From 8ee2aa3b512a9c8b673e0bb533c1b8654f636fa7 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 23 Nov 2022 11:46:33 +0100 Subject: [PATCH] bkctld-check-canary: new subcommand to check canary files and content --- server/CHANGELOG.md | 2 ++ server/bkctld | 2 +- server/lib/bkctld-check-canary | 59 ++++++++++++++++++++++++++++++++++ server/lib/includes | 8 +++++ 4 files changed, 70 insertions(+), 1 deletion(-) create mode 100755 server/lib/bkctld-check-canary diff --git a/server/CHANGELOG.md b/server/CHANGELOG.md index 0c21896..35de9dc 100644 --- a/server/CHANGELOG.md +++ b/server/CHANGELOG.md @@ -8,6 +8,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added +* check-canary: new subcommand to check canary files and content + ### Changed ### Deprecated diff --git a/server/bkctld b/server/bkctld index 2fd07ea..0ee7c87 100755 --- a/server/bkctld +++ b/server/bkctld @@ -67,7 +67,7 @@ done subcommand="${1:-}" case "${subcommand}" in - "inc" | "rm" | "check-jails" | "check-setup" | "stats" | "list") + "inc" | "rm" | "check-jails" | "check-setup" | "check-canary" | "stats" | "list") "${LIBDIR}/bkctld-${subcommand}" ;; "check") diff --git a/server/lib/bkctld-check-canary b/server/lib/bkctld-check-canary new file mode 100755 index 0000000..c2de38a --- /dev/null +++ b/server/lib/bkctld-check-canary @@ -0,0 +1,59 @@ +#!/bin/sh +# +# Description: check canary file +# Usage: check-canary [|all] +# + +# shellcheck source=./includes +LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes" + +return=0 +nb_crit=0 +nb_warn=0 +nb_ok=0 +nb_unkn=0 +output="" + +date=$(date +"%Y-%m-%d") + +# Check each jail status + +check_jail() { + jail_name=$1 + + jail_path=$(jail_path "${jail_name}") + canary_absolute_file="${jail_path}/var/backup/${CANARY_RELATIVE_FILE}" + + if [ -f "${canary_absolute_file}" ]; then + if grep --quiet --fixed-string "${date}" "${canary_absolute_file}"; then + nb_ok=$((nb_ok + 1)) + output="${output}OK - ${jail_name} - entries found for ${date} in ${CANARY_RELATIVE_FILE} file\n" + else + nb_crit=$((nb_crit + 1)) + output="${output}CRITICAL - ${jail_name} - No entry for ${date} in ${CANARY_RELATIVE_FILE} file\n" + [ "${return}" -le 2 ] && return=2 + fi + else + nb_crit=$((nb_crit + 1)) + output="${output}CRITICAL - ${jail_name} - missing ${CANARY_RELATIVE_FILE} file\n" + [ "${return}" -le 2 ] && return=2 + fi +} + +for jail_name in $(jails_list); do + check_jail "${jail_name}" +done + +[ "${return}" -ge 0 ] && header="OK" +[ "${return}" -ge 1 ] && header="WARNING" +[ "${return}" -ge 2 ] && header="CRITICAL" +[ "${return}" -ge 3 ] && header="UNKNOWN" + +printf "%s - %s UNK / %s CRIT / %s WARN / %s OK\n\n" "${header}" "${nb_unkn}" "${nb_crit}" "${nb_warn}" "${nb_ok}" + +printf "${output}" | grep -E "^UNKNOWN" +printf "${output}" | grep -E "^CRITICAL" +printf "${output}" | grep -E "^WARNING" +printf "${output}" | grep -E "^OK" + +exit "${return}" \ No newline at end of file diff --git a/server/lib/includes b/server/lib/includes index 6d6d285..04c5479 100755 --- a/server/lib/includes +++ b/server/lib/includes @@ -20,6 +20,7 @@ LOCKDIR="${LOCKDIR:-/run/lock/bkctld}" ARCHIVESDIR="${ARCHIVESDIR:-${BACKUP_PARTITION}/archives}" INDEX_DIR="${INDEX_DIR:-${BACKUP_PARTITION}/index}" IDX_FILE="${IDX_FILE:-${INDEX_DIR}/bkctld-jails.idx}" +CANARY_RELATIVE_FILE="${CANARY_RELATIVE_FILE:-/zzz_evobackup_canary}" SSHD_PID="${SSHD_PID:-/run/sshd.pid}" SSHD_CONFIG="${SSHD_CONFIG:-/etc/ssh/sshd_config}" AUTHORIZED_KEYS="${AUTHORIZED_KEYS:-/root/.ssh/authorized_keys}" @@ -63,6 +64,13 @@ EOF printf "\n" } +is_quiet() { + test ${QUIET} -eq 1 +} +is_verbose() { + test ${VERBOSE} -eq 1 +} + log_date() { echo "[$(date +"%Y-%m-%d %H:%M:%S")]" }