ROOTPLOIT
Server: Apache
System: Linux node6122.myfcloud.com 6.14.3-x86_64-linode168 #1 SMP PREEMPT_DYNAMIC Mon Apr 21 19:47:55 EDT 2025 x86_64
User: bashacomputer (1004)
PHP: 7.4.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /usr/lib64/nagios/plugins/
Upload Files
File: //usr/lib64/nagios/plugins/check_a2_omni_saltmaster1_authcheck.sh
#!/bin/bash
#
# Script to monitor the saltmaster api authentication from omni
# Ref SYSENG-4017
#

# X-Auth-Tokens for saltmasters
saltmaster1_token=$(sudo mysql omni -BNe "select token from morton_master where api like '%/saltmaster1.a2hosting.com:8000%';")
saltmaster2_token=$(sudo mysql omni -BNe "select token from morton_master where api like '%/saltmaster2.a2hosting.com:8000%';")
bmdmaster1_token=$(sudo mysql omni -BNe "select token from morton_master where api like '%/mi3-bmdmaster1.a2hosting.com:8000%';")
bmdmaster2_token=$(sudo mysql omni -BNe "select token from morton_master where api like '%/mi3-bmdmaster2.a2hosting.com:8000%';")
saltmaster_array=(saltmaster1_"$saltmaster1_token" saltmaster2_"$saltmaster2_token" mi3-bmdmaster1_"$bmdmaster1_token" mi3-bmdmaster2_"$bmdmaster2_token")
masters_checked=0

host="mi3-ss100.a2hosting.com"
# Temporary output file which stores the output of the curl command
tmp_output_file="/tmp/.saltmaster_authcheck"

for saltmaster in ${saltmaster_array[@]}; do
  master_host=$(echo "$saltmaster" | awk -F'_' '{print $1}')
  token=$(echo "$saltmaster" | awk -F'_' '{print $2}')
  
  if [ "$master_host" = "mi3-bmdmaster1" ] || [ "$master_host" = "mi3-bmdmaster2" ]; then
    host='mi3-bmdsaltminion-1.a2hosting.com-68.66.209.51'
  else
    host='mi3-ss100.a2hosting.com'
  fi

  curl -s -X POST -H "User-Agent: python-requests/2.23.0"  -H "Accept: application/json" -H "Connection: keep-alive" -H "Content-Type: application/json" -H "X-Requested-With: XMLHttpRequest" -H "X-Auth-Token: ${token}" -d '{"client": "local", "tgt": "'"${host}"'", "fun": "test.ping", "tgt_type": "glob", "ret": "", "full_return": false}' "https://"$master_host".a2hosting.com:8000/" -o ${tmp_output_file}

# If the curl command has a non zero exit status
  if [ "$?" -ne 0 ]; then
    echo "check_a2_omni_saltmaster1_authcheck - saltmaster1_authcheck - curl: non zero exit status - $master_host"
    exit 2
# Else if the output from the curl command is not valid JSON  
  elif ! $(cat /tmp/.saltmaster_authcheck|jq -e '.' >/dev/null 2>&1); then
    echo "check_a2_omni_saltmaster1_authcheck - non JSON output returned - $master_host"
    exit 2
  fi

# Result for the host in the JSON output. 'true' if test.ping succeeded from saltmaster.
  result=$(cat /tmp/.saltmaster_authcheck|jq -r ".return[].\"$host\"")

# if true increment masters_checked by 1, or else break from loop
  if [ "${result}" == "true" ]; then
    masters_checked=$((masters_checked + 1))
  else
    break
  fi

done

# if masters checked = the number of salt masters, all is well, otherwise error
if (( $masters_checked == ${#saltmaster_array[@]} )); then
echo "check_a2_omni_saltmaster1_authcheck - OK"
  exit 0
else
  echo "check_a2_omni_saltmaster1_authcheck - Host ${host} connectivity from "$master_host" failed"
  exit 2
fi
@ Telegram