583 lines
		
	
	
		
			16 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			583 lines
		
	
	
		
			16 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
| #!/bin/bash
 | |
| 
 | |
| seqDir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >>/dev/null 2>&1 && pwd )"
 | |
| toolName="snmpd"
 | |
| toolConfigLoc="/etc/snmp"
 | |
| toolConfig="${toolConfigLoc}/snmpd.conf"
 | |
| toolSysUser="Debian-snmp"
 | |
| 
 | |
| seq_config() {
 | |
|   ## Apt cmdline option to suppress user interaction
 | |
|   quiet && APTOPT="-y"
 | |
| 
 | |
|   ## Return of non zero value will abort the sequence
 | |
|   return 0
 | |
| }
 | |
| 
 | |
| 
 | |
| step_1_info() { echo "Install packages for $toolName"; }
 | |
| step_1_alias() { echo "install"; }
 | |
| step_1() {
 | |
|   exe apt update
 | |
|   if quiet; then
 | |
|     exe apt-get -qq install $toolName
 | |
|   else
 | |
|     exe apt install $toolName
 | |
|   fi
 | |
|   endReturn -o $? "$toolName installation failed"
 | |
| }
 | |
| 
 | |
| step_2_info() { 
 | |
|   echoinfoArgs "[-s]"
 | |
|   echo "Setup snmp v3 access"
 | |
|   echoinfo "  -s : Stop after creating authentication entry"
 | |
| }
 | |
| step_2_alias() { echo "v3access"; }
 | |
| step_2() {
 | |
|   #
 | |
|   ## Create authentication entry
 | |
|   exep "cat \"$v3AuthLoc\" | grep -e '^\s*usmUser'"
 | |
|   if [ "$?" == "0" ]; then
 | |
|     info
 | |
| 
 | |
|     exe read -p "User entry found. Continue: y/n(default)? " answer
 | |
|     case $answer in
 | |
|       [yY])
 | |
|         info
 | |
|         info "Continuing installation..."
 | |
|         ;;
 | |
|       *)
 | |
|         info
 | |
|         info "Installation aborted"
 | |
|         return 1; 
 | |
|         ;;
 | |
|     esac 
 | |
|   fi
 | |
| 
 | |
|   read -p "SNMPv3 Username: " v3User
 | |
|   read -p "SNMPv3 Password: " v3Pass
 | |
|   info
 | |
|   read -p "Repeat Password: " v3Pass2
 | |
| 
 | |
|   if [ "$v3Pass" != "$v3Pass2" ] ; then
 | |
|     error -e "Password mismatch"
 | |
|     return 1
 | |
|   fi
 | |
|   info
 | |
| 
 | |
|   exe service snmpd stop
 | |
| 
 | |
|   # this line will be replaced on start of snmpd with a line starting with:
 | |
|   # usmUser
 | |
|   v3AuthEntry="createUser ${v3User} SHA \"${v3Pass}\" DES" 
 | |
|   addConf -a "$v3AuthEntry" "$v3AuthLoc"
 | |
| 
 | |
|   shift
 | |
|   if [ -n "${1:-}" ] && [ "$1" == "-s" ] ; then
 | |
|     info "Stop after creating authentication config"
 | |
|     exe service snmpd start
 | |
|     return 0
 | |
|   fi
 | |
| 
 | |
|   #
 | |
|   ## Add custom base configuration
 | |
|   addConf -c "" "${toolConfig}"
 | |
|   exe cp "${seqDir}/snmpd.conf" "${toolConfig}"
 | |
| 
 | |
|   #
 | |
|   ## Add username as rouser
 | |
|   exe sed -i "s/authOnlyUser/${v3User}/" "$toolConfig"
 | |
| 
 | |
|   #
 | |
|   ## Write syslocation
 | |
|   exe read -p "sysLocation: " v3Location
 | |
|   exe read -p "sysContact (name <webmaster@example.com>): " v3Contact
 | |
| 
 | |
|   exe sed -i "s/\(sysLocation\s*\).*/\1${v3Location}/" "$toolConfig"
 | |
|   exe sed -i "s/\(sysContact\s*\).*/\1${v3Contact}/" "$toolConfig"
