From 74464346a27b4a0eb3a7b877506d740a30d2e704 Mon Sep 17 00:00:00 2001 From: Tristan PILAT Date: Fri, 22 Mar 2019 16:04:44 +0100 Subject: [PATCH 01/14] We don't need a separate task to install sudo --- roles/base/tasks/packages.yml | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/roles/base/tasks/packages.yml b/roles/base/tasks/packages.yml index 6c78d9c..55cf991 100644 --- a/roles/base/tasks/packages.yml +++ b/roles/base/tasks/packages.yml @@ -18,14 +18,9 @@ - mtr-- - iftop - postgresql-client - tags: - - pkg - -- name: Install sudo - openbsd_pkg: - name: "{{ item }}" - state: present - with_items: - sudo-- tags: - pkg + + tags: + - pkg From 1d6eaa12704950cae9b82635acbf54137826b01b Mon Sep 17 00:00:00 2001 From: Tristan PILAT Date: Fri, 22 Mar 2019 16:05:02 +0100 Subject: [PATCH 02/14] sndiod is not needed, let's disable it --- roles/base/tasks/packages.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/base/tasks/packages.yml b/roles/base/tasks/packages.yml index 55cf991..55b081a 100644 --- a/roles/base/tasks/packages.yml +++ b/roles/base/tasks/packages.yml @@ -22,5 +22,10 @@ tags: - pkg +- name: Disable sndiod + service: + name: sndiod + enabled: no + state: stopped tags: - pkg From 01278281bdc81a8b8f96d86afd2cfe65eb38b9bf Mon Sep 17 00:00:00 2001 From: Tristan PILAT Date: Fri, 22 Mar 2019 16:05:33 +0100 Subject: [PATCH 03/14] Bring some completion functions in root's profile dotfile --- roles/base/files/profile | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/roles/base/files/profile b/roles/base/files/profile index b153f2f..995c549 100644 --- a/roles/base/files/profile +++ b/roles/base/files/profile @@ -1,8 +1,8 @@ -# $OpenBSD: dot.profile,v 1.9 2010/12/13 12:54:31 millert Exp $ +# $OpenBSD: dot.profile,v 1.5 2018/02/02 02:29:54 yasuoka Exp $ # # sh/ksh initialization -PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/sbin:/usr/local/bin +PATH=$HOME/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin:/usr/games export PATH HOME TERM export PS1="\u@\h:\w\\$ " HISTFILE=$HOME/.histfile @@ -25,3 +25,32 @@ case "$-" in fi ;; esac + +PKG_LIST=$(ls -1 /var/db/pkg) + +set -A complete_kill_1 -- -9 -HUP -INFO -KILL -TERM +pgrep -q vmd +if [ $? = 0 ]; then + set -A complete_vmctl -- console load reload start stop reset status + set -A complete_vmctl_2 -- $(vmctl status | awk '!/NAME/{print $NF}') +fi +if [ -d ~/.password-store ]; then + PASS_LIST=$( + cd ~/.password-store + find . -type f -name \*.gpg | sed 's/^\.\///' | sed 's/\.gpg$//g' + ) + + set -A complete_pass -- $PASS_LIST -c generate edit insert git + set -A complete_pass_2 -- $PASS_LIST push +fi +set -A complete_pkg_delete -- $PKG_LIST +set -A complete_pkg_info -- $PKG_LIST +set -A complete_rcctl_1 -- disable enable get ls order set reload check restart stop start +set -A complete_rcctl_2 -- $(ls /etc/rc.d) +set -A complete_signify_1 -- -C -G -S -V +set -A complete_signify_2 -- -q -p -x -c -m -t -z +set -A complete_signify_3 -- -p -x -c -m -t -z +set -A complete_make_1 -- install clean repackage reinstall +set -A complete_gpg2 -- --refresh --receive-keys --armor --clearsign --sign --list-key --decrypt --verify --detach-sig +set -A complete_git -- pull push mpull mpush status clone branch add rm checkout fetch