domain-diag/ddiag.sh

#!/bin/bash
set -euo pipefail

. shell-terminfo

terminfo_init

verbose=1

msg_fail()
{
    echo -n " \ $*: ["
    color_text "FAIL" red
    echo "]"
}

msg_warn()
{
    echo -n " \ $*: ["
    color_text "WARN" yellow
    echo "]"
}

msg_done()
{
    echo -n " \ $*: ["
    color_text "DONE" green
    echo "]"
}

_command()
{
    local retval=0
    local x=
    local p='$'
    if test "$1" = '-x'; then
        shift
        x=1
    fi
    if test "$1" = '-r'; then
        shift
        p='#'
    fi
    color_message "$p $*" bold
    test -z "$x" || echo -------------------------------------------------------------------------------
    $* || retval=$?
    test -z "$x" || echo -------------------------------------------------------------------------------
    echo
    return $retval
}

run_by_root()
{
    local msg=
    if test "$1" = '-m'; then
        shift
        msg="$1"
        shift
    fi
    if test `id -u` != 0; then
        echo -n "Running not by root, SKIP: "
        echo $*
        return 2
    else
        test -z "$msg" ||
            echo -n "$msg: "
        _command -r $* || return 1
    fi
}

run()
{
    local retval=126
    local func="$1"
    local msg=$(printf "/======             %-52s ======" "$func")

    test -z $verbose || echo " /============================================================================="
    if test -z $verbose; then
        $func >/dev/null 2>&1 && retval=0 || retval=$?
    else
        color_message "$msg" bold white
        $func && retval=0 || retval=$?
    fi

    test -z $verbose || echo "\=============================================================================="
    case "$retval" in
        0) msg_done  "$2" ;;
        2) msg_warn  "$2" ;;
        *) msg_fail "$2" ;;
    esac
    test -z $verbose || color_message "  \============================================================================" bold white
    test -z $verbose || echo
}

check_hostnamectl()
{
    local static_host="$(hostnamectl --static)"
    local transient_host="$(hostname)"
    _command hostnamectl
    test "$static_host" = "$transient_host"
}

test_hostname()
{
    local host=`hostname`
    test "$host" != "${host/.}" || return 2
}

check_system_auth()
{
    local auth=$(/usr/sbin/control system-auth)
    echo "control system_auth: $auth"
    _command readlink -f /etc/pam.d/system-auth
    _command -x cat /etc/pam.d/system-auth
    SYSTEM_AUTH="$auth"
    test -n "$auth" -a "$auth" != "unknown"
}

test_domain_system_auth()
{
    test -n "$SYSTEM_AUTH" ||
        SYSTEM_AUTH=local
    test "$SYSTEM_AUTH" != "local" || return 2
}

is_system_auth_local()
{
    test "$SYSTEM_AUTH" = "local"
}

check_krb5_conf_exists()
{
    local retval=0
    _command ls -l /etc/krb5.conf
    KRB5_DEFAULT_REALM=
    if ! test -e /etc/krb5.conf; then
        is_system_auth_local && retval=2 || retval=1
    else
        _command -x cat /etc/krb5.conf
        KRB5_DEFAULT_REALM=$(grep "^\s*default_realm\s\+" /etc/krb5.conf | sed -e 's/^\s*default_realm\s*=\s*//' -e 's/\s*$//')
    fi
    return $retval
}

check_krb5_conf_ccache()
{
    local ccache=$(/usr/sbin/control krb5-conf-ccache)
    echo "control krb5-conf-ccache: $ccache"
    test -n "$ccache" -a "$ccache" != "unknown"
}

test_keyring_krb5_conf_ccache()
{
    local ccache=$(/usr/sbin/control krb5-conf-ccache)
    test -n "$ccache" -a "$ccache" == "keyring" || return 2
}

check_krb5_conf_kdc_lookup()
{
    local retval=0
    echo -n "/etc/krb5.conf: dns_lookup_kdc "
    if grep -q '^\s*dns_lookup_kdc\s*=\s*\([Tt][Rr][Uu][Ee]\|1\|[Yy][Ee][Ss]\)\s*$' /etc/krb5.conf; then
        echo "is enabled"
    else
        if grep -q '^\s*dns_lookup_kdc\s*=' /etc/krb5.conf; then
            echo "is disabled"
            retval=1
        else
            echo "is enabled by default"
            retval=2
        fi
    fi
    return $retval
}