 | |
| 
 | |
|   exe service snmpd start
 | |
| }
 | |
| v3AuthLoc="/var/lib/snmp/snmpd.conf"
 | |
| 
 | |
| step_5_info() {
 | |
|   echoinfoArgs "[INTERFACE]"
 | |
|   echo "Add ufw rules for port 161 udp"
 | |
|   echoinfo "  [INTERFACE] (default: eth0)"
 | |
| }
 | |
| step_5_alias() { echo "ufw"; }
 | |
| step_5() {
 | |
|   shift
 | |
|   local lInterface="eth0"
 | |
|   [ -n "${1:-}" ] && lInterface="$1"
 | |
|   # Check if interface exists
 | |
|   ip -br a | grep -E "^$lInterface" >>/dev/null 2>&1
 | |
|   endReturn -o $? "Interface $lInterface does not exist"
 | |
| 
 | |
|   exe ufw allow in on $lInterface to any port 161 proto udp comment "snmp"
 | |
| }
 | |
| 
 | |
| step_20_info() { echo "Extend $toolName for Raspberry Pi"; }
 | |
| step_20_alias() { echo "raspberry"; }
 | |
| step_20() {
 | |
|   checkExtend raspberry
 | |
|   if [ "$?" != "0" ]; then
 | |
|     return 1
 | |
|   fi
 | |
| 
 | |
|   exe wget https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/raspberry.sh -O "${rpiExtendLoc}"
 | |
|   endReturn -o $? "Download failed"
 | |
|   exe chmod +x "$rpiExtendLoc"
 | |
| 
 | |
|   addConf -a "extend raspberry /etc/snmp/raspberry.sh" "$toolConfig"
 | |
| 
 | |
|   # VCHI initialization failed fix
 | |
|   exe usermod -aG video ${toolSysUser}
 | |
| 
 | |
|   addConf -s "$rpiSudoersContent" "$rpiSudoersLoc"
 | |
| 
 | |
|   exe service snmpd restart
 | |
| }
 | |
| rpiExtendLoc="${toolConfigLoc}/raspberry.sh"
 | |
| rpiSudoersLoc="/etc/sudoers.d/snmprpi"
 | |
| rpiSudoersContent="${toolSysUser} ALL=(ALL) NOPASSWD: /etc/snmp/raspberry.sh, /usr/bin/vcgencmd*"
 | |
| 
 | |
| step_22_info() { echo "Extend $toolName with OS update availablity"; }
 | |
| step_22_alias() { echo "osupdate"; }
 | |
| step_22() {
 | |
|   checkExtend osupdate 
 | |
|   if [ "$?" != "0" ]; then
 | |
|     return 1
 | |
|   fi
 | |
| 
 | |
|   exe wget https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/osupdate -O "${osUpdateExtendLoc}"
 | |
|   endReturn -o $? "Download failed"
 | |
|   exe chmod +x "$osUpdateExtendLoc"
 | |
|   addConf -a "extend osupdate $osUpdateExtendLoc" "$toolConfig"
 | |
| 
 | |
|   exe service snmpd restart
 | |
| }
 | |
| osUpdateExtendLoc="${toolConfigLoc}/osupdate"
 | |
| 
 | |
| step_23_info() { echo "Create cron job for periodical (every 8 hours) apt-get update"; }
 | |
| step_23() {
 | |
|   addConf -s "$osUpdateCronContent" "$osUpdateCron"
 | |
| }
 | |
| osUpdateCron="/etc/cron.d/aptUpdate"
 | |
| osUpdateCronContent="22 */6 * * * root /usr/bin/apt-get -qq update"
 | |
| 
 | |
| step_25_info() { echo "Prepare nginx to provide php-fpm status to $toolName"; }
 | |
| step_25_alias() { echo "phpfpm"; }
 | |
| step_25() {
 | |
|   echo -e "\n [!] Please add the following to your default server:\n"
 | |
|   echo "$phpFpmStatusNginx"
 | |
|   echo
 | |
|   if quiet ; then
 | |
|     answer=n
 | |
|   else
 | |
|     exe read -p "Open new shell to configure y/[n]? " answer
 | |
|   fi
 | |
|   case $answer in
 | |
|     [yY])
 | |
|       info "Opening interactive shell. Type \"exit\" to return to this script."
