162 lines
3.3 KiB
Bash
Executable file
162 lines
3.3 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
# VPN Gateway Health Check Script
|
|
# Comprehensive system health monitoring
|
|
# Version: 1.0.0
|
|
|
|
# Colors
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m'
|
|
|
|
# Scoring
|
|
TOTAL_SCORE=0
|
|
MAX_SCORE=100
|
|
ISSUES=()
|
|
|
|
check_mark() {
|
|
echo -e "${GREEN}✓${NC}"
|
|
}
|
|
|
|
x_mark() {
|
|
echo -e "${RED}✗${NC}"
|
|
}
|
|
|
|
warning_mark() {
|
|
echo -e "${YELLOW}⚠${NC}"
|
|
}
|
|
|
|
add_score() {
|
|
TOTAL_SCORE=$((TOTAL_SCORE + $1))
|
|
}
|
|
|
|
add_issue() {
|
|
ISSUES+=("$1")
|
|
}
|
|
|
|
echo -e "${BLUE}=== VPN Gateway Health Check ===${NC}"
|
|
echo ""
|
|
|
|
# 1. Check Services
|
|
echo -n "Checking services... "
|
|
services_ok=true
|
|
for service in vpn-webui vpn-killswitch vpn-security-monitor; do
|
|
if systemctl is-active $service >/dev/null 2>&1; then
|
|
add_score 10
|
|
else
|
|
services_ok=false
|
|
add_issue "Service $service is not running"
|
|
fi
|
|
done
|
|
[ "$services_ok" = true ] && check_mark || x_mark
|
|
|
|
# 2. Check Killswitch
|
|
echo -n "Checking killswitch... "
|
|
if iptables -L OUTPUT -n | grep -q "policy DROP"; then
|
|
add_score 20
|
|
check_mark
|
|
else
|
|
add_issue "Killswitch not active!"
|
|
x_mark
|
|
fi
|
|
|
|
# 3. Check VPN Connection
|
|
echo -n "Checking VPN connection... "
|
|
if wg show wg0 >/dev/null 2>&1; then
|
|
add_score 15
|
|
check_mark
|
|
else
|
|
add_issue "VPN not connected"
|
|
warning_mark
|
|
fi
|
|
|
|
# 4. Check for leaks
|
|
echo -n "Checking for leaks... "
|
|
if ! ping -c 1 -W 1 8.8.8.8 >/dev/null 2>&1; then
|
|
if wg show wg0 >/dev/null 2>&1; then
|
|
add_issue "VPN connected but no internet"
|
|
warning_mark
|
|
else
|
|
add_score 15
|
|
check_mark
|
|
fi
|
|
else
|
|
if wg show wg0 >/dev/null 2>&1; then
|
|
add_score 15
|
|
check_mark
|
|
else
|
|
add_issue "CRITICAL: Internet accessible without VPN!"
|
|
x_mark
|
|
fi
|
|
fi
|
|
|
|
# 5. Check DNS
|
|
echo -n "Checking DNS configuration... "
|
|
dns_ok=true
|
|
while read -r dns; do
|
|
case "$dns" in
|
|
127.0.0.1|10.*|172.*|192.168.*|100.64.*)
|
|
;;
|
|
*)
|
|
dns_ok=false
|
|
add_issue "Public DNS detected: $dns"
|
|
;;
|
|
esac
|
|
done < <(grep "^nameserver" /etc/resolv.conf | awk '{print $2}')
|
|
if [ "$dns_ok" = true ]; then
|
|
add_score 10
|
|
check_mark
|
|
else
|
|
warning_mark
|
|
fi
|
|
|
|
# 6. Check disk space
|
|
echo -n "Checking disk space... "
|
|
disk_usage=$(df /opt/vpn-gateway | tail -1 | awk '{print $5}' | sed 's/%//')
|
|
if [ "$disk_usage" -lt 80 ]; then
|
|
add_score 5
|
|
check_mark
|
|
elif [ "$disk_usage" -lt 90 ]; then
|
|
add_issue "Disk usage high: ${disk_usage}%"
|
|
warning_mark
|
|
else
|
|
add_issue "Critical disk usage: ${disk_usage}%"
|
|
x_mark
|
|
fi
|
|
|
|
# 7. Check WebUI accessibility
|
|
echo -n "Checking WebUI... "
|
|
if curl -s http://localhost:5000/api/status >/dev/null 2>&1; then
|
|
add_score 10
|
|
check_mark
|
|
else
|
|
add_issue "WebUI not accessible"
|
|
x_mark
|
|
fi
|
|
|
|
# Results
|
|
echo ""
|
|
echo -e "${BLUE}=== Health Score: $TOTAL_SCORE/$MAX_SCORE ===${NC}"
|
|
echo ""
|
|
|
|
if [ $TOTAL_SCORE -ge 90 ]; then
|
|
echo -e "${GREEN}System Status: EXCELLENT${NC}"
|
|
elif [ $TOTAL_SCORE -ge 70 ]; then
|
|
echo -e "${GREEN}System Status: GOOD${NC}"
|
|
elif [ $TOTAL_SCORE -ge 50 ]; then
|
|
echo -e "${YELLOW}System Status: WARNING${NC}"
|
|
else
|
|
echo -e "${RED}System Status: CRITICAL${NC}"
|
|
fi
|
|
|
|
if [ ${#ISSUES[@]} -gt 0 ]; then
|
|
echo ""
|
|
echo "Issues found:"
|
|
for issue in "${ISSUES[@]}"; do
|
|
echo " - $issue"
|
|
done
|
|
fi
|
|
|
|
exit $((100 - TOTAL_SCORE))
|