Current File : //proc/thread-self/root/lib64/nagios/plugins/nccustom/check_plans.py |
#!/usr/bin/python2
import os, re, sys, getopt
import os.path
#####################################################################
# #
# Script for validate users plans and owners on shared servers #
# Created by Max.N v.0.0.5 #
# #
#####################################################################
# def vars
reseller = 0
defplans = []
#excludusers_file_path="excludeusers.list"
#defplans_file_path="defplans.list"
excludusers = ["nctest", "wh", "system"]
# excludeusers = open("excludeusers.list")
def fillArray(arrayname,path2file):
if os.path.isfile(path2file):
with open(path2file) as excl:
arrayname += [line.strip() for line in excl]
return arrayname
### file path
fillArray(excludusers,"/usr/share/nc_nagios/check_plans/nc-users.list")
fillArray(defplans,"/usr/share/nc_nagios/check_plans/nc-plans.list")
#sys.exit(0)
debug = 0
getplan = re.compile('PLAN=(.*)', re.IGNORECASE)
getowner = re.compile('OWNER=(.*)', re.IGNORECASE)
badguys_resellers = ["reseller account:"]
badguys_owner = ["owner:"]
badguys_plan = ["plan:"]
badguys_excluded = ["settings in nrpe.cfg excludes list users: "]
badguys = []
def validateUser(user):
if not os.path.exists("/home/" + user) or not os.path.isfile("/var/cpanel/users/" + user):
badguys_excluded.append(user)
return 0
else:
excludusers.append(user)
return 1
try:
opts, args = getopt.getopt(sys.argv[1:], "hrd:u:p:e:", ["reseller", "deff-plans=", "user-exclude=", "defplans-file=", "excludeuser-file="])
for opt, arg in opts:
if opt == '-h':
print __file__, '-r -d <defplan1> -d <defplan2> ... -d <defplanN>'
print " -r use for reseller hosts"
print " -d <defplan> use to add plan to default batch"
print " -u <username> use to exclude user "
print " -p <path to file> file with allowed NC plans"
print " -e <path to file> file with whitelisted users"
sys.exit(4)
elif opt in ("-r", "--reseller"):
reseller = 1
elif opt in ("-d", "--deff-plans"):
defplans.append(arg)
elif opt in ("-u", "--user-exclude"):
#if validateUser(arg) == 0:
# badguys_excluded.append(arg)
#else:
# excludusers.append(arg)
validateUser(arg)
elif opt in ("-p", "--defplans-file"):
fillArray(defplans, arg)
elif opt in ("-e", "--excludeuser-file"):
users = []
if len(fillArray(users, arg)) > 0:
badguys_excluded[0]="settings in nrpe.cfg or external excludes list, users: "
for user in users:
validateUser(user)
except getopt.GetoptError:
print "WRONG WAY ! please try again with another args."
#if sys.argv.__len__() <= 1:
# print 'no args please use', __file__, '-h'
# sys.exit(4)
if reseller == 1:
getValidResellers = re.compile('(.*):')
sourceResellerList = open('/var/cpanel/resellers').read()
resellers = getValidResellers.findall(sourceResellerList)
badguys_resellers_notRootChown = ["[Reseller account but Not owned by ROOT]: "]
badguys_resellers_DelOwner = ["[Owner Not a reseller]: "]
badguys_resellers_RootChownNotRes = ["[Owned by root but Not a Reseller]: "]
if debug == 1:
user = 'workiqmd'
tmpuser = open("/var/cpanel/users/" + user).read()
# print tmpuser
plan = getplan.findall(tmpuser)[0]
owner = getowner.findall(tmpuser)[0]
if reseller: # skip user if resold
if owner != 'root':
if user in resellers:
print "user is not owned by root but have a RESELLER account"
badguys_resellers_notRootChown.append(user + ":' owner " + owner + "'")
elif owner not in resellers:
print "user had owner that not exist"
badguys_resellers_DelOwner.append(user + ":' owner " + owner + "'")
else:
print "GooD One"
# continue
elif user not in resellers:
print "user owned by ROOT bun not a RESELLER !"
badguys_resellers_RootChownNotRes.append(user + ":' owner " + owner + "'")
if badguys_resellers_RootChownNotRes.__len__() > 1:
badguys_resellers.extend(badguys_resellers_RootChownNotRes)
if badguys_resellers_DelOwner.__len__() > 1:
badguys_resellers.extend(badguys_resellers_DelOwner)
if badguys_resellers_RootChownNotRes.__len__() > 1:
badguys_resellers.extend(badguys_resellers_notRootChown)
if badguys_resellers.__len__() > 1:
badguys.extend(badguys_resellers)
print user, plan, owner
sys.exit(1)
path2cPanelUsers = '/var/cpanel/users'
path2cPanelPlans = '/var/cpanel/packages/'
userlist = os.listdir(path2cPanelUsers)
# print userlist;
# users = []
for user in userlist:
if user in excludusers: # skip user.
continue
if not os.path.exists("/home/" + user): # skip if user not exist
#if validateUser(user) == 0:
continue
try:
tmpuser = open(path2cPanelUsers + '/' + user).read()
plan = getplan.findall(tmpuser)[0]
owner = getowner.findall(tmpuser)[0]
except:
badguys.append(user + ":" + "check manually")
# users.append([user, plan, owner])
if reseller: # skip user if resold
if owner != 'root':
if user in resellers:
# print "user is not owned by root but have a RESELLER account"
badguys_resellers_notRootChown.append(user + ":'" + owner + "'")
continue
elif owner not in resellers:
# print "user had owner that not exist"
badguys_resellers_DelOwner.append(user + ":'" + owner + "'")
continue
else:
# print "GooD One"
continue
elif user not in resellers:
# print "user owned by ROOT bun not a RESELLER !"
badguys_resellers_RootChownNotRes.append(user + ":'" + owner + "'")
continue
elif owner != 'wh':
badguys_owner.append(user + ":'" + owner + "'")
continue
if plan not in defplans:
badguys_plan.append(user + ":'" + plan + "'")
if badguys_owner.__len__() > 1:
badguys.extend(badguys_owner)
if badguys_plan.__len__() > 1:
badguys.extend(badguys_plan)
# print "\n", badguys_resellers_RootChownNotRes, badguys_resellers_RootChownNotRes.__len__(), '\n', badguys_resellers_DelOwner ,badguys_resellers_DelOwner.__len__() , '\n', badguys_resellers_notRootChown, badguys_resellers_notRootChown.__len__(), "\n"
if reseller == 1:
if badguys_resellers_RootChownNotRes.__len__() > 1:
badguys_resellers.extend(badguys_resellers_RootChownNotRes)
if badguys_resellers_DelOwner.__len__() > 1:
badguys_resellers.extend(badguys_resellers_DelOwner)
if badguys_resellers_notRootChown.__len__() > 1:
badguys_resellers.extend(badguys_resellers_notRootChown)
if badguys_resellers.__len__() > 1:
badguys.extend(badguys_resellers)
# not valid whitelisted users
if badguys_excluded.__len__() > 1:
badguys.extend(badguys_excluded)
badguys.append(" already removed from server")
# print "\n", badguys_resellers, "\n"
# print users
if badguys.__len__() > 1:
result = " ".join(badguys)
print "[Critical]: Following users don't have valid " + result
sys.exit(2)
else:
print "[OK]: all users have valid hosting plans and owners"
sys.exit(0)