Apr 202017
 

This is an Apache config sanitizer, it checks to make sure there are no orphaned files in the Debian style sites-available/sites-enabled type setup and checks to make sure each virtual host has a valid DNS.

#!/bin/bash
# Apache config sanitizer.. Checks to make sure all sites are correctly configured 
# for DNS and checks for orphaned config files.
#
# By Gerhard Mack <gmack@innerfire.net>

function getipaddress {
        if [[ "${1}" == 4 ]]
        then
                getent ahostsv4 "${2}" | grep STREAM | head -n 1 | cut -d ' ' -f 1
                return
        fi

        if [[ "${1}" == 6 ]]
        then
                getent ahostsv6 "${2}" | grep STREAM | head -n 1 | cut -d ' ' -f 1
                return
        fi
}

while read line
do
        name="$(basename $line)"

        #Ignore common standard files
        if [[ "${name}" == "000-default-le-ssl.conf" ]]
        then
                continue
        fi

        if [[ "${name}" == "default-ssl.conf" ]]
        then
                continue
        fi

        if [[ "${name}" == "000-default.conf" ]]
        then
                continue
        fi

        if [[ ! -e "/etc/apache2/sites-enabled/${name}" ]]
        then
                echo orphaned file: ${line}
        fi
done <<< "$(find /etc/apache2/sites-available/ -name '*.conf')"

while read line
do
        array=( $line )

        if [[ "${line:0:1}" == [0-9] ]]
        then
                VIP=$(echo ${array[0]} | cut -d: -f1 )
                IPV=4
                continue
        fi

        if [[ "${line:0:1}" == "[" ]]
        then
                 VIP=$(echo ${array[0]} | cut -d\] -f1 | cut -d \[ -f2)
                 IPV=6
                 continue
        fi

        if [[ "${line:0:1}" == "*" ]] 
        then
                 continue
        fi

        if [[ "${array[0]}" == "port" ]]
        then
                 VHOST="${array[3]}"

                 IP=$(getipaddress ${IPV} ${VHOST})

                 if [[ -z "${IP}" ]]
                 then
                         echo ${VHOST} does not resolve. \(should be \"${VIP}\"\)
                         continue
                 fi

                 if [[ "${IP}" == "::ffff:"* ]]
                 then
                          echo ${VHOST} does not have an IPv6 address. \(should be \"${VIP}\"\)
                          continue
                 fi

                 if [[ "$IP" != "$VIP" ]]
                 then
                          echo vhost ${VHOST} points to \"${IP}\" \(should be \"${VIP}\"\)
                 fi
                 
                 continue
         fi

         if [[ "$array[0]" == "alias[0]" ]]
         then
                 VALIAS="${array[1]}"
                 IP=$(getipaddress ${IPV} ${VALIAS})

         if [[ -z $IP ]] ; then
                 echo ${VHOST} alias ${VALIAS} does not resolve. \(should be \"${VIP}\"\)
                 continue
         fi

         if [[ ${IP} == "::ffff:"* ]]
         then
                 echo ${VHOST} alias ${VALIAS} does not have an IPv6 address. \(should be \"${VIP}\"\)
                 continue
         fi

         if [[ "$IP" != "$VIP" ]] ; then
                echo vhost ${VHOST} alias $VALIAS points to \"${IP}\" \(should be \"${VIP}\"\)
         fi

         continue
         fi
done <<< "$(apachectl -S)"

 

 Posted by at 17:50

  2 Responses to “Apache config validater.”

  1. Pretty nice Gerhard! See you on Freenode? 😉

    • At some point, I checked my IRC window and realized I had been idle for over a year so I’ve cut back to google hangouts/facebook/skype etc. Unless there is something I need or is arranged in advance.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)