Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Marcus Klang
Host Monitor
Commits
58fbb20d
Commit
58fbb20d
authored
Jun 24, 2021
by
root
Browse files
Merge branch 'master' of
https://git.cs.lth.se/marcus/host-monitor
parents
412997bc
aa602d3b
Changes
3
Hide whitespace changes
Inline
Side-by-side
Synology/host-monitor.sh
0 → 100755
View file @
58fbb20d
#!/bin/bash
# Getting data for Synology boxes
# 2021-06-07/PM
MONITOR_RESTAPI_URL
=
https://monitor.cs.lth.se/api/v1
source
/var/services/homes/csadmin/monitoring/host-monitor.template
# 1. Generating data
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# sysinfo
OS
=
"DSM
$(
egrep productversion /etc.defaults/VERSION |
cut
-d
\"
-f2
)
-
$(
egrep buildnumber /etc.defaults/VERSION |
cut
-d
\"
-f2
)
"
# Kind of CPU (CPUModel='Intel® Atom™ CPU C2538 @ 2.40GHz'):
CPUModel
=
"
$(
egrep
"^model name"
/proc/cpuinfo |
sort
-u
|
cut
-d
:
-f2
|
sed
-e
's/^ //'
-e
's/(R)/®/g'
-e
's/(TM)/™/'
)
"
if
[
-z
"
$CPUModel
"
]
;
then
CPUModel
=
"
$(
egrep
"^Processor"
/proc/cpuinfo |
sort
-u
|
cut
-d
:
-f2
)
"
fi
# Number of CPU:s (NbrCPUs=2):
NbrCPUs
=
$(
egrep
-i
"^processor"
/proc/cpuinfo |
wc
-l
)
# Size of memory [kB]
if
[
-x
/sbin/dmidecode
]
;
then
RAM
=
$(
/sbin/dmidecode
-t
17 2>/dev/null |
grep
"Size.*MB"
|
awk
'{s+=$2} END {print s * 1024}'
)
# Ex: RAM=4194304
# Kind of memory (ECC='No ECC' or ECC='Multi-bit ECC'):
ECC
=
"
$(
/sbin/dmidecode
-t
memory 2>/dev/null | egrep
"Error Correction Type"
|
sort
-u
|
cut
-d
:
-f2
|
sed
-e
's/^ //'
-e
's/None/No ECC/'
)
"
else
RAM
=
"
$(
egrep
"^MemTotal:"
/proc/meminfo |
awk
'{print $2}'
)
"
ECC
=
"No ECC"
fi
# What kind of authentication? Ex: Authentication=Lucat
if
[
-n
"
$(
egrep
-v
"#|^$"
/etc/synoinfo.conf | egrep
"uwdc[0-9]{1,2}.uw.lu.se"
)
"
-a
-n
"
$(
egrep
"default_realm = UW.LU.SE"
/etc/krb5.conf
)
"
]
;
then
Authentication
=
"Lucat"
else
Authentication
=
"Standalone"
fi
AuthStr
=
"
\"
authentication
\"
:
\"
${
Authentication
}
\"
"
# Ex: AuthStr='"authentication": "Lucat"'
# Firewall:
if
[
-n
"
$(
/sbin/iptables
--list
--line-numbers
| egrep
"^[0-9]
\s
"
)
"
]
;
then
Firewall
=
"iptables: Enabled"
else
Firewall
=
"Disabled"
fi
FirewWStr
=
"
\"
firewall
\"
:
\"
${
Firewall
}
\"
"
# Ex: FirewWStr='"firewall":"ufw"'
# Disks
Filesystems
=
"
$(
df
-k
-T
-x
tmpfs
-x
devtmpfs | egrep
-v
"^Filesystem"
|
awk
'{print $1" "$2" "$3" "$7}'
)
"
# Ex: a number of rows with
# /dev/md0 ext4 2442780672 /
# /dev/vg1/volume_1 btrfs 11508005167104 /volume1
#(Filesystem Type 1B-blocks Mounted on)
LVMDisks
=
""
# Flags
# SELinux
SELinux
=
"N/A"
# CPU bugs
CPUBugs
=
""
# Ex: CPUBugs='cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit'
Kernel
=
"
$(
uname
-r
2>/dev/null
)
"
# Ex: Kernel=3.10.105
Architecture
=
"
$(
uname
-m
2>/dev/null
)
"
