forked from evolix/evocheck
Merge branch 'master' into debian
This commit is contained in:
commit
7faba567c8
|
@ -10,11 +10,14 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|||
* New checks:
|
||||
IS_DUPLICATE_FS_LEVEL
|
||||
IS_EVOMAINTENANCE_FW
|
||||
IS_EVOLIX_USER
|
||||
|
||||
### Changed
|
||||
|
||||
* Enabling IS_EVOBACKUP by default
|
||||
* Better output for IS_MYSQLMUNIN
|
||||
* Custom limit for IS_NOTUPGRADED
|
||||
* IS_SSHALLOWUSERS now check also for AllowGroups
|
||||
|
||||
## [0.11] - 2018-02-07
|
||||
|
||||
|
|
35
evocheck.sh
35
evocheck.sh
|
@ -101,6 +101,7 @@ IS_NETWORK_INTERFACES=1
|
|||
IS_EVOBACKUP=1
|
||||
IS_DUPLICATE_FS_LABEL=1
|
||||
IS_EVOMAINTENANCE_FW=1
|
||||
IS_EVOLIX_USER=1
|
||||
|
||||
#Proper to OpenBSD
|
||||
IS_SOFTDEP=1
|
||||
|
@ -160,7 +161,7 @@ if [ -e /etc/debian_version ]; then
|
|||
|
||||
if [ "$IS_DPKGWARNING" = 1 ]; then
|
||||
is_debianversion squeeze && ( [ "$IS_USRRO" = 1 ] || [ "$IS_TMPNOEXEC" = 1 ] ) && ( \
|
||||
egrep -i "(Pre-Invoke ..echo Are you sure to have rw on|Post-Invoke ..echo Dont forget to mount -o remount)" \
|
||||
grep -E -i "(Pre-Invoke ..echo Are you sure to have rw on|Post-Invoke ..echo Dont forget to mount -o remount)" \
|
||||
/etc/apt/apt.conf | wc -l | grep -q ^2$ || echo 'IS_DPKGWARNING FAILED!' )
|
||||
is_debianversion wheezy && ( ( [ "$IS_USRRO" = 1 ] || [ "$IS_TMPNOEXEC" = 1 ] ) && \
|
||||
( test -e /etc/apt/apt.conf.d/80evolinux || echo 'IS_DPKGWARNING FAILED!' )
|
||||
|
@ -187,7 +188,7 @@ if [ -e /etc/debian_version ]; then
|
|||
fi
|
||||
|
||||
if [ "$IS_CUSTOMSUDOERS" = 1 ]; then
|
||||
egrep -qr "umask=0077" /etc/sudoers* || echo 'IS_CUSTOMSUDOERS FAILED!'
|
||||
grep -E -qr "umask=0077" /etc/sudoers* || echo 'IS_CUSTOMSUDOERS FAILED!'
|
||||
fi
|
||||
|
||||
if [ "$IS_VARTMPFS" = 1 ]; then
|
||||
|
@ -254,16 +255,16 @@ if [ -e /etc/debian_version ]; then
|
|||
if is_debianversion stretch; then
|
||||
is_installed apt-listchanges && echo 'IS_LISTCHANGESCONF FAILED!'
|
||||
else
|
||||
test -e /etc/apt/listchanges.conf && egrep "(which=both|confirm=1)" /etc/apt/listchanges.conf | wc -l | grep -q ^2$ || echo 'IS_LISTCHANGESCONF FAILED!'
|
||||
test -e /etc/apt/listchanges.conf && grep -E "(which=both|confirm=1)" /etc/apt/listchanges.conf | wc -l | grep -q ^2$ || echo 'IS_LISTCHANGESCONF FAILED!'
