Merge branch 'master' into debian

2018-03-19 16:33:01 +01:00 · 2018-03-19 16:33:01 +01:00 · a5eac93bbd
parent c5d16e5b45 31f45cbd6e
commit a5eac93bbd
3 changed files with 122 additions and 19 deletions
--- a/64
+++ b/64
@ -0,0 +1,64 @@
+The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [0.12] - 2018-03-19
+
+### Added
+
+* New checks:
+  IS_DUPLICATE_FS_LEVEL
+  IS_EVOMAINTENANCE_FW
+
+### Changed
+
+* Enabling IS_EVOBACKUP by default
+* Better output for IS_MYSQLMUNIN
+
+## [0.11] - 2018-02-07
+
+### Added
+
+  * Bunch of new checks:                                                   
+    IS_PRIVKEYWOLRDREADABLE                                                
+    IS_EVOLINUXSUDOGROUP                                                   
+    IS_USERINADMGROUP                                                      
+    IS_APACHE2EVOLINUXCONF    
+    IS_BACKPORTSCONF                       
+    IS_BIND9MUNIN                         
+    IS_BIND9LOGROTATE                      
+    IS_BROADCOMFIRMWARE                                                 
+    IS_HARDWARERAIDTOOL
+    IS_LOG2MAILSYSTEMDUNIT                                              
+    IS_LISTUPGRADE
+    IS_MARIADBEVOLINUXCONF              
+    IS_MARIADBSYSTEMDUNIT
+    IS_MYSQLMUNIN             
+    IS_PHPEVOLINUXCONF        
+    IS_SQUIDLOGROTATE                      
+    IS_SQUIDEVOLINUXCONF        
+    IS_SQL_BACKUP                          
+    IS_POSTGRES_BACKUP                    
+    IS_LDAP_BACKUP                         
+    IS_REDIS_BACKUP                       
+    IS_ELASTIC_BACKUP                                               
+    IS_MONGO_BACKUP
+    IS_MOUNT_FSTAB                                                  
+    IS_NETWORK_INTERFACES
+
+### Changed
+
+  * IS_UPTIME added in --cron mode                                          
+  * is_pack_web() for Stretch           
+  * IS_DPKGWARNING for Stretch                                              
+  * IS_MOUNT_FSTAB is disabled if lsblk not available
+  * IS_MINIFWPERMS for Stretch                                      
+  * IS_SQUID for Stretch
+  * IS_LOG2MAILAPACHE for Stretch                                   
+  * IS_AUTOIF for Stretch
+  * IS_UPTIME warn if uptime is more thant 2y, was 1y
+  * IS_NOTUPGRADED warn if last upgrade is older than 90d, was 30d
+  * IS_TUNE2FS_M5 use python in place of bc for calculation               
+  * IS_EVOMAINTENANCEUSERS for Stretch
+  * IS_EVOMAINTENANCECONF check also the mode of the file (600)           
--- a/README.md
+++ b/README.md
@ -13,12 +13,12 @@ Checkout the branch debian, merge the master branch.
 git checkout debian
 git merge master --no-ff
 dch -v <VERSION>-1
-gbp buildpackage --git-debian-branch=debian --git-upstream-tree=master --git-ignore-new
+gbp buildpackage --git-debian-branch=debian --git-upstream-tree=master --git-export-dir=/tmp/build-area --git-ignore-new
 ```

 If the build is OK, you can now build the final package.

 ```
 dch -D stretch -r
-gbp buildpackage --git-debian-branch=debian --git-upstream-tree=master --git-tag --git-sign --git-keyid=<KEY>
+gbp buildpackage --git-debian-branch=debian --git-upstream-tree=master --git-export-dir=/tmp/build-area --git-tag --git-sign --git-keyid=<KEY>
 ```
--- a/evocheck.sh
+++ b/evocheck.sh
@ -98,6 +98,9 @@ IS_ELASTIC_BACKUP=1
 IS_MONGO_BACKUP=1
 IS_MOUNT_FSTAB=1
 IS_NETWORK_INTERFACES=1
+IS_EVOBACKUP=1
+IS_DUPLICATE_FS_LABEL=1
+IS_EVOMAINTENANCE_FW=1

 #Proper to OpenBSD
 IS_SOFTDEP=1
@ -144,6 +147,11 @@ is_debianversion(){
    [ $(lsb_release -c -s) = $1 ] && return 0
 }

+is_debianversion squeeze && MINIFW_FILE=/etc/firewall.rc
+is_debianversion wheezy && MINIFW_FILE=/etc/firewall.rc
+is_debianversion jessie && MINIFW_FILE=/etc/default/minifirewall
+is_debianversion stretch && MINIFW_FILE=/etc/default/minifirewall
+
 #-----------------------------------------------------------
 #Vérifie si c'est une debian et fait les tests appropriés.
 #-----------------------------------------------------------
@ -283,10 +291,7 @@ if [ -e /etc/debian_version ]; then
    fi
    
    if [ "$IS_MINIFWPERMS" = 1 ]; then
-        is_debianversion squeeze && ( ls -l /etc/firewall.rc | grep -q -- -rw------- || echo 'IS_MINIFWPERMS FAILED!' )
-        is_debianversion wheezy && ( ls -l /etc/firewall.rc | grep -q -- -rw------- || echo 'IS_MINIFWPERMS FAILED!' )
-        is_debianversion jessie && ( ls -l /etc/default/minifirewall | grep -q -- -rw------- || echo 'IS_MINIFWPERMS FAILED!' )
-        is_debianversion stretch && ( ls -l /etc/default/minifirewall | grep -q -- -rw------- || echo 'IS_MINIFWPERMS FAILED!' )
+        ls -l "$MINIFW_FILE" | grep -q -- -rw------- || echo 'IS_MINIFWPERMS FAILED!'
    fi
    
    if [ "$IS_NRPEDISKS" = 1 ]; then
@ -339,17 +344,23 @@ if [ -e /etc/debian_version ]; then
    # Verification de l'activation de Squid dans le cas d'un pack mail
    if [ "$IS_SQUID" = 1 ]; then
        squidconffile=/etc/squid*/squid.conf
-        is_debianversion squeeze && f=/etc/firewall.rc
-        is_debianversion wheezy && f=/etc/firewall.rc
-        is_debianversion jessie && f=/etc/default/minifirewall
-        is_debianversion stretch && f=/etc/default/minifirewall && squidconffile=/etc/squid/evolinux-custom.conf
+        is_debianversion stretch && squidconffile=/etc/squid/evolinux-custom.conf
        is_pack_web && ( is_installed squid || is_installed squid3 \
-        && grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT" $f \
-        && grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -d `hostname -i` -j ACCEPT" $f \
-        && grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.(1|0/8) -j ACCEPT" $f \
-        && grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port.* `grep http_port $squidconffile | cut -f 2 -d " "`" $f || echo 'IS_SQUID FAILED!' )
+        && grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT" $MINIFW_FILE \
+        && grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -d `hostname -i` -j ACCEPT" $MINIFW_FILE \
+        && grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.(1|0/8) -j ACCEPT" $MINIFW_FILE \
+        && grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port.* `grep http_port $squidconffile | cut -f 2 -d " "`" $MINIFW_FILE || echo 'IS_SQUID FAILED!' )
    fi
-    
+
+    if [ "$IS_EVOMAINTENANCE_FW" = 1 ]; then
+        if [ -f "$MINIFW_FILE" ]; then
+            rulesNumber=$(grep -c "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s .* -m state --state ESTABLISHED,RELATED -j ACCEPT" "$MINIFW_FILE")
+            if [ "$rulesNumber" -lt 4 ]; then
+                echo 'IS_EVOMAINTENANCE_FW FAILED!'