# Ex: Architecture=x86_64
# Are we in a Virtual environment? No, not on a Synology!
VMenv
=
""
# Get more platform data
PlatformManufacturer
=
"
$(
/sbin/dmidecode
-t
2 2>/dev/null | egrep
"^
\s
*Manufacturer:"
|
cut
-d
:
-f2
|
cut
-c2-
)
"
# Ex: PlatformManufacturer='Type2 - Board Vendor Name1'
PlatformType
=
"
$(
/sbin/dmidecode
-t
2 2>/dev/null | egrep
"^
\s
*Type:"
|
cut
-d
:
-f2
|
cut
-c2-
)
"
# Ex: PlatformType=Motherboard
DeviceType
=
"
$(
egrep
"upnpdevicetype"
/etc/synoinfo.conf |
cut
-d
\"
-f2
)
"
ModelName
=
"
$(
egrep
"upnpmodelname"
/etc/synoinfo.conf |
cut
-d
\"
-f2
)
"
# Network interfaces
IFs
=
$(
/sbin/ip a |awk
'/state UP/{print $2}'
|
sed
's/://'
)
# Ex: IFs='eth0
# eth1
# eth2
# eth3
# bond0'
# fail2ban
Fail2Ban
=
"N/A"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Security patches
SecurityPatches
=
""
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Listening ports
ListeningPorts
=
"
$(
netstat
-tulpn
2>/dev/null | egrep
"LISTEN"
| egrep
-v
"
\-\s
*$"
|
sed
-e
's_/_ _'
-e
's/: /:_/'
|
awk
'{print $8" "$7" "$1" "$4 }'
|
sort
-u
)
"
# List of: Application PID Proto_IPver Binding:Port
# afpd 11179 tcp6 :::548
# cnid_metad 11180 tcp 127.0.0.1:4700
# httpd22 16613 tcp 127.0.0.1:914
# iscsi_snapsho 17728 tcp 0.0.0.0:3262
# nginx:_master 11631 tcp 0.0.0.0:443
####################################################################################################################################################################
####################################################################################################################################################################
# 2. Generate JSON-parts
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# sysinfo
# Assemble the Flags string
Flags
=
"
\"
selinux:
$SELinux
\"
,
\"
kernel:
${
Kernel
}
\"
,
\"
arch:
${
Architecture
:-
--
}
\"
,
\"
fail2ban:
$Fail2Ban
\"
"
# partitions
OUTPUT
=
""
while
read
-r
Filesystem Type KBlocks MountP
do
LVM
=
""
OUTPUT+
=
"{
\"
partition
\"
:
\"
$Filesystem
\"
,
\"
mount-point
\"
:
\"
$MountP
\"
,
\"
type
\"
:
\"
$Type
\"
,
\"
total-kb
\"
:
$KBlocks
,
\"
storage
\"
:
\"
${
LVM
:-
direct
}
\"
},"
done
<<<
"
$Filesystems
"
# Assemble the complete string (minus the final comma)
FilesystemStr
=
"
\"
partitions
\"
: [
${
OUTPUT
%%,
}
]"
# Network interfaces
OUTPUT
=
""
for
iname
in
$IFs
do
IP4
=
$(
/sbin/ip
-4
-o
a show
${
iname
%%@if[0-9]*
}
|
awk
'{print $4}'
)
IP6
=
$(
/sbin/ip
-6
-o
a show
${
iname
%%@if[0-9]*
}
|
awk
'{print $4}'
)
MAC
=
"
$(
/sbin/ip
link
show dev
${
iname
%%@if[0-9]*
}
|awk
'/link/{print $2}'
)
"
MAC_P
=
$(
ethtool
-P
${
iname
%%@if[0-9]*
}
|
awk
'{print $NF}'
)
Speed
=
"
$(
ethtool
${
iname
%%@if[0-9]*
}
|
grep
"Speed:"
|
awk
'{print $NF}'
)
"
OUTPUT+
=
"{
\"
interface
\"
:
\"
$iname
\"
,
\"
ip4
\"
:
\"
${
IP4
}
\"
,
\"
ip6
\"
:
\"
${
IP6
}
\"
,
\"
mac
\"
:
\"
${
MAC
}
\"
,
\"
mac-p
\"
:
\"
${
MAC_P
}
\"
,
\"
speed
\"
:
\"
${
Speed
}
\"
},"
done
NIStr
=
"
\"
network-interfaces
\"
: [
$(
echo
"
${
OUTPUT
}
"
|
sed
's/,$//'
)
]"
# Ex: NIStr='"network-interfaces": [ { "interface": "ens192", "ip4": "130.235.16.11/23", "ip6": "fe80::250:56ff:feb6:b194/64", "mac": "00:50:56:b6:b1:94", "mac-p": "00:50:56:b6:b1:94", "speed": "10000Mb/s" } ]'
# Platform
PlatformStr
=
"
\"
platform
\"
: {
\"
virtualized
\"
: false,
\"
name
\"
:
\"
$DeviceType
$ModelName
\"
}"
# network
AliasName
=
",
\"
alias
\"
: [
\"
$DNSAlias
\"
] "
NetworkStr
=
"
\"
network
\"
: {
\"
hostname
\"
:
\"
$(
hostname
-f
)
\"
$AliasName
}"
CPUstr
=
"
\"
cpu
\"
: {
\"
name
\"
:
\"
${
CPUModel
:-
--
}
\"
,
\"
threads
\"
:
${
NbrCPUs
:-
--
}
}"
RAMStr
=
"
\"
memory
\"
: {
\"
total-kb
\"
:
${
RAM
:-
--
}
,
\"
type
\"
:
\"
${
ECC
:-
--
}
\"
}"
SysinfoStr
=
"
\"
sysinfo
\"
: {
\"
os
\"
:
\"
${
OS
:-
--
}
\"
,
\"
authentication
\"
:
\"
${
Authentication
}
\"
,
\"
firewall
\"
:
\"
${
Firewall
}
\"
,
\"
flags
\"
: [
${
Flags
}
],
$CPUstr
,
$RAMStr
,
$FilesystemStr
,
$NIStr
,
$PlatformStr
,
$NetworkStr
}"
# Ex:
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# listening ports
# List of: Application PID Proto_IPver Binding:Port
# afpd 11179 tcp6 :::548
if
[
-n
"
$ListeningPorts
"
]
;
then
OUTPUT
=
""
while
read
-r
line
do
#read Application User IPver Proto Binding Port <<< "$line"
read
Application PidUser Proto_IPver Binding_Port
<<<
"
$line
"
FWrule
=
"null"
if
[
-n
"
$(
echo
"
$Proto_IPver
"
| egrep 6
)
"
]
;
then
PROTO
=
"IPv6:
${
Proto_IPver
%%6
}
"
else
PROTO
=
"IPv4:
$Proto_IPver
"
fi
Euser
=
"
$(
ps
-p
$PidUser
--no-headers
-o
euser
)
"
Binding
=
"
$(
echo
"
${
Binding_Port
%%
:[0-9]
*
}
"
|
sed
-e
's/0.0.0.0/*/'
)
"
Port
=
"
$(
echo
"
$Binding_Port
"
|
awk
'-F:'
'{print $NF}'
)
"
OUTPUT+
=
"{
\"
binding
\"
:
\"
${
Binding
:-
-
}
\"
,
\"
port
\"
:
${
Port
:-
-
}
,
\"
process-owner
\"
:
\"
${
Application
:-
-
}
\"
,
\"
process-user
\"
:
\"
${
Euser
:-
-
}
\"
,
\"
protocol
\"
:
\"
${
PROTO
:-
-
}
\"
,
\"
firewall-rule
\"
:
$FWrule
},"
done
<<<
"
$ListeningPorts
"
# Assemble the complete string (minus the final comma)
ListenStr
=
",
\"
listen-ports
\"
: [
${
OUTPUT
%%,
}
]"
else
ListenStr
=
""
fi
# Ex:
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# security patches
if
[
-n
"
$SecurityPatches
"
]
;
then
OUTPUT
=
""
while
read
-r
Package Sources InstalledVer Arch NewVer
do
Source
=
"
$(
echo
-e
${
Sources
//,/
'\n'
}
|
sort
-u
|
sed
-z
's/\n/,/g;s/,$/\n/'
)
"
STR
=
"
\"
${
Sources
//,/\
",
\"
}
\"
"
SourceArr=
"
$(
echo
-e
${
STR
//,/
'\n'
}
|
sort
-u
|
sed
-z
's/\n/,/g;s/,$/\n/'
)
"
OUTPUT+=
"{
\"
installed-version
\"
:
\"
$InstalledVer
\"
,
\"
new-version
\"
:
\"
$NewVer
\"
,
\"
package
\"
:
\"
$Package
\"
,
\"
sources
\"
: [
$SourceArr
] },"
done <<<
"
$SecurityPatches
"
# Assemble the complete string (minus the final comma)
SecurityPatchStr=
",
\"
security-patches
\"
: [
${
OUTPUT
%%,
}
]"
else
SecurityPatchStr=
""
fi
# 3. Build observation string and check for errors
OBSERVATIONS=
"{
${
SysinfoStr
//\
"--
\"
/null}
${
ListenStr
//\
"--
\"
/null}
${
SecurityPatchStr
}
}"
# 4. Upload results
curl --silent -X POST
"
$MONITOR_RESTAPI_URL
/hosts/monitor?token=
$SOURCE_TOKEN
"
\
-H
"accept: application/json"
\
-H
"Content-Type: application/json"
\
-d
"
$OBSERVATIONS
"
linux/host-monitor.sh
View file @
58fbb20d
...
