne 0 ] || [ $RCb -ne 0 ]
|
|
||||||
then
|
|
||||||
MUNIN_CONFIG_CHECK_FAILED="${MUNIN_CONFIG_CHECK_FAILED} All Munin Expected IP (IPv4 and IPv6) are not configured, expected :\n'allow ${IPV4_MASTER_MUNIN_PRINT}'\n'allow ${IPV6_MASTER_MUNIN_PRINT}'\nOPTIONAL : 'allow ^127\.0\.0\.1$'\nOPTIONAL : 'allow ^::1$'"
|
|
||||||
echo -e "${RED}All Munin Expected IP (IPv4 and IPv6) are NOT CONFIGURED : check KO${NC}\n"
|
|
||||||
# Expected IP are configured (IPv4 and IPv6)
|
|
||||||
else
|
|
||||||
echo -e "${GREEN}Munin expected IP are CONFIGURED : check OK${NC}\n"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
|
@ -1,35 +1,67 @@
|
||||||
print_config_title 'CHECK NRPE BASIC CONFIG'
|
print_config_title 'CHECK NRPE BASIC CONFIG'
|
||||||
|
|
||||||
# Check /etc/nagios/nrpe.cfg config file
|
# Check /etc/nagios/nrpe.cfg config file, checked parameters : allowed_hosts/nrpe_user/nrpe_group
|
||||||
# This does not check if NRPE 'monitoring server' has configured this machine
|
# This does not check if NRPE 'monitoring server' has configured this machine
|
||||||
echo -e "Check ${BLUE}NRPE${NC} config file /etc/nagios/nrpe.cfg"
|
|
||||||
|
|
||||||
# Check if allowed_hosts exist but different than expected (success if return code = 1)
|
# allowed_hosts
|
||||||
grep "^[[:space:]]*allowed_hosts=" /etc/nagios/nrpe.cfg | grep -q -v -e "^[[:space:]]*allowed_hosts=127.0.0.1,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64[[:space:]]*$" -e "^[[:space:]]*allowed_hosts=127.0.0.1,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24[[:space:]]*$"
|
check_value_in_conf_file "NRPE" "/etc/nagios/nrpe.cfg" "allowed_hosts" "127.0.0.1,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64"
|
||||||
|
|
||||||
# Return Code
|
case ${?} in
|
||||||
RC=$?
|
0) # OK, nothing to do
|
||||||
|
;;
|
||||||
|
1) # Error (wrong number of param or other)
|
||||||
|
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error during allowed_hosts check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
||||||
|
;;
|
||||||
|
2) # Unexpected value is set
|
||||||
|
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" allowed_hosts are not well configured or has other value, set 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64';"
|
||||||
|
;;
|
||||||
|
3) # All expected values are NOT configured
|
||||||
|
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" allowed_hosts are not well configured, set 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64';"
|
||||||
|
;;
|
||||||
|
*) # Unknown return code...
|
||||||
|
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check allowed_hosts;"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
# allowed_hosts exist but different than expected
|
|
||||||
if [ $RC -eq 0 ]
|
|
||||||
then
|
|
||||||
NRPE_CONFIG_CHECK_FAILED="${NRPE_CONFIG_CHECK_FAILED} allowed_hosts misconfigured, expected : 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64'"
|
|
||||||
echo -e "${RED}Service NRPE has BAD CONFIGURATION for allowed_hosts, exist but different than expected : check KO${NC}\n"
|
|
||||||
# allowed_hosts well configured or does not exist
|
|
||||||
else
|
|
||||||
# Check if allowed_hosts is well configured (success if return code = 0)
|
|
||||||
grep -q -e "^[[:space:]]*allowed_hosts=127.0.0.1,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64[[:space:]]*$" -e "^[[:space:]]*allowed_hosts=127.0.0.1,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24[[:space:]]*$" /etc/nagios/nrpe.cfg
|
|
||||||
|
|
||||||
# Return Code
|
# nrpe_user
|
||||||
RC=$?
|
check_value_in_conf_file "NRPE" "/etc/nagios/nrpe.cfg" "nrpe_user" "nagios"
|
||||||
|
|
||||||
|
case ${?} in
|
||||||
|
0) # OK, nothing to do
|
||||||
|
;;
|
||||||
|
1) # Error (wrong number of param or other)
|
||||||
|
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error during nrpe_user check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
||||||
|
;;
|
||||||
|
2) # Unexpected value is set
|
||||||
|
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_user is not well configured or has other value, set 'nrpe_user=nagios';"
|
||||||
|
;;
|
||||||
|
3) # All expected values are NOT configured
|
||||||
|
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_user is not well configured, set 'nrpe_user=nagios';"
|
||||||
|
;;
|
||||||
|
*) # Unknown return code...
|
||||||
|
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check nrpe_user;"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
|
||||||
|
# nrpe_group
|
||||||
|
check_value_in_conf_file "NRPE" "/etc/nagios/nrpe.cfg" "nrpe_group" "nagios"
|
||||||
|
|
||||||
|
case ${?} in
|
||||||
|
0) # OK, nothing to do
|
||||||
|
;;
|
||||||
|
1) # Error (wrong number of param or other)
|
||||||
|
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error during nrpe_group check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
||||||
|
;;
|
||||||
|
2) # Unexpected value is set
|
||||||
|
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_group is not well configured or has other value, set 'nrpe_group=nagios';"
|
||||||
|
;;
|
||||||
|
3) # All expected values are NOT configured
|
||||||
|
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_group is not well configured, set 'nrpe_group=nagios';"
|
||||||
|
;;
|
||||||
|
*) # Unknown return code...
|
||||||
|
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check nrpe_group;"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
# allowed_hosts miscondigured or string mismatch
|
|
||||||
if [ $RC -ne 0 ]
|
|
||||||
then
|
|
||||||
NRPE_CONFIG_CHECK_FAILED="${NRPE_CONFIG_CHECK_FAILED} allowed_hosts misconfigured, expected : 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64'"
|
|
||||||
echo -e "${RED}Service NRPE has BAD CONFIGURATION for allowed_hosts, expected configuration not found : check KO${NC}\n"
|
|
||||||
# allowed_hosts well configured
|
|
||||||
else
|
|
||||||
echo -e "${GREEN}Service NRPE has GOOD CONFIGURATION for allowed_hosts : check OK${NC}\n"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
|
@ -3,7 +3,7 @@ print_config_title 'CHECK POSTFIX BASIC CONFIG'
|
||||||
# Check /etc/postfix/main.cf config file mail_owner/inet_protocols parameters
|
# Check /etc/postfix/main.cf config file mail_owner/inet_protocols parameters
|
||||||
|
|
||||||
# mail_owner
|
# mail_owner
|
||||||
check_value_in_conf_file "SNMP" "/etc/postfix/main.cf" "mail_owner" "postfix"
|
check_value_in_conf_file "POSTFIX" "/etc/postfix/main.cf" "mail_owner" "postfix"
|
||||||
|
|
||||||
case ${?} in
|
case ${?} in
|
||||||
0) # OK, nothing to do
|
0) # OK, nothing to do
|
||||||
|
@ -12,10 +12,10 @@ case ${?} in
|
||||||
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" Error during mail_owner check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" Error during mail_owner check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
||||||
;;
|
;;
|
||||||
2) # Unexpected value is set
|
2) # Unexpected value is set
|
||||||
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner are not well configured or has other value, set 'mail_owner = postfix';"
|
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner is not well configured or has other value, set 'mail_owner = postfix';"
|
||||||
;;
|
;;
|
||||||
3) # All expected values are NOT configured
|
3) # All expected values are NOT configured
|
||||||
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner are not well configured, set 'mail_owner = postfix';"
|
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner is not well configured, set 'mail_owner = postfix';"
|
||||||
;;
|
;;
|
||||||
*) # Unknown return code...
|
*) # Unknown return code...
