nemo/recipe_gentoo
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Modification : script design, lots of minor updates

Browse source
This commit is contained in:
nemo 2019-06-01 13:40:22 +02:00
parent 5976e4c7bd
commit 1dbccd4f0a
11 changed files with 292 additions and 214 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
README.md
View file

@ -11,7 +11,6 @@ TO DO :
- Reorganise script to limit text repetitions (make functions for example)
- Check if sending a mail works (find a way to check)
- Check detailled DNS records (PTR, A, AAAA)
- Check if files in etc need to be updated (etc-update)
- Check if borgbackup is configured (+ connexion to backup server)
- Check if auto-update script is configured
- Portage configuration (for VM and Physical)
@ -21,15 +20,15 @@ Checked point :
- Check requirements
- Installed packages
- Hostname configuration
- DNS configuration (resolve external name, configured nameserver and check if all IPs are configured in DNS)
- DNS configuration (resolve external name, configured nameserver and check if all IPs (scope global) are configured in DNS)
- Ping external machine for IPv4 and IPv6
- If Admin IPs are configured
- Services status
- SSH configuration (PasswordAuthentication no, PermitRootLogin no, and ListenAddress only on Admin LAN)
- NRPE basic configuration (allowed_hosts)
- MUNIN basic configuration (allow)
- SNMP basic config (gentAddress, rocommunity and trapsink/trap2sink)
- Mail alias configuration (root mail alias configured)
- Check postfix config (inet_protocols)
- NRPE basic configuration (allowed_hosts, nrpe_user and nrpe_group)
- MUNIN basic configuration (allow and port)
- SNMP basic config (agentAddress, rocommunity, trap2sink, informsink, sysLocation and sysContact)
- Mail alias configuration (root and operator mail alias configured)
- Check postfix config (inet_protocols, mail_owner)
- Add to check service if they are enabled
- Check if IPs are recorded in IPAM
- Check if IPs (scope global) are recorded in IPAM

56
recipe_gentoo.sh
View file

@ -2,30 +2,29 @@
# Recipe script for a Gentoo system to check basic configuration
# Define colors
# Define colors to print messages
export RED='\033[1;31m'
export BLUE='\033[1;34m'
export GREEN='\033[1;32m'
# No Color
export NC='\033[0m'
REQUIREMENTS="CURL GREP ECHO EMERGE NSLOOKUP IP HOSTNAME AWK SED CUT TR PING JQ CURL"
export NC='\033[0m' # No Color
# Be sure only root can run the script
if [ "$(id -u)" != "0" ]; then
echo "ERROR : This script must be run as root" 1>&2
echo -e "${RED}ERROR : This script must be run as root${NC}" 1>&2
exit 1
fi
# Load variables
VARS_FILE='./vars.sh'
if [ -f ${VARS_FILE} ]; then
source ${VARS_FILE}
else
echo "ERROR : vars file ${VARS_FILE} not found" 1>&2
echo -e "${RED}ERROR : vars file ${VARS_FILE} not found${NC}" 1>&2
exit 1
fi
# Check requirements
REQUIREMENTS="CURL GREP ECHO EMERGE NSLOOKUP IP HOSTNAME AWK SED CUT TR PING JQ"
for requirement in $REQUIREMENTS
do
# Check if requirement tool exit on the system
@ -36,35 +35,17 @@ do
if [ ${RC} -ne 0 ]
then
echo "ERROR : ${requirement} ($(eval echo "\$${requirement}")) is required to use this script. Requirements are : ${REQUIREMENTS}."
echo -e "${RED}ERROR : ${requirement} ($(eval echo "\$${requirement}")) is required to use this script. Requirements are : ${REQUIREMENTS}${NC}"
exit 1
fi
done
# Print packages not installed or with error at end script
# Variables used to print the summary messages at the and of the script
export PACKAGES_TO_CHECK=""
export RESOLV_FAILED=""
export RESOLVER_NOT_IN_ETC_RESOLVCONF=""
export IP_NOT_RECORDED_IN_DNS=""
export PING_FAILED=""
# Get ALL locales IPs except loopback
export LOCALES_IP_WITHOUT_LOOPBACK=$(ip addr show scope global | awk '/inet/ { sub(/\/.*$/, "", $2); print $2 }' | sort | uniq)
export IPV6_ADMIN_LAN_IP=$(echo ${LOCALES_IP_WITHOUT_LOOPBACK} | tr " " "\n" | grep ^${IPV6_ADMIN_NETWORK})
export IPV4_ADMIN_LAN_IP=$(echo ${LOCALES_IP_WITHOUT_LOOPBACK} | tr " " "\n" | grep ^${IPV4_ADMIN_NETWORK})
export BOOL_ADMIN_IPV4_NOT_CONFIGURED=0
export BOOL_ADMIN_IPV6_NOT_CONFIGURED=0
# Print services not started or with error at end script
export SERVICES_NOT_STARTED_OR_ERROR=""
# Print message at end script if hostname *.grif or *.grifon.fr not configured
export BOOL_CHECK_HOSTNAME=0
export SSH_CONFIG_CHECK_FAILED=""
export NRPE_CONFIG_CHECK_FAILED=""
export MUNIN_CONFIG_CHECK_FAILED=""
@ -72,7 +53,17 @@ export MAIL_ALIAS_CONFIG_CHECK_FAILED=""
export SNMP_CONFIG_CHECK_FAILED=""
export POSTFIX_CONFIG_CHECK_FAILED=""
export IPAM_CONFIG_CHECK_FAILED=""
export SERVICES_NOT_STARTED_OR_ERROR=""
export BOOL_CHECK_HOSTNAME=0 # Print message at end script if hostname *.grif or *.grifon.fr not configured
export BOOL_ADMIN_IPV4_NOT_CONFIGURED=0
export BOOL_ADMIN_IPV6_NOT_CONFIGURED=0
# Get ALL locales IPs except loopback
export LOCALES_IP_WITHOUT_LOOPBACK=$(ip addr show scope global | awk '/inet/ { sub(/\/.*$/, "", $2); print $2 }' | sort | uniq)
export IPV6_ADMIN_LAN_IP=$(echo ${LOCALES_IP_WITHOUT_LOOPBACK} | tr " " "\n" | grep ^${IPV6_ADMIN_NETWORK})
export IPV4_ADMIN_LAN_IP=$(echo ${LOCALES_IP_WITHOUT_LOOPBACK} | tr " " "\n" | grep ^${IPV4_ADMIN_NETWORK})
# Help message
usage() {
printf "Usage: ./recipe_gentoo.sh [--physical]\n"
printf "option : \t-P, --physical : if the current server is not a VM but a physical machine\n"
@ -82,7 +73,7 @@ usage() {
# Check parameters
if [ $1 ]; then
if [ $# -gt 1 ]; then
echo "ERROR : to much parameters (one MAX)"
echo -e "${RED}ERROR : to much parameters (one MAX)${NC}"
usage
exit 0
# Print help
@ -95,12 +86,13 @@ if [ $1 ]; then
SERVICES_TO_CHECK+=(${SERVICES_TO_CHECK_PHYSICAL[@]})
# If unknown parameter
else
echo "ERROR : unknown parameter"
echo -e "${RED}ERROR : unknown parameter${NC}"
usage
exit 0
fi
fi
# Load common functions
. recipes/common_functions.sh
print_config_title 'RECIPE GENTOO - CHECK BASIC CONFIG'
@ -109,7 +101,7 @@ print_config_title 'RECIPE GENTOO - CHECK BASIC CONFIG'
#. recipes/recipe_check_packages.sh
. recipes/recipe_check_hostname.sh
#. recipes/recipe_check_hostname.sh
#. recipes/recipe_check_dns_config.sh
@ -123,11 +115,11 @@ print_config_title 'RECIPE GENTOO - CHECK BASIC CONFIG'
#. recipes/recipe_check_nrpe_config.sh
#. recipes/recipe_check_munin_config.sh
. recipes/recipe_check_munin_config.sh
#. recipes/recipe_check_snmp_config.sh
#. recipes/recipe_check_mail_alias_config.sh
. recipes/recipe_check_mail_alias_config.sh
#. recipes/recipe_check_postfix_protocol_config.sh

