diff --git a/recipe_gentoo.sh b/recipe_gentoo.sh index a4cc9ec..0c4a0ad 100755 --- a/recipe_gentoo.sh +++ b/recipe_gentoo.sh @@ -3,14 +3,15 @@ # Recipe script for a Gentoo system to check basic configuration # Define colors -RED='\033[1;31m' -BLUE='\033[1;34m' -GREEN='\033[1;32m' -NC='\033[0m' # No Color +export RED='\033[1;31m' +export BLUE='\033[1;34m' +export GREEN='\033[1;32m' +# No Color +export NC='\033[0m' -REQUIREMENTS="GREP ECHO EMERGE NSLOOKUP IP HOSTNAME AWK SED CUT TR PING" +REQUIREMENTS="CURL GREP ECHO EMERGE NSLOOKUP IP HOSTNAME AWK SED CUT TR PING JQ CURL" -. vars.sh +source vars.sh # Check requirements for requirement in $REQUIREMENTS @@ -36,29 +37,30 @@ fi # Print packages not installed or with error at end script -PACKAGES_TO_CHECK="" -RESOLV_FAILED="" -RESOLVER_NOT_IN_ETC_RESOLVCONF="" -IP_NOT_RECORDED_IN_DNS="" -PING_FAILED="" +export PACKAGES_TO_CHECK="" +export RESOLV_FAILED="" +export RESOLVER_NOT_IN_ETC_RESOLVCONF="" +export IP_NOT_RECORDED_IN_DNS="" +export PING_FAILED="" # Get ALL locales IPs except loopback -LOCALES_IP_WITHOUT_LOOPBACK=$(ip addr show scope global | awk '/inet/ { sub(/\/.*$/, "", $2); print $2 }') +export LOCALES_IP_WITHOUT_LOOPBACK=$(ip addr show scope global | awk '/inet/ { sub(/\/.*$/, "", $2); print $2 }' | sort | uniq) -BOOL_ADMIN_IPV4_NOT_CONFIGURED=0 -BOOL_ADMIN_IPV6_NOT_CONFIGURED=0 +export BOOL_ADMIN_IPV4_NOT_CONFIGURED=0 +export BOOL_ADMIN_IPV6_NOT_CONFIGURED=0 # Print services not started or with error at end script -SERVICES_NOT_STARTED_OR_ERROR="" +export SERVICES_NOT_STARTED_OR_ERROR="" # Print message at end script if hostname *.grif or *.grifon.fr not configured -BOOL_CHECK_HOSTNAME=0 +export BOOL_CHECK_HOSTNAME=0 -SSH_CONFIG_CHECK_FAILED="" -NRPE_CONFIG_CHECK_FAILED="" -MUNIN_CONFIG_CHECK_FAILED="" -MAIL_ALIAS_CONFIG_CHECK_FAILED="" -SNMP_CONFIG_CHECK_FAILED="" +export SSH_CONFIG_CHECK_FAILED="" +export NRPE_CONFIG_CHECK_FAILED="" +export MUNIN_CONFIG_CHECK_FAILED="" +export MAIL_ALIAS_CONFIG_CHECK_FAILED="" +export SNMP_CONFIG_CHECK_FAILED="" +export IPAM_CONFIG_CHECK_FAILED="" usage() { printf "Usage: ./recipe_gentoo.sh [--physical]\n" @@ -94,28 +96,30 @@ echo -e "-------------------------------------------------\n" # Voir pour mettre ./ à la place de . -. recipes/recipe_check_packages.sh +#. recipes/recipe_check_packages.sh -. recipes/recipe_check_hostname.sh +#. recipes/recipe_check_hostname.sh -. recipes/recipe_check_dns_config.sh +#. recipes/recipe_check_dns_config.sh -. recipes/recipe_check_ping.sh +#. recipes/recipe_check_ping.sh -. recipes/recipe_check_ip_admin.sh +#. recipes/recipe_check_ip_admin.sh -. recipes/recipe_check_services.sh +#. recipes/recipe_check_services.sh -. recipes/recipe_check_ssh_config.sh +#. recipes/recipe_check_ssh_config.sh -. recipes/recipe_check_nrpe_config.sh +#. recipes/recipe_check_nrpe_config.sh -. recipes/recipe_check_munin_config.sh +#. recipes/recipe_check_munin_config.sh -. recipes/recipe_check_snmp_config.sh +#. recipes/recipe_check_snmp_config.sh . recipes/recipe_check_mail_alias_config.sh +. recipes/recipe_check_ipam_config.sh + . recipes/recipe_final_summary.sh exit 0 diff --git a/recipes/recipe_check_ipam_config.sh b/recipes/recipe_check_ipam_config.sh new file mode 100755 index 0000000..082a097 --- /dev/null +++ b/recipes/recipe_check_ipam_config.sh @@ -0,0 +1,53 @@ +echo "-------------------------------------------------" +echo -e "---------------- ${BLUE}CHECK IPAM CONFIG${NC} --------------" +echo -e "-------------------------------------------------\n" + +RES_AUTHENT=$(${CURL} -k -X POST --user ${USER_IPAM}:${PASSWORD_IPAM} ${URL}/user/ 