check_krb5_keytab_exists()
{
    local retval=0
    _command ls -l /etc/krb5.keytab
    if ! test -e /etc/krb5.keytab; then
        is_system_auth_local && retval=2 || retval=1
    fi
    return $retval
}

check_keytab_credential_list()
{
    local retval=0
    if ! run_by_root klist -ke; then
        is_system_auth_local && retval=2 || retval=1
    fi
    return $retval
}

check_resolv_conf()
{
    local retval=0
    _command ls -l /etc/resolv.conf
    _command -x cat /etc/resolv.conf
    SEARCH_DOMAIN=$(grep "^search\s\+" /etc/resolv.conf | sed -e 's/^search\s\+//' -e 's/\s/\n/' | head -1)
    NAMESERVER1=$(grep "^nameserver\s\+" /etc/resolv.conf | sed -e 's/^nameserver\s\+//' -e 's/\s/\n/' | head -1)
    NAMESERVER2=$(grep "^nameserver\s\+" /etc/resolv.conf | sed -e 's/^nameserver\s\+//' -e 's/\s/\n/' | head -2 | tail -1)
    NAMESERVER3=$(grep "^nameserver\s\+" /etc/resolv.conf | sed -e 's/^nameserver\s\+//' -e 's/\s/\n/' | head -3 | tail -1)
}

compare_resolv_conf_with_default_realm()
{
    echo "SEARCH_DOMAIN = '$SEARCH_DOMAIN'"
    echo "KRB5_DEFAULT_REALM = '$KRB5_DEFAULT_REALM'"
    local domain=$(echo "$SEARCH_DOMAIN" | tr '[:upper:]' '[:lower:]')
    local realm=$(echo "$KRB5_DEFAULT_REALM" | tr '[:upper:]' '[:lower:]')

    DOMAIN_DOMAIN="$domain"
    if test -n "$realm"; then
        DOMAIN_DOMAIN="$realm"
    else
        return 2
    fi
    test -n "$domain" || return 2
    test "$domain" = "$realm" || return 2
}

check_smb_conf()
{
    local retval=0
    _command ls -l /etc/samba/smb.conf
    _command -x grep -v -e '^\s*[#;]' -e '^\s*$' /etc/samba/smb.conf
    _command -x testparm -s
    SMB_REALM=$(testparm -v -s 2>/dev/null | grep "^\s*realm\s*=" | sed -e 's/^\s*realm\s*=\s*//' -e 's/\s*$//')
    SMB_NETBIOS_NAME=$(testparm -v -s 2>/dev/null | grep "^\s*netbios name\s*=" | sed -e 's/^\s*netbios name\s*=\s*//' -e 's/\s*$//')
}

compare_smb_realm_with_krb5_default_realm()
{
    echo "SMB_REALM = '$SMB_REALM'"
    echo "KRB5_DEFAULT_REALM = '$KRB5_DEFAULT_REALM'"

    test -n "$SMB_REALM" || return 2
    test -n "$KRB5_DEFAULT_REALM" || return 2
    test "$KRB5_DEFAULT_REALM" = "$SMB_REALM" || return 2
}

test_smb_realm()
{
    local retval=0

    DOMAIN_REALM="$KRB5_DEFAULT_REALM"
    if test -n "$SMB_REALM"; then
        DOMAIN_REALM="$SMB_REALM"
        DOMAIN_DOMAIN="$(echo "$SMB_REALM" | tr '[:upper:]' '[:lower:]')"
    else
        test -z "$DOMAIN_REALM" ||
            DOMAIN_DOMAIN="$(echo "$DOMAIN_REALM" | tr '[:upper:]' '[:lower:]')"
        test -n "$DOMAIN_REALM" ||
            DOMAIN_REALM="$(echo "$DOMAIN_DOMAIN" | tr '[:lower:]' '[:upper:]')"
        is_system_auth_local && retval=2 || retval=1
    fi

