Browse Source

Check if files exists before other tests

master
nemo 3 years ago
parent
commit
9f0538841d
  1. 149
      recipes/recipe_check_autobackup_config.sh
  2. 54
      recipes/recipe_check_autoupdate_config.sh
  3. 82
      recipes/recipe_check_mail_alias_config.sh
  4. 94
      recipes/recipe_check_munin_config.sh
  5. 117
      recipes/recipe_check_nrpe_config.sh
  6. 337
      recipes/recipe_check_portage.sh
  7. 91
      recipes/recipe_check_postfix_protocol_config.sh
  8. 264
      recipes/recipe_check_snmp_config.sh
  9. 118
      recipes/recipe_check_ssh_config.sh

149
recipes/recipe_check_autobackup_config.sh

@ -5,86 +5,87 @@ echo "Check if auto-update script is present"
if [[ -f "${BACKUP_SCRIPT}" ]]
then
echo -e "${GREEN}The auto-backup script is present : check OK${NC}\n"
else
AUTOBACKUP_CONFIG_CHECK_FAILED=${AUTOBACKUP_CONFIG_CHECK_FAILED}" The auto-backup script is NOT on the system;"
echo -e "${RED}The auto-backup is NOT on the system : check KO${NC}\n"
fi
# Check the script (content)
echo "Check the script (content)"
grep -q 'borg prune -v backup@loth.grifon.fr' ${BACKUP_SCRIPT}
RCa=${?} # First Return Code
grep -q 'borg create --info .* backup@loth.grifon.fr:$(hostname -s)::$(date +%F)' ${BACKUP_SCRIPT}
RCb=${?} # Second Return Code
if [[ ${RCa} -ne 0 ]] || [[ ${RCb} -ne 0 ]]
then
AUTOBACKUP_CONFIG_CHECK_FAILED=${AUTOBACKUP_CONFIG_CHECK_FAILED}" Auto-backup script ${BACKUP_SCRIPT} does NOT CONTAIN valid 'borg prune' OR 'borg create', check manually;"
echo -e "${RED}Auto-backup script does NOT CONTAIN valid 'borg prune' OR 'borg create' : check KO${NC}\n"
# Service started without error
else
echo -e "${GREEN}Auto-backup script seems contain valid 'borg prune' and 'borg create' : check OK${NC}\n"
fi
# Check the script (content)
echo "Check the script (content)"
grep -q 'borg prune -v backup@loth.grifon.fr' ${BACKUP_SCRIPT}
RCa=${?} # First Return Code
grep -q 'borg create --info .* backup@loth.grifon.fr:$(hostname -s)::$(date +%F)' ${BACKUP_SCRIPT}
RCb=${?} # Second Return Code
if [[ ${RCa} -ne 0 ]] || [[ ${RCb} -ne 0 ]]
then
AUTOBACKUP_CONFIG_CHECK_FAILED=${AUTOBACKUP_CONFIG_CHECK_FAILED}" Auto-backup script ${BACKUP_SCRIPT} does NOT CONTAIN valid 'borg prune' OR 'borg create', check manually;"
echo -e "${RED}Auto-backup script does NOT CONTAIN valid 'borg prune' OR 'borg create' : check KO${NC}\n"
# Service started without error
else
echo -e "${GREEN}Auto-backup script seems contain valid 'borg prune' and 'borg create' : check OK${NC}\n"
fi
# Check if the script is executable
echo "Check if the script is executable"
if [[ -x "${BACKUP_SCRIPT}" ]]
then
echo -e "${GREEN}The auto-backup script is executable : check OK${NC}\n"
else
AUTOBACKUP_CONFIG_CHECK_FAILED=${AUTOBACKUP_CONFIG_CHECK_FAILED}" The auto-backup script is NOT executable;"
echo -e "${RED}The auto-backup script is NOT executable: check KO${NC}\n"
fi
# Check if the script is executable
echo "Check if the script is executable"
if [[ -x "${BACKUP_SCRIPT}" ]]
then
echo -e "${GREEN}The auto-backup script is executable : check OK${NC}\n"
else
AUTOBACKUP_CONFIG_CHECK_FAILED=${AUTOBACKUP_CONFIG_CHECK_FAILED}" The auto-backup script is NOT executable;"
echo -e "${RED}The auto-backup script is NOT executable: check KO${NC}\n"
fi
# Check the ssh connection to the backup server
echo "Check the ssh connection to the backup server"
ssh -q ${BACKUP_REMOTE_USER}@${BACKUP_REMOTE_SERVER} exit
if [[ ${?} -ne 0 ]]
then
AUTOBACKUP_CONFIG_CHECK_FAILED=${AUTOBACKUP_CONFIG_CHECK_FAILED}" The SSH connection to the backup server failed, check manually;"
echo -e "${RED}SSH Connection to the backup server does NOT WORK : check KO${NC}\n"
# Service started without error
else
echo -e "${GREEN}SSH Connection to the backup server works : check OK${NC}\n"
fi
# Check the ssh connection to the backup server
echo "Check the ssh connection to the backup server"
ssh -q ${BACKUP_REMOTE_USER}@${BACKUP_REMOTE_SERVER} exit
if [[ ${?} -ne 0 ]]
then
AUTOBACKUP_CONFIG_CHECK_FAILED=${AUTOBACKUP_CONFIG_CHECK_FAILED}" The SSH connection to the backup server failed, check manually;"
echo -e "${RED}SSH Connection to the backup server does NOT WORK : check KO${NC}\n"
# Service started without error
else
echo -e "${GREEN}SSH Connection to the backup server works : check OK${NC}\n"
fi
# Check if the remote repertory exist and is writable
echo "Check if the remote repertory exist and is writable"
ssh ${BACKUP_REMOTE_USER}@${BACKUP_REMOTE_SERVER} "test -w ${BACKUP_REMOTE_REPERTORY}/$(hostname -s)" &>/dev/null
if [[ ${?} -ne 0 ]]
then
AUTOBACKUP_CONFIG_CHECK_FAILED=${AUTOBACKUP_CONFIG_CHECK_FAILED}" The remote backup repertory ${BACKUP_REMOTE_REPERTORY}/$(hostname -s) does not exit, create it;"
echo -e "${RED}The remote backup repertory DOES NOT exit : check KO${NC}\n"
# Service started without error
else
echo -e "${GREEN}The remote backup repertory exist : check OK${NC}\n"
fi
# Check if the remote repertory exist and is writable
echo "Check if the remote repertory exist and is writable"
ssh ${BACKUP_REMOTE_USER}@${BACKUP_REMOTE_SERVER} "test -w ${BACKUP_REMOTE_REPERTORY}/$(hostname -s)" &>/dev/null
if [[ ${?} -ne 0 ]]
then
AUTOBACKUP_CONFIG_CHECK_FAILED=${AUTOBACKUP_CONFIG_CHECK_FAILED}" The remote backup repertory ${BACKUP_REMOTE_REPERTORY}/$(hostname -s) does not exit, create it;"
echo -e "${RED}The remote backup repertory DOES NOT exit : check KO${NC}\n"
# Service started without error
else
echo -e "${GREEN}The remote backup repertory exist : check OK${NC}\n"
fi
# Check if the remote link exist and is writable : when a backup is done, the script set the destination : ~/$(hostname -s) which is a link to ${BACKUP_REMOTE_REPERTORY}/$(hostname -s)
echo "Check if the remote link exist and is writable"
ssh ${BACKUP_REMOTE_USER}@${BACKUP_REMOTE_SERVER} "test -w $(hostname -s)" &>/dev/null
if [[ ${?} -ne 0 ]]
then
AUTOBACKUP_CONFIG_CHECK_FAILED=${AUTOBACKUP_CONFIG_CHECK_FAILED}" The remote backup symbolic link ~/$(hostname -s) does not exit, create it;"
echo -e "${RED}The remote backup symbolic link does not exist : check KO${NC}\n"
# Service started without error
else
echo -e "${GREEN}The remote backup symbolic link exist : check OK${NC}\n"
fi
# Check if the remote link exist and is writable : when a backup is done, the script set the destination : ~/$(hostname -s) which is a link to ${BACKUP_REMOTE_REPERTORY}/$(hostname -s)
echo "Check if the remote link exist and is writable"
ssh ${BACKUP_REMOTE_USER}@${BACKUP_REMOTE_SERVER} "test -w $(hostname -s)" &>/dev/null
if [[ ${?} -ne 0 ]]
then
AUTOBACKUP_CONFIG_CHECK_FAILED=${AUTOBACKUP_CONFIG_CHECK_FAILED}" The remote backup symbolic link ~/$(hostname -s) does not exit, create it;"
echo -e "${RED}The remote backup symbolic link does not exist : check KO${NC}\n"
# Service started without error
else
echo -e "${GREEN}The remote backup symbolic link exist : check OK${NC}\n"
fi
# Check if the cron task is configured
echo "Check if the cron task is configured"
crontab -l 2>/dev/null | grep -q "${BACKUP_SCRIPT}"
RCa=${?} # First Return Code
grep -q "${BACKUP_SCRIPT}" /etc/cron.d/*
RCb=${?} # Second Return Code
grep -q "${BACKUP_SCRIPT}" /etc/crontab
RCc=${?} # Third Return Code
if [[ ${RCa} -ne 0 ]] && [[ ${RCb} -ne 0 ]] && [[ ${RCc} -ne 0 ]]
then
AUTOBACKUP_CONFIG_CHECK_FAILED=${AUTOBACKUP_CONFIG_CHECK_FAILED}" No cron entry for auto-backup, configure it;"
echo -e "${RED}NO cron entry for auto-backup : check KO${NC}\n"
# Service started without error
else
echo -e "${GREEN}Cron entry for auto-backup exist: check OK${NC}\n"
fi
# Check if the cron task is configured
echo "Check if the cron task is configured"
crontab -l 2>/dev/null | grep -q "${BACKUP_SCRIPT}"
RCa=${?} # First Return Code
grep -q "${BACKUP_SCRIPT}" /etc/cron.d/*
RCb=${?} # Second Return Code
grep -q "${BACKUP_SCRIPT}" /etc/crontab
RCc=${?} # Third Return Code
if [[ ${RCa} -ne 0 ]] && [[ ${RCb} -ne 0 ]] && [[ ${RCc} -ne 0 ]]
then
AUTOBACKUP_CONFIG_CHECK_FAILED=${AUTOBACKUP_CONFIG_CHECK_FAILED}" No cron entry for auto-backup, configure it;"
echo -e "${RED}NO cron entry for auto-backup : check KO${NC}\n"
# Service started without error
else
echo -e "${GREEN}Cron entry for auto-backup exist: check OK${NC}\n"
AUTOBACKUP_CONFIG_CHECK_FAILED=${AUTOBACKUP_CONFIG_CHECK_FAILED}" The auto-backup script is NOT on the system;"
echo -e "${RED}The auto-backup is NOT on the system : check KO${NC}\n"
fi

54
recipes/recipe_check_autoupdate_config.sh

@ -5,34 +5,38 @@ echo "Check if auto-update script is present"
if [[ -f "${AUTOUPDATE_SCRIPT}" ]]
then
echo -e "${GREEN}The auto-update script is present : check OK${NC}\n"
# Check if the auto-update script is executable
echo "Check if the auto-update script is executable"
if [[ -x "${AUTOUPDATE_SCRIPT}" ]]
then
echo -e "${GREEN}The auto-update script is executable : check OK${NC}\n"
else
AUTOUPDATE_CONFIG_CHECK_FAILED=${AUTOUPDATE_CONFIG_CHECK_FAILED}" The auto-update script is NOT executable;"
echo -e "${RED}The auto-update script is NOT executable: check KO${NC}\n"
fi
# Check if the auto-update cron task is configured
echo "Check if the cron task is configured"
crontab -l 2>/dev/null | grep -q "${AUTOUPDATE_SCRIPT}"
RCa=${?} # First Return Code
grep -q "${AUTOUPDATE_SCRIPT}" /etc/cron.d/*
RCb=${?} # Second Return Code
grep -q "${AUTOUPDATE_SCRIPT}" /etc/crontab
RCc=${?} # Third Return Code
if [[ ${RCa} -ne 0 ]] && [[ ${RCb} -ne 0 ]] && [[ ${RCc} -ne 0 ]]
then
AUTOUPDATE_CONFIG_CHECK_FAILED=${AUTOUPDATE_CONFIG_CHECK_FAILED}" No cron entry for auto-update, configure it;"
echo -e "${RED}NO cron entry for auto-update : check KO${NC}\n"
# Service started without error
else
echo -e "${GREEN}Cron entry for auto-update exist: check OK${NC}\n"
fi
else
AUTOUPDATE_CONFIG_CHECK_FAILED=${AUTOUPDATE_CONFIG_CHECK_FAILED}" The auto-update script is NOT on the system;"
echo -e "${RED}The auto-update is NOT on the system : check KO${NC}\n"
fi
# Check if the auto-update script is executable
echo "Check if the auto-update script is executable"
if [[ -x "${AUTOUPDATE_SCRIPT}" ]]
then
echo -e "${GREEN}The auto-update script is executable : check OK${NC}\n"
else
AUTOUPDATE_CONFIG_CHECK_FAILED=${AUTOUPDATE_CONFIG_CHECK_FAILED}" The auto-update script is NOT executable;"
echo -e "${RED}The auto-update script is NOT executable: check KO${NC}\n"
fi
# Check if the auto-update cron task is configured
echo "Check if the cron task is configured"
crontab -l 2>/dev/null | grep -q "${AUTOUPDATE_SCRIPT}"
RCa=${?} # First Return Code
grep -q "${AUTOUPDATE_SCRIPT}" /etc/cron.d/*
RCb=${?} # Second Return Code
grep -q "${AUTOUPDATE_SCRIPT}" /etc/crontab
RCc=${?} # Third Return Code
if [[ ${RCa} -ne 0 ]] && [[ ${RCb} -ne 0 ]] && [[ ${RCc} -ne 0 ]]
then
AUTOUPDATE_CONFIG_CHECK_FAILED=${AUTOUPDATE_CONFIG_CHECK_FAILED}" No cron entry for auto-update, configure it;"
echo -e "${RED}NO cron entry for auto-update : check KO${NC}\n"
# Service started without error
else
echo -e "${GREEN}Cron entry for auto-update exist: check OK${NC}\n"
fi

82
recipes/recipe_check_mail_alias_config.sh

@ -3,43 +3,53 @@ print_config_title 'CHECK MAIL ALIAS CONFIG'
# This does not check if send mail works and if alias have been reloaded
# Check /etc/mail/aliases config file, checked param : root/operator
# root
check_value_in_conf_file "MUNIN" "/etc/mail/aliases" "root" "${MAIL_ALIAS_ROOT}"
conf_file_to_test="/etc/mail/aliases"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during root alias check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" root alias is not well configured or has other value, set root: ${MAIL_ALIAS_ROOT};"
;;
3) # All expected values are NOT configured
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" root alias is not well configured, set root: ${MAIL_ALIAS_ROOT};"
;;
*) # Unknown return code...
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check root alias;"
;;
esac
# Check if conf file exist
if [[ ! -f "${conf_file_to_test}" ]]
then
echo -e "${RED}ERROR : file ${conf_file_to_test} NOT FOUND.${NC}\n"
MAIL_ALIAS_CONFIG_CHECK_FAILED=${MAIL_ALIAS_CONFIG_CHECK_FAILED}" Error, file ${conf_file_to_test} not found;"
else
# root
check_value_in_conf_file "ALIAS" "${conf_file_to_test}" "root" "${MAIL_ALIAS_ROOT}"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
MAIL_ALIAS_CONFIG_CHECK_FAILED=${MAIL_ALIAS_CONFIG_CHECK_FAILED}" Error during root alias check with function check_value_in_conf_file, maybe incorrect number of parameter or file not found;"
;;
2) # Unexpected value is set
MAIL_ALIAS_CONFIG_CHECK_FAILED=${MAIL_ALIAS_CONFIG_CHECK_FAILED}" root alias is not well configured or has other value, set root: ${MAIL_ALIAS_ROOT};"
;;
3) # All expected values are NOT configured
MAIL_ALIAS_CONFIG_CHECK_FAILED=${MAIL_ALIAS_CONFIG_CHECK_FAILED}" root alias is not well configured, set root: ${MAIL_ALIAS_ROOT};"
;;
*) # Unknown return code...
MAIL_ALIAS_CONFIG_CHECK_FAILED=${MAIL_ALIAS_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check root alias;"
;;
esac
# root
check_value_in_conf_file "MUNIN" "/etc/mail/aliases" "operator" "${MAIL_ALIAS_ROOT}"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during operator alias check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" operator alias is not well configured or has other value, set operator: ${MAIL_ALIAS_ROOT};"
;;
3) # All expected values are NOT configured
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" operator alias is not well configured, set operator: ${MAIL_ALIAS_ROOT};"
;;
*) # Unknown return code...
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check operator alias;"
;;
esac
# root
check_value_in_conf_file "ALIAS" "${conf_file_to_test}" "operator" "${MAIL_ALIAS_ROOT}"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
MAIL_ALIAS_CONFIG_CHECK_FAILED=${MAIL_ALIAS_CONFIG_CHECK_FAILED}" Error during operator alias check with function check_value_in_conf_file, maybe incorrect number of parameter or file not found;"
;;
2) # Unexpected value is set
MAIL_ALIAS_CONFIG_CHECK_FAILED=${MAIL_ALIAS_CONFIG_CHECK_FAILED}" operator alias is not well configured or has other value, set operator: ${MAIL_ALIAS_ROOT};"
;;
3) # All expected values are NOT configured
MAIL_ALIAS_CONFIG_CHECK_FAILED=${MAIL_ALIAS_CONFIG_CHECK_FAILED}" operator alias is not well configured, set operator: ${MAIL_ALIAS_ROOT};"
;;
*) # Unknown return code...
MAIL_ALIAS_CONFIG_CHECK_FAILED=${MAIL_ALIAS_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check operator alias;"
;;
esac
fi

94
recipes/recipe_check_munin_config.sh

@ -4,46 +4,54 @@ print_config_title 'CHECK MUNIN BASIC CONFIG'
# This does not check if MUNIN 'monitoring server' has configured this machine
# Check /etc/munin/munin-node.conf config file, checked parameters : allow/port
# allow
check_value_in_conf_file "MUNIN" "/etc/munin/munin-node.conf" "allow" '\^127\\\.0\\\.0\\\.1\$ \^::1\$'" ${IPV4_MASTER_MUNIN} ${IPV6_MASTER_MUNIN}"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during allow check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" allow param is not well configured or has other value, set allow param (IPv6+IPv4) for localhost and Munin server;"
;;
3) # All expected values are NOT configured
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" allow param is not well configured, set allow param (IPv6+IPv4) for localhost and Munin server;"
;;
*) # Unknown return code...
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check allow param;"
;;
esac
# port
check_value_in_conf_file "MUNIN" "/etc/munin/munin-node.conf" "port" "4949"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during port check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" port is not well configured or has other value, set 'port 4949';"
;;
3) # All expected values are NOT configured
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" port is not well configured, set 'port 4949';"
;;
*) # Unknown return code...
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check port;"
;;
esac
conf_file_to_test="/etc/munin/munin-node.conf"
# Check if conf file exist
if [[ ! -f "${conf_file_to_test}" ]]
then
echo -e "${RED}ERROR : file ${conf_file_to_test} NOT FOUND.${NC}\n"
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, file ${conf_file_to_test} not found;"
else
# allow
check_value_in_conf_file "MUNIN" "${conf_file_to_test}" "allow" '\^127\\\.0\\\.0\\\.1\$ \^::1\$'" ${IPV4_MASTER_MUNIN} ${IPV6_MASTER_MUNIN}"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during allow check with function check_value_in_conf_file, maybe incorrect number of parameter or file not found;"
;;
2) # Unexpected value is set
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" allow param is not well configured or has other value, set allow param (IPv6+IPv4) for localhost and Munin server;"
;;
3) # All expected values are NOT configured
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" allow param is not well configured, set allow param (IPv6+IPv4) for localhost and Munin server;"
;;
*) # Unknown return code...
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check allow param;"
;;
esac
# port
check_value_in_conf_file "MUNIN" "${conf_file_to_test}" "port" "4949"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error during port check with function check_value_in_conf_file, maybe incorrect number of parameter or file not found;"
;;
2) # Unexpected value is set
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" port is not well configured or has other value, set 'port 4949';"
;;
3) # All expected values are NOT configured
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" port is not well configured, set 'port 4949';"
;;
*) # Unknown return code...
MUNIN_CONFIG_CHECK_FAILED=${MUNIN_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check port;"
;;
esac
fi

117
recipes/recipe_check_nrpe_config.sh

@ -3,65 +3,74 @@ print_config_title 'CHECK NRPE BASIC CONFIG'
# Check /etc/nagios/nrpe.cfg config file, checked parameters : allowed_hosts/nrpe_user/nrpe_group
# This does not check if NRPE 'monitoring server' has configured this machine
# allowed_hosts
check_value_in_conf_file "NRPE" "/etc/nagios/nrpe.cfg" "allowed_hosts" "127.0.0.1,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64"
conf_file_to_test="/etc/nagios/nrpe.cfg"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error during allowed_hosts check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" allowed_hosts are not well configured or has other value, set 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64';"
;;
3) # All expected values are NOT configured
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" allowed_hosts are not well configured, set 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64';"
;;
*) # Unknown return code...
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check allowed_hosts;"
;;
esac
# Check if conf file exist
if [[ ! -f "${conf_file_to_test}" ]]
then
echo -e "${RED}ERROR : file ${conf_file_to_test} NOT FOUND.${NC}\n"
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error, file ${conf_file_to_test} not found;"
else
# allowed_hosts
check_value_in_conf_file "NRPE" "${conf_file_to_test}" "allowed_hosts" "127.0.0.1,[[:space:]]*${IPV4_ADMIN_NETWORK}0/24,[[:space:]]*${IPV6_ADMIN_NETWORK}:/64"
# nrpe_user
check_value_in_conf_file "NRPE" "/etc/nagios/nrpe.cfg" "nrpe_user" "nagios"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error during allowed_hosts check with function check_value_in_conf_file, maybe incorrect number of parameter or file not found;"
;;
2) # Unexpected value is set
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" allowed_hosts are not well configured or has other value, set 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64';"
;;
3) # All expected values are NOT configured
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" allowed_hosts are not well configured, set 'allowed_hosts=127.0.0.1, ${IPV4_ADMIN_NETWORK}0/24, ${IPV6_ADMIN_NETWORK}:/64';"
;;
*) # Unknown return code...
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check allowed_hosts;"
;;
esac
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error during nrpe_user check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_user is not well configured or has other value, set 'nrpe_user=nagios';"
;;
3) # All expected values are NOT configured
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_user is not well configured, set 'nrpe_user=nagios';"
;;
*) # Unknown return code...
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check nrpe_user;"
;;
esac
# nrpe_user
check_value_in_conf_file "NRPE" "${conf_file_to_test}" "nrpe_user" "nagios"
# nrpe_group
check_value_in_conf_file "NRPE" "/etc/nagios/nrpe.cfg" "nrpe_group" "nagios"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error during nrpe_user check with function check_value_in_conf_file, maybe incorrect number of parameter or file not found;"
;;
2) # Unexpected value is set
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_user is not well configured or has other value, set 'nrpe_user=nagios';"
;;
3) # All expected values are NOT configured
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_user is not well configured, set 'nrpe_user=nagios';"
;;
*) # Unknown return code...
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check nrpe_user;"
;;
esac
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error during nrpe_group check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_group is not well configured or has other value, set 'nrpe_group=nagios';"
;;
3) # All expected values are NOT configured
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_group is not well configured, set 'nrpe_group=nagios';"
;;
*) # Unknown return code...
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check nrpe_group;"
;;
esac
# nrpe_group
check_value_in_conf_file "NRPE" "${conf_file_to_test}" "nrpe_group" "nagios"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error during nrpe_group check with function check_value_in_conf_file, maybe incorrect number of parameter or file not found;"
;;
2) # Unexpected value is set
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_group is not well configured or has other value, set 'nrpe_group=nagios';"
;;
3) # All expected values are NOT configured
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" nrpe_group is not well configured, set 'nrpe_group=nagios';"
;;
*) # Unknown return code...
NRPE_CONFIG_CHECK_FAILED=${NRPE_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check nrpe_group;"
;;
esac
fi

337
recipes/recipe_check_portage.sh

@ -1,222 +1,233 @@
print_config_title 'CHECK PORTAGE CONFIG'
# Check if make.conf includes FEATURES="getbinpkg"
echo "Check if /etc/portage/make.conf includes FEATURES=\"getbinpkg\""
grep -q "^[[:space:]]*FEATURES=\"getbinpkg\"[[:space:]]*$" /etc/portage/make.conf
conf_file_to_test="/etc/portage/make.conf"
# Return Code
RC=$?
# Portage conf does NOT include getbinpkg FEATURE
if [ $RC -ne 0 ]
# Check if conf file exist
if [[ ! -f "${conf_file_to_test}" ]]
then
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Portage binpkg feature not configured, add FEATURES=\"getbinpkg\" in /etc/portage/make.conf ;"
echo -e "${RED}Portage getbinpkg feature is NOT CONFIGURED in /etc/portage/make.conf : check KO${NC}\n"
# Portage conf includes getbinpkg FEATURE
echo -e "${RED}ERROR : file ${conf_file_to_test} NOT FOUND.${NC}\n"
PORTAGE_CONFIG_CHECK_FAILED=${PORTAGE_CONFIG_CHECK_FAILED}" Error, file ${conf_file_to_test} not found;"
else
# If there are multiple definitions of FEATURE variable, KO
FEATURE_DEFINITION_NUMBER="$(grep \"^[[:space:]]*FEATURES\" /etc/portage/make.conf | wc -l)"
if [ "${FEATURE_DEFINITION_NUMBER}" -gt "1" ]
then
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Multiple definitions of FEATURE variable in /etc/portage/make.conf, define the variable FEATURE only once in /etc/portage/make.conf ;"
echo -e "${RED}Multiple definitions of FEATURE variable in /etc/portage/make.conf : check KO${NC}\n"
# Else it's OK
else
echo -e "${GREEN}Portage getbinpkg feature CONFIGURED in /etc/portage/make.conf : check OK${NC}\n"
fi
fi
# Check if make.conf includes well configured PORTAGE_BINHOST
echo "Check if /etc/portage/make.conf includes well configured PORTAGE_BINHOST"
grep -q "^[[:space:]]*PORTAGE_BINHOST=\"${BINPKGREPO}\"[[:space:]]*$" /etc/portage/make.conf
# Check if make.conf includes FEATURES="getbinpkg"
echo "Check if ${conf_file_to_test} includes FEATURES=\"getbinpkg\""
grep -q "^[[:space:]]*FEATURES=\"getbinpkg\"[[:space:]]*$" ${conf_file_to_test}
# Return Code
RC=$?
# Return Code
RC=$?
# Portage PORTAGE_BINHOST NOT well CONFIGURED
if [ $RC -ne 0 ]
then
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Portage PORTAGE_BINHOST not configured, add PORTAGE_BINHOST=\"${BINPKGREPO}\" in /etc/portage/make.conf ;"
echo -e "${RED}Portage PORTAGE_BINHOST is NOT well CONFIGURED in /etc/portage/make.conf : check KO${NC}\n"
# Portage PORTAGE_BINHOST well CONFIGURED
else
# If there are multiple definitions of PORTAGE_BINHOST variable, KO
PORTAGE_BINHOST_DEFINITION_NUMBER="$(grep "^[[:space:]]*PORTAGE_BINHOST" /etc/portage/make.conf | wc -l)"
if [ "${PORTAGE_BINHOST_DEFINITION_NUMBER}" -gt "1" ]
# Portage conf does NOT include getbinpkg FEATURE
if [ $RC -ne 0 ]
then
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Multiple definitions of PORTAGE_BINHOST variable in /etc/portage/make.conf, define the variable PORTAGE_BINHOST only once in /etc/portage/make.conf ;"
echo -e "${RED}Multiple definitions of PORTAGE_BINHOST variable in /etc/portage/make.conf : check KO${NC}\n"
# Else it's OK
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Portage binpkg feature not configured, add FEATURES=\"getbinpkg\" in ${conf_file_to_test} ;"
echo -e "${RED}Portage getbinpkg feature is NOT CONFIGURED in ${conf_file_to_test} : check KO${NC}\n"
# Portage conf includes getbinpkg FEATURE
else
echo -e "${GREEN}Portage PORTAGE_BINHOST variable well CONFIGURED in /etc/portage/make.conf : check OK${NC}\n"
# If there are multiple definitions of FEATURE variable, KO
FEATURE_DEFINITION_NUMBER="$(grep \"^[[:space:]]*FEATURES\" ${conf_file_to_test} | wc -l)"
if [ "${FEATURE_DEFINITION_NUMBER}" -gt "1" ]
then
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Multiple definitions of FEATURE variable in ${conf_file_to_test}, define the variable FEATURE only once in ${conf_file_to_test} ;"
echo -e "${RED}Multiple definitions of FEATURE variable in ${conf_file_to_test} : check KO${NC}\n"
# Else it's OK
else
echo -e "${GREEN}Portage getbinpkg feature CONFIGURED in ${conf_file_to_test} : check OK${NC}\n"
fi
fi
fi
# Check if make.conf includes well configured ACCEPT_LICENSE
echo "Check if /etc/portage/make.conf includes well configured ACCEPT_LICENSE"
grep -q "^[[:space:]]*ACCEPT_LICENSE=\"${PORTAGE_ACCEPTLICENSE}\"[[:space:]]*$" /etc/portage/make.conf
# Check if make.conf includes well configured PORTAGE_BINHOST
echo "Check if ${conf_file_to_test} includes well configured PORTAGE_BINHOST"
grep -q "^[[:space:]]*PORTAGE_BINHOST=\"${BINPKGREPO}\"[[:space:]]*$" ${conf_file_to_test}
# Return Code
RC=$?
# Return Code
RC=$?
# Portage ACCEPT_LICENSE NOT well CONFIGURED
if [ $RC -ne 0 ]
then
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Portage ACCEPT_LICENSE not configured, add ACCEPT_LICENSE=\"$(echo ${PORTAGE_ACCEPTLICENSE} | tr -d '\\')\" in /etc/portage/make.conf ;"
echo -e "${RED}Portage ACCEPT_LICENSE feature is NOT well CONFIGURED in /etc/portage/make.conf : check KO${NC}\n"
# Portage ACCEPT_LICENSE well CONFIGURED
else
# If there are multiple definitions of ACCEPT_LICENSE variable, KO
ACCEPT_LICENSE_DEFINITION_NUMBER="$(grep "^[[:space:]]*ACCEPT_LICENSE" /etc/portage/make.conf | wc -l)"
if [ "${ACCEPT_LICENSE_DEFINITION_NUMBER}" -gt "1" ]
# Portage PORTAGE_BINHOST NOT well CONFIGURED
if [ $RC -ne 0 ]
then
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Multiple definitions of ACCEPT_LICENSE variable in /etc/portage/make.conf, define the variable ACCEPT_LICENSE only once in /etc/portage/make.conf ;"
echo -e "${RED}Multiple definitions of ACCEPT_LICENSE variable in /etc/portage/make.conf : check KO${NC}\n"
# Else it's OK
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Portage PORTAGE_BINHOST not configured, add PORTAGE_BINHOST=\"${BINPKGREPO}\" in ${conf_file_to_test} ;"
echo -e "${RED}Portage PORTAGE_BINHOST is NOT well CONFIGURED in ${conf_file_to_test} : check KO${NC}\n"
# Portage PORTAGE_BINHOST well CONFIGURED
else
echo -e "${GREEN}Portage ACCEPT_LICENSE variable well CONFIGURED in /etc/portage/make.conf : check OK${NC}\n"
# If there are multiple definitions of PORTAGE_BINHOST variable, KO
PORTAGE_BINHOST_DEFINITION_NUMBER="$(grep "^[[:space:]]*PORTAGE_BINHOST" ${conf_file_to_test} | wc -l)"
if [ "${PORTAGE_BINHOST_DEFINITION_NUMBER}" -gt "1" ]
then
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Multiple definitions of PORTAGE_BINHOST variable in ${conf_file_to_test}, define the variable PORTAGE_BINHOST only once in ${conf_file_to_test} ;"
echo -e "${RED}Multiple definitions of PORTAGE_BINHOST variable in ${conf_file_to_test} : check KO${NC}\n"
# Else it's OK
else
echo -e "${GREEN}Portage PORTAGE_BINHOST variable well CONFIGURED in ${conf_file_to_test} : check OK${NC}\n"
fi
fi
fi
# Check if global USE flags is well configured in /etc/portage/make.conf
echo "Check if global USE flags is well configured in /etc/portage/make.conf"
# Check if USE variable has multiple definiton
USE_DEFINITION_NUMBER="$(grep "^[[:space:]]*USE" /etc/portage/make.conf | wc -l)"
# Check if make.conf includes well configured ACCEPT_LICENSE
echo "Check if ${conf_file_to_test} includes well configured ACCEPT_LICENSE"
grep -q "^[[:space:]]*ACCEPT_LICENSE=\"${PORTAGE_ACCEPTLICENSE}\"[[:space:]]*$" ${conf_file_to_test}
# If there is only one definition, it's OK
if [ "${USE_DEFINITION_NUMBER}" -eq "1" ]
then
# Get actual global USE flags in /etc/portage/make.conf and format to compare
ACTUAL_PORTAGE_USE="$(sed -n '/^[[:space:]]*USE=\"/,/\"/p' /etc/portage/make.conf | tr -d '\n' | cut -d'"' -f2 | sed 's/ /\n/g' | sort | tr '\n' ' ' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
PORTAGE_USE_SORTED="$(echo ${PORTAGE_USE} | sed 's/ /\n/g' | sort | tr '\n' ' ' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
# Return Code
RC=$?
# Global USE flags in /etc/portage/make.conf is well configured
if [ "$ACTUAL_PORTAGE_USE" == "$PORTAGE_USE_SORTED" ]
# Portage ACCEPT_LICENSE NOT well CONFIGURED
if [ $RC -ne 0 ]
then
echo -e "${GREEN}Global USE flags in /etc/portage/make.conf is well configured : check OK${NC}\n"
# Global USE flags in /etc/portage/make.conf is NOT well configured
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Portage ACCEPT_LICENSE not configured, add ACCEPT_LICENSE=\"$(echo ${PORTAGE_ACCEPTLICENSE} | tr -d '\\')\" in ${conf_file_to_test} ;"
echo -e "${RED}Portage ACCEPT_LICENSE feature is NOT well CONFIGURED in ${conf_file_to_test} : check KO${NC}\n"
# Portage ACCEPT_LICENSE well CONFIGURED
else
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Global USE flags in /etc/portage/make.conf is NOT well CONFIGURED, set USE=\"${PORTAGE_USE_SORTED}\" in /etc/portage/make.conf ;"
echo -e "${RED}Global USE flags in /etc/portage/make.conf is NOT well CONFIGURED : check KO${NC}\n"
# If there are multiple definitions of ACCEPT_LICENSE variable, KO
ACCEPT_LICENSE_DEFINITION_NUMBER="$(grep "^[[:space:]]*ACCEPT_LICENSE" ${conf_file_to_test} | wc -l)"
if [ "${ACCEPT_LICENSE_DEFINITION_NUMBER}" -gt "1" ]
then
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Multiple definitions of ACCEPT_LICENSE variable in ${conf_file_to_test}, define the variable ACCEPT_LICENSE only once in ${conf_file_to_test} ;"
echo -e "${RED}Multiple definitions of ACCEPT_LICENSE variable in ${conf_file_to_test} : check KO${NC}\n"
# Else it's OK
else
echo -e "${GREEN}Portage ACCEPT_LICENSE variable well CONFIGURED in ${conf_file_to_test} : check OK${NC}\n"
fi
fi
else
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Global USE flags in /etc/portage/make.conf has multiple definitions OR there is NO USE variable, define USE variable and only once in /etc/portage/make.conf ;"
echo -e "${RED}Global USE flags in /etc/portage/make.conf has multiple definitions OR USE variable is not defined : check KO${NC}\n"
fi
# Check if make.conf includes well configured CHOST
echo "Check if /etc/portage/make.conf includes well configured CHOST"
grep -q "^[[:space:]]*CHOST=\"${PORTAGE_CHOST}\"[[:space:]]*$" /etc/portage/make.conf
# Check if global USE flags is well configured in ${conf_file_to_test}
echo "Check if global USE flags is well configured in ${conf_file_to_test}"
# Return Code
RC=$?
# Check if USE variable has multiple definiton
USE_DEFINITION_NUMBER="$(grep "^[[:space:]]*USE" ${conf_file_to_test} | wc -l)"
# Portage CHOST NOT well CONFIGURED
if [ $RC -ne 0 ]
then
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Portage CHOST not configured, add CHOST=\"${PORTAGE_CHOST}\" in /etc/portage/make.conf ;"
echo -e "${RED}Portage CHOST feature is NOT well CONFIGURED in /etc/portage/make.conf : check KO${NC}\n"
# Portage CHOST well CONFIGURED
else
# If there are multiple definitions of CHOST variable, KO
CHOST_DEFINITION_NUMBER="$(grep "^[[:space:]]*CHOST" /etc/portage/make.conf | wc -l)"
if [ "${CHOST_DEFINITION_NUMBER}" -gt "1" ]
# If there is only one definition, it's OK
if [ "${USE_DEFINITION_NUMBER}" -eq "1" ]
then
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Multiple definitions of CHOST variable in /etc/portage/make.conf, define the variable CHOST only once in /etc/portage/make.conf ;"
echo -e "${RED}Multiple definitions of CHOST variable in /etc/portage/make.conf : check KO${NC}\n"
# Else it's OK
# Get actual global USE flags in ${conf_file_to_test} and format to compare
ACTUAL_PORTAGE_USE="$(sed -n '/^[[:space:]]*USE=\"/,/\"/p' ${conf_file_to_test} | tr -d '\n' | cut -d'"' -f2 | sed 's/ /\n/g' | sort | tr '\n' ' ' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
PORTAGE_USE_SORTED="$(echo ${PORTAGE_USE} | sed 's/ /\n/g' | sort | tr '\n' ' ' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
# Global USE flags in ${conf_file_to_test} is well configured
if [ "$ACTUAL_PORTAGE_USE" == "$PORTAGE_USE_SORTED" ]
then
echo -e "${GREEN}Global USE flags in ${conf_file_to_test} is well configured : check OK${NC}\n"
# Global USE flags in ${conf_file_to_test} is NOT well configured
else
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Global USE flags in ${conf_file_to_test} is NOT well CONFIGURED, set USE=\"${PORTAGE_USE_SORTED}\" in ${conf_file_to_test} ;"
echo -e "${RED}Global USE flags in ${conf_file_to_test} is NOT well CONFIGURED : check KO${NC}\n"
fi
else
echo -e "${GREEN}Portage CHOST variable well CONFIGURED in /etc/portage/make.conf : check OK${NC}\n"
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Global USE flags in ${conf_file_to_test} has multiple definitions OR there is NO USE variable, define USE variable and only once in ${conf_file_to_test} ;"
echo -e "${RED}Global USE flags in ${conf_file_to_test} has multiple definitions OR USE variable is not defined : check KO${NC}\n"
fi
fi
# Check if make.conf includes well configured GRUB_PLATFORMS
echo "Check if /etc/portage/make.conf includes well configured GRUB_PLATFORMS"
grep -q "^[[:space:]]*GRUB_PLATFORMS=\"${PORTAGE_GRUB_PLATFORMS}\"[[:space:]]*$" /etc/portage/make.conf
# Check if make.conf includes well configured CHOST
echo "Check if ${conf_file_to_test} includes well configured CHOST"
grep -q "^[[:space:]]*CHOST=\"${PORTAGE_CHOST}\"[[:space:]]*$" ${conf_file_to_test}
# Return Code
RC=$?
# Return Code
RC=$?
# Portage GRUB_PLATFORMS NOT well CONFIGURED
if [ $RC -ne 0 ]
then
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Portage CHOST not configured, add GRUB_PLATFORMS=\"${PORTAGE_GRUB_PLATFORMS}\" in /etc/portage/make.conf ;"
echo -e "${RED}Portage GRUB_PLATFORMS feature is NOT well CONFIGURED in /etc/portage/make.conf : check KO${NC}\n"
# Portage GRUB_PLATFORMS well CONFIGURED
else
# If there are multiple definitions of CHOST variable, KO
GRUB_PLATFORMS_DEFINITION_NUMBER="$(grep "^[[:space:]]*GRUB_PLATFORMS" /etc/portage/make.conf | wc -l)"
if [ "${GRUB_PLATFORMS_DEFINITION_NUMBER}" -gt "1" ]
# Portage CHOST NOT well CONFIGURED
if [ $RC -ne 0 ]
then
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Multiple definitions of GRUB_PLATFORMS variable in /etc/portage/make.conf, define the variable GRUB_PLATFORMS only once in /etc/portage/make.conf ;"
echo -e "${RED}Multiple definitions of GRUB_PLATFORMS variable in /etc/portage/make.conf : check KO${NC}\n"
# Else it's OK
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Portage CHOST not configured, add CHOST=\"${PORTAGE_CHOST}\" in ${conf_file_to_test} ;"
echo -e "${RED}Portage CHOST feature is NOT well CONFIGURED in ${conf_file_to_test} : check KO${NC}\n"
# Portage CHOST well CONFIGURED
else
echo -e "${GREEN}Portage GRUB_PLATFORMS variable well CONFIGURED in /etc/portage/make.conf : check OK${NC}\n"
# If there are multiple definitions of CHOST variable, KO
CHOST_DEFINITION_NUMBER="$(grep "^[[:space:]]*CHOST" ${conf_file_to_test} | wc -l)"
if [ "${CHOST_DEFINITION_NUMBER}" -gt "1" ]
then
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Multiple definitions of CHOST variable in ${conf_file_to_test}, define the variable CHOST only once in ${conf_file_to_test} ;"
echo -e "${RED}Multiple definitions of CHOST variable in ${conf_file_to_test} : check KO${NC}\n"
# Else it's OK
else
echo -e "${GREEN}Portage CHOST variable well CONFIGURED in ${conf_file_to_test} : check OK${NC}\n"
fi
fi
fi
# Check if portage organization mirror is configured in /etc/portage/make.conf
echo "Check if portage oragnization mirror is configured in /etc/portage/make.conf"
# Check if GENTOO_MIRRORS variable has multiple definiton
GENTOO_MIRRORS_DEFINITION_NUMBER="$(grep "^[[:space:]]*GENTOO_MIRRORS" /etc/portage/make.conf | wc -l)"
# If there is only one definition, it's OK
if [ "${GENTOO_MIRRORS_DEFINITION_NUMBER}" -eq "1" ]
then
# Check if GENTOO_MIRRORS value in /etc/portage/make.conf includes organization mirror
sed -n '/^[[:space:]]*GENTOO_MIRRORS=\"/,/\"/p' /etc/portage/make.conf | grep -q "${PORTAGE_ORGANIZATION_MIRROR}"
# Check if make.conf includes well configured GRUB_PLATFORMS
echo "Check if ${conf_file_to_test} includes well configured GRUB_PLATFORMS"
grep -q "^[[:space:]]*GRUB_PLATFORMS=\"${PORTAGE_GRUB_PLATFORMS}\"[[:space:]]*$" ${conf_file_to_test}
# Return Code
RC=$?
# GENTOO_MIRRORS in /etc/portage/make.conf includes organization mirror
if [ $RC -eq 0 ]
# Portage GRUB_PLATFORMS NOT well CONFIGURED
if [ $RC -ne 0 ]
then
echo -e "${GREEN}GENTOO_MIRRORS in /etc/portage/make.conf includes organization mirror : check OK${NC}\n"
# GENTOO_MIRRORS in /etc/portage/make.conf does NOT includes organization mirror
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Portage CHOST not configured, add GRUB_PLATFORMS=\"${PORTAGE_GRUB_PLATFORMS}\" in ${conf_file_to_test} ;"
echo -e "${RED}Portage GRUB_PLATFORMS feature is NOT well CONFIGURED in ${conf_file_to_test} : check KO${NC}\n"
# Portage GRUB_PLATFORMS well CONFIGURED
else
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} GENTOO_MIRRORS in /etc/portage/make.conf does NOT includes organization mirror, add ${PORTAGE_ORGANIZATION_MIRROR} mirror in GENTOO_MIRRORS variable in /etc/portage/make.conf ;"
echo -e "${RED}GENTOO_MIRRORS in /etc/portage/make.conf does NOT includes organization mirror : check KO${NC}\n"
# If there are multiple definitions of CHOST variable, KO
GRUB_PLATFORMS_DEFINITION_NUMBER="$(grep "^[[:space:]]*GRUB_PLATFORMS" ${conf_file_to_test} | wc -l)"
if [ "${GRUB_PLATFORMS_DEFINITION_NUMBER}" -gt "1" ]
then
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Multiple definitions of GRUB_PLATFORMS variable in ${conf_file_to_test}, define the variable GRUB_PLATFORMS only once in ${conf_file_to_test} ;"
echo -e "${RED}Multiple definitions of GRUB_PLATFORMS variable in ${conf_file_to_test} : check KO${NC}\n"
# Else it's OK
else
echo -e "${GREEN}Portage GRUB_PLATFORMS variable well CONFIGURED in ${conf_file_to_test} : check OK${NC}\n"
fi
fi
else
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} GENTOO_MIRRORS in /etc/portage/make.conf has multiple definitions OR there is NO GENTOO_MIRRORS variable, define GENTOO_MIRRORS variable and only once in /etc/portage/make.conf ;"
echo -e "${RED}GENTOO_MIRRORS in /etc/portage/make.conf has multiple definitions OR GENTOO_MIRRORS variable is not defined : check KO${NC}\n"
fi
# Check if portage organization mirror is configured in ${conf_file_to_test}
echo "Check if portage oragnization mirror is configured in ${conf_file_to_test}"
# Check if GENTOO_MIRRORS variable has multiple definiton
GENTOO_MIRRORS_DEFINITION_NUMBER="$(grep "^[[:space:]]*GENTOO_MIRRORS" ${conf_file_to_test} | wc -l)"
# If there is only one definition, it's OK
if [ "${GENTOO_MIRRORS_DEFINITION_NUMBER}" -eq "1" ]
then
# Check if GENTOO_MIRRORS value in ${conf_file_to_test} includes organization mirror
sed -n '/^[[:space:]]*GENTOO_MIRRORS=\"/,/\"/p' ${conf_file_to_test} | grep -q "${PORTAGE_ORGANIZATION_MIRROR}"
# Return Code
RC=$?
# GENTOO_MIRRORS in ${conf_file_to_test} includes organization mirror
if [ $RC -eq 0 ]
then
echo -e "${GREEN}GENTOO_MIRRORS in ${conf_file_to_test} includes organization mirror : check OK${NC}\n"
# GENTOO_MIRRORS in ${conf_file_to_test} does NOT includes organization mirror
else
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} GENTOO_MIRRORS in ${conf_file_to_test} does NOT includes organization mirror, add ${PORTAGE_ORGANIZATION_MIRROR} mirror in GENTOO_MIRRORS variable in ${conf_file_to_test} ;"
echo -e "${RED}GENTOO_MIRRORS in ${conf_file_to_test} does NOT includes organization mirror : check KO${NC}\n"
fi
else
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} GENTOO_MIRRORS in ${conf_file_to_test} has multiple definitions OR there is NO GENTOO_MIRRORS variable, define GENTOO_MIRRORS variable and only once in ${conf_file_to_test} ;"
echo -e "${RED}GENTOO_MIRRORS in ${conf_file_to_test} has multiple definitions OR GENTOO_MIRRORS variable is not defined : check KO${NC}\n"
fi
# Check if global CPU_FLAGS_X86 flags is well configured in /etc/portage/make.conf
echo "Check if global CPU_FLAGS_X86 flags is well configured in /etc/portage/make.conf"
# Check if CPU_FLAGS_X86 variable has multiple definiton
CPU_FLAGS_X86_DEFINITION_NUMBER="$(grep "^[[:space:]]*CPU_FLAGS_X86" /etc/portage/make.conf | wc -l)"
# Check if global CPU_FLAGS_X86 flags is well configured in ${conf_file_to_test}
echo "Check if global CPU_FLAGS_X86 flags is well configured in ${conf_file_to_test}"
# If there is only one definition, it's OK
if [ "${CPU_FLAGS_X86_DEFINITION_NUMBER}" -eq "1" ]
then
# Get actual global CPU_FLAGS_X86 flags in /etc/portage/make.conf and format to compare
ACTUAL_PORTAGE_CPU_FLAGS_X86="$(sed -n '/^[[:space:]]*CPU_FLAGS_X86=\"/,/\"/p' /etc/portage/make.conf | tr -d '\n' | cut -d'"' -f2 | sed 's/ /\n/g' | sort | tr '\n' ' ' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
PORTAGE_CPU_FLAGS_X86_SORTED="$(echo ${PORTAGE_CPU_FLAGS_X86} | sed 's/ /\n/g' | sort | tr '\n' ' ' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
# Check if CPU_FLAGS_X86 variable has multiple definiton
CPU_FLAGS_X86_DEFINITION_NUMBER="$(grep "^[[:space:]]*CPU_FLAGS_X86" ${conf_file_to_test} | wc -l)"
# Global CPU_FLAGS_X86 flags in /etc/portage/make.conf is well configured
if [ "$ACTUAL_PORTAGE_CPU_FLAGS_X86" == "$PORTAGE_CPU_FLAGS_X86_SORTED" ]
# If there is only one definition, it's OK
if [ "${CPU_FLAGS_X86_DEFINITION_NUMBER}" -eq "1" ]
then
echo -e "${GREEN}Global CPU_FLAGS_X86 flags in /etc/portage/make.conf is well configured : check OK${NC}\n"
# Global CPU_FLAGS_X86 flags in /etc/portage/make.conf is NOT well configured
# Get actual global CPU_FLAGS_X86 flags in ${conf_file_to_test} and format to compare
ACTUAL_PORTAGE_CPU_FLAGS_X86="$(sed -n '/^[[:space:]]*CPU_FLAGS_X86=\"/,/\"/p' ${conf_file_to_test} | tr -d '\n' | cut -d'"' -f2 | sed 's/ /\n/g' | sort | tr '\n' ' ' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
PORTAGE_CPU_FLAGS_X86_SORTED="$(echo ${PORTAGE_CPU_FLAGS_X86} | sed 's/ /\n/g' | sort | tr '\n' ' ' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
# Global CPU_FLAGS_X86 flags in ${conf_file_to_test} is well configured
if [ "$ACTUAL_PORTAGE_CPU_FLAGS_X86" == "$PORTAGE_CPU_FLAGS_X86_SORTED" ]
then
echo -e "${GREEN}Global CPU_FLAGS_X86 flags in ${conf_file_to_test} is well configured : check OK${NC}\n"
# Global CPU_FLAGS_X86 flags in ${conf_file_to_test} is NOT well configured
else
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Global CPU_FLAGS_X86 flags in ${conf_file_to_test} is NOT well CONFIGURED, set CPU_FLAGS_X86=\"${PORTAGE_CPU_FLAGS_X86_SORTED}\" in ${conf_file_to_test} ;"
echo -e "${RED}Global CPU_FLAGS_X86 flags in ${conf_file_to_test} is NOT well CONFIGURED : check KO${NC}\n"
fi
else
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Global CPU_FLAGS_X86 flags in /etc/portage/make.conf is NOT well CONFIGURED, set CPU_FLAGS_X86=\"${PORTAGE_CPU_FLAGS_X86_SORTED}\" in /etc/portage/make.conf ;"
echo -e "${RED}Global CPU_FLAGS_X86 flags in /etc/portage/make.conf is NOT well CONFIGURED : check KO${NC}\n"
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Global CPU_FLAGS_X86 flags in ${conf_file_to_test} has multiple definitions OR there is NO CPU_FLAGS_X86 variable, define CPU_FLAGS_X86 variable and only once in ${conf_file_to_test} ;"
echo -e "${RED}Global CPU_FLAGS_X86 flags in ${conf_file_to_test} has multiple definitions OR CPU_FLAGS_X86 variable is not defined : check KO${NC}\n"
fi
else
PORTAGE_CONFIG_CHECK_FAILED="${PORTAGE_CONFIG_CHECK_FAILED} Global CPU_FLAGS_X86 flags in /etc/portage/make.conf has multiple definitions OR there is NO CPU_FLAGS_X86 variable, define CPU_FLAGS_X86 variable and only once in /etc/portage/make.conf ;"
echo -e "${RED}Global CPU_FLAGS_X86 flags in /etc/portage/make.conf has multiple definitions OR CPU_FLAGS_X86 variable is not defined : check KO${NC}\n"
fi

