Linux altar53.supremepanel53.com 4.18.0-553.8.1.lve.el8.x86_64 #1 SMP Thu Jul 4 16:24:39 UTC 2024 x86_64
/ lib64/ nagios/ plugins/ |
|
#!/bin/bash VERSION="$(grep 'VERSION_ID=' /etc/os-release | cut -d'"' -f 2)" MAJOR_VERSION="$(cut -d'.' -f 1 <<< "$VERSION")" if [[ "$MAJOR_VERSION" -lt 8 ]]; then echo "OK: Server OS version is $VERSION." exit 0 fi MYSQL_USER="netfilter" MYSQL_PASS="DkqioJ6ENxXfqCy" MYSQL_DATABASE="netfilter" module_name="netfilt" daemon_name="outconnm" hash_tables=('Whitelist Table' 'Blocklist Table' 'Ratelimited Table') module_stats_file='/proc/module_stats' SE_CRIT_TRESHOLD=50 SE_WARN_TRESHOLD=75 module_debug_file='/sys/module/netfilt/parameters/debug' daemon_debug_file='/etc/am_outconnm_config.cfg' if ! sudo /usr/bin/grep "$module_name" /proc/modules | grep -q 'Live'; then echo "CRITICAL: $module_name is not loaded." exit 2 fi daemon_pid="$(sudo /usr/bin/pgrep -x $daemon_name)" if [ -z "$daemon_pid" ]; then echo "CRITICAL: $daemon_name daemon is not running." exit 2 fi for table in "${hash_tables[@]}"; do se="$(sudo /usr/bin/cat "$module_stats_file" | grep -A 5 "$table" | grep 'Spread Effectiveness' | awk '{print$3}')" if [ -z "$se" ]; then echo "CRITICAL: Could not get $table Spread Effectiveness." exit 2 elif [ "$se" -lt "$SE_CRIT_TRESHOLD" ]; then echo "CRITICAL: $table Spread Effectiveness < $SE_CRIT_TRESHOLD" exit 2 elif [ "$se" -lt "$SE_WARN_TRESHOLD" ]; then echo "WARNING: $table Spread Effectiveness < $SE_WARN_TRESHOLD" exit 1 fi done status="$(mysql -u "$MYSQL_USER" -p"$MYSQL_PASS" "$MYSQL_DATABASE" -sNLe 'SELECT MODULE,DAEMON FROM status;' 2>&1 | grep -v 'Using a password on the command line interface can be insecure')" module_status="$(awk '{print$1}' <<< "$status")" daemon_status="$(awk '{print$2}' <<< "$status")" if [ -z "$module_status" ] || [ -z "$daemon_status" ]; then echo "CRITICAL: Could not get MODULE/DAEMON status from database." exit 2 elif [ "$module_status" != "1" ] || [ "$daemon_status" != "1" ]; then echo "WARNING: MODULE/DAEMON status in database is not OK." exit 1 fi module_debug="$(sudo /usr/bin/cat $module_debug_file)" if [ -z "$module_debug" ]; then echo "CRITICAL: $module_name module debug status is unknown." exit 2 elif [ "$module_debug" != "0" ]; then echo "WARNING: $module_name module debug is enabled." exit 1 fi daemon_debug="$(grep 'DEBUG' $daemon_debug_file | awk '{print$3}')" if [ -z "$daemon_debug" ]; then echo "CRITICAL: Could not get $daemon_name daemon debug value from config." exit 2 elif [ "$daemon_debug" != "0" ] && [ "$daemon_debug" != "0;" ]; then echo "WARNING: $daemon_name daemon has debug set in config." exit 1 fi echo "OK: Outgoing Connection Manager is running." exit 0