131 lines
3.7 KiB
Bash
131 lines
3.7 KiB
Bash
check_service()
|
|
{
|
|
local svc="$1" label="$2" status sudo_cmd=""
|
|
|
|
# 1. On vérifie d'abord si le binaire existe
|
|
if ! command -v "$svc" &> /dev/null; then
|
|
return # Pas installé, on ne dit rien
|
|
fi
|
|
|
|
# On vérifie si l'utilisateur est root ou s'il peut utiliser sudo sans mot de passe
|
|
if command -v sudo >/dev/null && sudo -n true 2>/dev/null; then
|
|
sudo_cmd="sudo -n"
|
|
fi
|
|
|
|
# CAN systemctl ?
|
|
if ! command -v systemctl >/dev/null 2>&1; then
|
|
status=$(msg_status_text error "systemctl indisponible")
|
|
display_line "$label" "$status"
|
|
return
|
|
fi
|
|
|
|
# Check availability
|
|
if $sudo_cmd systemctl is-active --quiet "$svc" 2>/dev/null; then
|
|
status=$(msg_status_text success "actif")
|
|
|
|
elif $sudo_cmd systemctl status "$svc" >/dev/null 2>&1; then
|
|
status=$(msg_status_text error "arrêté")
|
|
|
|
else
|
|
# If installed but not a services
|
|
status=$(msg_status_text success "installé")
|
|
fi
|
|
|
|
display_line "$label" "$status"
|
|
}
|
|
|
|
|
|
get_systemd_status()
|
|
{
|
|
local failed_output failed_count status
|
|
|
|
# On capture la sortie ET on vérifie si la commande réussit
|
|
# 2>/dev/null est crucial ici pour ne pas polluer l'affichage
|
|
if failed_output=$(systemctl --failed --no-legend --no-pager 2>/dev/null); then
|
|
# La commande a fonctionné, on compte les lignes vides ou non
|
|
failed_count=$(echo "$failed_output" | grep -c '[^[:space:]]')
|
|
|
|
if [ "$failed_count" -gt 0 ]; then
|
|
status=$(msg_status_text error "État critique (${failed_count} problème(s))")
|
|
else
|
|
status=$(msg_status_text success "système OK")
|
|
fi
|
|
else
|
|
# La commande a échoué (probablement un problème de sudo/permissions)
|
|
status=$(msg_status_text warning "Erreur accès (relancer avec sudo)")
|
|
fi
|
|
|
|
display_line "Systemd" "$status"
|
|
}
|
|
|
|
|
|
get_fail2ban_status()
|
|
{
|
|
local status jails count total=0
|
|
|
|
if ! command -v fail2ban-client >/dev/null 2>&1; then
|
|
status=$(msg_status_text error "non installé")
|
|
display_line "Fail2Ban" "$status"
|
|
return
|
|
fi
|
|
|
|
if ! fail2ban-client ping >/dev/null 2>&1; then
|
|
status=$(msg_status_text error "service indisponible")
|
|
display_line "Fail2Ban" "$status"
|
|
return
|
|
fi
|
|
|
|
jails=$(fail2ban-client status 2>/dev/null | sed -n 's/.*Jail list:\s*//p' | tr ',' ' ')
|
|
|
|
for jail in $jails; do
|
|
count=$(fail2ban-client status "$jail" 2>/dev/null | awk '/Currently banned/ {print $NF}')
|
|
total=$((total + ${count:-0}))
|
|
done
|
|
|
|
status=$(msg_status_text success "actif (${total} IPs bannies)")
|
|
display_line "Fail2Ban" "$status"
|
|
}
|
|
|
|
get_apparmor_status()
|
|
{
|
|
local enforce status
|
|
|
|
if [ ! -d /sys/kernel/security/apparmor ]; then
|
|
status=$(msg_status_text error "non disponible")
|
|
display_line "AppArmor" "$status"
|
|
return
|
|
fi
|
|
|
|
enforce=$(aa-status 2>/dev/null | awk '/profiles are in enforce mode/ {print $1}')
|
|
|
|
if [ -z "$enforce" ] || [ "$enforce" -eq 0 ]; then
|
|
status=$(msg_status_text error "aucun profil renforcé")
|
|
else
|
|
status=$(msg_status_text success "${enforce} profils renforcés")
|
|
fi
|
|
|
|
display_line "AppArmor" "$status"
|
|
}
|
|
|
|
get_ufw_status()
|
|
{
|
|
local status rules raw
|
|
|
|
if ! command -v ufw >/dev/null 2>&1; then
|
|
status=$(msg_status_text error "non installé")
|
|
display_line "Firewall (UFW)" "$status"
|
|
return
|
|
fi
|
|
|
|
raw=$(ufw status 2>/dev/null | head -n 1)
|
|
|
|
if echo "$raw" | grep -q "active"; then
|
|
rules=$(ufw status 2>/dev/null | grep -cE "ALLOW|DENY")
|
|
status=$(msg_status_text success "actif (${rules} règles)")
|
|
else
|
|
status=$(msg_status_text error "inactif")
|
|
fi
|
|
|
|
display_line "Firewall (UFW)" "$status"
|
|
}
|