gsb/gsb2024
3
3
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases 3 Wiki Activity

Premier commit

Browse Source
This commit is contained in:
phil
2023-12-18 23:20:30 +01:00
parent ec25c6dba9
commit 62ef5fa4e9
577 changed files with 46490 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
goss/list-goss Normal file
View File

@@ -0,0 +1,12 @@
cd goss/
goss -g r-vp1.yaml v
goss -g r-vp1.yaml aa wireguard
goss add interface enp0s3
goss add interface enp0s8
goss add interface enp0s9
goss add interface wg0
goss aa wireguard
goss add package wireguard-tools
goss add service wg-quick@wg0
goss add command "ping -c4 10.0.0.2"
goss add file "/etc/wireguard/wg0.conf"

40
goss/r-ext.yaml Normal file
View File

@@ -0,0 +1,40 @@
command:
sysctl net.ipv4.ip_forward:
exit-status: 0
stdout:
- net.ipv4.ip_forward = 1
stderr: []
timeout: 10000
ping -c 4 172.16.0.1:
exit-status: 0
stdout:
- 0% packet loss
stderr: []
timeout: 10000
ping -c 4 172.16.0.254:
exit-status: 0
stdout:
- 0% packet loss
stderr: []
timeout: 10000
ping -c 4 192.168.200.254:
exit-status: 0
stdout:
- 0% packet loss
stderr: []
timeout: 10000
interface:
enp0s3:
exists: true
addrs:
- 192.168.99.13/24
enp0s8:
exists: true
addrs:
- 192.168.100.254/24
enp0s9:
exists: true
enp0s16:
exists: true
addrs:
- 192.168.200.253/24

35
goss/r-int.yaml Normal file
View File

@@ -0,0 +1,35 @@
package:
isc-dhcp-server:
installed: true
service:
isc-dhcp-server:
enabled: true
running: true
command:
sysctl net.ipv4.ip_forward:
exit-status: 0
stdout:
- net.ipv4.ip_forward = 1
stderr: []
timeout: 10000
interface:
enp0s3:
exists: true
addrs:
- 192.168.99.12/24
enp0s8:
exists: true
addrs:
- 192.168.200.254/24
enp0s9:
exists: true
addrs:
- 172.16.65.254/24
enp0s10:
exists: true
addrs:
- 172.16.64.254/24
enp0s16:
exists: true
addrs:
- 172.16.0.254/24

106
goss/r-vp1-cs.yaml Normal file
View File

@@ -0,0 +1,106 @@
file:
/etc/ipsec.d/cacerts/strongswanCert.pem:
exists: true
mode: "0644"
size: 1834
owner: root
group: root
filetype: file
contains: []
/etc/ipsec.d/certs/r-vp1Cert.pem:
exists: true
mode: "0644"
size: 1509
owner: root
group: root
filetype: file
contains: []
/etc/ipsec.d/certs/r-vp2Cert.pem:
exists: true
mode: "0644"
size: 1509
owner: root
group: root
filetype: file
contains: []
/etc/ipsec.d/private/r-vp1Key.pem:
exists: true
mode: "0600"
size: 1675
owner: root
group: root
filetype: file
contains: []
/etc/ipsec.d/private/r-vp2Key.pem:
exists: true
mode: "0600"
size: 1679
owner: root
group: root
filetype: file
contains: []
package:
strongswan:
installed: true
versions:
- 5.2.1-6+deb8u2
service:
strongswan:
enabled: true
running: true
user:
strongswan:
exists: true
uid: 112
gid: 65534
groups:
- nogroup
home: /var/lib/strongswan
shell: /usr/sbin/nologin
command:
Associations:
exit-status: 127
stdout: []
stderr:
- 'sh: 1: Associations: not found'
timeout: 10000
ip r|grep default:
exit-status: 0
stdout:
- default via 192.168.1.1 dev enp0s9
stderr: []
timeout: 10000
ipsec listcacerts|grep subject:
exit-status: 0
stdout:
- 'subject: "C=CH, O=GSB, CN=Root CA"'
stderr: []
timeout: 10000
ipsec listcerts|grep subject:
exit-status: 0
stdout:
- 'subject: "C=CH, O=GSB, CN=r-vp1"'
- 'subject: "C=CH, O=GSB, CN=r-vp2"'
stderr: []
timeout: 10000
ipsec statusall|grep Security:
exit-status: 0
stdout:
- 'Security Associations (1 up, 0 connecting):'
stderr: []
timeout: 10000
sysctl net.ipv4.ip_forward:
exit-status: 0
stdout:
- net.ipv4.ip_forward = 1
stderr: []
timeout: 10000
interface:
enp0s8:
exists: true
addrs:
- 192.168.0.51/24
enp0s9:
exists: true
addrs:
- 192.168.1.2/24

