| Dir : /usr/local/nagios/plugins/ |
| Server: Linux server1.ngambekcore.com 4.18.0-553.51.1.el8_10.x86_64 #1 SMP Wed Apr 30 04:00:07 EDT 2025 x86_64 IP: 159.198.77.92 |
| Dir : //usr/local/nagios/plugins/nc-nrpe-check-cp-reseller-privileges.sh |
#!/bin/bash
RESELLERS_FILE="/var/cpanel/resellers"
CRITICAL_EXIT=2
ERRORS=() # Array for storing errors
if [ ! -f "$RESELLERS_FILE" ]; then
ERRORS+=("CRITICAL: Reseller privileges file $RESELLERS_FILE does not exist!")
fi
if [ ! -s "$RESELLERS_FILE" ]; then
ERRORS+=("CRITICAL: Reseller privileges file is empty")
fi
if [ ${#ERRORS[@]} -gt 0 ]; then
printf "%s\n" "${ERRORS[@]}"
exit $CRITICAL_EXIT
fi
# Checking the number of users
num_users=$(grep -o ":" "$RESELLERS_FILE" | wc -l)
if [ "$num_users" -eq 0 ]; then
ERRORS+=("CRITICAL: No resellers found in $RESELLERS_FILE (no ':' delimiter)")
fi
if [ ${#ERRORS[@]} -gt 0 ]; then
printf "%s\n" "${ERRORS[@]}"
exit $CRITICAL_EXIT
fi
# Get all users
users_list=$(cut -d: -f1 "$RESELLERS_FILE")
for user in $users_list; do
# Whether the user exists in the system and has a real ID
if ! id "$user" &>/dev/null; then
ERRORS+=("CRITICAL: User '$user' does not exist in the system!")
continue
fi
user_id=$(id -u "$user")
if [ "$user_id" -lt 1000 ] && [ "$user_id" -ne 0 ]; then
ERRORS+=("CRITICAL: User '$user' has a system ID ($user_id), not a real user!")
fi
# checking OWNER is not root
user_cpanel_file="/var/cpanel/users/$user"
if [ ! -f "$user_cpanel_file" ]; then
ERRORS+=("CRITICAL: cPanel user file for '$user' does not exist!")
continue
fi
owner=$(grep "^OWNER=" "$user_cpanel_file" | cut -d= -f2)
if [ "$owner" == "root" ]; then
ERRORS+=("CRITICAL: Reseller account '$user' is OWNED by root!")
fi
done
# If there are errors, output them
if [ ${#ERRORS[@]} -gt 0 ]; then
printf "%s\n" "${ERRORS[@]}"
exit $CRITICAL_EXIT
fi
echo "OK: CP Reseller Privileges are OK"
exit 0