emdee
/
proxy_role
1
0
Fork 0
Code Issues Pull Requests Wiki Activity
proxy_role/overlay/Linux/usr/local/bin/proxy_hourly.bash

193 lines
5.9 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
PREFIX=/usr/local
ROLE=proxy
DEBUG=1
# The idea here is to run ansible_local.bash --tags daily
# and then use this to do the parsing and throwing errors based on the output.
# This was the ansible run can be free from erroring and this can be
# run repeatedly anytime outside of ansible to deal with the issues raised.
# It is also run at the end of ansible_local.bash --tags daily to raise the issues.
prog=$( basename $0 .bash )
. /usr/local/bin/usr_local_tput.bash || exit 2
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash >/dev/null
PL=/usr/local/bin/proxy_ping_lib.bash
. $PL
PL=
[ -z "$USER" ] && USER=$(id -un )
MYID=$( id -u )
[ $MYID -eq 0 ] || { ERROR $prog must be run as root $MYID ; exit 1 ; }
# . $PREFIX/src/var_local_src.bash
which ansifilter >/dev/null 2>&1 && ansifilter=ansifilter || ansifilter=cat
[ -d /dev/virtio-ports ] && ONE_GUEST=1 || ONE_GUEST=0
ly=hourly
errs=0
warns=0
elt=proxy
LOG_DIR=/usr/local/tmp
ELOG=$LOG_DIR/E${prog}_${ly}$$.log
WLOG=$LOG_DIR/W${prog}_${ly}$$.log
OUT=$LOG_DIR/O${prog}_${ly}$$.log
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
export PATH=$PATH:/usr/local/bin
[ -z "$MODE" ] && MODE=$( $PL proxy_ping_mode )
[ -n "$DEBUG" ] && echo >&2 DEBUG: $prog $ly MODE=$MODE 0=$0 "$#" "$@"
[ -z "$MODE" ] && exit 2
# ubuntu / devuan oddball
route | grep -q 'lo$' || \
ip route add 127.0.0.0/8 dev lo scope host
/usr/local/bin/proxy_ping_test.bash $MODE 2> $ELOG
if [ $ONE_GUEST -eq 0 ] ; then
IP=`ifconfig |grep -A1 wlan|grep inet|sed -e 's/.*inet //' -e 's/ .*//'`
# 10.24.216.64
if [ -n "$IP" ] ; then
grep -q " external" /etc/hosts && \
sed -e "s/.* external/$IP external/" -i /etc/hosts || \
echo "$IP external" >> /etc/hosts
fi
a=`grep nameserver /etc/resolv.conf | grep -v 'nameserver 127.0.0.1'| wc -l`
if [ $? -eq 0 -a -n "$a" -a "$a" -gt 0 ] ; then
/usr/local/bin/base_wall.bash "CRIT: $prog /etc/resolv.conf" `grep nameserver /etc/resolv.conf`
echo 'nameserver 127.0.0.1' > /etc/resolv.conf
fi
[ -d $LOG_DIR/ ] || mkdir -p $LOG_DIR/ || true
find $LOG_DIR/*${prog}_${ly}*.log -ctime +2 -delete || true
if [ -d /etc/ssl/certs/ ] ; then
find -L /etc/ssl/certs/ -type l >> $WLOG
find -L /etc/ssl/certs/ -type l -delete
else
WARN /etc/ssl/certs/ missing
fi
if [ "$MODE" = whonix ] ; then
[ -n "$BASE_SRC_ANSIBLE" ] || BASE_SRC_ANSIBLE=/g/TestForge/src/ansible
BOX_WHONIX_PROXY_HOST=$( /usr/local/bin/testforge_get_inventory.bash BOX_WHONIX_PROXY_HOST )
if [ -n "$BOX_WHONIX_PROXY_HOST" ] && \
which virsh 2>/dev/null >/dev/null && \
virsh list | grep -q "$BOX_WHONIX_PROXY_HOST" ; then
# sh proxy_whonix_host_tor.bash whonix
/usr/local/sbin/proxy_whonix_host.bash proxy_whonix_host_add_block >>$OUT 2>>$ELOG
fi
$PL proxy_libvirt_test >$OUT 2>&1
retval=$?
[ $retval -gt 1 ] && ERROR $prog proxy_libvirt_test retval=$retval >> $ELOG
fi
[ -f /etc/firewall.conf ] || {
ERROR $prog NO FIREWALL /etc/firewall.conf | tee -a $ELOG | \
xargs /usr/local/bin/base_wall.bash
}
ifconfig | grep -q ^wlan
if [ $? -eq 0 ] ; then
wlan7=`ifconfig|grep ^wlan|tail -1| sed -e 's/:.*//'`
grep -q $wlan7 /etc/firewall.conf || {
ERROR $prog NO $wlan7 in /etc/firewall.conf | tee -a $ELOG | \
xargs /usr/local/bin/base_wall.bash
/usr/local/bin/firewall.bash
}
fi
[ -f /var/log/privoxy/logfile ] && \
grep -i fatal /var/log/privoxy/logfile >> $WLOG && \
echo ERROR: Fatal in /var/log/privoxy/logfile |tee -a $ELOG
if route | grep -q ^def ; then
$PL proxy_ping_gw_check || {
ERROR proxy_ping_gw_check >> $ELOG
}
$PL proxy_ping_dnsmasq_check || {
x ERROR proxy_ping_dnsmasq_check >> $ELOG
}
$PL proxy_ping_firewall_check || {
ERROR proxy_ping_firewall_check >> $ELOG
}
$PL proxy_iptables_save >$OUT 2>&1
if [ $? -ne 0 ] || ! grep -q DROP $OUT ; then
ERROR $prog NO FIREWALL - DROP `cat $OUT` | tee -a $ELOG
/usr/local/bin/base_wall.bash ERROR $prog NO FIREWALL - DROP
#? /usr/local/bin/proxy_firewall_restore_iptable.bash /etc/firewall.conf
fi
$PL proxy_test_dirmngr $OUT || \
{ retval=$? ; ERROR proxy_test_dirmngr $retval >> $ELOG ; }
if dmesg | grep --text -A 1 'martian' ; then
dmesg | grep --text -A 1 'martian' | \
xargs echo WARN: martians >> $WLOG
dmesg | grep --text -A 1 'martian' | \
sed -e 's/DST=.*//' -e 's/.*martian_//' -e 's/ OUT=.*SRC=/ /' >> $WLOG
fi
/usr/local/bin/proxy_ping_test.bash dns || {
ERROR $prog no dns >> $ELOG ;
}
/usr/local/bin/proxy_ping_test.bash 3128 || {
# can be false
WARN $prog no 3128 >> $WLOG
}
PROXY_WLAN=$( $PL proxy_get_if )
[ -n "$PROXY_WLAN" -a -f /etc/wicd/wireless-settings.conf ] && \
ps ax | grep -q wpa_supplicant && \
grep -A 1 bad$ /etc/wicd/wireless-settings.conf | \
grep bssid | sed -e 's/.*= //' | \
while read elt ; do \
wpa_cli -i "$PROXY_WLAN" blacklist $elt
done
$PL proxy_ping_firewall_check || \
/usr/local/bin/base_wall.bash $prog 'CRIT: proxy_ping_firewall_check' retval=$?
fi
fi
[ -s $OUT ] && grep WARN: $OUT >> $WLOG
if [ -s $ELOG ] ; then
errs=$( wc -l $ELOG | cut -f 1 -d ' ' )
if [ $? -eq 0 -a $errs -ne 0 ] ; then
ERROR $prog $errs $ly $prog errors in $ELOG
cat $ELOG
/usr/local/bin/base_wall.bash "ERROR: $prog $errs errors in $ELOG"
exit $errs
fi
fi
[ -f $WLOG ] && warns=`wc -l $WLOG | cut -f 1 -d ' '`
[ $? -eq 0 -a $warns -ne 0 ] && \
WARN "$warns $ly $prog warnings in $WLOG"
[ -f $ELOG ] && errs=`wc -l $ELOG | cut -f 1 -d ' '`
if [ $? -eq 0 -a $errs -ne 0 ] ; then
ERROR "$errs $ly $prog errors in $ELOG"
cat $ELOG
exit $errs
fi
[ $errs -eq 0 ] && \
ols_clean_testforge_logs $HARDEN_LOG_DIR && \
[ $warns -eq 0 ] && \
INFO "$prog No $ly errors in $HARDEN_LOG_DIR"
exit 0
Reference in New Issue View Git Blame Copy Permalink