Skip to content
Snippets Groups Projects
Commit 6e7a6033 authored by Sven Mäder's avatar Sven Mäder :speech_balloon:
Browse files

Add acl exclude list, show excluded users in check

parent 3b60a436
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 26 additions and 2 deletions
bin/xymon-home.py
+ 26
2
View file @ 6e7a6033
...@@ -13,7 +13,7 @@ import dphysldap ...@@ -13,7 +13,7 @@ import dphysldap
import pyxymon as pymon import pyxymon as pymon
CHECK_NAME = 'permissions' CHECK_NAME = 'permissions'
CHECK_VERSION = 4 CHECK_VERSION = 5
LIFETIME = 30 LIFETIME = 30
home_dir = '/export/home1/*' home_dir = '/export/home1/*'
...@@ -32,6 +32,9 @@ no_blocked = [] ...@@ -32,6 +32,9 @@ no_blocked = []
not_closed = [] not_closed = []
not_open = [] not_open = []
permission_exclude = ['sengun','jheinsoo'] permission_exclude = ['sengun','jheinsoo']
acl_exclude = ['jheinsoo']
permission_excluded = []
acl_excluded = []
class Home(object): class Home(object):
...@@ -127,9 +130,14 @@ def check_homes(top): ...@@ -127,9 +130,14 @@ def check_homes(top):
if bad_permission(home): if bad_permission(home):
if f not in permission_exclude: if f not in permission_exclude:
permission.append(home) permission.append(home)
else:
permission_excluded.append(home)
if posix1e.has_extended(home.path): if posix1e.has_extended(home.path):
acl.append(home) if f not in acl_exclude:
acl.append(home)
else:
acl_excluded.append(home)
if home.name in users: if home.name in users:
if users[home.name]['homeDirectory'][6:] != home.name: if users[home.name]['homeDirectory'][6:] != home.name:
...@@ -237,6 +245,13 @@ def run_check(xymon): ...@@ -237,6 +245,13 @@ def run_check(xymon):
xymon.section(title, content) xymon.section(title, content)
xymon.color = pymon.STATUS_CRITICAL xymon.color = pymon.STATUS_CRITICAL
if permission_excluded:
title = 'bad permissions ignored'
content = 'home permission not <code>drwx------</code> (active user) or <code>d---------</code> (blocked user)<br/><br/>'
for home in permission_excluded:
content += ''.join([str(home.permission), '<br/>'])
xymon.section(title, content)
if not_closed: if not_closed:
title = 'home not closed (bad permissions)' title = 'home not closed (bad permissions)'
content = 'blocked user homes should have <code>u=---</code><br/><br/>' content = 'blocked user homes should have <code>u=---</code><br/><br/>'
...@@ -263,6 +278,15 @@ def run_check(xymon): ...@@ -263,6 +278,15 @@ def run_check(xymon):
xymon.section(title, content) xymon.section(title, content)
xymon.color = pymon.STATUS_CRITICAL xymon.color = pymon.STATUS_CRITICAL
if acl_excluded:
title = 'bad acls ignored'
content = 'home has posix.1e extended ACLs<br/>check acls using `getfacl`, which stands for `get fucking ACL`<br/><br/>'
for home in acl_excluded:
extacl = posix1e.ACL(file=home.path)
content += ''.join([home.path, '<br/>'])
content += ''.join([str(extacl), '<br/>'])
xymon.section(title, content)
if users: if users:
title = 'strange ldap users' title = 'strange ldap users'
content = 'these users seem to not have a home directory on the filesystem<br/><br/>' content = 'these users seem to not have a home directory on the filesystem<br/><br/>'
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment