File: //lib64/nagios/plugins/check_managed.sh
#!/bin/bash
# check_managed - check core software on the system is up to date
# Requirements: dig, curl, awk
# Author: Tsvetan Gerov <tsvetan@worldhost.group>
# Version 0.12
# Global variables
HOSTNAME=$(hostname -f)
HOSTNAME_IP=$(dig +short $HOSTNAME)
EXTIP=$(curl -s ipv4.icanhazip.com)
EXTIP_PTR=$(dig +short -x $EXTIP | sed 's/\.$//')
OSRELEASE=$(cat /etc/redhat-release | tr -dc '0-9.'|cut -d \. -f1)
# Initialize flags and error message
CRITICAL=false
WARNING=false
ERROR_MESSAGE=""
check_deps(){
DEPS="curl dig awk"
for DEP in $DEPS; do
if [ ! -f "/usr/bin/${DEP}" ]; then
echo "[UNKNOWN] Please install $DEP"
exit 3
fi
done
}
check_csf() {
if [ -d /etc/csf ]; then
if [[ "$(csf -l | grep DROP -c)" -gt 0 ]]; then
if [[ "$(ps aux | grep 'lfd' | grep -v grep | wc -l)" -eq 0 ]]; then
CRITICAL=true
ERROR_MESSAGE+="CSF is running, but LFD is stopped, "
elif [[ "$(csf -l | grep -i error -c)" -gt 0 ]]; then
CRITICAL=true
ERROR_MESSAGE+="Check lfd log, "
fi
else
CRITICAL=true
ERROR_MESSAGE+="CSF is NOT running, "
fi
else
CRITICAL=true
ERROR_MESSAGE+="CSF is NOT Installed, "
fi
}
check_cpversion() {
UPGRADE_DEFERRED="/var/cpanel/upgrade_deferred"
if [ -f "$UPGRADE_DEFERRED" ]; then
# Check if file is older than 30 days
if [ $(find "$UPGRADE_DEFERRED" -mtime +30 2>/dev/null) ]; then
CRITICAL=true
ERROR_MESSAGE+="cPanel: /var/cpanel/upgrade_deferred is older than 30 days, "
fi
# Skip further checks if file exists
return
fi
TIERS=$(curl -s http://httpupdate.cpanel.net/cpanelsync/TIERS)
LTS=$(echo "$TIERS" | awk -F: '/lts/{print $2}' | tr -d ' ')
STABLE=$(echo "$TIERS" | awk -F: '/stable/{print $2}' | tr -d ' ')
RELEASE=$(echo "$TIERS" | awk -F: '/release/{print $2}' | tr -d ' ')
if [ -f "/usr/local/cpanel/version" ]; then
CPVERSION=$(cat /usr/local/cpanel/version)
else
CRITICAL=true
ERROR_MESSAGE+="cPanel: Unable to open /usr/local/cpanel/version, "
return
fi
if [ "$OSRELEASE" -eq 6 ]; then
if [ "$LTS" != "$CPVERSION" ] && [ "$STABLE" != "$CPVERSION" ] && [ "$RELEASE" != "$CPVERSION" ]; then
WARNING=true
ERROR_MESSAGE+="Latest cPanel version is not installed!, "
fi
else
if [ "$LTS" != "$CPVERSION" ] && [ "$STABLE" != "$CPVERSION" ] && [ "$RELEASE" != "$CPVERSION" ]; then
CRITICAL=true
ERROR_MESSAGE+="Latest cPanel version is not installed!, "
fi
fi
}
check_kernelcare() {
KCARE="/usr/bin/kcarectl"
I360="/usr/sbin/imunify360-php-daemon"
if [[ $HOSTNAME =~ ^d[0-9]+\..*$ ]]; then
# DEDICATED
if [ -f "$I360" ] && [ ! -f "$KCARE" ]; then
WARNING=true
ERROR_MESSAGE+="KernelCare is not installed, "
else
if [ -f "$KCARE" ]; then
if $KCARE --check > /dev/null 2>&1; then
WARNING=true
ERROR_MESSAGE+="KernelCare Update available, "
fi
fi
fi
else
# SHARED/OTHER
if [ ! -f "$KCARE" ]; then
CRITICAL=true
ERROR_MESSAGE+="KernelCare is not installed, "
else
if $KCARE --check > /dev/null 2>&1; then
CRITICAL=true
ERROR_MESSAGE+="KernelCare Update available, "
fi
fi
fi
}
check_hostname(){
if [ "$HOSTNAME_IP" != "$EXTIP" ]; then
CRITICAL=true
ERROR_MESSAGE+="Hostname doesnt resolve to the server IP, "
fi
}
check_ptr(){
if [ "$HOSTNAME" != "$EXTIP_PTR" ]; then
if [[ $HOSTNAME =~ ^d[0-9]{1,4}\..*$ ]]; then
WARNING=true
else
CRITICAL=true
fi
ERROR_MESSAGE+="IP PTR doesnt matches the hostname, "
fi
}
check_spf(){
if [[ $HOSTNAME =~ ^d[0-9]+\..*$ || $HOSTNAME =~ ^s[0-9]+\..*$ ]]; then
if ! dig +short TXT $HOSTNAME | grep -q -E 'spf.mysecurecloudhost.com|spf.stableserver.net'; then
CRITICAL=true
ERROR_MESSAGE+="No SPF for server hostname, "
fi
fi
}
check_litespeed(){
if [ -f "/usr/local/lsws/bin/lshttpd" ]; then
if /usr/local/lsws/bin/lshttpd -t | grep -q trial ; then
CRITICAL=true
ERROR_MESSAGE+="LiteSpeed Trial License detected, "
fi
fi
}
check_ipaliases(){
IPALIASES=$(cut -f 1 -d : /etc/ips)
IPS=$(hostname -I)
for IP in $IPALIASES; do
if ! echo $IPS | grep -q $IP; then
CRITICAL=true
ERROR_MESSAGE+="IP Alias $IP is down, "
fi
done
}
check_cllicense(){
if [ -f "/usr/bin/cldetect" ]; then
if [ "$(/usr/bin/cldetect --check-license)" != "OK" ]; then
CRITICAL=true
ERROR_MESSAGE+="CloudLinux: No valid license found, "
fi
fi
}
check_namedconf(){
if ! named-checkconf /etc/named.conf > /dev/null 2>&1; then
CRITICAL=true
ERROR_MESSAGE+="named.conf syntax error, "
fi
}
check_pdns(){
if [ -f "/usr/sbin/pdns_server" ]; then
if ! systemctl is-active --quiet pdns.service; then
CRITICAL=true
ERROR_MESSAGE+="PowerDNS service is not running, "
fi
fi
}
# Perform dep checks
check_deps
# Perform checks
check_csf
check_cpversion
# check_kernelcare - needs better logic
check_hostname
check_ptr
check_spf
check_litespeed
check_ipaliases
check_cllicense
check_namedconf
check_pdns
# Return final state
if [ "$CRITICAL" = true ]; then
echo "[CRITICAL] ${ERROR_MESSAGE%, }"
exit 2
elif [ "$WARNING" = true ]; then
echo "[WARNING] ${ERROR_MESSAGE%, }"
exit 1
else
echo "[OK] All services are running correctly."
exit 0
fi