106
goss/r-vp1-old.yaml Normal file
View File

@@ -0,0 +1,106 @@
file:
/etc/ipsec.d/cacerts/strongswanCert.pem:
exists: true
mode: "0644"
size: 1834
owner: root
group: root
filetype: file
contains: []
/etc/ipsec.d/certs/r-vp1Cert.pem:
exists: true
mode: "0644"
size: 1509
owner: root
group: root
filetype: file
contains: []
/etc/ipsec.d/certs/r-vp2Cert.pem:
exists: true
mode: "0644"
size: 1509
owner: root
group: root
filetype: file
contains: []
/etc/ipsec.d/private/r-vp1Key.pem:
exists: true
mode: "0600"
size: 1675
owner: root
group: root
filetype: file
contains: []
/etc/ipsec.d/private/r-vp2Key.pem:
exists: true
mode: "0600"
size: 1679
owner: root
group: root
filetype: file
contains: []
package:
strongswan:
installed: true
versions:
- 5.2.1-6+deb8u2
service:
strongswan:
enabled: true
running: true
user:
strongswan:
exists: true
uid: 112
gid: 65534
groups:
- nogroup
home: /var/lib/strongswan
shell: /usr/sbin/nologin
command:
Associations:
exit-status: 127
stdout: []
stderr:
- 'sh: 1: Associations: not found'
timeout: 10000
ip r|grep default:
exit-status: 0
stdout:
- default via 192.168.1.1 dev enp0s9
stderr: []
timeout: 10000
ipsec listcacerts|grep subject:
exit-status: 0
stdout:
- 'subject: "C=CH, O=GSB, CN=Root CA"'
stderr: []
timeout: 10000
ipsec listcerts|grep subject:
exit-status: 0
stdout:
- 'subject: "C=CH, O=GSB, CN=r-vp1"'
- 'subject: "C=CH, O=GSB, CN=r-vp2"'
stderr: []
timeout: 10000
ipsec statusall|grep Security:
exit-status: 0
stdout:
- 'Security Associations (1 up, 0 connecting):'
stderr: []
timeout: 10000
sysctl net.ipv4.ip_forward:
exit-status: 0
stdout:
- net.ipv4.ip_forward = 1
stderr: []
timeout: 10000
interface:
enp0s8:
exists: true
addrs:
- 192.168.0.51/24
enp0s9:
exists: true
addrs:
- 192.168.1.2/24

56
goss/r-vp1.yaml Normal file
View File

@@ -0,0 +1,56 @@
file:
/etc/wireguard/wg0.conf:
exists: true
mode: "0644"
owner: root
group: root
filetype: file
contains:
- AllowedIPs = 10.0.0.2/32, 172.16.128.0/24
package:
wireguard:
installed: true
versions:
- 1.0.20210223-1
wireguard-tools:
installed: true
versions:
- 1.0.20210223-1
service:
wg-quick@wg0:
enabled: true
running: true
command:
host 192.168.99.99:
exit-status: 0
stdout:
- 99.99.168.192.in-addr.arpa domain name pointer s-adm.gsb.adm.
stderr: []
timeout: 10000
ping -c4 10.0.0.2:
exit-status: 0
stdout:
- 0% packet loss
stderr: []
timeout: 10000
interface:
enp0s3:
exists: true
addrs:
- 192.168.99.112/24
mtu: 1500
enp0s8:
exists: true
addrs:
- 192.168.1.2/24
mtu: 1500
enp0s9:
exists: true
addrs:
- 192.168.0.51/24
mtu: 1500
wg0:
exists: true
addrs:
- 10.0.0.1/32
mtu: 1420

