Replace parts by new common function
This commit is contained in:
parent
912d374d6d
commit
72cdff40fa
|
@ -16,16 +16,30 @@ check_value_in_conf_file () {
|
||||||
# Check the number of parameters
|
# Check the number of parameters
|
||||||
if [ ${#} -ne 4 ]
|
if [ ${#} -ne 4 ]
|
||||||
then
|
then
|
||||||
echo -e "ERROR : when call check_value_in_conf_file function, bad parameters number expected : 4.\n"
|
echo -e "${RED}ERROR : when call check_value_in_conf_file function, bad parameters number expected : 4.${NC}\n"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if on param is empty or just contains space(s)
|
||||||
|
if [[ -z "${1// }" ]] || [[ -z "${2// }" ]] || [[ -z "${3// }" ]] || [[ -z "${4// }" ]]
|
||||||
|
then
|
||||||
|
echo -e "${RED}ERROR : at least one parameter is empty, please provide all required params.${NC}\n"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Get parameters
|
# Get parameters and delete 'start' en 'end' spaces. For name conf_file
|
||||||
local name=${1}
|
local name=$(echo -e ${1} | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | sed -e 's/[[:space:]]/[[:space:]]*/g')
|
||||||
local conf_file=${2}
|
local conf_file=$(echo -e ${2} | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | sed -e 's/[[:space:]]/[[:space:]]*/g')
|
||||||
local param_key=${3}
|
local param_key=$(echo -e ${3} | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | sed -e 's/[[:space:]]/[[:space:]]*/g')
|
||||||
local search_ok=${4}
|
local search_ok=$(echo -e ${4} | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
|
||||||
|
|
||||||
|
# Check if conf file exist
|
||||||
|
if [[ ! -f "${conf_file}" ]]
|
||||||
|
then
|
||||||
|
echo -e "${RED}ERROR : file ${conf_file} NOT FOUND.${NC}\n"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
# Print message to explain this check
|
# Print message to explain this check
|
||||||
echo -e "Check ${BLUE}${name} ${param_key}${NC} config file ${conf_file} ..."
|
echo -e "Check ${BLUE}${name} ${param_key}${NC} config file ${conf_file} ..."
|
||||||
|
|
||||||
|
@ -39,10 +53,11 @@ check_value_in_conf_file () {
|
||||||
search_ok_to_grep=""
|
search_ok_to_grep=""
|
||||||
for var_search_ok in ${list_search_ok[@]}
|
for var_search_ok in ${list_search_ok[@]}
|
||||||
do
|
do
|
||||||
|
|
||||||
search_ok_to_grep=${search_ok_to_grep}'-e '"^[[:space:]]*${param_key}[[:space:]]*:\?[[:space:]]*${var_search_ok}[[:space:]]*$"' '
|
search_ok_to_grep=${search_ok_to_grep}'-e '"^[[:space:]]*${param_key}[[:space:]]*:\?[[:space:]]*${var_search_ok}[[:space:]]*$"' '
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
echo 1
|
|
||||||
# Check if unexpected value is set (grep -v) (success if return code = 1)
|
# Check if unexpected value is set (grep -v) (success if return code = 1)
|
||||||
grep "^[[:space:]]*"${param_key} ${conf_file} | grep -q -v ${search_ok_to_grep}
|
grep "^[[:space:]]*"${param_key} ${conf_file} | grep -q -v ${search_ok_to_grep}
|
||||||
|
|
||||||
|
@ -57,7 +72,6 @@ check_value_in_conf_file () {
|
||||||
# Unexpected value is not set
|
# Unexpected value is not set
|
||||||
else
|
else
|
||||||
|
|
||||||
echo 2
|
|
||||||
search_ok_to_grep="^[[:space:]]*"${param_key}"[[:space:]]*:\?[[:space:]]*"${search_ok}"[[:space:]]*$"
|
search_ok_to_grep="^[[:space:]]*"${param_key}"[[:space:]]*:\?[[:space:]]*"${search_ok}"[[:space:]]*$"
|
||||||
|
|
||||||