|
||||||
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check mail_owner;"
|
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check mail_owner;"
|
||||||
|
@ -24,7 +24,7 @@ esac
|
||||||
|
|
||||||
|
|
||||||
# inet_protocols
|
# inet_protocols
|
||||||
check_value_in_conf_file "SNMP" "/etc/postfix/main.cf" "inet_protocols" "all"
|
check_value_in_conf_file "POSTFIX" "/etc/postfix/main.cf" "inet_protocols" "all"
|
||||||
|
|
||||||
case ${?} in
|
case ${?} in
|
||||||
0) # OK, nothing to do
|
0) # OK, nothing to do
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
print_config_title 'CHECK SNMP BASIC CONFIG'
|
print_config_title 'CHECK SNMP BASIC CONFIG'
|
||||||
|
|
||||||
# This does NOT check if SNMP 'monitoring server' has configured this machine
|
# This does NOT check if SNMP 'monitoring server' has configured this machine
|
||||||
# Check /etc/snmp/snmpd.conf config file agentAddress, rocommunity and trapsink/trap2sink/informsink/sysLocation/sysContact parameters
|
# Check /etc/snmp/snmpd.conf config file rocommunity/agentAddress/trap2sink/informsink/sysLocation/sysContact parameters
|
||||||
|
|
||||||
#agentAddress
|
#agentAddress
|
||||||
check_value_in_conf_file "SNMP" "/etc/snmp/snmpd.conf" "agentAddress" "udp:127.0.0.1:161 udp:${IPV4_ADMIN_LAN_IP}:161 udp6:\[::1\]:161 udp6:\[${IPV6_ADMIN_LAN_IP}\]:161"
|
check_value_in_conf_file "SNMP" "/etc/snmp/snmpd.conf" "agentAddress" "udp:127.0.0.1:161 udp:${IPV4_ADMIN_LAN_IP}:161 udp6:\[::1\]:161 udp6:\[${IPV6_ADMIN_LAN_IP}\]:161"
|
||||||
|
@ -56,10 +56,10 @@ case ${?} in
|
||||||
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during trap2sink check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during trap2sink check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
||||||
;;
|
;;
|
||||||
2) # Unexpected value is set
|
2) # Unexpected value is set
|
||||||
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink are not well configured or has other value, set 'trap2sink ${NAME_MASTER_MONITORING} public;"
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink is not well configured or has other value, set 'trap2sink ${NAME_MASTER_MONITORING} public;"
|
||||||
;;
|
;;
|
||||||
3) # All expected values are NOT configured
|
3) # All expected values are NOT configured
|
||||||
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink are not well configured, set 'trap2sink ${NAME_MASTER_MONITORING} public';"
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink is not well configured, set 'trap2sink ${NAME_MASTER_MONITORING} public';"
|
||||||
;;
|
;;
|
||||||
*) # Unknown return code...
|
*) # Unknown return code...
|
||||||
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check trap2sink;"
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check trap2sink;"
|
||||||
|
@ -77,10 +77,10 @@ case ${?} in
|
||||||
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during informsink check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during informsink check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
||||||
;;
|
;;
|
||||||
2) # Unexpected value is set
|
2) # Unexpected value is set
|
||||||
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink are not well configured or has other value, set 'informsink ${NAME_MASTER_MONITORING} public;"
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink is not well configured or has other value, set 'informsink ${NAME_MASTER_MONITORING} public;"
|
||||||
;;
|
;;
|
||||||
3) # All expected values are NOT configured
|
3) # All expected values are NOT configured
|
||||||
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink are not well configured, set 'informsink ${NAME_MASTER_MONITORING} public';"
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink is not well configured, set 'informsink ${NAME_MASTER_MONITORING} public';"
|
||||||
;;
|
;;
|
||||||
*) # Unknown return code...
|
*) # Unknown return code...
|
||||||
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check informsink;"
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check informsink;"
|
||||||
|
@ -98,10 +98,10 @@ case ${?} in
|
||||||
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during sysLocation check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during sysLocation check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
||||||
;;
|
;;
|
||||||
2) # Unexpected value is set
|
2) # Unexpected value is set
|
||||||
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation are not well configured or has other value, set 'sysLocation ${DC}';"
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation is not well configured or has other value, set 'sysLocation ${DC}';"
|
||||||
;;
|
;;
|
||||||
3) # All expected values are NOT configured
|
3) # All expected values are NOT configured
|
||||||
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation are not well configured, set 'sysLocation ${DC}';"
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation is not well configured, set 'sysLocation ${DC}';"
|
||||||
;;
|
;;
|
||||||
*) # Unknown return code...
|
*) # Unknown return code...
|
||||||
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check sysLocation;"
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check sysLocation;"
|
||||||
|
@ -119,10 +119,10 @@ case ${?} in
|
||||||
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during sysContact check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during sysContact check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
||||||
;;
|
;;
|
||||||
2) # Unexpected value is set
|
2) # Unexpected value is set
|
||||||
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact are not well configured or has other value, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact is not well configured or has other value, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
|
||||||
;;
|
;;
|
||||||
3) # All expected values are NOT configured
|
3) # All expected values are NOT configured
|
||||||
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact are not well configured, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact is not well configured, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
|
||||||
;;
|
;;
|
||||||
*) # Unknown return code...
|
*) # Unknown return code...