105
goss/r-vp2-cs.yaml Normal file
View File

@@ -0,0 +1,105 @@
file:
/etc/ipsec.d/cacerts/strongswanCert.pem:
exists: true
mode: "0644"
size: 1834
owner: root
group: root
filetype: file
contains: []
/etc/ipsec.d/certs/r-vp1Cert.pem:
exists: true
mode: "0644"
size: 1509
owner: root
group: root
filetype: file
contains: []
/etc/ipsec.d/certs/r-vp2Cert.pem:
exists: true
mode: "0644"
size: 1509
owner: root
group: root
filetype: file
contains: []
/etc/ipsec.d/private/r-vp1Key.pem:
exists: true
mode: "0600"
size: 1675
owner: root
group: root
filetype: file
contains: []
/etc/ipsec.d/private/r-vp2Key.pem:
exists: true
mode: "0600"
size: 1679
owner: root
group: root
filetype: file
contains: []
package:
strongswan:
installed: true
versions:
- 5.2.1-6+deb8u2
service:
strongswan:
enabled: true
running: true
user:
strongswan:
exists: true
gid: 65534
groups:
- nogroup
home: /var/lib/strongswan
shell: /usr/sbin/nologin
command:
Associations:
exit-status: 127
stdout: []
stderr:
- 'sh: 1: Associations: not found'
timeout: 10000
ip r|grep default:
exit-status: 0
stdout:
- default via 192.168.99.99 dev enp0s3
stderr: []
timeout: 10000
ipsec listcacerts|grep subject:
exit-status: 0
stdout:
- 'subject: "C=CH, O=GSB, CN=Root CA"'
stderr: []
timeout: 10000
ipsec listcerts|grep subject:
exit-status: 0
stdout:
- 'subject: "C=CH, O=GSB, CN=r-vp2"'
- 'subject: "C=CH, O=GSB, CN=r-vp1"'
stderr: []
timeout: 10000
ipsec statusall|grep Security:
exit-status: 0
stdout:
- 'Security Associations (1 up, 0 connecting):'
stderr: []
timeout: 10000
sysctl net.ipv4.ip_forward:
exit-status: 0
stdout:
- net.ipv4.ip_forward = 1
stderr: []
timeout: 10000
interface:
enp0s8:
exists: true
addrs:
- 172.16.128.254/24
enp0s9:
exists: true
addrs:
- 192.168.0.52/24

105
goss/r-vp2-old.yaml Normal file
View File

@@ -0,0 +1,105 @@
file:
/etc/ipsec.d/cacerts/strongswanCert.pem:
exists: true
mode: "0644"
size: 1834
owner: root
group: root
filetype: file
contains: []
/etc/ipsec.d/certs/r-vp1Cert.pem:
exists: true
mode: "0644"
size: 1509
owner: root
group: root
filetype: file
contains: []
/etc/ipsec.d/certs/r-vp2Cert.pem:
exists: true
mode: "0644"
size: 1509
owner: root
group: root
filetype: file
contains: []
/etc/ipsec.d/private/r-vp1Key.pem:
exists: true
mode: "0600"
size: 1675
owner: root
group: root
filetype: file
contains: []
/etc/ipsec.d/private/r-vp2Key.pem:
exists: true
mode: "0600"
size: 1679
owner: root
group: root
filetype: file
contains: []
package:
strongswan:
installed: true
versions:
- 5.2.1-6+deb8u2
service:
strongswan:
enabled: true
running: true
user:
strongswan:
exists: true
gid: 65534
groups:
- nogroup
home: /var/lib/strongswan
shell: /usr/sbin/nologin
command:
Associations:
exit-status: 127
stdout: []
stderr:
- 'sh: 1: Associations: not found'
timeout: 10000
ip r|grep default:
exit-status: 0
stdout:
- default via 192.168.99.99 dev enp0s3
stderr: []
timeout: 10000
ipsec listcacerts|grep subject:
exit-status: 0
stdout:
- 'subject: "C=CH, O=GSB, CN=Root CA"'
stderr: []
timeout: 10000
ipsec listcerts|grep subject:
exit-status: 0
stdout:
- 'subject: "C=CH, O=GSB, CN=r-vp2"'
- 'subject: "C=CH, O=GSB, CN=r-vp1"'
stderr: []
timeout: 10000
ipsec statusall|grep Security:
exit-status: 0
stdout:
- 'Security Associations (1 up, 0 connecting):'
stderr: []
timeout: 10000
sysctl net.ipv4.ip_forward:
exit-status: 0
stdout:
- net.ipv4.ip_forward = 1
stderr: []
timeout: 10000
interface:
enp0s8:
exists: true
addrs:
- 172.16.128.254/24
enp0s9:
exists: true
addrs:
- 192.168.0.52/24

52
goss/r-vp2.yaml Normal file
View File

@@ -0,0 +1,52 @@
file:
/etc/wireguard/wg0.conf:
exists: true
mode: "0644"
owner: root
group: root
filetype: file
contains: []
package:
wireguard:
installed: true
versions:
- 1.0.20210223-1
wireguard-tools:
installed: true
versions:
- 1.0.20210223-1
service:
isc-dhcp-server:
enabled: true
running: true
wg-quick@wg0:
enabled: true
running: true
command:
ping -c4 10.0.0.1:
exit-status: 0
stdout:
- 0% packet loss
stderr: []
timeout: 10000
interface:
enp0s3:
exists: true
addrs:
- 192.168.99.102/24
mtu: 1500
enp0s8:
exists: true
addrs:
- 172.16.128.254/24
mtu: 1500
enp0s9:
exists: true
addrs:
- 192.168.0.52/24
mtu: 1500
wg0:
exists: true
addrs:
- 10.0.0.2/32
mtu: 1420

72
goss/s-adm.yaml Normal file
View File

@@ -0,0 +1,72 @@
package:
dnsmasq:
installed: true
squid:
installed: true
addr:
tcp://depl.sio.lan:80:
reachable: true
timeout: 500
port:
tcp:53:
listening: true
ip:
- 0.0.0.0
tcp6:53:
listening: true
ip:
- '::'
udp:53:
listening: true
ip:
- 0.0.0.0
udp:67:
listening: true
ip:
- 0.0.0.0
udp6:53:
listening: true
ip:
- '::'
service:
dnsmasq:
enabled: true
running: true
squid:
enabled: true
running: true
ssh:
enabled: true
running: true
user:
dnsmasq:
exists: true
gid: 65534
groups:
- nogroup
home: /var/lib/misc
shell: /usr/sbin/nologin
group:
ssh:
exists: true
command:
/sbin/sysctl net.ipv4.ip_forward:
exit-status: 0
stdout:
- net.ipv4.ip_forward = 1
stderr: []
timeout: 10000
dns:
depl.sio.lan:
resolveable: true
timeout: 500
process:
dnsmasq:
running: true
squid:
running: true
interface:
enp0s8:
exists: true
addrs:
- 192.168.99.99/24

19
goss/s-agence.yaml Normal file
View File

@@ -0,0 +1,19 @@
command:
ip route |grep default:
exit-status: 0
stdout:
- default via 172.16.128.254 dev enp0s8
stderr: []
timeout: 10000
ping -c4 172.16.0.1:
exit-status: 0
stdout:
- 0% packet loss
stderr: []
timeout: 10000
ping -c4 172.16.128.254:
exit-status: 0
stdout:
- 0% packet loss
stderr: []
timeout: 10000