2>/dev/null) +CODE_RETOUR_RES_AUTHENT=$(echo ${RES_AUTHENT} | jq '.code') +TOKEN=$(echo ${RES_AUTHENT} | jq -r '.data.token') + +# Check if IPAM API request succeded +# If IPAM API connection FAILED +if [ ${CODE_RETOUR_RES_AUTHENT} != 200 ] || [ ! -n "${TOKEN}" ]; then + echo -e "${RED}Connection to IPAM API FAILED or empty TOKEN : check KO${NC}\n" + +# If IPAM API connection SUCCEDED +else + + # Get list of IP to check + # WARNING, if one of variable is empty, ALL IP may be checked (but we just want to check our public ranges and admin IPs) + IPS_TO_CHECK=$(ip addr show scope global | awk '/inet/ { sub(/\/.*$/, "", $2); print $2 }' | sort | uniq | grep -e "^${IPV4_ADMIN_NETWORK}" -e "^${IPV6_ADMIN_NETWORK}" -e "^${RANGE_IPV4_1_NETWORK}" -e "^${RANGE_IPV4_2_NETWORK}" -e "^${RANGE_IPV6_NETWORK}" ) + + # Return Code + RC=$? + + # If no IP to check found + if [ $RC -ne 0 ] + then + IPAM_CONFIG_CHECK_FAILED="${IPAM_CONFIG_CHECK_FAILED} No IP to check in IPAM, check the IP configuration" + echo -e "${RED}NO IP to check in IPAM : check KO${NC}\n" + else + + # Check if all found IP are recorded in IPAM + for ip_to_check in ${IPS_TO_CHECK} + do + echo -e "Check if ${BLUE}${ip_to_check}${NC} is recorded in IPAM" + + # Request one IP + REQUEST_ONE_IP=$(curl -k --header "Content-type: application/x-www-form-urlencoded" --header "token: ${TOKEN}" -X GET "${URL}/addresses/search/fd00:1e02:40::1/" 2>/dev/null | jq -r .data[].ip &>/dev/null) + + # Return Code + RC=$? + + # If IP not found in IPAM + if [ $RC -ne 0 ] + then + IPAM_CONFIG_CHECK_FAILED="${IPAM_CONFIG_CHECK_FAILED} ${ip_to_check} NOT FOUND in IPAM or problem with API connection ;" + echo -e "${RED}${ip_to_check} NOT FOUND in IPAM or problem with API connection : check KO${NC}\n" + # If IP found in IPAM + else + echo -e "${GREEN}${ip_to_check}FOUND in IPAM : check OK${NC}\n" + fi + done + fi +fi diff --git a/recipes/recipe_final_summary.sh b/recipes/recipe_final_summary.sh old mode 100644 new mode 100755 index bdb70fb..96fa42e --- a/recipes/recipe_final_summary.sh +++ b/recipes/recipe_final_summary.sh @@ -5,10 +5,13 @@ echo -e "-------------------------------------------------\n" [ ! -z "${PACKAGES_TO_CHECK}" ] && echo -e "${RED}PACKAGE(S) TO CHECK :${NC} ${PACKAGES_TO_CHECK}\n"; [ ${BOOL_CHECK_HOSTNAME} -ne 0 ] && echo -e "${RED}HOSTNAME TO CHECK :${NC} check in /etc/conf.d/hostname\n" +#if [ ! ${BOOL_CHECK_HOSTNAME} ]; then echo -e "${RED}HOSTNAME TO CHECK :${NC} check in /etc/conf.d/hostname\n";fi [ ${BOOL_ADMIN_IPV4_NOT_CONFIGURED} -ne 0 ] && echo -e "${RED}NO IPv4 ADMIN :${NC} add IPv4 for ADMIN LAN\n" +#[ ! ${BOOL_ADMIN_IPV4_NOT_CONFIGURED} ] && echo -e "${RED}NO IPv4 ADMIN :${NC} add IPv4 for ADMIN LAN\n" [ ${BOOL_ADMIN_IPV6_NOT_CONFIGURED} -ne 0 ] && echo -e "${RED}NO IPv6 ADMIN :${NC} add IPv6 for ADMIN LAN\n" +#[ ! ${BOOL_ADMIN_IPV6_NOT_CONFIGURED} ] && echo -e "${RED}NO IPv6 ADMIN :${NC} add IPv6 for ADMIN LAN\n" [ ! -z "${RESOLV_FAILED}" ] && echo -e "${RED}RESOLVE TO CHECK (UNABLE TO RESOLVE) :${NC} ${RESOLV_FAILED}\n" @@ -26,4 +29,8 @@ echo -e "-------------------------------------------------\n" [ ! -z "${MUNIN_CONFIG_CHECK_FAILED}" ] && echo -e "${RED}MUNIN CONFIG TO CHECK :${NC} ${MUNIN_CONFIG_CHECK_FAILED}\n" +[ ! -z "${SNMP_CONFIG_CHECK_FAILED}" ] && echo -e "${RED}SNMPD CONFIG TO CHECK :${NC} ${SNMP_CONFIG_CHECK_FAILED}\n" + [ ! -z "${MAIL_ALIAS_CONFIG_CHECK_FAILED}" ] && echo -e "${RED}MAIL ALIASES TO CHECK :${NC} ${MAIL_ALIAS_CONFIG_CHECK_FAILED}\n" + +[ ! -z "${IPAM_CONFIG_CHECK_FAILED}" ] && echo -e "${RED}IPAM CONFIG TO CHECK :${NC} ${IPAM_CONFIG_CHECK_FAILED}\n"