Ubuntu 18.04 support #70
|
@ -15,12 +15,13 @@ The **patch** part changes incrementally at each release.
|
||||||
* apache: add a variable to customize the server-status host
|
* apache: add a variable to customize the server-status host
|
||||||
* apt: add a script to manage packages with "hold" mark
|
* apt: add a script to manage packages with "hold" mark
|
||||||
* etc-git: gitignore /etc/letsencrypt/.certbot.lock
|
* etc-git: gitignore /etc/letsencrypt/.certbot.lock
|
||||||
|
* evolinux-base: install "spectre-meltdown-checker" (Debian 10 and later)
|
||||||
* evomaintenance: make hooks configurable
|
* evomaintenance: make hooks configurable
|
||||||
* nginx: add server status suffix in VHost (and default site) if missing
|
* nginx: add server status suffix in VHost (and default site) if missing
|
||||||
* redmine: enable gzip compression in nginx vhost
|
* redmine: enable gzip compression in nginx vhost
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
* evocheck : version 19.04 from upstream
|
* evocheck : update (unreleased) from upstream
|
||||||
* evomaintenance : use the web API instead of PG Insert
|
* evomaintenance : use the web API instead of PG Insert
|
||||||
* rbenv: update defaults rbenv version to 1.1.2 and ruby version to 2.5.5
|
* rbenv: update defaults rbenv version to 1.1.2 and ruby version to 2.5.5
|
||||||
* redmine: update default version to 4.0.3
|
* redmine: update default version to 4.0.3
|
||||||
|
|
|
@ -315,7 +315,7 @@ check_nrpeperms() {
|
||||||
}
|
}
|
||||||
check_minifwperms() {
|
check_minifwperms() {
|
||||||
if [ -f "$MINIFW_FILE" ]; then
|
if [ -f "$MINIFW_FILE" ]; then
|
||||||
actual=$(stat --format "%a" $MINIFW_FILE)
|
actual=$(stat --format "%a" "$MINIFW_FILE")
|
||||||
expected="600"
|
expected="600"
|
||||||
test "$expected" = "$actual" || failed "IS_MINIFWPERMS"
|
test "$expected" = "$actual" || failed "IS_MINIFWPERMS"
|
||||||
fi
|
fi
|
||||||
|
@ -386,7 +386,7 @@ check_raidsoft() {
|
||||||
}
|
}
|
||||||
# Verification du LogFormat de AWStats
|
# Verification du LogFormat de AWStats
|
||||||
check_awstatslogformat() {
|
check_awstatslogformat() {
|
||||||
if is_installed apache2.2-common awstats; then
|
if is_installed apache2 awstats; then
|
||||||
grep -qE '^LogFormat=1' /etc/awstats/awstats.conf.local \
|
grep -qE '^LogFormat=1' /etc/awstats/awstats.conf.local \
|
||||||
|| failed "IS_AWSTATSLOGFORMAT"
|
|| failed "IS_AWSTATSLOGFORMAT"
|
||||||
fi
|
fi
|
||||||
|
@ -531,20 +531,30 @@ check_userlogrotate() {
|
||||||
}
|
}
|
||||||
# Verification de la syntaxe de la conf d'Apache
|
# Verification de la syntaxe de la conf d'Apache
|
||||||
check_apachectl() {
|
check_apachectl() {
|
||||||
if is_installed apache2.2-common; then
|
if is_installed apache2; then
|
||||||
/usr/sbin/apache2ctl configtest 2>&1 | grep -q "^Syntax OK$" || failed "IS_APACHECTL"
|
/usr/sbin/apache2ctl configtest 2>&1 | grep -q "^Syntax OK$" || failed "IS_APACHECTL"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
# Check if there is regular files in Apache sites-enabled.
|
# Check if there is regular files in Apache sites-enabled.
|
||||||
check_apachesymlink() {
|
check_apachesymlink() {
|
||||||
if is_installed apache2.2-common; then
|
if is_installed apache2; then
|
||||||
stat -c %F /etc/apache2/sites-enabled/* | grep -q regular && failed "IS_APACHESYMLINK"
|
apacheFind=$(find /etc/apache2/sites-enabled ! -type l -type f -print)
|
||||||
|
nbApacheFind=$(wc -m <<< "$apacheFind")
|
||||||
|
if [[ $nbApacheFind -gt 1 ]]; then
|
||||||
|
if [[ $VERBOSE == 1 ]]; then
|
||||||
|
while read -r line; do
|
||||||
|
failed "IS_APACHESYMLINK" "Not a symlink: $line"
|
||||||
|
done <<< "$apacheFind"
