dprevot/evocheck
1
0
Fork 0
forked from evolix/evocheck
Code Issues Pull requests Projects Releases Wiki Activity

- Apply policy to avoid test duplication

Browse source 
- Minor cleaning
This commit is contained in:
Gregory Colpart 2015-11-28 16:23:28 +01:00
parent 50e9a816bb
commit 29fae2b7ae
1 changed files with 27 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

81
evocheck.sh
View file

@ -1,10 +1,8 @@
#!/bin/bash #!/bin/bash
# EvoCheck script # EvoCheck
# Script to verify compliance of a Debian/OpenBSD server
# version 0.3.3-beta # powered by Evolix
# Copyright 2011 Gregory Colpart <reg@evolix.fr>, Evolix <info@evolix.fr>
# Last revision : 29 Juin 2011
# Disable LANG* # Disable LANG*
export LANG=C export LANG=C
@ -86,23 +84,21 @@ test -f /etc/evocheck.cf && . /etc/evocheck.cf
# Functions # Functions
is_pack_web(){ is_pack_web(){
test -e /usr/share/scripts/web-add.sh test -e /usr/share/scripts/web-add.sh
} }
is_pack_samba(){ is_pack_samba(){
test -e /usr/share/scripts/add.pl test -e /usr/share/scripts/add.pl
} }
is_installed(){ is_installed(){
for pkg in $*; do for pkg in $*; do
dpkg -l $pkg 2>/dev/null |grep -q ^ii || return 1 dpkg -l $pkg 2>/dev/null |grep -q ^ii || return 1
done done
}
is_debianversion(){
[ $(lsb_release -c -s) = $1 ] && return 0;
} }
#----------------------------------------------------------- #-----------------------------------------------------------
@ -111,51 +107,35 @@ is_installed(){
if [ -e /etc/debian_version ]; then if [ -e /etc/debian_version ]; then
# Proper to Squeeze or Wheezy version. if [ "$IS_DPKGWARNING" = 1 ]; then
if [ $(lsb_release -c -s) = "squeeze" ]; then is_debianversion squeeze && ( ( [ "$IS_USRRO" = 1 ] || [ "$IS_TMPNOEXEC" = 1 ] ) && \
if [ "$IS_DPKGWARNING" = 1 ] && ( [ "$IS_USRRO" = 1 ] || [ "$IS_TMPNOEXEC" = 1 ] ); then
egrep -i "(Pre-Invoke ..echo Are you sure to have rw on|Post-Invoke ..echo Dont forget to mount -o remount)" \ egrep -i "(Pre-Invoke ..echo Are you sure to have rw on|Post-Invoke ..echo Dont forget to mount -o remount)" \
/etc/apt/apt.conf | wc -l | grep -q ^2$ || \ /etc/apt/apt.conf | wc -l | grep -q ^2$ || echo 'IS_DPKGWARNING FAILED!' )
echo 'IS_DPKGWARNING FAILED!' is_debianversion wheezy && ( ( [ "$IS_USRRO" = 1 ] || [ "$IS_TMPNOEXEC" = 1 ] ) && \
fi
if [ "$IS_UMASKSUDOERS" = 1 ]; then
grep -q ^Defaults.*umask=0077 /etc/sudoers || echo 'IS_UMASKSUDOERS FAILED!'
fi
# Verifying check_mailq in Nagios NRPE config file. (Option "-M postfix" need to be set if the MTA is Postfix)
if [ "$IS_NRPEPOSTFIX" = 1 ]; then
is_installed postfix && ( grep -q "^command.*check_mailq -M postfix" /etc/nagios/nrpe.cfg || echo 'IS_NRPEPOSTFIX FAILED!' )
fi
# Check if mod-security config file is present.
if [ "$IS_MODSECURITY" = 1 ]; then
is_installed libapache-mod-security && \
(test -e /etc/apache2/conf.d/mod-security2.conf || echo 'IS_MODSECURITY FAILED!')
fi
fi
if [ $(lsb_release -c -s) = "wheezy" ]; then
if [ "$IS_DPKGWARNING" = 1 ] && ( [ "$IS_USRRO" = 1 ] || [ "$IS_TMPNOEXEC" = 1 ] ); then
test -e /etc/apt/apt.conf && echo 'IS_DPKGWARNING FAILED!' test -e /etc/apt/apt.conf && echo 'IS_DPKGWARNING FAILED!'
test -e /etc/apt/apt.conf.d/80evolinux || echo 'IS_DPKGWARNING FAILED!' test -e /etc/apt/apt.conf.d/80evolinux || echo 'IS_DPKGWARNING FAILED!' )
fi
# Check if mod-security config file is present.
if [ "$IS_MODSECURITY" = 1 ]; then
is_installed libapache2-modsecurity && \
(test -e /etc/apache2/conf.d/mod-security2.conf || echo 'IS_MODSECURITY FAILED!')
fi
fi fi
# Compatible Squeeze & Wheezy. if [ "$IS_UMASKSUDOERS" = 1 ]; then
if [ "$IS_CUSTOMSUDOERS" = 1 ]; then is_debianversion squeeze && ( grep -q ^Defaults.*umask=0077 /etc/sudoers || echo 'IS_UMASKSUDOERS FAILED!' )
egrep -qr "umask=0077" /etc/sudoers* || echo 'IS_CUSTOMSUDOERS FAILED!'
fi fi
# Verifying check_mailq in Nagios NRPE config file. (Option "-M postfix" need to be set if the MTA is Postfix) # Verifying check_mailq in Nagios NRPE config file. (Option "-M postfix" need to be set if the MTA is Postfix)
if [ "$IS_NRPEPOSTFIX" = 1 ]; then if [ "$IS_NRPEPOSTFIX" = 1 ]; then
is_installed postfix && ( grep -qr "^command.*check_mailq -M postfix" /etc/nagios/nrpe.* || echo 'IS_NRPEPOSTFIX FAILED!' ) is_debianversion squeeze && is_installed postfix && ( grep -q "^command.*check_mailq -M postfix" /etc/nagios/nrpe.cfg || echo 'IS_NRPEPOSTFIX FAILED!' )
is_debianversion squeeze || ( is_installed postfix && ( grep -qr "^command.*check_mailq -M postfix" /etc/nagios/nrpe.* || echo 'IS_NRPEPOSTFIX FAILED!' ) )
fi
# Check if mod-security config file is present
if [ "$IS_MODSECURITY" = 1 ]; then
is_debianversion squeeze && is_installed libapache-mod-security && \
(test -e /etc/apache2/conf.d/mod-security2.conf || echo 'IS_MODSECURITY FAILED!')
is_debianversion wheezy && is_installed libapache2-modsecurity && \
(test -e /etc/apache2/conf.d/mod-security2.conf || echo 'IS_MODSECURITY FAILED!')
fi
if [ "$IS_CUSTOMSUDOERS" = 1 ]; then
egrep -qr "umask=0077" /etc/sudoers* || echo 'IS_CUSTOMSUDOERS FAILED!'
fi fi
if [ "$IS_VARTMPFS" = 1 ]; then if [ "$IS_VARTMPFS" = 1 ]; then
@ -370,9 +350,6 @@ if [ -e /etc/debian_version ]; then
fi fi
fi fi
#-----------------------------------------------------------
#Vérifie si c'est une OpenBSD et fait les tests appropriés.
#-----------------------------------------------------------
if [ `uname -s` == "OpenBSD" ]; then if [ `uname -s` == "OpenBSD" ]; then
@ -467,10 +444,6 @@ if [ `uname -s` == "OpenBSD" ]; then
# - NRPEDISK et NRPEPOSTFIX # - NRPEDISK et NRPEPOSTFIX
fi fi
#---------------
# Tests communs
#---------------
if [ "$IS_TMP_1777" = 1 ]; then if [ "$IS_TMP_1777" = 1 ]; then
ls -ld /tmp | grep -q drwxrwxrwt || echo 'IS_TMP_1777 FAILED!' ls -ld /tmp | grep -q drwxrwxrwt || echo 'IS_TMP_1777 FAILED!'
fi fi