|
||||||
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check sysContact;"
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check sysContact;"
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
print_config_title 'CHECK SSH CONFIG'
|
print_config_title 'CHECK SSH CONFIG'
|
||||||
|
|
||||||
|
|
||||||
|
# PasswordAuthentication
|
||||||
check_value_in_conf_file "SSH" "/etc/ssh/sshd_config" "PasswordAuthentication" "no"
|
check_value_in_conf_file "SSH" "/etc/ssh/sshd_config" "PasswordAuthentication" "no"
|
||||||
|
|
||||||
case ${?} in
|
case ${?} in
|
||||||
|
@ -19,6 +21,8 @@ case ${?} in
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
|
||||||
|
# PermitRootLogin
|
||||||
check_value_in_conf_file "SSH" "/etc/ssh/sshd_config" "PermitRootLogin" "no"
|
check_value_in_conf_file "SSH" "/etc/ssh/sshd_config" "PermitRootLogin" "no"
|
||||||
|
|
||||||
case ${?} in
|
case ${?} in
|
||||||
|
@ -38,6 +42,8 @@ case ${?} in
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
|
||||||
|
# ListenAddress
|
||||||
check_value_in_conf_file "SSH" "/etc/ssh/sshd_config" "ListenAddress" "${IPV4_ADMIN_LAN_IP} ${IPV6_ADMIN_LAN_IP}"
|
check_value_in_conf_file "SSH" "/etc/ssh/sshd_config" "ListenAddress" "${IPV4_ADMIN_LAN_IP} ${IPV6_ADMIN_LAN_IP}"
|
||||||
|
|
||||||
case ${?} in
|
case ${?} in
|
||||||
|
|
168
vars.sh
168
vars.sh
|
@ -1,83 +1,111 @@
|
||||||
GREP="/bin/grep"
|
# Set absolute PATH for tools
|
||||||
ECHO="/bin/echo"
|
export GREP="/bin/grep"
|
||||||
EMERGE="/usr/bin/emerge"
|
export ECHO="/bin/echo"
|
||||||
NSLOOKUP="/usr/bin/nslookup"
|
export EMERGE="/usr/bin/emerge"
|
||||||
IP="/bin/ip"
|
export NSLOOKUP="/usr/bin/nslookup"
|
||||||
HOSTNAME="/bin/hostname"
|
export IP="/bin/ip"
|
||||||
AWK="/bin/awk"
|
export HOSTNAME="/bin/hostname"
|
||||||
SED="/bin/sed"
|
export AWK="/bin/awk"
|
||||||
CUT="/bin/cut"
|
export SED="/bin/sed"
|
||||||
TR="/bin/tr"
|
export CUT="/bin/cut"
|
||||||
PING="/bin/ping"
|
export TR="/bin/tr"
|
||||||
|
export PING="/bin/ping"
|
||||||
|
export CURL="/usr/bin/curl"
|
||||||
|
export JQ="/usr/bin/jq"
|
||||||
|
|
||||||
# Packages to check (it's a list to simplify comment)
|
# Packages to check (it's a list to simplify comment)
|
||||||
PACKAGES=(
|
export PACKAGES="
|
||||||
# 'virtual/ssh'
|
virtual/ssh
|
||||||
# 'app-admin/rsyslog'
|
app-admin/rsyslog
|
||||||
# 'net-misc/ntp'
|
net-misc/ntp
|
||||||
# 'app-backup/borgbackup'
|
app-backup/borgbackup
|
||||||
# 'virtual/cron'
|
virtual/cron
|
||||||
# 'sys-process/cronie'
|
sys-process/cronie
|
||||||
# 'net-analyzer/munin'
|
net-analyzer/munin
|
||||||
# 'app-portage/eix',
|
app-portage/eix'
|
||||||
# 'app-portage/gentoolkit',
|
app-portage/gentoolkit'
|
||||||
# 'app-portage/genlop',
|
app-portage/genlop'
|
||||||
# 'app-misc/tmux',
|
app-misc/tmux'
|
||||||
# 'net-analyzer/tcpdump',
|
net-analyzer/tcpdump'
|
||||||
# 'app-editors/vim',
|
app-editors/vim'
|
||||||
# 'sys-process/htop-2.2.0',
|
sys-process/htop-2.2.0'
|
||||||
# 'app-admin/sysklogd'
|
app-admin/sysklogd
|
||||||
# 'dev-vcs/git'
|
dev-vcs/git
|
||||||
# 'net-analyzer/nrpe'
|
net-analyzer/nrpe
|
||||||
# 'net-analyzer/net-snmp'
|
net-analyzer/net-snmp
|
||||||
# 'net-dns/bind-tools'
|
net-dns/bind-tools
|
||||||
# 'dev-vcs/git'
|
dev-vcs/git
|
||||||
# 'mail-mta/postfix'
|
mail-mta/postfix
|
||||||
# 'mail-mta/eeeepostfix'
|
mail-mta/postfix
|
||||||
)
|
app-admin/sudo
|
||||||
|
"
|
||||||
|
|
||||||
# Package to check if it's a physical machine
|
# Package to check if it's a physical machine
|
||||||
PACKAGES_PHYSICAL=(
|
export PACKAGES_PHYSICAL="
|
||||||
'sys-apps/smartmontools'
|
sys-apps/smartmontools
|
||||||
)
|
"
|
||||||
|
|
||||||
NAMES_TO_RESOLV_AND_PING=(
|
# Hostname to be resolved in recipes
|
||||||
'grifon.fr'
|
export NAMES_TO_RESOLV_AND_PING="
|
||||||
'arn-fai.net'
|
grifon.fr
|
||||||
'grifonfesfdsfdsf.fr'
|
arn-fai.net
|
||||||
)
|
grifonfesfdsfdsf.fr
|
||||||
|
"
|
||||||
|
|
||||||
RESOLVERS=(
|
# Resolver to check if they are in /etc/resolv.conf
|
||||||
'2a00:5884::7'
|
export RESOLVERS="
|
||||||
'89.234.186.4'
|
2a00:5884::7
|
||||||
)
|
89.234.186.4
|
||||||
|
"
|
||||||
|
|
||||||
SERVICES_TO_CHECK=(
|
# Services to check if they are working/running
|
||||||
'rsyslog'
|
export SERVICES_TO_CHECK="
|
||||||
'ntpd'
|
rsyslog
|
||||||
'munin-node'
|
ntpd
|
||||||
'iptables'
|
munin-node
|
||||||
'ip6tables'
|
iptables
|
||||||
'sshd'
|
ip6tables
|
||||||
'postfix'
|
sshd
|
||||||
'nrpe'
|
postfix
|
||||||
'snmpd'
|
nrpe
|
||||||
'hostname'
|
snmpd
|
||||||
)
|
hostname
|
||||||
|
"
|
||||||
|
|
||||||
SERVICES_TO_CHECK_PHYSICAL=(
|
# Same but with physical host services
|
||||||
'smard'
|
export SERVICES_TO_CHECK_PHYSICAL="
|
||||||
)
|
smard
|
||||||
|
"
|
||||||
|
|
||||||
IPV4_ADMIN_NETWORK="172.16.0."
|
# Admin network
|
||||||
IPV6_ADMIN_NETWORK="fd01:1e02:40:"
|
export IPV4_ADMIN_NETWORK="111.111.111."
|
||||||
|
export IPV6_ADMIN_NETWORK="1111:1111:1111:"
|
||||||
|
|
||||||
NAME_MASTER_MONITORING=""
|
# AS IPs ranges
|
||||||
|
export RANGE_IPV4_1_NETWORK="111.111.111."
|
||||||
|
export RANGE_IPV4_2_NETWORK="111.111.112."
|
||||||
|
export RANGE_IPV6_NETWORK="1111:1111:"
|
||||||
|
|
||||||
IPV4_MASTER_MUNIN='^172\\\.16\\\.0\\\.13\$'
|
# Admin hostname of the Monitoring server (Munin + libreNMS)
|
||||||
IPV6_MASTER_MUNIN='^fd01:1e02:40::3\$'
|
export NAME_MASTER_MONITORING="conan.grif"
|
||||||
IPV4_MASTER_MUNIN_PRINT='^172\.16\.0\.13$'
|
|
||||||
IPV6_MASTER_MUNIN_PRINT='^fd01:1e02:40::3$'
|
|
||||||
|
|
||||||
MAIL_ALIAS_ROOT="admin6@email.emailr"
|
# Address of the Monitoring server in Munin's configuration format
|
||||||
|
export IPV4_MASTER_MUNIN='^111\\\.111\\\.111\\\.111\$'
|
||||||
|
export IPV6_MASTER_MUNIN='^111:111:111::1\$'
|
||||||
|
|
||||||
|
# root/operator aliases for mailing
|
||||||
|
export MAIL_ALIAS_ROOT="adminsys@grifon.fr"
|
||||||
|
|
||||||
|
# General informations
|
||||||
|
export DC="The DC of City"
|
||||||
|
export DC_for_function_check_value_in_conf_file=$(echo -e ${DC} | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | sed -e 's/[[:space:]]/[[:space:]]*/g')
|
||||||
|
export ENTITY="Entity"
|
||||||
|
export ENTITY_for_function_check_value_in_conf_file=$(echo -e ${ENTITY} | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | sed -e 's/[[:space:]]/[[:space:]]*/g')
|
||||||
|
|
||||||
|
|
||||||
|
# User and password to request a token on phpIPAM API
|
||||||
|
export USER_IPAM='user'
|
||||||
|
export PASSWORD_IPAM='password'
|
||||||
|
|
||||||
|
# URL of the API
|
||||||
|
export URL="https://ipam.example/api/${USER_IPAM}"
|
||||||
|
|
Loading…
Reference in a new issue