mcnewton · April 27, 2020 14:50
diff --git a/freeradiuscheck.sh b/freeradiuscheck.sh
 #! /bin/bash

 CONFIG_DISK_THRESHOLD=95
 FR_PIDFILE=/var/run/freeradius/freeradius.pid
 FR_BINARY=/usr/sbin/freeradius
 DATE_MIN=$(date +%_M)

 TEST_USER=checkuser
 TEST_DOMAIN=my.domain.example
 TEST_PASSWORD=password

 LOG_PERIOD=30
 CMD_PERIOD=5

 LOG=""

 function periodic_log
 {
  [ "$(($DATE_MIN % $LOG_PERIOD))" -eq "0" ]
  return $?
 }

 function periodic
 {
  [ "$(($DATE_MIN % $CMD_PERIOD))" -eq "0" ]
  return $?
 }

 function log
 {
  LOG="$LOG
 $*"
 }

 function start_freeradius
 {
  log "Attempting to start FreeRADIUS"
  if disc_is_ok; then
    log $(/etc/init.d/freeradius start 2>&1)
  else
    log "disc check failed, not starting"
  fi
 }

 function stop_freeradius
 {
  log "Stopping FreeRADIUS"
  log $(/etc/init.d/freeradius stop 2>&1)
 }

 function restart_winbind
 {
  log "Restarting winbind"
  log $(/etc/init.d/winbind restart 2>&1)
 }

 function disc_usage
 {
  [ -z "$1" ] && return 2
  DISC="$1"

  df "$DISC" | awk '/^\//{print $5}' | tr -d '%' | head -1
 }

 function finished
 {
  echo "FreeRADIUS process check"
  echo "$LOG"
  echo
  echo "End of report"
  exit
 }

 # --

 function disc_is_ok
 {
  USAGE=$(disc_usage /)

  if [ "$USAGE" -gt "$CONFIG_DISK_THRESHOLD" ]; then
    log "WARNING: Disc usage too high!"
    log "         ($USAGE > $CONFIG_DISK_THRESHOLD)"
    return 1
  fi

  return 0
 }

 function freeradius_is_running
 {
  if [ -r "$FR_PIDFILE" ]; then
    PID=$(cat $FR_PIDFILE)

    if grep -q "$FR_BINARY" /proc/$PID/cmdline; then
      return 0
    fi
  fi

  if ps -ef | grep -v grep | grep -q "$FR_BINARY"; then
    return 0
  fi

  return 1
 }

 function ad_auth_check_ok
 {
  ntlm_auth --username=$TEST_USER --domain=$TEST_DOMAIN --password=$TEST_PASSWORD >/dev/null 2>&1
  return $?
 }

 if ! disc_is_ok; then
  if freeradius_is_running; then
    stop_freeradius
    finished
  fi

  if periodic_log; then
    log "FreeRADIUS is stopped"
    finished
  fi
  
  exit
 fi

 if periodic; then
  log "Testing AD authentication"

  if ! ad_auth_check_ok; then
    log "Restarting winbind"
    restart_winbind
  fi

  if freeradius_is_running && ! ad_auth_check_ok; then
    log "FreeRADIUS is running, but AD auth failed - stopping FreeRADIUS"
    stop_freeradius
    finished
  fi
 fi

 if ! freeradius_is_running; then
  log "FreeRADIUS is not running but should be"
  log "Testing NTLM authenticaion"
  if ad_auth_check_ok; then
    log "Auth passed"
    start_freeradius
  else
    log "Auth failed, not starting FreeRADIUS"
  fi
  finished
 fi
	#! /bin/bash

	CONFIG_DISK_THRESHOLD=95
	FR_PIDFILE=/var/run/freeradius/freeradius.pid
	FR_BINARY=/usr/sbin/freeradius
	DATE_MIN=$(date +%_M)

	TEST_USER=checkuser
	TEST_DOMAIN=my.domain.example
	TEST_PASSWORD=password

	LOG_PERIOD=30
	CMD_PERIOD=5

	LOG=""

	function periodic_log
	{
	[ "$(($DATE_MIN % $LOG_PERIOD))" -eq "0" ]
	return $?
	}

	function periodic
	{
	[ "$(($DATE_MIN % $CMD_PERIOD))" -eq "0" ]
	return $?
	}

	function log
	{
	LOG="$LOG
	$*"
	}

	function start_freeradius
	{
	log "Attempting to start FreeRADIUS"
	if disc_is_ok; then
	log $(/etc/init.d/freeradius start 2>&1)
	else
	log "disc check failed, not starting"
	fi
	}

	function stop_freeradius
	{
	log "Stopping FreeRADIUS"
	log $(/etc/init.d/freeradius stop 2>&1)
	}

	function restart_winbind
	{
	log "Restarting winbind"
	log $(/etc/init.d/winbind restart 2>&1)
	}

	function disc_usage
	{
	[ -z "$1" ] && return 2
	DISC="$1"

	df "$DISC" \| awk '/^\//{print $5}' \| tr -d '%' \| head -1
	}

	function finished
	{
	echo "FreeRADIUS process check"
	echo "$LOG"
	echo
	echo "End of report"
	exit
	}

	# --

	function disc_is_ok
	{
	USAGE=$(disc_usage /)

	if [ "$USAGE" -gt "$CONFIG_DISK_THRESHOLD" ]; then
	log "WARNING: Disc usage too high!"
	log " ($USAGE > $CONFIG_DISK_THRESHOLD)"
	return 1
	fi

	return 0
	}

	function freeradius_is_running
	{
	if [ -r "$FR_PIDFILE" ]; then
	PID=$(cat $FR_PIDFILE)

	if grep -q "$FR_BINARY" /proc/$PID/cmdline; then
	return 0
	fi
	fi

	if ps -ef \| grep -v grep \| grep -q "$FR_BINARY"; then
	return 0
	fi

	return 1
	}

	function ad_auth_check_ok
	{
	ntlm_auth --username=$TEST_USER --domain=$TEST_DOMAIN --password=$TEST_PASSWORD >/dev/null 2>&1
	return $?
	}

	if ! disc_is_ok; then
	if freeradius_is_running; then
	stop_freeradius
	finished
	fi

	if periodic_log; then
	log "FreeRADIUS is stopped"
	finished
	fi

	exit
	fi

	if periodic; then
	log "Testing AD authentication"

	if ! ad_auth_check_ok; then
	log "Restarting winbind"
	restart_winbind
	fi

	if freeradius_is_running && ! ad_auth_check_ok; then
	log "FreeRADIUS is running, but AD auth failed - stopping FreeRADIUS"
	stop_freeradius
	finished
	fi
	fi

	if ! freeradius_is_running; then
	log "FreeRADIUS is not running but should be"
	log "Testing NTLM authenticaion"
	if ad_auth_check_ok; then
	log "Auth passed"
	start_freeradius
	else
	log "Auth failed, not starting FreeRADIUS"
	fi
	finished
	fi