From 9e5d7456b63bac4d33a0ac730b5ec21588ed458a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9drix?= Date: Mon, 16 Mar 2026 15:28:50 +0100 Subject: [PATCH] ajout de logs plus parlant --- .../monitoring/bin/monitor-update-config.sh | 88 ++++++++++++------- servers/linux/monitoring/manifest.txt | 2 +- 2 files changed, 56 insertions(+), 34 deletions(-) diff --git a/servers/linux/monitoring/bin/monitor-update-config.sh b/servers/linux/monitoring/bin/monitor-update-config.sh index 42d18ec..ac0c602 100755 --- a/servers/linux/monitoring/bin/monitor-update-config.sh +++ b/servers/linux/monitoring/bin/monitor-update-config.sh @@ -11,7 +11,6 @@ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. - set -u SCRIPT_NAME="$(basename "$0")" @@ -23,61 +22,84 @@ if [ "${EUID}" -ne 0 ]; then exit 1 fi +extract_keys() { + local file="$1" + grep -E '^[A-Za-z_][A-Za-z0-9_]*=' "$file" | cut -d'=' -f1 | sort -u +} + check_config_drift() { local conf_dir="/opt/monitoring/conf" local base_conf local_conf local found_issue=false + local reviewed_files=0 + local files_requiring_action=0 - log_info "audit_start" "Début de l'audit des configurations" + log_info "audit_start" "Début de l'audit des configurations locales" + + while IFS= read -r base_conf; do + reviewed_files=$((reviewed_files + 1)) - # Parcourir tous les fichiers .conf officiels - find "$conf_dir" -type f -name "*.conf" ! -name "*.local.conf" | while read -r base_conf; do local_conf="${base_conf%.conf}.local.conf" - local file_name - file_name=$(basename "$base_conf") + local file_name local_file_name + file_name="$(basename "$base_conf")" + local_file_name="$(basename "$local_conf")" - # 1. Si le .local.conf n'existe pas : on le crée proprement if [ ! -f "$local_conf" ]; then - log_notice "audit_missing_local" "Création du fichier local manquant" "file=$file_name" - # On copie le template en commentant les valeurs par défaut pour inciter à la config - cp "$base_conf" "$local_conf" - chmod 600 "$local_conf" + cp "$base_conf" "$local_conf" || { + log_error "audit_create_local_failed" \ + "Impossible de créer ${local_file_name} à partir de ${file_name}" + found_issue=true + files_requiring_action=$((files_requiring_action + 1)) + continue + } + chmod 600 "$local_conf" 2>/dev/null || true + + log_notice "audit_missing_local" \ + "Le fichier ${local_file_name} n'existait pas ; il a été créé par copie de ${file_name}" continue fi - # 2. Si le .local.conf existe : on compare les clés (options) local tmp_base tmp_local - tmp_base=$(mktemp) - tmp_local=$(mktemp) + tmp_base="$(mktemp)" || fail_internal "mktemp a échoué" + tmp_local="$(mktemp)" || fail_internal "mktemp a échoué" - # Extraction des noms de variables uniquement (Clés) - grep -E '^[A-Za-z0-9_]+=' "$base_conf" | cut -d'=' -f1 | sort > "$tmp_base" - grep -E '^[A-Za-z0-9_]+=' "$local_conf" | cut -d'=' -f1 | sort > "$tmp_local" + extract_keys "$base_conf" > "$tmp_base" + extract_keys "$local_conf" > "$tmp_local" - # Options présentes dans le .conf mais absentes du .local.conf - local missing - missing=$(comm -23 "$tmp_base" "$tmp_local" | tr '\n' ' ' | xargs) + local missing obsolete + missing="$(comm -23 "$tmp_base" "$tmp_local" | xargs)" + obsolete="$(comm -13 "$tmp_base" "$tmp_local" | xargs)" - if [ -n "$missing" ]; then - log_warning "audit_keys_missing" "Nouvelles options disponibles à configurer" \ - "file=${file_name%.conf}.local.conf" "keys=$missing" + if [ -n "$missing" ] || [ -n "$obsolete" ]; then found_issue=true - fi + files_requiring_action=$((files_requiring_action + 1)) - # Options présentes dans le .local.conf mais qui n'existent plus dans le .conf (Obsolètes) - local obsolete - obsolete=$(comm -13 "$tmp_base" "$tmp_local" | tr '\n' ' ' | xargs) - - if [ -n "$obsolete" ]; then - log_info "audit_keys_obsolete" "Options locales obsolètes détectées" \ - "file=${file_name%.conf}.local.conf" "keys=$obsolete" + log_warning "audit_file_requires_action" \ + "Le fichier ${local_file_name} nécessite une vérification" + + if [ -n "$missing" ]; then + log_warning "audit_keys_missing" \ + "Dans ${local_file_name}, options disponibles dans ${file_name} mais absentes du local : ${missing}" + fi + + if [ -n "$obsolete" ]; then + log_info "audit_keys_obsolete" \ + "Dans ${local_file_name}, options présentes uniquement dans le local et à vérifier ou supprimer : ${obsolete}" + fi + else + log_info "audit_file_ok" \ + "Le fichier ${local_file_name} contient les mêmes options que ${file_name}" fi rm -f "$tmp_base" "$tmp_local" - done + done < <(find "$conf_dir" -maxdepth 1 -type f -name "*.conf" ! -name "*.local.conf" | sort) if [ "$found_issue" = false ]; then - log_info "audit_success" "Toutes les configurations locales sont à jour" + log_info "audit_success" \ + "Toutes les configurations locales sont à jour (${reviewed_files} fichier(s) vérifié(s))" + else + log_warning "audit_requires_action" \ + "Certaines configurations locales doivent être mises à jour (${files_requiring_action} fichier(s) à vérifier sur ${reviewed_files})" fi } diff --git a/servers/linux/monitoring/manifest.txt b/servers/linux/monitoring/manifest.txt index a5cfd2c..c88269b 100644 --- a/servers/linux/monitoring/manifest.txt +++ b/servers/linux/monitoring/manifest.txt @@ -3,7 +3,7 @@ f433b3e2ca25c76cccebf971072255dae64169a8ae162d6baa10776904d733e9 755 bin/alert-e 4fae83b48dc25c5e2a59bba944d8c3f2c6dff89bf2adb932d4dd9201f6305ca4 755 bin/install-monitoring.sh 36528963f2e78a160738a2cf3b8da67b9d12dbe495d9d01ca6c1ba97956288fa 755 bin/monitoring.sh 78ccebfd1da7cf885fddb8d5a967c23e379c495d8f43490584ace7133690ec55 755 bin/monitoring-update.sh -4d9b28a1e5b93b74a904ed991621ac5baa507e0e439c9c8d2adb2cea901f6b13 755 bin/monitor-update-config.sh +54eb520360c80b3146c5cdb846330a8743cbeb9fe6de0559357114b92d090c29 755 bin/monitor-update-config.sh 83db39c8d0cfd6f6e9d3cc5b961a67db29dc73666304a91e0d4a6d5831c623cb 644 conf/alert-engine.conf caaa8f6031d66bc43a897ac2804124ce2050a64523734195d5505ae863836bf4 644 conf/monitoring.conf 654cd98ecda1c485a0ea1224f160a3c4d7396ab95a491603574e2ad1981fe010 644 lib/monitoring-lib.sh