git: 9front

Download patch

ref: 3c033e2b84983ab95893cb72a82563b9a3b54caa
parent: 0506675014a5bba32f9560de2951deda8b4865bb
author: cinap_lenrek <cinap_lenrek@gmx.de>
date: Sun Oct 7 20:56:00 EDT 2012 

netaudit changes and manual page


--- a/rc/bin/netaudit
+++ b/rc/bin/netaudit
@@ -5,8 +5,13 @@
 		echo 'sysname= env var is not set'
 		exit 'fail'
 	}
-	dom=`{ndb/query sys $sysname dom}
 	echo 'checking this host''s tuple:'
+	ip=`{ndb/query sys $sysname ip}
+	if(~ $ip '')
+		echo '	no ip= entry'
+	if not
+		echo '	ip='$ip 'looks ok'
+	dom=`{ndb/query sys $sysname dom}
 	if(~ $dom '')
 		echo '	no dom= entry'
 	if not if(! ~ $dom *.*)
@@ -29,12 +34,11 @@
 	echo 'checking the network tuple:'
 	ipnet=`{ndb/ipquery sys $sysname ipnet | sed 's/^ipnet=//'}
 	if(~ $ipnet ''){
-		echo '	we are not in an ipnet, check your ipnet= entry'
-		exit fail
+		echo '	we are not in an ipnet, so looking for entries in host tuple only'
 	}
 	if not
 		echo '	we are in ipnet='^$ipnet
-	dns=`{ndb/query ipnet $ipnet dns}
+	dns=`{ndb/ipquery sys $sysname dns | sed 's/^dns=//'}
 	if(~ $dns '')
 		echo '	no dns= entry'
 	if not if(! ip/ping -n 1 $dns >/dev/null >[2=1])
@@ -41,7 +45,7 @@
 		echo '	dns='$dns 'does not reply to ping'
 	if not
 		echo '	dns='$dns 'looks ok'
-	auth=`{ndb/query ipnet $ipnet auth}
+	auth=`{ndb/ipquery sys $sysname auth | sed 's/^auth=//'}
 	if(~ $auth '')
 		echo '	no auth= entry'
 	if not if(! ip/ping -n 1 $auth >/dev/null >[2=1])
@@ -50,15 +54,9 @@
 		authok=1
 		echo '	auth='$auth 'looks ok'
 	}
-	authdom=`{ndb/query ipnet $ipnet authdom}
-	if(~ $authdom '')
-		echo '	no authdom= entry'
-	if not
-		echo '	authdom='$authdom 'looks ok'
 }
 fn checkauth {
 	echo 'checking auth server configuration:'
-	auth=`{ndb/query ipnet $ipnet auth}
 	if(~ $auth ''){
 		echo '	no auth server'
 		exit fail
@@ -68,6 +66,10 @@
 		authisus=1
 	}
 	if not if(~ $auth $dom){
+		echo '	we are the auth server'
+		authisus=1
+	}
+	if not if(~ $auth $ip){
 		echo '	we are the auth server'
 		authisus=1
 	}
--- /dev/null
+++ b/sys/man/8/netaudit
@@ -1,0 +1,39 @@
+.TH NETAUDIT 8
+.SH NAME
+netaudit - network configuration checker
+.SH SYNOPSIS
+netaudit
+.SH DESCRIPTION
+.I Netaudit
+checks the effective network configuration on the
+local system and reports any inconsistencies found.
+.PP
+It starts its search my querying common ndb entries for
+.B $sysname
+checking and validating the
+.BR ip= ,
+.B ether=
+and
+.B dom=
+entries.
+.PP
+The presence of an
+.B ipnet=
+entry and the reachability of dns and auth servers is checked.
+.PP
+If the machine is an auth server,
+.I netaudit
+checks if
+.IR keyfs (4)
+is running and the local tcp port 567 is open and listening.
+.PP
+The root filesystem
+.B /srv/boot
+is tested if it requires authentication on mount.
+.SH SOURCE
+.B /rc/bin/netaudit
+.SH "SEE ALSO"
+.IR keyfs (4),
+.IR auth (8),
+.IR ndb (8),
+.IR ndb (6).
--