#!/bin/bash
set +x
#检查所有节点
G_INSPECT_MMLPATH="/opt/huawei/snas/script/inspect_mml"
. $G_INSPECT_MMLPATH/CheckItems
CurInspectNum="347"
CurInspectFun=`GetInspectType $CurInspectNum`
RESULTFILE="${G_TMP_INSPECT_PATH}tmpResult${CurInspectFun}"
LOCAL_BACK_IP=$(GetLocalIp)
if [ -L $RESULTFILE ]; then
    rm -f $RESULTFILE
    echo "There are security risks."
fi
>$RESULTFILE

isPass=0

function LOG
{
    time=$(date)
    echo [${time}][$$][$CurInspectFun]$@ >> $LOG_FILE
}

# 检查后台删除rmbg的任务类型  job_dispatch_type 1 固定时间段   2 间隔定长时间
# 扩容后几率导致配置的定时删除任务失效，需要在扩容后重启bjm前重新配置定时删除策略
function checkRmbgDispatchType() {
    rmbgJobDispatchType="-"
    local isBjmManager=$(cat /proc/monc_jmmap | grep "active manager ip" | grep -w "${LOCAL_BACK_IP}")
    if [ "X${isBjmManager}" != "X" ];then
        rmbgJobDispatchType=$(/usr/local/bin/MmlBatch 4100 "manager get job" | grep '9223372036854775827' | awk -F '[()]' '{printf $8}')
        LOG [$FUNCNAME][$LINENO] "Rmbg Job Dispatch Type:${rmbgJobDispatchType}"

        # 只判断检查job_dispatch_type为1时不通过，其它非法值由删除任务检查巡检项检查
        if [ "X${rmbgJobDispatchType}" == "X1" ]; then
            echo "[ERR]Node:${LOCAL_BACK_IP}||INFO:the job of rmbg_data is scheduled at a fixed time." >>${RESULTFILE} 2>&1
            isPass=1
            return
        fi
    fi
}

function checkProductConsistency() {
    files=(`ls -l /opt/huawei/deploy/package |grep "^-"|grep -v total|grep -v "sha256"|grep -v FusionStoragePublicTool|grep -v ca-cert.crt|grep -v ca-key.pem|grep -v file-cert.crt|grep -v file-csr.csr|grep -v file-key.pem|grep -v "checksum" |grep -v "crldata.crl" |grep -v "checksum.cms" |grep -v "oem.tar.gz" |grep -v "svn_hotpatch.txt" |awk '{print $9}'`)
    files_index=${#files[*]}
    inconsistentFile=""
    while [ ${files_index} -gt 0 ]
    do
        let files_index--
        sha256local=`sha256sum /opt/huawei/deploy/package/${files[${files_index}]} |awk {'print $1'}`
        sha256src=`cat /opt/huawei/deploy/package/checksum |grep -w ${files[${files_index}]}  |awk {'print $1'}`

        if [ "$sha256src" = "" ]; then
            LOG [$FUNCNAME][$LINENO] "Not exist file:${files[${files_index}]} in checksum."
            echo "[ERR]Node:${LOCAL_BACK_IP}||INFO:Not exist file:${files[${files_index}]} in checksum." >>${RESULTFILE} 2>&1
            inconsistentFile="${files[${files_index}]} ${inconsistentFile}"
            continue
        fi

        if [ "$sha256local" != "$sha256src" ]; then
            LOG [$FUNCNAME][$LINENO] "sha256sum check sha256 failed,file:${files[${files_index}]}."
            echo "[ERR]Node:${LOCAL_BACK_IP}||INFO:sha256sum check sha256 failed,file:${files[${files_index}]}." >>${RESULTFILE} 2>&1
            inconsistentFile="${files[${files_index}]} ${inconsistentFile}"
            continue
        fi
    done

    if [ X"${inconsistentFile}" == X"" ]; then
        inconsistentFile="-"
    else
        isPass=1
    fi
}

function main()
{
    checkRmbgDispatchType  # check rmbg job dispatch type ———— 1 no pass;other pass
    checkProductConsistency
    echo "Node:${LOCAL_BACK_IP}||Rmbg Job Dispatch Type:${rmbgJobDispatchType}||Inconsistent configuration files:${inconsistentFile}" >>${RESULTFILE} 2>&1
}

main

echo "${CurInspectFun}_Pass $isPass" >>${RESULTFILE} 2>&1
exit 0
