New branch

scripts/health-check.sh

@@ -0,0 +1,162 @@
+#!/bin/bash
+
+# VPN Gateway Health Check Script
+# Comprehensive system health monitoring
+# Version: 1.0.0
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+# Scoring
+TOTAL_SCORE=0
+MAX_SCORE=100
+ISSUES=()
+
+check_mark() {
+    echo -e "${GREEN}✓${NC}"
+}
+
+x_mark() {
+    echo -e "${RED}✗${NC}"
+}
+
+warning_mark() {
+    echo -e "${YELLOW}⚠${NC}"
+}
+
+add_score() {
+    TOTAL_SCORE=$((TOTAL_SCORE + $1))
+}
+
+add_issue() {
+    ISSUES+=("$1")
+}
+
+echo -e "${BLUE}=== VPN Gateway Health Check ===${NC}"
+echo ""
+
+# 1. Check Services
+echo -n "Checking services... "
+services_ok=true
+for service in vpn-webui vpn-killswitch vpn-security-monitor; do
+    if systemctl is-active $service >/dev/null 2>&1; then
+        add_score 10
+    else
+        services_ok=false
+        add_issue "Service $service is not running"
+    fi
+done
+[ "$services_ok" = true ] && check_mark || x_mark
+
+# 2. Check Killswitch
+echo -n "Checking killswitch... "
+if iptables -L OUTPUT -n | grep -q "policy DROP"; then
+    add_score 20
+    check_mark
+else
+    add_issue "Killswitch not active!"
+    x_mark
+fi
+
+# 3. Check VPN Connection
+echo -n "Checking VPN connection... "
+if wg show wg0 >/dev/null 2>&1; then
+    add_score 15
+    check_mark
+else
+    add_issue "VPN not connected"
+    warning_mark
+fi
+
+# 4. Check for leaks
+echo -n "Checking for leaks... "
+if ! ping -c 1 -W 1 8.8.8.8 >/dev/null 2>&1; then
+    if wg show wg0 >/dev/null 2>&1; then
+        add_issue "VPN connected but no internet"
+        warning_mark
+    else
+        add_score 15
+        check_mark
+    fi
+else
+    if wg show wg0 >/dev/null 2>&1; then
+        add_score 15
+        check_mark
+    else
+        add_issue "CRITICAL: Internet accessible without VPN!"
+        x_mark
+    fi
+fi
+
+# 5. Check DNS
+echo -n "Checking DNS configuration... "
+dns_ok=true
+while read -r dns; do
+    case "$dns" in
+        127.0.0.1|10.*|172.*|192.168.*|100.64.*)
+            ;;
+        *)
+            dns_ok=false
+            add_issue "Public DNS detected: $dns"
+            ;;
+    esac
+done < <(grep "^nameserver" /etc/resolv.conf | awk '{print $2}')
+if [ "$dns_ok" = true ]; then
+    add_score 10
+    check_mark
+else
+    warning_mark
+fi
+
+# 6. Check disk space
+echo -n "Checking disk space... "
+disk_usage=$(df /opt/vpn-gateway | tail -1 | awk '{print $5}' | sed 's/%//')
+if [ "$disk_usage" -lt 80 ]; then
+    add_score 5
+    check_mark
+elif [ "$disk_usage" -lt 90 ]; then
+    add_issue "Disk usage high: ${disk_usage}%"
+    warning_mark
+else
+    add_issue "Critical disk usage: ${disk_usage}%"
+    x_mark
+fi
+
+# 7. Check WebUI accessibility
+echo -n "Checking WebUI... "
+if curl -s http://localhost:5000/api/status >/dev/null 2>&1; then
+    add_score 10
+    check_mark
+else
+    add_issue "WebUI not accessible"
+    x_mark
+fi
+
+# Results
+echo ""
+echo -e "${BLUE}=== Health Score: $TOTAL_SCORE/$MAX_SCORE ===${NC}"
+echo ""
+
+if [ $TOTAL_SCORE -ge 90 ]; then
+    echo -e "${GREEN}System Status: EXCELLENT${NC}"
+elif [ $TOTAL_SCORE -ge 70 ]; then
+    echo -e "${GREEN}System Status: GOOD${NC}"
+elif [ $TOTAL_SCORE -ge 50 ]; then
+    echo -e "${YELLOW}System Status: WARNING${NC}"
+else
+    echo -e "${RED}System Status: CRITICAL${NC}"
+fi
+
+if [ ${#ISSUES[@]} -gt 0 ]; then
+    echo ""
+    echo "Issues found:"
+    for issue in "${ISSUES[@]}"; do
+        echo "  - $issue"
+    done
+fi
+
+exit $((100 - TOTAL_SCORE))