91
recipes/recipe_check_postfix_protocol_config.sh

@ -2,44 +2,55 @@ print_config_title 'CHECK POSTFIX BASIC CONFIG'
# Check /etc/postfix/main.cf config file mail_owner/inet_protocols parameters
# mail_owner
check_value_in_conf_file "POSTFIX" "/etc/postfix/main.cf" "mail_owner" "postfix"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" Error during mail_owner check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner is not well configured or has other value, set 'mail_owner = postfix';"
;;
3) # All expected values are NOT configured
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner is not well configured, set 'mail_owner = postfix';"
;;
*) # Unknown return code...
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check mail_owner;"
;;
esac
# inet_protocols
check_value_in_conf_file "POSTFIX" "/etc/postfix/main.cf" "inet_protocols" "all"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" Error during inet_protocols check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" inet_protocols are not well configured or has other value, set 'inet_protocols = all';"
;;
3) # All expected values are NOT configured
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" inet_protocols are not well configured, set 'inet_protocols = all';"
;;
*) # Unknown return code...
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check inet_protocols;"
;;
esac
conf_file_to_test="/etc/postfix/main.cf"
# Check if conf file exist
if [[ ! -f "${conf_file_to_test}" ]]
then
echo -e "${RED}ERROR : file ${conf_file_to_test} NOT FOUND.${NC}\n"
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" Error, file ${conf_file_to_test} not found;"
else
# mail_owner
check_value_in_conf_file "POSTFIX" "${conf_file_to_test}" "mail_owner" "postfix"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" Error during mail_owner check with function check_value_in_conf_file, maybe incorrect number of parameter or file not found;"
;;
2) # Unexpected value is set
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner is not well configured or has other value, set 'mail_owner = postfix';"
;;
3) # All expected values are NOT configured
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" mail_owner is not well configured, set 'mail_owner = postfix';"
;;
*) # Unknown return code...
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check mail_owner;"
;;
esac
# inet_protocols
check_value_in_conf_file "POSTFIX" "${conf_file_to_test}" "inet_protocols" "all"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" Error during inet_protocols check with function check_value_in_conf_file, maybe incorrect number of parameter or file not found;"
;;
2) # Unexpected value is set
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" inet_protocols are not well configured or has other value, set 'inet_protocols = all';"
;;
3) # All expected values are NOT configured
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" inet_protocols are not well configured, set 'inet_protocols = all';"
;;
*) # Unknown return code...
POSTFIX_CONFIG_CHECK_FAILED=${POSTFIX_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check inet_protocols;"
;;
esac
fi

264
recipes/recipe_check_snmp_config.sh

@ -3,132 +3,138 @@ print_config_title 'CHECK SNMP BASIC CONFIG'
# This does NOT check if SNMP 'monitoring server' has configured this machine
# Check /etc/snmp/snmpd.conf config file rocommunity/agentAddress/trap2sink/informsink/sysLocation/sysContact parameters
#agentAddress
check_value_in_conf_file "SNMP" "/etc/snmp/snmpd.conf" "agentAddress" "udp:127.0.0.1:161 udp:${IPV4_ADMIN_LAN_IP}:161 udp6:\[::1\]:161 udp6:\[${IPV6_ADMIN_LAN_IP}\]:161"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during agentAddress check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" agentAddress are not well configured or has other value, set agentAddress for IPv4 and IPv6 in Admin LAN and localhost;"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" agentAddress are not well configured, set agentAddress for IPv4 and IPv6 in Admin LAN and localhost;"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check agentAddress;"
;;
esac
#rocommunity
# No IPv6 here....
check_value_in_conf_file "SNMP" "/etc/snmp/snmpd.conf" "rocommunity" "public[[:space:]]*127.0.0.1 public[[:space:]]*${IPV4_ADMIN_NETWORK}0/24"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during rocommunity check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" rocommunity are not well configured or has other value, set 'rocommunity public 127.0.0.1' and 'rocommunity public ${IPV4_ADMIN_NETWORK}0/24';"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" rocommunity are not well configured, set 'rocommunity public 127.0.0.1' and 'rocommunity public ${IPV4_ADMIN_NETWORK}0/24';"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check rocommunity;"
;;
esac
# trap2sink
check_value_in_conf_file "SNMP" "/etc/snmp/snmpd.conf" "trap2sink" "${NAME_MASTER_MONITORING}[[:space:]]*public"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during trap2sink check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink is not well configured or has other value, set 'trap2sink ${NAME_MASTER_MONITORING} public;"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink is not well configured, set 'trap2sink ${NAME_MASTER_MONITORING} public';"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check trap2sink;"
;;
esac
# informsink
check_value_in_conf_file "SNMP" "/etc/snmp/snmpd.conf" "informsink" "${NAME_MASTER_MONITORING}[[:space:]]*public"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during informsink check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink is not well configured or has other value, set 'informsink ${NAME_MASTER_MONITORING} public;"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink is not well configured, set 'informsink ${NAME_MASTER_MONITORING} public';"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check informsink;"
;;
esac
# sysLocation
check_value_in_conf_file "SNMP" "/etc/snmp/snmpd.conf" "sysLocation" "${DC_for_function_check_value_in_conf_file}"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during sysLocation check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation is not well configured or has other value, set 'sysLocation ${DC}';"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation is not well configured, set 'sysLocation ${DC}';"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check sysLocation;"
;;
esac
# sysContact
check_value_in_conf_file "SNMP" "/etc/snmp/snmpd.conf" "sysContact" "${ENTITY_for_function_check_value_in_conf_file}[[:space:]]*<${MAIL_ALIAS_ROOT}>"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during sysContact check with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact is not well configured or has other value, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact is not well configured, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check sysContact;"
;;
esac
conf_file_to_test="/etc/snmp/snmpd.conf"
# Check if conf file exist
if [[ ! -f "${conf_file_to_test}" ]]
then
echo -e "${RED}ERROR : file ${conf_file_to_test} NOT FOUND.${NC}\n"
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, file ${conf_file_to_test} not found;"
else
#agentAddress
check_value_in_conf_file "SNMP" "${conf_file_to_test}" "agentAddress" "udp:127.0.0.1:161 udp:${IPV4_ADMIN_LAN_IP}:161 udp6:\[::1\]:161 udp6:\[${IPV6_ADMIN_LAN_IP}\]:161"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during agentAddress check with function check_value_in_conf_file, maybe incorrect number of parameter or file not found;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" agentAddress are not well configured or has other value, set agentAddress for IPv4 and IPv6 in Admin LAN and localhost;"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" agentAddress are not well configured, set agentAddress for IPv4 and IPv6 in Admin LAN and localhost;"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check agentAddress;"
;;
esac
#rocommunity
# No IPv6 here....
check_value_in_conf_file "SNMP" "${conf_file_to_test}" "rocommunity" "public[[:space:]]*127.0.0.1 public[[:space:]]*${IPV4_ADMIN_NETWORK}0/24"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during rocommunity check with function check_value_in_conf_file, maybe incorrect number of parameter or file not found;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" rocommunity are not well configured or has other value, set 'rocommunity public 127.0.0.1' and 'rocommunity public ${IPV4_ADMIN_NETWORK}0/24';"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" rocommunity are not well configured, set 'rocommunity public 127.0.0.1' and 'rocommunity public ${IPV4_ADMIN_NETWORK}0/24';"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check rocommunity;"
;;
esac
# trap2sink
check_value_in_conf_file "SNMP" "${conf_file_to_test}" "trap2sink" "${NAME_MASTER_MONITORING}[[:space:]]*public"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during trap2sink check with function check_value_in_conf_file, maybe incorrect number of parameter or file not found;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink is not well configured or has other value, set 'trap2sink ${NAME_MASTER_MONITORING} public;"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" trap2sink is not well configured, set 'trap2sink ${NAME_MASTER_MONITORING} public';"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check trap2sink;"
;;
esac
# informsink
check_value_in_conf_file "SNMP" "${conf_file_to_test}" "informsink" "${NAME_MASTER_MONITORING}[[:space:]]*public"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during informsink check with function check_value_in_conf_file, maybe incorrect number of parameter or file not found;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink is not well configured or has other value, set 'informsink ${NAME_MASTER_MONITORING} public;"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" informsink is not well configured, set 'informsink ${NAME_MASTER_MONITORING} public';"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check informsink;"
;;
esac
# sysLocation
check_value_in_conf_file "SNMP" "${conf_file_to_test}" "sysLocation" "${DC_for_function_check_value_in_conf_file}"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during sysLocation check with function check_value_in_conf_file, maybe incorrect number of parameter or file not found;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation is not well configured or has other value, set 'sysLocation ${DC}';"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysLocation is not well configured, set 'sysLocation ${DC}';"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check sysLocation;"
;;
esac
# sysContact
check_value_in_conf_file "SNMP" "${conf_file_to_test}" "sysContact" "${ENTITY_for_function_check_value_in_conf_file}[[:space:]]*<${MAIL_ALIAS_ROOT}>"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error during sysContact check with function check_value_in_conf_file, maybe incorrect number of parameter or file not found;"
;;
2) # Unexpected value is set
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact is not well configured or has other value, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
;;
3) # All expected values are NOT configured
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" sysContact is not well configured, set 'sysContact ${ENTITY} <${MAIL_ALIAS_ROOT}>';"
;;
*) # Unknown return code...
SNMP_CONFIG_CHECK_FAILED=${SNMP_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check sysContact;"
;;
esac
fi

118
recipes/recipe_check_ssh_config.sh

@ -1,64 +1,74 @@
print_config_title 'CHECK SSH CONFIG'
# PasswordAuthentication
check_value_in_conf_file "SSH" "/etc/ssh/sshd_config" "PasswordAuthentication" "no"
conf_file_to_test="/etc/snmp/snmpd.conf"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
SSH_CONFIG_CHECK_FAILED=${SSH_CONFIG_CHECK_FAILED}" Error during PasswordAuthentication with function check_value_in_conf_file, maybe incorrect number of parameter;"
;;
2) # Unexpected value is set
SSH_CONFIG_CHECK_FAILED=${SSH_CONFIG_CHECK_FAILED}" PasswordAuthentication is not set to 'no' or has other value, set 'PasswordAuthentication no' ;"
;;
3) # All expected values are NOT configured
SSH_CONFIG_CHECK_FAILED=${SSH_CONFIG_CHECK_FAILED}" PasswordAuthentication is not set to 'no', set 'PasswordAuthentication no' ;"
;;
*) # Unknown return code...
SSH_CONFIG_CHECK_FAILED=${SSH_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check PasswordAuthentication;"
;;
esac
# Check if conf file exist
if [[ ! -f "${conf_file_to_test}" ]]
then
echo -e "${RED}ERROR : file ${conf_file_to_test} NOT FOUND.${NC}\n"
SSH_CONFIG_CHECK_FAILED=${SSH_CONFIG_CHECK_FAILED}" Error, file ${conf_file_to_test} not found;"
else
# PasswordAuthentication
check_value_in_conf_file "SSH" "${conf_file_to_test}" "PasswordAuthentication" "no"
# PermitRootLogin
check_value_in_conf_file "SSH" "/etc/ssh/sshd_config" "PermitRootLogin" "no"
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
SSH_CONFIG_CHECK_FAILED=${SSH_CONFIG_CHECK_FAILED}" Error during PasswordAuthentication with function check_value_in_conf_file, maybe incorrect number of parameter or file not found;"
;;
2) # Unexpected value is set
SSH_CONFIG_CHECK_FAILED=${SSH_CONFIG_CHECK_FAILED}" PasswordAuthentication is not set to 'no' or has other value, set 'PasswordAuthentication no' ;"
;;
3) # All expected values are NOT configured
SSH_CONFIG_CHECK_FAILED=${SSH_CONFIG_CHECK_FAILED}" PasswordAuthentication is not set to 'no', set 'PasswordAuthentication no' ;"
;;
*) # Unknown return code...
SSH_CONFIG_CHECK_FAILED=${SSH_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check PasswordAuthentication;"
;;
esac
case ${?} in
0) # OK, nothing to do
;;
1) # Error (wrong number of param or other)
SSH_CONFIG_CHECK_FAILED=${SSH_CONFIG_CHECK_FAILED}" Error during PermitRootLogin with function check_value_in_conf_file, maybe incorrect number of parameter or incorrect parameter;"
;;
2) # Unexpected value is set
SSH_CONFIG_CHECK_FAILED=${SSH_CONFIG_CHECK_FAILED}" PermitRootLogin is not set to 'no' or has other value, set 'PermitRootLogin no' ;"
;;
3) # All expected values are NOT configured
SSH_CONFIG_CHECK_FAILED=${SSH_CONFIG_CHECK_FAILED}" PermitRootLogin is not set to 'no', set 'PermitRootLogin no' ;"
;;
*) # Unknown return code...
SSH_CONFIG_CHECK_FAILED=${SSH_CONFIG_CHECK_FAILED}" Error, unknown return code when calling check_value_in_conf_file to check PermitRootLogin;"
;;
esac
# PermitRootLogin
check_value_in_conf_file "SSH" "${conf_file_to_test}" "PermitRootLogin" "no"
# ListenAddress
check_value_in_conf_file "SSH" "/etc/ssh/sshd_config"