Add audit script

.gitignore

@@ -0,0 +1 @@
+.slacktoken

README.md

@@ -1,23 +1,35 @@
-This is a collection of simple backup scripts for a few servers I have administered. Some use exclusion files to filter what to backup.
+This is a collection of simple backup scripts for a few servers I have administered.
+Some use exclusion files to filter what to backup.
+
+There is also an "audit" script, that can be used by crontab to regularly send server
+details (e.g. disk usage) to Slack.
+
+Be warned, that these scripts are primitive. They do not stop Minecraft servers from
+auto-saving prior to backup. This might result in a partial or corrupted world when
+restoring from such a backup.
 
 # Installation
 
-1. `apt-get install tar pv bzip2 coreutils` or distribution equivalent
-2. Clone this repository into any directory
-3. Check the `*.exclude` files and ensure the patterns are not excluding anything you want
-4. `chmod +x *.sh`
+1. `apt-get install tar pv lbzip2 coreutils` or distribution equivalent
+1. Clone this repository into any directory
+1. Check the `*.exclude` files; ensure the patterns are not excluding anything you want
+1. `chmod +x *.sh` - Makes the scripts executable
+1. `nano .slacktoken` - Put your Slack bot's token in here for `audit.sh`, if desired
 
 # Usage
 
 ```shell
 # For system backups
-sys.sh
+./sys.sh
 
 # For home directory/user data backups
-home.sh username
+./home.sh username
 
 # For MySQL data backups
-mysql.sh database
+./mysql.sh database
+
+# To send an audit report to Slack
+./audit.sh
 ```
 
 ## crontab
@@ -33,30 +45,43 @@ mysql.sh database
 32 3 *   * * /home/user/roybackup/mysql.sh performance_schema
 34 3 *   * * /home/user/roybackup/mysql.sh forums
 36 3 *   * * /home/user/roybackup/mysql.sh minecraft
+# Send audit report to Slack every Monday at 9 AM
+0  9 *   * Mon /home/user/roybackup/audit.sh
 ```
 
 # Targets
 
 ## `sys.sh`
 
-The `sys.sh` target is for system files from the `/` root. This includes `/etc /var /usr` (etc.) but **excludes** transient directories such as `/tmp /media /sys` (etc.) and also **excludes** the `/home` directory.
+The `sys.sh` target is for system files from the `/` root. This includes `/etc /var /usr`
+(etc.) but **excludes** transient directories such as `/tmp /media /sys` (etc.) and also
+**excludes** the `/home` directory.
 
 ## `home`
 
-The `home.sh` target is for user files which may be gigabytes to terabytes larger than the system backup. This requires the username of the home directory to backup and **excludes** all kinds of transient files, including but not limited to:
+The `home.sh` target is for user files which may be gigabytes to terabytes larger than
+the system backup. This requires the username of the home directory to backup and
+**excludes** all kinds of transient files, including but not limited to:
 
 * Minecraft Dynmap tiles
 * Source engine maps and packages
 
-***Note that some servers, by convention, store this kind of data under different directories (e.g. /srv).***
+***Note that some servers, by convention, store this kind of data under different 
+directories (e.g. /srv).***
 
 ## `mysql.sh`
-This uses `mysqldump` to take and bzip2 a dump of given MySQL databases on the system's installation. This target requires the use of a `.cnf` file that has the password for the MySQL user `root`, in order to perform the dumps. See http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html for more information.
+
+This uses `mysqldump` to take and bzip2 a dump of given MySQL databases on the system's
+installation. This target requires the use of a `.cnf` file that has the password for the
+MySQL user `root`, in order to perform the dumps.
+
+See http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html for more info.
 
 # Exclusions
 
-Both targets have common exclusions for transient files that should not be included in a backup, including but not limited to:
+Both targets have common exclusions for transient files that should not be included in a
+backup, including but not limited to:
 
 * Backup, cache, log and tmp directories (and variants thereof)
 * `*.tar.gz` files
-* Log files
+* Log files

audit.sh

@@ -0,0 +1,95 @@
+#!/bin/bash
+# Audit Bot - Collects information and sends it to Slack
+# By Roy Curtis, licensed under MIT, 2017
+# Initial code by Robrotheram
+
+# #########
+# CONSTANTS:
+# #########
+
+# Standard "make sure we're in script's directory" boilerplate
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+cd $DIR
+# Temporary output file
+OUTFILE=.audit.txt
+# Gets current date and time in fancy format
+DATE="$( date )"
+# Gets current date and time in dd-mm-yyyy_hh-mm format
+FILENAME="$( date +%d-%m-%Y_%H-%M ).txt"
+
+# #########
+# CONFIGURATION:
+# #########
+
+# Bot User OAuth token for the "Gamealition Audit Robot" app.
+# Obtained from https://api.slack.com/apps/A4MKACHJT/oauth
+# CONFIDENTAL - DO NOT SHARE!
+TOKEN=$(cat ".slacktoken")
+
+# Slack channel to upload the audit report to
+CHANNEL="#audit"
+
+# #########
+# FUNCTIONS:
+# #########
+
+function printLn
+{
+    # Append both stdout and stderr to out file
+    echo $1 >> $OUTFILE 2>&1
+}
+
+function printHeader
+{
+    printLn ""
+    printLn "###########"
+    printLn "# $1"
+    printLn "###########"
+    printLn ""
+}
+
+# #########
+# SCRIPT:
+# #########
+
+# First, create audit report
+
+touch $OUTFILE
+
+# Audit logic
+
+printHeader "LOCAL FREE SPACE"
+
+printLn "### No one entry should be more than 90% used"
+printLn ""
+df -h >> $OUTFILE 2>&1
+
+printHeader "LOCAL RAID INTEGRITY"
+
+printLn "### No one entry should be marked 'degraded'"
+printLn "### For storage layout, see https://docs.google.com/document/d/1u8mmbf1QpPjtMWNLR0w7sh0tEs0N_hYX3aQlPJB5j90/edit#heading=h.g20ge9p1otqx"
+printLn ""
+cat /proc/mdstat >> $OUTFILE 2>&1
+
+printHeader "LOCAL BACKUP CONTENTS"
+
+printLn "### Each directory should not have files older than 13 days"
+printLn ""
+ls /home/backups/*/ -lah >> $OUTFILE 2>&1
+
+printHeader "VAULT 111 FREE SPACE"
+
+printLn "### No one entry should be more than 95% used"
+printLn ""
+ssh vault@vault111 'df -h; exit' >> $OUTFILE 2>&1
+
+# Finally, upload and delete the audit report
+
+curl -F file=@$OUTFILE \
+     -F channels="$CHANNEL" \
+     -F filename="$FILENAME" \
+     -F title="Audit report for $DATE" \
+     -F token="${TOKEN}" \
+     https://slack.com/api/files.upload >> /dev/null 2>&1
+
+rm $OUTFILE