Subversion Repositories ALCASAR

Rev

Rev 2574 | Rev 2601 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
807 franck 1
#!/bin/sh
825 franck 2
# $Id: alcasar-daemon.sh 2583 2018-07-27 10:01:29Z rexy $
807 franck 3
 
824 franck 4
# alcasar-daemon.sh
1474 richard 5
# by Franck BOUIJOUX & Rexy
807 franck 6
# This script is distributed under the Gnu General Public License (GPL)
7
# Watchdog of Services
8
# See /etc/cron.d/alcasar-daemon-watchdog for config the time
9
 
824 franck 10
conf_file="/usr/local/etc/alcasar.conf"
2474 tom.houday 11
SSH=`grep ^SSH= $conf_file|cut -d"=" -f2`                               # sshd active (on/off)
824 franck 12
SSH=${SSH:=off}
2572 rexy 13
LDAP=`grep ^LDAP= $conf_file|cut -d"=" -f2`                             # ldap active (on/off)
2574 rexy 14
LDAP=${LDAP:=off}
2583 rexy 15
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2`                           # INTIF name
16
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2`                           # EXTIF name
2534 tom.houday 17
SERVICES="mysqld lighttpd php-fpm ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat"
1596 richard 18
nb_available_srv=`echo $SERVICES|wc -w`
807 franck 19
 
824 franck 20
function ServiceTest () {
1596 richard 21
        CMD=`/usr/bin/systemctl is-active $s`
22
        if [ $CMD != "active" ]
23
        then
2537 tom.houday 24
                logger -t alcasar-daemon -i "$s is inactive. Activation attempt"
1596 richard 25
                echo "the $s service is disabled! trying to start it..."
2454 tom.houday 26
                /usr/bin/systemctl start $s.service
1596 richard 27
        else
28
                nb_srv=$((nb_srv+1))
29
        fi
824 franck 30
}
807 franck 31
 
2583 rexy 32
for NIC in $EXTIF $INTIF
33
do
34
        if [ `/usr/sbin/ip a show $NIC|grep DOWN|wc -l` -eq "1" ]
35
        then
36
                echo "The network interface card '$NIC' is down! Try to enable it"
37
                /usr/sbin/ifup $NIC
38
        fi
39
done
40
 
1596 richard 41
nb_srv=0
1474 richard 42
for s in $SERVICES
807 franck 43
do
2454 tom.houday 44
        if [ $s != "sshd" ]
807 franck 45
        then
1596 richard 46
                ServiceTest
824 franck 47
        else
1596 richard 48
                {
49
                if [ $SSH == "ON" ] || [ $SSH == "on" ] || [ $SSH == "On" ]
2454 tom.houday 50
                then
1596 richard 51
                        ServiceTest
52
                else
2520 rexy 53
                        nb_available_srv=$((nb_available_srv-1))
1596 richard 54
                fi
55
                }
807 franck 56
        fi
57
done
2537 tom.houday 58
 
1596 richard 59
if [ $nb_available_srv -ne $nb_srv ]
2520 rexy 60
then
61
        echo "Restart this script to know if all is ok"
1596 richard 62
else
2520 rexy 63
        echo "$nb_srv services needed by ALCASAR are started."
1596 richard 64
fi
2520 rexy 65
 
66
if [ `lsmod|grep ipt_NETFLOW|wc -l` == 0 ]
67
then
2537 tom.houday 68
        logger -t alcasar-daemon -i "ipt_netflow is inactive."
2520 rexy 69
        echo "The Log system is disabled! try to know why (modprobe ipt_NETFLOW)"
70
else
71
        echo "The Log system is active"
72
fi
2572 rexy 73
if [ ! -e /etc/raddb/mods-enabled/ldap ]
74
then
75
        if [ $LDAP == "ON" ] || [ $LDAP == "on" ] || [ $LDAP == "On" ]
76
        then
77
        echo "Enable LDAP..."
78
        /usr/local/bin/alcasar-ldap.sh -on
79
        fi
80
fi
2583 rexy 81