fs_errors - harden sudo command execution

d1ffd8f3 · Hahn Axel (hahn) · 234af166 · d1ffd8f3
Commit d1ffd8f3 authored 1 year ago by Hahn Axel (hahn)
--- a/check_fs_errors
+++ b/check_fs_errors
@@ -11,12 +11,13 @@
 # 2021-03-23  v1.0  <axel.hahn@iml.unibe.ch>
 # 2021-03-30  v1.1  <axel.hahn@iml.unibe.ch>  max age of detected errors: since yesterday (commented)
 # 2023-07-27  v1.2  <axel.hahn@unibe.ch>      shell fixes; update help page
+# 2023-10-20  v1.3  <axel.hahn@unibe.ch>      harden sudo command execution
 # ======================================================================
 . $( dirname $0 )/inc_pluginfunctions
-export self_APPVERSION=1.2
+export self_APPVERSION=1.3
 # ----------------------------------------------------------------------
@@ -52,7 +53,7 @@ EOF
 # ----------------------------------------------------------------------
 # --- check required tools
-# ph.require bc top
+ph.require journalctl
 # --- check param -h
@@ -67,19 +68,22 @@ esac
 # ----- MAKE CHECK
+if ! sudo -n journalctl --since today -k -n 1 2>&1 >/dev/null ; then
+    ph.abort "UNKNOWN: No sudo permissions to execute journalctl."
+fi
 # sincedate=$( date +%Y-%m-%d --date 'yesterday' )
 # out=$( sudo /bin/journalctl --since $sincedate | grep 'kernel: ' | grep -v 'check_fs_errors' | grep -E '(error|fail)' | grep 'inconsistent' )
-out=$( sudo /bin/journalctl | grep 'kernel: ' | grep -v 'check_fs_errors' | grep -E '(error|fail)' | grep 'inconsistent' )
+out=$( sudo -n /bin/journalctl -k --since yesterday | grep 'kernel: ' | grep -v 'check_fs_errors' | grep -E '(error|fail)' | grep 'inconsistent' )
-test ! -z "$out" && ph.setStatus "critical"
 # ----- OUTPUT
-ph.status "check if kernel logs inconsistency messages"
+if [ -n "$out" ]; then
-echo "$out"
+    ph.setStatus "critical"
+    ph.status "kernel logs show inconsistency messages (since yesteray)"
+    echo "$out"
-# ----- CLEANUP AND BYE!
+else
+    ph.status "No inconsistency messages"
+fi
 ph.exit