evolix/EvoBSD
21
0
Fork 0
Code Issues 2 Pull requests Releases 3 Wiki Activity

Import 6.9.1 version of evocheck

Browse source
This commit is contained in:
Jérémy Dubois 2021-07-23 16:02:40 +02:00
parent 7046e193e0
commit 91ef49f7b3
1 changed files with 13 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
roles/evocheck/files/evocheck.sh
View file

@ -3,7 +3,7 @@
# EvoCheck # EvoCheck
# Script to verify compliance of an OpenBSD server powered by Evolix # Script to verify compliance of an OpenBSD server powered by Evolix
readonly VERSION="6.9.0" readonly VERSION="6.9.1"
# Disable LANG* # Disable LANG*
@ -176,7 +176,7 @@ check_gitperms(){
test -d /etc/.git && [ "$(stat -f %p /etc/.git/)" = "40700" ] || failed "IS_GITPERMS" "The directiry /etc/.git sould be in 700" test -d /etc/.git && [ "$(stat -f %p /etc/.git/)" = "40700" ] || failed "IS_GITPERMS" "The directiry /etc/.git sould be in 700"
} }
check_advbase(){ check_carpadvbase(){
if ls /etc/hostname.carp* 1> /dev/null 2>&1; then if ls /etc/hostname.carp* 1> /dev/null 2>&1; then
bad_advbase=0 bad_advbase=0
for advbase in $(ifconfig carp | grep advbase | awk -F 'advbase' '{print $2}' | awk '{print $1}' | xargs); do for advbase in $(ifconfig carp | grep advbase | awk -F 'advbase' '{print $2}' | awk '{print $1}' | xargs); do
@ -185,21 +185,21 @@ check_advbase(){
fi fi
done done
if [[ "$bad_advbase" -eq 1 ]]; then if [[ "$bad_advbase" -eq 1 ]]; then
failed "IS_ADVBASE" "At least one CARP interface has advbase greater than 5 seconds!" failed "IS_CARPADVBASE" "At least one CARP interface has advbase greater than 5 seconds!"
fi fi
fi fi
} }
check_preempt(){ check_carppreempt(){
if ls /etc/hostname.carp* 1> /dev/null 2>&1; then if ls /etc/hostname.carp* 1> /dev/null 2>&1; then
preempt=$(sysctl net.inet.carp.preempt | cut -d"=" -f2) preempt=$(sysctl net.inet.carp.preempt | cut -d"=" -f2)
if [[ "$preempt" -ne 1 ]]; then if [[ "$preempt" -ne 1 ]]; then
failed "IS_PREEMPT" "The preempt function is not activated! Please type 'sysctl net.inet.carp.preempt=1' in" failed "IS_CARPPREEMPT" "The preempt function is not activated! Please type 'sysctl net.inet.carp.preempt=1' in"
fi fi
if [ -f /etc/sysctl.conf ]; then if [ -f /etc/sysctl.conf ]; then
grep -qE "^net.inet.carp.preempt=1" /etc/sysctl.conf || failed "IS_PREEMPT" "The preempt parameter is not permanently activated! Please add 'net.inet.carp.preempt=1' in /etc/sysctl.conf" grep -qE "^net.inet.carp.preempt=1" /etc/sysctl.conf || failed "IS_PREEMPT" "The preempt parameter is not permanently activated! Please add 'net.inet.carp.preempt=1' in /etc/sysctl.conf"
else else
failed "IS_PREEMPT" "Make sure /etc/sysctl.conf exists and contains the line 'net.inet.carp.preempt=1'" failed "IS_CARPPREEMPT" "Make sure /etc/sysctl.conf exists and contains the line 'net.inet.carp.preempt=1'"
fi fi
fi fi
} }
@ -353,7 +353,7 @@ check_openvpncronlog(){
fi fi
} }
check_advskew(){ check_carpadvskew(){
if ls /etc/hostname.carp* 1> /dev/null 2>&1; then if ls /etc/hostname.carp* 1> /dev/null 2>&1; then
for carp in $(ifconfig carp | grep ^carp | awk '{print $1}' | tr -d ":"); do for carp in $(ifconfig carp | grep ^carp | awk '{print $1}' | tr -d ":"); do
ifconfig $carp | grep -q master ifconfig $carp | grep -q master
@ -363,14 +363,14 @@ check_advskew(){
advskew=$(ifconfig $carp | grep advbase | awk -F 'advskew' '{print $2}' | awk '{print $1}') advskew=$(ifconfig $carp | grep advbase | awk -F 'advskew' '{print $2}' | awk '{print $1}')
if [ "$master" -eq 0 ]; then if [ "$master" -eq 0 ]; then
if [ $advskew -lt 1 ] || [ $advskew -gt 50 ]; then if [ $advskew -lt 1 ] || [ $advskew -gt 50 ]; then
failed "IS_ADVSKEW" "Interface $carp is master : advskew must be between 1 and 50, and must remain lower than that of the backup - current value : $advskew" failed "IS_CARPADVSKEW" "Interface $carp is master : advskew must be between 1 and 50, and must remain lower than that of the backup - current value : $advskew"
fi fi
elif [ "$backup" -eq 0 ]; then elif [ "$backup" -eq 0 ]; then
if [ $advskew -lt 100 ] || [ $advskew -gt 150 ]; then if [ $advskew -lt 100 ] || [ $advskew -gt 150 ]; then
failed "IS_ADVSKEW" "Interface $carp is backup : advskew must be between 100 and 150, and must remain greater than that of the master - current value : $advskew" failed "IS_CARPADVSKEW" "Interface $carp is backup : advskew must be between 100 and 150, and must remain greater than that of the master - current value : $advskew"
fi fi
else else
failed "IS_ADVSKEW" "Interface $carp is neither master nor backup. Check interface state." failed "IS_CARPADVSKEW" "Interface $carp is neither master nor backup. Check interface state."
fi fi
done done
fi fi
@ -392,8 +392,8 @@ main() {
test "${IS_UPTIME:=1}" = 1 && check_uptime test "${IS_UPTIME:=1}" = 1 && check_uptime
test "${IS_BACKUPUPTODATE:=1}" = 1 && check_backupuptodate test "${IS_BACKUPUPTODATE:=1}" = 1 && check_backupuptodate
test "${IS_GITPERMS:=1}" = 1 && check_gitperms test "${IS_GITPERMS:=1}" = 1 && check_gitperms
test "${IS_ADVBASE:=1}" = 1 && check_advbase test "${IS_CARPADVBASE:=1}" = 1 && check_carpadvbase
test "${IS_PREEMPT:=1}" = 1 && check_preempt test "${IS_CARPPREEMPT:=1}" = 1 && check_carppreempt
test "${IS_REBOOTMAIL:=1}" = 1 && check_rebootmail test "${IS_REBOOTMAIL:=1}" = 1 && check_rebootmail
test "${IS_PFENABLED:=1}" = 1 && check_pfenabled test "${IS_PFENABLED:=1}" = 1 && check_pfenabled
test "${IS_PFCUSTOM:=1}" = 1 && check_pfcustom test "${IS_PFCUSTOM:=1}" = 1 && check_pfcustom
@ -417,7 +417,7 @@ main() {
test "${IS_DEFAULTROUTE:=1}" = 1 && check_defaultroute test "${IS_DEFAULTROUTE:=1}" = 1 && check_defaultroute
test "${IS_NTP:=1}" = 1 && check_ntp test "${IS_NTP:=1}" = 1 && check_ntp
test "${IS_OPENVPNCRONLOG:=1}" = 1 && check_openvpncronlog test "${IS_OPENVPNCRONLOG:=1}" = 1 && check_openvpncronlog
test "${IS_ADVSKEW:=1}" = 1 && check_advskew test "${IS_CARPADVSKEW:=1}" = 1 && check_carpadvskew
exit ${RC} exit ${RC}
} }