Evocheck is a Bash script to check the conformity of an Evolix server.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Eric Morino 936e6d3b1d Add fix for IS_EVOLIX_USER in CHANGELOG 3 months ago
.drone.yml shellcheck fixes 1 year ago
.gitignore Added gitignore 2 years ago
CHANGELOG Add fix for IS_EVOLIX_USER in CHANGELOG 3 months ago
CONTRIBUTING.md Update CONTRIBUTING.md 3 years ago
README.md Add conventions to the README 2 years ago
Vagrantfile Fix shell error on vagrant provision and rm old config 2 years ago
evocheck.cf Store default configuration values in evocheck.sh, 12 years ago
evocheck.sh Fix for EVOLIX_USER account name begin by evolix, don't match testevolix for example 3 months ago



It runs many compliance checks of the server with Evolix conventions. Non-compliance warnings are printed on standard output.

It supports Debian and OpenBSD systems.

Some checks can be disabled in the /etc/evocheck.cf config file.

Tests can be run with Vagrant and the provided VagrantFile.

How to contribute

Read the CONTRIBUTING.md file.

Try to respect the following conventions.

Use the verbose mode to explain errors

The failed function takes a mandatory first argument for the check name and a secondary optional argument for the message to display in verbose mode. Example :

test -f /path/to/file || failed "IS_FILE_EXISTS" "Missing file \`/path/to/file'"

If the test is in a loop and might yield multiple errors, It's better to print a single error in normal mode and every error in verbose mode.

for user in $users; do
    if ! groups "$user" | grep -q adm; then
        failed "IS_USERINADMGROUP" "User $user doesn't belong to \`adm' group"
        test "${VERBOSE}" = 1 || break

In a single check with multiple conditions, the verbose message helps determine which condition failed. Example :

if [ "$last_upgrade" -eq 0 ]; then
    [ "$install_date" -lt "$limit" ] && failed "IS_NOTUPGRADED" "The system has never been updated"
    [ "$last_upgrade" -lt "$limit" ] && failed "IS_NOTUPGRADED" "The system hasn't been updated for too long"

Use existing predicates

There are a few predicate functions that help making conditionals.

For Debian versions : is_debian, is_debian_stretch, is_debian_jessie… For packs : is_pack_web, is_pack_samba. For installed packages : is_installed <package> [<package>].

Extact variables

It's better not to inline function calls inside tests. Instead of this :

test "$(stat --format "%a" $MINIFW_FILE)" = "600" || failed "IS_MINIFWPERMS"

… prefer that :

actual=$(stat --format "%a" $MINIFW_FILE)
test "$expected" = "$actual" || failed "IS_MINIFWPERMS"

Verify assumptions

It's better to verify that a file, a directory or a command is present before using it, even if it's true in more than 99% of situations.

How to build the package for a new Debian release

On the master branch, add the last stable version with a release tag.

git tag -s v<VERSION> -m 'New release'
git push --tags

Checkout the branch debian, merge the master branch.

git checkout debian
git merge master --no-ff
dch -v <VERSION>-1
gbp buildpackage --git-debian-branch=debian --git-upstream-tree=master --git-export-dir=/tmp/build-area --git-ignore-new

If the build is OK, you can now build the final package.

dch -D stretch -r
gbp buildpackage --git-debian-branch=debian --git-upstream-tree=master --git-export-dir=/tmp/build-area --git-tag --git-sign --git-keyid=<KEY>


Evocheck can be tested with Vagrant, if you don't have installed it yet :

apt install vagrant vagrant-libvirt

You can now start your Vagrant machine and connect to it :

vagrant up
vagrant ssh
sudo -i

Evocheck can be run with :



Launch vagrant rsync-auto in a terminal to automatically synchronise your local code with the Vagrant VM :

vagrant rsync-auto


This is an Evolix project and is licensed under the GPLv3, see the LICENSE file for details.