Jérémy Lecour
0ad1e8d342
bkctld-check-setup checks if the partition is mounted and writable, if firewall is configured and if all jails are started
79 lines
2.4 KiB
Bash
Executable file
79 lines
2.4 KiB
Bash
Executable file
#!/bin/sh
|
|
#
|
|
# Run check on jails (NRPE output)
|
|
# Usage: check
|
|
#
|
|
|
|
# shellcheck source=./includes
|
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
|
|
|
return=0
|
|
nb_crit=0
|
|
nb_warn=0
|
|
nb_ok=0
|
|
nb_unkn=0
|
|
output=""
|
|
|
|
# Check each jail status
|
|
|
|
check_jail() {
|
|
jail_name=$1
|
|
|
|
jail_path=$(jail_path "${jail_name}")
|
|
cur_time=$(date "+%s")
|
|
last_conn=$(stat --format=%Y "${jail_path}/var/log/lastlog")
|
|
date_diff=$(( (cur_time - last_conn) / (60*60) ))
|
|
|
|
check_policy_file=$(current_jail_check_policy_file "${jail_name}")
|
|
|
|
if [ -f "${check_policy_file}" ]; then
|
|
local_critical=$(read_numerical_variable "${check_policy_file}" "CRITICAL")
|
|
local_warning=$(read_numerical_variable "${check_policy_file}" "WARNING")
|
|
else
|
|
unset local_critical
|
|
unset local_warning
|
|
fi
|
|
# reset to default values if missing local value
|
|
: ${local_critical:=${CRITICAL}}
|
|
: ${local_warning:=${WARNING}}
|
|
|
|
if [ "${local_critical}" -gt "0" ] && [ "${date_diff}" -gt "${local_critical}" ]; then
|
|
nb_crit=$((nb_crit + 1))
|
|
output="${output}CRITICAL - ${jail_name} - ${date_diff} hours (${local_warning}/${local_critical})\n"
|
|
[ "${return}" -le 2 ] && return=2
|
|
elif [ "${local_warning}" -gt "0" ] && [ "${date_diff}" -gt "${local_warning}" ]; then
|
|
nb_warn=$((nb_warn + 1))
|
|
output="${output}WARNING - ${jail_name} - ${date_diff} hours (${local_warning}/${local_critical})\n"
|
|
[ "${return}" -le 1 ] && return=1
|
|
else
|
|
nb_ok=$((nb_ok + 1))
|
|
output="${output}OK - ${jail_name} - ${date_diff} hours (${local_warning}/${local_critical})\n"
|
|
fi
|
|
}
|
|
|
|
for jail_name in $(jails_list); do
|
|
jail_path=$(jail_path "${jail_name}")
|
|
|
|
if [ -f "${jail_path}/var/log/lastlog" ]; then
|
|
check_jail "${jail_name}"
|
|
else
|
|
nb_unkn=$((nb_unkn + 1))
|
|
output="${output}UNKNOWN - ${jail_name} doesn't have lastlog !\n"
|
|
[ "${return}" -le 3 ] && return=3
|
|
fi
|
|
done
|
|
|
|
[ "${return}" -ge 0 ] && header="OK"
|
|
[ "${return}" -ge 1 ] && header="WARNING"
|
|
[ "${return}" -ge 2 ] && header="CRITICAL"
|
|
[ "${return}" -ge 3 ] && header="UNKNOWN"
|
|
|
|
printf "%s - %s UNK / %s CRIT / %s WARN / %s OK\n\n" "${header}" "${nb_unkn}" "${nb_crit}" "${nb_warn}" "${nb_ok}"
|
|
|
|
printf "${output}" | grep -E "^UNKNOWN"
|
|
printf "${output}" | grep -E "^CRITICAL"
|
|
printf "${output}" | grep -E "^WARNING"
|
|
printf "${output}" | grep -E "^OK"
|
|
|
|
exit "${return}"
|