Linux Remote Servers Status Monitoring Script
Copyright Β© 2019 Teal Dulcet
Monitors the status of one or more remote servers and send notifications when status changes state. Supports Uptime, SSL/TLS Certificate, Domain, DNS Security Extensions (DNSSEC), DNS-based Authentication of Named Entities (DANE) TLSA, Blacklist and Visual monitoring for Website (HTTP(S)), Port (POP3, IMAP, SMTP, FTP, SSH/SFTP, etc.) and Ping monitor types. Uses Unicode symbols and Emojis and terminal colors and formatting to output the results to the console.
β€οΈ Please visit tealdulcet.com to support this script and my other software development.
This script can be run manually to check the state of one or more remote servers.
Requires at least Bash 4.4 and the curl, netcat, ping, dig, delv, whois and openssl commands, which are included on most Linux distributions.
- Verify that the required commands above are installed. On the Raspberry Pi, run:
sudo apt-get update
andsudo apt-get install netcat dnsutils bind9 whois
. - Create a directory for the script and CD into that directory. Run:
mkdir status
andcd status
. - Download the script (status.sh). Run:
wget https://raw.github.com/tdulcet/Remote-Servers-Status/master/status.sh
. - Open the script in an editor and set the variables at the top. At a minimum, you need to provide one To e-mail address and one Website, Port or Ping monitor.
- Execute the script once to make sure there are no errors. Run:
chmod u+x status.sh
and./status.sh
.
The default Log file is status.log
.
This script can also be run automatically from a cron job to regularly monitor one or more remote servers and send notifications when they change state. It can easily be run from a home network on a Raspberry Pi or it can be run in the cloud in the respective Free tiers for Amazon Web Services, Google Cloud Platform, Microsoft Azure or Oracle Cloud. Make sure the computer is running 24/7 and it is on a different network from the servers being monitored.
- Complete the steps above.
- Open the script in an editor again and uncomment the
SEND
variable to enable the sending of notifications (e-mails and text messages). If the computer is on a residential network or if it does not have an SMTP server setup then you will also need to set the SMTP server variables in order to send e-mails. - Set the script to run automatically every minute. Replace "* * * * " with "/5 * * * *" to run every 5 minutes.
- Run:
crontab -e
. - Add this to the bottom of the file (replace "/home/username/status/" with the scripts path):
* * * * * cd /home/username/status/ && ./status.sh >/dev/null
- Or run this to do the above steps:
crontab -l | { cat; echo "* * * * * cd '$PWD' && ./status.sh >/dev/null"; } | crontab -
- Run:
Optional visual monitoring requires Firefox (57 or greater) and ImageMagick. I recommended you install Firefox: Developer Edition/Beta or Nightly to automatically test the websites compatibility with the next release or next two releases of Firefox, respectively.
- Complete the steps above.
- Make sure Firefox and ImageMagick are installed. On x86_64 Linux, click these links to download the latest version: Firefox, Firefox Developer Edition, Firefox Beta, Firefox Nightly or Firefox Nightly AddressSanitizer build and follow these instruction to install. On the Raspberry Pi, run:
sudo apt-get install firefox-esr imagemagick
. - Open the script in an editor and uncomment the
PERCENTAGE
variable to enable visual monitoring.
By default, the latest screenshot for each website monitor is saved to screenshot.<URL without backslashes>.png
. For example, if the monitor's URL were https://example.com/, the file would be screenshot.https:example.com.png
.
This Remote Servers Status Script | Uptime Robot | StatusCake | HetrixTools | |||||
---|---|---|---|---|---|---|---|---|
Pro Plan | Free Plan | Superior | Free | Professional | Free | |||
Monitors | β | 50 (or more) | 50 | 100 | 10 | 25 | 10 | |
Monitor/Check Interval | 1 min | 1 min | 5 min | 1 min | 5 min | 1 min | 1 min | |
Monitor types | Website (HTTP(S)) | β | β | β | β | β | β | β |
Port | β | β | β | β | β | β | β | |
Ping | β | β | β | β | β | β | β | |
SSL/TLS Certificate monitoring | Certificate expiration | β | β | β^ | β | β | ||
Wrong hostname | β | β | β^ | β | β | |||
Insecure protocols (SSLv2 and SSLv3) | β | β | ||||||
Self-signed | β | β^ | β | β | ||||
Untrusted root | β | β^ | β | β | ||||
Revoked (CRL and OCSP) | β | |||||||
DANE TLSA resource record verification | β | |||||||
Port monitors support StartTLS | β | |||||||
Domain monitoring | Domain expiration (all supported TLDs) | β** | β^ | β | β | |||
DNSSEC monitoring | Signature expiration | β | ||||||
Blacklist monitoring | Domain name | β | β | ^^^ | ^^^ | |||
IP address | β | β | ^^^ | ^^^ | ||||
Visual monitoring | β* | |||||||
Logs | β | 12 months | 2 months | 7 days | 7 days | β | β | |
HTTP(S) monitors follow redirects | β | β | β | β | β | |||
HTTP Basic/Digest authentication | β | β | β | β | β | |||
Notifications | β | β | β | β | β | β | β | |
E-mail to SMS | β | β^^ | β^^ | β^^ | β^^ | β^^ | β^^ | |
Use your own e-mail address and SMTP server | β* | |||||||
Digitally sign the e-mails | β* | |||||||
Unbranded | β | β | ||||||
Run in the cloud | β | β | β | β | β | β | β | |
Run on your own computer/device | β | |||||||
Web/mobile apps, API | β | β | β | β | API only | API only | ||
100% Open Source | β | |||||||
Free | π | π | π | π |
* Optional
** Should work for all TLDs, except for a few which have no whois server or which do not provide the domain expiration date. Here is a list of TLDs supported by StatusCake, all of which should work with this script.
