forked from evolix/evocheck
Fix #1077. Add check to ensure there is real IP addresses in Allow/Deny directives
This commit is contained in:
parent
411774e83b
commit
596fad44d1
|
@ -61,6 +61,7 @@ IS_USERLOGROTATE=1
|
|||
IS_MODSECURITY=1
|
||||
IS_APACHECTL=1
|
||||
IS_APACHESYMLINK=1
|
||||
IS_APACHEIPINALLOW=1
|
||||
IS_MUNINAPACHECONF=1
|
||||
IS_SAMBAPINPRIORITY=1
|
||||
IS_KERNELUPTODATE=1
|
||||
|
@ -362,6 +363,12 @@ if [ -e /etc/debian_version ]; then
|
|||
(stat -c %F /etc/apache2/sites-enabled/* | grep -q regular && echo 'IS_APACHESYMLINK FAILED!')
|
||||
fi
|
||||
|
||||
# Check if there is real IP addresses in Allow/Deny directives (no trailing space, inline comments or so).
|
||||
if [ "$IS_APACHEIPINALLOW" = 1 ]; then
|
||||
# Note: Replace "exit 1" by "print" in Perl code to debug it.
|
||||
is_installed apache2.2-common && grep -IrE "(Allow|Deny) from" /etc/apache2/ |grep -v "from all" |perl -ne 'exit 1 unless (/from( \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})+$/)' || echo 'IS_APACHEIPINALLOW FAILED!'
|
||||
fi
|
||||
|
||||
# Check if default Apache configuration file for munin is absent (or empty or commented).
|
||||
if [ "$IS_MUNINAPACHECONF" ]; then
|
||||
if is_debianversion squeeze || is_debianversion wheezy; then
|
||||
|
|
Loading…
Reference in a new issue