Skip to content

Latest commit

Β 

History

History
446 lines (416 loc) Β· 17.8 KB

README.md

File metadata and controls

446 lines (416 loc) Β· 17.8 KB

Remote Servers Status

Linux Remote Servers Status Monitoring Script

Copyright Β© 2019 Teal Dulcet

Monitors the status of one or more remote servers and send notifications when status changes state. Supports Uptime, SSL/TLS Certificate, Domain, DNS Security Extensions (DNSSEC), DNS-based Authentication of Named Entities (DANE) TLSA, Blacklist and Visual monitoring for Website (HTTP(S)), Port (POP3, IMAP, SMTP, FTP, SSH/SFTP, etc.) and Ping monitor types. Uses Unicode symbols and Emojis and terminal colors and formatting to output the results to the console.

❀️ Please visit tealdulcet.com to support this script and my other software development.

Usage

This script can be run manually to check the state of one or more remote servers.

Requires at least Bash 4.4 and the curl, netcat, ping, dig, delv, whois and openssl commands, which are included on most Linux distributions.

  1. Verify that the required commands above are installed. On the Raspberry Pi, run: sudo apt-get update and sudo apt-get install netcat dnsutils bind9 whois.
  2. Create a directory for the script and CD into that directory. Run: mkdir status and cd status.
  3. Download the script (status.sh). Run: wget https://raw.github.com/tdulcet/Remote-Servers-Status/master/status.sh.
  4. Open the script in an editor and set the variables at the top. At a minimum, you need to provide one To e-mail address and one Website, Port or Ping monitor.
  5. Execute the script once to make sure there are no errors. Run: chmod u+x status.sh and ./status.sh.

The default Log file is status.log.

Run the script automatically

This script can also be run automatically from a cron job to regularly monitor one or more remote servers and send notifications when they change state. It can easily be run from a home network on a Raspberry Pi or it can be run in the cloud in the respective Free tiers for Amazon Web Services, Google Cloud Platform, Microsoft Azure or Oracle Cloud. Make sure the computer is running 24/7 and it is on a different network from the servers being monitored.

  1. Complete the steps above.
  2. Open the script in an editor again and uncomment the SEND variable to enable the sending of notifications (e-mails and text messages). If the computer is on a residential network or if it does not have an SMTP server setup then you will also need to set the SMTP server variables in order to send e-mails.
  3. Set the script to run automatically every minute. Replace "* * * * " with "/5 * * * *" to run every 5 minutes.
    1. Run: crontab -e.
    2. Add this to the bottom of the file (replace "/home/username/status/" with the scripts path): * * * * * cd /home/username/status/ && ./status.sh >/dev/null
    3. Or run this to do the above steps: crontab -l | { cat; echo "* * * * * cd '$PWD' && ./status.sh >/dev/null"; } | crontab -

Visual monitoring

Optional visual monitoring requires Firefox (57 or greater) and ImageMagick. I recommended you install Firefox: Developer Edition/Beta or Nightly to automatically test the websites compatibility with the next release or next two releases of Firefox, respectively.

  1. Complete the steps above.
  2. Make sure Firefox and ImageMagick are installed. On x86_64 Linux, click these links to download the latest version: Firefox, Firefox Developer Edition, Firefox Beta, Firefox Nightly or Firefox Nightly AddressSanitizer build and follow these instruction to install. On the Raspberry Pi, run: sudo apt-get install firefox-esr imagemagick.
  3. Open the script in an editor and uncomment the PERCENTAGE variable to enable visual monitoring.

By default, the latest screenshot for each website monitor is saved to screenshot.<URL without backslashes>.png. For example, if the monitor's URL were https://example.com/, the file would be screenshot.https:example.com.png.

Feature comparison

This Remote Servers Status Script Uptime Robot StatusCake HetrixTools
Pro Plan Free Plan Superior Free Professional Free
Monitors ∞ 50 (or more) 50 100 10 25 10
Monitor/Check Interval 1 min 1 min 5 min 1 min 5 min 1 min 1 min
Monitor types Website (HTTP(S)) βœ” βœ” βœ” βœ” βœ” βœ” βœ”
Port βœ” βœ” βœ” βœ” βœ” βœ” βœ”
Ping βœ” βœ” βœ” βœ” βœ” βœ” βœ”
SSL/TLS Certificate monitoring Certificate expiration βœ” βœ” βœ”^ βœ” βœ”
Wrong hostname βœ” βœ” βœ”^ βœ” βœ”
Insecure protocols (SSLv2 and SSLv3) βœ” βœ”
Self-signed βœ” βœ”^ βœ” βœ”
Untrusted root βœ” βœ”^ βœ” βœ”
Revoked (CRL and OCSP) βœ”
DANE TLSA resource record verification βœ”
Port monitors support StartTLS βœ”
Domain monitoring Domain expiration (all supported TLDs) βœ”** βœ”^ βœ” βœ”
DNSSEC monitoring Signature expiration βœ”
Blacklist monitoring Domain name βœ” βœ” ^^^ ^^^
IP address βœ” βœ” ^^^ ^^^
Visual monitoring βœ”*
Logs ∞ 12 months 2 months 7 days 7 days ∞ ∞
HTTP(S) monitors follow redirects βœ” βœ” βœ” βœ” βœ”
HTTP Basic/Digest authentication βœ” βœ” βœ” βœ” βœ”
Notifications E-mail βœ” βœ” βœ” βœ” βœ” βœ” βœ”
E-mail to SMS βœ” βœ”^^ βœ”^^ βœ”^^ βœ”^^ βœ”^^ βœ”^^
Use your own e-mail address and SMTP server βœ”*
Digitally sign the e-mails βœ”*
Unbranded βœ” βœ”
Run in the cloud βœ” βœ” βœ” βœ” βœ” βœ” βœ”
Run on your own computer/device βœ”
Web/mobile apps, API βœ” βœ” βœ” βœ” API only API only
100% Open Source βœ”
Free πŸ†“ πŸ†“ πŸ†“ πŸ†“

* Optional
** Should work for all TLDs, except for a few which have no whois server or which do not provide the domain expiration date. Here is a list of TLDs supported by StatusCake, all of which should work with this script.
^ Only 50 monitors
^^ Does not work with all mobile providers
^^^ Available separately

This is not a comprehensive list of the Remote Servers Status Script’s functionality. Notifications are sent using the Send Msg CLI.

Source: Uptime Robot, StatusCake and HetrixTools

For Website monitors, by default, the script makes a HEAD HTTP request and the monitor is considered up if it responds with a 2XX HTTP status code. For HTTPS monitors, additional checks are preformed to verify the certificate.

Domain, DNSSEC and Blacklist monitoring is done for all Website, Port and Ping monitors. Certificate monitoring is done for all HTTPS monitors whose URLs start with β€œhttps://” and all Port monitors who support SSL/TLS or StartTLS. Domain monitoring is done once an hour for each domain by default for performance and to avoid the whois limit. Blacklist monitoring is done once an hour for each monitor by default for performance. Visual monitoring takes a screenshot of each Website monitor every hour by default for performance and sends a notification when the visual difference is greater than or equal to 20% by default, although this can be configured by changing the PERCENTAGE variable. Certificate and Domain expiry reminder notifications are sent three days before expiration by default, although this can be configured by changing the WARNDAYS variable. Certificate, Domain, DNSSEC, Blacklist and Visual monitoring is only done for monitors that are considered UP.

Note that cURL does not (yet) support, TLSA (DANE) or certificate revocation checking, so the script will consider Website monitors as UP if there are errors with these features. DANE TLSA resource record verification is implemented separately using delv and OpenSSL. Certificate revocation checking is implemented separately using OpenSSL.

This script works great with Mail-in-a-Box (which automatically installs and sets up mail, web and cloud storage servers), since it supports many of the same security features, including DNSSEC and DANE TLSA.

Other Servers Status Scripts

  • testssl.sh (Lots of SSL/TLS tests and nice formatted output, but extremely slow to run, requires lots of technical knowledge to interpret results, not much documentation on the tests, does not check certificate revocation by default)
  • Domain Expiration Check Shell Script (Only supports a very limited set of hard coded TLDs, does not display dates in the current time zone or local format, requires setting up an SMTP server to send expiration e-mails)
    • Also see this more updated fork
  • SSL Certification Expiration Checker (Several unresolved issues, no certificate verification, does not display dates in the current time zone or local format, requires setting up an SMTP server to send expiration e-mails)
  • Dns-Monitoring-Scripts (Several unresolved issues, many of the tests do not work or require technical knowledge of the DNS server to interpret the results, does not support notifications)
  • Blacklist check UNIX/Linux utility (Checks 115 IPv4 blacklists, but does not support domain or IPv6 blacklists, only checks first IP of domains, slow to run, very little error handling, does not support notifications)
  • PHP Server Monitor (Nice web interface with graphs, but requires installing and setting up a web server, PHP and a MySQL database server, only supports uptime monitoring)
  • Certificate Expiry Monitor (Basic web interface, but no options, requires installing and setting up a web server and PHP, only supports certificate expiration monitoring)

Contributing

Pull requests welcome! Ideas for contributions:

  • Test the domain monitoring with more TLDs
    • There is a separate domains.sh script for testing the Domain expiration monitoring. List the domains in the array at the top of the script or in a β€œdomain-list.txt” file.
  • Implement a better method for getting the root domain from the hostname
    • Currently it gets it from the Start of Authority (SOA) resource record, but this does not always work for domains with multiple subdomains. This page implies that it is possible to get the root domain through the DNS.
  • Add response and load time monitoring
  • Add more notification types/integrations
    • Add push notification support
  • Support associating the e-mail address with specific monitors
  • Support sending more than one expiry reminder notification
  • Support setting a timeout value
  • Improve the performance
  • Support checking the monitors in parallel
  • Support saving the updates to a database instead of a log file
  • For Website monitors
    • Support more HTTP request methods/verbs
    • Support sending custom headers
  • Add keyword and change monitor types
  • Support checking Website monitors in a Web browser with WebDriver
  • Support Internationalized domain names (IDNs) and International email addresses
    • Currently they are only supported in Internationalizing Domain Names in Applications (IDNA) encoding.
  • Support checking port monitors using /dev/tcp
  • Support domain monitoring with the Registration Data Access Protocol (RDAP)
  • Support checking for the HTTP Strict Transport Security (HSTS) header and the MTA Strict Transport Security (MTA-STS) file