    echo "DOMAIN_REALM = '$DOMAIN_REALM'"
    echo "DOMAIN_DOMAIN = '$DOMAIN_DOMAIN'"

    return $retval
}

_check_nameserver()
{
    local ns="$1"
    if _command ping -c 2 -i2 "$ns"; then
        test -z "$DOMAIN_DOMAIN" || _command host "$DOMAIN_DOMAIN" "$ns"
    else
        return 1
    fi
}

check_nameservers()
{
    retval1=0
    retval2=0
    retval3=0
    if [ -n "$NAMESERVER1" ]; then
        _check_nameserver "$NAMESERVER1" || retval1=1
    fi
    if [ -n "$NAMESERVER2" ]; then
        _check_nameserver "$NAMESERVER2" || retval2=1
    fi
    if [ -n "$NAMESERVER3" ]; then
        _check_nameserver "$NAMESERVER3" || retval3=1
    fi
    if test "$retval1" = 0 -a "$retval2" = 0 -a "$retval3" = 0; then
        return 0;
    fi
    if test "$retval1" = 1 -a "$retval2" = 1 -a "$retval3" = 1; then
        return 1;
    fi
    return 2
}

run check_hostnamectl "Check hostname persistance"
run test_hostname "Test hostname is FQDN (not short)"
run check_system_auth "System authentication method"
run test_domain_system_auth "Domain system authentication enabled"
run check_krb5_conf_exists "Check Kerberos configuration exists"
run check_krb5_conf_ccache "Kerberos credential cache status"
run test_keyring_krb5_conf_ccache "Using keyring as kerberos credential cache"
run check_krb5_conf_kdc_lookup "Check DNS lookup kerberos KDC status"
run check_krb5_keytab_exists "Check machine crendetial cache is exists"
run check_keytab_credential_list "Check machine credentials list in keytab"
run check_resolv_conf "Check nameserver resolver configuration"
run compare_resolv_conf_with_default_realm "Compare krb5 realm and first search domain"
run check_smb_conf "Check Samba configuration"
run compare_smb_realm_with_krb5_default_realm "Compare samba and krb5 realms"
run test_smb_realm "Check Samba domain realm"
run check_nameservers "Check nameservers availability"
Initial commit 2022-04-07 21:28:08 +03:00			`#!/bin/bash`
			`set -euo pipefail`

			`. shell-terminfo`

			`terminfo_init`

			`verbose=1`

			`msg_fail()`
			`{`
Update output and support is_local_system_auth 2022-04-08 02:20:51 +03:00			`echo -n " \ $*: ["`
Initial commit 2022-04-07 21:28:08 +03:00			`color_text "FAIL" red`
			`echo "]"`
			`}`

			`msg_warn()`
			`{`
Update output and support is_local_system_auth 2022-04-08 02:20:51 +03:00			`echo -n " \ $*: ["`
Initial commit 2022-04-07 21:28:08 +03:00			`color_text "WARN" yellow`
			`echo "]"`
			`}`

			`msg_done()`
			`{`
Update output and support is_local_system_auth 2022-04-08 02:20:51 +03:00			`echo -n " \ $*: ["`
Initial commit 2022-04-07 21:28:08 +03:00			`color_text "DONE" green`
			`echo "]"`
			`}`

Another fix of output design 2022-04-08 04:24:26 +03:00			`_command()`
			`{`
Fix error handlers after output redesign 2022-04-08 04:33:29 +03:00			`local retval=0`
Add -x parameter for _command function 2022-04-08 05:02:55 +03:00			`local x=`
Add -r parameter for _command function 2022-04-08 05:06:57 +03:00			`local p='$'`
Add -x parameter for _command function 2022-04-08 05:02:55 +03:00			`if test "$1" = '-x'; then`
			`shift`
			`x=1`
			`fi`
Add -r parameter for _command function 2022-04-08 05:06:57 +03:00			`if test "$1" = '-r'; then`
			`shift`
			`p='#'`
			`fi`
			`color_message "$p $*" bold`
Add -x parameter for _command function 2022-04-08 05:02:55 +03:00			`test -z "$x" \|\| echo -------------------------------------------------------------------------------`
Fix error handlers after output redesign 2022-04-08 04:33:29 +03:00			`$* \|\| retval=$?`
Add -x parameter for _command function 2022-04-08 05:02:55 +03:00			`test -z "$x" \|\| echo -------------------------------------------------------------------------------`
Another fix of output design 2022-04-08 04:24:26 +03:00			`echo`
Fix error handlers after output redesign 2022-04-08 04:33:29 +03:00			`return $retval`
Another fix of output design 2022-04-08 04:24:26 +03:00			`}`