show tag commit +set -A complete_ifconfig_1 -- $(ifconfig | grep ^[a-z] | cut -d: -f1) From 4ef630285d337ea437ec493806f488107d917269 Mon Sep 17 00:00:00 2001 From: Jeremy Dubois Date: Tue, 9 Apr 2019 15:53:45 +0200 Subject: [PATCH 04/14] Add check_connections_state Script to check if connections are UP, and if so, check whether main connection is correctly used. Also add configuration to use with nrpe and sudo. --- roles/base/tasks/sudo.yml | 1 + .../plugins_bsd/check_connections_state.sh | 73 +++++++++++++++++++ roles/nagios-nrpe/templates/evolix_bsd.cfg.j2 | 1 + 3 files changed, 75 insertions(+) create mode 100755 roles/nagios-nrpe/files/plugins_bsd/check_connections_state.sh diff --git a/roles/base/tasks/sudo.yml b/roles/base/tasks/sudo.yml index d00e460..6aec63b 100644 --- a/roles/base/tasks/sudo.yml +++ b/roles/base/tasks/sudo.yml @@ -21,6 +21,7 @@ _nrpe ALL=(root) NOPASSWD: /usr/local/libexec/nagios/plugins/check_ipsecctl.sh _nrpe ALL=(root) NOPASSWD: /usr/local/libexec/nagios/check_mailq _nrpe ALL=(root) NOPASSWD: /usr/local/libexec/nagios/plugins/check_ospfd_simple + _nrpe ALL=(root) NOPASSWD: /usr/local/libexec/nagios/plugins/check_connections_state.sh validate: 'visudo -cf %s' backup: no tags: diff --git a/roles/nagios-nrpe/files/plugins_bsd/check_connections_state.sh b/roles/nagios-nrpe/files/plugins_bsd/check_connections_state.sh new file mode 100755 index 0000000..ef894cd --- /dev/null +++ b/roles/nagios-nrpe/files/plugins_bsd/check_connections_state.sh @@ -0,0 +1,73 @@ +#!/bin/sh + +STATE=0 +MAIN_CONNECTION_PINGABLE_IP="31.170.8.95" +MAIN_CONNECTION_GATEWAY="IP" +MAIN_CONNECTION_IP="IP" +SECOND_CONNECTION_PINGABLE_IP="31.170.8.243" +INFO_MAIN_CONNECTION="IP - Description" +INFO_SECOND_CONNECTION="IP - Description" +CURRENT_GATEWAY=$(/usr/bin/netstat -nr | /usr/bin/grep "default" | /usr/bin/awk '{print $2}') + +IS_GATEWAY_IN_FILE=1 +IS_VPN_USING_MAIN_CONNECTION=1 +IS_PF_USING_MAIN_CONNECTION=1 +CHECK_CARP=0 + +if [ "${CHECK_CARP}" = 1 ]; then + CARP_STATUS=$(/sbin/ifconfig carp0 | /usr/bin/grep "status" | /usr/bin/awk '{print $2}') + if [ "$CARP_STATUS" = "backup" ]; then + echo "No check, I'm a backup" + exit 0 + fi +fi + +/sbin/ping -c1 -w1 ${MAIN_CONNECTION_PINGABLE_IP} >/dev/null 2>&1 +if [ $? = 0 ]; then + if [ "${CURRENT_GATEWAY}" != "${MAIN_CONNECTION_GATEWAY}" ]; then + echo "Main connection is UP but not used as gateway !" + STATE=2 + fi +else + echo "Main connection (${INFO_MAIN_CONNECTION}) is down" + STATE=2 + IS_GATEWAY_IN_FILE=0 + IS_VPN_USING_MAIN_CONNECTION=0 + IS_PF_USING_MAIN_CONNECTION=0 +fi + +/sbin/ping -c1 -w1 ${SECOND_CONNECTION_PINGABLE_IP} >/dev/null 2>&1 +if [ $? != 0 ]; then + echo "Second connection (${INFO_SECOND_CONNECTION}) is down" + STATE=2 +fi + +if [ "${IS_GATEWAY_IN_FILE}" = 1 ]; then + /usr/bin/grep -q "${MAIN_CONNECTION_GATEWAY}" /etc/mygate + if [ $? != 0 ]; then + echo "Main connection is not set in /etc/mygate" + STATE=2 + fi +fi + +if [ "${IS_VPN_USING_MAIN_CONNECTION}" = 1 ]; then + /sbin/ipsecctl -sa | /usr/bin/grep -q "${MAIN_CONNECTION_IP}" + if [ $? != 0 ]; then + echo "VPN is not using the main connection !" + STATE=2 + fi +fi + +if [ "${IS_PF_USING_MAIN_CONNECTION}" = 1 ]; then + /sbin/pfctl -sr | /usr/bin/grep "route-to" | /usr/bin/grep -q "${MAIN_CONNECTION_GATEWAY}" + if [ $? != 0 ]; then + echo "PF is not using the main connection !" + STATE=2 + fi +fi + +if [ "${STATE}" = 0 ]; then + echo "OK - Main connection is UP and used, second connection is UP" +fi + +exit ${STATE} diff --git a/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2 b/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2 index 0420fcb..b3a7c33 100644 --- a/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2 +++ b/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2 @@ -36,3 +36,4 @@ command[check_smb]=/usr/local/libexec/nagios/check_tcp -H IPLOCALE -p 445 #command[check_ospf6d]=doas /usr/local/libexec/nagios/plugins/check_ospf6d command[check_ospfd_simple]=sudo /usr/local/libexec/nagios/plugins/check_ospfd_simple command[check_mysql]=/usr/local/libexec/nagios/check_mysql -H 127.0.0.1 -f /etc/nrpe.d/.my.cnf +command[check_connections_state]=sudo /usr/local/libexec/nagios/check_connections_state.sh From d2e9a0f5fb2c4da1e24ee21eef31312734155af9 Mon Sep 17 00:00:00 2001 From: Jeremy Dubois Date: Mon, 15 Apr 2019 11:00:53 +0200 Subject: [PATCH 05/14] Increase warning and critical pf_states threshold --- roles/nagios-nrpe/templates/plugins_bsd/check_pf_states.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nagios-nrpe/templates/plugins_bsd/check_pf_states.j2 b/roles/nagios-nrpe/templates/plugins_bsd/check_pf_states.j2 index c32e305..670ea1b 100755 --- a/roles/nagios-nrpe/templates/plugins_bsd/check_pf_states.j2 +++ b/roles/nagios-nrpe/templates/plugins_bsd/check_pf_states.j2 @@ -3,8 +3,8 @@ # Script writen by Evolix _MAX_STATES_LIMIT=$(/sbin/pfctl -sm | /usr/bin/grep states | awk '{print $4}') -_WARNING_STATES_LIMIT=$((_MAX_STATES_LIMIT*10/100)) -_CRTICAL_STATES_LIMIT=$((_MAX_STATES_LIMIT*15/100)) +_WARNING_STATES_LIMIT=$((_MAX_STATES_LIMIT*50/100)) +_CRTICAL_STATES_LIMIT=$((_MAX_STATES_LIMIT*65/100)) . /usr/local/libexec/nagios/utils.sh From 798a4827873d1655241a313d08962b0ed07e3835 Mon Sep 17 00:00:00 2001 From: Tristan PILAT Date: Sun, 14 Apr 2019 20:18:55 +0200 Subject: [PATCH 06/14] Load root's environment when using doas --- roles/base/templates/doas.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/base/templates/doas.conf.j2 b/roles/base/templates/doas.conf.j2 index 0d313a5..d28bf2f 100644 --- a/roles/base/templates/doas.conf.j2 +++ b/roles/base/templates/doas.conf.j2 @@ -1,5 +1,5 @@ # {{ ansible_managed }} -permit setenv {ENV PS1 SSH_AUTH_SOCK SSH_TTY} :wheel +permit setenv {SSH_AUTH_SOCK SSH_TTY PKG_PATH HOME=/root ENV=/root/.profile} :wheel permit nopass root permit setenv {ENV PS1 SSH_AUTH_SOCK SSH_TTY} nopass :wheel as root cmd /usr/share/scripts/evomaintenance.sh permit nopass _nrpe cmd /usr/local/libexec/nagios/check_ipsecctl.sh From a6815408a8ad09f0ad8c4802feac28ec0c875676 Mon Sep 17 00:00:00 2001 From: Tristan PILAT Date: Fri, 19 Apr 2019 23:55:31 +0200 Subject: [PATCH 07/14] Add a warning message in the NRPE configuration requesting to use an alternative configuration file for local modifications --- roles/nagios-nrpe/templates/evolix_bsd.cfg.j2 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2 b/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2 index 0420fcb..fe51fac 100644 --- a/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2 +++ b/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2 @@ -2,6 +2,8 @@ # Custom NRPE configuration file. # Part of the EvoBSD distribution. # +# This is an Ansible managed file ! +# For local modifications use the /etc/nrpe.d/zzz-evolix.cfg file instead # Allowed IPs allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }} @@ -36,3 +38,6 @@ command[check_smb]=/usr/local/libexec/nagios/check_tcp -H IPLOCALE -p 445 #command[check_ospf6d]=doas /usr/local/libexec/nagios/plugins/check_ospf6d command[check_ospfd_simple]=sudo /usr/local/libexec/nagios/plugins/check_ospfd_simple command[check_mysql]=/usr/local/libexec/nagios/check_mysql -H 127.0.0.1 -f /etc/nrpe.d/.my.cnf + +# This is an Ansible managed file! +# For local modifications use the /etc/nrpe.d/zzz-evolix.cfg file instead From b23a5796038e72a90f3b969566f7eacb9ea8eb8f Mon Sep 17 00:00:00 2001 From: Tristan PILAT Date: Sun, 5 May 2019 21:21:09 +0200 Subject: [PATCH 08/14] We have to make sure the daily.local file exists otherwise the playbook fails --- roles/base/tasks/evobackup.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/base/tasks/evobackup.yml b/roles/base/tasks/evobackup.yml index 669c86f..ba5a24a 100644 --- a/roles/base/tasks/evobackup.yml +++ b/roles/base/tasks/evobackup.yml @@ -16,5 +16,6 @@ line: '#sh /usr/share/scripts/zzz_evobackup' owner: root mode: "0644" + create: yes tags: - evobackup From 38273ecf332ef75845ccb99a828227ee4d886499 Mon Sep 17 00:00:00 2001 From: Tristan PILAT Date: Sun, 5 May 2019 21:42:21 +0200 Subject: [PATCH 09/14] Add a title in the daily output mail for the git status report --- roles/base/tasks/packages.yml | 1 - roles/etc-git/tasks/main.yml | 5 ++++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/base/tasks/packages.yml b/roles/base/tasks/packages.yml index 55b081a..81528fe 100644 --- a/roles/base/tasks/packages.yml +++ b/roles/base/tasks/packages.yml @@ -17,7 +17,6 @@ - rsync-- - mtr-- - iftop - - postgresql-client - sudo-- tags: - pkg diff --git a/roles/etc-git/tasks/main.yml b/roles/etc-git/tasks/main.yml index 1068842..e9a868a 100644 --- a/roles/etc-git/tasks/main.yml +++ b/roles/etc-git/tasks/main.yml @@ -79,13 +79,16 @@ - name: cron job for /etc/.git status is installed lineinfile: path: /etc/daily.local - line: '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short' + line: {{ item }} owner: root mode: "0644" create: yes when: etc_git_monitor_status tags: - etc-git + with_items: + - 'next_part "Checking /etc git status:"' + - '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short' - name: cron job for /etc/.git status is removed lineinfile: From 0afd6b9b63dec90cdda98f5207be9d2615d18e2e Mon Sep 17 00:00:00 2001 From: Tristan PILAT Date: Sat, 11 May 2019 20:52:58 +0200 Subject: [PATCH 10/14] Add missing quotes --- roles/etc-git/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/etc-git/tasks/main.yml b/roles/etc-git/tasks/main.yml index e9a868a..e81c2f5 100644 --- a/roles/etc-git/tasks/main.yml +++ b/roles/etc-git/tasks/main.yml @@ -79,7 +79,7 @@ - name: cron job for /etc/.git status is installed lineinfile: path: /etc/daily.local - line: {{ item }} + line: "{{ item }}" owner: root mode: "0644" create: yes From 1cab5efc1d4f48b7ec3390270b3dff5b1dd312d7 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Mon, 13 May 2019 08:49:42 -0400 Subject: [PATCH 11/14] Reverts erroneous removal of postrgres-client pkg --- roles/base/tasks/packages.