Your IP : 18.191.147.146
#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
#input option
PROGNAME=${0##*/}
print_usage() {
echo ""
echo "Usage: $PROGNAME -h | --help"
}
print_help() {
print_usage
echo ""
echo "This script check CageFS status (see TOP-400)"
echo ""
echo "-h help Print this help screen"
echo "--help Print this help screen"
echo ""
exit 3
}
while [ $# -gt 0 ]; do
case "$1" in
--help)
print_help
exit 3
;;
-h)
print_help
exit 3
;;
*)
echo >&2 "Unknown argument: $1"
print_usage
exit 3
;;
esac
shift
done
# 1-CageFS -ON/Off
# 2-CageFS config is not valid
# 3-CageFS is not initialized
# 4-There is at least one user with disabled CageFS
# 5-Total users without mounts
# 6-Not allowed suid files in CageFS
if ! /usr/sbin/cagefsctl --cagefs-status > /dev/null 2>&1; then
echo "CRITICAL. CageFS is not enabled"
exit 2
fi
if ! /usr/sbin/cagefsctl --sanity-check > /dev/null 2>&1; then
failstr=$(/usr/sbin/cagefsctl --sanity-check | grep -i failed)
echo "CRITICAL. CageFS config is not valid. ${failstr}"
exit 2
fi
if ! /usr/sbin/cagefsctl --check-cagefs-initialized > /dev/null 2>&1; then
echo "CRITICAL. CageFS is not initialized"
exit 2
fi
mapfile -t CMD < <(/usr/sbin/cagefsctl --list-disabled)
if [ ! "${#CMD[@]}" == 0 ]; then
echo "CRITICAL! ${CMD[@]}"
exit 2
fi
log_file="/var/log/nc_audit/cagefs_mounts.log"
log_line=$(tail -n 2 "$log_file" | head -n 1)
if [[ "$log_line" == *"Total users without mounts"* ]]; then
echo "$log_line"
exit 2
fi
log_file_suid="/var/log/nc_audit/cagefs_suid_check.log"
if [ -s "$log_file_suid" ]; then
last_line_suid=$(tail -n 1 "$log_file_suid")
if [[ "$last_line_suid" != *"OK."* ]]; then
echo "CRITICAL. Not allowed suid files:"
tac "$log_file_suid" | awk '/OK./{exit}1' | tac
exit 2
fi
fi
echo "OK. CageFS in good state"
exit 0