 | |
|       exe bash -i
 | |
|       info "Interactive shell ended. Continuing with $0."
 | |
|       exe nginx -t
 | |
|       endReturn -o $? "Nginx configuration error"
 | |
| 
 | |
|       exe service nginx restart
 | |
|       ;;
 | |
|     *)
 | |
|       ;;
 | |
|   esac
 | |
| }
 | |
| # TODO error when no php is installed
 | |
| phpVersionStr="$(command -v php >>/dev/null && php -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')"
 | |
| phpFpmStatusNginx="# Provide php-fpm status
 | |
| location ~ ^/(status|ping)\$ {
 | |
| access_log off;
 | |
| allow 127.0.0.1;
 | |
| allow ::1;
 | |
| deny all;
 | |
| include fastcgi_params;
 | |
| fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
 | |
| #fastcgi_pass 127.0.0.1:9000;
 | |
| fastcgi_pass   unix:/var/run/php/php${phpVersionStr}-fpm.sock;
 | |
| }"
 | |
| 
 | |
| step_26_info() { echo "Prepare php config for php-fpm status"; }
 | |
| step_26_alias() { echo "phpfpm_config"; }
 | |
| step_26() {
 | |
|   exe sed -i "s/^;\(pm\.status_path\)/\1/" "$phpPoolConfigLoc"
 | |
|   exe php-fpm${phpVersionStr} -t
 | |
|   endReturn -o $? "Invalid php configuration"
 | |
| 
 | |
|   service php${phpVersionStr}-fpm restart
 | |
| }
 | |
| phpConfigDir="/etc/php/${phpVersionStr}"
 | |
| phpPoolConfigLoc="${phpConfigDir}/fpm/pool.d/www.conf"
 | |
| 
 | |
| step_27_info() { echo "Extend $toolName with parsing of php-fpm status"; }
 | |
| step_27_alias() { echo "phpfpm_extend"; }
 | |
| step_27() {
 | |
|   checkExtend phpfpmsp
 | |
|   if [ "$?" != "0" ]; then
 | |
|     return 1
 | |
|   fi
 | |
| 
 | |
|   exe wget https://github.com/librenms/librenms-agent/raw/master/snmp/phpfpmsp -O "${phpfpmExtendLoc}"
 | |
|   endReturn -o $? "Download failed"
 | |
|   exe chmod +x "$phpfpmExtendLoc"
 | |
| 
 | |
|   addConf -a "extend phpfpmsp ${phpfpmExtendLoc}" "$toolConfig"
 | |
| 
 | |
|   exe service snmpd restart
 | |
| }
 | |
| phpfpmExtendLoc="${toolConfigLoc}/phpfpmsp"
 | |
| 
 | |
| step_29_info() { echo "Prepare nginx to provide status to $toolName"; }
 | |
| step_29_alias() { echo "nginx"; }
 | |
| step_29() {
 | |
|   info -e "\n [!] Please add the following to your default server:\n"
 | |
|   info "$nginxStatus"
 | |
|   info
 | |
|   if quiet ; then
 | |
|     answer=n
 | |
|   else
 | |
|     exe read -p "Open new shell to configure y/[n]? " answer
 | |
|   fi
 | |
|   case $answer in
 | |
|     [yY])
 | |
|       info "Opening interactive shell. Type \"exit\" to return to this script."
 | |
|       exe bash -i
 | |
|       info "Interactive shell ended. Continuing with $0."
