efelon/shell_sequencer
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Initial snmp management seq

Browse Source 
Two extends included (raspberry, osupdate)
This commit is contained in:
Martin Winkler
2019-11-10 11:48:10 +01:00
parent e8b475d9f7
commit dddc133ad4
2 changed files with 207 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

146
seqs/snmp.sh Executable file
View File

@@ -0,0 +1,146 @@
#!/bin/bash
seqDir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >>/dev/null 2>&1 && pwd )"
toolName="snmpd"
toolConfigLoc="/etc/snmp"
toolConfig="${toolConfigLoc}/snmpd.conf"
step_1_info() { echo "Install packages for $toolName"; }
step_1_alias() { ALIAS="install"; }
step_1() {
exe apt update
if [ $QUIET != 0 ]; then
exe apt-get -qq install $toolName
else
exe apt install $toolName
fi
saveReturn $?
endReturn
}
step_2_info() { echo "Setup snmp v3 access"; }
step_2() {
#
## Create authentication entry
exep "cat \"$v3AuthLoc\" | grep -e '^\s*usmUser'"
if [ "$?" == "0" ]; then
echo
read -p "User entry found. Continue: y/n(default)? " answer
case $answer in
[yY])
echo
echo Continuing installation...
;;
*)
echo
echo Installation aborted
return 1;
;;
esac
fi
read -p "SNMPv3 Username: " v3User
read -s -p "SNMPv3 Password: " v3Pass
echo
exe service snmpd stop
# this line will be replaced on start of snmpd with a line starting with:
# usmUser
v3AuthEntry="createUser ${v3User} SHA \"${v3Pass}\" DES"
addConf -a "$v3AuthEntry" "$v3AuthLoc"
#
## Add custom base configuration
addConf -c "" "${toolConfig}"
exe cp "${seqDir}/snmpd.conf" "${toolConfig}"
#
## Add username as rouser
exe sed -i "s/authOnlyUser/${v3User}/" "$toolConfig"
#
## Write syslocation
read -p "sysLocation: " v3Location
read -p "sysContact (name <webmaster@example.com>): " v3Contact
exe sed -i "s/\(sysLocation\s*\).*/\1${v3Location}/" "$toolConfig"
exe sed -i "s/\(sysContact\s*\).*/\1${v3Contact}/" "$toolConfig"
}
v3AuthLoc="/var/lib/snmp/snmpd.conf"
step_20_info() { echo "Extend $toolName for Raspberry Pi"; }
step_20_alias() { ALIAS="raspberry"; }
step_20() {
checkExtend raspberry
if [ "$?" != "0" ]; then
return 1
fi
exe wget https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/raspberry.sh -O "${rpiExtendLoc}"
saveReturn $?
endReturn
exe chmod +x "$rpiExtendLoc"
addConf -a "extend raspberry /etc/snmp/raspberry.sh" "$toolConfig"
addConf -c "$rpiSudoersContent" "$rpiSudoersLoc"
exe service snmpd restart
}
rpiExtendLoc="${toolConfigLoc}/raspberry.sh"
rpiSudoersLoc="/etc/sudoers.d/snmprpi"
rpiSudoersContent="\
Debian-snmp ALL=(ALL) NOPASSWD: /etc/snmp/raspberry.sh, /usr/bin/vcgencmd*"
step_22_info() { echo "Extend $toolName with OS update availablity"; }
step_22_alias() { ALIAS="osupdate"; }
step_22() {
checkExtend osupdate
if [ "$?" != "0" ]; then
return 1
fi
exe wget https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/osupdate -O "${osUpdateExtendLoc}"
exe chmod +x "$osUpdateExtendLoc"
addConf -a "extend osupdate $osUpdateExtendLoc" "$toolConfig"
exe service snmpd restart
}
osUpdateExtendLoc="${toolConfigLoc}/osupdate"
step_23_info() { echo "Create cron job for periodical (every 8 hours) apt-get update"; }
step_23() {
addConf -s "$osUpdateCronContent" "$osUpdateCron"
}
osUpdateCron="/etc/cron.d/aptUpdate"
osUpdateCronContent="22 */6 * * * root /usr/bin/apt-get -qq update"
#fail2ban
#exe wget https://github.com/librenms/librenms-agent/raw/master/snmp/fail2ban -O "${toolConfig}/fail2ban"
# nginx
#exe wget https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/nginx -O "${toolConfig}/nginx"
# php-fpm
#exe wget https://github.com/librenms/librenms-agent/raw/master/snmp/phpfpmsp -O "${toolConfig}/phpfpmsp"
checkExtend() {
exep "cat \"$toolConfig\" | grep -e '^\s*extend\s\+${1}' >>/dev/null 2>&1"
# Only warn if entry exists and dry-run is not seleted
if [ "$?" == "0" ] && [ "$DRY" == "0" ] ; then
echo "[WARN] Extend for ${1} exists"
return 1
fi
# adding dry run output for clarification
if [ "$DRY" != "0" ] ; then
echo "-- check if \"extend ${1}\" exists..dry-run"
fi
return 0
}
VERSION_SEQREV=5
. sequencer.sh

61
seqs/snmpd.conf Normal file
View File

@@ -0,0 +1,61 @@
# AGENT BEHAVIOUR
agentAddress udp:161,udp6:[::1]:161
# system + hrSystem groups only
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
# Full access from the local host
#rocommunity public localhost
# Default access to basic system info
rocommunity public default -V systemonly
# rocommunity6 is for IPv6
rocommunity6 public default -V systemonly
# Full read-only access for SNMPv3
rouser authOnlyUser
# SYSTEM INFORMATION
sysLocation Sitting on the Dock of the Bay
sysContact Me <me@example.org>
# Application + End-to-End layers
sysServices 72
# Process Monitoring
# At least one 'mountd' process
proc mountd
# No more than 4 'ntalkd' processes - 0 is OK
proc ntalkd 4
# At least one 'sendmail' process, but no more than 10
proc sendmail 10 1
# Disk Monitoring
# 10MBs required on root disk, 5% free on /var, 10% free on all other disks
disk / 10000
disk /var 5%
includeAllDisks 10%
# System Load
# Unacceptable 1-, 5-, and 15-minute load averages
load 12 10 5
# ACTIVE MONITORING
# send SNMPv1 traps
trapsink localhost public
# Event MIB - automatically generate alerts
# Remember to activate the 'createUser' lines above
iquerySecName internalUser
rouser internalUser
# AgentX Sub-agents
# Run as an AgentX master agent
master agentx
#If the snmpd was compiled with TCP Wrapper support, it logs every connection made to the agent. This setting disables the
#log messages for accepted connections. Denied connections will still be logged.
dontLogTCPWrappersConnects true
# EXTENDING THE AGENT