dprevot/evocheck
1
0
Fork 0
forked from evolix/evocheck
Code Issues Pull requests Projects Releases Wiki Activity

Fix #1077. Add check to ensure there is real IP addresses in Allow/Deny directives

Browse source
This commit is contained in:
Romain Dessort 2016-05-10 16:50:44 -04:00
parent 411774e83b
commit 596fad44d1
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
evocheck.sh
View file

@ -61,6 +61,7 @@ IS_USERLOGROTATE=1
IS_MODSECURITY=1
IS_APACHECTL=1
IS_APACHESYMLINK=1
IS_APACHEIPINALLOW=1
IS_MUNINAPACHECONF=1
IS_SAMBAPINPRIORITY=1
IS_KERNELUPTODATE=1
@ -362,6 +363,12 @@ if [ -e /etc/debian_version ]; then
(stat -c %F /etc/apache2/sites-enabled/* | grep -q regular && echo 'IS_APACHESYMLINK FAILED!')
fi
# Check if there is real IP addresses in Allow/Deny directives (no trailing space, inline comments or so).
if [ "$IS_APACHEIPINALLOW" = 1 ]; then
# Note: Replace "exit 1" by "print" in Perl code to debug it.
is_installed apache2.2-common && grep -IrE "(Allow|Deny) from" /etc/apache2/ |grep -v "from all" |perl -ne 'exit 1 unless (/from( \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})+$/)' || echo 'IS_APACHEIPINALLOW FAILED!'
fi
# Check if default Apache configuration file for munin is absent (or empty or commented).
if [ "$IS_MUNINAPACHECONF" ]; then
if is_debianversion squeeze || is_debianversion wheezy; then