8
recipes/common_functions.sh
View file

@ -3,8 +3,9 @@
# Parameters
# - 1 : name of service (ex : SSH)
# - 2 : config file (ex : /etc/ssh/sshd_config)
# - 3 : expected pattern to search without start and end spaces, can be multiple (ex : ListenAddress[[:space:]]*${IPV4_ADMIN_LAN_IP} ListenAddress[[:space:]]*${IPV6_ADMIN_LAN_IP})
# - 4 : name of param key (ex : ListenAddress)
# - 3 : name of param key (ex : ListenAddress)
# - 4 : expected pattern to search without start and end spaces, can be multiple (ex : ${IPV4_ADMIN_LAN_IP} ${IPV6_ADMIN_LAN_IP})
# Note for 4th parameter, if there is a space in one param, you can use regex like [[:space::]]
#
# Return = 0 -> OK value is set
# Return = 1 -> Error (wrong number of param or other)
@ -131,6 +132,7 @@ print_config_title () {
return 1
fi
# Get title param
title=${1}
basic_len=48
@ -138,8 +140,6 @@ print_config_title () {
title_len=$(echo -n " ${title} " | wc -c)
modulo2=$((${title_len} % 2))
# Echo title with 48 chars
echo "------------------------------------------------"
# If title_len <= 48

1
recipes/recipe_check_ipam_config.sh
View file

@ -1,5 +1,6 @@
print_config_title 'CHECK IPAM CONFIG'
# Get IPAM Token
RES_AUTHENT=$(${CURL} -k -X POST --user ${USER_IPAM}:${PASSWORD_IPAM} ${URL}/user/ 2>/dev/null)
CODE_RETOUR_RES_AUTHENT=$(echo ${RES_AUTHENT} | jq '.code')
TOKEN=$(echo ${RES_AUTHENT} | jq -r '.data.token')

62
recipes/recipe_check_mail_alias_config.sh
View file

@ -1,33 +1,45 @@
print_config_title 'CHECK MAIL ALIAS CONFIG'
# This does not check if send mail works and if alias have been reloaded
# Check /etc/mail/aliases config file
echo -e "Check ${BLUE}MAIL ALIAS${NC} config file /etc/mail/aliases"
# Check /etc/mail/aliases config file, checked param : root/operator
# Check if root alias is configured
grep -q -E "^[[:space:]]*root:?[[:space:]]*${MAIL_ALIAS_ROOT}[[:space:]]*$" /etc/mail/aliases
# root
check_value_in_conf_file "MUNIN" "/etc/mail/aliases" "root" "${MAIL_ALIAS_ROOT}"
# Return Code
RC=$?
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during root alias check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" root alias is not well configured or has other value, set root: ${MAIL_ALIAS_ROOT};"
;;
3) # All expected values are NOT configured
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" root alias is not well configured, set root: ${MAIL_ALIAS_ROOT};"
;;
*) # Unknown return code...
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check root alias;"
;;
esac
# Root alias not configured
if [ $RC -ne 0 ]
then
MAIL_ALIAS_CONFIG_CHECK_FAILED="${MAIL_ALIAS_CONFIG_CHECK_FAILED} root alias NOT CONFIGURED or WRONG mail address, check /etc/mail/aliases and reload aliases"
echo -e "${RED}Mail alias root NOT CONFIGURED or WRONG mail address : check KO${NC}\n"
# Root alias configured
else
# Check multiple root alias line in the file
line_number=$(grep -E "^[[:space:]]*root:?" /etc/mail/aliases |wc -l)
# If linue_number different than 1
if [ $line_number -ne 1 ]
then
MAIL_ALIAS_CONFIG_CHECK_FAILED="${MAIL_ALIAS_CONFIG_CHECK_FAILED} more than 1 line for root mail alias, check /etc/mail/aliases and reload aliases"
echo -e "${RED}More than 1 line for root mail alias : check KO${NC}\n"
else
echo -e "${GREEN}Mail alias root CONFIGURED : check OK${NC}\n"
fi
fi
# root
check_value_in_conf_file "MUNIN" "/etc/mail/aliases" "operator" "${MAIL_ALIAS_ROOT}"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during operator alias check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" operator alias is not well configured or has other value, set operator: ${MAIL_ALIAS_ROOT};"
;;
3) # All expected values are NOT configured
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" operator alias is not well configured, set operator: ${MAIL_ALIAS_ROOT};"
;;
*) # Unknown return code...
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check operator alias;"
;;
esac

68
recipes/recipe_check_munin_config.sh
View file

@ -2,40 +2,48 @@ print_config_title 'CHECK MUNIN BASIC CONFIG'
# This does not check if 'munin-node-configure --shell | sh -x' has been executed
# This does not check if MUNIN 'monitoring server' has configured this machine
# Check /etc/munin/munin-node.conf config file
echo -e "Check ${BLUE}MUNIN${NC} config file /etc/munin/munin-node.conf"
# Check /etc/munin/munin-node.conf config file, checked parameters : allow/port
# Check if allow exist but different than expected (success if return code = 1)
grep "^[[:space:]]*allow" /etc/munin/munin-node.conf |grep -q -v -e "^[[:space:]]*allow[[:space:]]*^127\\\.0\\\.0\\\.1\\$\$" -e "^[[:space:]]*allow[[:space:]]*^::1\\$\$" -e "^[[:space:]]*allow[[:space:]]*${IPV4_MASTER_MUNIN}[[:space:]]*$" -e "^[[:space:]]*allow[[:space:]]*${IPV6_MASTER_MUNIN}[[:space:]]*$"
# Return Code
RC=$?
# allow
check_value_in_conf_file "MUNIN" "/etc/munin/munin-node.conf" "allow" '\^127\\\.0\\\.0\\\.1\$ \^::1\$'" ${IPV4_MASTER_MUNIN} ${IPV6_MASTER_MUNIN}"
# Allow other IP than expected
if [ $RC -eq 0 ]
then
MUNIN_CONFIG_CHECK_FAILED="${MUNIN_CONFIG_CHECK_FAILED} munin-node allow connection from unexpected IP"
echo -e "${RED}munin-node allow connection from UNEXPECTED IP : check KO${NC}\n"
# Does not allow unexpected IP
else
# Check expected IP are configured (IPv4 and IPv6) (success if return code = 0)
grep -q "^[[:space:]]*allow[[:space:]]*${IPV4_MASTER_MUNIN}[[:space:]]*$" /etc/munin/munin-node.conf
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during allow check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" allow param is not well configured or has other value, set allow param (IPv6+IPv4) for localhost and Munin server;"
;;
3) # All expected values are NOT configured
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" allow param is not well configured, set allow param (IPv6+IPv4) for localhost and Munin server;"
;;
*) # Unknown return code...
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check allow param;"
;;
esac
# Return Code
RCa=$?
grep -q "^[[:space:]]*allow[[:space:]]*${IPV6_MASTER_MUNIN}[[:space:]]*$" /etc/munin/munin-node.conf
# port
check_value_in_conf_file "MUNIN" "/etc/munin/munin-node.conf" "port" "4949"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during port check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" port is not well configured or has other value, set 'port 4949';"
;;
3) # All expected values are NOT configured
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" port is not well configured, set 'port 4949';"
;;
*) # Unknown return code...
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check port;"
;;
esac
# Return Code
RCb=$?
# Expected IP are NOT configured (IPv4 and IPv6)
if [ $RCa -ne 0 ] || [ $RCb -ne 0 ]
then
MUNIN_CONFIG_CHECK_FAILED="${MUNIN_CONFIG_CHECK_FAILED} All Munin Expected IP (IPv4 and IPv6) are not configured, expected :\n'allow ${IPV4_MASTER_MUNIN_PRINT}'\n'allow ${IPV6_MASTER_MUNIN_PRINT}'\nOPTIONAL : 'allow ^127\.0\.0\.1$'\nOPTIONAL : 'allow ^::1$'"
echo -e "${RED}All Munin Expected IP (IPv4 and IPv6) are NOT CONFIGURED : check KO${NC}\n"
# Expected IP are configured (IPv4 and IPv6)
else
echo -e "${GREEN}Munin expected IP are CONFIGURED : check OK${NC}\n"
fi
fi