^ Only 50 monitors
^^ Does not work with all mobile providers
^^^ Available separately
This is not a comprehensive list of the Remote Servers Status Scriptβs functionality. Notifications are sent using the Send Msg CLI.
Source: Uptime Robot, StatusCake and HetrixTools
For Website monitors, by default, the script makes a HEAD HTTP request and the monitor is considered up if it responds with a 2XX HTTP status code. For HTTPS monitors, additional checks are preformed to verify the certificate.
Domain, DNSSEC and Blacklist monitoring is done for all Website, Port and Ping monitors. Certificate monitoring is done for all HTTPS monitors whose URLs start with βhttps://β and all Port monitors who support SSL/TLS or StartTLS.
Domain monitoring is done once an hour for each domain by default for performance and to avoid the whois limit.
Blacklist monitoring is done once an hour for each monitor by default for performance.
Visual monitoring takes a screenshot of each Website monitor every hour by default for performance and sends a notification when the visual difference is greater than or equal to 20% by default, although this can be configured by changing the PERCENTAGE
variable.
Certificate and Domain expiry reminder notifications are sent three days before expiration by default, although this can be configured by changing the WARNDAYS
variable.
Certificate, Domain, DNSSEC, Blacklist and Visual monitoring is only done for monitors that are considered UP.
Note that cURL does not (yet) support, TLSA (DANE) or certificate revocation checking, so the script will consider Website monitors as UP if there are errors with these features. DANE TLSA resource record verification is implemented separately using delv and OpenSSL. Certificate revocation checking is implemented separately using OpenSSL.
This script works great with Mail-in-a-Box (which automatically installs and sets up mail, web and cloud storage servers), since it supports many of the same security features, including DNSSEC and DANE TLSA.
- testssl.sh (Lots of SSL/TLS tests and nice formatted output, but extremely slow to run, requires lots of technical knowledge to interpret results, not much documentation on the tests, does not check certificate revocation by default)
- Domain Expiration Check Shell Script (Only supports a very limited set of hard coded TLDs, does not display dates in the current time zone or local format, requires setting up an SMTP server to send expiration e-mails)
- Also see this more updated fork
- SSL Certification Expiration Checker (Several unresolved issues, no certificate verification, does not display dates in the current time zone or local format, requires setting up an SMTP server to send expiration e-mails)
- Dns-Monitoring-Scripts (Several unresolved issues, many of the tests do not work or require technical knowledge of the DNS server to interpret the results, does not support notifications)
- Blacklist check UNIX/Linux utility (Checks 115 IPv4 blacklists, but does not support domain or IPv6 blacklists, only checks first IP of domains, slow to run, very little error handling, does not support notifications)
- PHP Server Monitor (Nice web interface with graphs, but requires installing and setting up a web server, PHP and a MySQL database server, only supports uptime monitoring)
- Certificate Expiry Monitor (Basic web interface, but no options, requires installing and setting up a web server and PHP, only supports certificate expiration monitoring)
Pull requests welcome! Ideas for contributions:
- Test the domain monitoring with more TLDs
- There is a separate domains.sh script for testing the Domain expiration monitoring. List the domains in the array at the top of the script or in a βdomain-list.txtβ file.
- Implement a better method for getting the root domain from the hostname
- Currently it gets it from the Start of Authority (SOA) resource record, but this does not always work for domains with multiple subdomains. This page implies that it is possible to get the root domain through the DNS.
- Add response and load time monitoring
- Add more notification types/integrations
- Add push notification support
- Support associating the e-mail address with specific monitors
- Support sending more than one expiry reminder notification
- Support setting a timeout value
- Improve the performance
- Support checking the monitors in parallel
- Support saving the updates to a database instead of a log file
- For Website monitors
- Support more HTTP request methods/verbs
- Support sending custom headers
- Add keyword and change monitor types
- Support checking Website monitors in a Web browser with WebDriver
- In Firefox, this is possible with geckodriver
- Support Internationalized domain names (IDNs) and International email addresses
- Currently they are only supported in Internationalizing Domain Names in Applications (IDNA) encoding.
- Support checking port monitors using
/dev/tcp
- Support domain monitoring with the Registration Data Access Protocol (RDAP)
- Support checking for the HTTP Strict Transport Security (HSTS) header and the MTA Strict Transport Security (MTA-STS) file