Subversion Repositories ALCASAR

#!/bin/sh

#!/bin/sh

# alcasar-daemon.sh

# alcasar-daemon.sh

# by Franck BOUIJOUX & Rexy

# by Franck BOUIJOUX & Rexy

# This script is distributed under the Gnu General Public License (GPL)

# This script is distributed under the Gnu General Public License (GPL)

# Watchdog of Services

# Watchdog of Services

# See /etc/cron.d/alcasar-daemon-watchdog for config the time

# See /etc/cron.d/alcasar-daemon-watchdog for config the time

conf_file="/usr/local/etc/alcasar.conf"

conf_file="/usr/local/etc/alcasar.conf"

SSH=`grep ^SSH= $conf_file|cut -d"=" -f2`				# sshd active (on/off)

SSH=`grep ^SSH= $conf_file|cut -d"=" -f2`				# sshd active (on/off)

SSH=${SSH:=off}

SSH=${SSH:=off}

LDAP=`grep ^LDAP= $conf_file|cut -d"=" -f2`				# ldap active (on/off)

LDAP=`grep ^LDAP= $conf_file|cut -d"=" -f2`				# ldap active (on/off)

SERVICES="mysqld lighttpd php-fpm ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat"

SERVICES="mysqld lighttpd php-fpm ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat"

nb_available_srv=`echo $SERVICES|wc -w`

nb_available_srv=`echo $SERVICES|wc -w`

function ServiceTest () {

function ServiceTest () {

	CMD=`/usr/bin/systemctl is-active $s`

	CMD=`/usr/bin/systemctl is-active $s`

	if [ $CMD != "active" ]

	if [ $CMD != "active" ]

	then

	then

		logger -t alcasar-daemon -i "$s is inactive. Activation attempt"

		logger -t alcasar-daemon -i "$s is inactive. Activation attempt"

		echo "the $s service is disabled! trying to start it..."

		echo "the $s service is disabled! trying to start it..."

		/usr/bin/systemctl start $s.service

		/usr/bin/systemctl start $s.service

	else

	else

		nb_srv=$((nb_srv+1))

		nb_srv=$((nb_srv+1))

	fi

	fi

}

}

nb_srv=0

nb_srv=0

for s in $SERVICES

for s in $SERVICES

do

do

	if [ $s != "sshd" ]

	if [ $s != "sshd" ]

	then

	then

		ServiceTest

		ServiceTest

	else

	else

		{

		{

		if [ $SSH == "ON" ] || [ $SSH == "on" ] || [ $SSH == "On" ]

		if [ $SSH == "ON" ] || [ $SSH == "on" ] || [ $SSH == "On" ]

		then

		then

			ServiceTest

			ServiceTest

		else

		else

			nb_available_srv=$((nb_available_srv-1))

			nb_available_srv=$((nb_available_srv-1))

		fi

		fi

		}

		}

	fi

	fi

done

done

if [ $nb_available_srv -ne $nb_srv ]

if [ $nb_available_srv -ne $nb_srv ]

then

then

	echo "Restart this script to know if all is ok"

	echo "Restart this script to know if all is ok"

else

else

	echo "$nb_srv services needed by ALCASAR are started."

	echo "$nb_srv services needed by ALCASAR are started."

fi

fi

if [ `lsmod|grep ipt_NETFLOW|wc -l` == 0 ]

if [ `lsmod|grep ipt_NETFLOW|wc -l` == 0 ]

then

then

	logger -t alcasar-daemon -i "ipt_netflow is inactive."

	logger -t alcasar-daemon -i "ipt_netflow is inactive."

	echo "The Log system is disabled! try to know why (modprobe ipt_NETFLOW)"

	echo "The Log system is disabled! try to know why (modprobe ipt_NETFLOW)"

else

else

	echo "The Log system is active"

	echo "The Log system is active"

fi

fi

if [ ! -e /etc/raddb/mods-enabled/ldap ]

if [ ! -e /etc/raddb/mods-enabled/ldap ]

then

then

	if [ $LDAP == "ON" ] || [ $LDAP == "on" ] || [ $LDAP == "On" ]

	if [ $LDAP == "ON" ] || [ $LDAP == "on" ] || [ $LDAP == "On" ]

	then

	then

	echo "Enable LDAP..."

	echo "Enable LDAP..."

	/usr/local/bin/alcasar-ldap.sh -on

	/usr/local/bin/alcasar-ldap.sh -on

	fi

	fi

fi

fi