Subversion Repositories ALCASAR

Rev

Rev 2583 | Rev 2620 | Go to most recent revision | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2583 Rev 2601
1 
#!/bin/sh
 1 
#!/bin/bash
2 
# $Id: alcasar-daemon.sh 2583 2018-07-27 10:01:29Z rexy $
 2 
# $Id: alcasar-daemon.sh 2601 2018-08-19 23:58:27Z tom.houdayer $
3 
 
 3 
 
4 
# alcasar-daemon.sh
 4 
# alcasar-daemon.sh
5 
# by Franck BOUIJOUX & Rexy
 5 
# by Franck BOUIJOUX & Rexy
6 
# This script is distributed under the Gnu General Public License (GPL)
 6 
# This script is distributed under the Gnu General Public License (GPL)
7 
# Watchdog of Services
 7 
# Watchdog of Services
8 
# See /etc/cron.d/alcasar-daemon-watchdog for config the time
 8 
# See /etc/cron.d/alcasar-daemon-watchdog for config the time
9 
 
 9 
 
10 
conf_file="/usr/local/etc/alcasar.conf"
 10 
conf_file="/usr/local/etc/alcasar.conf"
11 
SSH=`grep ^SSH= $conf_file|cut -d"=" -f2`				# sshd active (on/off)
 11 
SSH=`grep ^SSH= $conf_file|cut -d"=" -f2`				# sshd active (on/off)
12 
SSH=${SSH:=off}
 12 
SSH=${SSH:=off}
13 
LDAP=`grep ^LDAP= $conf_file|cut -d"=" -f2`				# ldap active (on/off)
 13 
LDAP=`grep ^LDAP= $conf_file|cut -d"=" -f2`				# ldap active (on/off)
14 
LDAP=${LDAP:=off}
 14 
LDAP=${LDAP:=off}
15 
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2`				# INTIF name
 15 
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2`				# INTIF name
16 
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2`				# EXTIF name
 16 
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2`				# EXTIF name
17 
SERVICES="mysqld lighttpd php-fpm ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat"
 17 
SERVICES="mysqld lighttpd php-fpm ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd"
18 
nb_available_srv=`echo $SERVICES|wc -w`
 18 
nb_available_srv=`echo $SERVICES|wc -w`
19 
 
 19 
 
20 
function ServiceTest () {
 20 
function ServiceTest () {
21 
	CMD=`/usr/bin/systemctl is-active $s`
 21 
	service=$1
22 
	if [ $CMD != "active" ]
 22 
	if [ $(/usr/bin/systemctl is-active $service) != "active" ]; then
23 
	then
 - 
 
24 
		logger -t alcasar-daemon -i "$s is inactive. Activation attempt"
 23 
		logger -t alcasar-daemon -i "$service is inactive. Activation attempt"
25 
		echo "the $s service is disabled! trying to start it..."
 24 
		echo "the $service service is disabled! trying to start it..."
26 
		/usr/bin/systemctl start $s.service
 25 
		/usr/bin/systemctl start $service.service
27 
	else
 26 
	else
28 
		nb_srv=$((nb_srv+1))
 27 
		nb_srv=$((nb_srv+1))
29 
	fi
 28 
	fi
30 
}
 29 
}
31 
 
 30 
 
32 
for NIC in $EXTIF $INTIF
 31 
for NIC in $EXTIF $INTIF
33 
do
 32 
do
34 
	if [ `/usr/sbin/ip a show $NIC|grep DOWN|wc -l` -eq "1" ]
 33 
	if [ `/usr/sbin/ip a show $NIC|grep DOWN|wc -l` -eq "1" ]
35 
	then
 34 
	then
36 
		echo "The network interface card '$NIC' is down! Try to enable it"
 35 
		echo "The network interface card '$NIC' is down! Try to enable it"
37 
		/usr/sbin/ifup $NIC
 36 
		/usr/sbin/ifup $NIC
38 
	fi
 37 
	fi
39 
done
 38 
done
40 
 
 39 
 
41 
nb_srv=0
 40 
nb_srv=0
42 
for s in $SERVICES
 41 
for service in $SERVICES; do
43 
do
 - 
 
44 
	if [ $s != "sshd" ]
 42 
	if [ $service == 'sshd' ]; then
45 
	then
 - 
 
46 
		ServiceTest
 - 
 
47 
	else
 - 
 
48 
		{
 - 
 
49 
		if [ $SSH == "ON" ] || [ $SSH == "on" ] || [ $SSH == "On" ]
 43 
		if [ $SSH != "ON" ] && [ $SSH != "on" ] && [ $SSH != "On" ]; then
50 
		then
 - 
 
51 
			ServiceTest
 - 
 
52 
		else
 - 
 
53 
			nb_available_srv=$((nb_available_srv-1))
 44 
			nb_available_srv=$((nb_available_srv-1))
- 
 
 45 
			continue
- 
 
 46 
		fi
- 
 
 47 
	elif [ $service == 'gammu-smsd' ]; then
- 
 
 48 
		if [ $(grep '^SMS=' $conf_file | cut -d'=' -f2-) != 'on' ]; then
- 
 
 49 
			nb_available_srv=$((nb_available_srv-1))
- 
 
 50 
			continue
54 
		fi
 51 
		fi
55 
		}
 - 
 
56 
	fi
 52 
	fi
- 
 
 53 
 
- 
 
 54 
	ServiceTest $service
57 
done
 55 
done
58 
 
 56 
 
59 
if [ $nb_available_srv -ne $nb_srv ]
 57 
if [ $nb_available_srv -ne $nb_srv ]
60 
then
 58 
then
61 
	echo "Restart this script to know if all is ok"
 59 
	echo "Restart this script to know if all is ok"
62 
else
 60 
else
63 
	echo "$nb_srv services needed by ALCASAR are started."
 61 
	echo "$nb_srv services needed by ALCASAR are started."
64 
fi
 62 
fi
65 
 
 63 
 
66 
if [ `lsmod|grep ipt_NETFLOW|wc -l` == 0 ]
 64 
if [ `lsmod|grep ipt_NETFLOW|wc -l` == 0 ]
67 
then
 65 
then
68 
	logger -t alcasar-daemon -i "ipt_netflow is inactive."
 66 
	logger -t alcasar-daemon -i "ipt_netflow is inactive."
69 
	echo "The Log system is disabled! try to know why (modprobe ipt_NETFLOW)"
 67 
	echo "The Log system is disabled! try to know why (modprobe ipt_NETFLOW)"
70 
else
 68 
else
71 
	echo "The Log system is active"
 69 
	echo "The Log system is active"
72 
fi
 70 
fi
73 
if [ ! -e /etc/raddb/mods-enabled/ldap ]
 71 
if [ ! -e /etc/raddb/mods-enabled/ldap ]
74 
then
 72 
then
75 
	if [ $LDAP == "ON" ] || [ $LDAP == "on" ] || [ $LDAP == "On" ]
 73 
	if [ $LDAP == "ON" ] || [ $LDAP == "on" ] || [ $LDAP == "On" ]
76 
	then
 74 
	then
77 
	echo "Enable LDAP..."
 75 
	echo "Enable LDAP..."
78 
	/usr/local/bin/alcasar-ldap.sh -on
 76 
	/usr/local/bin/alcasar-ldap.sh -on
79 
	fi
 77 
	fi
80 
fi
 78 
fi
81 
 
 79 
 
82 
 
 80