netaudit changes and manual page
This commit is contained in:
cinap_lenrek
parent
e598b6dd31
commit
df66638fb5
2 changed files with 52 additions and 11 deletions
|
|
@ -5,8 +5,13 @@ fn checkhost {
|
|||
echo 'sysname= env var is not set'
|
||||
exit 'fail'
|
||||
}
|
||||
dom=`{ndb/query sys $sysname dom}
|
||||
echo 'checking this host''s tuple:'
|
||||
ip=`{ndb/query sys $sysname ip}
|
||||
if(~ $ip '')
|
||||
echo ' no ip= entry'
|
||||
if not
|
||||
echo ' ip='$ip 'looks ok'
|
||||
dom=`{ndb/query sys $sysname dom}
|
||||
if(~ $dom '')
|
||||
echo ' no dom= entry'
|
||||
if not if(! ~ $dom *.*)
|
||||
|
|
@ -29,19 +34,18 @@ fn checknet {
|
|||
echo 'checking the network tuple:'
|
||||
ipnet=`{ndb/ipquery sys $sysname ipnet | sed 's/^ipnet=//'}
|
||||
if(~ $ipnet ''){
|
||||
echo ' we are not in an ipnet, check your ipnet= entry'
|
||||
exit fail
|
||||
echo ' we are not in an ipnet, so looking for entries in host tuple only'
|
||||
}
|
||||
if not
|
||||
echo ' we are in ipnet='^$ipnet
|
||||
dns=`{ndb/query ipnet $ipnet dns}
|
||||
dns=`{ndb/ipquery sys $sysname dns | sed 's/^dns=//'}
|
||||
if(~ $dns '')
|
||||
echo ' no dns= entry'
|
||||
if not if(! ip/ping -n 1 $dns >/dev/null >[2=1])
|
||||
echo ' dns='$dns 'does not reply to ping'
|
||||
if not
|
||||
echo ' dns='$dns 'looks ok'
|
||||
auth=`{ndb/query ipnet $ipnet auth}
|
||||
auth=`{ndb/ipquery sys $sysname auth | sed 's/^auth=//'}
|
||||
if(~ $auth '')
|
||||
echo ' no auth= entry'
|
||||
if not if(! ip/ping -n 1 $auth >/dev/null >[2=1])
|
||||
|
|
@ -50,15 +54,9 @@ fn checknet {
|
|||
authok=1
|
||||
echo ' auth='$auth 'looks ok'
|
||||
}
|
||||
authdom=`{ndb/query ipnet $ipnet authdom}
|
||||
if(~ $authdom '')
|
||||
echo ' no authdom= entry'
|
||||
if not
|
||||
echo ' authdom='$authdom 'looks ok'
|
||||
}
|
||||
fn checkauth {
|
||||
echo 'checking auth server configuration:'
|
||||
auth=`{ndb/query ipnet $ipnet auth}
|
||||
if(~ $auth ''){
|
||||
echo ' no auth server'
|
||||
exit fail
|
||||
|
|
@ -71,6 +69,10 @@ fn checkauth {
|
|||
echo ' we are the auth server'
|
||||
authisus=1
|
||||
}
|
||||
if not if(~ $auth $ip){
|
||||
echo ' we are the auth server'
|
||||
authisus=1
|
||||
}
|
||||
if not {
|
||||
echo ' we are not the auth server '^$auth
|
||||
echo ' if this is a mistake, set auth='$sysname' or auth='$dom
|
||||
|
|
|
|||
39
sys/man/8/netaudit
Normal file
39
sys/man/8/netaudit
Normal file
|
|
@ -0,0 +1,39 @@
|
|||
.TH NETAUDIT 8
|
||||
.SH NAME
|
||||
netaudit - network configuration checker
|
||||
.SH SYNOPSIS
|
||||
netaudit
|
||||
.SH DESCRIPTION
|
||||
.I Netaudit
|
||||
checks the effective network configuration on the
|
||||
local system and reports any inconsistencies found.
|
||||
.PP
|
||||
It starts its search my querying common ndb entries for
|
||||
.B $sysname
|
||||
checking and validating the
|
||||
.BR ip= ,
|
||||
.B ether=
|
||||
and
|
||||
.B dom=
|
||||
entries.
|
||||
.PP
|
||||
The presence of an
|
||||
.B ipnet=
|
||||
entry and the reachability of dns and auth servers is checked.
|
||||
.PP
|
||||
If the machine is an auth server,
|
||||
.I netaudit
|
||||
checks if
|
||||
.IR keyfs (4)
|
||||
is running and the local tcp port 567 is open and listening.
|
||||
.PP
|
||||
The root filesystem
|
||||
.B /srv/boot
|
||||
is tested if it requires authentication on mount.
|
||||
.SH SOURCE
|
||||
.B /rc/bin/netaudit
|
||||
.SH "SEE ALSO"
|
||||
.IR keyfs (4),
|
||||
.IR auth (8),
|
||||
.IR ndb (8),
|
||||
.IR ndb (6).
|
||||
Loading…
Reference in a new issue