Some updates, 2 new recipes....

README.md

@@ -3,24 +3,27 @@
 Check system configuration for a gentoo machine (VM or PHYSICAL) based on GRIFON's architecture.
 It's a Gentoo OS configuration recipe. This script normally doesn't modify anything on the system.
 
-To use : ./recipe_gentoo.sh [--physical]
+To use (with root user) : 
+mv ./vars.example ./vars.sh
+vim  ./vars.sh # Edit all values which will be used by the script
+./recipe_gentoo.sh [--physical]
+
+If you cannot execute the script, add the 'x' permission for the user (chmod u+x ./recipe_gentoo.sh).
 
 Not finished, in progress....
 
 TO DO :
-- Reorganise script to limit text repetitions (make functions for example)
-- Check if sending a mail works (find a way to check)
-- Check detailled DNS records (PTR, A, AAAA)
 - Check if borgbackup is configured (OK, need to be fully tested)
 - Check if auto-update script is configured
 - Portage configuration (for VM and Physical)
+- Others (script design, documentation...)
 
 Checked point :
 - User is root to run the script
 - Check requirements
 - Installed packages
 - Hostname configuration
-- DNS configuration (resolve external name, configured nameserver and check if all IPs (scope global) are configured in DNS)
+- DNS configuration (resolve external name, configured nameserver, check if all IPs (scope global) are configured in DNS and check if the hostname has A and AAAA recods in DNS)
 - Ping external machine for IPv4 and IPv6
 - If Admin IPs are configured
 - Services status
@@ -32,3 +35,5 @@ Checked point :
 - Check postfix config (inet_protocols, mail_owner)
 - Add to check service if they are enabled
 - Check if IPs (scope global) are recorded in IPAM
+- Check if the selected Gentoo profile is the expected profile
+- Print additional manuel verification (send reporting mail, if /etc conf file need to be updated, if a new kernel can be installed, if server-side for Icinga, SNMP and Munin are configured)

recipe_gentoo.sh

@@ -43,6 +43,8 @@ done
 # Variables used to print the summary messages at the and of the script 
 export PACKAGES_TO_CHECK=""
 export RESOLV_FAILED=""
+export HOSTNAME_A_RECORD_NOT_IN_DNS=0
+export HOSTNAME_AAAA_RECORD_NOT_IN_DNS=0
 export RESOLVER_NOT_IN_ETC_RESOLVCONF=""
 export IP_NOT_RECORDED_IN_DNS=""
 export PING_FAILED=""
@@ -52,11 +54,13 @@ export MUNIN_CONFIG_CHECK_FAILED=""
 export MAIL_ALIAS_CONFIG_CHECK_FAILED=""
 export SNMP_CONFIG_CHECK_FAILED=""
 export POSTFIX_CONFIG_CHECK_FAILED=""
+export AUTOBACKUP_CONFIG_CHECK_FAILED=""
 export IPAM_CONFIG_CHECK_FAILED=""
 export SERVICES_NOT_STARTED_OR_ERROR=""
 export BOOL_CHECK_HOSTNAME=0 # Print message at end script if hostname *.grif or *.grifon.fr not configured  
 export BOOL_ADMIN_IPV4_NOT_CONFIGURED=0
 export BOOL_ADMIN_IPV6_NOT_CONFIGURED=0
+export WRONG_GENTOO_PROFILE_SELECTED=0
 
 # Get ALL locales IPs except loopback
 export LOCALES_IP_WITHOUT_LOOPBACK=$(ip addr show scope global | awk '/inet/ { sub(/\/.*$/, "", $2); print $2 }' | sort | uniq)
@@ -125,6 +129,10 @@ print_config_title 'RECIPE GENTOO - CHECK BASIC CONFIG'
 
 #. recipes/recipe_check_ipam_config.sh
 
+. recipes/recipe_check_eselect.sh
+
 . recipes/recipe_final_summary.sh
 
+. recipes/recipe_addtional_manual_verification.sh
+
 exit 0

recipes/recipe_addtional_manual_verification.sh

@@ -0,0 +1,15 @@
+print_config_title 'ADDTIONAL MANUAL VERIFICATION'
+
+echo -e "- Check if sending a reporting mail works with the command, and after, check your adminsys mailbox :
+\techo \"Test if sending a reporting mail works\" | mail -s \"Test if sending a reporting mail works\" root\n"
+
+echo -e "- Check if any /etc files need to be updated (or not) with :
+\tetc-update\n"
+
+echo -e "- Check if no new kernel is available :
+\teselect kernel list\n"
+
+echo -e "- Check if server-side Icinga, SNMP and Munin are configured for this server\n"
+
+
+

recipes/recipe_check_dns_config.sh

@@ -60,9 +60,44 @@ do
         if [ $RC -ne 0 ]
         then
 		IP_NOT_RECORDED_IN_DNS="${IP_NOT_RECORDED_IN_DNS} ${ip}"
-                echo -e "${RED}${ip} is NOT recorded in /DNS : check KO${NC}\n"
+                echo -e "${RED}${ip} is NOT recorded in DNS : check KO${NC}\n"
         # IP recorded in DNS
         else
                 echo -e "${GREEN}${ip} is recorded in DNS : check OK${NC}\n"
         fi
 done
+
+# Check if hostname recorded in DNS (A and AAAA records)
+echo -e "Check if hostname is recorded in DNS : ${BLUE}A and AAAA records${NC}" 
+
+# Check if record A is set in DNS for hostname
+nslookup -querytype=A $(hostname) &>/dev/null
+
+# Return Code
+RC=$?
+
+# If no 'A' DNS record for hostname
+if [ $RC -ne 0 ]
+then
+	HOSTNAME_A_RECORD_NOT_IN_DNS=1
+	echo -e "${RED}Hostname is NOT recorded in DNS (A record) : check KO${NC}\n"
+# If 'A' DNS record for hostname exist
+else
+	echo -e "${GREEN}Hostname is recorded in DNS (A record) : check OK${NC}\n"
+fi
+
+# Check if record AAAA is set in DNS for hostname
+nslookup -querytype=AAAA $(hostname) &>/dev/null
+
+# Return Code
+RC=$?
+
+# If no 'AAAA' DNS record for hostname
+if [ $RC -ne 0 ]
+then
+	HOSTNAME_AAAA_RECORD_NOT_IN_DNS=1
+	echo -e "${RED}Hostname is NOT recorded in DNS (AAAA record) : check KO${NC}\n"
+# If 'AAAA' DNS record for hostname exist
+else
+	echo -e "${GREEN}Hostname is recorded in DNS (AAAA record) : check OK${NC}\n"
+fi

recipes/recipe_check_eselect.sh

@@ -0,0 +1,11 @@
+print_config_title 'CHECK GENTOO PROFILE'
+
+# Check if the active Gentoo profile is the expected profile
+if [ "${GENTOO_PROFILE}" == "$(eselect profile list |grep '*' | tr -s " "| cut -d' ' -f3)" ]
+then
+	echo -e "${GREEN}Gentoo profile ${GENTOO_PROFILE} is selected : check OK${NC}\n"
+# If wrong Gentoo profile selected
+else
+	WRONG_GENTOO_PROFILE_SELECTED=1
+        echo -e "${RED}Gentoo profile ${GENTOO_PROFILE} is NOT SELECTED : check KO${NC}\n"
+fi

recipes/recipe_final_summary.sh

@@ -17,6 +17,10 @@ print_config_title 'FINAL SUMMARY'
 
 [ ! -z "${IP_NOT_RECORDED_IN_DNS}" ] && echo -e "${RED}IP RECORD TO CHECK (NOT RECORDED IN DNS) :${NC} ${IP_NOT_RECORDED_IN_DNS}\n"
 
+[ ${HOSTNAME_A_RECORD_NOT_IN_DNS} -ne 0 ] && echo -e "${RED}Hostname is NOT recorded in DNS (A record) :${NC} add A record in DNS for the hostname $(hostname)\n"
+
+[ ${HOSTNAME_AAAA_RECORD_NOT_IN_DNS} -ne 0 ] && echo -e "${RED}Hostname is NOT recorded in DNS (AAAA record) :${NC} add AAAA record in DNS for the hostname $(hostname)\n"
+
 [ ! -z "${PING_FAILED}" ] && echo -e "${RED}PING TO CHECK :${NC} ${PING_FAILED}\n"
 
 [ ! -z "${SERVICES_NOT_STARTED_OR_ERROR}" ] && echo -e "${RED}SERVICE(S) TO CHECK :${NC} ${SERVICES_NOT_STARTED_OR_ERROR}\n"
@@ -34,3 +38,5 @@ print_config_title 'FINAL SUMMARY'
 [ ! -z "${POSTFIX_CONFIG_CHECK_FAILED}" ] && echo -e "${RED}POSTFIX CONFIG TO CHECK :${NC} ${POSTFIX_CONFIG_CHECK_FAILED}\n"
 
 [ ! -z "${IPAM_CONFIG_CHECK_FAILED}" ] && echo -e "${RED}IPAM CONFIG TO CHECK :${NC} ${IPAM_CONFIG_CHECK_FAILED}\n"
+
+[ ${WRONG_GENTOO_PROFILE_SELECTED} -ne 0 ] && echo -e "${RED}Wrong Gentoo profile selecte :${NC} select ${GENTOO_PROFILE} profile with \"eselect profile list / set [ID]\"\n"

vars.example

@@ -0,0 +1,119 @@
+# Set absolute PATH for tools
+export GREP="/bin/grep"
+export ECHO="/bin/echo"
+export EMERGE="/usr/bin/emerge"
+export NSLOOKUP="/usr/bin/nslookup"
+export IP="/bin/ip"
+export HOSTNAME="/bin/hostname"
+export AWK="/bin/awk"
+export SED="/bin/sed"
+export CUT="/bin/cut"
+export TR="/bin/tr"
+export PING="/bin/ping"
+export CURL="/usr/bin/curl"
+export JQ="/usr/bin/jq"
+
+# Packages to check (it's a list to simplify comment)
+export PACKAGES="
+	virtual/ssh
+	app-admin/rsyslog
+	net-misc/ntp
+	app-backup/borgbackup
+	virtual/cron
+	sys-process/cronie
+	net-analyzer/munin
+	app-portage/eix'
+	app-portage/gentoolkit'
+	app-portage/genlop'
+	app-misc/tmux'
+	net-analyzer/tcpdump'
+	app-editors/vim'
+	sys-process/htop-2.2.0'
+	app-admin/sysklogd
+	dev-vcs/git
+	net-analyzer/nrpe
+	net-analyzer/net-snmp
+	net-dns/bind-tools
+	dev-vcs/git
+	mail-mta/postfix
+	mail-mta/postfix
+	app-admin/sudo
+	"
+
+# Package to check if it's a physical machine
+export PACKAGES_PHYSICAL="
+	sys-apps/smartmontools
+	"
+
+# Hostname to be resolved in recipes
+export NAMES_TO_RESOLV_AND_PING="
+	grifon.fr
+	arn-fai.net
+	grifonfesfdsfdsf.fr
+	"
+
+# Resolver to check if they are in /etc/resolv.conf
+export RESOLVERS="
+	2a00:5884::7
+	89.234.186.4
+	"
+
+# Services to check if they are working/running
+export SERVICES_TO_CHECK="
+	rsyslog
+	ntpd
+	munin-node
+	iptables
+	ip6tables
+	sshd
+	postfix
+	nrpe
+	snmpd
+	hostname
+	"
+
+# Same but with physical host services 
+export SERVICES_TO_CHECK_PHYSICAL="
+	smard
+	"
+
+# Admin network
+export IPV4_ADMIN_NETWORK="172.16.0."
+export IPV6_ADMIN_NETWORK="fd00:1111:1111:"
+
+# AS IPs ranges
+export RANGE_IPV4_1_NETWORK="89.234.186."
+export RANGE_IPV4_2_NETWORK="80.67.190."
+export RANGE_IPV6_NETWORK="2a00:5884:"
+
+# Admin hostname of the Monitoring server (Munin + libreNMS)
+export NAME_MASTER_MONITORING="serveur-sup.local"
+
+# Address of the Monitoring server in Munin's configuration format
+export IPV4_MASTER_MUNIN='^172\\\.16\\\.0\\\.123\$'
+export IPV6_MASTER_MUNIN='^fd00:1111:1111::123\$'
+
+# root/operator aliases for mailing
+export MAIL_ALIAS_ROOT="adminsys@example.tld"
+
+# General informations and replace space by [[:space:]]* to be used in regex
+export DC="Datacenter"
+export DC_for_function_check_value_in_conf_file=$(echo -e ${DC} | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | sed -e 's/[[:space:]]/[[:space:]]*/g')
+export ENTITY="Entity"
+export ENTITY_for_function_check_value_in_conf_file=$(echo -e ${ENTITY} | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | sed -e 's/[[:space:]]/[[:space:]]*/g')
+
+# Backup informations
+export BACKUP_SCRIPT="/usr/local/sbin/backup.sh"
+export BACKUP_REMOTE_USER="user-backup"
+export BACKUP_REMOTE_SERVER="backup.example.tld"
+export BACKUP_REMOTE_REPERTORY="/var/backup"
+
+# User and password to request a token on phpIPAM API
+export USER_IPAM='ipam-user'
+export PASSWORD_IPAM='password'
+
+# URL of the API
+export URL="https://ipam.example.tld/api/${USER_IPAM}"
+
+# Gentoo profile
+export GENTOO_PROFILE="default/linux/amd64/17.1"