Apply latest dev branch to check_dhcpd branch
This commit is contained in:
commit
18ac01cbb3
|
@ -1,8 +1,8 @@
|
||||||
# $OpenBSD: dot.profile,v 1.9 2010/12/13 12:54:31 millert Exp $
|
# $OpenBSD: dot.profile,v 1.5 2018/02/02 02:29:54 yasuoka Exp $
|
||||||
#
|
#
|
||||||
# sh/ksh initialization
|
# sh/ksh initialization
|
||||||
|
|
||||||
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/sbin:/usr/local/bin
|
PATH=$HOME/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin:/usr/games
|
||||||
export PATH HOME TERM
|
export PATH HOME TERM
|
||||||
export PS1="\u@\h:\w\\$ "
|
export PS1="\u@\h:\w\\$ "
|
||||||
HISTFILE=$HOME/.histfile
|
HISTFILE=$HOME/.histfile
|
||||||
|
@ -25,3 +25,32 @@ case "$-" in
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
PKG_LIST=$(ls -1 /var/db/pkg)
|
||||||
|
|
||||||
|
set -A complete_kill_1 -- -9 -HUP -INFO -KILL -TERM
|
||||||
|
pgrep -q vmd
|
||||||
|
if [ $? = 0 ]; then
|
||||||
|
set -A complete_vmctl -- console load reload start stop reset status
|
||||||
|
set -A complete_vmctl_2 -- $(vmctl status | awk '!/NAME/{print $NF}')
|
||||||
|
fi
|
||||||
|
if [ -d ~/.password-store ]; then
|
||||||
|
PASS_LIST=$(
|
||||||
|
cd ~/.password-store
|
||||||
|
find . -type f -name \*.gpg | sed 's/^\.\///' | sed 's/\.gpg$//g'
|
||||||
|
)
|
||||||
|
|
||||||
|
set -A complete_pass -- $PASS_LIST -c generate edit insert git
|
||||||
|
set -A complete_pass_2 -- $PASS_LIST push
|
||||||
|
fi
|
||||||
|
set -A complete_pkg_delete -- $PKG_LIST
|
||||||
|
set -A complete_pkg_info -- $PKG_LIST
|
||||||
|
set -A complete_rcctl_1 -- disable enable get ls order set reload check restart stop start
|
||||||
|
set -A complete_rcctl_2 -- $(ls /etc/rc.d)
|
||||||
|
set -A complete_signify_1 -- -C -G -S -V
|
||||||
|
set -A complete_signify_2 -- -q -p -x -c -m -t -z
|
||||||
|
set -A complete_signify_3 -- -p -x -c -m -t -z
|
||||||
|
set -A complete_make_1 -- install clean repackage reinstall
|
||||||
|
set -A complete_gpg2 -- --refresh --receive-keys --armor --clearsign --sign --list-key --decrypt --verify --detach-sig
|
||||||
|
set -A complete_git -- pull push mpull mpush status clone branch add rm checkout fetch show tag commit
|
||||||
|
set -A complete_ifconfig_1 -- $(ifconfig | grep ^[a-z] | cut -d: -f1)
|
||||||
|
|
|
@ -16,5 +16,6 @@
|
||||||
line: '#sh /usr/share/scripts/zzz_evobackup'
|
line: '#sh /usr/share/scripts/zzz_evobackup'
|
||||||
owner: root
|
owner: root
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
create: yes
|
||||||
tags:
|
tags:
|
||||||
- evobackup
|
- evobackup
|
||||||
|
|
|
@ -17,15 +17,15 @@
|
||||||
- rsync--
|
- rsync--
|
||||||
- mtr--
|
- mtr--
|
||||||
- iftop
|
- iftop
|
||||||
|
- sudo--
|
||||||
- postgresql-client
|
- postgresql-client
|
||||||
tags:
|
tags:
|
||||||
- pkg
|
- pkg
|
||||||
|
|
||||||
- name: Install sudo
|
- name: Disable sndiod
|
||||||
openbsd_pkg:
|
service:
|
||||||
name: "{{ item }}"
|
name: sndiod
|
||||||
state: present
|
enabled: no
|
||||||
with_items:
|
state: stopped
|
||||||
- sudo--
|
|
||||||
tags:
|
tags:
|
||||||
- pkg
|
- pkg
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
permit setenv {ENV PS1 SSH_AUTH_SOCK SSH_TTY} :wheel
|
permit setenv {SSH_AUTH_SOCK SSH_TTY PKG_PATH HOME=/root ENV=/root/.profile} :wheel
|
||||||
permit nopass root
|
permit nopass root
|
||||||
permit setenv {ENV PS1 SSH_AUTH_SOCK SSH_TTY} nopass :wheel as root cmd /usr/share/scripts/evomaintenance.sh
|
