evocheck: upstream release
This commit is contained in:
parent
4ef20559c5
commit
4e3d21f495
5 changed files with 32 additions and 16 deletions
|
@ -46,7 +46,7 @@ The **patch** part is incremented if multiple releases happen the same month
|
|||
* docker-host: install docker compose and buildx by default
|
||||
* docker-host: split tasks in different task files
|
||||
* Elastic Stack : default to version 8.x
|
||||
* evocheck: upstream release 24.08
|
||||
* evocheck: upstream release 24.09
|
||||
* evolinux-base: Add commented Match all
|
||||
* evolinux-base: Customize logcheck recipient when serveur-base is installed
|
||||
* evolinux-base/evolinux-users: search only files that matter
|
||||
|
|
|
@ -13,6 +13,25 @@ and this project **does not adhere to [Semantic Versioning](http://semver.org/sp
|
|||
|
||||
### Fixed
|
||||
|
||||
## [24.09] 2024-09-06
|
||||
|
||||
### Added
|
||||
|
||||
### Changed
|
||||
|
||||
* Merge CONTRIBUTING files in README
|
||||
* Move LICENSE file at the root of the repo
|
||||
* IS_LXC_PHP_BAD_DEBIAN_VERSION: Trixie support
|
||||
* IS_PHPEVOLINUXCONF: Trixie support
|
||||
* IS_SSHALLOWUSERS: Trixie support
|
||||
|
||||
### Removed
|
||||
|
||||
* IS_EVOLIX_GROUP: too many false positive
|
||||
|
||||
### Fixed
|
||||
|
||||
* IS_LXC_PHP_FPM_SERVICE_UMASK_SET: suffixed container name support
|
||||
|
||||
## [24.08] 2024-08-01
|
||||
|
||||
|
@ -20,6 +39,8 @@ and this project **does not adhere to [Semantic Versioning](http://semver.org/sp
|
|||
|
||||
* VERSION variable must contain valid characters only
|
||||
|
||||
## [24.07] 2024-07-18
|
||||
|
||||
### Added
|
||||
|
||||
* IS_EVOLIX_GROUP: new check to verify that all Evolix users are in "evolix" group
|
||||
|
@ -233,7 +254,7 @@ New checks :
|
|||
|
||||
### Changed
|
||||
|
||||
* IS_NETWORKING_SERVICE: not in cron mode
|
||||
* IS_NETWORKING_SERVICE: not in cron mode
|
||||
|
||||
### Fixed:
|
||||
|
||||
|
@ -338,7 +359,7 @@ New checks :
|
|||
|
||||
### Fixed
|
||||
|
||||
* IS_DEBIANSECURITY: optional trailing slash
|
||||
* IS_DEBIANSECURITY: optional trailing slash
|
||||
|
||||
## [21.09] 2021-09-30
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
# Script to verify compliance of a Linux (Debian 8 only) server
|
||||
# powered by Evolix
|
||||
|
||||
VERSION="24.08"
|
||||
VERSION="24.09"
|
||||
readonly VERSION
|
||||
|
||||
# base functions
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
|
||||
#set -x
|
||||
|
||||
VERSION="24.08"
|
||||
VERSION="24.09"
|
||||
readonly VERSION
|
||||
|
||||
# base functions
|
||||
|
@ -313,7 +313,7 @@ check_customcrontab() {
|
|||
test "$found_lines" = 4 && failed "IS_CUSTOMCRONTAB" "missing custom field in crontab"
|
||||
}
|
||||
check_sshallowusers() {
|
||||
if is_debian_bookworm; then
|
||||
if { ! is_debian_stretch && ! is_debian_buster && ! is_debian_bullseye ; }; then
|
||||
if [ -d /etc/ssh/sshd_config.d/ ]; then
|
||||
# AllowUsers or AllowGroups should be in /etc/ssh/sshd_config.d/
|
||||
grep -E -qir "(AllowUsers|AllowGroups)" /etc/ssh/sshd_config.d/ \
|
||||
|
@ -1103,6 +1103,7 @@ check_phpevolinuxconf() {
|
|||
is_debian_buster && phpVersion="7.3"
|
||||
is_debian_bullseye && phpVersion="7.4"
|
||||
is_debian_bookworm && phpVersion="8.2"
|
||||
is_debian_trixie && phpVersion="8.4"
|
||||
if is_installed php; then
|
||||
{ test -f "/etc/php/${phpVersion}/cli/conf.d/z-evolinux-defaults.ini" \
|
||||
&& test -f "/etc/php/${phpVersion}/cli/conf.d/zzz-evolinux-custom.ini"
|
||||
|
@ -1154,13 +1155,6 @@ check_evolix_user() {
|
|||
grep -q -E "^evolix:" /etc/passwd \
|
||||
&& failed "IS_EVOLIX_USER" "evolix user should be deleted, used only for install"
|
||||
}
|
||||
check_evolix_group() {
|
||||
users=$(grep ":20..:20..:" /etc/passwd | cut -d ":" -f 1)
|
||||
for user in ${users}; do
|
||||
grep -E "^evolix:" /etc/group | grep -q -E "\b${user}\b" \
|
||||
|| failed "IS_EVOLIX_GROUP" "user \`${user}' should be in \`evolix' group"
|
||||
done
|
||||
}
|
||||
check_evoacme_cron() {
|
||||
if [ -f "/usr/local/sbin/evoacme" ]; then
|
||||
# Old cron file, should be deleted
|
||||
|
@ -1399,7 +1393,7 @@ check_lxc_php_fpm_service_umask_set() {
|
|||
if [ "$container" = "php56" ]; then
|
||||
service="php5-fpm"
|
||||
else
|
||||
service="${container:0:4}.${container:4}-fpm"
|
||||
service="${container:0:4}.${container:4:1}-fpm"
|
||||
fi
|
||||
umask=$(lxc-attach --name "${container}" -- systemctl show -p UMask "$service" | cut -d "=" -f2)
|
||||
if [ "$umask" != "0007" ]; then
|
||||
|
@ -1427,6 +1421,8 @@ check_lxc_php_bad_debian_version() {
|
|||
grep --quiet 'VERSION_ID="11"' /var/lib/lxc/${container}/rootfs/etc/os-release || failed "IS_LXC_PHP_BAD_DEBIAN_VERSION" "Container ${container} should use Bullseye"
|
||||
elif [ "$container" = "php82" ]; then
|
||||
grep --quiet 'VERSION_ID="12"' /var/lib/lxc/${container}/rootfs/etc/os-release || failed "IS_LXC_PHP_BAD_DEBIAN_VERSION" "Container ${container} should use Bookworm"
|
||||
elif [ "$container" = "php84" ]; then
|
||||
grep --quiet 'VERSION_ID="13"' /var/lib/lxc/${container}/rootfs/etc/os-release || failed "IS_LXC_PHP_BAD_DEBIAN_VERSION" "Container ${container} should use Trixie"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
@ -1682,7 +1678,6 @@ main() {
|
|||
test "${IS_SQUIDEVOLINUXCONF:=1}" = 1 && check_squidevolinuxconf
|
||||
test "${IS_DUPLICATE_FS_LABEL:=1}" = 1 && check_duplicate_fs_label
|
||||
test "${IS_EVOLIX_USER:=1}" = 1 && check_evolix_user
|
||||
test "${IS_EVOLIX_GROUP:=1}" = 1 && check_evolix_group
|
||||
test "${IS_EVOACME_CRON:=1}" = 1 && check_evoacme_cron
|
||||
test "${IS_EVOACME_LIVELINKS:=1}" = 1 && check_evoacme_livelinks
|
||||
test "${IS_APACHE_CONFENABLED:=1}" = 1 && check_apache_confenabled
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
# Script to verify compliance of a Linux (Debian 7 only) server
|
||||
# powered by Evolix
|
||||
|
||||
VERSION="24.08"
|
||||
VERSION="24.09"
|
||||
readonly VERSION
|
||||
|
||||
# base functions
|
||||
|
|
Loading…
Reference in a new issue