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$IS_CUSTOMCRONTAB" = 1 ]; then
|
||||
egrep "^(17 \*|25 6|47 6|52 6)" /etc/crontab | wc -l | grep -q ^4$ && echo 'IS_CUSTOMCRONTAB FAILED!'
|
||||
grep -E "^(17 \*|25 6|47 6|52 6)" /etc/crontab | wc -l | grep -q ^4$ && echo 'IS_CUSTOMCRONTAB FAILED!'
|
||||
fi
|
||||
|
||||
if [ "$IS_SSHALLOWUSERS" = 1 ]; then
|
||||
egrep -qi "AllowUsers" /etc/ssh/sshd_config || echo 'IS_SSHALLOWUSERS FAILED!'
|
||||
grep -E -qi "(AllowUsers|AllowGroups)" /etc/ssh/sshd_config || echo 'IS_SSHALLOWUSERS FAILED!'
|
||||
fi
|
||||
|
||||
if [ "$IS_DISKPERF" = 1 ]; then
|
||||
|
@ -296,7 +297,7 @@ if [ -e /etc/debian_version ]; then
|
|||
|
||||
if [ "$IS_NRPEDISKS" = 1 ]; then
|
||||
NRPEDISKS=$(grep command.check_disk /etc/nagios/nrpe.cfg | grep ^command.check_disk[0-9] | sed -e "s/^command.check_disk\([0-9]\+\).*/\1/" | sort -n | tail -1)
|
||||
DFDISKS=$(df -Pl | egrep -v "(^Filesystem|/lib/init/rw|/dev/shm|udev|rpc_pipefs)" | wc -l)
|
||||
DFDISKS=$(df -Pl | grep -E -v "(^Filesystem|/lib/init/rw|/dev/shm|udev|rpc_pipefs)" | wc -l)
|
||||
[ "$NRPEDISKS" = "$DFDISKS" ] || echo 'IS_NRPEDISKS FAILED!'
|
||||
fi
|
||||
|
||||
|
@ -309,7 +310,7 @@ if [ -e /etc/debian_version ]; then
|
|||
fi
|
||||
|
||||
if [ "$IS_APACHEMUNIN" = 1 ]; then
|
||||
test -e /etc/apache2/apache2.conf && ( is_debianversion stretch || ( egrep -q "^env.url.*/server-status-[[:alnum:]]{4}" /etc/munin/plugin-conf.d/munin-node && egrep -q "/server-status-[[:alnum:]]{4}" /etc/apache2/apache2.conf || egrep -q "/server-status-[[:alnum:]]{4}" /etc/apache2/apache2.conf /etc/apache2/mods-enabled/status.conf 2>/dev/null || echo 'IS_APACHEMUNIN FAILED!' ) )
|
||||
test -e /etc/apache2/apache2.conf && ( is_debianversion stretch || ( grep -E -q "^env.url.*/server-status-[[:alnum:]]{4}" /etc/munin/plugin-conf.d/munin-node && grep -E -q "/server-status-[[:alnum:]]{4}" /etc/apache2/apache2.conf || grep -E -q "/server-status-[[:alnum:]]{4}" /etc/apache2/apache2.conf /etc/apache2/mods-enabled/status.conf 2>/dev/null || echo 'IS_APACHEMUNIN FAILED!' ) )
|
||||
test -e /etc/apache2/apache2.conf && ( is_debianversion stretch && ( test -h /etc/apache2/mods-enabled/status.load && test -h /etc/munin/plugins/apache_accesses && test -h /etc/munin/plugins/apache_processes && test -h /etc/munin/plugins/apache_accesses || echo 'IS_APACHEMUNIN FAILED!' ) )
|
||||
fi
|
||||
|
||||
|
@ -419,10 +420,10 @@ if [ -e /etc/debian_version ]; then
|
|||
|
||||
# Verify if all if are in auto
|
||||
if [ "$IS_AUTOIF" = 1 ]; then
|
||||
is_debianversion stretch || for interface in `/sbin/ifconfig -s |tail -n +2 |egrep -v "^(lo|vnet|docker|veth|tun|tap|macvtap)" |cut -d " " -f 1 |tr "\n" " "`; do
|
||||
is_debianversion stretch || for interface in `/sbin/ifconfig -s |tail -n +2 |grep -E -v "^(lo|vnet|docker|veth|tun|tap|macvtap)" |cut -d " " -f 1 |tr "\n" " "`; do
|
||||
grep -q "^auto $interface" /etc/network/interfaces || (echo 'IS_AUTOIF FAILED!' && break)
|
||||
done
|
||||
is_debianversion stretch && for interface in `/sbin/ip address show up | grep ^[0-9]*: |egrep -v "(lo|vnet|docker|veth|tun|tap|macvtap)" | cut -d " " -f 2 |tr -d : |cut -d@ -f1 |tr "\n" " "`; do
|
||||
is_debianversion stretch && for interface in `/sbin/ip address show up | grep ^[0-9]*: |grep -E -v "(lo|vnet|docker|veth|tun|tap|macvtap)" | cut -d " " -f 2 |tr -d : |cut -d@ -f1 |tr "\n" " "`; do
|
||||
grep -q "^auto $interface" /etc/network/interfaces || (echo 'IS_AUTOIF FAILED!' && break)
