AIX
20060425: dacprobe
by dervish on Apr.25, 2006, under AIX, Linux, Scripts
#!/bin/sh
# dacprobe - monitor/audit daemon (drive space and rootkits)
# 20040830 - created by jamey hopkins
#
# 20050425 jah - added -x option to ssh command in order to speed up ssh call
# 20050811 jah - added SSH fail notice
# 20060425 jah - use -P on linux df to prevent drive space being placed on second line
# shows up on servers with logical volumes
# spaces at start/end required
TEST=" lenxintq1 tto xto tlv qlv qto xlv "
PROD=" cvs dacadmin dacbup1 dacedip1 dacxextp1 dlv dms dto dxr fax1 fax2 ibb ibmtransp1 ibmxextp1 icc imserv1 lencextp1 lencometp1 lenpsp1 lentransp1 lenxintp1 ncc ns1 ns2 ticket toshcometp1 "
ALL="$PROD $TEST"
DLIMIT=90
MAILA="user@server.com"
MAILB="user@server.com pager@myairmail.com"
# check drive space
echo
echo -n "Checking Disk Space->"
echo >space.list
for HOST in `echo $ALL`
do
echo -n " $HOST"
if [ "$HOST" = "dacedip1" -o "$HOST" = "lenpsp1" ]
then
ssh -x $HOST df -k >dacprobe.$$ 2>/dev/null
[ $? -ne 0 ] && FAIL="$FAIL $HOST"
else
ssh -x $HOST df -P >dacprobe.$$ 2>/dev/null
[ $? -ne 0 ] && FAIL="$FAIL $HOST"
fi
COUNT=`cat dacprobe.$$ | wc -l | xargs echo`
COUNT=`expr $COUNT - 1`
cat dacprobe.$$ | tail -$COUNT >temp.$$ 2>/dev/null
cat temp.$$ | grep -v cdrom >dacprobe.$$
while read LINE
do
PERCENT=`echo $LINE | awk '{ print $5 }'`
# redo PERCENT var if host is AIX
[ "$HOST" = "lenpsp1" ] && PERCENT=`echo $LINE | awk '{ print $4 }'`
PERCENT=`echo $PERCENT | sed 's/%//g'`
if [ $PERCENT -gt $DLIMIT ]
then
PART=`echo $LINE | awk '{ print $6 }'`
# redo PART var if host is AIX
[ "$HOST" = "lenpsp1" ] && PART=`echo $LINE | awk '{ print $7 }'`
HCAPS=`echo $HOST | tr [a-z] [A-Z]`
echo "${HCAPS}'s Partition $PART is ${PERCENT}% Full" >> space.list
[ "$EMAIL" != "$MAILB" ] && EMAIL=$MAILA
# page if a prod server and > 98 percent full
echo $PROD | grep $HOST >/dev/null 2>&1
[ $? -eq 0 -a $PERCENT -gt 98 ] && EMAIL=$MAILB
fi
done > space.list
echo "WARNING - Drive Space Check Failed on the Following Servers:" >>space.list
echo "$FAIL" >>space.list
echo >> space.list
echo "Please make sure dacprobe account exists and the SSH exchanges happen auto magically." >> space.list
echo "If server is permanently down, then remove it from the list of servers to monitor." >> space.list
fi
if [ -s space.list ]
then
echo
cat space.list
{
echo "subject: Drive Partition Exceeds ${DLIMIT}% Full Limit"
echo "Partition Information:"
cat space.list
echo
echo "Servers Checked:"
echo "P:$PROD"
echo "T:$TEST"
} | /usr/sbin/sendmail -ONoRecipientAction=add-to -fdacprobe -oi "$EMAIL"
fi
rm space.list
echo
################ gather up chkrootkit output files and email
echo -n "Gather and Mail CHKROOTKIT Reports->"
PROD=" dlv dms dxr ibmpsp1 lenpsp1 lenxintp1 dacxextp1 dacxextq1 "
rm /tmp/chkrootkit.mailfile >/dev/null 2>&1
for HOST in `echo $PROD`
do
echo -n " $HOST"
ssh -x $HOST "cat /tmp/chkrootkit.status.*" >>/tmp/chkrootkit.mailfile 2>/dev/null
done
{
echo "subject: CHKROOTKIT Status Report"
echo
echo "Servers Checked:"
echo "P:$PROD"
echo
echo "Server Reports Returned:"
cat /tmp/chkrootkit.mailfile 2>/dev/null
} | /usr/sbin/sendmail -ONoRecipientAction=add-to -fdacprobe -oi "$EMAIL"
echo
echo
