Rev 2574 | Rev 2601 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 807 | franck | 1 | #!/bin/sh |
| 825 | franck | 2 | # $Id: alcasar-daemon.sh 2583 2018-07-27 10:01:29Z rexy $ |
| 807 | franck | 3 | |
| 824 | franck | 4 | # alcasar-daemon.sh |
| 1474 | richard | 5 | # by Franck BOUIJOUX & Rexy |
| 807 | franck | 6 | # This script is distributed under the Gnu General Public License (GPL) |
| 7 | # Watchdog of Services |
||
| 8 | # See /etc/cron.d/alcasar-daemon-watchdog for config the time |
||
| 9 | |||
| 824 | franck | 10 | conf_file="/usr/local/etc/alcasar.conf" |
| 2474 | tom.houday | 11 | SSH=`grep ^SSH= $conf_file|cut -d"=" -f2` # sshd active (on/off) |
| 824 | franck | 12 | SSH=${SSH:=off} |
| 2572 | rexy | 13 | LDAP=`grep ^LDAP= $conf_file|cut -d"=" -f2` # ldap active (on/off) |
| 2574 | rexy | 14 | LDAP=${LDAP:=off} |
| 2583 | rexy | 15 | INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2` # INTIF name |
| 16 | EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2` # EXTIF name |
||
| 2534 | tom.houday | 17 | SERVICES="mysqld lighttpd php-fpm ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat" |
| 1596 | richard | 18 | nb_available_srv=`echo $SERVICES|wc -w` |
| 807 | franck | 19 | |
| 824 | franck | 20 | function ServiceTest () { |
| 1596 | richard | 21 | CMD=`/usr/bin/systemctl is-active $s` |
| 22 | if [ $CMD != "active" ] |
||
| 23 | then |
||
| 2537 | tom.houday | 24 | logger -t alcasar-daemon -i "$s is inactive. Activation attempt" |
| 1596 | richard | 25 | echo "the $s service is disabled! trying to start it..." |
| 2454 | tom.houday | 26 | /usr/bin/systemctl start $s.service |
| 1596 | richard | 27 | else |
| 28 | nb_srv=$((nb_srv+1)) |
||
| 29 | fi |
||
| 824 | franck | 30 | } |
| 807 | franck | 31 | |
| 2583 | rexy | 32 | for NIC in $EXTIF $INTIF |
| 33 | do |
||
| 34 | if [ `/usr/sbin/ip a show $NIC|grep DOWN|wc -l` -eq "1" ] |
||
| 35 | then |
||
| 36 | echo "The network interface card '$NIC' is down! Try to enable it" |
||
| 37 | /usr/sbin/ifup $NIC |
||
| 38 | fi |
||
| 39 | done |
||
| 40 | |||
| 1596 | richard | 41 | nb_srv=0 |
| 1474 | richard | 42 | for s in $SERVICES |
| 807 | franck | 43 | do |
| 2454 | tom.houday | 44 | if [ $s != "sshd" ] |
| 807 | franck | 45 | then |
| 1596 | richard | 46 | ServiceTest |
| 824 | franck | 47 | else |
| 1596 | richard | 48 | { |
| 49 | if [ $SSH == "ON" ] || [ $SSH == "on" ] || [ $SSH == "On" ] |
||
| 2454 | tom.houday | 50 | then |
| 1596 | richard | 51 | ServiceTest |
| 52 | else |
||
| 2520 | rexy | 53 | nb_available_srv=$((nb_available_srv-1)) |
| 1596 | richard | 54 | fi |
| 55 | } |
||
| 807 | franck | 56 | fi |
| 57 | done |
||
| 2537 | tom.houday | 58 | |
| 1596 | richard | 59 | if [ $nb_available_srv -ne $nb_srv ] |
| 2520 | rexy | 60 | then |
| 61 | echo "Restart this script to know if all is ok" |
||
| 1596 | richard | 62 | else |
| 2520 | rexy | 63 | echo "$nb_srv services needed by ALCASAR are started." |
| 1596 | richard | 64 | fi |
| 2520 | rexy | 65 | |
| 66 | if [ `lsmod|grep ipt_NETFLOW|wc -l` == 0 ] |
||
| 67 | then |
||
| 2537 | tom.houday | 68 | logger -t alcasar-daemon -i "ipt_netflow is inactive." |
| 2520 | rexy | 69 | echo "The Log system is disabled! try to know why (modprobe ipt_NETFLOW)" |
| 70 | else |
||
| 71 | echo "The Log system is active" |
||
| 72 | fi |
||
| 2572 | rexy | 73 | if [ ! -e /etc/raddb/mods-enabled/ldap ] |
| 74 | then |
||
| 75 | if [ $LDAP == "ON" ] || [ $LDAP == "on" ] || [ $LDAP == "On" ] |
||
| 76 | then |
||
| 77 | echo "Enable LDAP..." |
||
| 78 | /usr/local/bin/alcasar-ldap.sh -on |
||
| 79 | fi |
||
| 80 | fi |
||
| 2583 | rexy | 81 |