35
goss/s-appli.yaml Normal file
View File

@@ -0,0 +1,35 @@
service:
mariadb:
enabled: true
running: true
apache2:
enabled: true
running: true
file:
/var/www/html/wordpress:
exists: true
owner: www-data
group: www-data
filetype: directory
/var/www/html/wordpress-5.8.2-fr_FR.tar.gz:
exists: true
/var/www/html/wordpress/wp-config-sample.php:
exists: true
/etc/apache2/sites-enabled/000-default.conf:
exists: true
interface:
enp0s3:
exists: true
addrs:
- 192.168.99.3/24
enp0s8:
exists: true
addrs:
- 172.16.0.3/24

41
goss/s-backup.yaml Normal file
View File

@@ -0,0 +1,41 @@
package:
bind9:
installed: true
cifs-utils:
installed: true
rsync:
installed: true
smbclient:
installed: true
service:
bind9:
enabled: true
running: true
rsync:
enabled: true
running: false
command:
ping -c4 ns.gsb.lan:
exit-status: 0
stdout:
- 0% packet loss
stderr: []
timeout: 10000
#check si partage windows accesible
smbclient -L //s-win --user=uBackup%Azerty1+ | grep 'public':
exit-status: 0
stdout:
- public
stderr: []
timeout: 10000
interface:
enp0s3:
exists: true
addrs:
- 192.168.99.4/24
mtu: 1500
enp0s8:
exists: true
addrs:
- 172.16.0.4/24
mtu: 1500

26
goss/s-elk.yaml Normal file
View File

@@ -0,0 +1,26 @@
port:
tcp:5044:
listening: true
ip:
- 0.0.0.0
tcp:5601:
listening: true
ip:
- 0.0.0.0
tcp:9200:
listening: true
ip:
- 0.0.0.0
service:
docker:
enabled: true
running: true
interface:
enp0s3:
exists: true
addrs:
- 192.168.99.11/24
enp0s8:
exists: true
addrs:
- 172.16.0.11/24

28
goss/s-fog.yaml Normal file
View File

@@ -0,0 +1,28 @@
interface:
enp0s3:
exists: true
addrs:
- 192.168.99.16/24
interface:
enp0s8:
exists: true
addrs:
- 172.16.0.16/24
interface:
enp0s9:
exists: true
addrs:
- 172.16.64.16/24
command:
ping -c 4 192.168.99.99:
exit-status: 0
stdout:
- 0% packet loss
stderr: []
timeout: 10000
ping -c 4 google.fr:
exit-status: 0
stdout:
- 0% packet loss
stderr: []
timeout: 10000

90
goss/s-infra.yaml Normal file
View File

@@ -0,0 +1,90 @@
package:
bind9:
installed: true
lighttpd:
installed: true
addr:
tcp://192.168.99.99:8080:
reachable: true
timeout: 500
port:
tcp:80:
listening: true
ip:
- 0.0.0.0
tcp6:80:
listening: true
ip:
- '::'
service:
bind9:
enabled: true
running: true
lighttpd:
enabled: true
running: true
command:
host 172.16.0.2:
exit-status: 0
stdout:
- 2.0.16.172.in-addr.arpa domain name pointer s-proxy.gsb.lan.
stderr: []
timeout: 10000
host 172.16.0.9:
exit-status: 0
stdout:
- 9.0.16.172.in-addr.arpa domain name pointer s-itil.gsb.lan.
stderr: []
timeout: 10000
host free.fr:
exit-status: 0
stdout:
- free.fr has address 212.27.48.10
- free.fr has IPv6 address 2a01:e0c:1::1
- free.fr mail is handled by 10 mx1.free.fr.
- free.fr mail is handled by 20 mx2.free.fr.
stderr: []
timeout: 10000
host s-infra:
exit-status: 0
stdout:
- s-infra.gsb.lan has address 172.16.0.1
stderr: []
timeout: 10000
host s-infra.gsb.lan:
exit-status: 0
stdout:
- s-infra.gsb.lan has address 172.16.0.1
stderr: []
timeout: 10000
host s-mon:
exit-status: 0
stdout:
- s-mon.gsb.lan has address 172.16.0.8
stderr: []
timeout: 10000
host s-mon.gsb.lan:
exit-status: 0
stdout:
- s-mon.gsb.lan has address 172.16.0.8
stderr: []
timeout: 10000
process:
lighttpd:
running: true
interface:
enp0s3:
exists: true
addrs:
- 192.168.99.1/24
enp0s8:
exists: true
addrs:
- 172.16.0.1/24
http:
http://localhost/wpad.dat:
status: 200
allow-insecure: false
no-follow-redirects: false
timeout: 5000
body: []

