#! /bin/bash # Service starter upon user connection for a cloe infrastructure # # # ##-l This documentation and this script are GPL licensed. Enjoy. ##-l ##-l ####################################### ##-l # This program is Free Software; you can redistribute it and/or ##-l # modify it under the terms of the GNU General Public License ##-l # as published by the Free Software Foundation; either version 3 ##-l # of the License, or (at your option) any later version. ##-l # ##-l # This program is distributed in the hope that it will be useful, ##-l # but WITHOUT ANY WARRANTY; without even the implied warranty of ##-l # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ##-l # GNU General Public License for more details. ##-l # ##-l # You should have received a copy of the GNU General Public License ##-l # along with this program; if not, write to the Free Software ##-l # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ##-l # ##-l ####################################### ##-l #Copyright SISalp www.sisalp.fr 2008 ##-l #par dominique.chabord@sisalp.org SISalp.org ##-l ##-l ##-l # # # Adapter les valeurs des variables # en editant le fichier de configuration /etc/cloe/cloe.local.conf #echo "`date +\"%A_%x-%H:%M:%S\"` user : `whoami` ; parameters : $0 $*" #============================CONSTANTES=================================--) MYVERSION="5-june-2017-3" REVISION="20-may-2025-0" MACHINE=`hostname` ME=`basename $0` TODAY_DATE=`date +%A_%x-%H-%M-%S` AUTO_SERVICE_CONF_DIR="/usr/local/etc/auto_service" AUTO_SERVICE_CONF_FILE="$AUTO_SERVICE_CONF_DIR/auto_service.conf" if [ ! -d "$AUTO_SERVICE_CONF_DIR" ] ; then echo "$0 is disabled, create manually $AUTO_SERVICE_CONF_DIR directory to enable it" exit 0 fi if [ ! -f "$AUTO_SERVICE_CONF_FILE" ] ; then echo "# created on $TODAY_DATE by $MACHINE $0 $* case \"\$1\" in -list) echo \" Configuration values : AUTO_SERVICE_SOURCE \$AUTO_SERVICE_SOURCE AUTO_SERVICE_CONF_DIR \$AUTO_SERVICE_CONF_DIR VS_COMMANDS \$VS_COMMANDS ADMIN_MAIL auto_service.admin_mail.conf \$ADMIN_MAIL DEJAVU /tmp/auto_service.dejavu.tmp \$DEJAVU DENIED_DOMAINS auto_service.denied.domains.conf \$DENIED_DOMAINS DENIED_IPS auto_service.denied.ips.conf \$DENIED_IPS DENIED_WHOIS auto_service.denied.whois.conf \$DENIED_WHOIS FILTER auto_service.filter.conf \$FILTER PROXY_DIR auto_service.proxy.dir.conf \$PROXY_DIR PROXY_ID auto_service.proxy.id.conf \$PROXY_ID PROXY_PARAMETERS auto_service.proxy.parameters.conf \$PROXY_PARAMETERS SOMMEIL auto_service.pace.conf \$SOMMEIL VERBOSE auto_service.verbose.conf \$VERBOSE WATCHED_DOMAINS auto_service.watched.domains.conf \$WATCHED_DOMAINS WATCHED_LOG_LIST auto_service.watched.logs.conf \$WATCHED_LOG_LIST ERROR_CODE 503 AUTO_SERVICE_DEBUG_LOG /tmp/auto_service.debug.log AUTO_SERVICE_LOG /tmp/auto_service.log AUTO_SERVICE_PID /tmp/auto_service.loop.pid AUTO_SERVICE_REPORT /tmp/auto_service.report\" ;; *) AUTO_SERVICE_SOURCE=\"http://download.sisalp.net/scripts/auto_service\" AUTO_SERVICE_CONF_DIR=\"$AUTO_SERVICE_CONF_DIR\" AUTO_SERVICE_PARAMETERS () { #parameters: configuration_file_name default_values # conf_file=\"\$1\" shift case \"\$conf_file\" in /tmp/*) conf_dir=\"\" ;; *) conf_dir=\"\$AUTO_SERVICE_CONF_DIR/\" ;; esac if [ -f \"\$conf_dir\$conf_file\" ] ; then cat \$conf_dir\$conf_file else echo \"\$*\" > \$conf_dir\$conf_file echo \"\$*\" fi } #default values: # ADMIN_MAIL=\"contact@sisalp.com\" DEJAVU=\":\" DENIED_DOMAINS=\" \" DENIED_IPS=\"\" DENIED_WHOIS=\"\" FILTER=\"robots.txt /longpolling/poll Googlebot YandexBot YandexImages AhrefsBot ahrefs bingbot Baiduspider DotBot BuBing seoscanners SemrushBot semrush FeedlyBot Findxbot Uptimebot BLEXBot GrapeshotCrawler SurveyBot Cliqzbot Sogou SEOkicks-Robot TweetmemeBot CCBot spbot MegaIndex.ru Exabot domaincrawler crawler DuckDuckGo-Favicons-Bot RU_Bot Wotbox NetcraftSurveyAgent SiteExplorer gce-spider ExaleadCloudView wp-admin wp-content wp-login xmlrpc.php /calendar/notify Slurp index.php Zapier bot.html\" PROXY_DIR=\"/var/lib/vz/private/111\" PROXY_ID=\"111\" PROXY_PARAMETERS=\"\$PROXY_DIR/etc/apache2/sites-enabled\" SOMMEIL=\"12\" VS_COMMANDS=\"#xoe config -set -auto -SERVICE-\n#xoe start -SERVICE-\" WATCHED_DOMAINS=\"sisalp.net .openerp-online.fr .openerp-online.com .academie-openerp.fr .academie-openerp.com .fr .com .net .online\" WATCHED_LOG_LIST=\"\$PROXY_DIR/var/log/apache2/transfer.web.erp.log\" #Parsing configuration # ADMIN_MAIL=\`AUTO_SERVICE_PARAMETERS auto_service.admin_mail.conf \$ADMIN_MAIL\` DEJAVU=\`AUTO_SERVICE_PARAMETERS /tmp/auto_service.dejavu.tmp \$DEJAVU\` DENIED_IPS=\`AUTO_SERVICE_PARAMETERS auto_service.denied.ips.conf \$DENIED_IPS\` DENIED_WHOIS=\`AUTO_SERVICE_PARAMETERS auto_service.denied.whois.conf \$DENIED_WHOIS\` DENIED_DOMAINS=\`AUTO_SERVICE_PARAMETERS auto_service.denied.domains.conf \$DENIED_DOMAINS\` FILTER=\`AUTO_SERVICE_PARAMETERS auto_service.filter.conf \$FILTER\` PROXY_DIR=\`AUTO_SERVICE_PARAMETERS auto_service.proxy.dir.conf \$PROXY_DIR\` PROXY_ID=\`AUTO_SERVICE_PARAMETERS auto_service.proxy.id.conf \$PROXY_ID\` PROXY_PARAMETERS=\`AUTO_SERVICE_PARAMETERS auto_service.proxy.parameters.conf \$PROXY_PARAMETERS\` SOMMEIL=\`AUTO_SERVICE_PARAMETERS auto_service.pace.conf \$SOMMEIL\` VERBOSE=\`AUTO_SERVICE_PARAMETERS auto_service.verbose.conf quiet\` VS_COMMANDS=\`AUTO_SERVICE_PARAMETERS auto_service.commands \"\$VS_COMMANDS\"\` WATCHED_DOMAINS=\`AUTO_SERVICE_PARAMETERS auto_service.watched.domains.conf \$WATCHED_DOMAINS\` WATCHED_LOG_LIST=\`AUTO_SERVICE_PARAMETERS auto_service.watched.logs.conf \$WATCHED_LOG_LIST\` # # #VS_COMMANDS=\`cat \$AUTO_SERVICE_CONF_DIR/auto_service.commands\` ERROR_CODE=\" 503 \" AUTO_SERVICE_PID=\"/tmp/auto_service.loop.pid\" AUTO_SERVICE_DEJAVU=\"/tmp/auto_service.dejavu.tmp\" AUTO_SERVICE_LOG=\"/tmp/auto_service.log\" AUTO_SERVICE_REPORT=\"/tmp/auto_service.\$\$.report\" AUTO_SERVICE_DEBUG_LOG=\"/tmp/auto_service.debug.log\" ;; esac " > $AUTO_SERVICE_CONF_FILE fi chmod 700 $AUTO_SERVICE_CONF_FILE . $AUTO_SERVICE_CONF_FILE #------------------------------------------------------------------------- MESSAGE () #------------------------------------------------------------------------- { msg_opt="$1" DATE_TIME=`date +%A_%x-%H-%M-%S` shift case "$VERBOSE" in debug) echo "$MACHINE|auto_service|$msg_opt |$DATE_TIME|$$-$*" >> $AUTO_SERVICE_DEBUG_LOG ;; esac case "$msg_opt" in -b) echo "$MACHINE|auto_service|$*" >> $AUTO_SERVICE_LOG echo "$MACHINE|auto_service|$*" echo "$MACHINE|auto_service|***********************************************************" >> $AUTO_SERVICE_LOG echo "$MACHINE|auto_service|***********************************************************" ;; -c) echo "$MACHINE|auto_service|$*" ;; -ct) echo "$MACHINE|auto_service|-----------------------------------------------------------" echo "$MACHINE|auto_service|$*" echo "$MACHINE|auto_service|-----------------------------------------------------------" ;; -cu) echo "$MACHINE|auto_service|$*" echo "$MACHINE|auto_service|-----------------------------------------------------------" ;; -cuu) echo "$MACHINE|auto_service|$*" echo "$MACHINE|auto_service|===========================================================" ;; -cv) case "$VERBOSE" in verbose|blabla|debug) echo "$MACHINE|auto_service|INFO |$*" ;; esac ;; -cvv) case "$VERBOSE" in blabla|debug) echo "$MACHINE|auto_service|BLABL|$*" ;; esac ;; -d) ;; -e) echo "$MACHINE|auto_service|$DATE_TIME|ERROR|$* : ERROR" >> $AUTO_SERVICE_LOG echo "$MACHINE|auto_service|ERROR|$* : ERROR" ;; -h) echo "$MACHINE|auto_service|-----------------------------------------------------------" >> $AUTO_SERVICE_LOG echo "$MACHINE|auto_service|$DATE_TIME|HEADR|$*" >> $AUTO_SERVICE_LOG ;; -l) echo "$MACHINE|auto_service|$DATE_TIME|LOG |$*" >> $AUTO_SERVICE_LOG ;; -n) case "$VERBOSE" in blabla|debug) echo -n "$*" echo "$MACHINE|auto_service|$DATE_TIME|BLABL|$*" >> $AUTO_SERVICE_LOG ;; *) echo -n "$*" echo -n "$*" >> $AUTO_SERVICE_LOG esac ;; -q) echo -n "$MACHINE|auto_service|QUEST|$* ? : " ;; -r) echo "" >> $AUTO_SERVICE_LOG echo "" ;; -t) echo "$MACHINE|auto_service|-----------------------------------------------------------" >> $AUTO_SERVICE_LOG echo "$MACHINE|auto_service|-----------------------------------------------------------" echo "$MACHINE|auto_service|$DATE_TIME|$*" >> $AUTO_SERVICE_LOG echo "$MACHINE|auto_service|$*" echo "$MACHINE|auto_service|-----------------------------------------------------------" >> $AUTO_SERVICE_LOG echo "$MACHINE|auto_service|-----------------------------------------------------------" ;; -u) echo "$MACHINE|auto_service|$DATE_TIME|$*" >> $AUTO_SERVICE_LOG echo "$MACHINE|auto_service|$*" echo "$MACHINE|auto_service|-----------------------------------------------------------" >> $AUTO_SERVICE_LOG echo "$MACHINE|auto_service|-----------------------------------------------------------" ;; -uu) echo "$MACHINE|auto_service|$DATE_TIME|$*" >> $AUTO_SERVICE_LOG echo "$MACHINE|auto_service|$*" echo "$MACHINE|auto_service|===========================================================" >> $AUTO_SERVICE_LOG echo "$MACHINE|auto_service|===========================================================" ;; -v) case "$VERBOSE" in verbose|blabla|debug) echo "$MACHINE|auto_service|INFO |$*" ;; esac echo "$MACHINE|auto_service|$DATE_TIME|INFO |$*" >> $AUTO_SERVICE_LOG ;; -vv) case "$VERBOSE" in blabla|debug) echo "$MACHINE|auto_service|BLABL|$*" echo "$MACHINE|auto_service|$DATE_TIME|BLABL|$*" >> $AUTO_SERVICE_LOG ;; *) echo -n "." echo -n "." >> $AUTO_SERVICE_LOG esac ;; -w) echo "$MACHINE|auto_service|$DATE_TIME|WARNG|$* : WARNING" >> $AUTO_SERVICE_LOG echo "$MACHINE|auto_service|WARNG|$* : WARNING" ;; *) echo "$MACHINE|auto_service|$DATE_TIME|$msg_opt $*" >> $AUTO_SERVICE_LOG echo "$MACHINE|auto_service|$msg_opt $*" ;; esac } #------------------------------------------------------------------------- ALERT () #------------------------------------------------------------------------- { ALERT_LEVEL="OK" if cat $1 | grep -q "ERROR" ; then ALERT_LEVEL="ERROR" else if cat $1 | grep "WARNG" ; then ALERT_LEVEL="WARNG" fi fi } #------------------------------------------------------------------------- CHECK_DENIED_IPS () #------------------------------------------------------------------------- { RESULT="too_good" tested_ip="$1" for