Commit 58fbb20d authored by root's avatar root
parents 412997bc aa602d3b
#!/bin/bash
# Getting data for Synology boxes
# 2021-06-07/PM
MONITOR_RESTAPI_URL=https://monitor.cs.lth.se/api/v1
source /var/services/homes/csadmin/monitoring/host-monitor.template
# 1. Generating data
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# sysinfo
OS="DSM $(egrep productversion /etc.defaults/VERSION | cut -d\" -f2)-$(egrep buildnumber /etc.defaults/VERSION | cut -d\" -f2)"
# Kind of CPU (CPUModel='Intel® Atom™ CPU C2538 @ 2.40GHz'):
CPUModel="$(egrep "^model name" /proc/cpuinfo | sort -u | cut -d: -f2 | sed -e 's/^ //' -e 's/(R)/®/g' -e 's/(TM)/™/')"
if [ -z "$CPUModel" ]; then
CPUModel="$(egrep "^Processor" /proc/cpuinfo | sort -u | cut -d: -f2)"
fi
# Number of CPU:s (NbrCPUs=2):
NbrCPUs=$(egrep -i "^processor" /proc/cpuinfo | wc -l)
# Size of memory [kB]
if [ -x /sbin/dmidecode ]; then
RAM=$(/sbin/dmidecode -t 17 2>/dev/null | grep "Size.*MB" | awk '{s+=$2} END {print s * 1024}') # Ex: RAM=4194304
# Kind of memory (ECC='No ECC' or ECC='Multi-bit ECC'):
ECC="$(/sbin/dmidecode -t memory 2>/dev/null | egrep "Error Correction Type" | sort -u | cut -d: -f2 | sed -e 's/^ //' -e 's/None/No ECC/')"
else
RAM="$(egrep "^MemTotal:" /proc/meminfo | awk '{print $2}')"
ECC="No ECC"
fi
# What kind of authentication? Ex: Authentication=Lucat
if [ -n "$(egrep -v "#|^$" /etc/synoinfo.conf | egrep "uwdc[0-9]{1,2}.uw.lu.se")" -a -n "$(egrep "default_realm = UW.LU.SE" /etc/krb5.conf)" ]; then
Authentication="Lucat"
else
Authentication="Standalone"
fi
AuthStr="\"authentication\": \"${Authentication}\"" # Ex: AuthStr='"authentication": "Lucat"'
# Firewall:
if [ -n "$(/sbin/iptables --list --line-numbers | egrep "^[0-9]\s")" ]; then
Firewall="iptables: Enabled"
else
Firewall="Disabled"
fi
FirewWStr="\"firewall\":\"${Firewall}\"" # Ex: FirewWStr='"firewall":"ufw"'
# Disks
Filesystems="$(df -k -T -x tmpfs -x devtmpfs | egrep -v "^Filesystem" | awk '{print $1" "$2" "$3" "$7}')"
# Ex: a number of rows with
# /dev/md0 ext4 2442780672 /
# /dev/vg1/volume_1 btrfs 11508005167104 /volume1
#(Filesystem Type 1B-blocks Mounted on)
LVMDisks=""
# Flags
# SELinux
SELinux="N/A"
# CPU bugs
CPUBugs=""
