#!/bin/bash seqDir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >>/dev/null 2>&1 && pwd )" toolName="snmpd" toolConfigLoc="/etc/snmp" toolConfig="${toolConfigLoc}/snmpd.conf" step_1_info() { echo "Install packages for $toolName"; } step_1_alias() { ALIAS="install"; } step_1() { exe apt update if [ $QUIET != 0 ]; then exe apt-get -qq install $toolName else exe apt install $toolName fi endReturn -o $? "$toolName installation failed" } step_2_info() { echo "Setup snmp v3 access"; } step_2() { # ## Create authentication entry exep "cat \"$v3AuthLoc\" | grep -e '^\s*usmUser'" if [ "$?" == "0" ]; then echo exe read -p "User entry found. Continue: y/n(default)? " answer case $answer in [yY]) echo echo Continuing installation... ;; *) echo echo Installation aborted return 1; ;; esac fi read -p "SNMPv3 Username: " v3User read -s -p "SNMPv3 Password: " v3Pass echo exe service snmpd stop # this line will be replaced on start of snmpd with a line starting with: # usmUser v3AuthEntry="createUser ${v3User} SHA \"${v3Pass}\" DES" addConf -a "$v3AuthEntry" "$v3AuthLoc" # ## Add custom base configuration addConf -c "" "${toolConfig}" exe cp "${seqDir}/snmpd.conf" "${toolConfig}" # ## Add username as rouser exe sed -i "s/authOnlyUser/${v3User}/" "$toolConfig" # ## Write syslocation exe read -p "sysLocation: " v3Location exe read -p "sysContact (name ): " v3Contact exe sed -i "s/\(sysLocation\s*\).*/\1${v3Location}/" "$toolConfig" exe sed -i "s/\(sysContact\s*\).*/\1${v3Contact}/" "$toolConfig" exe service snmpd start } v3AuthLoc="/var/lib/snmp/snmpd.conf" step_20_info() { echo "Extend $toolName for Raspberry Pi"; } step_20_alias() { ALIAS="raspberry"; } step_20() { checkExtend raspberry if [ "$?" != "0" ]; then return 1 fi exe wget https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/raspberry.sh -O "${rpiExtendLoc}" endReturn -o $? "Download failed" exe chmod +x "$rpiExtendLoc" addConf -a "extend raspberry /etc/snmp/raspberry.sh" "$toolConfig" addConf -c "$rpiSudoersContent" "$rpiSudoersLoc" exe service snmpd restart } rpiExtendLoc="${toolConfigLoc}/raspberry.sh" rpiSudoersLoc="/etc/sudoers.d/snmprpi" rpiSudoersContent=" Debian-snmp ALL=(ALL) NOPASSWD: /etc/snmp/raspberry.sh, /usr/bin/vcgencmd*" step_22_info() { echo "Extend $toolName with OS update availablity"; } step_22_alias() { ALIAS="osupdate"; } step_22() { checkExtend osupdate if [ "$?" != "0" ]; then return 1 fi exe wget https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/osupdate -O "${osUpdateExtendLoc}" endReturn -o $? "Download failed" exe chmod +x "$osUpdateExtendLoc" addConf -a "extend osupdate $osUpdateExtendLoc" "$toolConfig" exe service snmpd restart } osUpdateExtendLoc="${toolConfigLoc}/osupdate" step_23_info() { echo "Create cron job for periodical (every 8 hours) apt-get update"; } step_23() { addConf -s "$osUpdateCronContent" "$osUpdateCron" } osUpdateCron="/etc/cron.d/aptUpdate" osUpdateCronContent="22 */6 * * * root /usr/bin/apt-get -qq update" step_25_info() { echo "Prepare nginx to provide php-fpm status to $toolName"; } step_25_alias() { ALIAS="phpfpm"; } step_25() { echo -e "\n [!] Please add the following to your default server:\n" echo "$phpFpmStatusNginx" echo if [ $QUIET -ne 0 ] ; then answer=n else exe read -p "Open new shell to