remove all BSD specific code in Linux branch
This commit is contained in:
parent
cb8d8fa738
commit
d58c0dc335
|
@ -13,6 +13,8 @@ and this project **does not adhere to [Semantic Versioning](http://semver.org/sp
|
|||
|
||||
### Removed
|
||||
|
||||
* remove all BSD specific code
|
||||
|
||||
### Fixed
|
||||
|
||||
### Security
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
# EvoCheck
|
||||
# Script to verify compliance of a Debian/OpenBSD server
|
||||
# Script to verify compliance of a Linux (Debian) server
|
||||
# powered by Evolix
|
||||
|
||||
VERSION="22.07"
|
||||
|
@ -30,7 +30,7 @@ END
|
|||
}
|
||||
show_help() {
|
||||
cat <<END
|
||||
evocheck is a script that verifies Evolix conventions on Debian/OpenBSD servers.
|
||||
evocheck is a script that verifies Evolix conventions on Linux (Debian) servers.
|
||||
|
||||
Usage: evocheck
|
||||
or evocheck --cron
|
||||
|
@ -50,7 +50,6 @@ detect_os() {
|
|||
# OS detection
|
||||
DEBIAN_RELEASE=""
|
||||
LSB_RELEASE_BIN=$(command -v lsb_release)
|
||||
OPENBSD_RELEASE=""
|
||||
|
||||
if [ -e /etc/debian_version ]; then
|
||||
DEBIAN_VERSION=$(cut -d "." -f 1 < /etc/debian_version)
|
||||
|
@ -68,9 +67,6 @@ detect_os() {
|
|||
12) DEBIAN_RELEASE="bookworm";;
|
||||
esac
|
||||
fi
|
||||
elif [ "$(uname -s)" = "OpenBSD" ]; then
|
||||
# use a better release name
|
||||
OPENBSD_RELEASE=$(uname -r)
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -107,9 +103,6 @@ debian_release() {
|
|||
debian_version() {
|
||||
printf "%s" "${DEBIAN_VERSION}"
|
||||
}
|
||||
is_openbsd() {
|
||||
test -n "${OPENBSD_RELEASE}"
|
||||
}
|
||||
|
||||
is_pack_web(){
|
||||
test -e /usr/share/scripts/web-add.sh || test -e /usr/share/scripts/evoadmin/web-add.sh
|
||||
|
@ -1408,8 +1401,6 @@ download_versions() {
|
|||
|
||||
if is_debian; then
|
||||
versions_url="https://upgrades.evolix.org/versions-${DEBIAN_RELEASE}"
|
||||
elif is_openbsd; then
|
||||
versions_url="https://upgrades.evolix.org/versions-${OPENBSD_RELEASE}"
|
||||
else
|
||||
failed "IS_CHECK_VERSIONS" "error determining os release"
|
||||
fi
|
||||
|
@ -1536,10 +1527,6 @@ main() {
|
|||
main_output_file=$(mktemp --tmpdir="${TMPDIR:-/tmp}" "evocheck.main.XXXXX")
|
||||
files_to_cleanup="${files_to_cleanup} ${main_output_file}"
