diff options
| author | cinap_lenrek <cinap_lenrek@gmx.de> | 2012-10-08 00:56:00 +0200 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@gmx.de> | 2012-10-08 00:56:00 +0200 |
| commit | df66638fb5c1e7a1b35bcbc5c1dafcf80b21e1e4 (patch) | |
| tree | 085baa003bc06928ac7ba482afa6c401f21dbbee | |
| parent | e598b6dd31973011d7bca45bd93b6aa25a5ce428 (diff) | |
| download | plan9front-df66638fb5c1e7a1b35bcbc5c1dafcf80b21e1e4.tar.xz | |
netaudit changes and manual page
| -rwxr-xr-x | rc/bin/netaudit | 24 | ||||
| -rw-r--r-- | sys/man/8/netaudit | 39 |
2 files changed, 52 insertions, 11 deletions
diff --git a/rc/bin/netaudit b/rc/bin/netaudit index 929085eb0..075e73a07 100755 --- a/rc/bin/netaudit +++ b/rc/bin/netaudit @@ -5,8 +5,13 @@ fn checkhost { echo 'sysname= env var is not set' exit 'fail' } - dom=`{ndb/query sys $sysname dom} echo 'checking this host''s tuple:' + ip=`{ndb/query sys $sysname ip} + if(~ $ip '') + echo ' no ip= entry' + if not + echo ' ip='$ip 'looks ok' + dom=`{ndb/query sys $sysname dom} if(~ $dom '') echo ' no dom= entry' if not if(! ~ $dom *.*) @@ -29,19 +34,18 @@ fn checknet { echo 'checking the network tuple:' ipnet=`{ndb/ipquery sys $sysname ipnet | sed 's/^ipnet=//'} if(~ $ipnet ''){ - echo ' we are not in an ipnet, check your ipnet= entry' - exit fail + echo ' we are not in an ipnet, so looking for entries in host tuple only' } if not echo ' we are in ipnet='^$ipnet - dns=`{ndb/query ipnet $ipnet dns} + dns=`{ndb/ipquery sys $sysname dns | sed 's/^dns=//'} if(~ $dns '') echo ' no dns= entry' if not if(! ip/ping -n 1 $dns >/dev/null >[2=1]) echo ' dns='$dns 'does not reply to ping' if not echo ' dns='$dns 'looks ok' - auth=`{ndb/query ipnet $ipnet auth} + auth=`{ndb/ipquery sys $sysname auth | sed 's/^auth=//'} if(~ $auth '') echo ' no auth= entry' if not if(! ip/ping -n 1 $auth >/dev/null >[2=1]) @@ -50,15 +54,9 @@ fn checknet { authok=1 echo ' auth='$auth 'looks ok' } - authdom=`{ndb/query ipnet $ipnet authdom} - if(~ $authdom '') - echo ' no authdom= entry' - if not - echo ' authdom='$authdom 'looks ok' } fn checkauth { echo 'checking auth server configuration:' - auth=`{ndb/query ipnet $ipnet auth} if(~ $auth ''){ echo ' no auth server' exit fail @@ -71,6 +69,10 @@ fn checkauth { echo ' we are the auth server' authisus=1 } + if not if(~ $auth $ip){ + echo ' we are the auth server' + authisus=1 + } if not { echo ' we are not the auth server '^$auth echo ' if this is a mistake, set auth='$sysname' or auth='$dom diff --git a/sys/man/8/netaudit b/sys/man/8/netaudit new file mode 100644 index 000000000..29012d12f --- /dev/null +++ b/sys/man/8/netaudit @@ -0,0 +1,39 @@ +.TH NETAUDIT 8 +.SH NAME +netaudit - network configuration checker +.SH SYNOPSIS +netaudit +.SH DESCRIPTION +.I Netaudit +checks the effective network configuration on the +local system and reports any inconsistencies found. +.PP +It starts its search my querying common ndb entries for +.B $sysname +checking and validating the +.BR ip= , +.B ether= +and +.B dom= +entries. +.PP +The presence of an +.B ipnet= +entry and the reachability of dns and auth servers is checked. +.PP +If the machine is an auth server, +.I netaudit +checks if +.IR keyfs (4) +is running and the local tcp port 567 is open and listening. +.PP +The root filesystem +.B /srv/boot +is tested if it requires authentication on mount. +.SH SOURCE +.B /rc/bin/netaudit +.SH "SEE ALSO" +.IR keyfs (4), +.IR auth (8), +.IR ndb (8), +.IR ndb (6). |