|
|
|
@ -205,11 +205,21 @@ check_debiansecurity_lxc() {
|
|
|
|
|
if is_installed lxc; then
|
|
|
|
|
container_list=$(lxc-ls)
|
|
|
|
|
for container in $container_list; do
|
|
|
|
|
DEBIAN_LXC_VERSION=$(cut -d "." -f 1 < /var/lib/lxc/${container}/rootfs/etc/debian_version)
|
|
|
|
|
if [ $DEBIAN_LXC_VERSION -ge 9 ]; then
|
|
|
|
|
lxc-attach --name $container apt-cache policy | grep "\bl=Debian-Security\b" | grep "\bo=Debian\b" | grep --quiet "\bc=main\b"
|
|
|
|
|
test $? -eq 0 || failed "IS_DEBIANSECURITY_LXC" "missing Debian-Security repository in container ${container}"
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
check_backports_version() {
|
|
|
|
|
# Look for enabled "Debian Backports" sources from the "Debian" origin
|
|
|
|
|
apt-cache policy | grep "\bl=Debian Backports\b" | grep "\bo=Debian\b" | grep --quiet "\bc=main\b"
|
|
|
|
|
test $? -eq 1 || ( \
|
|
|
|
|
apt-cache policy | grep "\bl=Debian Backports\b" | grep --quiet "\bn=${DEBIAN_RELEASE}-backports\b" && \
|
|
|
|
|
test $? -eq 0 || failed "IS_BACKPORTS_VERSION" "Debian Backports enabled for another release than ${DEBIAN_RELEASE}" )
|
|
|
|
|
}
|
|
|
|
|
check_oldpub() {
|
|
|
|
|
# Look for enabled pub.evolix.net sources (supersed by pub.evolix.org since Stretch)
|
|
|
|
|
apt-cache policy | grep --quiet pub.evolix.net
|
|
|
|
@ -676,7 +686,7 @@ check_phpmyadminapacheconf() {
|
|
|
|
|
check_kerneluptodate() {
|
|
|
|
|
if is_installed linux-image*; then
|
|
|
|
|
# shellcheck disable=SC2012
|
|
|
|
|
kernel_installed_at=$(date -d "$(ls --full-time -lcrt /boot | tail -n1 | awk '{print $6}')" +%s)
|
|
|
|
|
kernel_installed_at=$(date -d "$(ls --full-time -lcrt /boot/*lin* | tail -n1 | awk '{print $6}')" +%s)
|
|
|
|
|
last_reboot_at=$(($(date +%s) - $(cut -f1 -d '.' /proc/uptime)))
|
|
|
|
|
if [ "$kernel_installed_at" -gt "$last_reboot_at" ]; then
|
|
|
|
|
failed "IS_KERNELUPTODATE" "machine is running an outdated kernel, reboot advised"
|
|
|
|
@ -1553,6 +1563,7 @@ main() {
|
|
|
|
|
test "${IS_SYSLOGCONF:=1}" = 1 && check_syslogconf
|
|
|
|
|
test "${IS_DEBIANSECURITY:=1}" = 1 && check_debiansecurity
|
|
|
|
|
test "${IS_DEBIANSECURITY_LXC:=1}" = 1 && check_debiansecurity_lxc
|
|
|
|
|
test "${IS_BACKPORTS_VERSION:=1}" = 1 && check_backports_version
|
|
|
|
|
test "${IS_OLDPUB:=1}" = 1 && check_oldpub
|
|
|
|
|
test "${IS_OLDPUB_LXC:=1}" = 1 && check_oldpub_lxc
|
|
|
|
|
test "${IS_NEWPUB:=1}" = 1 && check_newpub
|
|
|
|
|