Subversion Repositories ALCASAR

Rev

Rev 2840 | Rev 2875 | Go to most recent revision | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2840 Rev 2864
1
#!/bin/bash
1
#!/bin/bash
2
# $Id: alcasar-daemon.sh 2840 2020-06-27 22:35:40Z rexy $
2
# $Id: alcasar-daemon.sh 2864 2020-10-18 09:06:17Z rexy $
3
 
3
 
4
# alcasar-daemon.sh
4
# alcasar-daemon.sh
5
# by Franck BOUIJOUX & Rexy
5
# by Franck BOUIJOUX & Rexy
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
# Watchdog of Services
7
# Watchdog of Services
8
# See /etc/cron.d/alcasar-daemon-watchdog for config the time
8
# See /etc/cron.d/alcasar-daemon-watchdog for config the time
9
 
9
 
10
conf_file="/usr/local/etc/alcasar.conf"
10
conf_file="/usr/local/etc/alcasar.conf"
11
SSH=`grep ^SSH= $conf_file|cut -d"=" -f2`                               # sshd active (on/off)
11
SSH=`grep ^SSH= $conf_file|cut -d"=" -f2`                               # sshd active (on/off)
12
SSH=${SSH:=off}
12
SSH=${SSH:=off}
13
SMS=`grep ^SMS= $conf_file|cut -d"=" -f2`                               # SMS active (on/off)
13
SMS=`grep ^SMS= $conf_file|cut -d"=" -f2`                               # SMS active (on/off)
14
SMS=${SMS:=off}
14
SMS=${SMS:=off}
15
LDAP=`grep ^LDAP= $conf_file|cut -d"=" -f2`                             # ldap active (on/off)
15
LDAP=`grep ^LDAP= $conf_file|cut -d"=" -f2`                             # ldap active (on/off)
16
LDAP=${LDAP:=off}
16
LDAP=${LDAP:=off}
17
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2`                           # INTIF name
17
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2`                           # INTIF name
18
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2`                           # EXTIF name
18
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2`                           # EXTIF name
19
SERVICES="mysqld lighttpd php-fpm ntpd unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd"
19
SERVICES="mysqld lighttpd php-fpm ntpd unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd"
20
nb_available_srv=`echo $SERVICES|wc -w`
20
nb_available_srv=`echo $SERVICES|wc -w`
21
 
21
 
22
function ServiceTest () {
22
function ServiceTest () {
23
        service=$1
23
        service=$1
24
        if [ $(/usr/bin/systemctl is-active $service) != "active" ]; then
24
        if [ $(/usr/bin/systemctl is-active $service) != "active" ]; then
25
                logger -t alcasar-daemon -i "$service is inactive. Activation attempt"
25
                logger -t alcasar-daemon -i "$service is inactive. Activation attempt"
26
                echo "the $service service is disabled! trying to start it..."
26
                echo "the $service service is disabled! trying to start it..."
27
                /usr/bin/systemctl start $service.service
27
                /usr/bin/systemctl start $service.service
28
        else
28
        else
29
                nb_srv=$((nb_srv+1))
29
                nb_srv=$((nb_srv+1))
30
        fi
30
        fi
31
}
31
}
32
 
32
 
33
for NIC in $EXTIF $INTIF
33
for NIC in $EXTIF $INTIF
34
do
34
do
35
        if [ `/usr/sbin/ip a show $NIC|grep DOWN|wc -l` -eq "1" ]
35
        if [ `/usr/sbin/ip a show $NIC|grep DOWN|wc -l` -eq "1" ]
36
        then
36
        then
37
                echo "The network interface card '$NIC' is down! Try to enable it"
37
                echo "The network interface card '$NIC' is down! Try to enable it"
38
                /usr/sbin/ifup $NIC
38
                /usr/sbin/ifup $NIC
39
        fi
39
        fi
40
done
40
done
41
 
41
 
42
nb_srv=0
42
nb_srv=0
43
for service in $SERVICES; do
43
for service in $SERVICES; do
44
        if [ $service == 'sshd' ]; then
44
        if [ $service == 'sshd' ]; then
45
                if [ $SSH != "ON" ] && [ $SSH != "on" ] && [ $SSH != "On" ]; then
45
                if [ $SSH != "ON" ] && [ $SSH != "on" ] && [ $SSH != "On" ]; then
46
                        nb_available_srv=$((nb_available_srv-1))
46
                        nb_available_srv=$((nb_available_srv-1))
47
                        continue
47
                        continue
48
                fi
48
                fi
49
        elif [ $service == 'gammu-smsd' ]; then
49
        elif [ $service == 'gammu-smsd' ]; then
50
                if [ $SMS != "ON" ] && [ $SMS != "on" ] && [ $SMS != "On" ]; then
50
                if [ $SMS != "ON" ] && [ $SMS != "on" ] && [ $SMS != "On" ]; then
51
                        nb_available_srv=$((nb_available_srv-1))
51
                        nb_available_srv=$((nb_available_srv-1))
52
                        continue
52
                        continue
53
                fi
53
                fi
54
        fi
54
        fi
55
        ServiceTest $service
55
        ServiceTest $service
56
done
56
done
57
 
57
 
58
if [ $nb_available_srv -ne $nb_srv ]
58
if [ $nb_available_srv -ne $nb_srv ]
59
then
59
then
60
        echo "Restart this script to know if all is ok"
60
        echo "Restart this script to know if all is ok"
61
else
61
else
62
        echo "$nb_srv services needed by ALCASAR are started."
62
        echo "$nb_srv services needed by ALCASAR are started."
63
fi
63
fi
64
 
64
 
65
if [ `lsmod|grep ^ipt_NETFLOW|wc -l` == 0 ]
65
if [ `cat /proc/modules|grep -c ^ipt_NETFLOW` == 0 ]
66
then
66
then
67
        logger -t alcasar-daemon -i "ipt_netflow is inactive."
67
        logger -t alcasar-daemon -i "ipt_netflow is inactive."
68
        echo "The Log system is disabled! try to know why (modprobe ipt_NETFLOW)"
68
        echo "The Log system is disabled! try to know why (modprobe ipt_NETFLOW)"
69
else
69
else
70
        echo "The Log system is active"
70
        echo "The Log system is active"
71
fi
71
fi
72
if [ ! -e /etc/raddb/mods-enabled/ldap ]
72
if [ ! -e /etc/raddb/mods-enabled/ldap ]
73
then
73
then
74
        if [ $LDAP == "ON" ] || [ $LDAP == "on" ] || [ $LDAP == "On" ]
74
        if [ $LDAP == "ON" ] || [ $LDAP == "on" ] || [ $LDAP == "On" ]
75
        then
75
        then
76
        echo "Enable LDAP..."
76
        echo "Enable LDAP..."
77
        /usr/local/bin/alcasar-ldap.sh -on
77
        /usr/local/bin/alcasar-ldap.sh -on
78
        fi
78
        fi
79
fi
79
fi
80
 
80
 
81
 
81