#!/usr/bin/python2 import os, re, sys, getopt import os.path ##################################################################### # # # Script for validate users plans and owners on shared servers # # Created by Max.N v.0.0.5 # # # ##################################################################### # def vars reseller = 0 defplans = [] #excludusers_file_path="excludeusers.list" #defplans_file_path="defplans.list" excludusers = ["nctest", "wh", "system"] # excludeusers = open("excludeusers.list") def fillArray(arrayname,path2file): if os.path.isfile(path2file): with open(path2file) as excl: arrayname += [line.strip() for line in excl] return arrayname ### file path fillArray(excludusers,"/usr/share/nc_nagios/check_plans/nc-users.list") fillArray(defplans,"/usr/share/nc_nagios/check_plans/nc-plans.list") #sys.exit(0) debug = 0 getplan = re.compile('PLAN=(.*)', re.IGNORECASE) getowner = re.compile('OWNER=(.*)', re.IGNORECASE) badguys_resellers = ["reseller account:"] badguys_owner = ["owner:"] badguys_plan = ["plan:"] badguys_excluded = ["settings in nrpe.cfg excludes list users: "] badguys = [] def validateUser(user): if not os.path.exists("/home/" + user) or not os.path.isfile("/var/cpanel/users/" + user): badguys_excluded.append(user) return 0 else: excludusers.append(user) return 1 try: opts, args = getopt.getopt(sys.argv[1:], "hrd:u:p:e:", ["reseller", "deff-plans=", "user-exclude=", "defplans-file=", "excludeuser-file="]) for opt, arg in opts: if opt == '-h': print __file__, '-r -d -d ... -d ' print " -r use for reseller hosts" print " -d use to add plan to default batch" print " -u use to exclude user " print " -p file with allowed NC plans" print " -e file with whitelisted users" sys.exit(4) elif opt in ("-r", "--reseller"): reseller = 1 elif opt in ("-d", "--deff-plans"): defplans.append(arg) elif opt in ("-u", "--user-exclude"): #if validateUser(arg) == 0: # badguys_excluded.append(arg) #else: # excludusers.append(arg) validateUser(arg) elif opt in ("-p", "--defplans-file"): fillArray(defplans, arg) elif opt in ("-e", "--excludeuser-file"): users = [] if len(fillArray(users, arg)) > 0: badguys_excluded[0]="settings in nrpe.cfg or external excludes list, users: " for user in users: validateUser(user) except getopt.GetoptError: print "WRONG WAY ! please try again with another args." #if sys.argv.__len__() <= 1: # print 'no args please use', __file__, '-h' # sys.exit(4) if reseller == 1: getValidResellers = re.compile('(.*):') sourceResellerList = open('/var/cpanel/resellers').read() resellers = getValidResellers.findall(sourceResellerList) badguys_resellers_notRootChown = ["[Reseller account but Not owned by ROOT]: "] badguys_resellers_DelOwner = ["[Owner Not a reseller]: "] badguys_resellers_RootChownNotRes = ["[Owned by root but Not a Reseller]: "] if debug == 1: user = 'workiqmd' tmpuser = open("/var/cpanel/users/" + user).read() # print tmpuser plan = getplan.findall(tmpuser)[0] owner = getowner.findall(tmpuser)[0] if reseller: # skip user if resold if owner != 'root': if user in resellers: print "user is not owned by root but have a RESELLER account" badguys_resellers_notRootChown.append(user + ":' owner " + owner + "'") elif owner not in resellers: print "user had owner that not exist" badguys_resellers_DelOwner.append(user + ":' owner " + owner + "'") else: print "GooD One" # continue elif user not in resellers: print "user owned by ROOT bun not a RESELLER !" badguys_resellers_RootChownNotRes.append(user + ":' owner " + owner + "'") if badguys_resellers_RootChownNotRes.__len__() > 1: badguys_resellers.extend(badguys_resellers_RootChownNotRes) if badguys_resellers_DelOwner.__len__() > 1: badguys_resellers.extend(badguys_resellers_DelOwner) if badguys_resellers_RootChownNotRes.__len__() > 1: badguys_resellers.extend(badguys_resellers_notRootChown) if badguys_resellers.__len__() > 1: badguys.extend(badguys_resellers) print user, plan, owner sys.exit(1) path2cPanelUsers = '/var/cpanel/users' path2cPanelPlans = '/var/cpanel/packages/' userlist = os.listdir(path2cPanelUsers) # print userlist; # users = [] for user in userlist: if user in excludusers: # skip user. continue if not os.path.exists("/home/" + user): # skip if user not exist #if validateUser(user) == 0: continue try: tmpuser = open(path2cPanelUsers + '/' + user).read() plan = getplan.findall(tmpuser)[0] owner = getowner.findall(tmpuser)[0] except: badguys.append(user + ":" + "check manually") # users.append([user, plan, owner]) if reseller: # skip user if resold if owner != 'root': if user in resellers: # print "user is not owned by root but have a RESELLER account" badguys_resellers_notRootChown.append(user + ":'" + owner + "'") continue elif owner not in resellers: # print "user had owner that not exist" badguys_resellers_DelOwner.append(user + ":'" + owner + "'") continue else: # print "GooD One" continue elif user not in resellers: # print "user owned by ROOT bun not a RESELLER !" badguys_resellers_RootChownNotRes.append(user + ":'" + owner + "'") continue elif owner != 'wh': badguys_owner.append(user + ":'" + owner + "'") continue if plan not in defplans: badguys_plan.append(user + ":'" + plan + "'") if badguys_owner.__len__() > 1: badguys.extend(badguys_owner) if badguys_plan.__len__() > 1: badguys.extend(badguys_plan) # print "\n", badguys_resellers_RootChownNotRes, badguys_resellers_RootChownNotRes.__len__(), '\n', badguys_resellers_DelOwner ,badguys_resellers_DelOwner.__len__() , '\n', badguys_resellers_notRootChown, badguys_resellers_notRootChown.__len__(), "\n" if reseller == 1: if badguys_resellers_RootChownNotRes.__len__() > 1: badguys_resellers.extend(badguys_resellers_RootChownNotRes) if badguys_resellers_DelOwner.__len__() > 1: badguys_resellers.extend(badguys_resellers_DelOwner) if badguys_resellers_notRootChown.__len__() > 1: badguys_resellers.extend(badguys_resellers_notRootChown) if badguys_resellers.__len__() > 1: badguys.extend(badguys_resellers) # not valid whitelisted users if badguys_excluded.__len__() > 1: badguys.extend(badguys_excluded) badguys.append(" already removed from server") # print "\n", badguys_resellers, "\n" # print users if badguys.__len__() > 1: result = " ".join(badguys) print "[Critical]: Following users don't have valid " + result sys.exit(2) else: print "[OK]: all users have valid hosting plans and owners" sys.exit(0)