evolix/evocheck
evolix/evocheck
21
2
Fork 2
Code Issues 48 Pull requests 5 Releases 37 Wiki Activity
323 commits 21 branches 50 tags 1.5 MiB
Commit graph

252 commits

Author SHA1 Message Date
Benoît S. cd38bbaab4 IS_EVOACME_LIVELINKS: Add a condition when there is no certificates 2018-07-05 10:19:43 +02:00
Benoît S. 08b5ae0819 Fix: IS_APACHE_CONFENABLED only when apache2.conf exists. 2018-07-02 15:41:15 +02:00
Benoît S. 7ddb75fb5b Fix: IS_APACHE_CONFENABLED is only for Jessie or Stretch 2018-06-29 14:17:05 +02:00
Benoît S. 8e2741dd99 Squashed commit of the following: 
commit db23167246
Author: Benoît S <bserie@evolix.fr>
Date:   Thu Jun 28 11:48:22 2018 +0200

    Add a check for kernel config gile

commit ae1ec7b2b9
Author: Benoît S <bserie@evolix.fr>
Date:   Wed Jun 27 18:01:07 2018 +0200

    Redo the jessie part

commit 62b61aabf1
Author: Benoît S <bserie@evolix.fr>
Date:   Wed Jun 27 17:49:44 2018 +0200

    Well... For Stretch use only /sys/devices/system/cpu/vulnerabilities/

commit 33b19090e6
Author: Benoît S <bserie@evolix.fr>
Date:   Wed Jun 27 17:45:11 2018 +0200

    Add check for spectre v2

commit 3451218a16
Author: Benoît S <bserie@evolix.fr>
Date:   Wed Jun 27 17:33:24 2018 +0200

    Do not use the BOOT_IMAGE trick

commit ee60e28a5a
Author: Benoît S <bserie@evolix.fr>
Date:   Wed Jun 27 17:30:18 2018 +0200

    We cannot rely on dmesg

commit 57bd4312ce
Author: Benoît.S <benpro@benpro.fr>
Date:   Thu Jan 11 14:46:46 2018 +0100

    Breakline indentation

commit d2278292cc
Author: Benoît.S <benpro@benpro.fr>
Date:   Thu Jan 11 14:45:12 2018 +0100

    Diffrent test for Jessie kernel

commit 1418d4306e
Author: Benoît.S <benpro@benpro.fr>
Date:   Thu Jan 11 11:52:43 2018 +0100

    Modified Meltdown check to handle kaiser and pti

commit 2c6d075e2a
Author: Benoît.S <benpro@benpro.fr>
Date:   Thu Jan 11 11:24:42 2018 +0100

