Forum: Cfengine Help
Subject: Checking ptr records
Author: jean_luc
Link to topic: https://cfengine.com/forum/read.php?3,21893,21893#msg-21893
Hello Everyone,
In my admin practice it is very common to have multiple service ip addresses in
one network interface.
The worst thing in large clustered environment is the lack of ptr records for
ips and try to guess the purpose of those addresses, especially in name based
virtual hosting.
This led me to write a policy which reports missing ptr records for ips.
---> I'm putting this promises in hope for advices on howto simplify it. <---
Jean Luc
PS. And I know it's terrible... :-)
#########
body common control
{
any::
bundlesequence => { "check_ns" };
}
bundle agent check_ns
{
vars:
linux::
"ips0" comment => "Get list of all ip addresses",
string => execresult("/sbin/ip addr list", "useshell");
"ips1" comment => "Split command result to lines",
slist => splitstring("$(ips0)", "[\n]", 10000);
"ips2" comment => "Get lines matching ip addresses",
slist =>
grep(".*[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}.[0-9]{1,3}.*", "ips1");
"ipsn" int => parsestringarray( "items",
"$(ips2)",
"\s*#[^\n]*",
"[/ ]",
100,
2000);
"values" slist => getvalues("items"),
policy => "overridable";
"ips" comment => "Finally we have our ips...",
slist => grep("[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}",
"values"),
policy => "overridable";
methods:
"any" usebundle => check_ptr("$(ips)");
reports:
linux::
"ips detected:$(ips)";
}
bundle agent check_ptr(ip)
{
vars:
"revptr" string => execresult("/usr/bin/dig +short -x $(ip)",
"noshell");
#"revptr" comment => "ip2host Was introduced in version 3.1.3",
# string => ip2host("$(ip)");
classes:
"nook" expression => regcmp("","$(revptr)");
reports:
nook::
"Server: $(sys.host) - $(ip) doesnt have PTR record";
}
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