86
recipes/recipe_check_nrpe_config.sh
View file

@ -1,35 +1,67 @@
print_config_title 'CHECK NRPE BASIC CONFIG'
# Check /etc/nagios/nrpe.cfg config file
# Check /etc/nagios/nrpe.cfg config file, checked parameters : allowed_hosts/nrpe_user/nrpe_group
# This does not check if NRPE 'monitoring server' has configured this machine
echo -e "Check ${BLUE}NRPE${NC} config file /etc/nagios/nrpe.cfg"
# Check if allowed_hosts exist but different than expected (success if return code = 1)
grep "^[[:space:]]*allowed_hosts=" /etc/nagios/nrpe.cfg | grep -q -v -e "^[[:space:]]*allowed_hosts=127.0.0.1,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64[[:space:]]*$" -e "^[[:space:]]*allowed_hosts=127.0.0.1,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24[[:space:]]*$"
# allowed_hosts
check_value_in_conf_file "NRPE" "/etc/nagios/nrpe.cfg" "allowed_hosts" "127.0.0.1,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64"
# Return Code
RC=$?
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error during allowed_hosts check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" allowed_hosts are not well configured or has other value, set 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64';"
;;
3) # All expected values are NOT configured
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" allowed_hosts are not well configured, set 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64';"
;;
*) # Unknown return code...
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check allowed_hosts;"
;;
esac
# allowed_hosts exist but different than expected
if [ $RC -eq 0 ]
then
NRPE_CONFIG_CHECK_FAILED="${NRPE_CONFIG_CHECK_FAILED} allowed_hosts misconfigured, expected : 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64'"
echo -e "${RED}Service NRPE has BAD CONFIGURATION for allowed_hosts, exist but different than expected : check KO${NC}\n"
# allowed_hosts well configured or does not exist
else
# Check if allowed_hosts is well configured (success if return code = 0)
grep -q -e "^[[:space:]]*allowed_hosts=127.0.0.1,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64[[:space:]]*$" -e "^[[:space:]]*allowed_hosts=127.0.0.1,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24[[:space:]]*$" /etc/nagios/nrpe.cfg
# Return Code
RC=$?
# nrpe_user
check_value_in_conf_file "NRPE" "/etc/nagios/nrpe.cfg" "nrpe_user" "nagios"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error during nrpe_user check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_user is not well configured or has other value, set 'nrpe_user=nagios';"
;;
3) # All expected values are NOT configured
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_user is not well configured, set 'nrpe_user=nagios';"
;;
*) # Unknown return code...
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check nrpe_user;"
;;
esac
# nrpe_group
check_value_in_conf_file "NRPE" "/etc/nagios/nrpe.cfg" "nrpe_group" "nagios"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error during nrpe_group check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_group is not well configured or has other value, set 'nrpe_group=nagios';"
;;
3) # All expected values are NOT configured
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_group is not well configured, set 'nrpe_group=nagios';"
;;
*) # Unknown return code...
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check nrpe_group;"
;;
esac
# allowed_hosts miscondigured or string mismatch
if [ $RC -ne 0 ]
then
NRPE_CONFIG_CHECK_FAILED="${NRPE_CONFIG_CHECK_FAILED} allowed_hosts misconfigured, expected : 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64'"
echo -e "${RED}Service NRPE has BAD CONFIGURATION for allowed_hosts, expected configuration not found : check KO${NC}\n"
# allowed_hosts well configured
else
echo -e "${GREEN}Service NRPE has GOOD CONFIGURATION for allowed_hosts : check OK${NC}\n"
fi
fi

8
recipes/recipe_check_postfix_protocol_config.sh
View file

@ -3,7 +3,7 @@ print_config_title 'CHECK POSTFIX BASIC CONFIG'
# Check /etc/postfix/main.cf config file mail_owner/inet_protocols parameters
# mail_owner
check_value_in_conf_file "SNMP" "/etc/postfix/main.cf" "mail_owner" "postfix"
check_value_in_conf_file "POSTFIX" "/etc/postfix/main.cf" "mail_owner" "postfix"
case ${?} in
0) # OK, nothing to do
@ -12,10 +12,10 @@ case ${?} in
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" Error during mail_owner check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner are not well configured or has other value, set 'mail_owner = postfix';"
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner is not well configured or has other value, set 'mail_owner = postfix';"
;;
3) # All expected values are NOT configured
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner are not well configured, set 'mail_owner = postfix';"
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner is not well configured, set 'mail_owner = postfix';"
;;
*) # Unknown return code...
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check mail_owner;"
@ -24,7 +24,7 @@ esac
# inet_protocols
check_value_in_conf_file "SNMP" "/etc/postfix/main.cf" "inet_protocols" "all"
check_value_in_conf_file "POSTFIX" "/etc/postfix/main.cf" "inet_protocols" "all"
case ${?} in
0) # OK, nothing to do