...
@@ -37,8 +37,10 @@ CPUModel="$(egrep "^model name" /proc/cpuinfo | sort -u | cut -d: -f2 | sed -e '
# Number of CPU:s (NbrCPUs=2):
NbrCPUs
=
$(
egrep
"^processor"
/proc/cpuinfo |
wc
-l
)
# Size of memory [kB]
#RAM=$(egrep "^MemTotal" /proc/meminfo | awk '{print $2}')
RAM
=
$(
/usr/sbin/dmidecode
-t
17 |
grep
"Size.*MB"
|
awk
'{s+=$2} END {print s * 1024}'
)
# Ex: RAM=4194304
if
[
$RAM
-eq
0
]
;
then
RAM
=
$(
egrep
"^MemTotal"
/proc/meminfo |
awk
'{print $2}'
)
fi
# Kind of memory (ECC='No ECC' or ECC='Multi-bit ECC'):
ECC
=
"
$(
/usr/sbin/dmidecode
-t
memory | egrep
"Error Correction Type"
|
sort
-u
|
cut
-d
:
-f2
|
sed
-e
's/^ //'
-e
's/None/No ECC/'
)
"
# What kind of authentication? Ex: Authentication=Lucat
...
...
@@ -60,7 +62,7 @@ LVMDisks="$(lsblk -b | egrep -i lvm | awk '{print $4" "$NF}' | egrep -vi swap |
# Flags
# SELinux
SELinux
=
"
$(
if
sestatus &>/dev/null
;
then
sestatus | egrep
"^Current mode:"
|
awk
'{print $NF}'
;
else
echo
"Not present"
;
fi
)
"
SELinux
=
"
$(
if
sestatus &>/dev/null
;
then
sestatus | egrep
"^Current mode:
|^SELinux status:
"
|
awk
'{print $NF}'
;
else
echo
"Not present"
;
fi
)
"
# CPU bugs
CPUBugs
=
"
$(
egrep
"^bugs"
/proc/cpuinfo |
cut
-d
:
-f2
|
cut
-c2-
|
uniq
)
"
# Ex: CPUBugs='cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit'
...
...
macOS/host-monitor.sh
0 → 100755
View file @
58fbb20d
#!/bin/bash
# Getting data for the host web.cs.lth.se"
# 2021-05-17/PM
# Tested on:
# - OS X 10.11.6 “El Capitan”
# - macOS 10.12.6 “Sierra”
# - macOS 10.15 “Catalina”
MONITOR_RESTAPI_URL
=
https://monitor.cs.lth.se/api/v1
source
/usr/local/bin/host-monitor.template
# 1. Generating data
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# sysinfo
# Operating System (OS='macOS 10.15.7 (build: 19H1030)'):
OS
=
"macOS
$(
/usr/bin/sw_vers
-productVersion
2>/dev/null
)
(build:
$(
/usr/bin/sw_vers
-buildVersion
2>/dev/null
)
)"
BuildVersion
=
"
$(
/usr/bin/sw_vers
-buildVersion
2>/dev/null
)
"
DistroVer
=
"
$(
/usr/bin/sw_vers
-buildVersion
2>/dev/null
)
"
# DistroVer='20C69'
# Get the OS version
OSver
=
"
$(
/usr/bin/sw_vers
-productVersion
2>/dev/null
)
"
# Get a full name for the version (see https://en.wikipedia.org/wiki/Darwin_(operating_system)):
case
"
$DistroVer
"
in
8
*
)
Distro
=
"Mac OS X
${
OSver
}
“Tiger” (build:
$BuildVersion
)"
;;
9
*
)
Distro
=
"Mac OS X
${
