Improve the tlsdate sanity script
This commit is contained in:
Bob Mottram
parent
12f80195dd
commit
6b301b4825
|
|
@ -1013,26 +1013,80 @@ If you get errors during the /configure/ stage then you may need to reboot so th
|
||||||
editor /usr/bin/updatedate
|
editor /usr/bin/updatedate
|
||||||
#+END_SRC
|
#+END_SRC
|
||||||
|
|
||||||
Add the following:
|
Add the following, changing /username@mydomainname.com/ to your email address:
|
||||||
|
|
||||||
#+BEGIN_SRC: bash
|
#+BEGIN_SRC: bash
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
TIMESOURCE=google.com
|
TIMESOURCE=google.com
|
||||||
|
TIMESOURCE2=www.ptb.de
|
||||||
LOGFILE=/var/log/tlsdate.log
|
LOGFILE=/var/log/tlsdate.log
|
||||||
|
TIMEOUT=5
|
||||||
|
EMAIL=username@mydomainname.com
|
||||||
|
|
||||||
|
# File which contains the previous date as a number
|
||||||
|
BEFORE_DATE_FILE=/var/log/tlsdateprevious.txt
|
||||||
|
|
||||||
|
# File which contains the previous date as a string
|
||||||
|
BEFORE_FULLDATE_FILE=/var/log/tlsdate.txt
|
||||||
|
|
||||||
DATE_BEFORE=$(date)
|
DATE_BEFORE=$(date)
|
||||||
YEAR_BEFORE=$(echo $DATE_BEFORE | awk -F ' ' '{print $6}')
|
BEFORE=$(date -d "$Y-$M-$D" '+%s')
|
||||||
/usr/bin/timeout 3 tlsdate -l -t -H $TIMESOURCE -p 443
|
|
||||||
|
# If the date was previously set
|
||||||
|
if [[ -f "$BEFORE_DATE_FILE" ]]; then
|
||||||
|
BEFORE_FILE=$(cat $BEFORE_DATE_FILE)
|
||||||
|
BEFORE_FULLDATE=$(cat $BEFORE_FULLDATE_FILE)
|
||||||
|
|
||||||
|
# is the date going backwards?
|
||||||
|
if (( BEFORE_FILE > BEFORE )); then
|
||||||
|
echo -n "Date went backwards between tlsdate updates. " \
|
||||||
|
>> $LOGFILE
|
||||||
|
echo -n "$BEFORE_FILE > $BEFORE, " >> $LOGFILE
|
||||||
|
echo "$BEFORE_FULLDATE > $DATE_BEFORE" >> $LOGFILE
|
||||||
|
|
||||||
|
# Send a warning email
|
||||||
|
echo $(tail $LOGFILE -n 2) | mail -s "tlsdate anomaly" $EMAIL
|
||||||
|
|
||||||
|
# Try another time source
|
||||||
|
TIMESOURCE=$TIMESOURCE2
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Set the date
|
||||||
|
/usr/bin/timeout $TIMEOUT tlsdate -l -t -H $TIMESOURCE -p 443 >> $LOGFILE
|
||||||
|
|
||||||
DATE_AFTER=$(date)
|
DATE_AFTER=$(date)
|
||||||
YEAR_AFTER=$(echo $DATE_AFTER | awk -F ' ' '{print $6}')
|
AFTER=$(date -d "$Y-$M-$D" '+%s')
|
||||||
if [ "$YEAR_AFTER" -lt "$YEAR_BEFORE" ]; then
|
|
||||||
|
# After setting the date did it go backwards?
|
||||||
|
if (( AFTER < BEFORE )); then
|
||||||
echo "Incorrect date: $DATE_BEFORE -> $DATE_AFTER" >> $LOGFILE
|
echo "Incorrect date: $DATE_BEFORE -> $DATE_AFTER" >> $LOGFILE
|
||||||
date -s "DATE_BEFORE"
|
|
||||||
|
# Send a warning email
|
||||||
|
echo $(tail $LOGFILE -n 2) | mail -s "tlsdate anomaly" $EMAIL
|
||||||
|
|
||||||
|
# Try resetting the date from another time source
|
||||||
|
/usr/bin/timeout $TIMEOUT tlsdate -l -t -H $TIMESOURCE2 -p 443 >> $LOGFILE
|
||||||
|
DATE_AFTER=$(date)
|
||||||
|
AFTER=$(date -d "$Y-$M-$D" '+%s')
|
||||||
else
|
else
|
||||||
echo -n $TIMESOURCE >> $LOGFILE
|
echo -n $TIMESOURCE >> $LOGFILE
|
||||||
|
if [[ -f "$BEFORE_DATE_FILE" ]]; then
|
||||||
|
echo -n " " >> $LOGFILE
|
||||||
|
echo -n $BEFORE_FILE >> $LOGFILE
|
||||||
|
fi
|
||||||
|
echo -n " " >> $LOGFILE
|
||||||
|
echo -n $BEFORE >> $LOGFILE
|
||||||
|
echo -n " " >> $LOGFILE
|
||||||
|
echo -n $AFTER >> $LOGFILE
|
||||||
echo -n " " >> $LOGFILE
|
echo -n " " >> $LOGFILE
|
||||||
echo $DATE_AFTER >> $LOGFILE
|
echo $DATE_AFTER >> $LOGFILE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Log the last date
|
||||||
|
echo "$AFTER" > $BEFORE_DATE_FILE
|
||||||
|
echo "$DATE_AFTER" > $BEFORE_FULLDATE_FILE
|
||||||
#+END_SRC
|
#+END_SRC
|
||||||
|
|
||||||
Save and exit.
|
Save and exit.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue