cedricAbonnel/scripts-bash
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f2e86046d45f14564aa7e964f59945b3b6bd271c
scripts-bash/servers/linux/monitoring/bin/monitor-update-config.sh
Cédrix f2e86046d4 update-config
2026-03-16 15:15:43 +01:00

90 lines
3.1 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Copyright (C) 2026 Cédric Abonnel
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
set -u
SCRIPT_NAME="$(basename "$0")"
. /opt/monitoring/lib/monitoring-lib.sh || exit 3
# On s'assure d'avoir les permissions root
if [ "${EUID}" -ne 0 ]; then
echo "Ce script doit être exécuté en root." >&2
exit 1
fi
check_config_drift() {
local conf_dir="/opt/monitoring/conf"
local base_conf local_conf
local found_issue=false
log_info "audit_start" "Début de l'audit des configurations"
# Parcourir tous les fichiers .conf officiels
find "$conf_dir" -type f -name "*.conf" ! -name "*.local.conf" | while read -r base_conf; do
local_conf="${base_conf%.conf}.local.conf"
local file_name
file_name=$(basename "$base_conf")
# 1. Si le .local.conf n'existe pas : on le crée proprement
if [ ! -f "$local_conf" ]; then
log_notice "audit_missing_local" "Création du fichier local manquant" "file=$file_name"
# On copie le template en commentant les valeurs par défaut pour inciter à la config
cp "$base_conf" "$local_conf"
chmod 600 "$local_conf"
continue
fi
# 2. Si le .local.conf existe : on compare les clés (options)
local tmp_base tmp_local
tmp_base=$(mktemp)
tmp_local=$(mktemp)
# Extraction des noms de variables uniquement (Clés)
grep -E '^[A-Za-z0-9_]+=' "$base_conf" | cut -d'=' -f1 | sort > "$tmp_base"
grep -E '^[A-Za-z0-9_]+=' "$local_conf" | cut -d'=' -f1 | sort > "$tmp_local"
# Options présentes dans le .conf mais absentes du .local.conf
local missing
missing=$(comm -23 "$tmp_base" "$tmp_local" | tr '\n' ' ' | xargs)
if [ -n "$missing" ]; then
log_warning "audit_keys_missing" "Nouvelles options disponibles à configurer" \
"file=${file_name%.conf}.local.conf" "keys=$missing"
found_issue=true
fi
# Options présentes dans le .local.conf mais qui n'existent plus dans le .conf (Obsolètes)
local obsolete
obsolete=$(comm -13 "$tmp_base" "$tmp_local" | tr '\n' ' ' | xargs)
if [ -n "$obsolete" ]; then
log_info "audit_keys_obsolete" "Options locales obsolètes détectées" \
"file=${file_name%.conf}.local.conf" "keys=$obsolete"
fi
rm -f "$tmp_base" "$tmp_local"
done
if [ "$found_issue" = false ]; then
log_info "audit_success" "Toutes les configurations locales sont à jour"
fi
}
main() {
lock_or_exit "monitoring-audit"
check_config_drift
}
main
exit_with_status
Reference in New Issue View Git Blame Copy Permalink