# recipe_gentoo Check system configuration for a Gentoo machine (VM or PHYSICAL) based on GRIFON's architecture. It's a Gentoo OS configuration recipe. This script normally doesn't modify anything on the system. To use (with root user) : ``` mv ./vars.example ./vars.sh vim ./vars.sh # Edit all values which will be used by the script ./recipe_gentoo.sh [--physical] ``` If you cannot execute the script, add the 'x' permission for the user ``` chmod u+x ./recipe_gentoo.sh ``` Not finished, in progress.... TO DO : - Check if host can join IPAM before test the API - Test the recipe check auto-backup (OK, not fully tested) - Others (script design, documentation...) Checked points : - User is root to run the script - Check requirements - Installed packages - Hostname configuration - DNS configuration (resolve external name, configured nameserver, check if all IPs (scope global) are configured in DNS and check if the hostname has A and AAAA recods in DNS) - Ping external machine for IPv4 and IPv6 - If Admin IPs are configured - Services status - SSH configuration (PasswordAuthentication no, PermitRootLogin no, and ListenAddress only on Admin LAN) - NRPE basic configuration (allowed_hosts, nrpe_user and nrpe_group) - MUNIN basic configuration (allow and port) - SNMP basic config (agentAddress, rocommunity, trap2sink, informsink, sysLocation and sysContact) - Mail alias configuration (root and operator mail alias configured) - Check postfix config (inet_protocols, mail_owner) - Add to check service if they are enabled - Check portage configuration (FEATURES, PORTAGE_BINHOST, ACCEPT_LICENSE, USE, CHOST, GRUB_PLATFORMS, CPU_FLAGS_X86 and if GENTOO_MIRRORS includes organization mirror) - Check if IPs (scope global) are recorded in IPAM - Check if the selected Gentoo profile is the expected profile - Check if auto-update script is configured (presence, executable and if cron task is configured) - Check if auto-backup script is configured (presence, executable, content, connection to remote service, if cron task is configured ...) - Print additional manual verifications (send reporting mail, if /etc conf file need to be updated, if a new kernel can be installed, if server-side for Icinga / SNMP / Munin are configured)