|
I was told the other day to write a script that will compare a set of predefined values to active values from "sysctl -a"
So here it is.... Some people might ask why did I not do this in shell or even perl??? The answer is simple I love PYTHON!!! :)
Example below..... Make sure to run as root
python sysctl_verify.py
[FAIL] net.core.rmem_max = 131071 (Required value = 20971520)
[FAIL] net.ipv4.tcp_mem = 374304 (Required value = 32768 32768 32768)
[FAIL] net.ipv4.tcp_rmem = 4096 (Required value = 4096 87380 8388608)
[FAIL] net.ipv4.tcp_retries2 = 15 (Required value = 5)
[FAIL] net.ipv4.tcp_wmem = 4096 (Required value = 4096 16384 8388608)
[FAIL] net.core.wmem_max = 131071 (Required value = 20971520)
[FAIL] net.core.netdev_max_backlog = 1000 (Required value = 3000)
[FAIL] net.ipv4.route.flush = Does not Exist!! (Required value = 1)
[FAIL] Current RX value = 128 (Required RX value = 16384)
#!/usr/bin/env python
#This script will will compare a set of predefined values to active values from "sysctl -a"
#Copyright (C) 2008 Allen Sanabria
#This program is free software; you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation; either version 2 of the License, or
#(at your option) any later version.
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU General Public License for more details.
#You should have received a copy of the GNU General Public License along
#with this program; if not, write to the Free Software Foundation, Inc.,
#51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
import os, sys, re, string
#Created by Allen Sanabria
#Verify these parameters are whats running in sysctl
# net.core.rmem_max = 20971520
# net.core.wmem_max = 20971520
# net.ipv4.tcp_mem = 32768 32768 32768
# net.ipv4.tcp_rmem = 4096 87380 8388608
# net.ipv4.tcp_wmem = 4096 16384 8388608
# net.ipv4.tcp_retries2 = 5
# net.core.netdev_max_backlog = 3000
# net.ipv4.route.flush = 1
uid = os.getuid()
root = 0
login = os.getlogin()
eth = []
max_rx = {}
cur_rx = {}
if uid == root:
sysctl_out = {'net.core.rmem_max' : '20971520',
'net.core.wmem_max' : '20971520',
'net.ipv4.tcp_mem' : '32768 32768 32768',
'net.ipv4.tcp_rmem' : '4096 87380 8388608',
'net.ipv4.tcp_wmem' : '4096 16384 8388608',
'net.ipv4.tcp_retries2' : '5',
'net.core.netdev_max_backlog' : '3000',
'net.ipv4.route.flush' : '1'}
for key in sysctl_out.keys():
sysctl = 'sysctl -a | grep %s' % (key)
sysctl_exec = os.popen(sysctl).readline()
sysctl_exec = re.sub('\n', '', sysctl_exec)
sysctl_exec = re.sub('\s+', ' ', sysctl_exec)
sysctl_match = re.search(key+' = '+sysctl_out[key], sysctl_exec)
sysctl_line = re.search((key)+' = (\d+)', sysctl_exec)
sysctl_first = re.search((key), sysctl_exec)
if sysctl_match:
print "[PASS] "+key+ " = " +sysctl_out[key]
elif not sysctl_first:
print "[FAIL] " +key+ " = Does not Exist!! (Required value = " +sysctl_out[key]+ ")"
else:
print "[FAIL] " +key+ " = " +sysctl_line.group(1)+ " (Required value = " +sysctl_out[key]+ ")"
else:
print "Only root can run this, and you are %s with a id of %s" % (login, uid)
|