36
goss/s-itil.yaml Normal file
View File

@@ -0,0 +1,36 @@
file:
/var/www/html/glpi:
exists: true
mode: "0755"
owner: www-data
group: www-data
filetype: directory
/var/www/html/ficlients:
exists: true
mode: "0775"
owner: www-data
group: www-data
filetype: directory
/var/www/html/glpi/plugins:
exists: true
mode: "0777"
filetype: directory
/var/www/html/index.nginx-debian.html:
exists: true
mode: "0775"
owner: www-data
group: www-data
filetype: file
service:
mariadb:
enabled: true
running: true
nginx:
enabled: true
running: true

21
goss/s-lb-bd.yaml Normal file
View File

@@ -0,0 +1,21 @@
package:
mysql-server:
installed: true
versions:
- 5.5.54-0+deb8u1
command:
egrep "#bind-address" /etc/mysql/my.cnf:
exit-status: 0
stdout:
- "#bind-address\t\t= 127.0.0.1"
stderr: []
timeout: 10000
interface:
enp0s3:
exists: true
addrs:
- 192.168.99.13/24
enp0s8:
exists: true
addrs:
- 192.168.102.50/24

63
goss/s-lb-web1.yaml Normal file
View File

@@ -0,0 +1,63 @@
package:
apache2:
installed: true
versions:
- 2.4.10-10+deb8u7
php5:
installed: true
versions:
- 5.6.29+dfsg-0+deb8u1
port:
tcp:22:
listening: true
ip:
- 0.0.0.0
tcp6:22:
listening: true
ip:
- '::'
tcp6:80:
listening: true
ip:
- '::'
service:
apache2:
enabled: true
running: true
sshd:
enabled: true
running: true
user:
sshd:
exists: true
uid: 105
gid: 65534
groups:
- nogroup
home: /var/run/sshd
shell: /usr/sbin/nologin
command:
egrep 192.168.102.14:/export/www /etc/fstab:
exit-status: 0
stdout:
- 192.168.102.14:/export/www /var/www/html nfs _netdev rw 0 0
stderr: []
timeout: 10000
process:
apache2:
running: true
sshd:
running: true
interface:
enp0s3:
exists: true
addrs:
- 192.168.99.11/24
enp0s8:
exists: true
addrs:
- 192.168.101.1/24
enp0s9:
exists: true
addrs:
- 192.168.102.1/24

63
goss/s-lb-web2.yaml Normal file
View File

@@ -0,0 +1,63 @@
package:
apache2:
installed: true
versions:
- 2.4.10-10+deb8u7
php5:
installed: true
versions:
- 5.6.29+dfsg-0+deb8u1
port:
tcp:22:
listening: true
ip:
- 0.0.0.0
tcp6:22:
listening: true
ip:
- '::'
tcp6:80:
listening: true
ip:
- '::'
service:
apache2:
enabled: true
running: true
sshd:
enabled: true
running: true
user:
sshd:
exists: true
uid: 105
gid: 65534
groups:
- nogroup
home: /var/run/sshd
shell: /usr/sbin/nologin
command:
egrep 192.168.102.14:/export/www /etc/fstab:
exit-status: 0
stdout:
- 192.168.102.14:/export/www /var/www/html nfs _netdev rw 0 0
stderr: []
timeout: 10000
process:
apache2:
running: true
sshd:
running: true
interface:
enp0s3:
exists: true
addrs:
- 192.168.99.12/24
enp0s8:
exists: true
addrs:
- 192.168.101.2/24
enp0s9:
exists: true
addrs:
- 192.168.102.2/24

