netlint - scan this host for network configuration errors
netlint [-t timezone]
netlint -R repo [-d delay] [-p port] [-t timezone]
The network configuration of a node is critical to production opera-
tions of all hosts attached to that network, even a small error on a
host (viz. a duplicate IP address) could seriously impact the perfor-
mance of every host on that segment. No invariant assumption made
about a node is valid, on a modern system, unless the network is con-
Netlint provides a structured report about the network configuration of
a node. This report is processed by the reporter to generate a list of
unexpected configuration facts. See report(1).
The output is usually sent to a reporting agent to notify the Adminis-
trator of errors or inconsistent information found on the host. An ad
hoc visual scan of netlint's output might be useful to find configura-
tion errors on a host that has an (as yet) undiagnosed issue.
Set the maximum delay in seconds to start the scan, when run
from automation like cron(8). This takes effect if stdin is not
The netlint script contains some useful ksh functions that the
plugins use (these are documented in the plugin manual page).
Since ksh doesn't have a portable way to export this from the
running shell netlint has an option to produce them.
Print only a brief help message.
Specify a non-standard port to connect to the rsync server.
Specify that the a remote policy, rather than the local one from
/usr/local/libexec/netlint-plugins should be executed. The pol-
icy is downloaded via rsync to a temporary directory, then exe-
cuted in place of the local policy. Note this trusts a remote
server to provide code to be locally executed. The module
requested is "netlint".
The timezone value expected for this node. If a node is distant
from the reporter service we might ne in a different timezone,
this confirms that fact.
Show only the standerd version banner.
10 2 * * 1 /usr/local/libexec/netlint |Mail -s "NETLINT: '/bin/hostname'" netlint@netlint
A crontab(5) fragment one might use to run netlint every Monday
morning, directing the output to the reporter account for
List the version of netlint and the versions of all the plugins
/usr/local/libexec/netlint -F >/tmp/me$$ && . /tmp/me$$; rm /tmp/me$$
Output the common shell functions to a temporary file, source
them into this shell, and cleanup the file. This is a common
idiom in the plugin code-base.
The environment set for the plugins contains (at least) these vari-
A shell command (viz. echo(1)) that sends a collected fact to
the report. A fact should always be reported via the command,
rather than assuming stdout is the report stream.
The output of uname -s, or something like it. This has already
been reported under the topic "OS:" before the plugins are exe-
A white-space separated list of network interfaces, given as:
interface(ip mac network/CIDR type)
A white-space separated list of IP addresses the host has con-
figured as UP on the network.
A white-space separated list of networks the host is directly
attached to, given as:
The path to a file that contains "netlint -F" output.
$rREPO and $rPORT
These are only exported if a remote repository was specified.
They have the obvious meaning.
The fact's topic tags could have been better organized.
Kevin Braunsdorf, Pete Fritchman
netlint At ksb.npcguild.org, firstname.lastname@example.org
sh(1), ksh(1), ifconfig(8), hostlint(8l), report(1l), robodoc(1),