    Add IS_MELTDOWN

    We check kaiser flags in /proc/cpuinfo and CONFIG_PAGE_TABLE_ISOLATION in
    kernel config file.
 2018-06-28 11:52:31 +02:00
Benoît S. d914dd9003 Implement IS_APACHE_CONFENABLED 2018-06-27 15:20:39 +02:00
Benoît S. e5ca035516 Add a line 2018-06-13 18:10:14 +02:00
Benoît S. 6bce242efb Merge branch 'master' into 35-is_evoacme_certbotcron 2018-06-13 18:09:27 +02:00
Benoît S. 5fc12657d3 Check evoacme file cron 2018-06-13 18:03:14 +02:00
Benoît S. 9c5f8653fd IS_EVOACME_LIVELINKS: Only executed if evoacme installed 2018-05-28 11:49:57 +02:00
Benoît S. a6b54d99e9 Add IS_EVOACME_LIVELINKS check 2018-05-25 17:55:12 +02:00
Benoît S. fee78ee9f4 IS_DUPLICATE_FS_LABEL: Add a space for the grep pattern 
Otherwise it will match PARTLABEL, we want only LABEL.
 2018-04-10 15:44:59 +02:00
Benoît S. 217e8b1115 Missing fi 2018-04-10 15:16:37 +02:00
Benoît S. 75e69e1440 Use blkid in place of lsblk 2018-04-10 15:14:54 +02:00
Jérémy Lecour 9c221e2919 Use "grep -E" instead of "egrep" (deprecated) 2018-03-29 22:31:50 +02:00
Jérémy Lecour 80a07783c8 IS_SSHALLOWUSERS is looking for AllowUsers or AllowGroups 2018-03-29 22:30:31 +02:00
Jérémy Lecour c1866836aa whitespaces 2018-03-29 22:29:50 +02:00
Romain Dessort 92b18e201c Fix evoqa #3623: custom limit for IS_NOTUPGRADED 
Set higher time limit for servers not being part of the regular upgrade
process:
  - if mails are sent to listupgrade-todo@
  - or if listupgrade.sh is not executed on a weekly basis.
 2018-03-23 17:47:17 -04:00
Romain Dessort 76575e9fb1 evoqa #4994: check presence of evolix user 2018-03-23 17:46:11 -04:00
Benoît S. f686aad9a5 Merge branch 'master' into '19-detect-depulicate-filesystem-labels' 
# Conflicts:
#   evocheck.sh
 2018-03-19 14:53:44 +01:00
Benoît S. 12d5205485 Added the test to found duplicate 2018-03-19 14:51:18 +01:00
Benoît S. 8963a85269 Move the detection of minifirewall config 2018-03-15 17:53:58 +01:00
Benoît S. e5594f3f1b IS_EVOMAINTENANCE_FW: Fix wrong variable 2018-03-15 17:51:12 +01:00
Daniel Jakots 75fbba7644 Set at the beginning $MINIFW_FILE and use it 2018-03-15 12:44:23 -04:00
Benoît S. d0975f7719 First implementatio for IS_EVOMAINTENANCE_FW 
We check if there is at least the 4 evomaintenance rules.
 2018-03-15 16:13:20 +01:00
Benoît S. 36822bf383 WIP #19: Detect duplicate LABEL entries 2018-03-09 18:05:09 +01:00
Benoît S. 0dec7c6545 Fix #21. IS_EVOBACKUP was disabled and using bad grep pattern 2018-03-09 15:22:08 +01:00
Benoît S. 7d1082d585 Well... Don't need for failed variable after all. 2018-02-23 11:13:01 +01:00
Benoît S. 39ac9e8d24 IS_MYSQLMUNIN: Break lines and add a break 2018-02-22 10:21:12 +01:00
