From 682cd3afaad17f893b68305539f8bf4fbdbfc71b Mon Sep 17 00:00:00 2001
From: Jeremy Dubois <jdubois@evolix.fr>
Date: Thu, 15 Oct 2020 10:18:55 +0200
Subject: [PATCH] Add check_noatime and fix check_softdep

Add check_noatime - Check that all ffs partitions are mounted with the noatime
option

Fix check_softdep - We now check the number of ffs partitions and we compare it
to the number of softdep options currently there
---
 CHANGELOG   | 10 ++++++++++
 evocheck.sh | 21 +++++++++++++++------
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 8ed1ae8..8a1c700 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -7,6 +7,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [6.7.6] - 2020-10-15
+
+### Added
+
+- Add check_noatime - Check that all ffs partitions are mounted with the noatime option
+
+### Fixed
+
+- Fix check_softdep - We now check the number of ffs partitions and we compare it to the number of softdep options currently there
+
 ## [6.7.5] - 2020-10-09
 
 ### Fixed
diff --git a/evocheck.sh b/evocheck.sh
index 3bde7ac..857c5e0 100755
--- a/evocheck.sh
+++ b/evocheck.sh
@@ -3,7 +3,7 @@
 # EvoCheck
 # Script to verify compliance of an OpenBSD server powered by Evolix
 
-readonly VERSION="6.7.5"
+readonly VERSION="6.7.6"
 
 # Disable LANG*
 
@@ -101,6 +101,18 @@ check_tmpnoexec(){
     mount | grep "on /tmp" | grep -q noexec || failed "IS_TMPNOEXEC" "/tmp should be mounted with the noexec option"
 }
 
+check_softdep(){
+    if [ $(grep -c softdep /etc/fstab) -ne $(grep -c ffs /etc/fstab) ]; then
+        failed "IS_SOFTDEP" "All partitions should have the softdep option"
+    fi
+}
+
+check_noatime(){
+    if [ $(mount | grep -c noatime) -ne $(grep -c ffs /etc/fstab) ]; then
+        failed "IS_NOATIME" "All partitions should be mounted with the noatime option"
+    fi
+}
+
 check_tmoutprofile(){
     grep -q TMOUT= /etc/skel/.profile /root/.profile || failed "IS_TMOUTPROFILE" "In order to fix, add 'export TMOUT=36000' to both /etc/skel/.profile and /root/.profile files"
 }
@@ -209,10 +221,6 @@ check_pfenabled(){
 check_pfcustom(){
 }
 
-check_softdep(){
-    grep -q "softdep" /etc/fstab || failed "IS_SOFTDEP" ""
-}
-
 check_wheel(){
     if [ -f /etc/sudoers ]; then
         grep -qE "^%wheel.*$" /etc/sudoers || failed "IS_WHEEL" ""
@@ -346,6 +354,8 @@ main() {
 
     test "${IS_UMASKSUDOERS:=1}" = 1 && check_umasksudoers
     test "${IS_TMPNOEXEC:=1}" = 1 && check_tmpnoexec
+    test "${IS_SOFTDEP:=1}" = 1 && check_softdep
+    test "${IS_NOATIME:=1}" = 1 && check_noatime
     test "${IS_TMOUTPROFILE:=1}" = 1 && check_tmoutprofile
     test "${IS_RAIDOK:=1}" = 1 && check_raidok
     test "${IS_EVOBACKUP:=1}" = 1 && check_evobackup
@@ -358,7 +368,6 @@ main() {
     test "${IS_REBOOTMAIL:=1}" = 1 && check_rebootmail
     test "${IS_PFENABLED:=1}" = 1 && check_pfenabled
     test "${IS_PFCUSTOM:=1}" = 1 && check_pfcustom
-    test "${IS_SOFTDEP:=1}" = 1 && check_softdep
     test "${IS_WHEEL:=1}" = 1 && check_wheel
     test "${IS_PKGMIRROR:=1}" = 1 && check_pkgmirror
     test "${IS_HISTORY:=1}" = 1 && check_history