cedricAbonnel/scripts-bash
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

ecriture en PHP

Browse Source
This commit is contained in:
Cédric Abonnel
2026-03-16 22:14:35 +01:00
parent d31e193954
commit ae0c8f95cb
11 changed files with 1099 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
servers/linux/monitoring/bin/install-monitoring.sh
View File

@@ -1,18 +1,10 @@
#!/bin/bash
# Copyright (C) 2026 Cédric Abonnel
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
# License: GNU Affero General Public License v3
set -euo pipefail
# --- Configuration ---
BASE_DIR="/opt/monitoring"
CONF_DIR="${BASE_DIR}/conf"
LOG_DIR="/var/log/monitoring"
@@ -24,11 +16,12 @@ UPDATE_BASE_URL="https://git.abonnel.fr/cedricAbonnel/scripts-bash/raw/branch/ma
MANIFEST_URL="${UPDATE_BASE_URL}/manifest.txt"
INSTALL_DEPS="${INSTALL_DEPS:-true}"
CREATE_LOCAL_CONF="${CREATE_LOCAL_CONF:-true}"
# --- Fonctions ---
require_root() {
if [ "${EUID}" -ne 0 ]; then
echo "Ce script doit être exécuté en root." >&2
echo "ERREUR: Ce script doit être exécuté en root." >&2
exit 1
fi
}
@@ -38,35 +31,38 @@ install_deps() {
return 0
fi
echo "--- Installation des dépendances ---"
if command -v apt-get >/dev/null 2>&1; then
apt-get update
apt-get install -y curl coreutils findutils grep sed gawk util-linux ca-certificates
# Ajout des modules PHP nécessaires pour vos scripts (curl pour ntfy)
apt-get install -y php-cli php-curl php-common
else
echo "AVERTISSEMENT: Gestionnaire de paquets apt non détecté. Assurez-vous que php-cli et php-curl sont installés."
fi
}
prepare_dirs() {
mkdir -p "${BASE_DIR}" "${CONF_DIR}" "${LOG_DIR}" "${STATE_DIR}" "${LOCK_DIR}" "${TMP_DIR}"
echo "--- Préparation des répertoires ---"
mkdir -p "${BASE_DIR}/bin" "${BASE_DIR}/lib" "${CONF_DIR}" "${LOG_DIR}" "${STATE_DIR}" "${LOCK_DIR}" "${TMP_DIR}"
chmod 755 "${BASE_DIR}" "${CONF_DIR}" "${LOG_DIR}" "${STATE_DIR}" "${LOCK_DIR}"
}
fetch_manifest() {
echo "--- Récupération du manifeste ---"
curl -fsS "${MANIFEST_URL}" -o "${TMP_DIR}/manifest.txt"
}
validate_manifest() {
# Validation du format : Hash Mode Chemin
# Exemple : a1b2... 755 bin/script.php
awk '
NF == 3 &&
$1 ~ /^[0-9a-fA-F]{64}$/ &&
$2 ~ /^(644|755|600)$/ &&
$3 ~ /^(bin|lib|conf)\/[A-Za-z0-9._\/-]+$/ &&
$3 !~ /\.\./
' "${TMP_DIR}/manifest.txt" >/dev/null
}
apply_mode() {
local mode="$1"
local file="$2"
chmod "$mode" "$file"
' "${TMP_DIR}/manifest.txt"
}
download_one() {
@@ -76,87 +72,85 @@ download_one() {
local url="${UPDATE_BASE_URL}/${rel_path}"
local dst="${BASE_DIR}/${rel_path}"
# On ignore le téléchargement si c'est un fichier de conf qui existe déjà
if [[ "$rel_path" == conf/* ]] && [ -f "$dst" ]; then
echo "Skip: $rel_path (existe déjà)"
return 0
fi
echo "Téléchargement: $rel_path"
local tmp_file
tmp_file="$(mktemp "${TMP_DIR}/file.XXXXXX")"
curl -fsS "$url" -o "$tmp_file"
if ! curl -fsS "$url" -o "$tmp_file"; then
echo "ERREUR: Échec du téléchargement de ${url}" >&2
rm -f "$tmp_file"
return 1
fi
local got_hash
got_hash="$(sha256sum "$tmp_file" | awk '{print $1}')"
if [ "$got_hash" != "$expected_hash" ]; then
echo "Hash invalide pour ${rel_path}" >&2
echo "ERREUR: Hash invalide pour ${rel_path}" >&2
rm -f "$tmp_file"
return 1
fi
mkdir -p "$(dirname "$dst")"
apply_mode "$mode" "$tmp_file"
mv -f "$tmp_file" "$dst"
chmod "$mode" "$dst"
}
install_from_manifest() {
echo "--- Installation des fichiers ---"
while read -r hash mode rel_path; do
[ -n "${hash:-}" ] || continue
download_one "$hash" "$mode" "$rel_path"
done < "${TMP_DIR}/manifest.txt"
}
create_local_conf_if_missing() {
if [ "${CREATE_LOCAL_CONF}" != "true" ]; then
return 0
fi
if [ ! -f "${CONF_DIR}/alert-engine.local.conf" ]; then
cat > "${CONF_DIR}/alert-engine.local.conf" <<'EOF'
#!/bin/bash
NTFY_SERVER="https://ntfy.sh"
NTFY_TOPIC="FjdJ7qex2oGqZkV3OMaqNIxe"
NTFY_TOKEN="A_REMPLACER"
DEST="root"
EOF
chmod 600 "${CONF_DIR}/alert-engine.local.conf"
fi
done < "${TMP_DIR}/manifest-valid.txt"
}
show_next_steps() {
cat <<'EOF'
cat <<EOF
Installation terminée.
Installation terminée avec succès dans ${BASE_DIR}.
Étapes suivantes :
1. Éditer /opt/monitoring/conf/alert-engine.local.conf
2. Remplacer NTFY_TOKEN par le vrai token
3. Tester :
/opt/monitoring/bin/check_disk.sh
/opt/monitoring/bin/alert-engine.sh
4. Ajouter cron ou systemd timer
1. Configurez vos alertes :
cp ${CONF_DIR}/alert-engine.conf.php ${CONF_DIR}/alert-engine.local.conf.php
nano ${CONF_DIR}/alert-engine.local.conf.php
Exemple cron :
*/5 * * * * /opt/monitoring/bin/check_disk.sh
*/5 * * * * /opt/monitoring/bin/check_ram.sh
15 */6 * * * /opt/monitoring/bin/check_cert.sh
30 2 * * * /opt/monitoring/bin/check_backup.sh
10 3 * * * /opt/monitoring/bin/monitoring-update.sh
* * * * * /opt/monitoring/bin/alert-engine.sh
2. Initialisez la configuration globale :
cp ${CONF_DIR}/monitoring.conf.php ${CONF_DIR}/monitoring.local.conf.php
3. Lancez un audit des configurations :
php ${BASE_DIR}/bin/monitoring-update-config.php
4. Planifiez les tâches (cron) :
*/5 * * * * php ${BASE_DIR}/bin/alert-engine.php
10 3 * * * php ${BASE_DIR}/bin/monitoring-update.php
EOF
}
# --- Main ---
main() {
require_root
install_deps
prepare_dirs
fetch_manifest
if ! validate_manifest; then
echo "Le manifeste est invalide." >&2
if ! validate_manifest > "${TMP_DIR}/manifest-valid.txt"; then
echo "ERREUR: Le manifeste est invalide ou corrompu." >&2
exit 1
fi
install_from_manifest
create_local_conf_if_missing
# Nettoyage
rm -rf "${TMP_DIR}"
show_next_steps
}