OSver
}
“Leopard” (build:
$BuildVersion
)"
;;
10
*
)
Distro
=
"Mac OS X
${
OSver
}
“Snow Leopard” (build:
$BuildVersion
)"
;;
11
*
)
Distro
=
"Mac OS X
${
OSver
}
“Lion” (build:
$BuildVersion
)"
;;
12
*
)
Distro
=
"OS X
${
OSver
}
“Mountain Lion” (build:
$BuildVersion
)"
;;
13
*
)
Distro
=
"OS X
${
OSver
}
“Mavericks” (build:
$BuildVersion
)"
;;
14
*
)
Distro
=
"OS X
${
OSver
}
“Yosemite” (build:
$BuildVersion
)"
;;
15
*
)
Distro
=
"OS X
${
OSver
}
“El Capitan” (build:
$BuildVersion
)"
;;
16
*
)
Distro
=
"macOS
${
OSver
}
“Sierra” (build:
$BuildVersion
)"
;;
17
*
)
Distro
=
"macOS
${
OSver
}
“High Sierra” (build:
$BuildVersion
)"
;;
18
*
)
Distro
=
"macOS
${
OSver
}
“Mojave” (build:
$BuildVersion
)"
;;
19
*
)
Distro
=
"macOS
${
OSver
}
“Catalina” (build:
$BuildVersion
)"
;;
20
*
)
Distro
=
"macOS
${
OSver
}
“Big Sur” (build:
$BuildVersion
)"
;;
*
)
Distro
=
"macOS"
;;
esac
# Kind of CPU (CPUModel=CPUModel='Quad-Core Intel Core i3'):
SysHW
=
"
$(
/usr/sbin/system_profiler SPHardwareDataType 2>/dev/null
)
"
CPUModel
=
"
$(
/usr/sbin/sysctl
-n
machdep.cpu.brand_string |
sed
-e
's/(R)/®/g'
-e
's/(TM)/™/g'
)
"
# CPUModel='Intel® Core™ i3-8100B CPU @ 3.60GHz' or CPUModel='Apple M1'
# Number of CPU:s (NbrCPUs=2):
NbrCPUs
=
$(
/usr/sbin/sysctl hw.logicalcpu |
awk
'{print $NF}'
)
# Size of memory [kB] (# RAM=3997352):
RAM
=
$(
echo
"scale=0;
$(
/usr/sbin/sysctl hw.memsize |
awk
'{print $NF}'
)
/ 1024"
| bc
-l
)
# Kind of memory (ECC='No ECC' or ECC='Multi-bit ECC'). No Mac's have ECC memory as of 2021:
ECC
=
"No ECC"
# What kind of authentication? Ex: Authentication=Lucat
if
[
"
$(
dsconfigad
-show
2>/dev/null |
grep
"Active Directory Domain"
|
cut
-d
=
-f2
|
sed
's/^ *//'
)
"
=
"uw.lu.se"
]
;
then
Authentication
=
"Lucat"
else
Authentication
=
"Standalone"
fi
AuthStr
=
"
\"
authentication
\"
:
\"
${
Authentication
}
\"
"
# Ex: AuthStr='"authentication": "Lucat"'
# Disks
PartList
=
"
$(
df
2>/dev/null | egrep
"^
\/
dev
\/
disk"
|
awk
'{print $1}'
|
sort
)
"
# Ex: PartList='/dev/disk1 /dev/disk2s3 /dev/disk3s3 /dev/disk3s2 /dev/disk2s2'
# Flags
# SIP
if
[
-x
/usr/bin/csrutil
]
;
then
SIP
=
"
$(
csrutil status 2>/dev/null |
cut
-d
:
-f2
|
sed
-e
's/^\ //g'
-e
's/.$//'
| perl
-pe
's/^(.)/uc($1)/e'
)
"
else
SIP
=
"Not enabled"
fi
# ALF
ALF
=
"
$(
/usr/libexec/ApplicationFirewall/socketfilterfw
--getglobalstate
|
cut
-d
\.