+            fi
+        fi
+    fi
+
    # Verification de la conf et de l'activation de mod-deflate
    if [ "$IS_MODDEFLATE" = 1 ]; then
        f=/etc/apache2/mods-enabled/deflate.conf
@ -426,7 +437,7 @@ if [ -e /etc/debian_version ]; then

    # Verification de la mise en place d'evobackup
    if [ "$IS_EVOBACKUP" = 1 ]; then
-        ls /etc/cron* |grep -q "zz.backup$" || echo 'IS_EVOBACKUP FAILED!'
+        ls /etc/cron* |grep -q "evobackup" || echo 'IS_EVOBACKUP FAILED!'
    fi
    
    # Verification de la presence du userlogrotate
@ -564,7 +575,7 @@ if [ -e /etc/debian_version ]; then
    if [ "$IS_BACKPORTSCONF" = 1 ]; then
        if is_debianversion stretch; then
            grep -q backports /etc/apt/sources.list && echo 'IS_BACKPORTSCONF FAILED!'
-            grep -q backports /etc/apt/sources.list.d/*.list && (grep -q backports /etc/apt/preferences.d/* || echo 'IS_BACKPORTSCONF FAILED!')
+            grep -q backports /etc/apt/sources.list.d/*.list 2>/dev/null && (grep -q backports /etc/apt/preferences.d/* || echo 'IS_BACKPORTSCONF FAILED!')
        fi
    fi

@ -676,8 +687,17 @@ if [ -e /etc/debian_version ]; then

    if [ "$IS_MYSQLMUNIN" = 1 ]; then
        if is_debianversion stretch && is_installed mariadb-server; then
-            for file in mysql_bytes mysql_queries mysql_slowqueries mysql_threads mysql_connections mysql_files_tables mysql_innodb_bpool mysql_innodb_bpool_act mysql_innodb_io mysql_innodb_log mysql_innodb_rows mysql_innodb_semaphores mysql_myisam_indexes mysql_qcache mysql_qcache_mem mysql_sorts mysql_tmp_tables; do
-                test -L /etc/munin/plugins/$file || echo 'IS_MYSQLMUNIN FAILED!'
+            for file in mysql_bytes mysql_queries mysql_slowqueries \
+            mysql_threads mysql_connections mysql_files_tables \
+            mysql_innodb_bpool mysql_innodb_bpool_act mysql_innodb_io \
+            mysql_innodb_log mysql_innodb_rows mysql_innodb_semaphores \
+            mysql_myisam_indexes mysql_qcache mysql_qcache_mem \
+            mysql_sorts mysql_tmp_tables; do
+
+                if [[ ! -L /etc/munin/plugins/$file ]]; then
+                    echo 'IS_MYSQLMUNIN FAILED!'
+                    break
+                fi
            done
        fi
    fi
@ -715,6 +735,25 @@ if [ -e /etc/debian_version ]; then
                && test -f /etc/squid/evolinux-custom.conf) || echo 'IS_SQUIDEVOLINUXCONF FAILED!'
        fi
    fi
+
+    if [ "$IS_DUPLICATE_FS_LABEL" = 1 ]; then
+        # Only on systems which have lsblk
+        if [ -x "$(which lsblk)" ]; then
+            tmpFile=$(mktemp -p /tmp)
+            for part in $(lsblk -n -o LABEL); do
+                echo "$part" >> "$tmpFile"
+            done
+            tmpOutput=$(sort < "$tmpFile" | uniq -d)
+            # If there is no duplicate, uniq will have no output
+            # So, if $tmpOutput is not null, there is a duplicate
+            if [ -n "$tmpOutput" ]; then
+                echo 'IS_DUPLICATE_FS_LABEL FAILED!'
+                # For debug, you may echo the contents of $tmpOutput
+                # echo $tmpOutput
+            fi
+            rm $tmpFile
+        fi
+    fi
 fi