#!/bin/bash status_text() { local type="$1" local msg="$2" case "$type" in ok|success) echo "${GREEN}✅ ${msg}${NC}" ;; warn|warning) echo "${YELLOW}⚡ ${msg}${NC}" ;; error|err) echo "${RED}❌ ${msg}${NC}" ;; *) echo "${msg}" ;; esac } format_line() { local label="$1" local status="$2" local width=16 local len=${#label} local dots="" local i while [ "$len" -lt "$width" ]; do dots="${dots}." len=$((len + 1)) done printf "%s%s: %b\n" "$label" "$dots" "$status" } check_service() { local svc="$1" local label="$2" local status if ! command -v systemctl >/dev/null 2>&1; then status=$(status_text error "systemctl indisponible") format_line "$label" "$status" return fi if sudo -n systemctl is-active --quiet "$svc" 2>/dev/null; then status=$(status_text success "actif") elif sudo -n systemctl status "$svc" >/dev/null 2>&1; then status=$(status_text error "arrêté") else status=$(status_text error "non installé") fi format_line "$label" "$status" } get_systemd_status() { local failed_output failed_count status # On capture la sortie ET on vérifie si la commande réussit # 2>/dev/null est crucial ici pour ne pas polluer l'affichage if failed_output=$(systemctl --failed --no-legend --no-pager 2>/dev/null); then # La commande a fonctionné, on compte les lignes vides ou non failed_count=$(echo "$failed_output" | grep -c '[^[:space:]]') if [ "$failed_count" -gt 0 ]; then status=$(status_text error "État critique (${failed_count} problème(s))") else status=$(status_text success "système OK") fi else # La commande a échoué (probablement un problème de sudo/permissions) status=$(status_text warning "Erreur accès (relancer avec sudo)") fi format_line "Systemd" "$status" } get_fail2ban_status() { local banned status jails count total=0 if ! command -v fail2ban-client >/dev/null 2>&1; then status=$(status_text error "non installé") format_line "Fail2Ban" "$status" return fi if ! fail2ban-client ping >/dev/null 2>&1; then status=$(status_text error "service indisponible") format_line "Fail2Ban" "$status" return fi jails=$(fail2ban-client status 2>/dev/null | sed -n 's/.*Jail list:\s*//p' | tr ',' ' ') for jail in $jails; do count=$(fail2ban-client status "$jail" 2>/dev/null | awk '/Currently banned/ {print $NF}') total=$((total + ${count:-0})) done status=$(status_text success "actif (${total} IPs bannies)") format_line "Fail2Ban" "$status" } get_apparmor_status() { local enforce status if [ ! -d /sys/kernel/security/apparmor ]; then status=$(status_text error "non disponible") format_line "AppArmor" "$status" return fi enforce=$(aa-status 2>/dev/null | awk '/profiles are in enforce mode/ {print $1}') if [ -z "$enforce" ] || [ "$enforce" -eq 0 ]; then status=$(status_text error "aucun profil renforcé") else status=$(status_text success "${enforce} profils renforcés") fi format_line "AppArmor" "$status" } get_ufw_status() { local status rules raw if ! command -v ufw >/dev/null 2>&1; then status=$(status_text error "non installé") format_line "Firewall (UFW)" "$status" return fi raw=$(ufw status 2>/dev/null | head -n 1) if echo "$raw" | grep -q "active"; then rules=$(ufw status 2>/dev/null | grep -cE "ALLOW|DENY") status=$(status_text success "actif (${rules} règles)") else status=$(status_text error "inactif") fi format_line "Firewall (UFW)" "$status" } # ---- DISPLAY echo -e $(get_systemd_status) echo -e $(get_fail2ban_status) echo -e $(get_apparmor_status) echo -e $(get_ufw_status) echo -e $(check_service "zabbix-server" "Zabbix Server") echo -e $(check_service "mysql" "MySQL") echo -e $(check_service "apache2" "Apache Web")