From af259252be804b50e39eef47dd020fd2730f5a9a Mon Sep 17 00:00:00 2001
From: Jeremy Dubois <jdubois@evolix.fr>
Date: Fri, 16 Jul 2021 14:52:49 +0200
Subject: [PATCH] Add check_advskew and boot version

---
 CHANGELOG   |  6 ++++++
 evocheck.sh | 26 +++++++++++++++++++++++++-
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 7b8c009..45e462f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [6.9.0] - 2021-07-16
+
+### Added
+
+- Add check_advskew : convention for CARP interfaces. CARP in master state must have advskew parameter between 1 and 50, CARP in backup state must have advskew parameter between 100 and 150, preventing a configuration error with the same value for master and backup
+
 ## [6.8.0] - 2020-10-23
 
 ### Fixed
diff --git a/evocheck.sh b/evocheck.sh
index e77b112..971a9ce 100755
--- a/evocheck.sh
+++ b/evocheck.sh
@@ -3,7 +3,7 @@
 # EvoCheck
 # Script to verify compliance of an OpenBSD server powered by Evolix
 
-readonly VERSION="6.7.7"
+readonly VERSION="6.9.0"
 
 # Disable LANG*
 
@@ -353,6 +353,29 @@ check_openvpncronlog(){
     fi
 }
 
+check_advskew(){
+    if ls /etc/hostname.carp* 1> /dev/null 2>&1; then
+        for carp in $(ifconfig carp | grep ^carp | awk '{print $1}' | tr -d ":"); do
+            ifconfig $carp | grep -q master
+            master=$?
+            ifconfig $carp | grep -q backup
+            backup=$?
+            advskew=$(ifconfig $carp | grep advbase | awk -F 'advskew' '{print $2}' | awk '{print $1}')
+            if [ "$master" -eq 0 ]; then
+                if [ $advskew -lt 1 ] || [ $advskew -gt 50 ]; then
+                    failed "IS_ADVSKEW" "Interface $carp is master : advskew must be between 1 and 50, and must remain lower than that of the backup - current value : $advskew"
+                fi
+            elif [ "$backup" -eq 0 ]; then
+                if [ $advskew -lt 100 ] || [ $advskew -gt 150 ]; then
+                    failed "IS_ADVSKEW" "Interface $carp is backup : advskew must be between 100 and 150, and must remain greater than that of the master - current value : $advskew"
+                fi
+            else
+                failed "IS_ADVSKEW" "Interface $carp is neither master nor backup. Check interface state."
+            fi
+        done
+    fi
+}
+
 
 main() {
     # Default return code : 0 = no error
@@ -394,6 +417,7 @@ main() {
     test "${IS_DEFAULTROUTE:=1}" = 1 && check_defaultroute
     test "${IS_NTP:=1}" = 1 && check_ntp
     test "${IS_OPENVPNCRONLOG:=1}" = 1 && check_openvpncronlog
+    test "${IS_ADVSKEW:=1}" = 1 && check_advskew
 
     exit ${RC}
 }