# Ex: CPUBugs='cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit'
Kernel="$(uname -r 2>/dev/null)" # Ex: Kernel=3.10.105
Architecture="$(uname -m 2>/dev/null)" # Ex: Architecture=x86_64
# Are we in a Virtual environment? No, not on a Synology!
VMenv=""
# Get more platform data
PlatformManufacturer="$(/sbin/dmidecode -t 2 2>/dev/null | egrep "^\s*Manufacturer:" | cut -d: -f2 | cut -c2-)" # Ex: PlatformManufacturer='Type2 - Board Vendor Name1'
PlatformType="$(/sbin/dmidecode -t 2 2>/dev/null | egrep "^\s*Type:" | cut -d: -f2 | cut -c2-)" # Ex: PlatformType=Motherboard
DeviceType="$(egrep "upnpdevicetype" /etc/synoinfo.conf | cut -d\" -f2)"
ModelName="$(egrep "upnpmodelname" /etc/synoinfo.conf | cut -d\" -f2)"
# Network interfaces
IFs=$(/sbin/ip a |awk '/state UP/{print $2}' | sed 's/://')
# Ex: IFs='eth0
# eth1
# eth2
# eth3
# bond0'
# fail2ban
Fail2Ban="N/A"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Security patches
SecurityPatches=""
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Listening ports
ListeningPorts="$(netstat -tulpn 2>/dev/null | egrep "LISTEN" | egrep -v "\-\s*$" | sed -e 's_/_ _' -e 's/: /:_/' | awk '{print $8" "$7" "$1" "$4 }' | sort -u)"
# List of: Application PID Proto_IPver Binding:Port
# afpd 11179 tcp6 :::548
# cnid_metad 11180 tcp 127.0.0.1:4700
# httpd22 16613 tcp 127.0.0.1:914
# iscsi_snapsho 17728 tcp 0.0.0.0:3262
# nginx:_master 11631 tcp 0.0.0.0:443
####################################################################################################################################################################
####################################################################################################################################################################
# 2. Generate JSON-parts
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# sysinfo
# Assemble the Flags string
Flags="\"selinux:$SELinux\", \"kernel:${Kernel}\", \"arch:${Architecture:---}\", \"fail2ban:$Fail2Ban\""
# partitions
OUTPUT=""
while read -r Filesystem Type KBlocks MountP
do
LVM=""
OUTPUT+="{ \"partition\": \"$Filesystem\", \"mount-point\":\"$MountP\", \"type\":\"$Type\", \"total-kb\":$KBlocks, \"storage\":\"${LVM:-direct}\" },"
done <<< "$Filesystems"
# Assemble the complete string (minus the final comma)
FilesystemStr="\"partitions\": [ ${OUTPUT%%,} ]"
# Network interfaces
OUTPUT=""
for iname in $IFs
do
IP4=$(/sbin/ip -4 -o a show ${iname%%@if[0-9]*} | awk '{print $4}')
IP6=$(/sbin/ip -6 -o a show ${iname%%@if[0-9]*} | awk '{print $4}')
MAC="$(/sbin/ip link show dev ${iname%%@if[0-9]*} |awk '/link/{print $2}')"
MAC_P=$(ethtool -P ${iname%%@if[0-9]*} | awk '{print $NF}')
Speed="$(ethtool ${iname%%@if[0-9]*} | grep "Speed:" | awk '{print $NF}')"
OUTPUT+="{ \"interface\": \"$iname\", \"ip4\": \"${IP4}\", \"ip6\": \"${IP6}\", \"mac\": \"${MAC}\", \"mac-p\": \"${MAC_P}\", \"speed\": \"${Speed}\" },"
done
NIStr="\"network-interfaces\": [ $(echo "${OUTPUT}" | sed 's/,$//') ]"
# Ex: NIStr='"network-interfaces": [ { "interface": "ens192", "ip4": "130.235.16.11/23", "ip6": "fe80::250:56ff:feb6:b194/64", "mac": "00:50:56:b6:b1:94", "mac-p": "00:50:56:b6:b1:94", "speed": "10000Mb/s" } ]'
# Platform
PlatformStr="\"platform\": { \"virtualized\": false, \"name\": \"$DeviceType $ModelName\" }"
# network
AliasName=", \"alias\": [\"$DNSAlias\"] "
NetworkStr="\"network\": { \"hostname\": \"$(hostname -f)\"$AliasName }"
CPUstr="\"cpu\": { \"name\": \"${CPUModel:---}\", \"threads\": ${NbrCPUs:---} }"
RAMStr="\"memory\": { \"total-kb\": ${RAM:---}, \"type\": \"${ECC:---}\" }"
SysinfoStr="\"sysinfo\": { \"os\": \"${OS:---}\", \"authentication\":\"${Authentication}\", \"firewall\":\"${Firewall}\", \"flags\": [ ${Flags} ], $CPUstr, $RAMStr, $FilesystemStr, $NIStr, $PlatformStr, $NetworkStr }"
# Ex:
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# listening ports
# List of: Application PID Proto_IPver Binding:Port
# afpd 11179 tcp6 :::548
if [ -n "$ListeningPorts" ]; then
OUTPUT=""
while read -r line
do
#read Application User IPver Proto Binding Port <<< "$line"
read Application PidUser Proto_IPver Binding_Port <<< "$line"
FWrule="null"
if [ -n "$(echo "$Proto_IPver" | egrep 6)" ]; then
PROTO="IPv6:${Proto_IPver%%6}"
else
PROTO="IPv4:$Proto_IPver"
fi
Euser="$(ps -p $PidUser --no-headers -o euser)"
Binding="$(echo "${Binding_Port%%:[0-9]*}" | sed -e 's/0.0.0.0/*/')"
Port="$(echo "$Binding_Port" | awk '-F:' '{print $NF}')"
OUTPUT+="{ \"binding\": \"${Binding:--}\", \"port\": ${Port:--}, \"process-owner\": \"${Application:--}\", \"process-user\": \"${Euser:--}\", \"protocol\": \"${PROTO:--}\", \"firewall-rule\": $FWrule },"
done <<< "$ListeningPorts"
# Assemble the complete string (minus the final comma)
ListenStr=", \"listen-ports\": [ ${OUTPUT%%,} ]"
else
ListenStr=""
fi
# Ex:
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# security patches
if [ -n "$SecurityPatches" ]; then
OUTPUT=""
while read -r Package Sources InstalledVer Arch NewVer
do
Source="$(echo -e ${Sources//,/'\n'} | sort -u | sed -z 's/\n/,/g;s/,$/\n/')"
STR="\"${Sources//,/\",\"}\""
SourceArr="$(echo -e ${STR//,/'\n'} | sort -u | sed -z 's/\n/,/g;s/,$/\n/')"
OUTPUT+="{ \"installed-version\": \"$InstalledVer\", \"new-version\": \"$NewVer\", \"package\": \"$Package\", \"sources\": [ $SourceArr ] },"
done <<< "$SecurityPatches"
# Assemble the complete string (minus the final comma)
SecurityPatchStr=", \"security-patches\": [ ${OUTPUT%%,} ]"
else
SecurityPatchStr=""
fi
# 3. Build observation string and check for errors
OBSERVATIONS="{ ${SysinfoStr//\"--\"/null}${ListenStr//\"--\"/null}${SecurityPatchStr} }"
# 4. Upload results
curl --silent -X POST "$MONITOR_RESTAPI_URL/hosts/monitor?token=$SOURCE_TOKEN" \
-H "accept: application/json" \
-H "Content-Type: application/json" \
-d "$OBSERVATIONS"
......@@ -37,8 +37,10 @@ CPUModel="$(egrep "^model name" /proc/cpuinfo | sort -u | cut -d: -f2 | sed -e '
# Number of CPU:s (NbrCPUs=2):
NbrCPUs=$(egrep "^processor" /proc/cpuinfo | wc -l)
# Size of memory [kB]
#RAM=$(egrep "^MemTotal" /proc/meminfo | awk '{print $2}')
RAM=$(/usr/sbin/dmidecode -t 17 | grep "Size.*MB" | awk '{s+=$2} END {print s * 1024}') # Ex: RAM=4194304
if [ $RAM -eq 0 ]; then
RAM=$(egrep "^MemTotal" /proc/meminfo | awk '{print $2}')
fi
# Kind of memory (ECC='No ECC' or ECC='Multi-bit ECC'):
ECC="$(/usr/sbin/dmidecode -t memory | egrep "Error Correction Type" | sort -u | cut -d: -f2 | sed -e 's/^ //' -e 's/None/No ECC/')"
# What kind of authentication? Ex: Authentication=Lucat
......@@ -60,7 +62,7 @@ LVMDisks="$(lsblk -b | egrep -i lvm | awk '{print $4" "$NF}' | egrep -vi swap |
# Flags
# SELinux
SELinux="$(if sestatus &>/dev/null; then sestatus | egrep "^Current mode:" | awk '{print $NF}'; else echo "Not present"; fi)"
SELinux="$(if sestatus &>/dev/null; then sestatus | egrep "^Current mode:|^SELinux status:" | awk '{print $NF}'; else echo "Not present"; fi)"
# CPU bugs
CPUBugs="$(egrep "^bugs" /proc/cpuinfo | cut -d: -f2 | cut -c2- | uniq)"
# Ex: CPUBugs='cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit'
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment