| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar-daemon.sh 2967 2021-07-08 09:47:39Z rexy $
|
2 |
# $Id: alcasar-daemon.sh 3043 2022-07-22 17:10:23Z rexy $
|
| 3 |
|
3 |
|
| 4 |
# alcasar-daemon.sh
|
4 |
# alcasar-daemon.sh
|
| 5 |
# by Franck BOUIJOUX & Rexy
|
5 |
# by Franck BOUIJOUX & Rexy
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
# Watchdog of Services
|
7 |
# Watchdog of Services
|
| 8 |
# With the option "-after-update" checks if services or system need to be restarted after a RPM update
|
8 |
# With the option "-after-update" checks if services or system need to be restarted after a RPM update
|
| 9 |
# See /etc/cron.d/alcasar-daemon-watchdog for config the time
|
9 |
# See /etc/cron.d/alcasar-daemon-watchdog for config the time
|
| 10 |
|
10 |
|
| 11 |
conf_file="/usr/local/etc/alcasar.conf"
|
11 |
conf_file="/usr/local/etc/alcasar.conf"
|
| 12 |
SSH=`grep ^SSH= $conf_file|cut -d"=" -f2` # sshd active (on/off)
|
- |
|
| 13 |
SSH=${SSH:=off}
|
- |
|
| 14 |
SMS=`grep ^SMS= $conf_file|cut -d"=" -f2` # SMS active (on/off)
|
12 |
SMS=`grep ^SMS= $conf_file|cut -d"=" -f2` # SMS active (on/off)
|
| 15 |
SMS=${SMS:=off}
|
13 |
SMS=${SMS:=off}
|
| 16 |
LDAP=`grep ^LDAP= $conf_file|cut -d"=" -f2` # ldap active (on/off)
|
14 |
LDAP=`grep ^LDAP= $conf_file|cut -d"=" -f2` # ldap active (on/off)
|
| 17 |
LDAP=${LDAP:=off}
|
15 |
LDAP=${LDAP:=off}
|
| 18 |
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2` # INTIF name
|
16 |
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2` # INTIF name
|
| 19 |
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2` # EXTIF name
|
17 |
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2` # EXTIF name
|
| 20 |
SERVICES="mysqld lighttpd php-fpm ntpd unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd"
|
18 |
SERVICES="mysqld lighttpd php-fpm ntpd unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd"
|
| 21 |
nb_available_srv=`echo $SERVICES|wc -w`
|
19 |
nb_available_srv=`echo $SERVICES|wc -w`
|
| 22 |
|
20 |
|
| 23 |
function ServiceTest () {
|
21 |
function ServiceTest () {
|
| 24 |
service=$1
|
22 |
service=$1
|
| 25 |
if [ $(/usr/bin/systemctl is-active $service) != "active" ]; then
|
23 |
if [ $(/usr/bin/systemctl is-active $service) != "active" ]; then
|
| 26 |
logger -t alcasar-daemon -i "$service is inactive. Activation attempt"
|
24 |
logger -t alcasar-daemon -i "$service is inactive. Activation attempt"
|
| 27 |
echo "the $service service is disabled! trying to start it..."
|
25 |
echo "the $service service is disabled! trying to start it..."
|
| 28 |
if [ $service == 'gammu-smsd' ]; then
|
26 |
if [ $service == 'gammu-smsd' ]; then
|
| 29 |
/usr/local/bin/alcasar-sms.sh --start
|
27 |
/usr/local/bin/alcasar-sms.sh --start
|
| 30 |
fi
|
28 |
fi
|
| 31 |
if [ $service == 'sshd' ]; then
|
29 |
if [ $service == 'sshd' ]; then
|
| 32 |
[ -s /etc/ssh/ssh_host_rsa_key ] || rm -f /etc/ssh/ssh_host_* # sometimes sshd doesn't initialise its keys
|
30 |
[ -s /etc/ssh/ssh_host_rsa_key ] || rm -f /etc/ssh/ssh_host_* # sometimes sshd doesn't initialise its keys
|
| 33 |
fi
|
31 |
fi
|
| 34 |
/usr/bin/systemctl start $service.service
|
32 |
/usr/bin/systemctl start $service.service
|
| 35 |
else
|
33 |
else
|
| 36 |
nb_srv=$((nb_srv+1))
|
34 |
nb_srv=$((nb_srv+1))
|
| 37 |
fi
|
35 |
fi
|
| 38 |
}
|
36 |
}
|
| 39 |
|
37 |
|
| 40 |
usage="Usage: alcasar-daemon.sh {-after-update}"
|
38 |
usage="Usage: alcasar-daemon.sh {-after-update}"
|
| 41 |
case $1 in
|
39 |
case $1 in
|
| 42 |
-\? | -h* | --h*)
|
40 |
-\? | -h* | --h*)
|
| 43 |
echo "$usage"
|
41 |
echo "$usage"
|
| 44 |
exit 0
|
42 |
exit 0
|
| 45 |
;;
|
43 |
;;
|
| 46 |
-after-update)
|
44 |
-after-update)
|
| 47 |
# TODO : check precisely which processes should be restarted (reboot the system or restart alcasar processes)
|
