From e5d1dc96bb8cd34645272fd48a1aa42e18dad8e0 Mon Sep 17 00:00:00 2001 From: Jeremy Dubois Date: Thu, 16 Jun 2022 17:25:52 +0200 Subject: [PATCH] Fix various shellcheck violations --- roles/bgp/templates/bgpd-check-peers.sh.j2 | 10 ++++------ roles/nagios-nrpe/files/plugins_bsd/check_carp_if | 6 ++---- .../files/plugins_bsd/check_connections_state.sh | 15 +++++---------- .../files/plugins_bsd/check_ipsecctl.sh | 6 +++--- .../files/plugins_bsd/check_ipsecctl_critiques.sh | 15 +++++++-------- roles/nagios-nrpe/files/plugins_bsd/check_openvpn | 2 +- .../nagios-nrpe/files/plugins_bsd/check_pf_states | 4 ++-- roles/ospf/templates/ospf6d-check-peers.sh.j2 | 8 ++++---- roles/ospf/templates/ospfd-check-peers.sh.j2 | 8 ++++---- roles/post-install/files/motd-carp-state.sh | 6 +++--- roles/post-install/templates/generateldif.sh.j2 | 15 +++++++-------- 11 files changed, 42 insertions(+), 53 deletions(-) diff --git a/roles/bgp/templates/bgpd-check-peers.sh.j2 b/roles/bgp/templates/bgpd-check-peers.sh.j2 index 250ed54..8151449 100755 --- a/roles/bgp/templates/bgpd-check-peers.sh.j2 +++ b/roles/bgp/templates/bgpd-check-peers.sh.j2 @@ -29,7 +29,7 @@ mkdir -p "${_TMPDIR}" # Don't try to run if it's already running if [ -e "${_PIDFILE}" ]; then - echo "$(date)" >> "${_TMPDIR}"/log + date >> "${_TMPDIR}"/log exit 1 else echo $$ >> "${_PIDFILE}" @@ -46,16 +46,14 @@ fi # List peers and loops on them to list them and their BGP state bgpctl show neighbor | grep Description {{ bgp_exclude_grep_command }} | sed s,\ Description:\ ,,g > "${_TMPDIR}"/peers-list -while read _PEER +while read -r _PEER do _STATUS=$(/usr/sbin/bgpctl show neighbor "${_PEER}" | grep state | awk '{print $4}' |tr -d ',') - echo -n "${_PEER}" >> "${_TMPDIR}"/bgp-status - echo -n " " >> "${_TMPDIR}"/bgp-status # we note only if it's established or not if ! [[ "${_STATUS}" = "Established" ]] ; then _STATUS="NotEstablished" fi - echo "${_STATUS}" >> "${_TMPDIR}"/bgp-status + echo "${_PEER} ${_STATUS}" >> "${_TMPDIR}"/bgp-status done <"${_TMPDIR}"/peers-list @@ -74,7 +72,7 @@ mkdir -p "${_TMPMAILDIR}" # go through sessions and list them depending on their BGP state echo "*** Session(s) OK ***\n" >> "${_TMPMAILDIR}"/bodyok -while read _LINE +while read -r _LINE do # _LINE is session + status _STATUS=$(echo "${_LINE##* }") diff --git a/roles/nagios-nrpe/files/plugins_bsd/check_carp_if b/roles/nagios-nrpe/files/plugins_bsd/check_carp_if index 3fe1dc5..97de3de 100755 --- a/roles/nagios-nrpe/files/plugins_bsd/check_carp_if +++ b/roles/nagios-nrpe/files/plugins_bsd/check_carp_if @@ -48,15 +48,13 @@ if [ -z "$2" ];then fi # check if the carp interface exists or not -ifconfig $1 > /dev/null -if [ $? != "0" ];then +if ! ifconfig "$1" > /dev/null; then echo "carp interface $1 does not exist. Exiting ...." exit "$STATE_CRITICAL" fi # check state -ifconfig $1 | grep -i $2 > /dev/null -if [ $? != "0" ];then +if ! ifconfig "$1" | grep -i "$2" > /dev/null; then echo "NOT_OK - $1 should be $2" exit "$STATE_CRITICAL" else diff --git a/roles/nagios-nrpe/files/plugins_bsd/check_connections_state.sh b/roles/nagios-nrpe/files/plugins_bsd/check_connections_state.sh index ac73313..e29d1b7 100755 --- a/roles/nagios-nrpe/files/plugins_bsd/check_connections_state.sh +++ b/roles/nagios-nrpe/files/plugins_bsd/check_connections_state.sh @@ -26,8 +26,7 @@ fi # If main connection is UP but not used => critical and continue # If main connection is DOWN (used or not) => warning and exit -/sbin/ping -c1 -w1 ${MAIN_CONNECTION_PINGABLE_IP} >/dev/null 2>&1 -if [ $? = 0 ]; then +if /sbin/ping -c1 -w1 ${MAIN_CONNECTION_PINGABLE_IP} >/dev/null 2>&1; then if [ "${CURRENT_GATEWAY}" != "${MAIN_CONNECTION_GATEWAY}" ]; then echo "Main connection is UP but not used as gateway !" STATE=2 @@ -42,16 +41,14 @@ else fi # If second connection is DOWN => critical and continue -/sbin/ping -c1 -w1 ${SECOND_CONNECTION_PINGABLE_IP} >/dev/null 2>&1 -if [ $? != 0 ]; then +if ! /sbin/ping -c1 -w1 ${SECOND_CONNECTION_PINGABLE_IP} >/dev/null 2>&1; then echo "Second connection (${INFO_SECOND_CONNECTION}) is down" STATE=2 fi # Check whether /etc/mygate has the IP of main connection if [ "${IS_GATEWAY_IN_FILE}" = 1 ]; then - /usr/bin/grep -q "${MAIN_CONNECTION_GATEWAY}" /etc/mygate - if [ $? != 0 ]; then + if ! /usr/bin/grep -q "${MAIN_CONNECTION_GATEWAY}" /etc/mygate; then echo "Main connection is not set in /etc/mygate" STATE=2 fi @@ -59,8 +56,7 @@ fi # Check whether ipsecctl use the main connection if [ "${IS_VPN_USING_MAIN_CONNECTION}" = 1 ]; then - /sbin/ipsecctl -sa | /usr/bin/grep -q "${MAIN_CONNECTION_IP}" - if [ $? != 0 ]; then + if ! /sbin/ipsecctl -sa | /usr/bin/grep -q "${MAIN_CONNECTION_IP}"; then echo "VPN is not using the main connection !" STATE=2 fi @@ -68,8 +64,7 @@ fi # Check whether PacketFilter has route-to using the main connection if [ "${IS_PF_USING_MAIN_CONNECTION}" = 1 ]; then - /sbin/pfctl -sr | /usr/bin/grep "route-to" | /usr/bin/grep -q "${MAIN_CONNECTION_GATEWAY}" - if [ $? != 0 ]; then + if ! /sbin/pfctl -sr | /usr/bin/grep "route-to" | /usr/bin/grep -q "${MAIN_CONNECTION_GATEWAY}"; then echo "PF is not using the main connection !" STATE=2 fi diff --git a/roles/nagios-nrpe/files/plugins_bsd/check_ipsecctl.sh b/roles/nagios-nrpe/files/plugins_bsd/check_ipsecctl.sh index 4cdeaa9..4526d29 100755 --- a/roles/nagios-nrpe/files/plugins_bsd/check_ipsecctl.sh +++ b/roles/nagios-nrpe/files/plugins_bsd/check_ipsecctl.sh @@ -2,19 +2,19 @@ IPSECCTL="/sbin/ipsecctl -s sa" STATUS=0 -LINE1=`$IPSECCTL | grep "from $1 to $2" ` +$IPSECCTL | grep -q "from $1 to $2" if [ $? -eq 1 ]; then STATUS=2; OUTPUT1="No VPN from $1 to $2 " fi -LINE2=`$IPSECCTL | grep "from $2 to $1" ` +$IPSECCTL | grep -q "from $2 to $1" if [ $? -eq 1 ]; then STATUS=2; OUTPUT2="No VPN from $2 to $1" fi -if [ $STATUS -eq 0 ]; then +if [ "$STATUS" -eq 0 ]; then echo "VPN OK - $3 is up" exit $STATUS else diff --git a/roles/nagios-nrpe/files/plugins_bsd/check_ipsecctl_critiques.sh b/roles/nagios-nrpe/files/plugins_bsd/check_ipsecctl_critiques.sh index ef7a8c9..8d560f8 100755 --- a/roles/nagios-nrpe/files/plugins_bsd/check_ipsecctl_critiques.sh +++ b/roles/nagios-nrpe/files/plugins_bsd/check_ipsecctl_critiques.sh @@ -12,7 +12,7 @@ STATUS=0 VPN_KO="" default_int=$(route -n show -inet | grep default | awk '{ print $8 }' | grep -v pppoe0) -default_ip=$(ifconfig $default_int | grep inet | head -1 | awk '{ print $2 }') +default_ip=$(ifconfig "$default_int" | grep inet | head -1 | awk '{ print $2 }') # No check if CARP backup @@ -40,11 +40,10 @@ fi # Check with "ipsecctl -sa" for vpn in $(cat /etc/ipsec.conf | grep -v "^#" | awk '{print $2}'); do - vpn=$(basename $vpn .conf\") + vpn=$(basename "$vpn" .conf\") local_ip=$default_ip - remote_ip=$(grep -E "remote_ip" /etc/ipsec/${vpn}.conf | grep -v "^#" | grep -o "[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*") - $CHECK_IPSECCTL $local_ip $remote_ip "$vpn" > /dev/null - if [ $? -ne 0 ]; then + remote_ip=$(grep -E "remote_ip" /etc/ipsec/"${vpn}".conf | grep -v "^#" | grep -o "[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*") + if ! "$CHECK_IPSECCTL" "$local_ip" "$remote_ip" "$vpn" > /dev/null; then STATUS=2 VPN_KO="$VPN_KO $vpn" fi @@ -67,12 +66,12 @@ if [ $STATUS -eq 0 ]; then for vpn in $VPNS; do # dst_ip takes the value of VPNS_IP - eval dst_ip=\$${vpn}_IP + eval dst_ip=\$"${vpn}"_IP # Definition of the source IP of the ping according to the source network used (our side, adjust the -I option) case $vpn in - *vlan1*) ping -q -i 0.1 -I 192.168.5.5 -c 3 -w 1 $dst_ip >/dev/null ;; - *vlan2*) ping -q -i 0.1 -I 172.16.2.5 -c 3 -w 1 $dst_ip >/dev/null ;; + *vlan1*) ping -q -i 0.1 -I 192.168.5.5 -c 3 -w 1 "$dst_ip" >/dev/null ;; + *vlan2*) ping -q -i 0.1 -I 172.16.2.5 -c 3 -w 1 "$dst_ip" >/dev/null ;; esac if [ $? -ne 0 ]; then diff --git a/roles/nagios-nrpe/files/plugins_bsd/check_openvpn b/roles/nagios-nrpe/files/plugins_bsd/check_openvpn index 04490d4..cec00f9 100755 --- a/roles/nagios-nrpe/files/plugins_bsd/check_openvpn +++ b/roles/nagios-nrpe/files/plugins_bsd/check_openvpn @@ -4,7 +4,7 @@ carp=$(/sbin/ifconfig carp0 | /usr/bin/grep 'status' |cut -d' ' -f2) -if [ $carp = 'backup' ]; then +if [ "$carp" = 'backup' ]; then echo "No check, I'm a backup" return 0 else diff --git a/roles/nagios-nrpe/files/plugins_bsd/check_pf_states b/roles/nagios-nrpe/files/plugins_bsd/check_pf_states index 670ea1b..c00114a 100755 --- a/roles/nagios-nrpe/files/plugins_bsd/check_pf_states +++ b/roles/nagios-nrpe/files/plugins_bsd/check_pf_states @@ -10,10 +10,10 @@ _CRTICAL_STATES_LIMIT=$((_MAX_STATES_LIMIT*65/100)) _CHECK_STATES=$(/sbin/pfctl -si | /usr/bin/grep current | awk '{print $3}') -if [ $_CHECK_STATES -lt $_WARNING_STATES_LIMIT ];then +if [ "$_CHECK_STATES" -lt "$_WARNING_STATES_LIMIT" ];then echo "OK: States number ($_CHECK_STATES) is below threshold (warn : $_WARNING_STATES_LIMIT / crit : $_CRTICAL_STATES_LIMIT / max : $_MAX_STATES_LIMIT)" exit "$STATE_OK" -elif [ $_CHECK_STATES -ge $_WARNING_STATES_LIMIT ] && [ $_CHECK_STATES -lt $_CRTICAL_STATES_LIMIT ];then +elif [ "$_CHECK_STATES" -ge "$_WARNING_STATES_LIMIT" ] && [ "$_CHECK_STATES" -lt "$_CRTICAL_STATES_LIMIT" ];then echo "WARNING: States number is $_CHECK_STATES (threshold WARNING = $_WARNING_STATES_LIMIT, max = $_MAX_STATES_LIMIT)" exit "$STATE_WARNING" else diff --git a/roles/ospf/templates/ospf6d-check-peers.sh.j2 b/roles/ospf/templates/ospf6d-check-peers.sh.j2 index 2c1d294..3686490 100755 --- a/roles/ospf/templates/ospf6d-check-peers.sh.j2 +++ b/roles/ospf/templates/ospf6d-check-peers.sh.j2 @@ -29,7 +29,7 @@ mkdir -p "${_TMPDIR}" # Don't try to run if it's already running if [ -e "${_PIDFILE}" ]; then - echo "$(date)" >> "${_TMPDIR}"/log + date >> "${_TMPDIR}"/log exit 1 else echo $$ >> "${_PIDFILE}" @@ -46,12 +46,12 @@ fi # List peers and loops on them to list them and their OSPF6 state ospf6ctl show neighbor | grep -v "^$" | grep -v "Uptime" | awk {'print $1'} > "${_TMPDIR}"/peers-list -while read _PEER +while read -r _PEER do _STATUS=$(/usr/sbin/ospf6ctl show neighbor | grep "${_PEER} " | awk {'print $3'}) echo -n "${_PEER}" >> "${_TMPDIR}"/ospf6-status echo -n " " >> "${_TMPDIR}"/ospf6-status - if ([[ "${_STATUS}" = "FULL/BCKUP" ]] || [[ "${_STATUS}" = "FULL/DR" ]] || [[ "${_STATUS}" = "2-WAY/OTHER" ]] || [[ "${_STATUS}" = "FULL/OTHER" ]]) ; then + if [[ "${_STATUS}" = "FULL/BCKUP" ]] || [[ "${_STATUS}" = "FULL/DR" ]] || [[ "${_STATUS}" = "2-WAY/OTHER" ]] || [[ "${_STATUS}" = "FULL/OTHER" ]] ; then _STATUS="UP" else _STATUS="DOWN" @@ -75,7 +75,7 @@ mkdir -p "${_TMPMAILDIR}" # go through sessions and list them depending on their OSPF6 state echo "*** Session(s) OK ***\n" >> "${_TMPMAILDIR}"/bodyok -while read _LINE +while read -r _LINE do # _LINE is session + status _STATUS=$(echo "${_LINE}" | awk {'print $2'}) diff --git a/roles/ospf/templates/ospfd-check-peers.sh.j2 b/roles/ospf/templates/ospfd-check-peers.sh.j2 index ede2eec..8fed871 100755 --- a/roles/ospf/templates/ospfd-check-peers.sh.j2 +++ b/roles/ospf/templates/ospfd-check-peers.sh.j2 @@ -29,7 +29,7 @@ mkdir -p "${_TMPDIR}" # Don't try to run if it's already running if [ -e "${_PIDFILE}" ]; then - echo "$(date)" >> "${_TMPDIR}"/log + date >> "${_TMPDIR}"/log exit 1 else echo $$ >> "${_PIDFILE}" @@ -46,12 +46,12 @@ fi # List peers and loops on them to list them and their OSPF state ospfctl show neighbor | grep -v "^$" | grep -v "Uptime" | awk {'print $1'} > "${_TMPDIR}"/peers-list -while read _PEER +while read -r _PEER do _STATUS=$(/usr/sbin/ospfctl show neighbor | grep "${_PEER} " | awk {'print $3'}) echo -n "${_PEER}" >> "${_TMPDIR}"/ospf-status echo -n " " >> "${_TMPDIR}"/ospf-status - if ([[ "${_STATUS}" = "FULL/BCKUP" ]] || [[ "${_STATUS}" = "FULL/DR" ]] || [[ "${_STATUS}" = "2-WAY/OTHER" ]] || [[ "${_STATUS}" = "FULL/OTHER" ]]) ; then + if [[ "${_STATUS}" = "FULL/BCKUP" ]] || [[ "${_STATUS}" = "FULL/DR" ]] || [[ "${_STATUS}" = "2-WAY/OTHER" ]] || [[ "${_STATUS}" = "FULL/OTHER" ]] ; then _STATUS="UP" else _STATUS="DOWN" @@ -75,7 +75,7 @@ mkdir -p "${_TMPMAILDIR}" # go through sessions and list them depending on their OSPF state echo "*** Session(s) OK ***\n" >> "${_TMPMAILDIR}"/bodyok -while read _LINE +while read -r _LINE do # _LINE is session + status _STATUS=$(echo "${_LINE}" | awk {'print $2'}) diff --git a/roles/post-install/files/motd-carp-state.sh b/roles/post-install/files/motd-carp-state.sh index 04a4ec9..e94d6db 100755 --- a/roles/post-install/files/motd-carp-state.sh +++ b/roles/post-install/files/motd-carp-state.sh @@ -1,6 +1,6 @@ #!