 | |
|       exe nginx -t
 | |
|       endReturn -o $? "Nginx configuration error"
 | |
| 
 | |
|       exe service nginx restart
 | |
|       ;;
 | |
|     *)
 | |
|       ;;
 | |
|   esac
 | |
| }
 | |
| nginxStatus="# Provide nginx status
 | |
| location /nginx-status {
 | |
| stub_status on;
 | |
| access_log   off;
 | |
| allow 127.0.0.1;
 | |
| allow ::1;
 | |
| deny all;
 | |
| }
 | |
| "
 | |
| step_30_info() { echo "Extend $toolName with parsing of nginx status"; }
 | |
| step_30_alias() { echo "nginx_extend"; }
 | |
| step_30() {
 | |
|   checkExtend nginx
 | |
|   if [ "$?" != "0" ]; then
 | |
|     return 1
 | |
|   fi
 | |
| 
 | |
|   exe wget https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/nginx -O "${nginxExtendLoc}"
 | |
|   endReturn -o $? "Download failed"
 | |
|   exe chmod +x "$nginxExtendLoc"
 | |
| 
 | |
|   addConf -a "extend nginx ${nginxExtendLoc}" "$toolConfig"
 | |
| 
 | |
|   exe service snmpd restart
 | |
| }
 | |
| nginxExtendLoc="${toolConfigLoc}/nginx"
 | |
| 
 | |
| # postfix
 | |
| step_32_info() { echo "Extend for postfix detailed and queue"; }
 | |
| step_32_alias() { echo "postfix"; }
 | |
| step_32() {
 | |
|   local aptOpt=
 | |
|   if quiet;then
 | |
|     aptOpt="-y"
 | |
|   fi
 | |
| 
 | |
|   exe wget https://github.com/librenms/librenms-agent/raw/master/snmp/postfix-queues -O "${postfixQueuesExtendLoc}"
 | |
|   endReturn -o $? "Download postfix-queues failed"
 | |
|   exe wget https://github.com/librenms/librenms-agent/raw/master/snmp/postfixdetailed -O "${postfixScript}"
 | |
|   endReturn -o $? "Download postfixdetailed failed"
 | |
| 
 | |
|   exe chmod +x "${postfixQueuesExtendLoc}"
 | |
|   exe chmod +x "${postfixScript}"
 | |
| 
 | |
|   exe apt install $postfixDeps $aptOpt
 | |
| }
 | |
| postfixDeps="pflogsumm"
 | |
| 
 | |
| step_33_info() { echo "Prepare cache folder for postfixdetailed"; }
 | |
| step_33() {
 | |
|   exe touch "$postfixCacheLoc"
 | |
|   exe chown root:$toolSysUser "$postfixCacheLoc"
 | |
|   exe chmod 770 "$postfixCacheLoc"
 | |
| 
 | |
|   info "Create symlink /var/log/maillog which is used by postfixdetailed"
 | |
|   exe ln -fs /var/log/mail.log /var/log/maillog
 | |
| 
 | |
|   info "Run /etc/snmp/postfixdetailed to create the initial cache file"
 | |
|   info "     so you don't end up with some crazy initial starting value."
 | |
|   exe sudo -u $toolSysUser "$postfixScript"
 | |
| }
 | |
| postfixCacheLoc="/var/cache/postfixdetailed"
 | |
| postfixScript="${toolConfigLoc}/postfixdetailed"
 | |
| postfixQueuesExtendLoc="${toolConfigLoc}/postfix-queues"
 | |
| 
 | |
| step_34_info() { echo "Create sudoers file for postfix scripts"; }
 | |
| step_34() {
 | |
|   addConf -s "$postfixSudoersContent" "$postfixSudoersLoc"
 | |
|   info "Changing ${postfixQueuesExtendLoc} to add sudo for qshape"
 | |
|   exe sed -i -E "s/\`qshape/\`sudo qshape/" "${postfixQueuesExtendLoc}"
 | |
|   warning "Reboot may be required to make these changes active"
 | |
| }
 | |
| postfixSudoersLoc="/etc/sudoers.d/snmppostfix"
 | |
| postfixSudoersContent="${toolSysUser} ALL=(ALL) NOPASSWD: /usr/sbin/qshape"
 | |
| 
 | |
| step_35_info() { echo "Create postfix extends (postfixdetailed and postfix-queues)"; }
 | |
| step_35() {
 | |
|   checkExtend postfix-queues
 | |
|   if [ $? -eq 0 ]; then
 | |
|     info "Create postfix-queues extend"
 | |
|     addConf -a "extend mailq ${postfixQueuesExtendLoc}" "$toolConfig"
 | |
|   fi
 | |
|   checkExtend postfixdetailed
 | |
|   if [ $? -eq 0 ]; then
 | |
|     info "Create postfixdetailed extend"
 | |
|     addConf -a "extend postfixdetailed ${postfixScript}" "$toolConfig"
 | |
|   fi
 | |
| 
 | |
|   exe service snmpd restart
 | |
| }
 | |
| 
 | |
| #fail2ban
 | |
| step_37_info() { echo "Extend for fail2ban jail information"; }
 | |
| step_37_alias() { echo "fail2ban"; }
 | |
| step_37(){
 | |
|   local aptOpt=
 | |
|   if quiet;then
 | |
|     aptOpt="-y"
 | |
|   fi
 | |
| 
 | |
|   exe wget https://github.com/librenms/librenms-agent/raw/master/snmp/fail2ban -O "${fail2banExtendLoc}"
 | |
|   endReturn -o $? "Download postfix failed"
 | |
| 
 | |
|   exe chmod +x "$fail2banExtendLoc"
 | |
| 
 | |
|   checkExtend fail2ban
 | |
|   if [ $? -eq 0 ]; then
 | |
|     info "Create fail2ban extend"
 | |
|     addConf -a "extend fail2ban ${fail2banExtendLoc} -c" "$toolConfig"
 | |
|   fi
 | |
| 
 | |
|   exe apt install $fail2banDeps $aptOpt
 | |
| }
 | |
| fail2banDeps="libjson-perl"
 | |
| fail2banExtendLoc="${toolConfigLoc}/fail2ban"
 | |
| 
 | |
| step_38_info() { echo "Create cron to update fail2ban cache"; }
 | |
| step_38() {
 | |
|   addConf -s "$fail2banCron" "$fail2banCronLoc"
 | |
| }
 | |
| fail2banCronLoc="/etc/cron.d/fail2banCache"
 | |
| fail2banCron="# Update cache for faster fail2ban polling
 | |
| */3 * * * * root ${fail2banExtendLoc} -u"
 | |
| 
 | |
| step_40_info() { echo "Create linux distribution detection extend (distro)"; }
 | |
| step_40_alias() { echo "distro"; }
 | |
| step_40() {
 | |
|   checkExtend distro
 | |
|   if [ $? -ne 0 ]; then
 | |
|     return 0
 | |
|   fi
 | |
| 
 | |
|   exe wget https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro -O "${distroExtendLoc}"
 | |
|   endReturn -o $? "Download distro detection script failed"
 | |
|   exe chmod +x "$distroExtendLoc"
 | |
| 
 | |
|   info "Create distro extend"
 | |
|   addConf -a "extend distro ${distroExtendLoc}" "$toolConfig"
 | |
| 
 | |
|   exe service snmpd restart
 | |
| }
 | |
| distroExtendLoc="${toolConfigLoc}/distro"
 | |
| 
 | |
| 
 | |
| step_42_info() { 
 | |
|   echo "Gather dhcp information from a dhcpd lease file"
 | |
|   echoinfo "pi-hole lease file not supported"
 | |
| }
 | |
| step_42_alias() { echo "dhcp"; }
 | |
| step_42() {
 | |
|   local locExtName="dhcpstats"
 | |
|   local locExtUrl="https://github.com/librenms/librenms-agent/raw/master/snmp/dhcp.py"
 | |
|   local locExtLoc="${toolConfigLoc}/dhcp.py"
 | |
| 
 | |
|   checkExtend $locExtName
 | |
|   [ $? -ne 0 ] && return 0
 | |
| 
 | |
|   exe apt install dhcpd-pools
 | |
|   endReturn -o $? "Install dhcpd-pools failed"
 | |
| 
 | |
|   exe wget $locExtUrl -O "${locExtLoc}"
 | |
|   endReturn -o $? "Download $locExtName script failed"
 | |
|   exe chmod +x "$locExtLoc"
 | |
| 
 | |
|   info "Create extend for $locExtName"
 | |
|   addConf -a "extend $locExtName ${locExtLoc}" "$toolConfig"
 | |
| 
 | |
|   info "Create config for $locExtName"
 | |
|   addConf -s "$dhcpExtendConfig" "$dhcpExtendConfigLoc"
 | |
| 
 | |
|   echo " [W] Adapt config $dhcpExtendConfigLoc manually and restart snmpd"
 | |
| }
 | |
| dhcpExtendConfigLoc="${toolConfigLoc}/dhcp.json"
 | |
| dhcpExtendConfig="{\"leasefile\": \"/var/lib/dhcp/dhcpd.leases\"
 | |
| }"
 | |
| 
 | |
| step_44_info() { echo "Extend unbound stats"; }
 | |
| step_44_alias() { echo "unbound"; }
 | |
| step_44() {
 | |
|   local locExtName="unbound"
 | |
|   local locExtUrl="https://github.com/librenms/librenms-agent/raw/master/snmp/unbound"
 | |
|   local locExtLoc="${toolConfigLoc}/unbound"
 | |
| 
 | |
|   checkExtend $locExtName
 | |
|   [ $? -ne 0 ] && return 0
 | |
| 
 | |
|   exe wget $locExtUrl -O "${locExtLoc}"
 | |
|   endReturn -o $? "Download $locExtName script failed"
 | |
|   exe chmod +x "$locExtLoc"
 | |
| 
 | |
|   info "Create extend for $locExtName"
 | |
|   addConf -a "extend $locExtName /usr/bin/sudo ${locExtLoc}" "$toolConfig"
 | |
| 
 | |
|   info "Create config for $locExtName"
 | |
|   addConf -s "$unboundExtendConfig" "$unboundExtendConfigLoc"
 | |
| 
 | |
|   exe systemctl restart unbound.service
 | |
|   exe systemctl restart snmpd.service
 | |
| }
 | |
| unboundExtendConfigLoc="/etc/unbound/unbound.conf.d/extended-stats.conf"
 | |
| unboundExtendConfig=$(cat <<UB_EOF
 | |
| # Enable extended statistics
 | |
| server:
 | |
|     extended-statistics: yes
 | |
|     statistics-cumulative: yes
 | |
| 
 | |
| remote-control:
 | |
|     control-enable: yes
 | |
|     control-interface: 127.0.0.1
 | |
| UB_EOF
 | |
| )
 | |
| 
 | |
| step_45_info() { echo "Set sudoers file to execute unbount-control"; }
 | |
| step_45() {
 | |
|   addConf -s "$unboundSudoer" "$unboundSudoerLoc"
 | |
| }
 | |
| unboundSudoerLoc="/etc/sudoers.d/snmpunbound"
 | |
| unboundSudoer="Debian-snmp ALL=(ALL) NOPASSWD: /usr/sbin/unbound-control, ${toolConfigLoc}/unbound"
 | |
| 
 | |
| step_46_info() { echo "Extend pi-hole stats"; }
 | |
| step_46_alias() { echo "pihole"; }
 | |
| step_46() {
 | |
|   local locExtName="pi-hole"
 | |
|   local locExtUrl="https://github.com/librenms/librenms-agent/raw/master/snmp/pi-hole"
 | |
|   local locExtLoc="${toolConfigLoc}/pi-hole"
 | |
| 
 | |
|   checkExtend $locExtName
 | |
|   [ $? -ne 0 ] && return 0
 | |
| 
 | |
|   exe apt install $piHoleDeps $APTOPT
 | |
| 
 | |
|   exe wget $locExtUrl -O "${locExtLoc}"
 | |
|   endReturn -o $? "Download $locExtName script failed"
 | |
|   exe chmod +x "$locExtLoc"
 | |
| 
 | |
|   info "Create extend for $locExtName"
 | |
|   addConf -a "extend $locExtName ${locExtLoc}" "$toolConfig"
 | |
| 
 | |
|   if quiet; then
 | |
|     color red
 | |
|     echo -e " [W] Check the following in the extend script and restart snmpd:\n"
 | |
|   else
 | |
|     echo " [I] Check the follwing in the extend script:"
 | |
|   fi
 | |
|   echo "(API_AUTH_KEY) Add your pi-hole API key"
 | |
|   echo "     (API_URL) and check the API URL"
 | |
|   color
 | |
|   if interactive; then
 | |
|     exe read -p "Hit Enter to continue..."
 | |
|     exe vi "$locExtLoc"
 | |
|     exe systemctl restart snmpd.service
 | |
|   fi
 | |
| }
 | |
| piholeDeps="jq"
 | |
| 
 | |
| step_100_info() { echo "Notes"; }
 | |
| step_100_alias() { echo "notes"; }
 | |
| step_100() {
 | |
|   color green
 | |
|   cat <<NOTES_END
 | |
| # Reduce log level of snmpd
 | |
| 
 | |
| systemctl edit snmpd.service
 | |
| 
 | |
| [Service]
 | |
| ExecStart=
 | |
| ExecStart=/usr/sbin/snmpd -LSwd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux,mteTrigger,mteTriggerConf -f -p /run/snmpd.pid
 | |
| 
 | |
| ## Extract of loggin options from man page
 | |
| 
 | |
| LOGGING OPTIONS
 | |
| The mechanism and destination to use for logging of warning and error messages can be controlled by passing various parameters to the -L flag.
 | |
| 
 | |
| -Le
 | |
|     Log messages to the standard error stream.
 | |
| -Lf FILE
 | |
|     Log messages to the specified file.
 | |
| -Lo
 | |
|     Log messages to the standard output stream.
 | |
| -Ls FACILITY
 | |
|     Log messages via syslog, using the specified facility ('d' for LOG_DAEMON, 'u' for LOG_USER, or '0'-'7' for LOG_LOCAL0 through LOG_LOCAL7).
 | |
| 
 | |
| There are also "upper case" versions of each of these options, which allow the corresponding logging mechanism to be restricted to certain priorities of message. Using standard error logging as an example:
 | |
| 
 | |
| -LE pri
 | |
|     will log messages of priority 'pri' and above to standard error.
 | |
| -LE p1-p2
 | |
|     will log messages with priority between 'p1' and 'p2' (inclusive) to standard error.
 | |
| 
 | |
| For -LF and -LS the priority specification comes before the file or facility token. The priorities recognised are:
 | |
| 
 | |
|     0 or ! for LOG_EMERG,
 | |
|     1 or a for LOG_ALERT,
 | |
|     2 or c for LOG_CRIT,
 | |
|     3 or e for LOG_ERR,
 | |
|     4 or w for LOG_WARNING,
 | |
|     5 or n for LOG_NOTICE,
 | |
|     6 or i for LOG_INFO, and
 | |
|     7 or d for LOG_DEBUG.
 | |
| 
 | |
| NOTES_END
 | |
| }
 | |
| 
 | |
| checkExtend() {
 | |
|   # adding dry run output for clarification
 | |
|   if dry ; then
 | |
|     info "check if \"extend ${1}\" exists..dry-run"
 | |
|   fi
 | |
| 
 | |
|   exep "cat \"$toolConfig\" | grep -e '^\s*extend\s\+${1}' >>/dev/null 2>&1"
 | |
|   # Only warn if entry exists and dry-run is not seleted
 | |
|   if [ $? -eq 0 ] && ! dry ; then  
 | |
|     return 1
 | |
|   fi 
 | |
| 
 | |
|   return 0
 | |
| }
 | |
| 
 | |
| readonly sqr_minVersion=16
 | |
| . /usr/local/bin/sequencer.sh
 |