Add check_system_auth 2022-04-07 22:09:25 +03:00			`run_by_root()`
			`{`
			`local msg=`
			`if test "$1" = '-m'; then`
			`shift`
			`msg="$1"`
			`shift`
			`fi`
			if test `id -u` != 0; then
			`echo -n "Running not by root, SKIP: "`
			`echo $*`
Refactor run if not by root 2022-04-08 01:18:40 +03:00			`return 2`
Add check_system_auth 2022-04-07 22:09:25 +03:00			`else`
			`test -z "$msg" \|\|`
			`echo -n "$msg: "`
Add -r parameter for _command function 2022-04-08 05:06:57 +03:00			`_command -r $* \|\| return 1`
Add check_system_auth 2022-04-07 22:09:25 +03:00			`fi`
			`}`

Initial commit 2022-04-07 21:28:08 +03:00			`run()`
			`{`
Refactor run if not by root 2022-04-08 01:18:40 +03:00			`local retval=126`
Initial commit 2022-04-07 21:28:08 +03:00			`local func="$1"`
Fix output design 2022-04-08 04:10:53 +03:00			`local msg=$(printf "/====== %-52s ======" "$func")`
Refactor run if not by root 2022-04-08 01:18:40 +03:00
Another fix of output design 2022-04-08 04:24:26 +03:00			`test -z $verbose \|\| echo " /============================================================================="`
Initial commit 2022-04-07 21:28:08 +03:00			`if test -z $verbose; then`
Refactor run if not by root 2022-04-08 01:18:40 +03:00			`$func >/dev/null 2>&1 && retval=0 \|\| retval=$?`
Initial commit 2022-04-07 21:28:08 +03:00			`else`
Update output and support is_local_system_auth 2022-04-08 02:20:51 +03:00			`color_message "$msg" bold white`
Refactor run if not by root 2022-04-08 01:18:40 +03:00			`$func && retval=0 \|\| retval=$?`
			`fi`

Fix output design 2022-04-08 04:10:53 +03:00			`test -z $verbose \|\| echo "\=============================================================================="`
Refactor run if not by root 2022-04-08 01:18:40 +03:00			`case "$retval" in`
			`0) msg_done "$2" ;;`
			`2) msg_warn "$2" ;;`
			`*) msg_fail "$2" ;;`
			`esac`
Fix output design 2022-04-08 04:10:53 +03:00			`test -z $verbose \|\| color_message " \============================================================================" bold white`
Fix output with no verbose 2022-04-07 21:33:14 +03:00			`test -z $verbose \|\| echo`
Initial commit 2022-04-07 21:28:08 +03:00			`}`

			`check_hostnamectl()`
			`{`
			`local static_host="$(hostnamectl --static)"`
			`local transient_host="$(hostname)"`
Another fix of output design 2022-04-08 04:24:26 +03:00			`_command hostnamectl`
Initial commit 2022-04-07 21:28:08 +03:00			`test "$static_host" = "$transient_host"`
			`}`

			`test_hostname()`
			`{`
			local host=`hostname`
Refactor run if not by root 2022-04-08 01:18:40 +03:00			`test "$host" != "${host/.}" \|\| return 2`
Initial commit 2022-04-07 21:28:08 +03:00			`}`

