# ====================================================================
# Title:    dni_apf.mod
# Author:   Peter M. Abraham
#           Dynamic Net, Inc.
#           13 Cowpath
#           Denver, PA  17517
#           1-717-484-1062
#           EMail: peter.abraham@dynamicnet.net
#           URL: http://www.dynamicnet.net/
# Copyright (c) 2012 Dynamic Net, Inc. All rights Reserved.
# Date:     02/22/2012
# --------------------------------------------------------------------
# Modifications
#
# --------------------------------------------------------------------
# Purpose:  A System Integrity Monitor -- S.I.M. -- add on module
#           to check if APF is running  Only restart APF if local
#	    dns resolution is up. 
#
# --------------------------------------------------------------------
# REQUIREMENTS
#
# dig from bind-utils must be present on the server
#
# --------------------------------------------------------------------
# http://www.rfxn.com/projects/system-integrity-monitor/
# S.I.M. - System Integrity Monitor is written and
# maintained by Ryan MacDonald.
#
# Our copyright is only on this addon module.
#
# --------------------------------------------------------------------
## INSTALLATION INSTRUCTIONS
# cd /usr/local/sim/modules/system/
# wget -N http://dynamicnet.net/download/rfx/dni_apf.mod
# chmod 640 dni_apf.mod
##
##
# vi /usr/local/sim/config/mods.control and add the following line under sys.network off
#
# sys.dni_apf on
#
## make sure the above sys.dni_apf on line is uncommented in /usr/local/sim/config/mods.control
#
## Test with "sim -s"
#
#sim_modv3x
#disable
nameval=dni_apf
#
# Can switch yahoo.com to something else if needed
# Possible consideration for failure is to use a portion of the message in case different 
# dig versions have different output or to prep for future changes of dig; then use the
# contains check vs ==.
DNS_CHECK=`/usr/bin/dig +time=1 +tries=1 +retry=0 yahoo.com | /bin/grep 'timed out'`
DNS_FAILED=';; connection timed out; no servers could be reached'
NUM_RULES=`/sbin/iptables -vnL | /usr/bin/wc -l`

# If APF is off the result of /sbin/iptables -vnL | /usr/bin/wc -l will be 8
APF_OFF='8'

sanity_path $INSTALL_PATH/internals/stat/$nameval.stat 3

if [ "$NUM_RULES" == "$APF_OFF" ]; then
   ## APF is not running, before trying to restart check that we have good local dns resolution

   echo "                   APF offline" >> $INSTALL_PATH/internals/stat/$nameval.stat
   echo_out "APF offline" 1

   track_event $nameval

   if [ "$DNS_CHECK" != "$DNS_FAILED" ]; then
       echo "                   Local DNS working" >> $INSTALL_PATH/internals/stat/$nameval.stat
       echo "                   APF restarting" >> $INSTALL_PATH/internals/stat/$nameval.stat
       echo_out "Local DNS working" 1
       echo_out "APF restarting" 1


      `/etc/rc.d/init.d/apf start`
   else
       echo "                   LOCAL DNS FAILURE" >> $INSTALL_PATH/internals/stat/$nameval.stat
       echo "                   APF is down due to LOCAL DNS resolution" >> $INSTALL_PATH/internals/stat/$nameval.stat
   fi
else
        echo "                   APF online" >> $INSTALL_PATH/internals/stat/$nameval.stat
        echo_out "APF is online" 1
fi
### EOF