From d1ffd8f314a5c16b744f3aea634aa8eb6c03475f Mon Sep 17 00:00:00 2001 From: "Hahn Axel (hahn)" <axel.hahn@unibe.ch> Date: Fri, 20 Oct 2023 16:19:31 +0200 Subject: [PATCH] fs_errors - harden sudo command execution --- check_fs_errors | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/check_fs_errors b/check_fs_errors index 5f32133..d76e674 100755 --- a/check_fs_errors +++ b/check_fs_errors @@ -11,12 +11,13 @@ # 2021-03-23 v1.0 <axel.hahn@iml.unibe.ch> # 2021-03-30 v1.1 <axel.hahn@iml.unibe.ch> max age of detected errors: since yesterday (commented) # 2023-07-27 v1.2 <axel.hahn@unibe.ch> shell fixes; update help page +# 2023-10-20 v1.3 <axel.hahn@unibe.ch> harden sudo command execution # ====================================================================== . $( dirname $0 )/inc_pluginfunctions -export self_APPVERSION=1.2 +export self_APPVERSION=1.3 # ---------------------------------------------------------------------- @@ -52,7 +53,7 @@ EOF # ---------------------------------------------------------------------- # --- check required tools -# ph.require bc top +ph.require journalctl # --- check param -h @@ -67,19 +68,22 @@ esac # ----- MAKE CHECK +if ! sudo -n journalctl --since today -k -n 1 2>&1 >/dev/null ; then + ph.abort "UNKNOWN: No sudo permissions to execute journalctl." +fi # sincedate=$( date +%Y-%m-%d --date 'yesterday' ) # out=$( sudo /bin/journalctl --since $sincedate | grep 'kernel: ' | grep -v 'check_fs_errors' | grep -E '(error|fail)' | grep 'inconsistent' ) -out=$( sudo /bin/journalctl | grep 'kernel: ' | grep -v 'check_fs_errors' | grep -E '(error|fail)' | grep 'inconsistent' ) -test ! -z "$out" && ph.setStatus "critical" - +out=$( sudo -n /bin/journalctl -k --since yesterday | grep 'kernel: ' | grep -v 'check_fs_errors' | grep -E '(error|fail)' | grep 'inconsistent' ) # ----- OUTPUT -ph.status "check if kernel logs inconsistency messages" -echo "$out" - - -# ----- CLEANUP AND BYE! +if [ -n "$out" ]; then + ph.setStatus "critical" + ph.status "kernel logs show inconsistency messages (since yesteray)" + echo "$out" +else + ph.status "No inconsistency messages" +fi ph.exit -- GitLab