# Boolean for final Return Code, if one return code in the loop -ne 0 -> set finalRC=1
|
# Boolean for final Return Code, if one return code in the loop -ne 0 -> set finalRC=1
|
||||||
|
|
|
@ -2,107 +2,65 @@ print_config_title 'CHECK SNMP BASIC CONFIG'
|
||||||
|
|
||||||
# This does NOT check if SNMP 'monitoring server' has configured this machine
|
# This does NOT check if SNMP 'monitoring server' has configured this machine
|
||||||
# Check /etc/snmp/snmpd.conf config file agentAddress, rocommunity and trapsink/trap2sink parameters
|
# Check /etc/snmp/snmpd.conf config file agentAddress, rocommunity and trapsink/trap2sink parameters
|
||||||
echo -e "Check ${BLUE}SNMPD${NC} config file /etc/snmp/snmpd.conf"
|
|
||||||
|
|
||||||
# Check if agentAddress exist but different than expected (success if return code = 1)
|
check_value_in_conf_file "SNMP" "/etc/snmp/snmpd.conf" "agentAddress" "udp:127.0.0.1:161 udp:${IPV4_ADMIN_LAN_IP}:161 udp6:\[::1\]:161 udp6:\[${IPV6_ADMIN_LAN_IP}\]:161"
|
||||||
grep "^[[:space:]]*agentAddress" /etc/snmp/snmpd.conf \
|
|
||||||
|grep -E -q -v \
|
|
||||||
-e "^[[:space:]]*agentAddress[[:space:]]*udp:127.0.0.1:161[[:space:]]*\$" \
|
|
||||||
-e "^[[:space:]]*agentAddress[[:space:]]*udp:${IPV4_ADMIN_NETWORK}[0-2]?[0-9]?[0-9]?:161[[:space:]]*\$" \
|
|
||||||
-e "^[[:space:]]*agentAddress[[:space:]]*udp6:\[::1\]:161[[:space:]]*\$" \
|
|
||||||
-e "^[[:space:]]*agentAddress[[:space:]]*udp6:\[${IPV6_ADMIN_NETWORK}[0-9,a-f,\:]*\]:161[[:space:]]*\$"
|
|
||||||
|
|
||||||
# Return Code
|
case ${?} in
|
||||||
RC=$?
|
0) # OK, nothing to do
|
||||||
|
;;
|
||||||
# agentAddress other IP than expected
|
1) # Error (wrong number of param or other)
|
||||||
if [ $RC -eq 0 ]
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during agentAddress check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
||||||
then
|
;;
|
||||||
SNMP_CONFIG_CHECK_FAILED="${SNMP_CONFIG_CHECK_FAILED} SNMPD agentAddress allow connection from unexpected IP, expected :\n'agentAddress udp:IPv4AdminLANlistenAddress:161'\n'agentAddress udp6:[IPv6AdminLANlistenAddress]:161'\nOPTIONAL : 'agentAddress udp:127.0.0.1:161'\nOPTIONAL : 'agentAddress udp6:[::1]:161' ;\n"
|
2) # Unexpected value is set
|
||||||
echo -e "${RED}SNMPD agentAddress allow connection from UNEXPECTED IP : check KO${NC}\n"
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" agentAddress are not well configured or has other value, set agentAddress for IPv4 and IPv6 in Admin LAN and localhost;"
|
||||||
# Does not agentAddress unexpected IP
|
;;
|
||||||
else
|
3) # All expected values are NOT configured
|
||||||
# Check expected IP are configured (IPv4 and IPv6) (success if return code = 0)
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" agentAddress are not well configured, set agentAddress for IPv4 and IPv6 in Admin LAN and localhost;"
|
||||||
grep -E -q "^[[:space:]]*agentAddress[[:space:]]*udp:${IPV4_ADMIN_NETWORK}[0-2]?[0-9]?[0-9]?:161[[:space:]]*\$" /etc/snmp/snmpd.conf
|
;;
|
||||||
|
*) # Unknown return code...
|
||||||
# Return Code
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check agentAddress;"
|
||||||
RCa=$?
|
;;
|
||||||
|
esac
|
||||||
grep -E -q "^[[:space:]]*agentAddress[[:space:]]*udp6:\[${IPV6_ADMIN_NETWORK}[0-9,a-f,\:]*\]:161[[:space:]]*\$" /etc/snmp/snmpd.conf
|
|
||||||
|
|
||||||
# Return Code
|
|
||||||
RCb=$?
|
|
||||||
|
|
||||||
# Expected IP are NOT configured (IPv4 and IPv6)
|
|
||||||
if [ $RCa -ne 0 ] || [ $RCb -ne 0 ]
|
|
||||||
then
|
|
||||||
SNMP_CONFIG_CHECK_FAILED="${SNMP_CONFIG_CHECK_FAILED} All SNMPD agentAddress expected IP (IPv4 and IPv6) are not well configured, expected :\n'agentAddress udp:IPv4AdminLANlistenAddress:161'\n'agentAddress udp6:[IPv6AdminLANlistenAddress]:161'\nOPTIONAL : 'agentAddress udp:127.0.0.1:161'\nOPTIONAL : 'agentAddress udp6:[::1]:161'\n"
|
|
||||||
echo -e "${RED}All SNMPD agentAddress expected IP (IPv4 and IPv6) are NOT well CONFIGURED : check KO${NC}\n"
|
|
||||||
# Expected IP are configured (IPv4 and IPv6)
|
|
||||||
else
|
|
||||||
echo -e "${GREEN}SNMPD agentAddress expected IP are CONFIGURED : check OK${NC}\n"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Check if rocommunity exist but different than expected (success if return code = 1)
|
|
||||||
grep "^[[:space:]]*rocommunity" /etc/snmp/snmpd.conf \
|
|
||||||
|grep -q -v -e "^[[:space:]]*rocommunity[[:space:]]*public[[:space:]]*default[[:space:]]*\$"
|
|
||||||
|
|
||||||
# Return Code
|
|
||||||
RC=$?
|
|
||||||
|
|
||||||
# Unexpected rocommunity found
|
|
||||||
if [ $RC -eq 0 ]
|
|
||||||
then
|
|
||||||
SNMP_CONFIG_CHECK_FAILED="${SNMP_CONFIG_CHECK_FAILED} Unexpected rocommunity found, expected : rocommunity public default ;\n"
|
|
||||||
echo -e "${RED}UNEXPECTED rocommunity found : check KO${NC}\n"
|
|
||||||
# No unexpected rocommunity
|
|
||||||
else
|
|
||||||
# Check if expected rocommunity configured (success if return code = 0)
|
|
||||||
grep -q "^[[:space:]]*rocommunity[[:space:]]*public[[:space:]]*default[[:space:]]*\$" /etc/snmp/snmpd.conf
|
|
||||||
|
|
||||||
# Return Code
|
|
||||||
RC=$?
|
|
||||||
|
|
||||||
# Expected rocommunity NOT configured
|
|
||||||
if [ $RC -ne 0 ]
|
|
||||||
then
|
|
||||||
SNMP_CONFIG_CHECK_FAILED="${SNMP_CONFIG_CHECK_FAILED} Expected rocommunity not configured, expected : rocommunity public default ;\n"
|
|
||||||
echo -e "${RED} Expected rocommunity NOT CONFIGURED : check KO${NC}\n"
|
|
||||||
# Expected rocommunity configured
|
|
||||||
else
|
|
||||||
echo -e "${GREEN}Expected rocommunity CONFIGURED : check OK${NC}\n"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# Check if trapsink/trap2sink exist but different than expected (success if return code = 1)
|
# No IPv6 here....
|
||||||
grep -E "^[[:space:]]*trap[2]?sink" /etc/snmp/snmpd.conf \
|
check_value_in_conf_file "SNMP" "/etc/snmp/snmpd.conf" "rocommunity" "public[[:space:]]*127.0.0.1 public[[:space:]]*${IPV4_ADMIN_NETWORK}0/24"
|
||||||
|grep -E -q -v -e "^[[:space:]]*trap[2]?sink[[:space:]]*${NAME_MASTER_MONITORING}[[:space:]]*public[[:space:]]*\$"
|
|
||||||
|
|
||||||
# Return Code
|
case ${?} in
|
||||||
RC=$?
|
0) # OK, nothing to do
|
||||||
|
;;
|
||||||
|
1) # Error (wrong number of param or other)
|
||||||
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during rocommunity check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
||||||
|
;;
|
||||||
|
2) # Unexpected value is set
|
||||||
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" rocommunity are not well configured or has other value, set 'rocommunity public 127.0.0.1' and 'rocommunity public ${IPV4_ADMIN_NETWORK}0/24';"
|
||||||
|
;;
|
||||||
|
3) # All expected values are NOT configured
|
||||||
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" rocommunity are not well configured, set 'rocommunity public 127.0.0.1' and 'rocommunity public ${IPV4_ADMIN_NETWORK}0/24';"
|
||||||
|
;;
|
||||||
|
*) # Unknown return code...
|
||||||
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check rocommunity;"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
|
||||||
|
check_value_in_conf_file "SNMP" "/etc/snmp/snmpd.conf" "trap2sink" "${NAME_MASTER_MONITORING}[[:space:]]*public"
|
||||||
|
|
||||||
|
case ${?} in
|
||||||
|
0) # OK, nothing to do
|
||||||
|
;;
|
||||||
|
1) # Error (wrong number of param or other)
|
||||||
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during trap2sink check with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
||||||
|
;;
|
||||||
|
2) # Unexpected value is set
|
||||||
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink are not well configured or has other value, set 'trap2sink ${NAME_MASTER_MONITORING} public;"
|
||||||
|
;;
|
||||||
|
3) # All expected values are NOT configured
|
||||||
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink are not well configured, set 'trap2sink ${NAME_MASTER_MONITORING} public';"
|
||||||
|
;;
|
||||||
|
*) # Unknown return code...
|
||||||
|
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check trap2sink;"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
# Unexpected trapsink/trap2sink found
|
|
||||||
if [ $RC -eq 0 ]
|
|
||||||
then
|
|
||||||
SNMP_CONFIG_CHECK_FAILED="${SNMP_CONFIG_CHECK_FAILED} Unexpected trapsink/trap2sink found, expected : trap2sink ${NAME_MASTER_MONITORING} public ;"
|
|
||||||
echo -e "${RED}UNEXPECTED trapsink/trap2sink found : check KO${NC}\n"
|
|
||||||
# No unexpected trapsink/trap2sink
|
|
||||||
else
|
|
||||||
# Check if expected trapsink/trap2sink configured (success if return code = 0)
|
|
||||||
grep -E -q "^[[:space:]]*trap2sink[[:space:]]*${NAME_MASTER_MONITORING}[[:space:]]*public[[:space:]]*\$" /etc/snmp/snmpd.conf
|
|
||||||
|
|
||||||
# Return Code
|
|
||||||
RC=$?
|
|
||||||
|
|
||||||
# Expected trapsink/trap2sink NOT configured
|
|
||||||
if [ $RC -ne 0 ]
|
|
||||||
then
|
|
||||||
SNMP_CONFIG_CHECK_FAILED="${SNMP_CONFIG_CHECK_FAILED} Expected trapsink/trap2sink not configured, expected : trap2sink ${NAME_MASTER_MONITORING} public ;"
|
|
||||||
echo -e "${RED} Expected trapsink/trap2sink NOT CONFIGURED : check KO${NC}\n"
|
|
||||||
# Expected trapsink/trap2sink configured
|
|
||||||
else
|
|
||||||
echo -e "${GREEN}Expected trapsink/trap2sink CONFIGURED : check OK${NC}\n"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
|
@ -25,7 +25,7 @@ case ${?} in
|
||||||
0) # OK, nothing to do
|
0) # OK, nothing to do
|
||||||
;;
|
;;
|
||||||
1) # Error (wrong number of param or other)
|
1) # Error (wrong number of param or other)
|
||||||
SSH_CONFIG_CHECK_FAILED=${SSH_CONFIG_CHECK_FAILED}" Error during PermitRootLogin with function check_value_in_conf_file, maybe incorrect number of parameter;"
|
SSH_CONFIG_CHECK_FAILED=${SSH_CONFIG_CHECK_FAILED}" Error during PermitRootLogin with function check_value_in_conf_file, maybe incorrect number of parameter or incorrect parameter;"
|
||||||
;;
|
;;
|
||||||
2) # Unexpected value is set
|
2) # Unexpected value is set
|
||||||
SSH_CONFIG_CHECK_FAILED=${SSH_CONFIG_CHECK_FAILED}" PermitRootLogin is not set to 'no' or has other value, set 'PermitRootLogin no' ;"
|
SSH_CONFIG_CHECK_FAILED=${SSH_CONFIG_CHECK_FAILED}" PermitRootLogin is not set to 'no' or has other value, set 'PermitRootLogin no' ;"
|
||||||
|
|
Loading…
Reference in a new issue