evocheck: upstream release 22.07

2022-07-28 13:38:33 +02:00 · 2022-07-28 13:38:33 +02:00 · f10ebe8cd6
parent c8898a3d10
commit f10ebe8cd6
2 changed files with 14 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -14,6 +14,7 @@ The **patch** part changes is incremented if multiple releases happen the same m

 ### Changed

+* evocheck: upstream release 22.07
 * evomaintenance: upstream release 22.07
 * mongodb: replace version_compare() with version()
 * nagios-nrpe: check_disk1 returns only alerts
--- a/evocheck/files/evocheck.sh
+++ b/evocheck/files/evocheck.sh
@ -4,7 +4,7 @@
 # Script to verify compliance of a Debian/OpenBSD server
 # powered by Evolix

-VERSION="22.06.2"
+VERSION="22.07"
 readonly VERSION

 # base functions
@ -610,6 +610,14 @@ check_evobackup() {
    evobackup_found=$(find /etc/cron* -name '*evobackup*' | wc -l)
    test "$evobackup_found" -gt 0 || failed "IS_EVOBACKUP" "missing evobackup cron"
 }
+# Vérification de la mise en place de la purge pour fail2ban
+check_purge_fail2ban() {
+    if is_debian_stretch || is_debian_buster; then
+      if is_installed fail2ban; then
+        test -f /etc/cron.daily/fail2ban_dbpurge || failed "IS_FAIL2BAN_PURGE" "missing script fail2ban_dbpurge cron"
+      fi
+    fi
+}
 # Vérification de l'exclusion des montages (NFS) dans les sauvegardes
 check_evobackup_exclude_mount() {
    excludes_file=$(mktemp --tmpdir="${TMPDIR:-/tmp}" "evocheck.evobackup_exclude_mount.XXXXX")
@ -970,7 +978,7 @@ check_mongo_backup() {
        # You could change the default path in /etc/evocheck.cf
        MONGO_BACKUP_PATH=${MONGO_BACKUP_PATH:-"/home/backup/mongodump"}
        if [ -d "$MONGO_BACKUP_PATH" ]; then
-            for file in "${MONGO_BACKUP_PATH}"/*/*.{json,bson}.*; do
+            for file in "${MONGO_BACKUP_PATH}"/*/*.{json,bson}*; do
                # Skip indexes file.
                if ! [[ "$file" =~ indexes ]]; then
                    limit=$(date +"%s" -d "now - 2 day")
@ -1227,8 +1235,8 @@ check_sshpermitrootno() {
        # -T doesn't require the additional -C.
 	sshd_args=
    fi
-    # XXX: We want parameter expension here
-    if ! (sshd -T $sshd_args | grep -q 'permitrootlogin no'); then
+    # shellcheck disable=SC2086
+    if ! (sshd -T ${sshd_args} | grep -q 'permitrootlogin no'); then
       failed "IS_SSHPERMITROOTNO" "PermitRoot should be set to no"
    fi
 }
@ -1810,6 +1818,7 @@ while :; do
            IS_UPTIME=0
            IS_MELTDOWN_SPECTRE=0
            IS_CHECK_VERSIONS=0
+            IS_NETWORKING_SERVICE=0
            ;;
        -v|--verbose)
            VERBOSE=1