18
recipes/recipe_check_snmp_config.sh
View file

@ -1,7 +1,7 @@
print_config_title 'CHECK SNMP BASIC CONFIG'
# This does NOT check if SNMP 'monitoring server' has configured this machine
# Check /etc/snmp/snmpd.conf config file agentAddress, rocommunity and trapsink/trap2sink/informsink/sysLocation/sysContact parameters
# Check /etc/snmp/snmpd.conf config file rocommunity/agentAddress/trap2sink/informsink/sysLocation/sysContact parameters
#agentAddress
check_value_in_conf_file "SNMP" "/etc/snmp/snmpd.conf" "agentAddress" "udp:127.0.0.1:161 udp:${IPV4_ADMIN_LAN_IP}:161 udp6:\[::1\]:161 udp6:\[${IPV6_ADMIN_LAN_IP}\]:161"
@ -56,10 +56,10 @@ case ${?} in
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during trap2sink check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink are not well configured or has other value, set 'trap2sink ${NAME_MASTER_MONITORING} public;"
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink is not well configured or has other value, set 'trap2sink ${NAME_MASTER_MONITORING} public;"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink are not well configured, set 'trap2sink ${NAME_MASTER_MONITORING} public';"
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink is not well configured, set 'trap2sink ${NAME_MASTER_MONITORING} public';"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check trap2sink;"
@ -77,10 +77,10 @@ case ${?} in
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during informsink check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink are not well configured or has other value, set 'informsink ${NAME_MASTER_MONITORING} public;"
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink is not well configured or has other value, set 'informsink ${NAME_MASTER_MONITORING} public;"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink are not well configured, set 'informsink ${NAME_MASTER_MONITORING} public';"
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink is not well configured, set 'informsink ${NAME_MASTER_MONITORING} public';"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check informsink;"
@ -98,10 +98,10 @@ case ${?} in
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during sysLocation check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation are not well configured or has other value, set 'sysLocation ${DC}';"
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation is not well configured or has other value, set 'sysLocation ${DC}';"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation are not well configured, set 'sysLocation ${DC}';"
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation is not well configured, set 'sysLocation ${DC}';"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check sysLocation;"
@ -119,10 +119,10 @@ case ${?} in
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during sysContact check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact are not well configured or has other value, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact is not well configured or has other value, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact are not well configured, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact is not well configured, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check sysContact;"

6
recipes/recipe_check_ssh_config.sh
View file

@ -1,5 +1,7 @@
print_config_title 'CHECK SSH CONFIG'
# PasswordAuthentication
check_value_in_conf_file "SSH" "/etc/ssh/sshd_config" "PasswordAuthentication" "no"
case ${?} in
@ -19,6 +21,8 @@ case ${?} in
;;
esac
# PermitRootLogin
check_value_in_conf_file "SSH" "/etc/ssh/sshd_config" "PermitRootLogin" "no"
case ${?} in
@ -38,6 +42,8 @@ case ${?} in
;;
esac
# ListenAddress
check_value_in_conf_file "SSH" "/etc/ssh/sshd_config" "ListenAddress" "${IPV4_ADMIN_LAN_IP} ${IPV6_ADMIN_LAN_IP}"
case ${?} in

