Gecko [ eternalseasoning.com ]

Name	Size	Permission
authorized_users.list	143 B	-rw-r-----
check-autobackup.sh	6.68 KB	-rwxr-xr-x
check-cagefs-status.sh	2.04 KB	-rwxr-xr-x
check-cpanel-update.sh	1.85 KB	-rwxr-xr-x
check-litespeed-version.sh	2.87 KB	-rwxr-xr-x
check-lscache-version.sh	3.84 KB	-rwxr-xr-x
check-mail-filter-avlb.sh	2.18 KB	-rwxr-xr-x
check-outmailip-rbl.py	3.99 KB	-rwxr-xr-x
check-rpmdb-integrity.sh	1.16 KB	-rwxr-xr-x
check-unexpected-systemd-servi...	8.07 KB	-rwxr-xr-x
check_backup.sh	6.35 KB	-rwxr-xr-x
check_cl_license	950 B	-rwxr-xr-x
check_cplicense.sh	268 B	-rwxr-xr-x
check_cpshell	949 B	-rwxr-xr-x
check_csf	3.72 KB	-rwxr-xr-x
check_cwaf.sh	2.44 KB	-rwxr-xr-x
check_eximq.sh	3.16 KB	-rwxr-xr-x
check_extra_accts.py	4.18 KB	-rwxr-xr-x
check_http_full_stack.conf	144 B	-rw-r--r--
check_http_full_stack.py	4.3 KB	-rwxr-xr-x
check_if_ips.py	4.15 KB	-rwxr-xr-x
check_if_ips_tcp.py	4.71 KB	-rwxr-xr-x
check_ip_update_log.sh	540 B	-rwxr-xr-x
check_ip_usage.py	6.63 KB	-rwxr-xr-x
check_kernelcare.sh	2.13 KB	-rwxr-xr-x
check_lfd_logs.conf	471 B	-rw-r--r--
check_logfiles.conf	595 B	-rw-r--r--
check_logfiles.pl	206.82 KB	-rwxr-xr-x
check_logfiles_innodbcounter.c...	1002 B	-rw-r--r--
check_mailip.py	3.83 KB	-rwxr-xr-x
check_mem.pl	12.85 KB	-rwxr-xr-x
check_mysqld_msize.sh	666 B	-rwxr-xr-x
check_nc_cp_backup_process.sh	8.75 KB	-rwxr-xr-x
check_ncsslplugin.py	1.89 KB	-rwxr-xr-x
check_ntp_client	11.78 KB	-rwxr-xr-x
check_openport.sh	7.59 KB	-rwxr-xr-x
check_pem_worker.pl	929 B	-rwxr-xr-x
check_pgactivity	294.21 KB	-rwxr-xr-x
check_plans.py	7.59 KB	-rwxr-xr-x
check_postfix_queue.sh	5.75 KB	-rwxr-xr-x
check_puppet	16.14 KB	-rwxr-xr-x
check_quota_on.sh	902 B	-rwxr-xr-x
check_ro_fs.py	2.83 KB	-rwxr-xr-x
check_service.sh	9.34 KB	-rwxr-xr-x
check_software_updates	31.68 KB	-rwxr-xr-x
check_spamd	6.7 KB	-rwxr-xr-x
check_stalled_procs.py	4.42 KB	-rwxr-xr-x
check_unauthorized_user.sh	17.16 KB	-rwxr-xr-x
replcheck_param.pl	5.48 KB	-rwxr-xr-x
systemd_scopes_whitelist	10 B	-rw-r--r--
systemd_services_folders	70 B	-rw-r--r--
systemd_services_whitelist	6.67 KB	-rw-r--r--
systemd_targets_whitelist	12 B	-rw-r--r--
test.eml	3.26 KB	-rwxr-xr-x

