#!/usr/bin/env ksh # $Id: netmask,v 1.5 2011/08/19 15:53:19 ksb Exp $ # We're a netlint plugin that checks our /etc/netmasks file (ksb) #****p* netlint/netmask # NAME # netmask # DESCRIPTION # If any of our subnets are not listed in the netmasks file we carp # about it and suggest a solution. #*** PROGNAME=`basename $0` : ${CARP:=echo} export CARP if [ _"$1" = _"-V" ]; then echo "$PROGNAME: "'$Id: netmask,v 1.5 2011/08/19 15:53:19 ksb Exp $' exit 0 fi if [ -f /etc/inet/netmasks ] ; then : ${NETMASK_FILE:=/etc/inet/netmasks} else : ${NETMASK_FILE:=/etc/netmasks} fi export NETMASK_FILE #****a* netmasks/NETMASK_MISSING # NAME # NETMASK_MISSING # FORMAT # NETMASK_MISSING: file # DESCRIPTION # Netlint believes the named file is critical to network configuration. # REMEDIATION # Install the missing /etc/netmasks or /etc/inet/netmasks file, a zero # length file never works. #*** if [ ! -s "$NETMASK_FILE" ] ; then ${CARP} "NETMASK_MISSING: $NETMASK_FILE" exit 0 fi . $NETLINT_FUNCS #****a* netmask/NETMASK_MALFORMED # NAME # NETMASK_MALFORMED # FORMAT # NETMASK_MALFORMED: subnet/mask | subnet/cidr # DESCRIPTION # Netlint reports if the file format is invalid for the netmasks file. # Non-comment lines should match the form "n.n.n.n m.m.m.m" where # n.n.n.n is a valid ip address and m.m.m.m is a valid netmask. # IMPACT # A reboot of the host might set the netmask incorrectly, or some # program other than the boot-script might misconfigure a network port. # REMEDIATION # Update the master copy of the netmasks file and push it out again. #*** tr -s ' \t' ' ' <$NETMASK_FILE | sed \ -e 's/#.*//' \ -e 's/^ *//' \ -e 's/ *$//' \ -e '/^$/d' \ -e '/^[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*[ ][ ]*[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$/d' \ -e '=' | while read linenum; do read line ${CARP} "NETMASK_MALFORMED: [$linenum] $line" done #****a* netmask/NETMASK_UNMATCHED # NAME # NETMASK_UNMATCHED # FORMAT # NETMASK_UNMATCHED: subnet/mask | subnet/cidr # DESCRIPTION # Netlint reports subnets with active interfaces that do not have a # matching line in the netmasks file. # IMPACT # A reboot of the host might set the netmask incorrectly, or some # program other than the boot-script might misconfigure a network port. # REMEDIATION # Update the master copy of the netmasks file and push it out again. #*** # find AndIt from netlint's functions for pair in $SUBNET_LIST ; do echo "not found" >net.note tr -s ' \t' ' ' <$NETMASK_FILE| sed -e 's/#.*//' -e 's/^ //' -e 's/ $//' -e '/^$/d' | while read net mask junk ; do [ "$net" = "`AndIt ${pair%%/*} ${mask}`" ] || continue if [ "$mask" != "`AndIt $mask ${pair##*/}`" ] ; then echo "mismatched mask ($mask != ${pair##*/})" fi >net.note break done if [ -s net.note ] ; then ${CARP} "NETMASK_UNMATCHED: ${pair%%/*} `