Rev 2537 | Rev 2574 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 807 | franck | 1 | #!/bin/sh |
| 825 | franck | 2 | # $Id: alcasar-daemon.sh 2572 2018-07-20 16:55:00Z rexy $ |
| 807 | franck | 3 | |
| 824 | franck | 4 | # alcasar-daemon.sh |
| 1474 | richard | 5 | # by Franck BOUIJOUX & Rexy |
| 807 | franck | 6 | # This script is distributed under the Gnu General Public License (GPL) |
| 7 | # Watchdog of Services |
||
| 8 | # See /etc/cron.d/alcasar-daemon-watchdog for config the time |
||
| 9 | |||
| 824 | franck | 10 | conf_file="/usr/local/etc/alcasar.conf" |
| 2474 | tom.houday | 11 | SSH=`grep ^SSH= $conf_file|cut -d"=" -f2` # sshd active (on/off) |
| 824 | franck | 12 | SSH=${SSH:=off} |
| 2572 | rexy | 13 | LDAP=`grep ^LDAP= $conf_file|cut -d"=" -f2` # ldap active (on/off) |
| 14 | LDAP=${SSH:=off} |
||
| 2534 | tom.houday | 15 | SERVICES="mysqld lighttpd php-fpm ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat" |
| 1596 | richard | 16 | nb_available_srv=`echo $SERVICES|wc -w` |
| 807 | franck | 17 | |
| 824 | franck | 18 | function ServiceTest () { |
| 1596 | richard | 19 | CMD=`/usr/bin/systemctl is-active $s` |
| 20 | if [ $CMD != "active" ] |
||
| 21 | then |
||
| 2537 | tom.houday | 22 | logger -t alcasar-daemon -i "$s is inactive. Activation attempt" |
| 1596 | richard | 23 | echo "the $s service is disabled! trying to start it..." |
| 2454 | tom.houday | 24 | /usr/bin/systemctl start $s.service |
| 1596 | richard | 25 | else |
| 26 | nb_srv=$((nb_srv+1)) |
||
| 27 | fi |
||
| 824 | franck | 28 | } |
| 807 | franck | 29 | |
| 1596 | richard | 30 | nb_srv=0 |
| 1474 | richard | 31 | for s in $SERVICES |
| 807 | franck | 32 | do |
| 2454 | tom.houday | 33 | if [ $s != "sshd" ] |
| 807 | franck | 34 | then |
| 1596 | richard | 35 | ServiceTest |
| 824 | franck | 36 | else |
| 1596 | richard | 37 | { |
| 38 | if [ $SSH == "ON" ] || [ $SSH == "on" ] || [ $SSH == "On" ] |
||
| 2454 | tom.houday | 39 | then |
| 1596 | richard | 40 | ServiceTest |
| 41 | else |
||
| 2520 | rexy | 42 | nb_available_srv=$((nb_available_srv-1)) |
| 1596 | richard | 43 | fi |
| 44 | } |
||
| 807 | franck | 45 | fi |
| 46 | done |
||
| 2537 | tom.houday | 47 | |
| 1596 | richard | 48 | if [ $nb_available_srv -ne $nb_srv ] |
| 2520 | rexy | 49 | then |
| 50 | echo "Restart this script to know if all is ok" |
||
| 1596 | richard | 51 | else |
| 2520 | rexy | 52 | echo "$nb_srv services needed by ALCASAR are started." |
| 1596 | richard | 53 | fi |
| 2520 | rexy | 54 | |
| 55 | if [ `lsmod|grep ipt_NETFLOW|wc -l` == 0 ] |
||
| 56 | then |
||
| 2537 | tom.houday | 57 | logger -t alcasar-daemon -i "ipt_netflow is inactive." |
| 2520 | rexy | 58 | echo "The Log system is disabled! try to know why (modprobe ipt_NETFLOW)" |
| 59 | else |
||
| 60 | echo "The Log system is active" |
||
| 61 | fi |
||
| 2572 | rexy | 62 | if [ ! -e /etc/raddb/mods-enabled/ldap ] |
| 63 | then |
||
| 64 | if [ $LDAP == "ON" ] || [ $LDAP == "on" ] || [ $LDAP == "On" ] |
||
| 65 | then |
||
| 66 | echo "Enable LDAP..." |
||
| 67 | /usr/local/bin/alcasar-ldap.sh -on |
||
| 68 | fi |
||
| 69 | fi |