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/base/tasks/packages.yml b/roles/base/tasks/packages.yml index 81528fe..e34c26b 100644 --- a/roles/base/tasks/packages.yml +++ b/roles/base/tasks/packages.yml @@ -18,6 +18,7 @@ - mtr-- - iftop - sudo-- + - postresql-client tags: - pkg From f456e4abf2353decc80c784784a40347abc080ba Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Mon, 13 May 2019 08:51:09 -0400 Subject: [PATCH 12/14] Fix typo in pkg name Wrote postgresql withouth the g... --- roles/base/tasks/packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/base/tasks/packages.yml b/roles/base/tasks/packages.yml index e34c26b..d205e19 100644 --- a/roles/base/tasks/packages.yml +++ b/roles/base/tasks/packages.yml @@ -18,7 +18,7 @@ - mtr-- - iftop - sudo-- - - postresql-client + - postgresql-client tags: - pkg From a23a6efca862f00127ab73a6dedbf1fb95f8856a Mon Sep 17 00:00:00 2001 From: Jeremy Dubois Date: Mon, 15 Jul 2019 17:44:05 +0200 Subject: [PATCH 13/14] Replace sudo with doas --- roles/base/tasks/sudo.yml | 1 - roles/base/templates/doas.conf.j2 | 1 + roles/nagios-nrpe/templates/evolix_bsd.cfg.j2 | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/base/tasks/sudo.yml b/roles/base/tasks/sudo.yml index 6aec63b..d00e460 100644 --- a/roles/base/tasks/sudo.yml +++ b/roles/base/tasks/sudo.yml @@ -21,7 +21,6 @@ _nrpe ALL=(root) NOPASSWD: /usr/local/libexec/nagios/plugins/check_ipsecctl.sh _nrpe ALL=(root) NOPASSWD: /usr/local/libexec/nagios/check_mailq _nrpe ALL=(root) NOPASSWD: /usr/local/libexec/nagios/plugins/check_ospfd_simple - _nrpe ALL=(root) NOPASSWD: /usr/local/libexec/nagios/plugins/check_connections_state.sh validate: 'visudo -cf %s' backup: no tags: diff --git a/roles/base/templates/doas.conf.j2 b/roles/base/templates/doas.conf.j2 index 0d313a5..462ebdc 100644 --- a/roles/base/templates/doas.conf.j2 +++ b/roles/base/templates/doas.conf.j2 @@ -9,3 +9,4 @@ permit nopass _collectd as root cmd /usr/sbin/bgpctl permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospfd permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospf6d permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_pf_states +permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_connections_state.sh diff --git a/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2 b/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2 index b3a7c33..17ced04 100644 --- a/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2 +++ b/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2 @@ -36,4 +36,4 @@ command[check_smb]=/usr/local/libexec/nagios/check_tcp -H IPLOCALE -p 445 #command[check_ospf6d]=doas /usr/local/libexec/nagios/plugins/check_ospf6d command[check_ospfd_simple]=sudo /usr/local/libexec/nagios/plugins/check_ospfd_simple command[check_mysql]=/usr/local/libexec/nagios/check_mysql -H 127.0.0.1 -f /etc/nrpe.d/.my.cnf -command[check_connections_state]=sudo /usr/local/libexec/nagios/check_connections_state.sh +command[check_connections_state]=doas /usr/local/libexec/nagios/check_connections_state.sh