From 6d4a85a5ca8ed9ba47d55a06d75808bf508cd51e Mon Sep 17 00:00:00 2001 From: Boris Gallet Date: Tue, 16 Apr 2024 16:55:49 +0200 Subject: [PATCH] [ADD] elab-monitor : init script handling disk and memory questions for restricted ssh connection --- README.md | 22 +++++++++- elab-monitor.sh | 106 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 127 insertions(+), 1 deletion(-) create mode 100644 elab-monitor.sh diff --git a/README.md b/README.md index bdcb217..b5cfb0f 100644 --- a/README.md +++ b/README.md @@ -1 +1,21 @@ -# this repo is a simple script to handle simple monitoring question on debian servers +# Handle simple monitoring questions on debian servers via SSH + +## How to install + +1. Clone the repo on the server +2. Force a system user to only used the elab-monitor.sh script +3. then you can `ssh $system_user@yourserver question` + +## Questions available + +- disk_size +- disk_available +- disk_used +- disk_used_percent +- disk_available_percent + +- memory_size +- memory_available +- memory_used +- memory_used_percent +- memory_available_percent \ No newline at end of file diff --git a/elab-monitor.sh b/elab-monitor.sh new file mode 100644 index 0000000..03caa4a --- /dev/null +++ b/elab-monitor.sh @@ -0,0 +1,106 @@ +#!/bin/bash + +mkdir -p /var/log/monitoring + +LOG="/var/log/monitoring/elab-monitor.log" + +ssh_connection=(${SSH_CONNECTION}) +SSH_SOURCE_IP="${ssh_connection[0]}:${ssh_connection[1]}" + +log() { + printf "%s [%s] %s - %s\n" \ + "$(date --rfc-3339=seconds)" "$$" "$SSH_SOURCE_IP" "$*" \ + >> "$LOG" +} + +log "NEW MONITORING CONNECTION" + +ident="$1" +log "IDENTIFIED AS $ident" + +reject() { + log "REJECTED: $SSH_ORIGINAL_COMMAND" + # echo "ORIG: $SSH_ORIGINAL_COMMAND" >&2 + echo "Your command has been rejected and reported to sys admin." >&2 + exit 1 +} + +## TODO: check how it’s made in the original script +# sudo /usr/local/sbin/ssh-update-keys + +if [[ "$SSH_ORIGINAL_COMMAND" =~ [\&\(\{\;\<\>\`\$\}] ]]; then + log "BAD CHARS DETECTED" + # echo "Bad chars: $SSH_ORIGINAL_COMMAND" >&2 + reject +fi + +disk_size() { + val=$(df -h | awk '/\/$/ {print $2}') # Retrieves the total disk size of the root filesystem + echo "$val" +} + +disk_available() { + val=$(df -h | awk '/\/$/ {print $4}') # Retrieves the available disk space of the root filesystem + echo "$val" +} + +disk_used() { + val=$(df -h | awk '/\/$/ {print $3}') # Retrieves the used disk space of the root filesystem + echo "$val" +} + +disk_used_percent() { + val=$(df -h | awk '/\/$/ {print $5}') # Retrieves the percentage of used disk space of the root filesystem + echo "$val" +} + +disk_available_percent() { + val=$(df -h | awk '/\/$/ {print $4}') # Retrieves the percentage of available disk space of the root filesystem + echo "$val" +} + +memory_size() { + val=$(free -h | awk '/Mem:/ {print $2}') # Retrieves the total memory size + echo "$val" +} + +memory_available() { + val=$(free -h | awk '/Mem:/ {print $7}') # Retrieves the available memory + echo "$val" +} + +memory_used() { + val=$(free -h | awk '/Mem:/ {print $3}') # Retrieves the used memory + echo "$val" +} + +memory_used_percent() { + val=$(free | awk '/Mem:/ {printf "%.2f\n", (($2 - $7) / $2) * 100}') # Calculates the percentage of used memory + echo "$val" +} + +memory_available_percent() { + val=$(free | awk '/Mem:/ {printf "%.2f\n", ($7 / $2) * 100}') # Calculates the percentage of available memory + echo "$val" +} + +## ---- MAIN ---- + +if [[ $SSH_ORIGINAL_COMMAND =~ ^[a-zA-Z0-9_]+$ ]]; then + log "ACCEPTED monitoring COMMAND : $SSH_ORIGINAL_COMMAND" + case "$SSH_ORIGINAL_COMMAND" in + disk_size) disk_size ;; + disk_available) disk_available ;; + disk_used) disk_used ;; + disk_used_percent) disk_used_percent ;; + disk_available_percent) disk_available_percent ;; + memory_size) memory_size ;; + memory_available) memory_available ;; + memory_used) memory_used ;; + memory_used_percent) memory_used_percent ;; + memory_available_percent) memory_available_percent ;; + *) reject ;; + esac +else + reject +fi \ No newline at end of file