denied_ip in $DENIED_IPS ; do case "$tested_ip" in # parfois ambigu sur le dernier nombre $denied_ip*) #MESSAGE -v "$LINENO request from banned IP $tested_ip" MESSAGE -n "d" RESULT="denied" break ;; esac done case "$RESULT" in denied) ;; *) #MESSAGE -v "$LINENO denied whois: $DENIED_WHOIS" tested_whois=`whois $tested_ip` FOR_LINE ; for denied_whois in $DENIED_WHOIS ; do DO #MESSAGE -v "$LINENO check $tested_ip WHOIS contains $denied_whois" case "$tested_whois" in *$denied_whois*) #MESSAGE -v "$LINENO request from banned WHOIS $denied_whois" MESSAGE -n "w" RESULT="denied" break ;; esac DONE_LINE ; done ; DONE ;; esac } #------------------------------------------------------------------------- MAIL () #------------------------------------------------------------------------- { /usr/loc/bin/spool --push mail $* } #------------------------------------------------------------------------- standard_IFS="$IFS" ; line_IFS=$'\n' ; FOR_LINE () { IFS="$line_IFS" ; } DO () { IFS="$standard_IFS" ; } DONE_LINE () { IFS="$line_IFS" ; } DONE () { IFS="$standard_IFS" ; } #example #FOR_LINE ; for line in `cat $file` ; do DO # .... #DONE_LINE ; done ; DONE COMMAND="$1" shift case "$COMMAND" in #------------------------------------------------------------------------- --help|--usage|-h|?) ##? demarrage des services erp a la demande ##? auto_service o[--]command [-option]o[parameters] ##? when available, -noblabla option enables short output ##? command is one of : ##? ================== ##? command options parameters ##? ======= ======= ========== ##?-c --ban list_of [end_of_fqdn|beginning_of_ip_address] ##?-a --change ##?-c --config ##? --config -reset ##? --config -edit ##?-h --documentation ##?-h --help ##?-a --license ##?-h --live ##? --live -debug ##?-h --log ##? --log -debug ##?-a --proxy ##?-h --quiet ##?_r --report ##?-s --start [error_code [commande]] ##? --stop ##?-a --update [http://source] ##?-h --version [-noblabla] ##?-h --verbose [-debug|-no-debug] ##? ##? log trace : ##? =========== ##? ' auto_service is activated ##? : requested domain is already known, nothing done ##? ; web service is already known, nothing done ##? d ip is banned ##? D domain is banned ##? ##? ------------------------------------------ ##? more with --command -usage option ##? full documentation with --documentation and --config commands ##? type q to quit help cat $0 | grep "^##?" | cut -b4- | cut -f2- exit 0 ;; #------------------------------------------------------------------------- --ban) write_ips="no" write_domains="no" for parameter in $* ; do case "$parameter" in [1-9]*) if ! echo "$DENIED_IPS" | grep -q "$parameter" ; then DENIED_IPS="$parameter $DENIED_IPS" write_ips="yes" else MESSAGE -c "$LINENO ip $parameter is already banned" fi ;; *) if ! echo "$DENIED_DOMAINS" | grep -q "$parameter" ; then DENIED_DOMAINS="$parameter $DENIED_DOMAINS" write_domains="yes" else MESSAGE -c "$LINENO domain $parameter is already banned" fi ;; esac done case "$write_ips" in yes) echo "DENIED_IPS=\"$DENIED_IPS\"" >> $AUTO_SERVICE_CONF_FILE ;; esac case "$write_domains" in yes) echo "DENIED_DOMAINS=\"$DENIED_DOMAINS\"" >> $AUTO_SERVICE_CONF_FILE ;; esac ;; #------------------------------------------------------------------------- --config) case "$1" in -reset) rm $AUTO_SERVICE_CONF_FILE MESSAGE -c "$LINENO configuration is reset to