permit setenv {ENV PS1 SSH_AUTH_SOCK SSH_TTY} nopass :wheel as root cmd /usr/share/scripts/evomaintenance.sh
|
||||||
permit nopass _nrpe cmd /usr/local/libexec/nagios/check_ipsecctl.sh
|
permit nopass _nrpe cmd /usr/local/libexec/nagios/check_ipsecctl.sh
|
||||||
|
@ -10,3 +10,4 @@ permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospfd
|
||||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospf6d
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospf6d
|
||||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_pf_states
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_pf_states
|
||||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/check_dhcp
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/check_dhcp
|
||||||
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_connections_state.sh
|
||||||
|
|
|
@ -79,13 +79,16 @@
|
||||||
- name: cron job for /etc/.git status is installed
|
- name: cron job for /etc/.git status is installed
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
line: '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short'
|
line: "{{ item }}"
|
||||||
owner: root
|
owner: root
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
create: yes
|
create: yes
|
||||||
when: etc_git_monitor_status
|
when: etc_git_monitor_status
|
||||||
tags:
|
tags:
|
||||||
- etc-git
|
- etc-git
|
||||||
|
with_items:
|
||||||
|
- 'next_part "Checking /etc git status:"'
|
||||||
|
- '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short'
|
||||||
|
|
||||||
- name: cron job for /etc/.git status is removed
|
- name: cron job for /etc/.git status is removed
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
|
87
roles/nagios-nrpe/files/plugins_bsd/check_connections_state.sh
Executable file
87
roles/nagios-nrpe/files/plugins_bsd/check_connections_state.sh
Executable file
|
@ -0,0 +1,87 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
STATE=0
|
||||||
|
MAIN_CONNECTION_PINGABLE_IP="31.170.8.95"
|
||||||
|
MAIN_CONNECTION_GATEWAY="IP"
|
||||||
|
MAIN_CONNECTION_IP="IP"
|
||||||
|
SECOND_CONNECTION_PINGABLE_IP="31.170.8.243"
|
||||||
|
INFO_MAIN_CONNECTION="IP - Description"
|
||||||
|
INFO_SECOND_CONNECTION="IP - Description"
|
||||||
|
CURRENT_GATEWAY=$(/usr/bin/netstat -nr | /usr/bin/grep "default" | /usr/bin/awk '{print $2}')
|
||||||
|
|
||||||
|
IS_GATEWAY_IN_FILE=1 # Check whether /etc/mygate has the IP of main connection
|
||||||
|
IS_VPN_USING_MAIN_CONNECTION=1 # Check whether ipsecctl use the main connection
|
||||||
|
IS_PF_USING_MAIN_CONNECTION=1 # Check whether PacketFilter has route-to using the main connection
|
||||||
|
IS_MISCELLANEOUS=1 # Check miscellaneous things
|
||||||
|
CHECK_CARP=0 # No check if host is backup
|
||||||
|
|
||||||
|
# No check if host is backup
|
||||||
|
if [ "${CHECK_CARP}" = 1 ]; then
|
||||||
|
CARP_STATUS=$(/sbin/ifconfig carp0 | /usr/bin/grep "status" | /usr/bin/awk '{print $2}')
|
||||||
|
if [ "$CARP_STATUS" = "backup" ]; then
|
||||||
|
echo "No check, I'm a backup"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If main connection is UP but not used => critical and continue
|
||||||
|
# If main connection is DOWN (used or not) => warning and exit
|
||||||
|
/sbin/ping -c1 -w1 ${MAIN_CONNECTION_PINGABLE_IP} >/dev/null 2>&1
|
||||||
|
if [ $? = 0 ]; then
|
||||||
|
if [ "${CURRENT_GATEWAY}" != "${MAIN_CONNECTION_GATEWAY}" ]; then
|
||||||
|
echo "Main connection is UP but not used as gateway !"
