Everbrent/cis
8
0
Fork 0
mirror of https://github.com/m8tin/cis.git synced 2026-06-02 14:56:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Introducing ssh.module.sh

Browse Source
This commit is contained in:
m8in
2026-05-16 23:39:40 +02:00
parent 30279d1056
commit bcf92589d3
7 changed files with 105 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files
core/base.module.sh
+3 -1
View File
@@ -122,7 +122,7 @@ function prepare.setCIS() {
CIS[COMPOSITIONS]="${CIS[DOMAINDEFINITIONS]:?"Missing DOMAINDEFINITIONS"}compositions/"
CIS[GENERICMONITORCHECKS]="${CIS[SCRIPTSROOT]:?"Missing SCRIPTROOT"}monitor/generic/"
CIS[SET]="normal"
CIS[SET]='ready'
# Sets the write protection of array 'CIS'
declare -A -g -r CIS
return 0
@@ -395,6 +395,8 @@ if [ "${BASH_SOURCE[0]}" == "${0}" ]; then
echo "-------------------------------------------------------------------------"
declare -F | grep "base." | cut -d" " -f3 | xargs -n1 printf " %s\n"
exit 1
elif [ "${CIS[SET]}" == "ready" ]; then
base.log debug "Module '${BASH_SOURCE[0]}' already loaded"
else
# If not exists, define a global array 'COLOR'
trap "base.abort ' User-initiated termination.'" INT \
module/ssh.module.sh
Executable
+68
View File
@@ -0,0 +1,68 @@
#!/bin/bash
source /cis/core/base.module.sh
function ssh.onHostRun() {
local _REMOTE_HOST _COMMAND
base.set _REMOTE_HOST "${1:?"FQDN of server missing: e.g. host.example.net[:port]"}" '^([a-zA-Z0-9][a-zA-Z0-9@.-]*)+(:[0-9]+)?$'
base.set _COMMAND "${2:?"COMMAND missing"}" '[-a-zA-Z0-9\|/_:,.]+'
local _REMOTE_USER _REMOTE_HOSTNAME_FQDN _REMOTE_PORT _SOCKET
_REMOTE_USER="@${_REMOTE_HOST}" #Ensures leading '@'
_REMOTE_USER="${_REMOTE_USER%@*}" #Removes shortest matching pattern '@*' from the end => @user or nothing
_REMOTE_USER="${_REMOTE_USER##*@}" #Removes longest matching pattern '*@' from the begin => user
_REMOTE_USER="${_REMOTE_USER:-"$(whoami)"}"
_REMOTE_HOSTNAME_FQDN="${_REMOTE_HOST}"
_REMOTE_HOSTNAME_FQDN="${_REMOTE_HOSTNAME_FQDN##*@}" #Removes longest matching pattern '*@' from the begin
_REMOTE_HOSTNAME_FQDN="${_REMOTE_HOSTNAME_FQDN%%:*}" #Removes longest matching pattern ':*' from the end
_REMOTE_PORT="${_REMOTE_HOST}:" #Ensures tailing ':'
_REMOTE_PORT="${_REMOTE_PORT#*:}" #Removes shortest matching pattern '*:' from the begin => 123: or nothing
_REMOTE_PORT="${_REMOTE_PORT%%:*}" #Removes longest matching pattern ':*' from the end => 123
_REMOTE_PORT="${_REMOTE_PORT:-"22"}"
_SOCKET='~/.ssh/%r@%h:%p'
readonly _REMOTE_USER _REMOTE_HOSTNAME_FQDN _REMOTE_PORT _SOCKET
function checkOrStartSSHMaster() {
timeout --preserve-status 1 ssh -O check -S ${_SOCKET} -p ${_REMOTE_PORT} ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} 2>&1 | grep -q -F 'Master running' \
&& return 0
ssh -O stop -S ${_SOCKET} -p ${_REMOTE_PORT} ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} &> /dev/null
ssh -o ControlMaster=auto \
-o ControlPath=${_SOCKET} \
-o ControlPersist=65 \
-p ${_REMOTE_PORT} \
-f ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} exit &> /dev/null \
&& return 0
base.abort "FAILURE: Establishing SSH connection" "Is the setup ok?"
return 1
}
checkOrStartSSHMaster \
|| return 1
ssh -S ${_SOCKET} -p ${_REMOTE_PORT} ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} "${_COMMAND}"
}
# Check if this module was started correctly using source
if [ "${BASH_SOURCE[0]}" == "${0}" ]; then
# Script was executed directly
echo "FAILURE: you are using this module 'ssh.module.sh' in a wrong way."
echo " It is intended as a utility library and should not be called directly."
echo
echo "Usage: Call this module at the beginning of your script e.g. like this:"
echo
echo ' #!/bin/bash'
echo ' source /cis/core/base.module.sh'
echo
echo ' #Loads this module'
echo ' base.loadModule ssh'
echo
echo "Now you can use the functions provided by this module inside your script:"
echo "-------------------------------------------------------------------------"
declare -F | grep "ssh." | cut -d" " -f3
exit 1
fi
script/monitor/generic/CIS_OWN_DOMAIN_CHECK.sh
+6 -32
View File
@@ -1,46 +1,20 @@
#!/bin/bash
_REMOTE_HOST="${1:?"FQDN of server missing: e.g. host.example.net[:port]"}"
_REMOTE_HOSTNAME_FQDN="${_REMOTE_HOST%%:*}" #Removes longest matching pattern ':*' from the end
_REMOTE_HOSTNAME_SHORT="${_REMOTE_HOSTNAME_FQDN%%.*}" #Removes longest matching pattern '.*' from the end
_REMOTE_PORT="${_REMOTE_HOST}:"
_REMOTE_PORT="${_REMOTE_PORT#*:}" #Removes shortest matching pattern '*:' from the begin
_REMOTE_PORT="${_REMOTE_PORT%%:*}" #Removes longest matching pattern ':*' from the end
_REMOTE_PORT="${_REMOTE_PORT:-"22"}"
_REMOTE_USER="monitoring"
_SOCKET='~/.ssh/%r@%h:%p'
source /cis/core/base.module.sh
base.loadModule ssh
function checkOrStartSSHMaster() {
timeout --preserve-status 1 ssh -O check -S ${_SOCKET} -p ${_REMOTE_PORT} ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} 2>&1 | grep -q -F 'Master running' \
&& return 0
ssh -O stop -S ${_SOCKET} -p ${_REMOTE_PORT} ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} &> /dev/null
ssh -o ControlMaster=auto \
-o ControlPath=${_SOCKET} \
-o ControlPersist=65 \
-p ${_REMOTE_PORT} \
-f ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} exit &> /dev/null \
&& return 0
echo "FAIL#SSH connection (setup ok?)"
return 1
}
function testDomain(){
checkOrStartSSHMaster \
|| return 1
local _RESULT=$(ssh -S "${_SOCKET}" -p "${_REMOTE_PORT}" "${_REMOTE_USER}"@"${_REMOTE_HOSTNAME_FQDN}" 'bash /cis/core/printOwnDomain.sh' 2>&1 1>/dev/null)
local _RESULT=$(ssh.onHostRun "monitoring@${1:?"Missing REMOTE_HOST"}" 'bash /cis/core/printOwnDomain.sh' 2>&1 1>/dev/null)
[ -z "${_RESULT}" ] \
&& echo "OK" \
&& return 0
local _DOMAIN=$(ssh -S "${_SOCKET}" -p "${_REMOTE_PORT}" "${_REMOTE_USER}"@"${_REMOTE_HOSTNAME_FQDN}" 'bash /cis/core/printOwnDomain.sh' 2>/dev/null)
local _DOMAIN=$(ssh.onHostRun "monitoring@${1:?"Missing REMOTE_HOST"}" 'bash /cis/core/printOwnDomain.sh' 2>/dev/null)
echo "WARNING#Overwritten to '${_DOMAIN}'"
return 0
}
testDomain && exit 0
base.set REMOTE_HOST "${1:?"FQDN of server missing: e.g. host.example.net[:port]"}" '^([a-zA-Z0-9][a-zA-Z0-9.-]*)+(:[0-9]+)?$'
testDomain "${REMOTE_HOST}" && exit 0
script/monitor/generic/DEV_USAGE_CHECK.sh
+9 -35
View File
@@ -1,50 +1,23 @@
#!/bin/bash
_REMOTE_HOST="${1:?"FQDN of server missing: e.g. host.example.net[:port]"}"
_REMOTE_HOSTNAME_FQDN="${_REMOTE_HOST%%:*}" #Removes longest matching pattern ':*' from the end
_REMOTE_HOSTNAME_SHORT="${_REMOTE_HOSTNAME_FQDN%%.*}" #Removes longest matching pattern '.*' from the end
_REMOTE_PORT="${_REMOTE_HOST}:"
_REMOTE_PORT="${_REMOTE_PORT#*:}" #Removes shortest matching pattern '*:' from the begin
_REMOTE_PORT="${_REMOTE_PORT%%:*}" #Removes longest matching pattern ':*' from the end
_REMOTE_PORT="${_REMOTE_PORT:-"22"}"
_REMOTE_USER="monitoring"
_SOCKET='~/.ssh/%r@%h:%p'
source /cis/core/base.module.sh
base.loadModule ssh
function checkOrStartSSHMaster() {
timeout --preserve-status 1 ssh -O check -S ${_SOCKET} -p ${_REMOTE_PORT} ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} 2>&1 | grep -q -F 'Master running' \
&& return 0
ssh -O stop -S ${_SOCKET} -p ${_REMOTE_PORT} ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} &> /dev/null
ssh -o ControlMaster=auto \
-o ControlPath=${_SOCKET} \
-o ControlPersist=65 \
-p ${_REMOTE_PORT} \
-f ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} exit &> /dev/null \
&& return 0
echo "FAIL#SSH connection (setup ok?)"