|
||||||
|
else
|
||||||
|
failed "IS_APACHESYMLINK"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
# Check if there is real IP addresses in Allow/Deny directives (no trailing space, inline comments or so).
|
# Check if there is real IP addresses in Allow/Deny directives (no trailing space, inline comments or so).
|
||||||
check_apacheipinallow() {
|
check_apacheipinallow() {
|
||||||
# Note: Replace "exit 1" by "print" in Perl code to debug it.
|
# Note: Replace "exit 1" by "print" in Perl code to debug it.
|
||||||
if is_installed apache2.2-common; then
|
if is_installed apache2; then
|
||||||
grep -IrE "^[^#] *(Allow|Deny) from" /etc/apache2/ \
|
grep -IrE "^[^#] *(Allow|Deny) from" /etc/apache2/ \
|
||||||
| grep -iv "from all" \
|
| grep -iv "from all" \
|
||||||
| grep -iv "env=" \
|
| grep -iv "env=" \
|
||||||
|
@ -559,7 +569,7 @@ check_muninapacheconf() {
|
||||||
else
|
else
|
||||||
muninconf="/etc/apache2/conf-available/munin.conf"
|
muninconf="/etc/apache2/conf-available/munin.conf"
|
||||||
fi
|
fi
|
||||||
if is_installed apache2.2-common; then
|
if is_installed apache2; then
|
||||||
test -e $muninconf && grep -vEq "^( |\t)*#" "$muninconf" && failed "IS_MUNINAPACHECONF"
|
test -e $muninconf && grep -vEq "^( |\t)*#" "$muninconf" && failed "IS_MUNINAPACHECONF"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -881,12 +891,19 @@ check_mysqlmunin() {
|
||||||
}
|
}
|
||||||
check_mysqlnrpe() {
|
check_mysqlnrpe() {
|
||||||
if is_debian_stretch && is_installed mariadb-server; then
|
if is_debian_stretch && is_installed mariadb-server; then
|
||||||
nagios_file="~nagios/.my.cnf"
|
nagios_home=$(getent passwd "nagios" | cut -d: -f6)
|
||||||
{ test -f $nagios_file \
|
nagios_file_abs="${nagios_home}/.my.cnf"
|
||||||
&& [ "$(stat -c %U $nagios_file)" = "nagios" ] \
|
nagios_file_sym="~nagios/.my.cnf"
|
||||||
&& [ "$(stat -c %a $nagios_file)" = "600" ] \
|
|
||||||
&& grep -q -F "command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -H localhost -f $nagios_file";
|
if ! test -f $nagios_file_abs; then
|
||||||
} || failed "IS_MYSQLNRPE"
|
failed "IS_MYSQLNRPE" "$nagios_file_abs is missing"
|
||||||
|
elif [ "$(stat -c %U $nagios_file_abs)" != "nagios" ] \
|
||||||
|
|| [ "$(stat -c %a $nagios_file_abs)" != "600" ]; then
|
||||||
|
failed "IS_MYSQLNRPE" "$nagios_file_abs has wrong permissions"
|
||||||
|
else
|
||||||
|
grep -q -F "command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -H localhost -f $nagios_file_sym" /etc/nagios/nrpe.d/evolix.cfg \
|
||||||
|
|| failed "IS_MYSQLNRPE" "check_mysql is missing"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_phpevolinuxconf() {
|
check_phpevolinuxconf() {
|
||||||
|
@ -1102,7 +1119,7 @@ check_evobackup_incs() {
|
||||||
if is_installed bkctld; then
|
if is_installed bkctld; then
|
||||||
bkctld_cron_file=${bkctld_cron_file:-/etc/cron.d/bkctld}
|
bkctld_cron_file=${bkctld_cron_file:-/etc/cron.d/bkctld}
|
||||||
if [ -f "${bkctld_cron_file}" ]; then
|
if [ -f "${bkctld_cron_file}" ]; then
|
||||||
root_crontab=$(grep -v "^#" ${bkctld_cron_file})
|
root_crontab=$(grep -v "^#" "${bkctld_cron_file}")
|
||||||
echo "${root_crontab}" | grep -q "bkctld inc" || failed "IS_EVOBACKUP_INCS" "\`bkctld inc' is missing in ${bkctld_cron_file}"
|
echo "${root_crontab}" | grep -q "bkctld inc" || failed "IS_EVOBACKUP_INCS" "\`bkctld inc' is missing in ${bkctld_cron_file}"
|
||||||
echo "${root_crontab}" | grep -q "check-incs.sh" || failed "IS_EVOBACKUP_INCS" "\`check-incs.sh' is missing in ${bkctld_cron_file}"
|
echo "${root_crontab}" | grep -q "check-incs.sh" || failed "IS_EVOBACKUP_INCS" "\`check-incs.sh' is missing in ${bkctld_cron_file}"
|
||||||
else
|
else
|
||||||
|
@ -1158,7 +1175,7 @@ main() {
|
||||||
test "${IS_LISTCHANGESCONF:=1}" = 1 && check_listchangesconf
|
test "${IS_LISTCHANGESCONF:=1}" = 1 && check_listchangesconf
|
||||||
test "${IS_CUSTOMCRONTAB:=1}" = 1 && check_customcrontab
|
test "${IS_CUSTOMCRONTAB:=1}" = 1 && check_customcrontab
|
||||||
test "${IS_SSHALLOWUSERS:=1}" = 1 && check_sshallowusers
|
test "${IS_SSHALLOWUSERS:=1}" = 1 && check_sshallowusers
|
||||||
test "${IS_DISKPERF:=1}" = 1 && check_diskperf
|
test "${IS_DISKPERF:=0}" = 1 && check_diskperf
|
||||||
test "${IS_TMOUTPROFILE:=1}" = 1 && check_tmoutprofile
|
test "${IS_TMOUTPROFILE:=1}" = 1 && check_tmoutprofile
|
||||||
test "${IS_ALERT5BOOT:=1}" = 1 && check_alert5boot
|
test "${IS_ALERT5BOOT:=1}" = 1 && check_alert5boot
|
||||||
test "${IS_ALERT5MINIFW:=1}" = 1 && check_alert5minifw
|
test "${IS_ALERT5MINIFW:=1}" = 1 && check_alert5minifw
|
||||||
|
@ -1396,4 +1413,5 @@ while :; do
|
||||||
shift
|
shift
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# shellcheck disable=SC2086
|
||||||
main ${ARGS}
|
main ${ARGS}
|
||||||
|
|
Loading…
Reference in a new issue