28
goss/s-lb.yaml Normal file
View File

@@ -0,0 +1,28 @@
port:
tcp:80:
listening: true
ip:
- 192.168.100.11
service:
haproxy:
enabled: true
running: true
sshd:
enabled: true
running: true
interface:
enp0s3:
exists: true
addrs:
- 192.168.99.100/24
mtu: 1500
enp0s8:
exists: true
addrs:
- 192.168.100.11/24
mtu: 1500
enp0s9:
exists: true
addrs:
- 192.168.101.254/24
mtu: 1500

65
goss/s-lb.yaml.old Normal file
View File

@@ -0,0 +1,65 @@
file:
/etc/haproxy/haproxy.cfg:
exists: true
mode: "0644"
size: 1518
owner: root
group: root
filetype: file
contains: []
package:
haproxy:
installed: true
port:
tcp:80:
listening: true
ip:
- 192.168.100.10
service:
haproxy:
enabled: true
running: true
user:
haproxy:
exists: true
uid: 111
gid: 117
groups:
- haproxy
home: /var/lib/haproxy
shell: /bin/false
group:
haproxy:
exists: true
gid: 117
command:
egrep "balance\s+roundrobin" /etc/haproxy/haproxy.cfg:
exit-status: 0
stdout:
- balance roundrobin
stderr: []
timeout: 10000
egrep "bind\s+192.168.100.10:80" /etc/haproxy/haproxy.cfg:
exit-status: 0
stdout:
- bind 192.168.100.10:80
stderr: []
timeout: 10000
egrep "mode\s+http" /etc/haproxy/haproxy.cfg:
exit-status: 0
stdout:
- "mode\thttp"
stderr: []
timeout: 10000
process:
haproxy:
running: true
interface:
enp0s3:
exists: true
addrs:
- 192.168.99.10/24
enp0s8:
exists: true
addrs:
- 192.168.100.10/24

63
goss/s-mon.yaml Normal file
View File

@@ -0,0 +1,63 @@
file:
/etc/nagios4/htdigest.users:
exists: true
mode: "0640"
owner: nagios
group: www-data
filetype: file
contains: [nagiosadmin]
package:
apache2:
installed: true
nagios-snmp-plugins:
installed: true
nagios4:
installed: true
snmp:
installed: true
python3-passlib:
installed: true
port:
tcp:80:
listening: true
ip:
- 0.0.0.0
udp:514:
listening: true
ip:
- 0.0.0.0
service:
apache2:
enabled: true
running: true
nagios4:
enabled: true
running: true
command:
sysctl net.ipv4.ip_forward:
exit-status: 0
stdout:
- net.ipv4.ip_forward = 0
stderr: []
timeout: 10000
process:
apache2:
running: true
nagios4:
running: true
interface:
enp0s3:
exists: true
addrs:
- 192.168.99.8/24
enp0s8:
exists: true
addrs:
- 172.16.0.8/24
http:
http://localhost/nagios4:
status: 401
allow-insecure: false
no-follow-redirects: false
timeout: 5000
body: []

30
goss/s-proxy.yaml Normal file
View File

@@ -0,0 +1,30 @@
package:
squid:
installed: true
port:
tcp:8080:
listening: true
ip:
- '0.0.0.0'
service:
squid:
enabled: true
running: true
command:
host 172.16.0.2:
exit-status: 0
stdout:
- 2.0.16.172.in-addr.arpa domain name pointer s-proxy.gsb.lan.
stderr: []
timeout: 10000
interface:
enp0s3:
exists: true
addrs:
- 192.168.99.2/24
mtu: 1500
enp0s8:
exists: true
addrs:
- 172.16.0.2/24
mtu: 1500