return 1
}
function testSpace(){
checkOrStartSSHMaster \
|| return 1
local _RESULT="$(ssh -S ${_SOCKET} -p ${_REMOTE_PORT} ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} 'df "/" | tail -n1 | tr -s "[:blank:]" " " | cut -d" " -f1,5')"
local _DEV=$(echo "${_RESULT}" | /usr/bin/tail -n 1 | /usr/bin/cut -d' ' -f1)
local _SPACE_USED=$(echo "${_RESULT}" | /usr/bin/tail -n 1 | /usr/bin/cut -d' ' -f2)
local _RESULT=$(ssh.onHostRun "monitoring@${1:?"Missing REMOTE_HOST"}" 'df "/" | tail -n1 | tr -s "[:blank:]" " " | cut -d" " -f1,5')
local _DEV=$(echo "${_RESULT}" | tail -n 1 | cut -d' ' -f1)
local _SPACE_USED=$(echo "${_RESULT}" | tail -n 1 | cut -d' ' -f2)
[ -z "${_SPACE_USED}" ] \
&& echo "FAIL#NO value" \
&& return 0
[ "${1:?"Missing OK_THRESHOLD"}" -ge "${_SPACE_USED%\%*}" ] \
[ "${2:?"Missing OK_THRESHOLD"}" -ge "${_SPACE_USED%\%*}" ] \
&& echo "OK#${_SPACE_USED} used ${_DEV}." \
&& return 0
[ "${2:?"Missing INFO_THRESHOLD"}" -ge "${_SPACE_USED%\%*}" ] \
[ "${3:?"Missing INFO_THRESHOLD"}" -ge "${_SPACE_USED%\%*}" ] \
&& echo "INFO#${_SPACE_USED} already used ${_DEV}." \
&& return 0
@@ -52,6 +25,7 @@ function testSpace(){
return 0
}
testSpace 80 90 && exit 0
base.set REMOTE_HOST "${1:?"FQDN of server missing: e.g. host.example.net[:port]"}" '^([a-zA-Z0-9][a-zA-Z0-9.-]*)+(:[0-9]+)?$'
testSpace "${REMOTE_HOST}" 80 90 && exit 0
exit 1
script/monitor/generic/NGINX_CHECK.sh
+5 -51
View File
@@ -1,51 +1,9 @@
#!/bin/bash
_REMOTE_HOST="${1:?"FQDN of server missing: e.g. host.example.net[:port]"}"
_REMOTE_HOSTNAME_FQDN="${_REMOTE_HOST%%:*}" #Removes longest matching pattern ':*' from the end
_REMOTE_HOSTNAME_SHORT="${_REMOTE_HOSTNAME_FQDN%%.*}" #Removes longest matching pattern '.*' from the end
_REMOTE_PORT="${_REMOTE_HOST}:"
_REMOTE_PORT="${_REMOTE_PORT#*:}" #Removes shortest matching pattern '*:' from the begin
_REMOTE_PORT="${_REMOTE_PORT%%:*}" #Removes longest matching pattern ':*' from the end
_REMOTE_PORT="${_REMOTE_PORT:-"22"}"
_REMOTE_USER="monitoring"
_SOCKET='~/.ssh/%r@%h:%p'
source /cis/core/base.module.sh
base.loadModule ssh
function checkOrStartSSHMaster() {
timeout --preserve-status 1 ssh -O check -S ${_SOCKET} -p ${_REMOTE_PORT} ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} 2>&1 | grep -q -F 'Master running' \
&& return 0
ssh -O stop -S ${_SOCKET} -p ${_REMOTE_PORT} ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} &> /dev/null
ssh -o ControlMaster=auto \
-o ControlPath=${_SOCKET} \
-o ControlPersist=65 \
-p ${_REMOTE_PORT} \
-f ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} exit &> /dev/null \
&& return 0
echo "FAIL#SSH connection (setup ok?)"
