KEALint - ⚡ blazingly fast ⚡ static configuration analyzer ISC KEA DHCP for version 3.x.x, written in Rust!
More than 40 validation rules for DHCPv4, DHCPv6 (partially), D2, and Control Agent configurations.
Implements a flexible CLI interface for interaction and output of verification results.
Support for working in 'standalone' mode to automatically run checks when configuration is changed using its own kealint-unix-hook. More information about the 'standalone' mode can be found here.
Run command:
./kealint --dir-path ./kea-configsResult:
┌──────────────────────┬──────────────┬────────────┬──────────────────────┬──────────────────────┬──────────────────────┐
│ name │ config_type │ importance │ description │ places │ links │
├──────────────────────┼──────────────┼────────────┼──────────────────────┼──────────────────────┼──────────────────────┤
│ LEASE_DATABASE::NoEn │ Dhcp4 │ Warning │ The 'persist' flag i │ lease-database.persi │ https://kea.readthed │
│ abledPersistFlagForM │ │ │ s not set to 'true' │ st │ ocs.io/en/latest/arm │
│ emfileLeases │ │ │ for the maintenance │ │ /dhcp4-srv.html#memf │
│ │ │ │ of the arend databas │ │ ile-basic-storage-fo │
│ │ │ │ e in the 'memfile' │ │ r-leases │
├──────────────────────┼──────────────┼────────────┼──────────────────────┼──────────────────────┼──────────────────────┤
│ DDNS_SERVER::NotLoca │ D2 │ Critical │ Loopback addresses m │ ip-address │ https://kea.readthed │
│ lIPAddressInD2Server │ │ │ ust be used as the s │ │ ocs.io/en/latest/arm │
│ ConfigRule │ │ │ erver address to avo │ │ /ddns.html#global-se │
│ │ │ │ id attacks with fake │ │ rver-parameters │
│ │ │ │ requests. │ │ │
├──────────────────────┼──────────────┼────────────┼──────────────────────┼──────────────────────┼──────────────────────┤
│ CTRL_AGENT::NotLocal │ ControlAgent │ Warning │ The configuration sp │ http-host │ https://kea.readthed │
│ IPWithoutHTTPSRule │ │ │ ecifies the 'http-po │ │ ocs.io/en/latest/arm │
│ │ │ │ rt' key in a value t │ │ /security.html#tls-h │
│ │ │ │ hat is not a local I │ │ ttps-configuration │
│ │ │ │ P address, but HTTPS │ │ │
│ │ │ │ support is not enab │ │ │
│ │ │ │ led. │ │ │
└──────────────────────┴──────────────┴────────────┴──────────────────────┴──────────────────────┴──────────────────────┘
See more examples.
Command line interface 'KEALint' implements the following interaction parameters:
Note
All command line parameters can be specified in a separate JSON file (without the "--" prefix). If the parameters are specified in the file, specify the --config-filepath flag at startup.
--mode - Optional. Defines the mode of operation of the utility. If 'standalone' is specified, it instructs the server to operate in UNIX socket listener mode and write checks to the database. Default mode is 'cli'.
--config-filepath - Optional. Defines the path to the JSON configuration file. If specified, all flags when calling the utility except directly --config-filepath will be ignored and read from the file.
--dir-path - Optional. Specifies the path to the directory where the KEA configuration files are stored. If this parameter is specified, files named 'kea-dhcp4.conf', 'kea-dhcp-ddns.conf' and 'kea-ctrl-agent.conf' are searched inside the specified directory.
--format - Optional. Defines the format for the output of the verification result. You can specify the value 'table' or 'json'.
--v4-filepath - Optional. Specifies the path to the KEA DHCPv4 configuration file. If specified together the dir-path parameter, the current parameter overrides the path to the v4 configuration file.
--v6-filepath - Optional. Specifies the path to the KEA DHCPv6 configuration file. If specified together the dir-path parameter, the current parameter overrides the path to the v4 configuration file.
--d2-filepath - Optional. Specifies the path to the KEA DHCP DDNS configuration file. If specified together the dir-path parameter, the current parameter overrides the path to the DDNS configuration file.
--ctrl-agent-filepath - Optional. Specifies the path to the KEA Control Agent configuration file. If specified together the dir-path parameter, the current parameter overrides the path to the Control Agent configuration file.
--output-filepath - Optional. Specifies the path to the file to which the verification result will be uploaded. If the file does not exist, it will be created.
--skip-not-exists - Optional. If specified, the check will run even if not all configuration files exist. By default, the utility waits for all configuration files to run (v4, DDNS, and Control Agent).
--use-threads - Optional. If enabled, processing is performed in multithreaded mode.
--with-summary - Optional. Adds additional information when displaying the result as a table.
--unix-socket-filepath - Optional. Defines the path to the UNIX socket that needs to be listened to in order to receive configurations.
--database-type - Optional. Defines the path to the database to which the results of the checks will need to be recorded.
--database-filepath - Optional. Defines the type of database to connect to. Currently, only the value 'sqlite' is supported.
KEALint implements a set of rules for configurations from the following set:
+ - next to the number of rules, it indicates that several rules are implemented for several configurations at once.
| Config part | Link | Rules count |
|---|---|---|
| Allocators | See more | 2+ |
| Client Classes | See more | 3+ |
| Control Agent | See more | 2 |
| DDNS Server | See more | 2+ |
| Hooks | See more | 11+ |
| Interfaces | See more | 1+ |
| Lease Database | See more | 3+ |
| Loggers | See more | 3+ |
| Option Data | See more | 2 |
| Queue Control | See more | 1+ |
| Reservations | See more | 3 |
| Shared Networks | See more | 4 |
| Subnets | See more | 3 |
| Importance | Influence |
|---|---|
| INFO | A rule that does not directly affect the operation of the server, but can improve its performance. |
| WARNING | A rule whose incorrect configuration can lead to incorrect behavior or malfunction of the server. |
| CRITICAL | The rule that is most likely to disrupt the server. |
- Install Rust Compiler from offical site.
- Clone repository:
git clone https://github.com/sanua356/KEALint.git. - Go to cloned repository folder:
cd ./KEALint. - Run build command:
cargo build --release. - Find builded binary file
kealintby path:./target/release.