Code Editor : check_plans.py

#!/usr/bin/python2

import os, re, sys, getopt
import os.path
#####################################################################
#                                                                   #
# Script for validate users plans and owners on shared servers      #
#                                 Created by Max.N v.0.0.5          #
#                                                                   #
#####################################################################
# def vars
reseller = 0
defplans = []
#excludusers_file_path="excludeusers.list"
#defplans_file_path="defplans.list"
excludusers = ["nctest", "wh", "system"]
# excludeusers = open("excludeusers.list")

def fillArray(arrayname,path2file):
    if os.path.isfile(path2file):
        with open(path2file) as excl:
            arrayname += [line.strip() for line in excl]
    return arrayname

### file path 
fillArray(excludusers,"/usr/share/nc_nagios/check_plans/nc-users.list")
fillArray(defplans,"/usr/share/nc_nagios/check_plans/nc-plans.list")
#sys.exit(0)

debug = 0

getplan = re.compile('PLAN=(.*)', re.IGNORECASE)
getowner = re.compile('OWNER=(.*)', re.IGNORECASE)

badguys_resellers = ["reseller account:"]
badguys_owner = ["owner:"]
badguys_plan = ["plan:"]
badguys_excluded = ["settings in nrpe.cfg excludes list users: "]
badguys = []

def validateUser(user):
    if not os.path.exists("/home/" + user) or not os.path.isfile("/var/cpanel/users/" + user):
        badguys_excluded.append(user)
        return 0
    else:
        excludusers.append(user)
        return 1

try:
    opts, args = getopt.getopt(sys.argv[1:], "hrd:u:p:e:", ["reseller", "deff-plans=", "user-exclude=", "defplans-file=", "excludeuser-file="])
    for opt, arg in opts:
        if opt == '-h':
            print __file__, '-r -d <defplan1> -d <defplan2> ... -d <defplanN>'
            print " -r              use for reseller hosts"
            print " -d <defplan>    use to add plan to default batch"
            print " -u <username>   use to exclude user "
            print " -p <path to file>   file with allowed NC plans"
            print " -e <path to file>   file with whitelisted users"

sys.exit(4)
        elif opt in ("-r", "--reseller"):
            reseller = 1
        elif opt in ("-d", "--deff-plans"):
            defplans.append(arg)
        elif opt in ("-u", "--user-exclude"):
            #if validateUser(arg) == 0:
            #    badguys_excluded.append(arg)
            #else:
            #    excludusers.append(arg)
            validateUser(arg)
        elif opt in ("-p", "--defplans-file"):
            fillArray(defplans, arg)
        elif opt in ("-e", "--excludeuser-file"):
                users = []
                if len(fillArray(users, arg)) > 0:
                    badguys_excluded[0]="settings in nrpe.cfg or external excludes list, users: "
                    for user in users:
                        validateUser(user)

except getopt.GetoptError:
    print "WRONG WAY ! please try again with another args."

#if sys.argv.__len__() <= 1:
#    print 'no args please use', __file__, '-h'
#    sys.exit(4)

if reseller == 1:
    getValidResellers = re.compile('(.*):')
    sourceResellerList = open('/var/cpanel/resellers').read()
    resellers = getValidResellers.findall(sourceResellerList)
    badguys_resellers_notRootChown = ["[Reseller account but Not owned by ROOT]: "]
    badguys_resellers_DelOwner = ["[Owner Not a reseller]: "]
    badguys_resellers_RootChownNotRes = ["[Owned by root but Not a Reseller]: "]

if debug == 1:
    user = 'workiqmd'
    tmpuser = open("/var/cpanel/users/" + user).read()
    # print tmpuser
    plan = getplan.findall(tmpuser)[0]
    owner = getowner.findall(tmpuser)[0]
    if reseller:  # skip user if resold
        if owner != 'root':
            if user in resellers:
                print "user is not owned by root but have a RESELLER account"
                badguys_resellers_notRootChown.append(user + ":' owner " + owner + "'")
            elif owner not in resellers:
                print "user had owner that not exist"
                badguys_resellers_DelOwner.append(user + ":' owner " + owner + "'")
            else:
                print "GooD One"
                # continue

elif user not in resellers:
            print "user owned by ROOT bun not a RESELLER !"
            badguys_resellers_RootChownNotRes.append(user + ":' owner " + owner + "'")

if badguys_resellers_RootChownNotRes.__len__() > 1:
        badguys_resellers.extend(badguys_resellers_RootChownNotRes)
    if badguys_resellers_DelOwner.__len__() > 1:
        badguys_resellers.extend(badguys_resellers_DelOwner)
    if badguys_resellers_RootChownNotRes.__len__() > 1:
        badguys_resellers.extend(badguys_resellers_notRootChown)
    if badguys_resellers.__len__() > 1:
        badguys.extend(badguys_resellers)
    print user, plan, owner
    sys.exit(1)

path2cPanelUsers = '/var/cpanel/users'
path2cPanelPlans = '/var/cpanel/packages/'

userlist = os.listdir(path2cPanelUsers)

# print userlist;
# users = []

for user in userlist:
    if user in excludusers:  # skip user.
        continue
    if not os.path.exists("/home/" + user): # skip if user not exist
    #if validateUser(user) == 0:
        continue

try:
        tmpuser = open(path2cPanelUsers + '/' + user).read()
        plan = getplan.findall(tmpuser)[0]
        owner = getowner.findall(tmpuser)[0]
    except:
        badguys.append(user + ":" + "check manually")
    # users.append([user, plan, owner])
    if reseller:  # skip user if resold
        if owner != 'root':
            if user in resellers:
                # print "user is not owned by root but have a RESELLER account"
                badguys_resellers_notRootChown.append(user + ":'" + owner + "'")
                continue
            elif owner not in resellers:
                # print "user had owner that not exist"
                badguys_resellers_DelOwner.append(user + ":'" + owner + "'")
                continue
            else:
                # print "GooD One"
                continue
        elif user not in resellers:
            # print "user owned by ROOT bun not a RESELLER !"
            badguys_resellers_RootChownNotRes.append(user + ":'" + owner + "'")
            continue
    elif owner != 'wh':
        badguys_owner.append(user + ":'" + owner + "'")
        continue

if plan not in defplans:
        badguys_plan.append(user + ":'" + plan + "'")

if badguys_owner.__len__() > 1:
    badguys.extend(badguys_owner)
if badguys_plan.__len__() > 1:
    badguys.extend(badguys_plan)

# print "\n", badguys_resellers_RootChownNotRes, badguys_resellers_RootChownNotRes.__len__(), '\n', badguys_resellers_DelOwner ,badguys_resellers_DelOwner.__len__() , '\n', badguys_resellers_notRootChown, badguys_resellers_notRootChown.__len__(),  "\n"

if reseller == 1:
    if badguys_resellers_RootChownNotRes.__len__() > 1:
        badguys_resellers.extend(badguys_resellers_RootChownNotRes)
    if badguys_resellers_DelOwner.__len__() > 1:
        badguys_resellers.extend(badguys_resellers_DelOwner)
    if badguys_resellers_notRootChown.__len__() > 1:
        badguys_resellers.extend(badguys_resellers_notRootChown)
    if badguys_resellers.__len__() > 1:
        badguys.extend(badguys_resellers)

# not valid whitelisted users
if badguys_excluded.__len__() > 1:
    badguys.extend(badguys_excluded)
    badguys.append(" already removed from server")

# print "\n", badguys_resellers, "\n"

# print users
if badguys.__len__() > 1:
    result = " ".join(badguys)
    print "[Critical]: Following users don't have valid " + result
    sys.exit(2)
else:
    print "[OK]: all users have valid hosting plans and owners"
    sys.exit(0)

${this.title}

Code Editor : check_plans.py