43 lines
2.2 KiB
Markdown
43 lines
2.2 KiB
Markdown
# recipe_gentoo
|
|
|
|
Check system configuration for a gentoo machine (VM or PHYSICAL) based on GRIFON's architecture.
|
|
It's a Gentoo OS configuration recipe. This script normally doesn't modify anything on the system.
|
|
|
|
To use (with root user) :
|
|
```
|
|
mv ./vars.example ./vars.sh
|
|
vim ./vars.sh # Edit all values which will be used by the script
|
|
./recipe_gentoo.sh [--physical]
|
|
```
|
|
|
|
If you cannot execute the script, add the 'x' permission for the user (chmod u+x ./recipe_gentoo.sh).
|
|
|
|
Not finished, in progress....
|
|
|
|
TO DO :
|
|
- Test the recipe check auto-backup (OK, not fully tested)
|
|
- Others (script design, documentation...)
|
|
|
|
Checked point :
|
|
- User is root to run the script
|
|
- Check requirements
|
|
- Installed packages
|
|
- Hostname configuration
|
|
- DNS configuration (resolve external name, configured nameserver, check if all IPs (scope global) are configured in DNS and check if the hostname has A and AAAA recods in DNS)
|
|
- Ping external machine for IPv4 and IPv6
|
|
- If Admin IPs are configured
|
|
- Services status
|
|
- SSH configuration (PasswordAuthentication no, PermitRootLogin no, and ListenAddress only on Admin LAN)
|
|
- NRPE basic configuration (allowed_hosts, nrpe_user and nrpe_group)
|
|
- MUNIN basic configuration (allow and port)
|
|
- SNMP basic config (agentAddress, rocommunity, trap2sink, informsink, sysLocation and sysContact)
|
|
- Mail alias configuration (root and operator mail alias configured)
|
|
- Check postfix config (inet_protocols, mail_owner)
|
|
- Add to check service if they are enabled
|
|
- Check portage configuration (FEATURES, PORTAGE_BINHOST, ACCEPT_LICENSE, USE, CHOST, GRUB_PLATFORMS, CPU_FLAGS_X86 and if GENTOO_MIRRORS includes organization mirror)
|
|
- Check if IPs (scope global) are recorded in IPAM
|
|
- Check if the selected Gentoo profile is the expected profile
|
|
- Check if auto-update script is configured (presence, executable and if cron task is configured)
|
|
- Check if auto-backup script is configured (presence, executable, content, connection to remote service, if cron task is configured ...)
|
|
- Print additional manual verifications (send reporting mail, if /etc conf file need to be updated, if a new kernel can be installed, if server-side for Icinga / SNMP / Munin are configured)
|