Gregory Colpart 0d68452dcc avoid too much FAILED for IS_MYSQLMUNIN 2018-02-19 23:26:53 +01:00
Gregory Colpart 7d7e289817 suppress stderr output in any case 2018-02-19 22:23:53 +01:00
Benoît.S 034b88faa4 IS_UPTIME in --cron mode && IS_NOTUPGRADED at 90d 2018-01-31 16:25:28 +01:00
Benoît.S b62a9f606e We don't manage systemd-network yet 
Added a IS_NETWORK_INTERFACES and disabling IS_AUTOIF and IS_INTERFACESGW if
IS_NETWORK_INTERFACES failing.
 2018-01-22 16:55:42 +01:00
Benoît S. f78628c1d7 Fix #15. Add mysql_ prefix for munin plugin check 2017-12-20 10:06:39 +01:00
Benoît.S 15c323f56b Add MOUNT_FSTAB check 2017-12-08 15:56:31 +01:00
Benoît.S 99451d54a8 Add ELASTIC_BACKUP check 2017-12-06 11:05:02 +01:00
Benoît.S 09c4e5f5b2 Add REDIS_BACKUP check 2017-12-06 10:49:52 +01:00
Benoît.S 824e0fcf55 Missing IS_LDAP_BACKUP=1 2017-12-06 10:46:08 +01:00
Benoît.S 35f0cc3c86 Add MONGO_BACKUP check 2017-12-06 10:42:16 +01:00
Benoît.S 227249f411 Add POSTGRES_BACKUP check 2017-12-06 10:28:39 +01:00
Benoît.S 6c37875d1f Add LDAP_BACKUP check 2017-12-06 10:14:17 +01:00
Benoît.S f527e92ce4 Only check if file exist 2017-12-06 10:06:03 +01:00
Benoît.S 340c686b03 Implement EvoQA#3332. Check for SQL backup. 2017-12-05 18:03:40 +01:00
Benoît S. eeca2fab19 Don't match start of line 
While inverse grepping some interface names, don't match the start of the line.
 2017-11-22 11:31:24 +01:00
Benoît S. a9cbeca7cc Use group evolinux-sudo for Debian >=9 2017-11-14 17:35:23 +01:00
Benoît.S 85c757d9d4 Test if /etc/apache2 is present 
Otherwise this check will always fail on non-apache server...
 2017-11-10 11:06:33 +01:00
Benoît S. 31518d39b1 For IS_LOG2MAILMYSQL, better grep. 
Because we can have /etc/log2mail/config/{default,mysql,mysql.conf} ⋅ ⋅ ⋅
 2017-10-26 11:51:13 +02:00
Jérémy Lecour 0d4bd0a717 AUTOIF: on stretch, only look for UP interfaces 2017-10-04 14:11:50 +02:00
Romain Dessort 76495a204c Fix IS_BROADCOMFIRMWARE and IS_HARDWARERAIDTOOL checks 2017-10-02 16:39:13 -04:00
Romain Dessort f90b1d9e71 Use python instead of bc to get percentage of reserved blocks 
bc is not installed on all servers.
 2017-10-02 16:23:04 -04:00
Romain Dessort 3453423579 Add some checks for stretch 2017-10-02 15:05:24 -04:00
Jérémy Lecour 848a97883a Revert "IS_MYSQLUTILS: better check for mytop user" 
This reverts commit 604c313c90.
 2017-09-22 11:01:04 +02:00
Jérémy Lecour 604c313c90 IS_MYSQLUTILS: better check for mytop user 
The 'debian-sys-maint' user is not necessarily the best one to use with mytop.
We just need to check that the mytop config file contains a user value.

