Subversion Repositories ALCASAR

Rev

Rev 2878 | Rev 3043 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
2601 tom.houday 1
#!/bin/bash
825 franck 2
# $Id: alcasar-daemon.sh 2967 2021-07-08 09:47:39Z rexy $
807 franck 3
 
824 franck 4
# alcasar-daemon.sh
1474 richard 5
# by Franck BOUIJOUX & Rexy
807 franck 6
# This script is distributed under the Gnu General Public License (GPL)
7
# Watchdog of Services
2967 rexy 8
# With the option "-after-update" checks if services or system need to be restarted after a RPM update
807 franck 9
# See /etc/cron.d/alcasar-daemon-watchdog for config the time
10
 
824 franck 11
conf_file="/usr/local/etc/alcasar.conf"
2474 tom.houday 12
SSH=`grep ^SSH= $conf_file|cut -d"=" -f2`				# sshd active (on/off)
824 franck 13
SSH=${SSH:=off}
2620 rexy 14
SMS=`grep ^SMS= $conf_file|cut -d"=" -f2`				# SMS active (on/off)
15
SMS=${SMS:=off}
2572 rexy 16
LDAP=`grep ^LDAP= $conf_file|cut -d"=" -f2`				# ldap active (on/off)
2574 rexy 17
LDAP=${LDAP:=off}
2583 rexy 18
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2`				# INTIF name
19
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2`				# EXTIF name
2840 rexy 20
SERVICES="mysqld lighttpd php-fpm ntpd unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd"
1596 richard 21
nb_available_srv=`echo $SERVICES|wc -w`
807 franck 22
 
824 franck 23
function ServiceTest () {
2601 tom.houday 24
	service=$1
25
	if [ $(/usr/bin/systemctl is-active $service) != "active" ]; then
26
		logger -t alcasar-daemon -i "$service is inactive. Activation attempt"
27
		echo "the $service service is disabled! trying to start it..."
2875 rexy 28
		if [ $service == 'gammu-smsd' ]; then
29
			/usr/local/bin/alcasar-sms.sh --start
30
		fi
2878 rexy 31
		if [ $service == 'sshd' ]; then
32
			[ -s /etc/ssh/ssh_host_rsa_key ] || rm -f /etc/ssh/ssh_host_* # sometimes sshd doesn't initialise its keys
33
		fi	
34
		/usr/bin/systemctl start $service.service
1596 richard 35
	else
36
		nb_srv=$((nb_srv+1))
37
	fi
824 franck 38
}
807 franck 39
 
2967 rexy 40
usage="Usage: alcasar-daemon.sh {-after-update}"
41
case $1 in
42
	-\? | -h* | --h*)
43
		echo "$usage"
44
		exit 0
45
		;;
46
	-after-update)
47
		# TODO : check precisely which processes should be restarted (reboot the system or restart alcasar processes)
48
		# extract processes name : for i in `dnf needs-restarting|cut -d " " -f3|sort -u|tr -d ":"|rev|cut -d"/" -f1|rev`;do;echo $i;done
49
		# system_processes=`dnf needs-restarting|egrep 'dbus|python|systemd|agetty'|wc -l` # processes to be restarted after glibc update 
50
		nb_processes=`dnf needs-restarting|wc -l`
51
		if [ $nb_processes -ne 0 ]; then
52
			reboot
1596 richard 53
		fi
2967 rexy 54
		;;
55
	*)
56
		for NIC in $EXTIF $INTIF
57
		do
58
			if [ `/usr/sbin/ip a show $NIC|grep DOWN|wc -l` -eq "1" ]; then
59
				echo "The network interface card '$NIC' is down! Try to enable it"
60
				/usr/sbin/ifup $NIC
61
			fi
62
		done
63
 
64
		nb_srv=0
65
		for service in $SERVICES; do
66
			if [ $service == 'sshd' ]; then
67
				if [ $SSH != "ON" ] && [ $SSH != "on" ] && [ $SSH != "On" ]; then
68
					nb_available_srv=$((nb_available_srv-1))
69
					continue
70
				fi
71
			elif [ $service == 'gammu-smsd' ]; then
72
				if [ $SMS != "ON" ] && [ $SMS != "on" ] && [ $SMS != "On" ]; then
73
					nb_available_srv=$((nb_available_srv-1))
74
					continue
75
				fi
76
			fi
77
			ServiceTest $service
78
		done
79
 
80
		if [ $nb_available_srv -ne $nb_srv ]; then
81
			echo "Restart this script to know if all is ok"
82
		else
83
			echo "$nb_srv services needed by ALCASAR are started."
2601 tom.houday 84
		fi
2967 rexy 85
 
86
		if [ `cat /proc/modules|grep -c ^ipt_NETFLOW` == 0 ]; then
87
			logger -t alcasar-daemon -i "ipt_netflow is inactive."
88
			echo "The Log system is disabled! try to know why (modprobe ipt_NETFLOW)"
89
		else
90
			echo "The Log system is active"
91
		fi
92
		if [ ! -e /etc/raddb/mods-enabled/ldap ]; then
93
			if [ $LDAP == "ON" ] || [ $LDAP == "on" ] || [ $LDAP == "On" ]; then
94
				echo "Enabling LDAP..."
95
				/usr/local/bin/alcasar-ldap.sh -on
96
			fi
97
		fi
98
	;;
99
esac