Jérémy Lecour
0ad1e8d342
bkctld-check-setup checks if the partition is mounted and writable, if firewall is configured and if all jails are started
87 lines
2.4 KiB
Bash
Executable file
87 lines
2.4 KiB
Bash
Executable file
#!/bin/sh
|
|
#
|
|
# Run check on jails (NRPE output)
|
|
# Usage: check
|
|
#
|
|
|
|
# shellcheck source=./includes
|
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
|
|
|
return=0
|
|
nb_crit=0
|
|
nb_warn=0
|
|
nb_ok=0
|
|
nb_unkn=0
|
|
output=""
|
|
|
|
# Verify backup partition is mounted and writable
|
|
|
|
findmnt --mountpoint "${BACKUP_PARTITION}" -O rw > /dev/null
|
|
if [ "$?" -ne 0 ]; then
|
|
nb_crit=$((nb_crit + 1))
|
|
output="${output}CRITICAL - Backup disk \`/backup' is not mounted (or read-only) !\n"
|
|
return=2
|
|
else
|
|
nb_ok=$((nb_ok + 1))
|
|
output="${output}OK - Backup disk \`/backup' is mounted and writable.\n"
|
|
fi
|
|
|
|
# Check if the firewall file is sourced
|
|
|
|
minifirewall_config=/etc/default/minifirewall
|
|
|
|
if [ -n "${FIREWALL_RULES}" ] \
|
|
&& [ -r "${FIREWALL_RULES}" ] \
|
|
&& [ -f "${minifirewall_config}" ]; then
|
|
if grep -qE "^(\.|source) ${FIREWALL_RULES}" "${minifirewall_config}"; then
|
|
nb_ok=$((nb_ok + 1))
|
|
output="${output}OK - Firewall file \`${FIREWALL_RULES}' is sourced by \`${minifirewall_config}'.\n"
|
|
else
|
|
nb_warn=$((nb_warn + 1))
|
|
output="${output}WARNING - Firewall file \`${FIREWALL_RULES}' doesn't seem to be sourced by \`${minifirewall_config}'\n"
|
|
[ "${return}" -le 1 ] && return=1
|
|
fi
|
|
fi
|
|
|
|
# Check if jails are started
|
|
set -x
|
|
nb_on=0
|
|
nb_off=0
|
|
for jail_name in $(jails_list); do
|
|
if "${LIBDIR}/bkctld-is-on" "${jail_name}"; then
|
|
nb_on=$((nb_on + 1))
|
|
else
|
|
expected_state="ON"
|
|
check_policy_file=$(current_jail_check_policy_file "${jail_name}")
|
|
|
|
if [ -f "${check_policy_file}" ]; then
|
|
expected_state=$(read_variable "${check_policy_file}" "EXPECTED_STATE")
|
|
fi
|
|
if [ "${expected_state}" != "OFF" ]; then
|
|
nb_off=$((nb_off + 1))
|
|
fi
|
|
fi
|
|
done
|
|
if [ "${nb_off}" -eq 0 ]; then
|
|
output="${output}OK - all jails are in their expected state .\n"
|
|
else
|
|
output="${output}CRITICAL - ${nb_off} jail(s) shouldn't be OFF !\n"
|
|
nb_crit=$((nb_crit + 1))
|
|
[ "${return}" -le 2 ] && return=2
|
|
fi
|
|
set +x
|
|
|
|
[ "${return}" -ge 0 ] && header="OK"
|
|
[ "${return}" -ge 1 ] && header="WARNING"
|
|
[ "${return}" -ge 2 ] && header="CRITICAL"
|
|
[ "${return}" -ge 3 ] && header="UNKNOWN"
|
|
|
|
printf "%s - %s UNK / %s CRIT / %s WARN / %s OK\n\n" "${header}" "${nb_unkn}" "${nb_crit}" "${nb_warn}" "${nb_ok}"
|
|
|
|
printf "${output}" | grep -E "^UNKNOWN"
|
|
printf "${output}" | grep -E "^CRITICAL"
|
|
printf "${output}" | grep -E "^WARNING"
|
|
printf "${output}" | grep -E "^OK"
|
|
|
|
exit "${return}"
|