|
||||
done
|
||||
fi
|
||||
|
@ -518,7 +519,14 @@ if [ -e /etc/debian_version ]; then
|
|||
# Check if no package has been upgraded since $limit.
|
||||
if [ "$IS_NOTUPGRADED" = 1 ]; then
|
||||
last_upgrade=$(date +%s -d $(zgrep -h upgrade /var/log/dpkg.log* |sort -n |tail -1 |cut -f1 -d ' '))
|
||||
if grep -q '^mailto="listupgrade-todo@' /etc/evolinux/listupgrade.cnf \
|
||||
|| grep -q -E '^[[:digit:]]+[[:space:]]+[[:digit:]]+[[:space:]]+[^\*]' /etc/cron.d/listupgrade; then
|
||||
# Manual upgrade process
|
||||
limit=$(date +%s -d "now - 180 days")
|
||||
else
|
||||
# Regular process
|
||||
limit=$(date +%s -d "now - 90 days")
|
||||
fi
|
||||
if [ -f /var/log/evolinux/00_prepare_system.log ]; then
|
||||
install_date=$(stat -c %Z /var/log/evolinux/00_prepare_system.log)
|
||||
else
|
||||
|
@ -753,6 +761,9 @@ if [ -e /etc/debian_version ]; then
|
|||
fi
|
||||
rm $tmpFile
|
||||
fi
|
||||
|
||||
if [ "$IS_EVOLIX_USER" = 1 ]; then
|
||||
getent passwd evolix >/dev/null && echo 'IS_EVOLIX_USER FAILED!'
|
||||
fi
|
||||
fi
|
||||
|
||||
|
@ -819,7 +830,7 @@ if [ `uname -s` == "OpenBSD" ]; then
|
|||
|
||||
# if [ "$IS_NRPEDISKS" = 1 ]; then
|
||||
# NRPEDISKS=$(grep command.check_disk /etc/nrpe.cfg 2>/dev/null | grep ^command.check_disk[0-9] | sed -e "s/^command.check_disk\([0-9]\+\).*/\1/" | sort -n | tail -1)
|
||||
# DFDISKS=$(df -Pl | egrep -v "(^Filesystem|/lib/init/rw|/dev/shm|udev|rpc_pipefs)" | wc -l)
|
||||
# DFDISKS=$(df -Pl | grep -E -v "(^Filesystem|/lib/init/rw|/dev/shm|udev|rpc_pipefs)" | wc -l)
|
||||
# [ "$NRPEDISKS" = "$DFDISKS" ] || echo 'IS_NRPEDISKS FAILED!'
|
||||
# fi
|
||||
|
||||
|
@ -863,8 +874,8 @@ if [ "$IS_USRSHARESCRIPTS" = 1 ]; then
|
|||
fi
|
||||
|
||||
if [ "$IS_SSHPERMITROOTNO" = 1 ]; then
|
||||
is_debianversion stretch || ( egrep -qi "PermitRoot.*no" /etc/ssh/sshd_config || echo 'IS_SSHPERMITROOTNO FAILED!' )
|
||||
is_debianversion stretch && grep -q ^PermitRoot /etc/ssh/sshd_config && ( egrep -qi "PermitRoot.*no" /etc/ssh/sshd_config || echo 'IS_SSHPERMITROOTNO FAILED!' )
|
||||
is_debianversion stretch || ( grep -E -qi "PermitRoot.*no" /etc/ssh/sshd_config || echo 'IS_SSHPERMITROOTNO FAILED!' )
|
||||
is_debianversion stretch && grep -q ^PermitRoot /etc/ssh/sshd_config && ( grep -E -qi "PermitRoot.*no" /etc/ssh/sshd_config || echo 'IS_SSHPERMITROOTNO FAILED!' )
|
||||
fi
|
||||
|
||||
if [ "$IS_EVOMAINTENANCEUSERS" = 1 ]; then
|
||||
|
|
Loading…
Reference in a new issue