-f1
|
awk
'{print $NF}'
| perl
-pe
's/^(.)/uc($1)/e'
)
"
if
[
"
$ALF
"
=
"Enabled"
]
;
then
Firewall
=
"ALF"
else
Firewall
=
""
fi
# Packet Filter Firewall
PFF
=
"
$(
/sbin/pfctl
-sa
2>/dev/null |
grep
^Status: |
awk
'{print $2}'
)
"
# FileVault
FileVault
=
"
$(
/usr/bin/fdesetup status |
grep
"^FileVault is "
|
awk
'{print $NF}'
|
sed
's/\.$//'
|
sed
-e
's/On/Enabled/'
-e
's/Off/Disabled/'
)
"
# GateKeeper
GateKeeper
=
"
$(
/usr/sbin/spctl
--status
2>/dev/null |
awk
'{print $2}'
| perl
-pe
's/^(.)/uc($1)/e'
)
"
# Little Snitch
if
[
-n
"
$(
pgrep
"littlesnitch.daemon"
)
"
]
;
then
LittleSnitch
=
"Enabled"
else
if
[
-x
/Applications/Little
\
Snitch.app/Contents/MacOS/Little
\
Snitch
]
;
then
LittleSnitch
=
"Disabled"
else
LittleSnitch
=
"Not installed"
fi
fi
FirewWStr
=
"
\"
firewall
\"
:
\"
${
Firewall
}
\"
"
# Ex: FirewWStr='"firewall":"ALF"'
Architecture
=
"
$(
uname
-m
2>/dev/null |
sed
-e
"s/i386/i686/"
)
"
# Ex: Architecture=arm64
# Are we in a Virtual environment
MacModel
=
"
$(
/usr/sbin/system_profiler SPHardwareDataType 2>/dev/null | egrep
"^
\s
*Model Identifier:"
|
awk
'{print $NF}'
)
"
if
[
!
"
$(
echo
$MacModel
|
cut
-c1-3
)
"
=
"Mac"
-a
!
"
$(
echo
$MacModel
|
cut
-c1-3
)
"
=
"iMa"
-a
!
"
$(
echo
$MacModel
|
cut
-c1-3
)
"
=
"Xse"
]
;
then
VMenv
=
"Virtual Mac"
else
VMenv
=
""
fi
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Security patches
SecurityPatches
=
"
$(
/usr/sbin/softwareupdate
-l
2>/dev/null | egrep
-i
"Security"
|
cut
-d
:
-f2
|
cut
-c2-
)
"
# Ex: SecurityPatches='macOS Catalina Security Update 2021-003-10.15.7'
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Listening ports
ListeningPorts
=
"
$(
/usr/sbin/lsof +c 0
-i
4
-i
6
-n
-P
2>/dev/null |
grep
LISTEN |
awk
'{print $1" "$3" "$5" "$8" "$9 }'
|
sed
's/\(.*\):/\1 /'
|
sort
-u
)
"
# List of: Application User IPver Proto Servicerange Port
# apache2 root IPv6 TCP * 88
# apache2 www-data IPv6 TCP * 88
# cupsd root IPv4 TCP 127.0.0.1 631
# cupsd root IPv6 TCP [::1] 631
# dnsmasq nobody IPv4 TCP 127.0.1.1 53
# docker-proxy root IPv6 TCP * 4000
# dsmcad root IPv4 TCP * 1581
# dsmcad root IPv4 TCP * 2123
# Network interfaces
IFs
=
"
$(
/usr/sbin/networksetup
-listnetworkserviceorder
2>/dev/null | egrep
"Hardware Port:"
|
awk
'{print $NF}'
|
cut
-d
\)
-f1
)
"
# Ex: IFs='en0
# en1
# en7
####################################################################################################################################################################
####################################################################################################################################################################
# 2. Generate JSON-parts
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# sysinfo
# Platform
if
[
-n
"
$VMenv
"
]
;
then
PlatformStr
=
"
\"
platform
\"
: {
\"
virtualized
\"
: true,
\"
name
\"
:
\"
$VMenv
\"
}"
else
PlatformStr
=
"
\"
platform
\"
: {
\"
virtualized
\"
: false,
\"
name
\"
:
\"
type:
$MacModel
\"
}"
fi
# Assemble the Flags string
Flags
=
"
\"
SIP:
$SIP
\"
,
\"
ALF:
${
ALF
}
\"
,
\"
PFF:
$PFF
\"
,
\"
FileVault:
$FileVault
\"
,
\"
GateKeeper:
$GateKeeper
\"
,
\"
LittleSnitch:
$LittleSnitch
\"
,
\"
arch:
${
Architecture
:-
--
}
\"
,
\"