168
vars.sh
View file

@ -1,83 +1,111 @@
GREP="/bin/grep"
ECHO="/bin/echo"
EMERGE="/usr/bin/emerge"
NSLOOKUP="/usr/bin/nslookup"
IP="/bin/ip"
HOSTNAME="/bin/hostname"
AWK="/bin/awk"
SED="/bin/sed"
CUT="/bin/cut"
TR="/bin/tr"
PING="/bin/ping"
# Set absolute PATH for tools
export GREP="/bin/grep"
export ECHO="/bin/echo"
export EMERGE="/usr/bin/emerge"
export NSLOOKUP="/usr/bin/nslookup"
export IP="/bin/ip"
export HOSTNAME="/bin/hostname"
export AWK="/bin/awk"
export SED="/bin/sed"
export CUT="/bin/cut"
export TR="/bin/tr"
export PING="/bin/ping"
export CURL="/usr/bin/curl"
export JQ="/usr/bin/jq"
# Packages to check (it's a list to simplify comment)
PACKAGES=(
# 'virtual/ssh'
# 'app-admin/rsyslog'
# 'net-misc/ntp'
# 'app-backup/borgbackup'
# 'virtual/cron'
# 'sys-process/cronie'
# 'net-analyzer/munin'
# 'app-portage/eix',
# 'app-portage/gentoolkit',
# 'app-portage/genlop',
# 'app-misc/tmux',
# 'net-analyzer/tcpdump',
# 'app-editors/vim',
# 'sys-process/htop-2.2.0',
# 'app-admin/sysklogd'
# 'dev-vcs/git'
# 'net-analyzer/nrpe'
# 'net-analyzer/net-snmp'
# 'net-dns/bind-tools'
# 'dev-vcs/git'
# 'mail-mta/postfix'
# 'mail-mta/eeeepostfix'
)
export PACKAGES="
virtual/ssh
app-admin/rsyslog
net-misc/ntp
app-backup/borgbackup
virtual/cron
sys-process/cronie
net-analyzer/munin
app-portage/eix'
app-portage/gentoolkit'
app-portage/genlop'
app-misc/tmux'
net-analyzer/tcpdump'
app-editors/vim'
sys-process/htop-2.2.0'
app-admin/sysklogd
dev-vcs/git
net-analyzer/nrpe
net-analyzer/net-snmp
net-dns/bind-tools
dev-vcs/git
mail-mta/postfix
mail-mta/postfix
app-admin/sudo
"
# Package to check if it's a physical machine
PACKAGES_PHYSICAL=(
'sys-apps/smartmontools'
)
export PACKAGES_PHYSICAL="
sys-apps/smartmontools
"
NAMES_TO_RESOLV_AND_PING=(
'grifon.fr'
'arn-fai.net'
'grifonfesfdsfdsf.fr'
)
# Hostname to be resolved in recipes
export NAMES_TO_RESOLV_AND_PING="
grifon.fr
arn-fai.net
grifonfesfdsfdsf.fr
"
RESOLVERS=(
'2a00:5884::7'
'89.234.186.4'
)
# Resolver to check if they are in /etc/resolv.conf
export RESOLVERS="
2a00:5884::7
89.234.186.4
"
SERVICES_TO_CHECK=(
'rsyslog'
'ntpd'
'munin-node'
'iptables'
'ip6tables'
'sshd'
'postfix'
'nrpe'
'snmpd'
'hostname'
)
# Services to check if they are working/running
export SERVICES_TO_CHECK="
rsyslog
ntpd
munin-node
iptables
ip6tables
sshd
postfix
nrpe
snmpd
hostname
"
SERVICES_TO_CHECK_PHYSICAL=(
'smard'
)
# Same but with physical host services
export SERVICES_TO_CHECK_PHYSICAL="
smard
"
IPV4_ADMIN_NETWORK="172.16.0."
IPV6_ADMIN_NETWORK="fd01:1e02:40:"
# Admin network
export IPV4_ADMIN_NETWORK="111.111.111."
export IPV6_ADMIN_NETWORK="1111:1111:1111:"
NAME_MASTER_MONITORING=""
# AS IPs ranges
export RANGE_IPV4_1_NETWORK="111.111.111."
export RANGE_IPV4_2_NETWORK="111.111.112."
export RANGE_IPV6_NETWORK="1111:1111:"
IPV4_MASTER_MUNIN='^172\\\.16\\\.0\\\.13\$'
IPV6_MASTER_MUNIN='^fd01:1e02:40::3\$'
IPV4_MASTER_MUNIN_PRINT='^172\.16\.0\.13$'
IPV6_MASTER_MUNIN_PRINT='^fd01:1e02:40::3$'
# Admin hostname of the Monitoring server (Munin + libreNMS)
export NAME_MASTER_MONITORING="conan.grif"
MAIL_ALIAS_ROOT="admin6@email.emailr"
# Address of the Monitoring server in Munin's configuration format
export IPV4_MASTER_MUNIN='^111\\\.111\\\.111\\\.111\$'
export IPV6_MASTER_MUNIN='^111:111:111::1\$'
# root/operator aliases for mailing
export MAIL_ALIAS_ROOT="adminsys@grifon.fr"
# General informations
export DC="The DC of City"
export DC_for_function_check_value_in_conf_file=$(echo -e ${DC} | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | sed -e 's/[[:space:]]/[[:space:]]*/g')
export ENTITY="Entity"
export ENTITY_for_function_check_value_in_conf_file=$(echo -e ${ENTITY} | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | sed -e 's/[[:space:]]/[[:space:]]*/g')
# User and password to request a token on phpIPAM API
export USER_IPAM='user'
export PASSWORD_IPAM='password'
# URL of the API
export URL="https://ipam.example/api/${USER_IPAM}"