#!/bin/sh is_alert5_enabled() { # It's not very clear how to reliably detect if a SysVinit script # wrapped in a systemd unit is enabled or not. # Even when the script is not started in any run level, systemd says "active". # So we test the SysVinit script path: # if present, we test for an rc2.d symlink # if missing, we ask systemd if a unit is active or not. if test -f /etc/init.d/alert5; then test -f /etc/rc2.d/S*alert5 else systemctl is-active alert5 | grep -q "^active$" fi } is_minifirewall_enabled() { # TODO: instead of nested conditionals, we could loop with many possible paths # and grep the first found, or error if none is found if test -f /etc/rc2.d/S*alert5; then grep -q "^/etc/init.d/minifirewall" /etc/rc2.d/S*alert5 else if test -f /usr/share/scripts/alert5.sh; then grep -q "^/etc/init.d/minifirewall" /usr/share/scripts/alert5.sh else return_critical "No Alert5 scripts has been found." fi fi } is_minifirewall_started() { if test -x /usr/share/scripts/minifirewall_status; then /usr/share/scripts/minifirewall_status > /dev/null else /sbin/iptables -L -n | grep -q -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$" fi } return_critical() { echo "CRITICAL: $1" exit 2 } return_warning() { echo "WARNING: $1" exit 1 } return_ok() { echo "OK: $1" exit 0 } main() { if is_alert5_enabled; then if is_minifirewall_enabled; then if is_minifirewall_started; then return_ok "Minifirewall is started." else return_critical "Minifirewall is not started." fi else if is_minifirewall_started; then return_warning "Minifirewall is started, but disabled in alert5." else return_ok "Minifirewall is not started, but disabled in alert5." fi fi else if is_minifirewall_started; then return_warning "Minifirewall is started, but Alert5 script is not enabled." else return_ok "Minifirewall is not started and Alert5 script is not enabled." fi fi } main