ciphermethod.com

20060425: dacprobe

by on Apr.25, 2006, under AIX, Linux, Scripts

#!/bin/sh
# dacprobe - monitor/audit daemon (drive space and rootkits)
# 20040830 - created by jamey hopkins
#
# 20050425 jah - added -x option to ssh command in order to speed up ssh call
# 20050811 jah - added SSH fail notice
# 20060425 jah - use -P on linux df to prevent drive space being placed on second line
#                shows up on servers with logical volumes

# spaces at start/end required
TEST=" lenxintq1 tto xto tlv qlv qto xlv "
PROD=" cvs dacadmin dacbup1 dacedip1 dacxextp1 dlv dms dto dxr fax1 fax2 ibb ibmtransp1 ibmxextp1 icc imserv1 lencextp1 lencometp1 lenpsp1 lentransp1 lenxintp1 ncc ns1 ns2 ticket toshcometp1 "
ALL="$PROD $TEST"
DLIMIT=90
MAILA="user@server.com"
MAILB="user@server.com pager@myairmail.com"

# check drive space
echo
echo -n "Checking Disk Space->"
echo >space.list
for HOST in `echo $ALL`
do
   echo -n " $HOST"
   if [ "$HOST" = "dacedip1" -o "$HOST" = "lenpsp1" ]
   then
      ssh -x $HOST df -k >dacprobe.$$ 2>/dev/null
      [ $? -ne 0 ] && FAIL="$FAIL $HOST"
   else
      ssh -x $HOST df -P >dacprobe.$$ 2>/dev/null
      [ $? -ne 0 ] && FAIL="$FAIL $HOST"
   fi

   COUNT=`cat dacprobe.$$ | wc -l | xargs echo`
   COUNT=`expr $COUNT - 1`
   cat dacprobe.$$ | tail -$COUNT >temp.$$ 2>/dev/null
   cat temp.$$ | grep -v cdrom >dacprobe.$$
   while read LINE
   do
      PERCENT=`echo $LINE | awk '{ print $5 }'`
      # redo PERCENT var if host is AIX
      [ "$HOST" = "lenpsp1" ] && PERCENT=`echo $LINE | awk '{ print $4 }'`
      PERCENT=`echo $PERCENT | sed 's/%//g'`
      if [ $PERCENT -gt $DLIMIT ]
      then
         PART=`echo $LINE | awk '{ print $6 }'`
	 # redo PART var if host is AIX
         [ "$HOST" = "lenpsp1" ] && PART=`echo $LINE | awk '{ print $7 }'`
	 HCAPS=`echo $HOST | tr [a-z] [A-Z]`
	 echo "${HCAPS}'s Partition $PART is ${PERCENT}% Full" >> space.list
         [ "$EMAIL" != "$MAILB" ] && EMAIL=$MAILA
	 # page if a prod server and > 98 percent full
	 echo $PROD | grep $HOST >/dev/null 2>&1
         [ $? -eq 0 -a $PERCENT -gt 98 ] && EMAIL=$MAILB
      fi
   done > space.list
	echo "WARNING - Drive Space Check Failed on the Following Servers:" >>space.list
	echo "$FAIL" >>space.list
	echo >> space.list
	echo "Please make sure dacprobe account exists and the SSH exchanges happen auto magically." >> space.list
	echo "If server is permanently down, then remove it from the list of servers to monitor." >> space.list
fi

if  [ -s space.list ]
then
   echo
   cat space.list
   {
      echo "subject: Drive Partition Exceeds ${DLIMIT}% Full Limit"
      echo "Partition Information:"
      cat space.list
      echo
      echo "Servers Checked:"
      echo "P:$PROD"
      echo "T:$TEST"
   } | /usr/sbin/sendmail -ONoRecipientAction=add-to -fdacprobe -oi "$EMAIL"
fi
rm space.list
echo

################  gather up chkrootkit output files and email

echo -n "Gather and Mail CHKROOTKIT Reports->"
PROD=" dlv dms dxr ibmpsp1 lenpsp1 lenxintp1 dacxextp1 dacxextq1 "
rm /tmp/chkrootkit.mailfile >/dev/null 2>&1
for HOST in `echo $PROD`
do
   echo -n " $HOST"
 ssh -x $HOST "cat /tmp/chkrootkit.status.*" >>/tmp/chkrootkit.mailfile 2>/dev/null
done

{
  echo "subject: CHKROOTKIT Status Report"
  echo
  echo "Servers Checked:"
  echo "P:$PROD"
  echo
  echo "Server Reports Returned:"
  cat /tmp/chkrootkit.mailfile 2>/dev/null
} | /usr/sbin/sendmail -ONoRecipientAction=add-to -fdacprobe -oi "$EMAIL"

echo 
echo
No comments for this entry yet...

Leave a Reply

You must be logged in to post a comment.

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

But Wait, There's More!

A few highly recommended friends...