evobackup/lib/bkctld-check

#!/bin/sh
#
# Run check on jails (NRPE output)
# Usage: check
#

# shellcheck source=./config
LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"

return=0
nb_crit=0
nb_warn=0
nb_ok=0
nb_unkn=0
output=""

if [ -b "${BACKUP_DISK}" ]; then
    # If backup disk is encrypted, verify that it's open
    cryptsetup isLuks "${BACKUP_DISK}"
    if [ "$?" -eq 0 ]; then
        if [ ! -b '/dev/mapper/backup' ]; then
            echo "Luks disk ${BACKUP_DISK} is not mounted !\n"
            echo "cryptsetup luksOpen ${BACKUP_DISK} backup"
            exit 2
        fi
        # Change value to real device
        BACKUP_DISK='/dev/mapper/backup'
    fi
    # Verify that it's mounted and writable
    findmnt --source ${BACKUP_DISK} -O rw > /dev/null
    if [ "$?" -ne 0 ]; then
         echo "Backup disk ${BACKUP_DISK} is not mounted (or read-only) !\n"
         echo "mount ${BACKUP_DISK} /backup"
         exit 2
    fi
fi

read_variable() {
    var_name=$1
    file=$2

    pattern="^\s*${var_name}=-?[0-9]+"

    grep --extended-regexp --only-matching "${pattern}" "${file}" | cut -d= -f2
}

check_jail() {
    jail_name=$1

    jail_path=$(jail_path "${jail_name}")
    cur_time=$(date "+%s")
    last_conn=$(stat --format=%Y "${jail_path}/var/log/lastlog")
    date_diff=$(( (cur_time - last_conn) / (60*60) ))

    check_policy_file=$(jail_check_policy_file "${jail_name}")

    if [ -f "${check_policy_file}" ]; then
        local_critical=$(read_variable "CRITICAL" "${check_policy_file}")
        local_warning=$(read_variable "WARNING" "${check_policy_file}")
    else
        unset local_critical
        unset local_warning
    fi
    # reset to default values if missing local value
    ${local_critical:=${CRITICAL}}
    ${local_warning:=${WARNING}}

    if [ "${local_critical}" -gt "0" ] && [ "${date_diff}" -gt "${local_critical}" ]; then
        nb_crit=$((nb_crit + 1))
        output="${output}CRITICAL - ${jail_name} - ${date_diff} hours (critical: ${local_critical})\n"
        [ "${return}" -le 2 ] && return=2
    elif [ "${local_warning}" -gt "0" ] && [ "${date_diff}" -gt "${local_warning}" ]; then
        nb_warn=$((nb_warn + 1))
        output="${output}WARNING - ${jail_name} - ${date_diff} hours (warning: ${local_warning})\n"
        [ "${return}" -le 1 ] && return=1
    else
        nb_ok=$((nb_ok + 1))
        output="${output}OK - ${jail_name} - ${date_diff} hours (critical: ${local_critical}, warning: ${local_warning})\n"
    fi
}

for jail_name in $(jails_list); do
    jail_path=$(jail_path "${jail_name}")

    if [ -f "${jail_path}/var/log/lastlog" ]; then
        check_jail "${jail_name}"
    else
        nb_unkn=$((nb_unkn + 1))
        output="${output}UNKNOWN - ${jail_name} doesn't have lastlog !\n"
        [ "${return}" -le 3 ] && return=3
    fi
done

[ "${return}" -ge 0 ] && header="OK"
[ "${return}" -ge 1 ] && header="WARNING"
[ "${return}" -ge 2 ] && header="CRITICAL"
[ "${return}" -ge 3 ] && header="UNKNOWN"

printf "%s - %s UNK / %s CRIT / %s WARN / %s OK\n\n" "${header}" "${nb_unkn}" "${nb_crit}" "${nb_warn}" "${nb_ok}"

printf "${output}" | grep -E "^UNKNOWN"
printf "${output}" | grep -E "^CRITICAL"
printf "${output}" | grep -E "^WARNING"
printf "${output}" | grep -E "^OK"

exit "${return}"
Split bkctld into multiples scripts 2019-01-04 13:51:05 +01:00			`#!/bin/sh`
Move usage functions into bkctld-help script * Usage output is now auto-generated 2019-01-07 14:47:05 +01:00			`#`
			`# Run check on jails (NRPE output)`
			`# Usage: check`
			`#`
Split bkctld into multiples scripts 2019-01-04 13:51:05 +01:00
fix shellcheck source directive 2020-04-01 11:23:35 +02:00			`# shellcheck source=./config`
Split bkctld into multiples scripts 2019-01-04 13:51:05 +01:00			`LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"`