|
||||||
|
STATE=2
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "Main connection (${INFO_MAIN_CONNECTION}) is down"
|
||||||
|
STATE=1
|
||||||
|
IS_GATEWAY_IN_FILE=0
|
||||||
|
IS_VPN_USING_MAIN_CONNECTION=0
|
||||||
|
IS_PF_USING_MAIN_CONNECTION=0
|
||||||
|
IS_MISCELLANEOUS=0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If second connection is DOWN => critical and continue
|
||||||
|
/sbin/ping -c1 -w1 ${SECOND_CONNECTION_PINGABLE_IP} >/dev/null 2>&1
|
||||||
|
if [ $? != 0 ]; then
|
||||||
|
echo "Second connection (${INFO_SECOND_CONNECTION}) is down"
|
||||||
|
STATE=2
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check whether /etc/mygate has the IP of main connection
|
||||||
|
if [ "${IS_GATEWAY_IN_FILE}" = 1 ]; then
|
||||||
|
/usr/bin/grep -q "${MAIN_CONNECTION_GATEWAY}" /etc/mygate
|
||||||
|
if [ $? != 0 ]; then
|
||||||
|
echo "Main connection is not set in /etc/mygate"
|
||||||
|
STATE=2
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check whether ipsecctl use the main connection
|
||||||
|
if [ "${IS_VPN_USING_MAIN_CONNECTION}" = 1 ]; then
|
||||||
|
/sbin/ipsecctl -sa | /usr/bin/grep -q "${MAIN_CONNECTION_IP}"
|
||||||
|
if [ $? != 0 ]; then
|
||||||
|
echo "VPN is not using the main connection !"
|
||||||
|
STATE=2
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check whether PacketFilter has route-to using the main connection
|
||||||
|
if [ "${IS_PF_USING_MAIN_CONNECTION}" = 1 ]; then
|
||||||
|
/sbin/pfctl -sr | /usr/bin/grep "route-to" | /usr/bin/grep -q "${MAIN_CONNECTION_GATEWAY}"
|
||||||
|
if [ $? != 0 ]; then
|
||||||
|
echo "PF is not using the main connection !"
|
||||||
|
STATE=2
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check miscellaneous things
|
||||||
|
if [ "${IS_MISCELLANEOUS}" = 1 ]; then
|
||||||
|
echo
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "${STATE}" = 0 ]; then
|
||||||
|
echo "OK - Main connection is UP and used, second connection is UP"
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit ${STATE}
|
|
@ -2,6 +2,8 @@
|
||||||
# Custom NRPE configuration file.
|
# Custom NRPE configuration file.
|
||||||
# Part of the EvoBSD distribution.
|
# Part of the EvoBSD distribution.
|
||||||
#
|
#
|
||||||
|
# This is an Ansible managed file !
|
||||||
|
# For local modifications use the /etc/nrpe.d/zzz-evolix.cfg file instead
|
||||||
|
|
||||||
# Allowed IPs
|
# Allowed IPs
|
||||||
allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}
|
allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}
|
||||||
|
@ -36,3 +38,4 @@ command[check_smb]=/usr/local/libexec/nagios/check_tcp -H IPLOCALE -p 445
|
||||||
#command[check_ospf6d]=doas /usr/local/libexec/nagios/plugins/check_ospf6d
|
#command[check_ospf6d]=doas /usr/local/libexec/nagios/plugins/check_ospf6d
|
||||||
command[check_ospfd_simple]=sudo /usr/local/libexec/nagios/plugins/check_ospfd_simple
|
command[check_ospfd_simple]=sudo /usr/local/libexec/nagios/plugins/check_ospfd_simple
|
||||||
command[check_mysql]=/usr/local/libexec/nagios/check_mysql -H 127.0.0.1 -f /etc/nrpe.d/.my.cnf
|
command[check_mysql]=/usr/local/libexec/nagios/check_mysql -H 127.0.0.1 -f /etc/nrpe.d/.my.cnf
|
||||||
|
command[check_connections_state]=doas /usr/local/libexec/nagios/check_connections_state.sh
|
||||||
|
|
|
@ -3,8 +3,8 @@
|
||||||
# Script writen by Evolix
|
# Script writen by Evolix
|
||||||
|
|
||||||
_MAX_STATES_LIMIT=$(/sbin/pfctl -sm | /usr/bin/grep states | awk '{print $4}')
|
_MAX_STATES_LIMIT=$(/sbin/pfctl -sm | /usr/bin/grep states | awk '{print $4}')
|
||||||
_WARNING_STATES_LIMIT=$((_MAX_STATES_LIMIT*10/100))
|
_WARNING_STATES_LIMIT=$((_MAX_STATES_LIMIT*50/100))
|
||||||
_CRTICAL_STATES_LIMIT=$((_MAX_STATES_LIMIT*15/100))
|
_CRTICAL_STATES_LIMIT=$((_MAX_STATES_LIMIT*65/100))
|
||||||
|
|
||||||
. /usr/local/libexec/nagios/utils.sh
|
. /usr/local/libexec/nagios/utils.sh
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue