OpenBSD - Replaced check_sudomaint with check_doasmaint and removed check_wheel
This commit is contained in:
parent
29b546584a
commit
8ae087b799
|
@ -7,11 +7,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||||
|
|
||||||
## [Unreleased]
|
## [Unreleased]
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
- Replaced check_sudomaint with check_doasmaint because evomaintenance is used with doas, not with sudo
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
- check_history: escape $HOME variable
|
- check_history: escape $HOME variable
|
||||||
- check_pkgmirror: fix openbsd mirror
|
- check_pkgmirror: fix openbsd mirror
|
||||||
|
|
||||||
|
### Removed
|
||||||
|
|
||||||
|
- check_wheel: wheel group mustn't be sudo because we use the evolinux-sudo group
|
||||||
|
|
||||||
## [22.11] - 2022-11-28
|
## [22.11] - 2022-11-28
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
|
@ -188,11 +188,6 @@ check_pfenabled(){
|
||||||
failed "IS_PFENABLED" "PF is disabled! Make sure pf=NO is absent from /etc/rc.conf.local and carefully run pfctl -e"
|
failed "IS_PFENABLED" "PF is disabled! Make sure pf=NO is absent from /etc/rc.conf.local and carefully run pfctl -e"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_wheel(){
|
|
||||||
if [ -f /etc/sudoers ]; then
|
|
||||||
grep -qE "^%wheel.*$" /etc/sudoers || failed "IS_WHEEL" ""
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
check_pkgmirror(){
|
check_pkgmirror(){
|
||||||
grep -qE "^https?://ftp\.evolix\.org/openbsd" /etc/installurl || failed "IS_PKGMIRROR" "Check whether the right repo is present in the /etc/installurl file"
|
grep -qE "^https?://ftp\.evolix\.org/openbsd" /etc/installurl || failed "IS_PKGMIRROR" "Check whether the right repo is present in the /etc/installurl file"
|
||||||
}
|
}
|
||||||
|
@ -212,12 +207,9 @@ check_ttyc0secure(){
|
||||||
check_customsyslog(){
|
check_customsyslog(){
|
||||||
grep -q EvoBSD /etc/newsyslog.conf || failed "IS_CUSTOMSYSLOG" ""
|
grep -q EvoBSD /etc/newsyslog.conf || failed "IS_CUSTOMSYSLOG" ""
|
||||||
}
|
}
|
||||||
check_sudomaint(){
|
check_doasmaint(){
|
||||||
file=/etc/sudoers
|
|
||||||
# shellcheck disable=SC2015
|
# shellcheck disable=SC2015
|
||||||
grep -q "Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh" $file \
|
grep -q "permit setenv {ENV PS1 SSH_AUTH_SOCK SSH_TTY} nopass :evolinux-ssh as root cmd /usr/share/scripts/evomaintenance.sh" /etc/doas.conf || failed "IS_DOASMAINT" "Make sure evomaintenance.sh permission are properly configured in /etc/doas.conf"
|
||||||
&& grep -q "%wheel ALL=NOPASSWD: MAINT" $file \
|
|
||||||
|| failed "IS_SUDOMAINT" ""
|
|
||||||
}
|
}
|
||||||
check_nrpe(){
|
check_nrpe(){
|
||||||
if ! is_installed monitoring-plugins || ! is_installed nrpe; then
|
if ! is_installed monitoring-plugins || ! is_installed nrpe; then
|
||||||
|
@ -540,13 +532,12 @@ main() {
|
||||||
test "${IS_CARPPREEMPT:=1}" = 1 && check_carppreempt
|
test "${IS_CARPPREEMPT:=1}" = 1 && check_carppreempt
|
||||||
test "${IS_REBOOTMAIL:=1}" = 1 && check_rebootmail
|
test "${IS_REBOOTMAIL:=1}" = 1 && check_rebootmail
|
||||||
test "${IS_PFENABLED:=1}" = 1 && check_pfenabled
|
test "${IS_PFENABLED:=1}" = 1 && check_pfenabled
|
||||||
test "${IS_WHEEL:=1}" = 1 && check_wheel
|
|
||||||
test "${IS_PKGMIRROR:=1}" = 1 && check_pkgmirror
|
test "${IS_PKGMIRROR:=1}" = 1 && check_pkgmirror
|
||||||
test "${IS_HISTORY:=1}" = 1 && check_history
|
test "${IS_HISTORY:=1}" = 1 && check_history
|
||||||
test "${IS_VIM:=1}" = 1 && check_vim
|
test "${IS_VIM:=1}" = 1 && check_vim
|
||||||
test "${IS_TTYC0SECURE:=1}" = 1 && check_ttyc0secure
|
test "${IS_TTYC0SECURE:=1}" = 1 && check_ttyc0secure
|
||||||
test "${IS_CUSTOMSYSLOG:=1}" = 1 && check_customsyslog
|
test "${IS_CUSTOMSYSLOG:=1}" = 1 && check_customsyslog
|
||||||
test "${IS_SUDOMAINT:=1}" = 1 && check_sudomaint
|
test "${IS_DOASMAINT:=1}" = 1 && check_doasmaint
|
||||||
test "${IS_NRPE:=1}" = 1 && check_nrpe
|
test "${IS_NRPE:=1}" = 1 && check_nrpe
|
||||||
test "${IS_RSYNC:=1}" = 1 && check_rsync
|
test "${IS_RSYNC:=1}" = 1 && check_rsync
|
||||||
test "${IS_CRONPATH:=1}" = 1 && check_cronpath
|
test "${IS_CRONPATH:=1}" = 1 && check_cronpath
|
||||||
|
|
Loading…
Reference in a new issue