			`return=0`
			`nb_crit=0`
			`nb_warn=0`
			`nb_ok=0`
			`nb_unkn=0`
			`output=""`

			`if [ -b "${BACKUP_DISK}" ]; then`
bkctld-check: use findmnt instead of grep + check "rw" for backup disk 2020-04-01 09:12:40 +02:00			`# If backup disk is encrypted, verify that it's open`
Split bkctld into multiples scripts 2019-01-04 13:51:05 +01:00			`cryptsetup isLuks "${BACKUP_DISK}"`
			`if [ "$?" -eq 0 ]; then`
			`if [ ! -b '/dev/mapper/backup' ]; then`
			`echo "Luks disk ${BACKUP_DISK} is not mounted !\n"`
			`echo "cryptsetup luksOpen ${BACKUP_DISK} backup"`
			`exit 2`
			`fi`
bkctld-check: use findmnt instead of grep + check "rw" for backup disk 2020-04-01 09:12:40 +02:00			`# Change value to real device`
Split bkctld into multiples scripts 2019-01-04 13:51:05 +01:00			`BACKUP_DISK='/dev/mapper/backup'`
			`fi`
bkctld-check: use findmnt instead of grep + check "rw" for backup disk 2020-04-01 09:12:40 +02:00			`# Verify that it's mounted and writable`
			`findmnt --source ${BACKUP_DISK} -O rw > /dev/null`
Split bkctld into multiples scripts 2019-01-04 13:51:05 +01:00			`if [ "$?" -ne 0 ]; then`
bkctld-check: use findmnt instead of grep + check "rw" for backup disk 2020-04-01 09:12:40 +02:00			`echo "Backup disk ${BACKUP_DISK} is not mounted (or read-only) !\n"`
Split bkctld into multiples scripts 2019-01-04 13:51:05 +01:00			`echo "mount ${BACKUP_DISK} /backup"`
			`exit 2`
			`fi`
			`fi`

bkctld-check: simplify overrides 1. add support for the "new" canonical path for jail specific configurations 2. use a local value in the loop to prevent changing the global default value 2020-04-01 09:11:56 +02:00			`read_variable() {`
			`var_name=$1`
			`file=$2`
refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00
bkctld-check: simplify overrides 1. add support for the "new" canonical path for jail specific configurations 2. use a local value in the loop to prevent changing the global default value 2020-04-01 09:11:56 +02:00			`pattern="^\s*${var_name}=-?[0-9]+"`

			`grep --extended-regexp --only-matching "${pattern}" "${file}" \| cut -d= -f2`
			`}`

bkctld-check: extract check_jail function 2020-04-01 07:23:23 +02:00			`check_jail() {`
refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00			`jail_name=$1`
bkctld-check: extract check_jail function 2020-04-01 07:23:23 +02:00
refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00			`jail_path=$(jail_path "${jail_name}")`
bkctld-check: extract check_jail function 2020-04-01 07:23:23 +02:00			`cur_time=$(date "+%s")`
refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00			`last_conn=$(stat --format=%Y "${jail_path}/var/log/lastlog")`
bkctld-check: extract check_jail function 2020-04-01 07:23:23 +02:00			`date_diff=$(( (cur_time - last_conn) / (60*60) ))`

refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00			`check_policy_file=$(jail_check_policy_file "${jail_name}")`
bkctld-check: simplify overrides 1. add support for the "new" canonical path for jail specific configurations 2. use a local value in the loop to prevent changing the global default value 2020-04-01 09:11:56 +02:00
			`if [ -f "${check_policy_file}" ]; then`
			`local_critical=$(read_variable "CRITICAL" "${check_policy_file}")`
			`local_warning=$(read_variable "WARNING" "${check_policy_file}")`
			`else`
			`unset local_critical`
			`unset local_warning`
bkctld-check: add overrides for "per jail" thresholds Putting values for CRITICAL/WARNING in <JAIL_DIR>/etc/bkctld-check overrides the values for this specific jail. Setting to a value <=0 disables the threshold. 2020-04-01 07:27:17 +02:00			`fi`
bkctld-check: simplify overrides 1. add support for the "new" canonical path for jail specific configurations 2. use a local value in the loop to prevent changing the global default value 2020-04-01 09:11:56 +02:00			`# reset to default values if missing local value`
			`${local_critical:=${CRITICAL}}`
			`${local_warning:=${WARNING}}`
bkctld-check: add overrides for "per jail" thresholds Putting values for CRITICAL/WARNING in <JAIL_DIR>/etc/bkctld-check overrides the values for this specific jail. Setting to a value <=0 disables the threshold. 2020-04-01 07:27:17 +02:00
bkctld-check: simplify overrides 1. add support for the "new" canonical path for jail specific configurations 2. use a local value in the loop to prevent changing the global default value 2020-04-01 09:11:56 +02:00			`if [ "${local_critical}" -gt "0" ] && [ "${date_diff}" -gt "${local_critical}" ]; then`
bkctld-check: extract check_jail function 2020-04-01 07:23:23 +02:00			`nb_crit=$((nb_crit + 1))`
refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00			`output="${output}CRITICAL - ${jail_name} - ${date_diff} hours (critical: ${local_critical})\n"`
bkctld-check: extract check_jail function 2020-04-01 07:23:23 +02:00			`[ "${return}" -le 2 ] && return=2`
bkctld-check: simplify overrides 1. add support for the "new" canonical path for jail specific configurations 2. use a local value in the loop to prevent changing the global default value 2020-04-01 09:11:56 +02:00			`elif [ "${local_warning}" -gt "0" ] && [ "${date_diff}" -gt "${local_warning}" ]; then`
bkctld-check: extract check_jail function 2020-04-01 07:23:23 +02:00			`nb_warn=$((nb_warn + 1))`
refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00			`output="${output}WARNING - ${jail_name} - ${date_diff} hours (warning: ${local_warning})\n"`
bkctld-check: extract check_jail function 2020-04-01 07:23:23 +02:00			`[ "${return}" -le 1 ] && return=1`
			`else`
			`nb_ok=$((nb_ok + 1))`
refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00			`output="${output}OK - ${jail_name} - ${date_diff} hours (critical: ${local_critical}, warning: ${local_warning})\n"`
bkctld-check: extract check_jail function 2020-04-01 07:23:23 +02:00			`fi`
			`}`

refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00			`for jail_name in $(jails_list); do`
			`jail_path=$(jail_path "${jail_name}")`

			`if [ -f "${jail_path}/var/log/lastlog" ]; then`
			`check_jail "${jail_name}"`
Split bkctld into multiples scripts 2019-01-04 13:51:05 +01:00			`else`
			`nb_unkn=$((nb_unkn + 1))`
refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00			`output="${output}UNKNOWN - ${jail_name} doesn't have lastlog !\n"`
Split bkctld into multiples scripts 2019-01-04 13:51:05 +01:00			`[ "${return}" -le 3 ] && return=3`
			`fi`
			`done`

			`[ "${return}" -ge 0 ] && header="OK"`
			`[ "${return}" -ge 1 ] && header="WARNING"`
			`[ "${return}" -ge 2 ] && header="CRITICAL"`
bkctld-check: fix typos 2020-04-01 07:24:06 +02:00			`[ "${return}" -ge 3 ] && header="UNKNOWN"`
Split bkctld into multiples scripts 2019-01-04 13:51:05 +01:00
			`printf "%s - %s UNK / %s CRIT / %s WARN / %s OK\n\n" "${header}" "${nb_unkn}" "${nb_crit}" "${nb_warn}" "${nb_ok}"`

bkctld-check: fix typos 2020-04-01 07:24:06 +02:00			`printf "${output}" \| grep -E "^UNKNOWN"`
Split bkctld into multiples scripts 2019-01-04 13:51:05 +01:00			`printf "${output}" \| grep -E "^CRITICAL"`
			`printf "${output}" \| grep -E "^WARNING"`
			`printf "${output}" \| grep -E "^OK"`

			`exit "${return}"`