Release 22.05 #155
|
@ -14,6 +14,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
|||
|
||||
### Changed
|
||||
|
||||
* evocheck: upstream release 22.03
|
||||
* evolinux-base: backup-server-state release 22.03
|
||||
* evolinux-base: Add non-free repos & install non-free firmware on dedicated hardware
|
||||
* generate-ldif: Add services check for bkctld
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
# Script to verify compliance of a Debian/OpenBSD server
|
||||
# powered by Evolix
|
||||
|
||||
VERSION="21.10.4"
|
||||
VERSION="22.03"
|
||||
readonly VERSION
|
||||
|
||||
# base functions
|
||||
|
@ -13,7 +13,7 @@ show_version() {
|
|||
cat <<END
|
||||
evocheck version ${VERSION}
|
||||
|
||||
Copyright 2009-2021 Evolix <info@evolix.fr>,
|
||||
Copyright 2009-2022 Evolix <info@evolix.fr>,
|
||||
Romain Dessort <rdessort@evolix.fr>,
|
||||
Benoit Série <bserie@evolix.fr>,
|
||||
Gregory Colpart <reg@evolix.fr>,
|
||||
|
@ -142,9 +142,9 @@ failed() {
|
|||
RC=1
|
||||
if [ "${QUIET}" != 1 ]; then
|
||||
if [ -n "${check_comments}" ] && [ "${VERBOSE}" = 1 ]; then
|
||||
printf "%s FAILED! %s\n" "${check_name}" "${check_comments}" 2>&1
|
||||
printf "%s FAILED! %s\n" "${check_name}" "${check_comments}" >> "${main_output_file}"
|
||||
else
|
||||
printf "%s FAILED!\n" "${check_name}" 2>&1
|
||||
printf "%s FAILED!\n" "${check_name}" >> "${main_output_file}"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
@ -328,8 +328,11 @@ check_tmoutprofile() {
|
|||
check_alert5boot() {
|
||||
if is_debian_buster || is_debian_bullseye; then
|
||||
grep -qs "^date" /usr/share/scripts/alert5.sh || failed "IS_ALERT5BOOT" "boot mail is not sent by alert5 init script"
|
||||
test -f /etc/systemd/system/alert5.service || failed "IS_ALERT5BOOT" "alert5 unit file is missing"
|
||||
systemctl is-enabled alert5 -q || failed "IS_ALERT5BOOT" "alert5 unit is not enabled"
|
||||
if [ -f /etc/systemd/system/alert5.service ]; then
|
||||
systemctl is-enabled alert5.service -q || failed "IS_ALERT5BOOT" "alert5 unit is not enabled"
|
||||
else
|
||||
failed "IS_ALERT5BOOT" "alert5 unit file is missing"
|
||||
fi
|
||||
else
|
||||
if [ -n "$(find /etc/rc2.d/ -name 'S*alert5')" ]; then
|
||||
grep -q "^date" /etc/rc2.d/S*alert5 || failed "IS_ALERT5BOOT" "boot mail is not sent by alert5 init script"
|
||||
|
@ -592,9 +595,9 @@ check_evobackup() {
|
|||
}
|
||||
# Vérification de l'exclusion des montages (NFS) dans les sauvegardes
|
||||
check_evobackup_exclude_mount() {
|
||||
excludes_file=$(mktemp)
|
||||
# shellcheck disable=SC2064
|
||||
trap "rm -f ${excludes_file}" 0
|
||||
excludes_file=$(mktemp --tmpdir=${TMPDIR:-/tmp} "evocheck.evobackup_exclude_mount.XXXXX")
|
||||
files_to_cleanup="${files_to_cleanup} ${excludes_file}"
|
||||
|
||||
# shellcheck disable=SC2044
|
||||
for evobackup_file in $(find /etc/cron* -name '*evobackup*' | grep -v -E ".disabled$"); do
|
||||
grep -- "--exclude " "${evobackup_file}" | grep -E -o "\"[^\"]+\"" | tr -d '"' > "${excludes_file}"
|
||||
|
@ -603,7 +606,6 @@ check_evobackup_exclude_mount() {
|
|||
failed "IS_EVOBACKUP_EXCLUDE_MOUNT" "${mount} is not excluded from ${evobackup_file} backup script"
|
||||
done
|
||||
done
|
||||
rm -rf "${excludes_file}"
|
||||
}
|
||||
# Verification de la presence du userlogrotate
|
||||
check_userlogrotate() {
|
||||
|
@ -809,10 +811,12 @@ check_tune2fs_m5() {
|
|||
check_evolinuxsudogroup() {
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
if grep -q "^evolinux-sudo:" /etc/group; then
|
||||
if [ -f /etc/sudoers.d/evolinux ]; then
|
||||
grep -qE '^%evolinux-sudo +ALL ?= ?\(ALL:ALL\) ALL' /etc/sudoers.d/evolinux \
|
||||
|| failed "IS_EVOLINUXSUDOGROUP" "missing evolinux-sudo directive in sudoers file"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
check_userinadmgroup() {
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
|
@ -827,7 +831,7 @@ check_userinadmgroup() {
|
|||
}
|
||||
check_apache2evolinuxconf() {
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
if test -d /etc/apache2; then
|
||||
if is_installed apache2; then
|
||||
{ test -L /etc/apache2/conf-enabled/z-evolinux-defaults.conf \
|
||||
&& test -L /etc/apache2/conf-enabled/zzz-evolinux-custom.conf \
|
||||
&& test -f /etc/apache2/ipaddr_whitelist.conf;
|
||||
|
@ -1006,6 +1010,8 @@ check_mysqlmunin() {
|
|||
test "${VERBOSE}" = 1 || break
|
||||
fi
|
||||
done
|
||||
munin-run mysql_commands 2> /dev/null > /dev/null
|
||||
test $? -eq 0 || failed "IS_MYSQLMUNIN" "Munin plugin mysql_commands returned an error"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
@ -1062,8 +1068,10 @@ check_squidevolinuxconf() {
|
|||
check_duplicate_fs_label() {
|
||||
# Do it only if thereis blkid binary
|
||||
BLKID_BIN=$(command -v blkid)
|
||||
if [ -x "$BLKID_BIN" ]; then
|
||||
tmpFile=$(mktemp -p /tmp)
|
||||
if [ -n "$BLKID_BIN" ]; then
|
||||
tmpFile=$(mktemp --tmpdir=${TMPDIR:-/tmp} "evocheck.duplicate_fs_label.XXXXX")
|
||||
files_to_cleanup="${files_to_cleanup} ${tmpFile}"
|
||||
|
||||
parts=$($BLKID_BIN -c /dev/null | grep -ve raid_member -e EFI_SYSPART | grep -Eo ' LABEL=".*"' | cut -d'"' -f2)
|
||||
for part in $parts; do
|
||||
echo "$part" >> "$tmpFile"
|
||||
|
@ -1076,7 +1084,6 @@ check_duplicate_fs_label() {
|
|||
labels=$(echo -n $tmpOutput | tr '\n' ' ')
|
||||
failed "IS_DUPLICATE_FS_LABEL" "Duplicate labels: $labels"
|
||||
fi
|
||||
rm "$tmpFile"
|
||||
else
|
||||
failed "IS_DUPLICATE_FS_LABEL" "blkid not found in ${PATH}"
|
||||
fi
|
||||
|
@ -1395,6 +1402,7 @@ get_command() {
|
|||
listupgrade) command -v "evolistupgrade.sh" ;;
|
||||
old-kernel-autoremoval) command -v "old-kernel-autoremoval.sh" ;;
|
||||
mysql-queries-killer) command -v "mysql-queries-killer.sh" ;;
|
||||
minifirewall) echo "/etc/init.d/minifirewall" ;;
|
||||
|
||||
## General case, where the program name is the same as the command name
|
||||
*) command -v "${program}" ;;
|
||||
|
@ -1415,6 +1423,9 @@ get_version() {
|
|||
add-vm)
|
||||
grep '^VERSION=' "${command}" | head -1 | cut -d '=' -f 2
|
||||
;;
|
||||
minifirewall)
|
||||
${command} status | head -1 | cut -d ' ' -f 3
|
||||
;;
|
||||
## Let's try the --version flag before falling back to grep for the constant
|
||||
kvmstats)
|
||||
if ${command} --version > /dev/null 2> /dev/null; then
|
||||
|
@ -1457,9 +1468,9 @@ add_to_path() {
|
|||
echo "$PATH" | grep -qF "${new_path}" || export PATH="${PATH}:${new_path}"
|
||||
}
|
||||
check_versions() {
|
||||
versions_file=$(mktemp --tmpdir=/tmp "evocheck-versions.XXXXX")
|
||||
# shellcheck disable=SC2064
|
||||
trap "rm -f ${versions_file}" 0
|
||||
versions_file=$(mktemp --tmpdir=${TMPDIR:-/tmp} "evocheck.versions.XXXXX")
|
||||
files_to_cleanup="${files_to_cleanup} ${versions_file}"
|
||||
|
||||
download_versions "${versions_file}"
|
||||
add_to_path "/usr/share/scripts"
|
||||
|
||||
|
@ -1477,8 +1488,6 @@ check_versions() {
|
|||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
rm -f "${versions_file}"
|
||||
}
|
||||
|
||||
main() {
|
||||
|
@ -1487,6 +1496,9 @@ main() {
|
|||
# Detect operating system name, version and release
|
||||
detect_os
|
||||
|
||||
main_output_file=$(mktemp --tmpdir=${TMPDIR:-/tmp} "evocheck.main.XXXXX")
|
||||
files_to_cleanup="${files_to_cleanup} ${main_output_file}"
|
||||
|
||||
#-----------------------------------------------------------
|
||||
# Tests communs à tous les systèmes
|
||||
#-----------------------------------------------------------
|
||||
|
@ -1715,8 +1727,19 @@ main() {
|
|||
# - NRPEDISK et NRPEPOSTFIX
|
||||
fi
|
||||
|
||||
if [ -f "${main_output_file}" ]; then
|
||||
if [ $(cat "${main_output_file}" | wc -l) -gt 0 ]; then
|
||||
|
||||
cat "${main_output_file}" 2>&1
|
||||
fi
|
||||
fi
|
||||
|
||||
exit ${RC}
|
||||
}
|
||||
cleanup_temp_files() {
|
||||
# shellcheck disable=SC2086
|
||||
rm -f ${files_to_cleanup}
|
||||
}
|
||||
|
||||
PROGNAME=$(basename "$0")
|
||||
# shellcheck disable=SC2034
|
||||
|
@ -1730,6 +1753,10 @@ readonly ARGS
|
|||
export LANG=C
|
||||
export LANGUAGE=C
|
||||
|
||||
files_to_cleanup=""
|
||||
# shellcheck disable=SC2064
|
||||
trap cleanup_temp_files 0
|
||||
|
||||
# Source configuration file
|
||||
# shellcheck disable=SC1091
|
||||
test -f /etc/evocheck.cf && . /etc/evocheck.cf
|
||||
|
|
Loading…
Reference in a new issue