2019-01-04 13:51:05 +01:00
|
|
|
#!/bin/sh
|
2019-01-07 14:47:05 +01:00
|
|
|
#
|
|
|
|
# Run check on jails (NRPE output)
|
|
|
|
# Usage: check
|
|
|
|
#
|
2019-01-04 13:51:05 +01:00
|
|
|
|
2020-04-02 13:44:13 +02:00
|
|
|
# shellcheck source=./includes
|
2020-04-02 00:31:57 +02:00
|
|
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
2019-01-04 13:51:05 +01:00
|
|
|
|
|
|
|
return=0
|
|
|
|
nb_crit=0
|
|
|
|
nb_warn=0
|
|
|
|
nb_ok=0
|
|
|
|
nb_unkn=0
|
|
|
|
output=""
|
|
|
|
|
|
|
|
if [ -b "${BACKUP_DISK}" ]; then
|
2020-04-01 09:12:40 +02:00
|
|
|
# If backup disk is encrypted, verify that it's open
|
2019-01-04 13:51:05 +01:00
|
|
|
cryptsetup isLuks "${BACKUP_DISK}"
|
|
|
|
if [ "$?" -eq 0 ]; then
|
|
|
|
if [ ! -b '/dev/mapper/backup' ]; then
|
|
|
|
echo "Luks disk ${BACKUP_DISK} is not mounted !\n"
|
|
|
|
echo "cryptsetup luksOpen ${BACKUP_DISK} backup"
|
|
|
|
exit 2
|
|
|
|
fi
|
2020-04-01 09:12:40 +02:00
|
|
|
# Change value to real device
|
2019-01-04 13:51:05 +01:00
|
|
|
BACKUP_DISK='/dev/mapper/backup'
|
|
|
|
fi
|
2020-04-01 09:12:40 +02:00
|
|
|
# Verify that it's mounted and writable
|
|
|
|
findmnt --source ${BACKUP_DISK} -O rw > /dev/null
|
2019-01-04 13:51:05 +01:00
|
|
|
if [ "$?" -ne 0 ]; then
|
2020-04-01 09:12:40 +02:00
|
|
|
echo "Backup disk ${BACKUP_DISK} is not mounted (or read-only) !\n"
|
2019-01-04 13:51:05 +01:00
|
|
|
echo "mount ${BACKUP_DISK} /backup"
|
|
|
|
exit 2
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2020-04-01 09:11:56 +02:00
|
|
|
read_variable() {
|
|
|
|
var_name=$1
|
|
|
|
file=$2
|
2020-04-01 18:39:56 +02:00
|
|
|
|
2020-04-01 09:11:56 +02:00
|
|
|
pattern="^\s*${var_name}=-?[0-9]+"
|
|
|
|
|
|
|
|
grep --extended-regexp --only-matching "${pattern}" "${file}" | cut -d= -f2
|
|
|
|
}
|
|
|
|
|
2020-04-01 07:23:23 +02:00
|
|
|
check_jail() {
|
2020-04-01 18:39:56 +02:00
|
|
|
jail_name=$1
|
2020-04-01 07:23:23 +02:00
|
|
|
|
2020-04-01 18:39:56 +02:00
|
|
|
jail_path=$(jail_path "${jail_name}")
|
2020-04-01 07:23:23 +02:00
|
|
|
cur_time=$(date "+%s")
|
2020-04-01 18:39:56 +02:00
|
|
|
last_conn=$(stat --format=%Y "${jail_path}/var/log/lastlog")
|
2020-04-01 07:23:23 +02:00
|
|
|
date_diff=$(( (cur_time - last_conn) / (60*60) ))
|
|
|
|
|
2020-04-02 18:26:53 +02:00
|
|
|
check_policy_file=$(current_jail_check_policy_file "${jail_name}")
|
2020-04-01 09:11:56 +02:00
|
|
|
|
|
|
|
if [ -f "${check_policy_file}" ]; then
|
|
|
|
local_critical=$(read_variable "CRITICAL" "${check_policy_file}")
|
|
|
|
local_warning=$(read_variable "WARNING" "${check_policy_file}")
|
|
|
|
else
|
|
|
|
unset local_critical
|
|
|
|
unset local_warning
|
2020-04-01 07:27:17 +02:00
|
|
|
fi
|
2020-04-01 09:11:56 +02:00
|
|
|
# reset to default values if missing local value
|
|
|
|
${local_critical:=${CRITICAL}}
|
|
|
|
${local_warning:=${WARNING}}
|
2020-04-01 07:27:17 +02:00
|
|
|
|
2020-04-01 09:11:56 +02:00
|
|
|
if [ "${local_critical}" -gt "0" ] && [ "${date_diff}" -gt "${local_critical}" ]; then
|
2020-04-01 07:23:23 +02:00
|
|
|
nb_crit=$((nb_crit + 1))
|
2020-04-01 18:39:56 +02:00
|
|
|
output="${output}CRITICAL - ${jail_name} - ${date_diff} hours (critical: ${local_critical})\n"
|
2020-04-01 07:23:23 +02:00
|
|
|
[ "${return}" -le 2 ] && return=2
|
2020-04-01 09:11:56 +02:00
|
|
|
elif [ "${local_warning}" -gt "0" ] && [ "${date_diff}" -gt "${local_warning}" ]; then
|
2020-04-01 07:23:23 +02:00
|
|
|
nb_warn=$((nb_warn + 1))
|
2020-04-01 18:39:56 +02:00
|
|
|
output="${output}WARNING - ${jail_name} - ${date_diff} hours (warning: ${local_warning})\n"
|
2020-04-01 07:23:23 +02:00
|
|
|
[ "${return}" -le 1 ] && return=1
|
|
|
|
else
|
|
|
|
nb_ok=$((nb_ok + 1))
|
2020-04-01 18:39:56 +02:00
|
|
|
output="${output}OK - ${jail_name} - ${date_diff} hours (critical: ${local_critical}, warning: ${local_warning})\n"
|
2020-04-01 07:23:23 +02:00
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2020-04-01 18:39:56 +02:00
|
|
|
for jail_name in $(jails_list); do
|
|
|
|
jail_path=$(jail_path "${jail_name}")
|
|
|
|
|
|
|
|
if [ -f "${jail_path}/var/log/lastlog" ]; then
|
|
|
|
check_jail "${jail_name}"
|
2019-01-04 13:51:05 +01:00
|
|
|
else
|
|
|
|
nb_unkn=$((nb_unkn + 1))
|
2020-04-01 18:39:56 +02:00
|
|
|
output="${output}UNKNOWN - ${jail_name} doesn't have lastlog !\n"
|
2019-01-04 13:51:05 +01:00
|
|
|
[ "${return}" -le 3 ] && return=3
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
|
|
|
[ "${return}" -ge 0 ] && header="OK"
|
|
|
|
[ "${return}" -ge 1 ] && header="WARNING"
|
|
|
|
[ "${return}" -ge 2 ] && header="CRITICAL"
|
2020-04-01 07:24:06 +02:00
|
|
|
[ "${return}" -ge 3 ] && header="UNKNOWN"
|
2019-01-04 13:51:05 +01:00
|
|
|
|
|
|
|
printf "%s - %s UNK / %s CRIT / %s WARN / %s OK\n\n" "${header}" "${nb_unkn}" "${nb_crit}" "${nb_warn}" "${nb_ok}"
|
|
|
|
|
2020-04-01 07:24:06 +02:00
|
|
|
printf "${output}" | grep -E "^UNKNOWN"
|
2019-01-04 13:51:05 +01:00
|
|
|
printf "${output}" | grep -E "^CRITICAL"
|
|
|
|
printf "${output}" | grep -E "^WARNING"
|
|
|
|
printf "${output}" | grep -E "^OK"
|
|
|
|
|
|
|
|
exit "${return}"
|