Checagem do IPSEC

De Wiki Hackstore

Verifique com este script as conexões do IPSEC. Caso alguma conexão VPN falhe será reiniciado o processo do IPSEC.

#!/bin/bash

######################################################################
# Adicione ao /etc/crontab:
#
# ## CHECK SERVICES
# */2 * * * *     root    /opt/hackstore/check_ipsec.sh &> /dev/null
#
######################################################################

LOG_CHECK="/var/log/check_ipsec.log"
IPSEC_USER="root"
IPSEC_INIT="/etc/init.d/ipsec"
IPSEC_COMMAND="ipsec"
IPSEC_SERVICE_NAME="ipsec"
NUMBER_OF_CONECTIONS="5"


IPSEC_CHECK_RUNNING=$(ps a -u ${IPSEC_USER}|grep -i ${IPSEC_COMMAND} | egrep -wv "grep|${0}"| wc -l)
if [ "${IPSEC_CHECK_RUNNING}" -eq 0 ]; then
        echo -e "$(date) - Nenhum processo rodando, iniciando ${IPSEC_SERVICE_NAME}...\n" >> ${LOG_CHECK}
        ${IPSEC_INIT} stop 2>&1
        sleep 3
        ${IPSEC_INIT} start
        sleep 10
fi


IPSEC_CHECK_STABLISHED=$(${IPSEC_INIT} status|grep 'IPsec SA established'|wc -l)
if [ "${IPSEC_CHECK_STABLISHED}" -ne ${NUMBER_OF_CONECTIONS} ]; then
        echo -e "$(date) - Menos de ${NUMBER_OF_CONECTIONS} conexões VPN, reiniciando ${IPSEC_SERVICE_NAME}...\n" >> ${LOG_CHECK}
        ${IPSEC_INIT} stop 2>&1
        sleep 3
        ${IPSEC_INIT} start
fi