Subversion Repositories ALCASAR

Rev

Rev 2840 | Rev 2875 | Go to most recent revision | Only display areas with differences | Regard whitespace | Details | Blame | Last modification | View Log

Rev 2840 Rev 2864
1
#!/bin/bash
1
#!/bin/bash
2
# $Id: alcasar-daemon.sh 2840 2020-06-27 22:35:40Z rexy $
2
# $Id: alcasar-daemon.sh 2864 2020-10-18 09:06:17Z rexy $
3
 
3
 
4
# alcasar-daemon.sh
4
# alcasar-daemon.sh
5
# by Franck BOUIJOUX & Rexy
5
# by Franck BOUIJOUX & Rexy
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
# Watchdog of Services
7
# Watchdog of Services
8
# See /etc/cron.d/alcasar-daemon-watchdog for config the time
8
# See /etc/cron.d/alcasar-daemon-watchdog for config the time
9
 
9
 
10
conf_file="/usr/local/etc/alcasar.conf"
10
conf_file="/usr/local/etc/alcasar.conf"
11
SSH=`grep ^SSH= $conf_file|cut -d"=" -f2`				# sshd active (on/off)
11
SSH=`grep ^SSH= $conf_file|cut -d"=" -f2`				# sshd active (on/off)
12
SSH=${SSH:=off}
12
SSH=${SSH:=off}
13
SMS=`grep ^SMS= $conf_file|cut -d"=" -f2`				# SMS active (on/off)
13
SMS=`grep ^SMS= $conf_file|cut -d"=" -f2`				# SMS active (on/off)
14
SMS=${SMS:=off}
14
SMS=${SMS:=off}
15
LDAP=`grep ^LDAP= $conf_file|cut -d"=" -f2`				# ldap active (on/off)
15
LDAP=`grep ^LDAP= $conf_file|cut -d"=" -f2`				# ldap active (on/off)
16
LDAP=${LDAP:=off}
16
LDAP=${LDAP:=off}
17
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2`				# INTIF name
17
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2`				# INTIF name
18
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2`				# EXTIF name
18
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2`				# EXTIF name
19
SERVICES="mysqld lighttpd php-fpm ntpd unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd"
19
SERVICES="mysqld lighttpd php-fpm ntpd unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd"
20
nb_available_srv=`echo $SERVICES|wc -w`
20
nb_available_srv=`echo $SERVICES|wc -w`
21
 
21
 
22
function ServiceTest () {
22
function ServiceTest () {
23
	service=$1
23
	service=$1
24
	if [ $(/usr/bin/systemctl is-active $service) != "active" ]; then
24
	if [ $(/usr/bin/systemctl is-active $service) != "active" ]; then
25
		logger -t alcasar-daemon -i "$service is inactive. Activation attempt"
25
		logger -t alcasar-daemon -i "$service is inactive. Activation attempt"
26
		echo "the $service service is disabled! trying to start it..."
26
		echo "the $service service is disabled! trying to start it..."
27
		/usr/bin/systemctl start $service.service
27
		/usr/bin/systemctl start $service.service
28
	else
28
	else
29
		nb_srv=$((nb_srv+1))
29
		nb_srv=$((nb_srv+1))
30
	fi
30
	fi
31
}
31
}
32
 
32
 
33
for NIC in $EXTIF $INTIF
33
for NIC in $EXTIF $INTIF
34
do
34
do
35
	if [ `/usr/sbin/ip a show $NIC|grep DOWN|wc -l` -eq "1" ]
35
	if [ `/usr/sbin/ip a show $NIC|grep DOWN|wc -l` -eq "1" ]
36
	then
36
	then
37
		echo "The network interface card '$NIC' is down! Try to enable it"
37
		echo "The network interface card '$NIC' is down! Try to enable it"
38
		/usr/sbin/ifup $NIC
38
		/usr/sbin/ifup $NIC
39
	fi
39
	fi
40
done
40
done
41
 
41
 
42
nb_srv=0
42
nb_srv=0
43
for service in $SERVICES; do
43
for service in $SERVICES; do
44
	if [ $service == 'sshd' ]; then
44
	if [ $service == 'sshd' ]; then
45
		if [ $SSH != "ON" ] && [ $SSH != "on" ] && [ $SSH != "On" ]; then
45
		if [ $SSH != "ON" ] && [ $SSH != "on" ] && [ $SSH != "On" ]; then
46
			nb_available_srv=$((nb_available_srv-1))
46
			nb_available_srv=$((nb_available_srv-1))
47
			continue
47
			continue
48
		fi
48
		fi
49
	elif [ $service == 'gammu-smsd' ]; then
49
	elif [ $service == 'gammu-smsd' ]; then
50
		if [ $SMS != "ON" ] && [ $SMS != "on" ] && [ $SMS != "On" ]; then
50
		if [ $SMS != "ON" ] && [ $SMS != "on" ] && [ $SMS != "On" ]; then
51
			nb_available_srv=$((nb_available_srv-1))
51
			nb_available_srv=$((nb_available_srv-1))
52
			continue
52
			continue
53
		fi
53
		fi
54
	fi
54
	fi
55
	ServiceTest $service
55
	ServiceTest $service
56
done
56
done
57
 
57
 
58
if [ $nb_available_srv -ne $nb_srv ]
58
if [ $nb_available_srv -ne $nb_srv ]
59
then
59
then
60
	echo "Restart this script to know if all is ok"
60
	echo "Restart this script to know if all is ok"
61
else
61
else
62
	echo "$nb_srv services needed by ALCASAR are started."
62
	echo "$nb_srv services needed by ALCASAR are started."
63
fi
63
fi
64
 
64
 
65
if [ `lsmod|grep ^ipt_NETFLOW|wc -l` == 0 ]
65
if [ `cat /proc/modules|grep -c ^ipt_NETFLOW` == 0 ]
66
then
66
then
67
	logger -t alcasar-daemon -i "ipt_netflow is inactive."
67
	logger -t alcasar-daemon -i "ipt_netflow is inactive."
68
	echo "The Log system is disabled! try to know why (modprobe ipt_NETFLOW)"
68
	echo "The Log system is disabled! try to know why (modprobe ipt_NETFLOW)"
69
else
69
else
70
	echo "The Log system is active"
70
	echo "The Log system is active"
71
fi
71
fi
72
if [ ! -e /etc/raddb/mods-enabled/ldap ]
72
if [ ! -e /etc/raddb/mods-enabled/ldap ]
73
then
73
then
74
	if [ $LDAP == "ON" ] || [ $LDAP == "on" ] || [ $LDAP == "On" ]
74
	if [ $LDAP == "ON" ] || [ $LDAP == "on" ] || [ $LDAP == "On" ]
75
	then
75
	then
76
	echo "Enable LDAP..."
76
	echo "Enable LDAP..."
77
	/usr/local/bin/alcasar-ldap.sh -on
77
	/usr/local/bin/alcasar-ldap.sh -on
78
	fi
78
	fi
79
fi
79
fi
80
 
80
 
81
 
81