The regular expression checks that :
* there is a line beggining with "user" (not commented)
* it is a variable assignent with optional spaces
* the value is 1 or more non-whitespace characters
 2017-09-22 09:43:31 +02:00
Gregory Colpart 7314ffc631 Fix squid conffile in stretch 2017-09-14 01:18:32 +02:00
Gregory Colpart 1b843937b0 web-add.sh can be in new path 2017-09-14 01:18:32 +02:00
Gregory Colpart 80a2d4a2b6 no need of ';' avec return 0 2017-09-14 01:18:32 +02:00
Romain Dessort 69a61bcc51 Check for world readable private keys 2017-09-11 11:16:42 -04:00
Romain Dessort 9e21e22414 Check for /etc/evomaintenance.cf permissions 2017-09-11 10:11:58 -04:00
Benoît S. 461dec1a37 Missing () for the condition 2017-09-07 11:53:16 +02:00
Romain Dessort 67665c2738 Fix IS_SQUID in stretch 2017-08-31 12:41:18 -04:00
Romain Dessort d30b1dbace Fix Grégory's fix about IS_APACHEMUNIN for non-stretch machines 2017-08-31 12:34:58 -04:00
Romain Dessort 516adc25f9 Improve previous commit for mytop check 2017-08-31 12:23:21 -04:00
Romain Dessort b2fa3073c0 mytop is now part of mariadb-client 2017-08-31 11:24:02 -04:00
Gregory Colpart 2eddb6b1bf Fix IS_APACHEMUNIN check in Stretch 2017-08-22 03:42:16 +02:00
Gregory Colpart a2839d24c0 Forget -q in grep 2017-08-22 03:19:16 +02:00
Gregory Colpart cb7a0adf79 Fix vlan interfaces in Debian 9 2017-08-22 03:18:04 +02:00
Romain Dessort 18ca4d4845 TMOUT is now set in /etc/profile.d/evolinux.sh 2017-08-14 11:02:18 -04:00
Gregory Colpart fee216b218 autorize no PermitRoot option for Stretch because default is secure 2017-07-11 00:21:52 +02:00
Gregory Colpart 03db1f93ba Improve check (avoid warning) 2017-07-11 00:05:43 +02:00
Gregory Colpart 53c67a0157 For Stretch (we don't use anymore listchanges) 2017-07-10 23:41:04 +02:00
Romain Dessort 87e280895f Allow use of env= in Allow from directives. 2017-07-07 16:34:46 -04:00
Benoît S. 6869dba9fb Added a protection in case of buggy partition. 
Like I/O error.
 2017-06-01 15:38:18 +02:00
Benoît S. 5b6e30d992 Added check IS_TUNE2FS_M5. 2017-05-31 16:01:19 +02:00
Romain Dessort 81c28cd59e Increase grace for IS_NOTUPGRADED 2017-04-03 08:44:46 -04:00
Romain Dessort acca5f226e Fix #1959. IS_BACKUPUPTODATE now fails if files are older than 2 day 2017-02-03 10:44:36 -05:00
Romain Dessort 3a5fe95bed Add tun to interfaces to exclude 2017-02-03 10:42:30 -05:00
Romain Dessort ee3d82b5c6 Fix comment for IS_NOTUPGRADED check 2016-11-30 11:49:38 -05:00
Romain Dessort ec677f720d Add a check to ensure system is upgraded periodically 2016-11-30 11:39:25 -05:00
Benoît S. 43bc39a72d Implement #1957. IS_APTGETBAK 2016-08-31 15:38:38 +02:00
Romain Dessort dbe53542f0 Fix parenthesis in condition for Squeeze. 2016-06-30 08:12:27 -04:00
Gregory Colpart 0b39053882 Fix check when there is no partitions /usr /tmp in Jessie 2016-06-24 01:37:46 +02:00
Romain Dessort 16a53a5dc6 Add check for /etc/.git/ permissions. 2016-06-16 12:08:22 -04:00
Romain Dessort 251f02ac1a Fix some bugs. 2016-06-03 11:29:45 -04:00
Romain Dessort 3b59217d0d Fix #1861. More explicit check for NRPE pid. 2016-05-13 10:42:53 -04:00
Romain Dessort b7c41b9181 Fix #1864. Add quotes to avoid error in comparaison. 2016-05-13 10:34:28 -04:00
Romain Dessort 62b13e9e77 Exclude macvtap interfaces from check. 2016-05-12 19:59:26 -04:00
Romain Dessort 3c9ba79ad5 Missing quiet option for grep. 2016-05-12 19:59:01 -04:00
Romain Dessort 0325dc93e4 In case of many generated graphs, take the newest. 2016-05-12 14:21:32 -04:00
Romain Dessort b8969e6f12 IPv6 compatible regexp for BINDCHROOT. 2016-05-12 14:20:57 -04:00
Romain Dessort 5ec7be4111 Check mtime of images only with graph_strategy = cron. 2016-05-12 13:37:58 -04:00
Romain Dessort 57a68cdd1d Fix first regexp in 'IS_APACHEIPINALLOW check. 2016-05-12 13:37:25 -04:00
Romain Dessort ef262a8272 Improve/simplify regexp to support IPv6, netmasks and ignore commented lines. 2016-05-12 12:24:55 -04:00
Romain Dessort 4509f6d0e4 IS_BINDCHROOT is relevant only if bind listen to public interface. 2016-05-12 12:23:58 -04:00
Romain Dessort 89c58093f8 Replace uptime -s by /proc/uptime 
Since uptime -s does not exist on <Jessie.
 2016-05-12 11:43:16 -04:00
Romain Dessort 5c66992f03 Fix bad regexp in IS_INTERFACESGW check. 2016-05-11 14:14:23 -04:00
Benoît S. d4813d7280 Fixed condition in IS_APACHEIPINALLOW. 2016-05-11 11:25:25 +02:00
Benoît S. 97b064e426 Fixed errors in code. 2016-05-11 11:21:23 +02:00
Romain Dessort 199c3952f1 Typo in some added checks 2016-05-10 18:24:46 -04:00
Romain Dessort 40d0536aa0 Fix #1854. Add NRPEPID check for wheezy and newer. 2016-05-10 18:23:48 -04:00
Romain Dessort 452b8eea32 Fix #1675. Add check to ensure files are up-to-date in /home/backup/. 2016-05-10 18:17:02 -04:00
Romain Dessort 83c0371334 Add option to skip KERNELUPTODATE check. 2016-05-10 17:58:04 -04:00