Merge branch 'master' of https://git.cs.lth.se/marcus/host-monitor

Synology/host-monitor.sh

+#!/bin/bash
+# Getting data for Synology boxes
+# 2021-06-07/PM
+
+MONITOR_RESTAPI_URL=https://monitor.cs.lth.se/api/v1
+
+source /var/services/homes/csadmin/monitoring/host-monitor.template
+
+# 1. Generating data
+
+#  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# sysinfo
+OS="DSM $(egrep productversion /etc.defaults/VERSION | cut -d\" -f2)-$(egrep buildnumber /etc.defaults/VERSION | cut -d\" -f2)"
+
+# Kind of CPU (CPUModel='Intel® Atom™ CPU  C2538  @ 2.40GHz'):
+CPUModel="$(egrep "^model name" /proc/cpuinfo | sort -u | cut -d: -f2 | sed -e 's/^ //' -e 's/(R)/®/g' -e 's/(TM)/™/')"
+if [ -z "$CPUModel" ]; then
+    CPUModel="$(egrep "^Processor" /proc/cpuinfo | sort -u | cut -d: -f2)"
+fi
+# Number of CPU:s (NbrCPUs=2):
+NbrCPUs=$(egrep -i "^processor" /proc/cpuinfo | wc -l)
+# Size of memory [kB]
+if [ -x /sbin/dmidecode ]; then
+    RAM=$(/sbin/dmidecode -t 17 2>/dev/null | grep "Size.*MB" | awk '{s+=$2} END {print s * 1024}')    # Ex: RAM=4194304
+    # Kind of memory (ECC='No ECC'  or  ECC='Multi-bit ECC'):
+    ECC="$(/sbin/dmidecode -t memory 2>/dev/null | egrep "Error Correction Type" | sort -u | cut -d: -f2 | sed -e 's/^ //' -e 's/None/No ECC/')"
+else
+    RAM="$(egrep "^MemTotal:" /proc/meminfo | awk '{print $2}')"
+    ECC="No ECC"
+fi
+# What kind of authentication?   Ex: Authentication=Lucat
+if [ -n "$(egrep -v "#|^$" /etc/synoinfo.conf | egrep "uwdc[0-9]{1,2}.uw.lu.se")" -a -n "$(egrep "default_realm = UW.LU.SE" /etc/krb5.conf)" ]; then 
+    Authentication="Lucat"
+else 
+    Authentication="Standalone"
+fi
+AuthStr="\"authentication\": \"${Authentication}\""     # Ex: AuthStr='"authentication": "Lucat"'
+# Firewall:
+if [ -n "$(/sbin/iptables --list --line-numbers | egrep "^[0-9]\s")" ]; then
+    Firewall="iptables: Enabled"
+else
+    Firewall="Disabled"
+fi
+FirewWStr="\"firewall\":\"${Firewall}\""    # Ex: FirewWStr='"firewall":"ufw"'
+# Disks
+Filesystems="$(df -k -T -x tmpfs -x devtmpfs | egrep -v "^Filesystem" | awk '{print $1" "$2" "$3" "$7}')"
+# Ex: a number of rows with
+# /dev/md0 ext4 2442780672 /
+# /dev/vg1/volume_1 btrfs 11508005167104 /volume1
+#(Filesystem             Type  1B-blocks    Mounted on)
+LVMDisks=""
+
+# Flags
+# SELinux
+SELinux="N/A"
+# CPU bugs
+CPUBugs=""
+# Ex: CPUBugs='cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit'
+Kernel="$(uname -r 2>/dev/null)"            # Ex: Kernel=3.10.105
+Architecture="$(uname -m 2>/dev/null)"      # Ex: Architecture=x86_64
+# Are we in a Virtual environment? No, not on a Synology!
+VMenv=""
+
+# Get more platform data
+PlatformManufacturer="$(/sbin/dmidecode -t 2 2>/dev/null | egrep "^\s*Manufacturer:" | cut -d: -f2 | cut -c2-)"   # Ex: PlatformManufacturer='Type2 - Board Vendor Name1'
+PlatformType="$(/sbin/dmidecode -t 2 2>/dev/null | egrep "^\s*Type:" | cut -d: -f2 | cut -c2-)"                   # Ex: PlatformType=Motherboard
+DeviceType="$(egrep "upnpdevicetype" /etc/synoinfo.conf | cut -d\" -f2)"
+ModelName="$(egrep "upnpmodelname" /etc/synoinfo.conf | cut -d\" -f2)"
+
+# Network interfaces
+IFs=$(/sbin/ip a |awk '/state UP/{print $2}' | sed 's/://')
+# Ex: IFs='eth0
+# eth1
+# eth2
+# eth3
+# bond0'
+
+# fail2ban
+Fail2Ban="N/A"
+
+
+#  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Security patches
+SecurityPatches=""
+
+#  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Listening ports
+ListeningPorts="$(netstat -tulpn 2>/dev/null | egrep "LISTEN" | egrep -v "\-\s*$" | sed -e 's_/_ _' -e 's/: /:_/' | awk '{print $8" "$7" "$1" "$4 }' | sort -u)"
+# List of: Application PID Proto_IPver Binding:Port
+# afpd 11179 tcp6 :::548
+# cnid_metad 11180 tcp 127.0.0.1:4700
+# httpd22 16613 tcp 127.0.0.1:914
+# iscsi_snapsho 17728 tcp 0.0.0.0:3262
+# nginx:_master 11631 tcp 0.0.0.0:443
+
+
+####################################################################################################################################################################
+####################################################################################################################################################################
+
+# 2. Generate JSON-parts
+
+#  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# sysinfo
+# Assemble the Flags string
+Flags="\"selinux:$SELinux\", \"kernel:${Kernel}\", \"arch:${Architecture:---}\", \"fail2ban:$Fail2Ban\""
+
+# partitions
+OUTPUT=""
+while read -r Filesystem Type KBlocks MountP
+do
+    LVM=""
+    OUTPUT+="{ \"partition\": \"$Filesystem\", \"mount-point\":\"$MountP\", \"type\":\"$Type\", \"total-kb\":$KBlocks, \"storage\":\"${LVM:-direct}\" },"
+done <<< "$Filesystems"
+# Assemble the complete string (minus the final comma)
+FilesystemStr="\"partitions\": [ ${OUTPUT%%,} ]"
+
+# Network interfaces
+OUTPUT=""
+for iname in $IFs
+do
+    IP4=$(/sbin/ip -4 -o a show ${iname%%@if[0-9]*} | awk '{print $4}')
+    IP6=$(/sbin/ip -6 -o a show ${iname%%@if[0-9]*} | awk '{print $4}')
+    MAC="$(/sbin/ip link show dev ${iname%%@if[0-9]*} |awk '/link/{print $2}')"
+    MAC_P=$(ethtool -P ${iname%%@if[0-9]*} | awk '{print $NF}')
+    Speed="$(ethtool ${iname%%@if[0-9]*} | grep "Speed:" | awk '{print $NF}')"
+    OUTPUT+="{ \"interface\": \"$iname\", \"ip4\": \"${IP4}\", \"ip6\": \"${IP6}\", \"mac\": \"${MAC}\", \"mac-p\": \"${MAC_P}\", \"speed\": \"${Speed}\" },"
+done
+NIStr="\"network-interfaces\": [ $(echo "${OUTPUT}" | sed 's/,$//') ]"
+# Ex: NIStr='"network-interfaces": [ { "interface": "ens192", "ip4": "130.235.16.11/23", "ip6": "fe80::250:56ff:feb6:b194/64", "mac": "00:50:56:b6:b1:94", "mac-p": "00:50:56:b6:b1:94", "speed": "10000Mb/s" } ]'
+
+# Platform
+PlatformStr="\"platform\": { \"virtualized\": false, \"name\": \"$DeviceType $ModelName\" }"
+
+# network
+AliasName=", \"alias\": [\"$DNSAlias\"] "
+NetworkStr="\"network\": { \"hostname\": \"$(hostname -f)\"$AliasName }"
+
+CPUstr="\"cpu\": { \"name\": \"${CPUModel:---}\", \"threads\": ${NbrCPUs:---} }"
+RAMStr="\"memory\": { \"total-kb\": ${RAM:---}, \"type\": \"${ECC:---}\" }"
+SysinfoStr="\"sysinfo\": { \"os\": \"${OS:---}\", \"authentication\":\"${Authentication}\", \"firewall\":\"${Firewall}\", \"flags\": [ ${Flags} ], $CPUstr, $RAMStr, $FilesystemStr, $NIStr, $PlatformStr, $NetworkStr }"
+# Ex:
+
+#  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# listening ports
+# List of: Application PID Proto_IPver Binding:Port
+# afpd 11179 tcp6 :::548
+if [ -n "$ListeningPorts" ]; then
+    OUTPUT=""
+    while read -r line
+    do
+      #read Application User IPver Proto Binding Port <<< "$line"
+      read Application PidUser Proto_IPver Binding_Port <<< "$line"
+      FWrule="null"
+	  if [ -n "$(echo "$Proto_IPver" | egrep 6)" ]; then
+	      PROTO="IPv6:${Proto_IPver%%6}"
+      else
+	      PROTO="IPv4:$Proto_IPver"
+	  fi
+	  Euser="$(ps -p $PidUser --no-headers -o euser)"
+	  Binding="$(echo "${Binding_Port%%:[0-9]*}" | sed -e 's/0.0.0.0/*/')"
+	  Port="$(echo "$Binding_Port" | awk '-F:' '{print $NF}')"
+      OUTPUT+="{ \"binding\": \"${Binding:--}\", \"port\": ${Port:--}, \"process-owner\": \"${Application:--}\", \"process-user\": \"${Euser:--}\", \"protocol\": \"${PROTO:--}\", \"firewall-rule\": $FWrule },"
+    done <<< "$ListeningPorts"
+    # Assemble the complete string (minus the final comma)
+    ListenStr=", \"listen-ports\": [ ${OUTPUT%%,} ]"
+else
+    ListenStr=""
+fi
+# Ex:
+
+#  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# security patches
+if [ -n "$SecurityPatches" ]; then
+    OUTPUT=""
+    while read -r Package Sources InstalledVer Arch NewVer
+    do
+        Source="$(echo -e ${Sources//,/'\n'} | sort -u | sed -z 's/\n/,/g;s/,$/\n/')"
+        STR="\"${Sources//,/\",\"}\""
+        SourceArr="$(echo -e ${STR//,/'\n'} | sort -u | sed -z 's/\n/,/g;s/,$/\n/')"
+        OUTPUT+="{ \"installed-version\": \"$InstalledVer\", \"new-version\": \"$NewVer\", \"package\": \"$Package\", \"sources\": [ $SourceArr ] },"
+    done <<< "$SecurityPatches"
+    # Assemble the complete string (minus the final comma)
+    SecurityPatchStr=", \"security-patches\": [ ${OUTPUT%%,} ]"
+else
+    SecurityPatchStr=""
+fi
+
+
+# 3. Build observation string and check for errors
+OBSERVATIONS="{ ${SysinfoStr//\"--\"/null}${ListenStr//\"--\"/null}${SecurityPatchStr} }"
+
+# 4. Upload results
+curl --silent -X POST "$MONITOR_RESTAPI_URL/hosts/monitor?token=$SOURCE_TOKEN" \
+    -H  "accept: application/json" \
+    -H  "Content-Type: application/json" \
+    -d "$OBSERVATIONS"

linux/host-monitor.sh

@@ -37,8 +37,10 @@ CPUModel="$(egrep "^model name" /proc/cpuinfo | sort -u | cut -d: -f2 | sed -e '
 # Number of CPU:s (NbrCPUs=2):
 NbrCPUs=$(egrep "^processor" /proc/cpuinfo | wc -l)
 # Size of memory [kB]
-#RAM=$(egrep "^MemTotal" /proc/meminfo | awk '{print $2}')
 RAM=$(/usr/sbin/dmidecode -t 17 | grep "Size.*MB" | awk '{s+=$2} END {print s * 1024}')    # Ex: RAM=4194304
+if [ $RAM -eq 0 ]; then
+    RAM=$(egrep "^MemTotal" /proc/meminfo | awk '{print $2}')
+fi
 # Kind of memory (ECC='No ECC'  or  ECC='Multi-bit ECC'):
 ECC="$(/usr/sbin/dmidecode -t memory | egrep "Error Correction Type" | sort -u | cut -d: -f2 | sed -e 's/^ //' -e 's/None/No ECC/')"
 # What kind of authentication?   Ex: Authentication=Lucat
@@ -60,7 +62,7 @@ LVMDisks="$(lsblk -b | egrep -i lvm | awk '{print $4" "$NF}' | egrep -vi swap |
 
 # Flags
 # SELinux
-SELinux="$(if sestatus &>/dev/null; then sestatus | egrep "^Current mode:" | awk '{print $NF}'; else echo "Not present"; fi)"
+SELinux="$(if sestatus &>/dev/null; then sestatus | egrep "^Current mode:|^SELinux status:" | awk '{print $NF}'; else echo "Not present"; fi)"
 # CPU bugs
 CPUBugs="$(egrep "^bugs" /proc/cpuinfo | cut -d: -f2 | cut -c2- | uniq)"
 # Ex: CPUBugs='cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit'