Your IP : 18.117.254.203
#!/usr/libexec/platform-python
# -*- coding: utf-8 -*-
# version 2013/07/31
# originally written by ED
#
# refactored by Bogdan Kukharskiy 2024/10/23
# Requirements:
# you need to allow the whole script in sudoers.d
# edited by Max.N
# remove /backup from monitoring, deprecated by check_backup.sh
# added PHP 7.3 to exclude lists, TO-12377 (by Bogdan Kukharskiy)
# added PHP 7.4 to exclude lists, TOP-2749 (by Bogdan Kukharskiy)
# extended exclude list by reading files from /etc/cagefs/empty.dirs/*, TOP-3462 (by Bogdan Kukharskiy)
import os
import re
import sys
import logging
logging.basicConfig(level=logging.DEBUG)
debug = False
# Read /proc/mounts directly
try:
with open('/proc/mounts', 'r', encoding='utf-8') as f:
cur_mount = [line.split() for line in f if line.strip()]
except IOError as e:
logging.error(f"Failed to read /proc/mounts: {e}")
raise SystemExit(3)
ro_re = re.compile(r'^ro,.*$')
cagefs_exclude_file = '/etc/cagefs/cagefs.mp'
cagefs_skeleton_dir = '/usr/share/cagefs-skeleton'
if os.path.islink(cagefs_skeleton_dir):
cagefs_skeleton_dir = os.path.realpath(cagefs_skeleton_dir)
cagefs_exclude_re = re.compile(r'^!/.*$')
# Read cagefs_exclude_file
try:
with open(cagefs_exclude_file, 'r', encoding='utf-8') as f:
cagefs_exclude_list = [cagefs_skeleton_dir + line[1:].strip() for line in f if cagefs_exclude_re.match(line)]
except IOError as e:
logging.error(f"Failed to read {cagefs_exclude_file}: {e}")
raise SystemExit(3)
cagefs_exclude_list.append(f"{cagefs_skeleton_dir}/var/lve/lveinfo.ver.cagefs") # whitelist lveinfo.ver.cagefs RO file
if debug:
logging.debug('cagefs_exclude_list %s', cagefs_exclude_list)
war_list = []
exclude_list = [cagefs_skeleton_dir + '/opt/suphp/sbin', '/backup']
exclude_list.extend([cagefs_skeleton_dir + f'/opt/cpanel/ea-php{x}/root/etc' for x in ('52', '53', '54', '55', '56', '70', '71', '72', '73', '74', '81')])
exclude_list.extend([cagefs_skeleton_dir + f'/opt/cpanel/ea-php{x}/root/usr/bin' for x in ('52', '53', '54', '55', '56', '70', '71', '72', '73', '74', '81')])
exclude_list.extend(cagefs_exclude_list)
# Read empty.dirs files directly and deduplicate using set
empty_dirs_set = set()
for root, _, files in os.walk('/etc/cagefs/empty.dirs'):
for file in files:
if file == 'emptied_dirs.default':
continue
try:
with open(os.path.join(root, file), 'r', encoding='utf-8') as f:
empty_dirs_set.update(f.read().splitlines())
except IOError as e:
logging.error(f"Failed to read file {file} in empty.dirs: {e}")
raise SystemExit(3)
exclude_list.extend([cagefs_skeleton_dir + line.strip() for line in empty_dirs_set if line])
if debug:
logging.debug('exclude_list %s', exclude_list)
for line in cur_mount:
if debug:
logging.debug('line %s', line)
if len(line) == 6:
if ro_re.match(line[3]) and line[1] not in exclude_list:
if debug:
logging.debug('debug match %s', line)
war_list.append(f"{line[1]} is in {line[3]} state,")
else:
war_list.append("Warning! Number of columns isn't 6")
if debug:
logging.debug("Warning! Number of columns isn't 6: %s", line)
result_re = re.compile(r"^.* is in.* state,$")
if war_list:
if any(result_re.match(res_line) for res_line in war_list):
print(war_list)
sys.exit(2)
else:
raise SystemExit(war_list)
else:
print('OK')