/bin/sh -VERSION=22.01 +VERSION=22.06 if [ ! -f /etc/motd-original ]; then cp /etc/motd /etc/motd-original @@ -18,7 +18,7 @@ ifconfig carp0 | grep -q backup backup=$? if [ "$master" -eq 0 ]; then - if [ $(cat /tmp/carp.state) = "master" ]; then + if [ "$(cat /tmp/carp.state)" = "master" ]; then # We already were master, no change exit 0 fi @@ -32,7 +32,7 @@ cat /etc/motd-original - << EOF > /etc/motd EOF echo "master" > /tmp/carp.state elif [ "$backup" -eq 0 ]; then - if [ $(cat /tmp/carp.state) = "backup" ]; then + if [ "$(cat /tmp/carp.state)" = "backup" ]; then # We already were backup, no change exit 0 fi diff --git a/roles/post-install/templates/generateldif.sh.j2 b/roles/post-install/templates/generateldif.sh.j2 index 4deab9c..00e0a90 100755 --- a/roles/post-install/templates/generateldif.sh.j2 +++ b/roles/post-install/templates/generateldif.sh.j2 @@ -8,13 +8,13 @@ computerIP=$(ifconfig egress | grep inet | awk -v OFS="\n" '{ print $2, $NF }'| computerKernel=$(sysctl kern.osrelease | sed 's#kern.osrelease=##') computerOS="OpenBSD $computerKernel" HardwareSerial=$(sysctl hw.serialno 2>/dev/null | sed 's#hw.serialno=##') -if [ -z $HardwareSerial ]; then sysctl hw | grep -qi qemu && HardwareSerial="Not Specified"; fi +if [ -z "$HardwareSerial" ]; then sysctl hw | grep -qi qemu && HardwareSerial="Not Specified"; fi clientNumber="{{ client_number | mandatory }}" monitoringMode="{{ monitoring_mode | mandatory }}" cpuMark=$(sysctl hw.model| sed 's#hw.model=##') cpuModel=$(sysctl hw.model| sed 's#hw.model=##') cpuFreq=$(sysctl hw.cpuspeed| sed 's#hw.cpuspeed=##') -mem=$(expr $(sysctl hw.physmem| sed 's#hw.physmem=##') / 1000000)Mo +mem="$(($(sysctl hw.physmem | sed 's#hw.physmem=##') / 1000000))"Mo eth0Mark=unknown eth0Model=unknown eth0MAC=$(ifconfig egress | awk -v OFS="\n" '{ print $2, $NF }' | head -3 | tail -1) @@ -25,19 +25,18 @@ sdaSize=100G sdaModel=unknown swap=unknown nrpeVersion=$(pkg_info nrpe | head -1 | sed 's/Information for inst://') -openvpnVersion=$(pkg_info openvpn | head -1 | sed 's/Information for inst://') opensshFingerprintRSA=$(ssh-keyscan -t rsa localhost 2>/dev/null\ | sed -e 's/localhost //' -e 's/ssh-rsa /ssh-rsa,/') opensshFingerprintED25519=$(ssh-keyscan -t ed25519 localhost 2>/dev/null\ | sed -e 's/localhost //' -e 's/ssh-ed25519 /ssh-ed25519,/') opensshFingerprintECDSA=$(ssh-keyscan -t ecdsa-sha2-nistp256 localhost 2>/dev/null\ | sed -e 's/localhost //' -e 's/ecdsa-sha2-nistp256 /ecdsa-sha2-nistp256,/') -Fingerprint="${opensshFingerprintRSA}${opensshFingerprintRSA:+;}"\ -"${opensshFingerprintED25519}${opensshFingerprintED25519:+;}${opensshFingerprintECDSA}" +Fingerprint="${opensshFingerprintRSA}${opensshFingerprintRSA:+;}\ +${opensshFingerprintED25519}${opensshFingerprintED25519:+;}${opensshFingerprintECDSA}" ldif_file="/root/${EvoComputerName}.$(date +"%Y%m%d%H%M%S").ldif" -cat<${ldif_file} +cat<"${ldif_file}" # ldapvi --profile evolix --add --in ${ldif_file} dn: EvoComputerName=${EvoComputerName},ou=computer,dc=evolix,dc=net @@ -150,8 +149,8 @@ ServiceVersion: packetfilter EOT -if egrep -q 'sd.*RAID' /var/run/dmesg.boot; then -cat<>${ldif_file} +if grep -Eq 'sd.*RAID' /var/run/dmesg.boot; then +cat<>"${ldif_file}" dn: ServiceName=bioctl,EvoComputerName=${EvoComputerName},ou=computer,dc=evolix,dc=net objectClass: EvoService NagiosEnabled: TRUE