configure y/[n]? " answer fi case $answer in [yY]) echo " [I] Opening interactive shell. Type \"exit\" to return to this script." exe bash -i echo " [I] Interactive shell ended. Continuing with $0." exe nginx -t endReturn -o $? "Nginx configuration error" exe service nginx restart ;; *) ;; esac } phpVersionStr="$(php -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')" phpFpmStatusNginx="# Provide php-fpm status location ~ ^/(status|ping)\$ { access_log off; allow 127.0.0.1; allow ::1; deny all; include fastcgi_params; fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; #fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/var/run/php/php${phpVersionStr}-fpm.sock; }" step_26_info() { echo "Prepare php config for php-fpm status"; } step_26_alias() { ALIAS="phpfpm_config"; } step_26() { exe sed -i "s/^;\(pm\.status_path\)/\1/" "$phpPoolConfigLoc" exe php-fpm${phpVersionStr} -t endReturn -o $? "Invalid php configuration" service php${phpVersionStr}-fpm restart } phpConfigDir="/etc/php/${phpVersionStr}" phpPoolConfigLoc="${phpConfigDir}/fpm/pool.d/www.conf" step_27_info() { echo "Extend $toolName with parsing of php-fpm status"; } step_27_alias() { ALIAS="phpfpm_extend"; } step_27() { checkExtend phpfpmsp if [ "$?" != "0" ]; then return 1 fi exe wget https://github.com/librenms/librenms-agent/raw/master/snmp/phpfpmsp -O "${phpfpmExtendLoc}" endReturn -o $? "Download failed" exe chmod +x "$phpfpmExtendLoc" addConf -a "extend phpfpmsp ${phpfpmExtendLoc}" "$toolConfig" exe service snmpd restart } phpfpmExtendLoc="${toolConfigLoc}/phpfpmsp" step_29_info() { echo "Prepare nginx to provide status to $toolName"; } step_29_alias() { ALIAS="nginx"; } step_29() { echo -e "\n [!] Please add the following to your default server:\n" echo "$nginxStatus" echo if [ $QUIET -ne 0 ] ; then answer=n else exe read -p "Open new shell to configure y/[n]? " answer fi case $answer in [yY]) echo " [I] Opening interactive shell. Type \"exit\" to return to this script." exe bash -i echo " [I] Interactive shell ended. Continuing with $0." exe nginx -t endReturn -o $? "Nginx configuration error" exe service nginx restart ;; *) ;; esac } nginxStatus="# Provide nginx status location /nginx-status { stub_status on; access_log off; allow 127.0.0.1; allow ::1; deny all; } " step_30_info() { echo "Extend $toolName with parsing of nginx status"; } step_30_alias() { ALIAS="nginx_extend"; } step_30() { checkExtend nginx if [ "$?" != "0" ]; then return 1 fi exe wget https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/nginx -O "${nginxExtendLoc}" endReturn -o $? "Download failed" exe chmod +x "$nginxExtendLoc" addConf -a "extend nginx ${nginxExtendLoc}" "$toolConfig" exe service snmpd restart } nginxExtendLoc="${toolConfigLoc}/nginx" #fail2ban #exe wget https://github.com/librenms/librenms-agent/raw/master/snmp/fail2ban -O "${toolConfig}/fail2ban" checkExtend() { # adding dry run output for clarification if [ "$DRY" != "0" ] ; then echo " [I] check if \"extend ${1}\" exists..dry-run" fi exep "cat \"$toolConfig\" | grep -e '^\s*extend\s\+${1}' >>/dev/null 2>&1" # Only warn if entry exists and dry-run is not seleted if [ "$?" == "0" ] && [ "$DRY" == "0" ] ; then echoerr " [W] Extend for ${1} exists" return 1 fi return 0 } VERSION_SEQREV=8 . sequencer.sh