Create recipe_check_snmp_config.sh for SNMPD
This commit is contained in:
parent
7b07ab3867
commit
eec9fcf910
110
recipes/recipe_check_snmp_config.sh
Normal file
110
recipes/recipe_check_snmp_config.sh
Normal file
|
@ -0,0 +1,110 @@
|
||||||
|
echo "-------------------------------------------------"
|
||||||
|
echo -e "------------ ${BLUE}CHECK SNMP BASIC CONFIG${NC} ------------"
|
||||||
|
echo -e "-------------------------------------------------\n"
|
||||||
|
|
||||||
|
# This does NOT check if SNMP 'monitoring server' has configured this machine
|
||||||
|
# Check /etc/snmp/snmpd.conf config file
|
||||||
|
echo -e "Check ${BLUE}SNMPD${NC} config file /etc/snmp/snmpd.conf"
|
||||||
|
|
||||||
|
# Check if agentAddress exist but different than expected (success if return code = 1)
|
||||||
|
grep "^[[:space:]]*agentAddress" /etc/snmp/snmpd.conf \
|
||||||
|
|grep -E -q -v \
|
||||||
|
-e "^[[:space:]]*agentAddress[[:space:]]*udp:127.0.0.1:161[[:space:]]*\$" \
|
||||||
|
-e "^[[:space:]]*agentAddress[[:space:]]*udp:${IPV4_ADMIN_NETWORK}[0-2]?[0-9]?[0-9]?:161[[:space:]]*\$" \
|
||||||
|
-e "^[[:space:]]*agentAddress[[:space:]]*udp6:\[::1\]:161[[:space:]]*\$" \
|
||||||
|
-e "^[[:space:]]*agentAddress[[:space:]]*udp6:\[${IPV6_ADMIN_NETWORK}[0-9,a-f,\:]*\]:161[[:space:]]*\$"
|
||||||
|
|
||||||
|
# Return Code
|
||||||
|
RC=$?
|
||||||
|
|
||||||
|
# agentAddress other IP than expected
|
||||||
|
if [ $RC -eq 0 ]
|
||||||
|
then
|
||||||
|
SNMP_CONFIG_CHECK_FAILED="${SNMP_CONFIG_CHECK_FAILED} SNMPD agentAddress allow connection from unexpected IP, expected :\n'agentAddress udp:IPv4AdminLANlistenAddress:161'\n'agentAddress udp6:[IPv6AdminLANlistenAddress]:161'\nOPTIONAL : 'agentAddress udp:127.0.0.1:161'\nOPTIONAL : 'agentAddress udp6:[::1]:161' ;\n"
|
||||||
|
echo -e "${RED}SNMPD agentAddress allow connection from UNEXPECTED IP : check KO${NC}\n"
|
||||||
|
# Does not agentAddress unexpected IP
|
||||||
|
else
|
||||||
|
# Check expected IP are configured (IPv4 and IPv6) (success if return code = 0)
|
||||||
|
grep -E -q "^[[:space:]]*agentAddress[[:space:]]*udp:${IPV4_ADMIN_NETWORK}[0-2]?[0-9]?[0-9]?:161[[:space:]]*\$" /etc/snmp/snmpd.conf
|
||||||
|
|
||||||
|
# Return Code
|
||||||
|
RCa=$?
|
||||||
|
|
||||||
|
grep -E -q "^[[:space:]]*agentAddress[[:space:]]*udp6:\[${IPV6_ADMIN_NETWORK}[0-9,a-f,\:]*\]:161[[:space:]]*\$" /etc/snmp/snmpd.conf
|
||||||
|
|
||||||
|
# Return Code
|
||||||
|
RCb=$?
|
||||||
|
|
||||||
|
# Expected IP are NOT configured (IPv4 and IPv6)
|
||||||
|
if [ $RCa -ne 0 ] || [ $RCb -ne 0 ]
|
||||||
|
then
|
||||||
|
SNMP_CONFIG_CHECK_FAILED="${SNMP_CONFIG_CHECK_FAILED} All SNMPD agentAddress expected IP (IPv4 and IPv6) are not well configured, expected :\n'agentAddress udp:IPv4AdminLANlistenAddress:161'\n'agentAddress udp6:[IPv6AdminLANlistenAddress]:161'\nOPTIONAL : 'agentAddress udp:127.0.0.1:161'\nOPTIONAL : 'agentAddress udp6:[::1]:161'\n"
|
||||||
|
echo -e "${RED}All SNMPD agentAddress expected IP (IPv4 and IPv6) are NOT well CONFIGURED : check KO${NC}\n"
|
||||||
|
# Expected IP are configured (IPv4 and IPv6)
|
||||||
|
else
|
||||||
|
echo -e "${GREEN}SNMPD agentAddress expected IP are CONFIGURED : check OK${NC}\n"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if rocommunity exist but different than expected (success if return code = 1)
|
||||||
|
grep "^[[:space:]]*rocommunity" /etc/snmp/snmpd.conf \
|
||||||
|
|grep -q -v -e "^[[:space:]]*rocommunity[[:space:]]*public[[:space:]]*default[[:space:]]*\$"
|
||||||
|
|
||||||
|
# Return Code
|
||||||
|
RC=$?
|
||||||
|
|
||||||
|
# Unexpected rocommunity found
|
||||||
|
if [ $RC -eq 0 ]
|
||||||
|
then
|
||||||
|
SNMP_CONFIG_CHECK_FAILED="${SNMP_CONFIG_CHECK_FAILED} Unexpected rocommunity found, expected : rocommunity public default ;\n"
|
||||||
|
echo -e "${RED}UNEXPECTED rocommunity found : check KO${NC}\n"
|
||||||
|
# No unexpected rocommunity
|
||||||
|
else
|
||||||
|
# Check if expected rocommunity configured (success if return code = 0)
|
||||||
|
grep -q "^[[:space:]]*rocommunity[[:space:]]*public[[:space:]]*default[[:space:]]*\$" /etc/snmp/snmpd.conf
|
||||||
|
|
||||||
|
# Return Code
|
||||||
|
RC=$?
|
||||||
|
|
||||||
|
# Expected rocommunity NOT configured
|
||||||
|
if [ $RC -ne 0 ]
|
||||||
|
then
|
||||||
|
SNMP_CONFIG_CHECK_FAILED="${SNMP_CONFIG_CHECK_FAILED} Expected rocommunity not configured, expected : rocommunity public default ;\n"
|
||||||
|
echo -e "${RED} Expected rocommunity NOT CONFIGURED : check KO${NC}\n"
|
||||||
|
# Expected rocommunity configured
|
||||||
|
else
|
||||||
|
echo -e "${GREEN}Expected rocommunity CONFIGURED : check OK${NC}\n"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# Check if trapsink/trap2sink exist but different than expected (success if return code = 1)
|
||||||
|
grep -E "^[[:space:]]*trap[2]?sink" /etc/snmp/snmpd.conf \
|
||||||
|
|grep -E -q -v -e "^[[:space:]]*trap[2]?sink[[:space:]]*${NAME_MASTER_MONITORING}[[:space:]]*public[[:space:]]*\$"
|
||||||
|
|
||||||
|
# Return Code
|
||||||
|
RC=$?
|
||||||
|
|
||||||
|
# Unexpected trapsink/trap2sink found
|
||||||
|
if [ $RC -eq 0 ]
|
||||||
|
then
|
||||||
|
SNMP_CONFIG_CHECK_FAILED="${SNMP_CONFIG_CHECK_FAILED} Unexpected trapsink/trap2sink found, expected : trap2sink ${NAME_MASTER_MONITORING} public ;"
|
||||||
|
echo -e "${RED}UNEXPECTED trapsink/trap2sink found : check KO${NC}\n"
|
||||||
|
# No unexpected trapsink/trap2sink
|
||||||
|
else
|
||||||
|
# Check if expected trapsink/trap2sink configured (success if return code = 0)
|
||||||
|
grep -E -q "^[[:space:]]*trap2sink[[:space:]]*${NAME_MASTER_MONITORING}[[:space:]]*public[[:space:]]*\$" /etc/snmp/snmpd.conf
|
||||||
|
|
||||||
|
# Return Code
|
||||||
|
RC=$?
|
||||||
|
|
||||||
|
# Expected trapsink/trap2sink NOT configured
|
||||||
|
if [ $RC -ne 0 ]
|
||||||
|
then
|
||||||
|
SNMP_CONFIG_CHECK_FAILED="${SNMP_CONFIG_CHECK_FAILED} Expected trapsink/trap2sink not configured, expected : trap2sink ${NAME_MASTER_MONITORING} public ;"
|
||||||
|
echo -e "${RED} Expected trapsink/trap2sink NOT CONFIGURED : check KO${NC}\n"
|
||||||
|
# Expected trapsink/trap2sink configured
|
||||||
|
else
|
||||||
|
echo -e "${GREEN}Expected trapsink/trap2sink CONFIGURED : check OK${NC}\n"
|
||||||
|
fi
|
||||||
|
fi
|
Loading…
Reference in a new issue