Re: Script to verify route commands - same after reboot?
From: Logan Shaw (lshaw-usenet_at_austin.rr.com)
Date: 09/09/03
- Next message: Logan Shaw: "Re: Please. Second Request, GCC and CGI Scripts."
- Previous message: Peter Bunclark: "Re: NIS+ User addtion"
- In reply to: arabub: "Re: Script to verify route commands - same after reboot?"
- Next in thread: Martin Schoen: "Re: Script to verify route commands - same after reboot?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 09 Sep 2003 08:10:03 GMT
arabub wrote:
> So in short: I don't trust the folks working on these hosts, and I
> want to double-check that the routes are going to be the same after a
> reboot. That's why I am looking for a script to do this.
Well, this is not a complete solution, but you could always do this:
1. Create /etc/init.d/snapshotroutes (linked to
/etc/rc2.d/S99snapshotroutes), like this:
#! /bin/sh
routefile=/var/adm/route-snapshot.boot
case "$1" in
start)
[ -f "$routefile" ] && mv "$routefile" "$routefile".old
netstat -nr > "$routefile"
;;
esac
unset routefile
2. Create a script /var/adm/routesnapshotcompare:
#! /bin/sh
routefile=/var/adm/route-snapshot
emailnotify=cluefuladmin@example.com
netstat -nr > "$routefile".latest
if diff "$routefile".boot "$routefile".latest >/dev/null
then
{
echo "Warning: routes changed on host `uname -n`:"
diff "$routefile".boot "$routefile".latest
} | mailx -s "routes changed on `uname -n`" "$emailnotify"
fi
3. Put /var/adm/routesnapshotcompare in cron on all servers
to run every night.
4. If you receive mail that routes have changed on a host,
go to the host, audit it, and manually ensure that
the startup scripts, etc. match the routing table. If you
are satified that they match, then do
"cd /var/adm && mv route-snapshot.latest route-snapshot.boot"
and the e-mails will stop.
It's not fully automatic, but it's easy, and hopefully it
will help. (And hopefully the diff will nicely summarize
what you should be looking for.)
Naturally, if you use a lot of dynamic routes, this
approach will be totally useless...
- Logan
- Next message: Logan Shaw: "Re: Please. Second Request, GCC and CGI Scripts."
- Previous message: Peter Bunclark: "Re: NIS+ User addtion"
- In reply to: arabub: "Re: Script to verify route commands - same after reboot?"
- Next in thread: Martin Schoen: "Re: Script to verify route commands - same after reboot?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
