From 5481bb469840f28a5c3c6493df96dac5e80f0c21 Mon Sep 17 00:00:00 2001
From: Jeremy Dubois <jdubois@evolix.fr>
Date: Wed, 13 Apr 2022 15:58:25 +0200
Subject: [PATCH] evocheck: upstream release 22.04

---
 roles/evocheck/files/evocheck.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/roles/evocheck/files/evocheck.sh b/roles/evocheck/files/evocheck.sh
index 87f5488..4c55c27 100644
--- a/roles/evocheck/files/evocheck.sh
+++ b/roles/evocheck/files/evocheck.sh
@@ -3,7 +3,7 @@
 # EvoCheck
 # Script to verify compliance of an OpenBSD server powered by Evolix
 
-readonly VERSION="22.03"
+readonly VERSION="22.04"
 
 # base functions
 
@@ -484,6 +484,11 @@ check_versions() {
 
     rm -f "${versions_file}"
 }
+check_root_user() {
+    if [ "$(grep "^root:" /etc/master.passwd | awk -F":" '{print $2}')" != "*************" ]; then
+        failed "IS_ROOT_USER" "root user should not have a password ; replace the password field with 'vipw' for the root user with '*************' (exactly 13 asterisks) "
+    fi
+}
 
 main() {
     # Default return code : 0 = no error
@@ -533,6 +538,7 @@ main() {
     test "${IS_BIND9MUNIN:=1}" = 1 && check_bind9munin
     test "${IS_EVOLIX_USER:=1}" = 1 && check_evolix_user
     test "${IS_VERSIONS_CHECK:=1}" = 1 && check_versions
+    test "${IS_ROOT_USER:=1}" = 1 && check_root_user
 
     exit ${RC}
 }