79 lines
2 KiB
Plaintext
79 lines
2 KiB
Plaintext
|
#!/bin/sh
|
||
|
|
||
|
is_alert5_enabled() {
|
||
|
# It's not very clear how to reliably detect if a SysVinit script
|
||
|
# wrapped in a systemd unit is enabled or not.
|
||
|
# Even when the script is not started in any run level, systemd says "active".
|
||
|
# So we test the SysVinit script path:
|
||
|
# if present, we test for an rc2.d symlink
|
||
|
# if missing, we ask systemd if a unit is active or not.
|
||
|
if test -f /etc/init.d/alert5; then
|
||
|
test -f /etc/rc2.d/S*alert5
|
||
|
else
|
||
|
systemctl is-active alert5 | grep -q "^active$"
|
||
|
fi
|
||
|
}
|
||
|
|
||
|
is_minifirewall_enabled() {
|
||
|
# TODO: instead of nested conditionals, we could loop with many possible paths
|
||
|
# and grep the first found, or error if none is found
|
||
|
if test -f /etc/rc2.d/S*alert5; then
|
||
|
grep -q "^/etc/init.d/minifirewall" /etc/rc2.d/S*alert5
|
||
|
else
|
||
|
if test -f /usr/share/scripts/alert5.sh; then
|
||
|
grep -q "^/etc/init.d/minifirewall" /usr/share/scripts/alert5.sh
|
||
|
else
|
||
|
return_critical "No Alert5 scripts has been found."
|
||
|
fi
|
||
|
fi
|
||
|
}
|
||
|
|
||
|
is_minifirewall_started() {
|
||
|
if test -x /usr/share/scripts/minifirewall_status; then
|
||
|
/usr/share/scripts/minifirewall_status > /dev/null
|
||
|
else
|
||
|
/sbin/iptables -L -n | grep -q -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$"
|
||
|
fi
|
||
|
}
|
||
|
|
||
|
return_critical() {
|
||
|
echo "CRITICAL: $1"
|
||
|
exit 2
|
||
|
}
|
||
|
|
||
|
return_warning() {
|
||
|
echo "WARNING: $1"
|
||
|
exit 1
|
||
|
}
|
||
|
|
||
|
return_ok() {
|
||
|
echo "OK: $1"
|
||
|
exit 0
|
||
|
}
|
||
|
|
||
|
main() {
|
||
|
if is_alert5_enabled; then
|
||
|
if is_minifirewall_enabled; then
|
||
|
if is_minifirewall_started; then
|
||
|
return_ok "Minifirewall is started."
|
||
|
else
|
||
|
return_critical "Minifirewall is not started."
|
||
|
fi
|
||
|
else
|
||
|
if is_minifirewall_started; then
|
||
|
return_warning "Minifirewall is started, but disabled in alert5."
|
||
|
else
|
||
|
return_ok "Minifirewall is not started, but disabled in alert5."
|
||
|
fi
|
||
|
fi
|
||
|
else
|
||
|
if is_minifirewall_started; then
|
||
|
return_warning "Minifirewall is started, but Alert5 script is not enabled."
|
||
|
else
|
||
|
return_ok "Minifirewall is not started and Alert5 script is not enabled."
|
||
|
fi
|
||
|
fi
|
||
|
}
|
||
|
|
||
|
main
|