From 6b55368234a3c63222bac5f4e702c45fcc463725 Mon Sep 17 00:00:00 2001 From: Jeremy Dubois Date: Mon, 15 Jul 2019 17:48:51 +0200 Subject: [PATCH 14/14] Improve script and add comments --- .../plugins_bsd/check_connections_state.sh | 24 +++++++++++++++---- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/roles/nagios-nrpe/files/plugins_bsd/check_connections_state.sh b/roles/nagios-nrpe/files/plugins_bsd/check_connections_state.sh index ef894cd..ac73313 100755 --- a/roles/nagios-nrpe/files/plugins_bsd/check_connections_state.sh +++ b/roles/nagios-nrpe/files/plugins_bsd/check_connections_state.sh @@ -9,11 +9,13 @@ INFO_MAIN_CONNECTION="IP - Description" INFO_SECOND_CONNECTION="IP - Description" CURRENT_GATEWAY=$(/usr/bin/netstat -nr | /usr/bin/grep "default" | /usr/bin/awk '{print $2}') -IS_GATEWAY_IN_FILE=1 -IS_VPN_USING_MAIN_CONNECTION=1 -IS_PF_USING_MAIN_CONNECTION=1 -CHECK_CARP=0 +IS_GATEWAY_IN_FILE=1 # Check whether /etc/mygate has the IP of main connection +IS_VPN_USING_MAIN_CONNECTION=1 # Check whether ipsecctl use the main connection +IS_PF_USING_MAIN_CONNECTION=1 # Check whether PacketFilter has route-to using the main connection +IS_MISCELLANEOUS=1 # Check miscellaneous things +CHECK_CARP=0 # No check if host is backup +# No check if host is backup if [ "${CHECK_CARP}" = 1 ]; then CARP_STATUS=$(/sbin/ifconfig carp0 | /usr/bin/grep "status" | /usr/bin/awk '{print $2}') if [ "$CARP_STATUS" = "backup" ]; then @@ -22,6 +24,8 @@ if [ "${CHECK_CARP}" = 1 ]; then fi fi +# If main connection is UP but not used => critical and continue +# If main connection is DOWN (used or not) => warning and exit /sbin/ping -c1 -w1 ${MAIN_CONNECTION_PINGABLE_IP} >/dev/null 2>&1 if [ $? = 0 ]; then if [ "${CURRENT_GATEWAY}" != "${MAIN_CONNECTION_GATEWAY}" ]; then @@ -30,18 +34,21 @@ if [ $? = 0 ]; then fi else echo "Main connection (${INFO_MAIN_CONNECTION}) is down" - STATE=2 + STATE=1 IS_GATEWAY_IN_FILE=0 IS_VPN_USING_MAIN_CONNECTION=0 IS_PF_USING_MAIN_CONNECTION=0 + IS_MISCELLANEOUS=0 fi +# If second connection is DOWN => critical and continue /sbin/ping -c1 -w1 ${SECOND_CONNECTION_PINGABLE_IP} >/dev/null 2>&1 if [ $? != 0 ]; then echo "Second connection (${INFO_SECOND_CONNECTION}) is down" STATE=2 fi +# Check whether /etc/mygate has the IP of main connection if [ "${IS_GATEWAY_IN_FILE}" = 1 ]; then /usr/bin/grep -q "${MAIN_CONNECTION_GATEWAY}" /etc/mygate if [ $? != 0 ]; then @@ -50,6 +57,7 @@ if [ "${IS_GATEWAY_IN_FILE}" = 1 ]; then fi fi +# Check whether ipsecctl use the main connection if [ "${IS_VPN_USING_MAIN_CONNECTION}" = 1 ]; then /sbin/ipsecctl -sa | /usr/bin/grep -q "${MAIN_CONNECTION_IP}" if [ $? != 0 ]; then @@ -58,6 +66,7 @@ if [ "${IS_VPN_USING_MAIN_CONNECTION}" = 1 ]; then fi fi +# Check whether PacketFilter has route-to using the main connection if [ "${IS_PF_USING_MAIN_CONNECTION}" = 1 ]; then /sbin/pfctl -sr | /usr/bin/grep "route-to" | /usr/bin/grep -q "${MAIN_CONNECTION_GATEWAY}" if [ $? != 0 ]; then @@ -66,6 +75,11 @@ if [ "${IS_PF_USING_MAIN_CONNECTION}" = 1 ]; then fi fi +# Check miscellaneous things +if [ "${IS_MISCELLANEOUS}" = 1 ]; then + echo +fi + if [ "${STATE}" = 0 ]; then echo "OK - Main connection is UP and used, second connection is UP" fi