Add check_system_auth 2022-04-07 22:09:25 +03:00			`check_system_auth()`
			`{`
			`local auth=$(/usr/sbin/control system-auth)`
			`echo "control system_auth: $auth"`
Another fix of output design 2022-04-08 04:24:26 +03:00			`_command readlink -f /etc/pam.d/system-auth`
Add -x parameter for _command function 2022-04-08 05:02:55 +03:00			`_command -x cat /etc/pam.d/system-auth`
Update output and support is_local_system_auth 2022-04-08 02:20:51 +03:00			`SYSTEM_AUTH="$auth"`
Add check_system_auth 2022-04-07 22:09:25 +03:00			`test -n "$auth" -a "$auth" != "unknown"`
			`}`

Add domain_system_auth 2022-04-07 22:15:49 +03:00			`test_domain_system_auth()`
			`{`
Update output and support is_local_system_auth 2022-04-08 02:20:51 +03:00			`test -n "$SYSTEM_AUTH" \|\|`
			`SYSTEM_AUTH=local`
			`test "$SYSTEM_AUTH" != "local" \|\| return 2`
			`}`

			`is_system_auth_local()`
			`{`
			`test "$SYSTEM_AUTH" = "local"`
Add domain_system_auth 2022-04-07 22:15:49 +03:00			`}`

Add check name resolver and fix file exists 2022-04-08 03:58:48 +03:00			`check_krb5_conf_exists()`
			`{`
			`local retval=0`
Another fix of output design 2022-04-08 04:24:26 +03:00			`_command ls -l /etc/krb5.conf`
Add check name resolver and fix file exists 2022-04-08 03:58:48 +03:00			`KRB5_DEFAULT_REALM=`
			`if ! test -e /etc/krb5.conf; then`
			`is_system_auth_local && retval=2 \|\| retval=1`
			`else`
Add -x parameter for _command function 2022-04-08 05:02:55 +03:00			`_command -x cat /etc/krb5.conf`
Add check name resolver and fix file exists 2022-04-08 03:58:48 +03:00			`KRB5_DEFAULT_REALM=$(grep "^\sdefault_realm\s\+" /etc/krb5.conf \| sed -e 's/^\sdefault_realm\s=\s//' -e 's/\s*$//')`
			`fi`
			`return $retval`
			`}`

Add krb5_conf_ccache 2022-04-07 23:00:52 +03:00			`check_krb5_conf_ccache()`
			`{`
			`local ccache=$(/usr/sbin/control krb5-conf-ccache)`
			`echo "control krb5-conf-ccache: $ccache"`
			`test -n "$ccache" -a "$ccache" != "unknown"`
			`}`

			`test_keyring_krb5_conf_ccache()`
			`{`
			`local ccache=$(/usr/sbin/control krb5-conf-ccache)`
Refactor run if not by root 2022-04-08 01:18:40 +03:00			`test -n "$ccache" -a "$ccache" == "keyring" \|\| return 2`
Add krb5_conf_ccache 2022-04-07 23:00:52 +03:00			`}`

Add krb5_conf_kdc_lookup 2022-04-07 23:33:54 +03:00			`check_krb5_conf_kdc_lookup()`
			`{`
			`local retval=0`
			`echo -n "/etc/krb5.conf: dns_lookup_kdc "`
			`if grep -q '^\sdns_lookup_kdc\s=\s\([Tt][Rr][Uu][Ee]\\|1\\|[Yy][Ee][Ss]\)\s$' /etc/krb5.conf; then`
			`echo "is enabled"`
			`else`
			`if grep -q '^\sdns_lookup_kdc\s=' /etc/krb5.conf; then`
			`echo "is disabled"`
			`retval=1`
			`else`
			`echo "is enabled by default"`
Refactor run if not by root 2022-04-08 01:18:40 +03:00			`retval=2`
Add krb5_conf_kdc_lookup 2022-04-07 23:33:54 +03:00			`fi`
			`fi`
			`return $retval`
			`}`

check_krb5_keytab_exists 2022-04-07 23:40:33 +03:00			`check_krb5_keytab_exists()`
			`{`
Update output and support is_local_system_auth 2022-04-08 02:20:51 +03:00			`local retval=0`
Another fix of output design 2022-04-08 04:24:26 +03:00			`_command ls -l /etc/krb5.keytab`
Update output and support is_local_system_auth 2022-04-08 02:20:51 +03:00			`if ! test -e /etc/krb5.keytab; then`
			`is_system_auth_local && retval=2 \|\| retval=1`
			`fi`
			`return $retval`
check_krb5_keytab_exists 2022-04-07 23:40:33 +03:00			`}`