selinux:N/A
\"
"
# Ex: Flags='"SIP:Enabled", "ALF:Enabled", "PFF:Disabled", "FileVault:Off", "GateKeeper:Enabled", "LittleSnitch:Not running", "arch:x86_64", "selinux:N/A"'
# partitions
OUTPUT
=
""
while
read
-r
Partition
do
MountPoint
=
"
$(
df
2>/dev/null |
grep
"^
$Partition
"
|
cut
-d
%
-f3
|
sed
's/^ *//'
)
"
FS
=
"
$(
/usr/sbin/diskutil info
"
$MountPoint
"
|
grep
"Name (User Visible):"
|
cut
-d
:
-f2
|
sed
's/^ *//'
)
"
TotalKb
=
"
$(
df
-lk
| egrep
"
\s
${
MountPoint
}
$"
|
awk
'{print $2}'
)
"
LVM
=
""
OUTPUT+
=
"{
\"
partition
\"
:
\"
$Partition
\"
,
\"
mount-point
\"
:
\"
$MountPoint
\"
,
\"
type
\"
:
\"
$FS
\"
,
\"
total-kb
\"
:
$TotalKb
,
\"
storage
\"
:
\"
${
LVM
:-
direct
}
\"
},"
done
<<<
"
$PartList
"
FilesystemStr
=
"
\"
partitions
\"
: [
${
OUTPUT
%%,
}
]"
# Network interfaces
OUTPUT
=
""
for
iname
in
$IFs
do
if
/sbin/ifconfig
$iname
&>/dev/null
;
then
IP4
=
"
$(
/sbin/ifconfig
$iname
| egrep
"
\s
inet
\s
"
|
awk
'{print $2}'
)
"
IP6
=
"
$(
/sbin/ifconfig
$iname
| egrep
"
\s
inet6
\s
"
|
awk
'{print $2}'
)
"
MAC
=
"
$(
/sbin/ifconfig
$iname
| egrep
"
\s
ether
\s
"
|
awk
'{print $2}'
)
"
MAC_P
=
"N/A"
Speed
=
"
$(
/sbin/ifconfig
$iname
| egrep
"
\s
media:
\s
"
|
cut
-d
:
-f2
|
cut
-c2-
)
"
OUTPUT+
=
"{
\"
interface
\"
:
\"
$iname
\"
,
\"
ip4
\"
:
\"
${
IP4
}
\"
,
\"
ip6
\"
:
\"
${
IP6
}
\"
,
\"
mac
\"
:
\"
${
MAC
}
\"
,
\"
mac-p
\"
:
\"
${
MAC_P
}
\"
,
\"
speed
\"
:
\"
${
Speed
}
\"
},"
fi
done
NIStr
=
"
\"
network-interfaces
\"
: [
${
OUTPUT
%%,
}
]"
# Ex: NIStr='"network-interfaces": [ { "interface": "en0", "ip4": "130.235.16.24", "ip6": "fe80::1056:c14e:a1f:2b30%en0", "mac": "f0:18:98:f2:09:54", "mac-p": "", "speed": "autoselect (1000baseT <full-duplex,flow-control>)" },{ "interface": "en1", "ip4": "169.254.229.191", "ip6": "fe80::41:db52:455a:9347%en1", "mac": "f8:ff:c2:2e:ea:a3", "mac-p": "", "speed": "autoselect (<unknown type>)" },{ "interface": "bridge0", "ip4": "", "ip6": "", "mac": "82:77:86:e3:60:01", "mac-p": "", "speed": "<unknown type>" } ]'
CPUstr
=
"
\"
cpu
\"
: {
\"
name
\"
:
\"
${
CPUModel
:-
--
}
\"
,
\"
threads
\"
:
${
NbrCPUs
:-
--
}
}"
RAMStr
=
"
\"
memory
\"
: {
\"
total-kb
\"
:
${
RAM
:-
--
}
,
\"
type
\"
:
\"
${
ECC
:-
--
}
\"
}"
SysinfoStr
=
"
\"
sysinfo
\"
: {
\"
os
\"
:
\"
${
Distro
:-
--
}
\"
,
\"
authentication
\"
:
\"
${
Authentication
}
\"
,
\"
firewall
\"
:
\"
ALF:
${
ALF
}
\"
,
\"
flags
\"
: [
${
Flags
}
],
$CPUstr
,
$RAMStr
,
${
FilesystemStr
}
,
$NIStr
,
$PlatformStr
}"
# Ex:
# SysinfoStr='"sysinfo": { "os": "macOS 10.15.7 “Catalina” (build: 19H1030)", "authentication":"Lucat", "firewall":"ALF: Enabled", "flags": [ "SIP:Enabled", "ALF:Enabled", "PFF:Disabled", "FileVault:Off", "GateKeeper:Enabled", "LittleSnitch:Not running", "arch:x86_64", "selinux:N/A" ], "cpu": { "name": "Intel® Core™ i7-4578U CPU @ 3.00GHz", "threads": 2 }, "memory": { "total-kb": 16777216, "type": "No ECC" }, "partitions": [ { "partition": "/dev/disk1s1", "mount-point":"/System/Volumes/Data", "type":"APFS", "total-kb":244912536, "storage":"direct" },{ "partition": "/dev/disk1s3", "mount-point":"/Volumes/Recovery", "type":"APFS", "total-kb":244912536, "storage":"direct" },{ "partition": "/dev/disk1s4", "mount-point":"/private/var/vm", "type":"APFS", "total-kb":244912536, "storage":"direct" },{ "partition": "/dev/disk1s5", "mount-point":"/", "type":"APFS", "total-kb":244912536, "storage":"direct" } ], "network-interfaces": [ { "interface": "en0", "ip4": "130.235.16.21", "ip6": "fe80::58:8f2a:e921:f63e%en0", "mac": "ac:87:a3:06:ac:d9", "mac-p": "N/A", "speed": "autoselect (1000baseT <full-duplex,flow-control>)" },{ "interface": "en1", "ip4": "", "ip6": "", "mac": "6c:40:08:be:15:f8", "mac-p": "N/A", "speed": "autoselect (<unknown type>)" },{ "interface": "bridge0", "ip4": "", "ip6": "", "mac": "82:15:01:5d:58:40", "mac-p": "N/A", "speed": "<unknown type>" } ], "platform": { "virtualized": false, "name": "type:Macmini7,1" } }'
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# listening ports
if
[
-n
"
$ListeningPorts
"
]
;
then
OUTPUT
=
""
while
read
-r
line
do
read
Application User IPver Proto Binding Port
<<<
"
$line
"
# Determine if there's some form of firewall rule that covers $Port:
FWrule
=
"null"
OUTPUT+
=
"{
\"
binding
\"
:
\"
${
Binding
:-
-
}
\"
,
\"
port
\"
:
${
Port
:-
-
}
,
\"
process-owner
\"
:
\"
${
Application
:-
-
}
\"
,
\"
process-user
\"
:
\"
${
User
:-
-
}
\"
,
\"
protocol
\"
:
\"
${
IPver
}
:
${
Proto
:-
-
}
\"
,
\"
firewall-rule
\"
:
$FWrule
},"
done
<<<
"
$ListeningPorts
"
ListenStr
=
",
\"
listen-ports
\"
: [
${
OUTPUT
%%,
}
]"
else
ListenStr
=
""
fi
# Ex:
# ListenStr=', "listen-ports": [ { "binding": "*", "port": 3283, "process-owner": "ARDAgent", "process-user": "csadmin", "protocol": "TCP", "firewall-rule": null }, { "binding": "127.0.0.1", "port": 23053, "process-owner": "Growl", "process-user": "csadmin", "protocol": "TCP", "firewall-rule": null }, { "binding": "[::1]", "port": 23053, "process-owner": "Growl", "process-user": "csadmin", "protocol": "TCP", "firewall-rule": null }, { "binding": "*", "port": 1581, "process-owner": "dsmcad", "process-user": "root", "protocol": "TCP", "firewall-rule": null } ]'
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# security patches
if
[
-n
"
$SecurityPatches
"
]
;
then
OUTPUT
=
""
while
read
-r
Patch
do
OUTPUT+
=
"{
\"
installed-version
\"
:
\"\"
,
\"
new-version
\"
:
\"\"
,
\"
package
\"
:
\"
$Patch
\"
,
\"
sources
\"
: [
\"
Apple
\"
,
\"
Apple
\"
] },"
done
<<<
"
$SecurityPatches
"
SecurityPatchStr
=
",
\"
security-patches
\"
: [ "
${
OUTPUT
%%,
}
" ]"
else
SecurityPatchStr
=
",
\"
security-patches
\"
: [ ]"
fi
# Ex:
# SecurityPatchStr=', "security-patches": [ { "installed-version": "", "new-version": "", "package": "macOS Catalina Security Update 2021-003-10.15.7", "sources": [ "Apple","Apple" ] } ]'
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# network
NetworkStr
=
"
\"
network
\"
: {
\"
hostname
\"
:
\"
$(
hostname
-f
)
\"
$AliasName
}"
# 3. Build observation string and check for errors
OBSERVATIONS
=
"{
${
SysinfoStr
//\
"--
\"
/null},
${
NetworkStr
}${
ListenStr
//\
"--
\"
/null}
${
SecurityPatchStr
}
}"
# 4. Upload results
/usr/bin/curl --silent -X POST
"
$MONITOR_RESTAPI_URL
/hosts/monitor?token=
$SOURCE_TOKEN
"
\
-H
"accept: application/json"
\
-H
"Content-Type: application/json"
\
-d
"
$OBSERVATIONS
"
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment