evolix/evocheck
evolix/evocheck
21
2
Fork 2
Code Issues 48 Pull requests 5 Releases 37 Wiki Activity

IS_EVOMAINTENANCE_FW only if HOOK_DB is enabled
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse source
This commit is contained in:
Jérémy Lecour 2019-11-07 09:41:28 +01:00 committed by Jérémy Lecour
parent 349d77a2df
commit ae30d6555c
2 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG
View file

@ -7,6 +7,8 @@ and this project **does not adhere to [Semantic Versioning](http://semver.org/sp
### Changed
* IS_EVOMAINTENANCE_FW : warn only if HOOK_DB is enabled
### Fixed
* IS_TMPUSRRO : improve grep for options detection

5
evocheck.sh
View file

@ -444,9 +444,10 @@ check_squid() {
}
check_evomaintenance_fw() {
if [ -f "$MINIFW_FILE" ]; then
hook_db=$(grep -E '^\s*HOOK_DB' /etc/evomaintenance.cf | tr -d ' ' | cut -d= -f2)
rulesNumber=$(grep -c "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s .* -m state --state ESTABLISHED,RELATED -j ACCEPT" "$MINIFW_FILE")
if [ "$rulesNumber" -lt 2 ]; then
failed "IS_EVOMAINTENANCE_FW" "missing evomaintenance rules in minifirewall"
if [ "$hook_db" = "1" ] && [ "$rulesNumber" -lt 2 ]; then
failed "IS_EVOMAINTENANCE_FW" "HOOK_DB is enabled but missing evomaintenance rules in minifirewall"
fi
fi
}