return 1
}
function checkViaHTTP() {
_STATUS="$(curl -I http://${_REMOTE_HOSTNAME_FQDN} 2>/dev/null | head -n 1 | cut -d$' ' -f2)"
[ "${_STATUS}" == "200" ] \
&& echo "OK" \
&& return 0
return 1
}
function checkViaHTTPS() {
_STATUS="$(curl -k -I https://${_REMOTE_HOSTNAME_FQDN} 2>/dev/null | head -n 1 | cut -d$' ' -f2)"
[ "${_STATUS}" == "200" ] \
&& echo "OK" \
&& return 0
return 1
}
#grep:
# -E Use regexp, '.*' => any chars between 'Active:' and '(running)', the round brackets are escaped.
@@ -53,15 +11,11 @@ function checkViaHTTPS() {
# -d Delimiter, marker where to cut (here ;)
# -f Index of column to show (One based, so there is no -f0)
function checkViaSSH() {
checkOrStartSSHMaster \
|| return 1
_RESULT=$(ssh -S ${_SOCKET} -p ${_REMOTE_PORT} ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} 'systemctl status nginx.service' | grep -E 'Active:.*\(running\)' | cut -d';' -f2)
local _RESULT=$(ssh.onHostRun "monitoring@${1:?"Missing REMOTE_HOST"}" 'systemctl status nginx.service' | grep -E 'Active:.*\(running\)' | cut -d';' -f2)
! [ -z "${_RESULT}" ] && echo "OK#UPTIME:${_RESULT}" || echo "FAIL"
}
#checkViaHTTP && exit 0
#checkViaHTTPS && exit 0
checkViaSSH && exit 0
base.set REMOTE_HOST "${1:?"FQDN of server missing: e.g. host.example.net[:port]"}" '^([a-zA-Z0-9][a-zA-Z0-9.-]*)+(:[0-9]+)?$'
checkViaSSH "${REMOTE_HOST}" && exit 0
exit 1
script/monitor/generic/ZFS_POOL_CHECK.sh
+5 -32
View File
@@ -1,39 +1,11 @@
#!/bin/bash
_REMOTE_HOST="${1:?"FQDN of server missing: e.g. host.example.net[:port]"}"
_ZFS_POOL="${2:?"Name of zfs pool missing: e.g. zpool1"}"
_REMOTE_HOSTNAME_FQDN="${_REMOTE_HOST%%:*}" #Removes longest matching pattern ':*' from the end
_REMOTE_HOSTNAME_SHORT="${_REMOTE_HOSTNAME_FQDN%%.*}" #Removes longest matching pattern '.*' from the end
_REMOTE_PORT="${_REMOTE_HOST}:"
_REMOTE_PORT="${_REMOTE_PORT#*:}" #Removes shortest matching pattern '*:' from the begin
_REMOTE_PORT="${_REMOTE_PORT%%:*}" #Removes longest matching pattern ':*' from the end
_REMOTE_PORT="${_REMOTE_PORT:-"22"}"
_REMOTE_USER="monitoring"
_SOCKET='~/.ssh/%r@%h:%p'
source /cis/core/base.module.sh
base.loadModule ssh
function checkOrStartSSHMaster() {
timeout --preserve-status 1 ssh -O check -S ${_SOCKET} -p ${_REMOTE_PORT} ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} 2>&1 | grep -q -F 'Master running' \
&& return 0
ssh -O stop -S ${_SOCKET} -p ${_REMOTE_PORT} ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} &> /dev/null
ssh -o ControlMaster=auto \
-o ControlPath=${_SOCKET} \
-o ControlPersist=65 \
-p ${_REMOTE_PORT} \
-f ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} exit &> /dev/null \
&& return 0
echo "FAIL#SSH connection (setup ok?)"
return 1
}
function testPool(){
checkOrStartSSHMaster \
|| return 1
local _RESPONSE="$(ssh -S ${_SOCKET} -p ${_REMOTE_PORT} ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} 'zpool status ${_ZFS_POOL} | grep -F scrub')"
local _RESPONSE=$(ssh.onHostRun "monitoring@${1:?"Missing REMOTE_HOST"}" 'zpool status ${_ZFS_POOL} | grep -F scrub')
local _RESULT=$(echo "${_RESPONSE}" | grep -F 'scrub repaired 0B' | grep -F '0 errors')
_RESULT="${_RESULT#*on}" #Removes shortest matching pattern '*on' from the begin
@@ -45,6 +17,7 @@ function testPool(){
return 0
}
testPool && exit 0
base.set REMOTE_HOST "${1:?"FQDN of server missing: e.g. host.example.net[:port]"}" '^([a-zA-Z0-9][a-zA-Z0-9.-]*)+(:[0-9]+)?$'
testPool "${REMOTE_HOST}" && exit 0
exit 1
script/monitor/generic/ZFS_USAGE_CHECK.sh
+9 -35
View File
@@ -1,50 +1,23 @@
#!/bin/bash
_REMOTE_HOST="${1:?"FQDN of server missing: e.g. host.example.net[:port]"}"
_REMOTE_HOSTNAME_FQDN="${_REMOTE_HOST%%:*}" #Removes longest matching pattern ':*' from the end
_REMOTE_HOSTNAME_SHORT="${_REMOTE_HOSTNAME_FQDN%%.*}" #Removes longest matching pattern '.*' from the end
_REMOTE_PORT="${_REMOTE_HOST}:"
_REMOTE_PORT="${_REMOTE_PORT#*:}" #Removes shortest matching pattern '*:' from the begin
_REMOTE_PORT="${_REMOTE_PORT%%:*}" #Removes longest matching pattern ':*' from the end
_REMOTE_PORT="${_REMOTE_PORT:-"22"}"
_REMOTE_USER="monitoring"
_SOCKET='~/.ssh/%r@%h:%p'
source /cis/core/base.module.sh
base.loadModule ssh
function checkOrStartSSHMaster() {
timeout --preserve-status 1 ssh -O check -S ${_SOCKET} -p ${_REMOTE_PORT} ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} 2>&1 | grep -q -F 'Master running' \
&& return 0
ssh -O stop -S ${_SOCKET} -p ${_REMOTE_PORT} ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} &> /dev/null
ssh -o ControlMaster=auto \
-o ControlPath=${_SOCKET} \
-o ControlPersist=65 \
-p ${_REMOTE_PORT} \
-f ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} exit &> /dev/null \
&& return 0
echo "FAIL#SSH connection (setup ok?)"
return 1
}
function testSpace(){
checkOrStartSSHMaster \
|| return 1
local _RESULT="$(ssh -S ${_SOCKET} -p ${_REMOTE_PORT} ${_REMOTE_USER}@${_REMOTE_HOSTNAME_FQDN} 'zpool list -H -o name,capacity')"
local _POOL=$(echo "${_RESULT}" | /usr/bin/tail -n 1 | /usr/bin/cut -f1)
local _SPACE_USED=$(echo "${_RESULT}" | /usr/bin/tail -n 1 | /usr/bin/cut -f2)
local _RESULT=$(ssh.onHostRun "monitoring@${1:?"Missing REMOTE_HOST"}" 'zpool list -H -o name,capacity')
local _POOL=$(echo "${_RESULT}" | tail -n 1 | cut -f1)
local _SPACE_USED=$(echo "${_RESULT}" | tail -n 1 | cut -f2)
[ -z "${_SPACE_USED}" ] \
&& echo "FAIL#NO value" \
&& return 0
[ "${1:?"Missing OK_THRESHOLD"}" -ge "${_SPACE_USED%\%*}" ] \
[ "${2:?"Missing OK_THRESHOLD"}" -ge "${_SPACE_USED%\%*}" ] \
&& echo "OK#${_SPACE_USED} used ${_POOL}." \
&& return 0
[ "${2:?"Missing INFO_THRESHOLD"}" -ge "${_SPACE_USED%\%*}" ] \
[ "${3:?"Missing INFO_THRESHOLD"}" -ge "${_SPACE_USED%\%*}" ] \
&& echo "INFO#${_SPACE_USED} already used ${_POOL}." \
&& return 0
@@ -52,6 +25,7 @@ function testSpace(){
return 0
}
testSpace 80 90 && exit 0
base.set REMOTE_HOST "${1:?"FQDN of server missing: e.g. host.example.net[:port]"}" '^([a-zA-Z0-9][a-zA-Z0-9.-]*)+(:[0-9]+)?$'
testSpace "${REMOTE_HOST}" 80 90 && exit 0
exit 1