Refactor run if not by root 2022-04-08 01:18:40 +03:00			`check_keytab_credential_list()`
			`{`
Update output and support is_local_system_auth 2022-04-08 02:20:51 +03:00			`local retval=0`
			`if ! run_by_root klist -ke; then`
			`is_system_auth_local && retval=2 \|\| retval=1`
			`fi`
			`return $retval`
Refactor run if not by root 2022-04-08 01:18:40 +03:00			`}`

Add check name resolver and fix file exists 2022-04-08 03:58:48 +03:00			`check_resolv_conf()`
			`{`
			`local retval=0`
Add -x parameter for _command function 2022-04-08 05:02:55 +03:00			`_command ls -l /etc/resolv.conf`
			`_command -x cat /etc/resolv.conf`
Add check name resolver and fix file exists 2022-04-08 03:58:48 +03:00			`SEARCH_DOMAIN=$(grep "^search\s\+" /etc/resolv.conf \| sed -e 's/^search\s\+//' -e 's/\s/\n/' \| head -1)`
			`NAMESERVER1=$(grep "^nameserver\s\+" /etc/resolv.conf \| sed -e 's/^nameserver\s\+//' -e 's/\s/\n/' \| head -1)`
			`NAMESERVER2=$(grep "^nameserver\s\+" /etc/resolv.conf \| sed -e 's/^nameserver\s\+//' -e 's/\s/\n/' \| head -2 \| tail -1)`
			`NAMESERVER3=$(grep "^nameserver\s\+" /etc/resolv.conf \| sed -e 's/^nameserver\s\+//' -e 's/\s/\n/' \| head -3 \| tail -1)`
			`}`

			`compare_resolv_conf_with_default_realm()`
			`{`
			`echo "SEARCH_DOMAIN = '$SEARCH_DOMAIN'"`
			`echo "KRB5_DEFAULT_REALM = '$KRB5_DEFAULT_REALM'"`
			`local domain=$(echo "$SEARCH_DOMAIN" \| tr '[:upper:]' '[:lower:]')`
			`local realm=$(echo "$KRB5_DEFAULT_REALM" \| tr '[:upper:]' '[:lower:]')`

			`DOMAIN_DOMAIN="$domain"`
			`if test -n "$realm"; then`
			`DOMAIN_DOMAIN="$realm"`
			`else`
			`return 2`
			`fi`
			`test -n "$domain" \|\| return 2`
			`test "$domain" = "$realm" \|\| return 2`
			`}`

Check and compare smb.conf 2022-04-08 06:05:07 +03:00			`check_smb_conf()`
			`{`
			`local retval=0`
			`_command ls -l /etc/samba/smb.conf`
			`_command -x grep -v -e '^\s[#;]' -e '^\s$' /etc/samba/smb.conf`
			`_command -x testparm -s`
			`SMB_REALM=$(testparm -v -s 2>/dev/null \| grep "^\srealm\s=" \| sed -e 's/^\srealm\s=\s//' -e 's/\s$//')`
			`SMB_NETBIOS_NAME=$(testparm -v -s 2>/dev/null \| grep "^\snetbios name\s=" \| sed -e 's/^\snetbios name\s=\s//' -e 's/\s$//')`
			`}`

			`compare_smb_realm_with_krb5_default_realm()`
			`{`
			`echo "SMB_REALM = '$SMB_REALM'"`
			`echo "KRB5_DEFAULT_REALM = '$KRB5_DEFAULT_REALM'"`

			`test -n "$SMB_REALM" \|\| return 2`
			`test -n "$KRB5_DEFAULT_REALM" \|\| return 2`
			`test "$KRB5_DEFAULT_REALM" = "$SMB_REALM" \|\| return 2`
			`}`

			`test_smb_realm()`
			`{`
			`local retval=0`

			`DOMAIN_REALM="$KRB5_DEFAULT_REALM"`
			`if test -n "$SMB_REALM"; then`
			`DOMAIN_REALM="$SMB_REALM"`
			`DOMAIN_DOMAIN="$(echo "$SMB_REALM" \| tr '[:upper:]' '[:lower:]')"`
			`else`
			`test -z "$DOMAIN_REALM" \|\|`
			`DOMAIN_DOMAIN="$(echo "$DOMAIN_REALM" \| tr '[:upper:]' '[:lower:]')"`
			`test -n "$DOMAIN_REALM" \|\|`
			`DOMAIN_REALM="$(echo "$DOMAIN_DOMAIN" \| tr '[:lower:]' '[:upper:]')"`
			`is_system_auth_local && retval=2 \|\| retval=1`
			`fi`

			`echo "DOMAIN_REALM = '$DOMAIN_REALM'"`
			`echo "DOMAIN_DOMAIN = '$DOMAIN_DOMAIN'"`

			`return $retval`
			`}`

Add check name resolver and fix file exists 2022-04-08 03:58:48 +03:00			`_check_nameserver()`
			`{`
			`local ns="$1"`
Another fix of output design 2022-04-08 04:24:26 +03:00			`if _command ping -c 2 -i2 "$ns"; then`
			`test -z "$DOMAIN_DOMAIN" \|\| _command host "$DOMAIN_DOMAIN" "$ns"`
Fix error handlers after output redesign 2022-04-08 04:33:29 +03:00			`else`
			`return 1`
Add check name resolver and fix file exists 2022-04-08 03:58:48 +03:00			`fi`
			`}`

			`check_nameservers()`
			`{`
			`retval1=0`
			`retval2=0`
			`retval3=0`
			`if [ -n "$NAMESERVER1" ]; then`
			`_check_nameserver "$NAMESERVER1" \|\| retval1=1`
			`fi`
			`if [ -n "$NAMESERVER2" ]; then`
			`_check_nameserver "$NAMESERVER2" \|\| retval2=1`
			`fi`
			`if [ -n "$NAMESERVER3" ]; then`
			`_check_nameserver "$NAMESERVER3" \|\| retval3=1`
			`fi`
			`if test "$retval1" = 0 -a "$retval2" = 0 -a "$retval3" = 0; then`
			`return 0;`
			`fi`
			`if test "$retval1" = 1 -a "$retval2" = 1 -a "$retval3" = 1; then`
			`return 1;`
			`fi`
			`return 2`
			`}`

Update output and support is_local_system_auth 2022-04-08 02:20:51 +03:00			`run check_hostnamectl "Check hostname persistance"`
			`run test_hostname "Test hostname is FQDN (not short)"`
			`run check_system_auth "System authentication method"`
			`run test_domain_system_auth "Domain system authentication enabled"`
Add check name resolver and fix file exists 2022-04-08 03:58:48 +03:00			`run check_krb5_conf_exists "Check Kerberos configuration exists"`
Update output and support is_local_system_auth 2022-04-08 02:20:51 +03:00			`run check_krb5_conf_ccache "Kerberos credential cache status"`
			`run test_keyring_krb5_conf_ccache "Using keyring as kerberos credential cache"`
			`run check_krb5_conf_kdc_lookup "Check DNS lookup kerberos KDC status"`
Refactor run if not by root 2022-04-08 01:18:40 +03:00			`run check_krb5_keytab_exists "Check machine crendetial cache is exists"`
Update output and support is_local_system_auth 2022-04-08 02:20:51 +03:00			`run check_keytab_credential_list "Check machine credentials list in keytab"`
Add check name resolver and fix file exists 2022-04-08 03:58:48 +03:00			`run check_resolv_conf "Check nameserver resolver configuration"`
			`run compare_resolv_conf_with_default_realm "Compare krb5 realm and first search domain"`
Check and compare smb.conf 2022-04-08 06:05:07 +03:00			`run check_smb_conf "Check Samba configuration"`
			`run compare_smb_realm_with_krb5_default_realm "Compare samba and krb5 realms"`
			`run test_smb_realm "Check Samba domain realm"`
Add check name resolver and fix file exists 2022-04-08 03:58:48 +03:00			`run check_nameservers "Check nameservers availability"`