Rev 2574 | Rev 2620 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log
#!/bin/sh
# $Id: alcasar-daemon.sh 2583 2018-07-27 10:01:29Z rexy $
# alcasar-daemon.sh
# by Franck BOUIJOUX & Rexy
# This script is distributed under the Gnu General Public License (GPL)
# Watchdog of Services
# See /etc/cron.d/alcasar-daemon-watchdog for config the time
conf_file="/usr/local/etc/alcasar.conf"
SSH=`grep ^SSH= $conf_file|cut -d"=" -f2` # sshd active (on/off)
SSH=${SSH:=off}
LDAP=`grep ^LDAP= $conf_file|cut -d"=" -f2` # ldap active (on/off)
LDAP=${LDAP:=off}
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2` # INTIF name
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2` # EXTIF name
SERVICES="mysqld lighttpd php-fpm ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat"
nb_available_srv=`echo $SERVICES|wc -w`
function ServiceTest () {
CMD=`/usr/bin/systemctl is-active $s`
if [ $CMD != "active" ]
then
logger -t alcasar-daemon -i "$s is inactive. Activation attempt"
echo "the $s service is disabled! trying to start it..."
/usr/bin/systemctl start $s.service
else
nb_srv=$((nb_srv+1))
fi
}
for NIC in $EXTIF $INTIF
do
if [ `/usr/sbin/ip a show $NIC|grep DOWN|wc -l` -eq "1" ]
then
echo "The network interface card '$NIC' is down! Try to enable it"
/usr/sbin/ifup $NIC
fi
done
nb_srv=0
for s in $SERVICES
do
if [ $s != "sshd" ]
then
ServiceTest
else
{
if [ $SSH == "ON" ] || [ $SSH == "on" ] || [ $SSH == "On" ]
then
ServiceTest
else
nb_available_srv=$((nb_available_srv-1))
fi
}
fi
done
if [ $nb_available_srv -ne $nb_srv ]
then
echo "Restart this script to know if all is ok"
else
echo "$nb_srv services needed by ALCASAR are started."
fi
if [ `lsmod|grep ipt_NETFLOW|wc -l` == 0 ]
then
logger -t alcasar-daemon -i "ipt_netflow is inactive."
echo "The Log system is disabled! try to know why (modprobe ipt_NETFLOW)"
else
echo "The Log system is active"
fi
if [ ! -e /etc/raddb/mods-enabled/ldap ]
then
if [ $LDAP == "ON" ] || [ $LDAP == "on" ] || [ $LDAP == "On" ]
then
echo "Enable LDAP..."
/usr/local/bin/alcasar-ldap.sh -on
fi
fi