dsa-nagios-checks/checks/dsa-check-config

   1 #!/bin/sh
   2
   3 # Check that debian-admin is in /etc/aliases for root.
   4 # Peter Palfrader, 2008
   5
   6 #my %ERRORS = ( OK => 0, WARNING => 1, CRITICAL => 2, UNKNOWN => -1 );
   7
   8 set -e
   9 err=0
  10
  11 log() {
  12         if [ "$0" = "ok" ] && [ "$err" = 0 ]; then
  13                 err=0
  14         elif [ "$1" = "warn" ] && [ "$err" -lt 1 ]; then
  15                 err=1
  16         elif [ "$1" = "critical" ] && [ "$err" -lt 2 ]; then
  17                 err=2
  18         elif [ "$1" = "unknown" ] && [ "$err" = 0 ]; then
  19                 err=3
  20         fi
  21         if [ "`eval echo \\$$1`" = "" ]; then
  22                 eval $1="\"$2\""
  23         else
  24                 eval $1="\"`eval echo \\$$1`; $2\""
  25         fi
  26 }
  27
  28
  29 check_aliases() {
  30         if ! [ -e /etc/aliases ]; then
  31                 log unknown "/etc/aliases not found"
  32                 return
  33         fi
  34
  35         if egrep '^root:.*debian-admin@debian.org' /etc/aliases > /dev/null; then
  36                 log ok "debian-admin found in aliases"
  37                 return
  38         fi
  39
  40         log warn "debian-admin not found in root entry in aliases"
  41 }
  42
  43 check_ssh_hostkeys() {
  44         if [ -e /etc/ssh/ssh_host_ed25519_key ] ; then
  45                 if ! [ -e /etc/ssh/ssh_host_ed25519_key.pub ]; then
  46                         log warn "Have /etc/ssh/ssh_host_ed25519_key without .pub"
  47                         return
  48                 fi
  49                 if cat /etc/ssh/ssh_known_hosts | awk -v hostname=$(hostname -f) '{split($1,a,","); if (a[1] == hostname) { print } }' | grep -q -F -f /etc/ssh/ssh_host_ed25519_key.pub; then
  50                         log ok "ed25519 host key in known_hosts"
  51                         return
  52                 else
  53                         log warn "ed25519 host key missing from known_hosts"
  54                         return
  55                 fi
  56         else
  57                 log ok "no ed25519 host key"
  58                 return
  59         fi
  60 }
  61
  62 check_ipv6_dad() {
  63         if ip a | grep -q dadfailed; then
  64                 log warn "some configured ipv6 addresses failed DAD"
  65         else
  66                 log ok "no DAD failures"
  67         fi
  68
  69 }
  70
  71
  72
  73 check_aliases
  74 check_ssh_hostkeys
  75 check_ipv6_dad
  76
  77 [ "$critical" = "" ] || echo -n "Critical: $critical; "
  78 [ "$warn" = "" ] || echo -n "Warning: $warn; "
  79 [ "$unknown" = "" ] || echo -n "Unknown: $unknown; "
  80 [ "$ok" = "" ] || echo -n "OK: $ok"
  81 echo
  82 exit $err