20060425: dacprobe
by dervish on Apr.25, 2006, under AIX, Linux, Scripts
#!/bin/sh # dacprobe - monitor/audit daemon (drive space and rootkits) # 20040830 - created by jamey hopkins # # 20050425 jah - added -x option to ssh command in order to speed up ssh call # 20050811 jah - added SSH fail notice # 20060425 jah - use -P on linux df to prevent drive space being placed on second line # shows up on servers with logical volumes # spaces at start/end required TEST=" lenxintq1 tto xto tlv qlv qto xlv " PROD=" cvs dacadmin dacbup1 dacedip1 dacxextp1 dlv dms dto dxr fax1 fax2 ibb ibmtransp1 ibmxextp1 icc imserv1 lencextp1 lencometp1 lenpsp1 lentransp1 lenxintp1 ncc ns1 ns2 ticket toshcometp1 " ALL="$PROD $TEST" DLIMIT=90 MAILA="user@server.com" MAILB="user@server.com pager@myairmail.com" # check drive space echo echo -n "Checking Disk Space->" echo >space.list for HOST in `echo $ALL` do echo -n " $HOST" if [ "$HOST" = "dacedip1" -o "$HOST" = "lenpsp1" ] then ssh -x $HOST df -k >dacprobe.$$ 2>/dev/null [ $? -ne 0 ] && FAIL="$FAIL $HOST" else ssh -x $HOST df -P >dacprobe.$$ 2>/dev/null [ $? -ne 0 ] && FAIL="$FAIL $HOST" fi COUNT=`cat dacprobe.$$ | wc -l | xargs echo` COUNT=`expr $COUNT - 1` cat dacprobe.$$ | tail -$COUNT >temp.$$ 2>/dev/null cat temp.$$ | grep -v cdrom >dacprobe.$$ while read LINE do PERCENT=`echo $LINE | awk '{ print $5 }'` # redo PERCENT var if host is AIX [ "$HOST" = "lenpsp1" ] && PERCENT=`echo $LINE | awk '{ print $4 }'` PERCENT=`echo $PERCENT | sed 's/%//g'` if [ $PERCENT -gt $DLIMIT ] then PART=`echo $LINE | awk '{ print $6 }'` # redo PART var if host is AIX [ "$HOST" = "lenpsp1" ] && PART=`echo $LINE | awk '{ print $7 }'` HCAPS=`echo $HOST | tr [a-z] [A-Z]` echo "${HCAPS}'s Partition $PART is ${PERCENT}% Full" >> space.list [ "$EMAIL" != "$MAILB" ] && EMAIL=$MAILA # page if a prod server and > 98 percent full echo $PROD | grep $HOST >/dev/null 2>&1 [ $? -eq 0 -a $PERCENT -gt 98 ] && EMAIL=$MAILB fi done> space.list echo "WARNING - Drive Space Check Failed on the Following Servers:" >>space.list echo "$FAIL" >>space.list echo >> space.list echo "Please make sure dacprobe account exists and the SSH exchanges happen auto magically." >> space.list echo "If server is permanently down, then remove it from the list of servers to monitor." >> space.list fi if [ -s space.list ] then echo cat space.list { echo "subject: Drive Partition Exceeds ${DLIMIT}% Full Limit" echo "Partition Information:" cat space.list echo echo "Servers Checked:" echo "P:$PROD" echo "T:$TEST" } | /usr/sbin/sendmail -ONoRecipientAction=add-to -fdacprobe -oi "$EMAIL" fi rm space.list echo ################ gather up chkrootkit output files and email echo -n "Gather and Mail CHKROOTKIT Reports->" PROD=" dlv dms dxr ibmpsp1 lenpsp1 lenxintp1 dacxextp1 dacxextq1 " rm /tmp/chkrootkit.mailfile >/dev/null 2>&1 for HOST in `echo $PROD` do echo -n " $HOST" ssh -x $HOST "cat /tmp/chkrootkit.status.*" >>/tmp/chkrootkit.mailfile 2>/dev/null done { echo "subject: CHKROOTKIT Status Report" echo echo "Servers Checked:" echo "P:$PROD" echo echo "Server Reports Returned:" cat /tmp/chkrootkit.mailfile 2>/dev/null } | /usr/sbin/sendmail -ONoRecipientAction=add-to -fdacprobe -oi "$EMAIL" echo echo
No comments for this entry yet...
Leave a Reply
You must be logged in to post a comment.