|
||||
|
||||
#-----------------------------------------------------------
|
||||
# Tests communs à tous les systèmes
|
||||
#-----------------------------------------------------------
|
||||
|
||||
test "${IS_TMP_1777:=1}" = 1 && check_tmp_1777
|
||||
test "${IS_ROOT_0700:=1}" = 1 && check_root_0700
|
||||
test "${IS_USRSHARESCRIPTS:=1}" = 1 && check_usrsharescripts
|
||||
|
@ -1549,13 +1536,6 @@ main() {
|
|||
test "${IS_EVOMAINTENANCECONF:=1}" = 1 && check_evomaintenanceconf
|
||||
test "${IS_PRIVKEYWOLRDREADABLE:=1}" = 1 && check_privatekeyworldreadable
|
||||
|
||||
#-----------------------------------------------------------
|
||||
# Vérifie si c'est une debian et fait les tests appropriés.
|
||||
#-----------------------------------------------------------
|
||||
|
||||
if is_debian; then
|
||||
MINIFW_FILE=$(minifirewall_file)
|
||||
|
||||
test "${IS_LSBRELEASE:=1}" = 1 && check_lsbrelease
|
||||
test "${IS_DPKGWARNING:=1}" = 1 && check_dpkgwarning
|
||||
test "${IS_UMASKSUDOERS:=1}" = 1 && check_umasksudoers
|
||||
|
@ -1661,109 +1641,6 @@ main() {
|
|||
test "${IS_NGINX_LETSENCRYPT_UPTODATE:=1}" = 1 && check_nginx_letsencrypt_uptodate
|
||||
test "${IS_LXC_CONTAINER_RESOLV_CONF:=1}" = 1 && check_lxc_container_resolv_conf
|
||||
test "${IS_CHECK_VERSIONS:=1}" = 1 && check_versions
|
||||
fi
|
||||
|
||||
#-----------------------------------------------------------
|
||||
# Tests spécifiques à OpenBSD
|
||||
#-----------------------------------------------------------
|
||||
|
||||
if is_openbsd; then
|
||||
|
||||
if [ "${IS_SOFTDEP:=1}" = 1 ]; then
|
||||
grep -q "softdep" /etc/fstab || failed "IS_SOFTDEP"
|
||||
fi
|
||||
|
||||
if [ "${IS_WHEEL:=1}" = 1 ]; then
|
||||
grep -qE "^%wheel.*$" /etc/sudoers || failed "IS_WHEEL"
|
||||
fi
|
||||
|
||||
if [ "${IS_SUDOADMIN:=1}" = 1 ]; then
|
||||
grep -qE "^User_Alias ADMIN=.*$" /etc/sudoers || failed "IS_SUDOADMIN"
|
||||
fi
|
||||
|
||||
if [ "${IS_PKGMIRROR:=1}" = 1 ]; then
|
||||
grep -qE "^export PKG_PATH=http://ftp\.fr\.openbsd\.org/pub/OpenBSD/[0-9.]+/packages/[a-z0-9]+/$" /root/.profile \
|
||||
|| failed "IS_PKGMIRROR"
|
||||
fi
|
||||
|
||||
if [ "${IS_HISTORY:=1}" = 1 ]; then
|
||||
f=/root/.profile
|
||||
{ grep -q "^HISTFILE=\$HOME/.histfile" $f \
|
||||
&& grep -q "^export HISTFILE" $f \
|
||||
&& grep -q "^HISTSIZE=1000" $f \
|
||||
&& grep -q "^export HISTSIZE" $f;
|
||||
} || failed "IS_HISTORY"
|
||||
fi
|
||||
|
||||
if [ "${IS_VIM:=1}" = 1 ]; then
|
||||
command -v vim > /dev/null 2>&1 || failed "IS_VIM"
|
||||
fi
|
||||
|
||||
if [ "${IS_TTYC0SECURE:=1}" = 1 ]; then
|
||||
grep -Eqv "^ttyC0.*secure$" /etc/ttys || failed "IS_TTYC0SECURE"
|
||||
fi
|
||||
|
||||
if [ "${IS_CUSTOMSYSLOG:=1}" = 1 ]; then
|
||||
grep -q "Evolix" /etc/newsyslog.conf || failed "IS_CUSTOMSYSLOG"
|
||||
fi
|
||||
|
||||
if [ "${IS_NOINETD:=1}" = 1 ]; then
|
||||
grep -q "inetd=NO" /etc/rc.conf.local 2>/dev/null || failed "IS_NOINETD"
|
||||
fi
|
||||
|
||||
if [ "${IS_SUDOMAINT:=1}" = 1 ]; then
|
||||
f=/etc/sudoers
|
||||
{ grep -q "Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh" $f \
|
||||
&& grep -q "ADMIN ALL=NOPASSWD: MAINT" $f;
|
||||
} || failed "IS_SUDOMAINT"
|
||||
fi
|
||||
|
||||
if [ "${IS_POSTGRESQL:=1}" = 1 ]; then
|
||||
pkg info | grep -q postgresql-client || failed "IS_POSTGRESQL" "postgresql-client is not installed"
|
||||
fi
|
||||
|
||||
if [ "${IS_NRPE:=1}" = 1 ]; then
|
||||
{ pkg info | grep -qE "nagios-plugins-[0-9.]" \
|
||||
&& pkg info | grep -q nagios-plugins-ntp \
|
||||
&& pkg info | grep -q nrpe;
|
||||
} || failed "IS_NRPE" "NRPE is not installed"
|
||||
fi
|
||||
|
||||
# if [ "${IS_NRPEDISKS:=1}" = 1 ]; then
|
||||
# NRPEDISKS=$(grep command.check_disk /etc/nrpe.cfg 2>/dev/null | grep "^command.check_disk[0-9]" | sed -e "s/^command.check_disk\([0-9]\+\).*/\1/" | sort -n | tail -1)
|
||||
# DFDISKS=$(df -Pl | grep -E -v "(^Filesystem|/lib/init/rw|/dev/shm|udev|rpc_pipefs)" | wc -l)
|
||||
# [ "$NRPEDISKS" = "$DFDISKS" ] || failed "IS_NRPEDISKS"
|
||||
# fi
|
||||
|
||||
# Verification du check_mailq dans nrpe.cfg (celui-ci doit avoir l'option "-M postfix" si le MTA est Postfix)
|
||||
#
|
||||
# if [ "${IS_NRPEPOSTFIX:=1}" = 1 ]; then
|
||||
# pkg info | grep -q postfix && ( grep -q "^command.*check_mailq -M postfix" /etc/nrpe.cfg 2>/dev/null || failed "IS_NRPEPOSTFIX" )
|
||||
# fi
|
||||
|
||||
if [ "${IS_NRPEDAEMON:=1}" = 1 ]; then
|
||||
grep -q "echo -n ' nrpe'; /usr/local/sbin/nrpe -d" /etc/rc.local \
|
||||
|| failed "IS_NREPEDAEMON"
|
||||
fi
|
||||
|
||||
if [ "${IS_ALERTBOOT:=1}" = 1 ]; then
|
||||
grep -qE "^date \| mail -sboot/reboot .*evolix.fr$" /etc/rc.local \
|
||||
|| failed "IS_ALERTBOOT"
|
||||
fi
|
||||
|
||||
if [ "${IS_RSYNC:=1}" = 1 ]; then
|
||||
pkg info | grep -q rsync || failed "IS_RSYNC"
|
||||
fi
|
||||
|
||||
if [ "${IS_CRONPATH:=1}" = 1 ]; then
|
||||
grep -q "PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" /var/cron/tabs/root \
|
||||
|| failed "IS_CRONPATH"
|
||||
fi
|
||||
|
||||
#TODO
|
||||
# - Check en profondeur de postfix
|
||||
# - NRPEDISK et NRPEPOSTFIX
|
||||
fi
|
||||
|
||||
if [ -f "${main_output_file}" ]; then
|
||||
lines_found=$(wc -l < "${main_output_file}")
|
||||
|
|
Loading…
Reference in a new issue