45 |
# TODO : check precisely which processes should be restarted (reboot the system or restart alcasar processes)
|
| 48 |
# extract processes name : for i in `dnf needs-restarting|cut -d " " -f3|sort -u|tr -d ":"|rev|cut -d"/" -f1|rev`;do;echo $i;done
|
46 |
# extract processes name : for i in `dnf needs-restarting|cut -d " " -f3|sort -u|tr -d ":"|rev|cut -d"/" -f1|rev`;do;echo $i;done
|
| 49 |
# system_processes=`dnf needs-restarting|egrep 'dbus|python|systemd|agetty'|wc -l` # processes to be restarted after glibc update
|
47 |
# system_processes=`dnf needs-restarting|egrep 'dbus|python|systemd|agetty'|wc -l` # processes to be restarted after glibc update
|
| 50 |
nb_processes=`dnf needs-restarting|wc -l`
|
48 |
nb_processes=`dnf needs-restarting|wc -l`
|
| 51 |
if [ $nb_processes -ne 0 ]; then
|
49 |
if [ $nb_processes -ne 0 ]; then
|
| 52 |
reboot
|
50 |
reboot
|
| 53 |
fi
|
51 |
fi
|
| 54 |
;;
|
52 |
;;
|
| 55 |
*)
|
53 |
*)
|
| 56 |
for NIC in $EXTIF $INTIF
|
54 |
for NIC in $EXTIF $INTIF
|
| 57 |
do
|
55 |
do
|
| 58 |
if [ `/usr/sbin/ip a show $NIC|grep DOWN|wc -l` -eq "1" ]; then
|
56 |
if [ `/usr/sbin/ip a show $NIC|grep DOWN|wc -l` -eq "1" ]; then
|
| 59 |
echo "The network interface card '$NIC' is down! Try to enable it"
|
57 |
echo "The network interface card '$NIC' is down! Try to enable it"
|
| 60 |
/usr/sbin/ifup $NIC
|
58 |
/usr/sbin/ifup $NIC
|
| 61 |
fi
|
59 |
fi
|
| 62 |
done
|
60 |
done
|
| 63 |
|
61 |
|
| 64 |
nb_srv=0
|
62 |
nb_srv=0
|
| 65 |
for service in $SERVICES; do
|
63 |
for service in $SERVICES; do
|
| 66 |
if [ $service == 'sshd' ]; then
|
- |
|
| 67 |
if [ $SSH != "ON" ] && [ $SSH != "on" ] && [ $SSH != "On" ]; then
|
- |
|
| 68 |
nb_available_srv=$((nb_available_srv-1))
|
- |
|
| 69 |
continue
|
- |
|
| 70 |
fi
|
- |
|
| 71 |
elif [ $service == 'gammu-smsd' ]; then
|
64 |
if [ $service == 'gammu-smsd' ]; then
|
| 72 |
if [ $SMS != "ON" ] && [ $SMS != "on" ] && [ $SMS != "On" ]; then
|
65 |
if [ $SMS != "ON" ] && [ $SMS != "on" ] && [ $SMS != "On" ]; then
|
| 73 |
nb_available_srv=$((nb_available_srv-1))
|
66 |
nb_available_srv=$((nb_available_srv-1))
|
| 74 |
continue
|
67 |
continue
|
| 75 |
fi
|
68 |
fi
|
| 76 |
fi
|
69 |
fi
|
| 77 |
ServiceTest $service
|
70 |
ServiceTest $service
|
| 78 |
done
|
71 |
done
|
| 79 |
|
72 |
|
| 80 |
if [ $nb_available_srv -ne $nb_srv ]; then
|
73 |
if [ $nb_available_srv -ne $nb_srv ]; then
|
| 81 |
echo "Restart this script to know if all is ok"
|
74 |
echo "Restart this script to know if all is ok"
|
| 82 |
else
|
75 |
else
|
| 83 |
echo "$nb_srv services needed by ALCASAR are started."
|
76 |
echo "$nb_srv services needed by ALCASAR are started."
|
| 84 |
fi
|
77 |
fi
|
| 85 |
|
78 |
|
| 86 |
if [ `cat /proc/modules|grep -c ^ipt_NETFLOW` == 0 ]; then
|
79 |
if [ `cat /proc/modules|grep -c ^ipt_NETFLOW` == 0 ]; then
|
| 87 |
logger -t alcasar-daemon -i "ipt_netflow is inactive."
|
80 |
logger -t alcasar-daemon -i "ipt_netflow is inactive."
|
| 88 |
echo "The Log system is disabled! try to know why (modprobe ipt_NETFLOW)"
|
81 |
echo "The Log system is disabled! try to know why (modprobe ipt_NETFLOW)"
|
| 89 |
else
|
82 |
else
|
| 90 |
echo "The Log system is active"
|
83 |
echo "The Log system is active"
|
| 91 |
fi
|
84 |
fi
|
| 92 |
if [ ! -e /etc/raddb/mods-enabled/ldap ]; then
|
85 |
if [ ! -e /etc/raddb/mods-enabled/ldap ]; then
|
| 93 |
if [ $LDAP == "ON" ] || [ $LDAP == "on" ] || [ $LDAP == "On" ]; then
|
86 |
if [ $LDAP == "ON" ] || [ $LDAP == "on" ] || [ $LDAP == "On" ]; then
|
| 94 |
echo "Enabling LDAP..."
|
87 |
echo "Enabling LDAP..."
|
| 95 |
/usr/local/bin/alcasar-ldap.sh -on
|
88 |
/usr/local/bin/alcasar-ldap.sh -on
|
| 96 |
fi
|
89 |
fi
|
| 97 |
fi
|
90 |
fi
|
| 98 |
;;
|
91 |
;;
|
| 99 |
esac
|
92 |
esac
|
| 100 |
|
93 |
|