defaults" ;; -edit) nano $AUTO_SERVICE_CONF_FILE ;; *) #cat $AUTO_SERVICE_CONF_FILE . $AUTO_SERVICE_CONF_FILE -list ;; esac ;; #------------------------------------------------------------------------- --live) case "$1" in -debug) tail -f $AUTO_SERVICE_DEBUG_LOG ;; *) tail -f $AUTO_SERVICE_LOG ;; esac ;; #------------------------------------------------------------------------- --log) case $1 in -debug) cat -n $AUTO_SERVICE_DEBUG_LOG ;; *) cat -n $AUTO_SERVICE_LOG ;; esac ;; #------------------------------------------------------------------------- --proxy) PROXY_ID=`/usr/local/bin/cloe --proxy | cut -f3` PROXY_DIR=`/usr/local/bin/cloe --proxy | cut -f5` AUTO_SERVICE_CONF=`cat $AUTO_SERVICE_CONF_FILE` mv $AUTO_SERVICE_CONF_FILE $AUTO_SERVICE_CONF_FILE.save #echo "$PROXY_DIR" echo "$AUTO_SERVICE_CONF" | sed s%^'PROXY_DIR=.*'%PROXY_DIR=\"$PROXY_DIR\"% | sed s%^'PROXY_ID=.*'%PROXY_ID=\"$PROXY_ID\"% > $AUTO_SERVICE_CONF_FILE ;; #------------------------------------------------------------------------- --report) if [ -f "$AUTO_SERVICE_REPORT" ] ; then echo "End of report sent to $ADMIN_MAIL" >> $AUTO_SERVICE_REPORT ALERT $AUTO_SERVICE_REPORT MAIL content:$AUTO_SERVICE_REPORT to:$ADMIN_MAIL subject:"[root-$MACHINE]$ALERT_LEVEL|$ME|Report on restarted services" rm -f $AUTO_SERVICE_REPORT #echo "New report initialized by $0" >> $AUTO_SERVICE_REPORT fi ;; #------------------------------------------------------------------------- --verbose) #USAGE #CHECK_OPTIONS -usage -debug -blabla case "$1" in -blabla) echo "blabla" > $AUTO_SERVICE_VERBOSE chmod 777 $AUTO_SERVICE_VERBOSE MESSAGE -c "$LINENO Mode verbose blabla enabled, mode debug disabled" ;; -debug) echo "debug" > $AUTO_SERVICE_VERBOSE chmod 777 $AUTO_SERVICE_VERBOSE if [ -f "$AUTO_SERVICE_DEBUG_LOG" ] ; then chmod 777 $AUTO_SERVICE_DEBUG_LOG MESSAGE -v "$LINENO Mode debug enabled" else MESSAGE -v "$LINENO Mode debug enabled" chmod 777 $AUTO_SERVICE_DEBUG_LOG fi ;; -quiet) echo "quiet" > $AUTO_SERVICE_VERBOSE chmod 777 $AUTO_SERVICE_VERBOSE ;; *|-verbose|-noblabla|-nodebug) echo "verbose" > $AUTO_SERVICE_VERBOSE chmod 777 $AUTO_SERVICE_VERBOSE MESSAGE -v "$LINENO Mode verbose enabled, mode debug disabled" ;; esac exit 0 ;; #------------------------------------------------------------------------- --version) case "$1" in -noblabla) echo "$MYVERSION $REVISION" ;; *) echo "This script $0 is at version $MYVERSION last code revision is $REVISION" ;; esac exit 0 ;; #------------------------------------------------------------------------- --quiet) USAGE rm -f $AUTO_SERVICE_VERBOSE MESSAGE -c "Mode verbose disabled" exit 0 ;; #------------------------------------------------------------------------- --check) if [ ! -z "$1" ] ; then ERROR_CODE=" $1 " shift fi if [ ! -z "$1" ] ; then VS_OTHER_COMMAND="$*" fi for WATCHED_LOG in $WATCHED_LOG_LIST ; do if [ ! -e "$WATCHED_LOG" ] ; then MESSAGE -e "$LINENO file $WATCHED_LOG is not found" else #LIGNES_LOG=`tail $WATCHED_LOG | cut -b-200 | grep ".sisalp.net\|.openerp-online.fr\|.openerp-online.com\|.academie-openerp.fr" | grep " HTTP/1.1\"$ERROR_CODE"` LIGNES_LOG=`tail -n 50 $WATCHED_LOG | grep " HTTP/.*\"$ERROR_CODE"` if [ ! -z "$LIGNES_LOG" ] ; then log_domains=`echo "$LIGNES_LOG" | cut -d" " -f1 | sort -u | xargs` echo "auto_service failed requests detected $log_domains" >> $WATCHED_LOG for (( indval = 1 ; indval <= 12 ; indval++ )) ; do echo "auto_service gap filler $indval/12" >> $WATCHED_LOG done fi #MESSAGE -v "$LINENO $LIGNES_LOG" for excluded in $FILTER ; do LIGNES_LOG=`echo "$LIGNES_LOG" | grep -vi "$excluded"` done DOMAINS_LIST=`echo "$LIGNES_LOG" | cut -d" " -f-2 | sort -u` MESSAGE -d "$LINENO activation $* ERROR_CODE $ERROR_CODE =============================" #echo "$LIGNES_LOG" #echo "traitement de `echo -n "$LIGNES_LOG" | wc -l` lignes" FOR_LINE ; for LIGNE in $DOMAINS_LIST ; do DO MESSAGE -d "$LINENO ligne du log : $LIGNE error code is found tail -n 50 $WATCHED_LOG" FULL_DOMAIN=`echo "$LIGNE"|cut -d" " -f1` ORIGIN_IP=`echo "$LIGNE"|cut -d" " -f2` ip_is_denied="no" domain_is_watched="no" domain_is_denied="no" domain_is_known="no" CHECK_DENIED_IPS $ORIGIN_IP case "$RESULT" in denied) MESSAGE -d "$LINENO l'ip d'origine $ORIGIN_IP est dans les ips denied ou son whois est rejete" ip_is_denied="yes" ;; *) MESSAGE -d "$LINENO l'ip d'origine $ORIGIN_IP n'est pas dans les ips denied" case "$DEJAVU" in *:$FULL_DOMAIN:*) MESSAGE -vv "$LINENO le domaine $FULL_DOMAIN est deja connu" MESSAGE -n ":" domain_is_known="yes" ;; *) MESSAGE -d "$LINENO le domaine $FULL_DOMAIN est nouveau" for domain_tail in $WATCHED_DOMAINS ; do MESSAGE -d "$LINENO recherche du domaine $FULL_DOMAIN dans les domaines surveilles *$domain_tail" case "$FULL_DOMAIN" in *$domain_tail) domain_is_watched="yes" MESSAGE -d "$LINENO le domaine $FULL_DOMAIN est un domaine surveille" for domain_denied in $DENIED_DOMAINS ; do MESSAGE -d "$LINENO recherche du domaine $FULL_DOMAIN dans les domaines interdits *$domain_denied" case "$FULL_DOMAIN" in *$domain_denied) MESSAGE -vv "$LINENO full domain $FULL_DOMAIN est dans les denied domains" MESSAGE -n "D" domain_is_denied="yes" break ;; esac done break ;; esac done ;; esac ;; esac MESSAGE -d "$LINENO profil de $FULL_DOMAIN ip_is_denied.domain_is_known.domain_is_watched.domain_is_denied: $ip_is_denied.$domain_is_known.$domain_is_watched.$domain_is_denied" case "$ip_is_denied.$domain_is_known.$domain_is_watched.$domain_is_denied" in no.no.yes.no) MESSAGE -r MESSAGE -v "$LINENO|from ip $ORIGIN_IP|domaine $FULL_DOMAIN" MESSAGE -v "$LINENO| line of log : `echo \"$LIGNES_LOG\" | grep -m1 \"^$LIGNE\"`" DEJAVU="$DEJAVU"":$FULL_DOMAIN:" echo "$DEJAVU" > $AUTO_SERVICE_DEJAVU case "$FULL_DOMAIN" in etiny*) DOMAIN=`echo "$FULL_DOMAIN" | cut -d. -f2` ;; *) DOMAIN=`echo "$FULL_DOMAIN" | cut -d. -f1` ;; esac if [ -d "$PROXY_PARAMETERS" ] ; then PROXY_PARAMETERS=`ls $PROXY_PARAMETERS/*.conf | xargs` fi CONTRACT=`cat $PROXY_PARAMETERS | grep -v "^#" | grep -i -A 22 " $FULL_DOMAIN"` #nblignescontract=`echo -n "$CONTRACT" | wc -l` #MESSAGE -v "$LINENO recherche domaine : $FULL_DOMAIN dans $PROXY_PARAMETERS : trouve $nblignescontract lignes" if [ -z "$CONTRACT" ] ; then MESSAGE -v "$LINENO|from ip $ORIGIN_IP|ERROR pas de contrat pour $FULL_DOMAIN in $PROXY_PARAMETERS" MAIL_TEXT=`tail -n 20 $AUTO_SERVICE_LOG | grep -A 20 "from ip $ORIGIN_IP|domaine $FULL_DOMAIN"` echo "$MAIL_TEXT" >> $AUTO_SERVICE_REPORT ALERT $AUTO_SERVICE_REPORT MAIL content:$AUTO_SERVICE_REPORT to:$ADMIN_MAIL subject:"[root-$MACHINE]$ALERT_LEVEL|$ME|$ORIGIN_IP: Pas de contrat pour $FULL_DOMAIN - spooled" rm -f $AUTO_SERVICE_REPORT else MESSAGE -d "$LINENO $CONTRACT" | head -n 1 PROXY_LINE=`echo "$CONTRACT" | grep -m 1 "ProxyPass / http://"` if [ -z "$PROXY_LINE" ] ; then MESSAGE -v "$LINENO|from ip $ORIGIN_IP|ERROR pas de chemin proxy pour `echo "$CONTRACT" | head -n 1`" MAIL_TEXT=`tail -n 20 $AUTO_SERVICE_LOG | grep -A 20 "from ip $ORIGIN_IP|domaine $FULL_DOMAIN"` echo "$MAIL_TEXT" >> $AUTO_SERVICE_REPORT ALERT $AUTO_SERVICE_REPORT MAIL content:$AUTO_SERVICE_REPORT to:$ADMIN_MAIL subject:"[root-$MACHINE]$ALERT_LEVEL|$ME|$ORIGIN_IP: Pas de chemin proxy - spooled" rm -f $AUTO_SERVICE_REPORT else MESSAGE -d "$LINENO parametrage proxy : $PROXY_LINE" SUBNET=`echo "$PROXY_LINE" | cut -d: -f2 | cut -d. -f3` VS_NODE=`echo "$PROXY_LINE" | cut -d: -f2 | cut -d. -f4` VS_ID=`expr $SUBNET \* 100 \+ $VS_NODE` ET_PORT=`echo "$PROXY_LINE" | cut -d: -f3` case "$VS_ID" in 40) VS_ID="140" ;; esac case "$VS_ID" in [1-2][0-9][0-9]|[1-2][0-9][0-9][0-9]) case "$ET_PORT" in [1-6][0-9][0-9][0-9][0-9]/|8[0-9][0-9][0-9]/) case "$ET_PORT" in 8*) ET_PORT=`echo "$ET_PORT" | cut -b-4` ;; *) ET_PORT=`echo "$ET_PORT" | cut -b-5` ;; esac if [ ! -e "/var/lib/vz/private/$VS_ID" ] ; then MESSAGE -v "$LINENO|WARNG from ip $ORIGIN_IP|aucun vserver identifie $VS_ID" #MAIL_TEXT=`tail -n 20 $AUTO_SERVICE_LOG | grep -A 20 "from ip $ORIGIN_IP|domaine $FULL_DOMAIN"` #ALERT #echo "$MAIL_TEXT" | mail -s "[root-$MACHINE]$ALERT_LEVEL|$ME|$ORIGIN_IP: Le vserver $VS_ID n'est pas disponible" $ADMIN_MAIL else ET_SERVICE=`cat /var/lib/vz/private/$VS_ID/home/sisalpuser/xoe.conf/xoe.services.conf | grep -v "^#" | grep "service:\|web:\|ports:" | grep -m 1 "$ET_PORT" | cut -d: -f2` if [ -z "$ET_SERVICE" ] ; then MESSAGE -v "$LINENO|WARNG from ip $ORIGIN_IP|aucun service repondant au port $ET_PORT declare sur $VS_ID" cat /var/lib/vz/private/$VS_ID/home/sisalpuser/xoe.conf/xoe.services.conf | grep "$ET_PORT" MAIL_TEXT=`tail -n 20 $AUTO_SERVICE_LOG | grep -A 20 "from ip $ORIGIN_IP|domaine $FULL_DOMAIN"` echo "$MAIL_TEXT" >> $AUTO_SERVICE_REPORT ALERT $AUTO_SERVICE_REPORT MAIL content:$AUTO_SERVICE_REPORT to:$ADMIN_MAIL subject:"[root-$MACHINE]$ALERT_LEVEL|$ME|$ET_SERVICE|$ORIGIN_IP: Aucun service repondant au port $ET_PORT declare sur $VS_ID" rm -f $AUTO_SERVICE_REPORT else case "$DEJAVU" in *:$ET_SERVICE:*) MESSAGE -d "$LINENO le service $ET_SERVICE est deja connu" MESSAGE -n ";" ;; *) MESSAGE -vv "$LINENO pour le domaine $DOMAIN un service est declare sur $VS_ID pour repondre au port $ET_PORT - $ET_SERVICE" DEJAVU="$DEJAVU"":$ET_SERVICE:" echo "$DEJAVU" > $AUTO_SERVICE_DEJAVU echo "/usr/local/bin/cloe --vserver -name -noblabla $VS_ID" VS_NAME=`/usr/local/bin/cloe --vserver -name -noblabla $VS_ID` case "$VS_NAME" in Container*) MESSAGE -v "$LINENO|from ip $ORIGIN_IP|vs container $VS_ID not found" ;; *) #---------------------------- EXEC_COMMAND () { case "$1" in -file) SERVICE_COMMAND=`echo "$VS_COMMANDS" | sed s/-SERVICE-/$ET_SERVICE/g` ;; *) SERVICE_COMMAND=`echo "$*" | sed s/-SERVICE-/$ET_SERVICE/g` ;; esac old_IFS=$IFS # sauvegarde du séparateur de champ IFS=$'\n' for service_command in $SERVICE_COMMAND ; do IFS=$old_IFS # rétablissement du séparateur de champ par défaut MESSAGE -v "$LINENO Execution de /usr/local/bin/cloe --command $VS_NAME sisalpuser $service_command" /usr/local/bin/cloe --command $VS_NAME sisalpuser $service_command IFS=$'\n' done #for LIGNE in $LIGNES_LOG ; do IFS=$old_IFS # rétablissement du séparateur de champ par défaut } #---------------------------- EXEC_COMMAND -file EXEC_COMMAND "$VS_OTHER_COMMAND" ;; esac MAIL_TEXT=`tail -n 20 $AUTO_SERVICE_LOG | grep -A 20 "from ip $ORIGIN_IP|domaine $FULL_DOMAIN"` echo "$MAIL_TEXT" >> $AUTO_SERVICE_REPORT ALERT $AUTO_SERVICE_REPORT #echo "$MAIL_TEXT" | mail -s "[root-$MACHINE]$ALERT_LEVEL $ET_SERVICE|$VS_NAME|$ORIGIN_IP: Start an openerp service" $ADMIN_MAIL echo "===========================[root-$MACHINE]$ET_SERVICE/$VS_NAME/$ORIGIN_IP: Service is started by $0" >> $WATCHED_LOG ;; esac fi fi ;; *) MESSAGE -v "$LINENO|from ip $ORIGIN_IP|pas de port xxxx trouve : $ET_PORT" ;; esac ;; *) MESSAGE -v "$LINENO|from ip $ORIGIN_IP|pas de virtual server 1xx ou 2xx trouve : $VS_ID subnet $SUBNET node $VS_NODE" ;; esac fi fi ;; esac #case "$ip_is_denied.$domain_is_known.$domain_is_watched.$domain_is_denied" in DONE_LINE ; done ; DONE #for LIGNE in $LIGNES_LOG ; do # rétablissement du séparateur de champ par défaut fi done ;; #------------------------------------------------------------------------- --loop) echo "$$" > $AUTO_SERVICE_PID echo ":" > $AUTO_SERVICE_DEJAVU case "$1" in x*) XTIMES=`echo "$1" | cut -b2-` MESSAGE -v "$LINENO repeat $XTIMES" shift ;; *) XTIMES="0" ;; esac if [ ! -z "$1" ] ; then ERROR_CODE=" $1 " shift fi if [ ! -z "$1" ] ; then VS_OTHER_COMMAND="$*" fi case "$XTIMES" in 0) MESSAGE -v "$LINENO Start auto_service infinite loop" while true ; do $0 --check $ERROR_CODE $VS_OTHER_COMMAND sleep $SOMMEIL MESSAGE -n "'" done ;; *) MESSAGE -v "$LINENO Start auto_service loop $XTIMES times" for (( i=1; i<=$XTIMES; i++ )) ; do $0 --check $ERROR_CODE $VS_OTHER_COMMAND sleep $SOMMEIL MESSAGE -n "'" done esac echo "-done" ;; #------------------------------------------------------------------------- --start) if [ ! -z "$1" ] ; then ERROR_CODE=" $1 " shift fi if [ ! -z "$1" ] ; then VS_OTHER_COMMAND="$*" fi $0 --stop MESSAGE -v "$LINENO start auto_service" nohup $0 --loop $ERROR_CODE $VS_OTHER_COMMAND > /dev/null 2>&1 & ;; #------------------------------------------------------------------------- --stop) WORKINGPROCESS=`ps axo pid,cmd` if echo "$WORKINGPROCESS" | grep -q "$0 --loop" then RUNNING_PIDS=`echo "$WORKINGPROCESS" | grep "$0 \-\-loop" | sed s/"^ *"// | cut -d" " -f1 | xargs` for running_loop in $RUNNING_PIDS ; do if ! kill -9 $running_loop ; then MESSAGE -w "$LINENO Failure while stopping auto_service loop process $running_loop" else MESSAGE -v "$LINENO auto_service loop process $running_loop is stopped" fi done fi rm -f $AUTO_SERVICE_PID ;; #------------------------------------------------------------------------- --restart) MESSAGE -r MESSAGE -v "$LINENO restart auto_service loop" $0 --stop sleep 3 $0 --start ;; #------------------------------------------------------------------------------ --update) case `whoami` in root) MESSAGE -v $LINENO $0 $Option Nouvelle version $* cd /usr/local/bin script_source=`basename $0` if [ ! -z "$1" ] ; then download_source="$1" else download_source="$AUTO_SERVICE_SOURCE" fi $0 --version if wget -q $download_source -O $script_source.new_version ; then mv $script_source rescue.$script_source mv $script_source.new_version $script_source chmod 755 $script_source diff rescue.$script_source $script_source $0 --version else echo "could not update $script_source software from $download_source" fi ;; *) echo "you must be root or sudo to succeed with $Option option" ;; esac exit 0 ;; #------------------------------------------------------------------------- *) MESSAGE -v "$LINENO $COMMAND n'est pas supportee" echo "$LINENO $COMMAND n'est pas supportee" ;; esac exit 0