Compare commits
3 commits
682cd3afaa
...
04139f3d60
Author | SHA1 | Date | |
---|---|---|---|
Jérémy Dubois | 04139f3d60 | ||
Jérémy Dubois | b6f4889ac5 | ||
Jérémy Dubois | b49a1fbea5 |
11
CHANGELOG
11
CHANGELOG
|
@ -7,6 +7,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||||
|
|
||||||
## [Unreleased]
|
## [Unreleased]
|
||||||
|
|
||||||
|
## [6.7.7] - 2020-10-22
|
||||||
|
|
||||||
|
### Added
|
||||||
|
|
||||||
|
- Add check_openvpncronlog : a cron is needed to rotate logs, because a restart of OpenVPN would be needed with the use of newsyslog to rotate logs
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
|
||||||
|
- Fix check_uptodate : properly check that syspatch exists
|
||||||
|
- Fix check_raidok : the same device could be displayed multiple times
|
||||||
|
|
||||||
## [6.7.6] - 2020-10-15
|
## [6.7.6] - 2020-10-15
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
13
evocheck.sh
13
evocheck.sh
|
@ -3,7 +3,7 @@
|
||||||
# EvoCheck
|
# EvoCheck
|
||||||
# Script to verify compliance of an OpenBSD server powered by Evolix
|
# Script to verify compliance of an OpenBSD server powered by Evolix
|
||||||
|
|
||||||
readonly VERSION="6.7.6"
|
readonly VERSION="6.7.7"
|
||||||
|
|
||||||
# Disable LANG*
|
# Disable LANG*
|
||||||
|
|
||||||
|
@ -121,7 +121,7 @@ check_raidok(){
|
||||||
egrep 'sd.*RAID' /var/run/dmesg.boot 1> /dev/null 2>&1
|
egrep 'sd.*RAID' /var/run/dmesg.boot 1> /dev/null 2>&1
|
||||||
RESULT=$?
|
RESULT=$?
|
||||||
if [ $RESULT -eq 0 ]; then
|
if [ $RESULT -eq 0 ]; then
|
||||||
raid_device=$(egrep 'sd.*RAID' /var/run/dmesg.boot | awk '{ print $1 }')
|
raid_device=$(egrep 'sd.*RAID' /var/run/dmesg.boot | awk '{ print $1 }' | tail -1)
|
||||||
raid_status=$(bioctl $raid_device | grep softraid | awk '{ print $3 }')
|
raid_status=$(bioctl $raid_device | grep softraid | awk '{ print $3 }')
|
||||||
if [ $raid_status != "Online" ]; then
|
if [ $raid_status != "Online" ]; then
|
||||||
failed "IS_RAIDOK" "One of the RAID disk members is faulty. Use bioctl -h $raid_device for more informations"
|
failed "IS_RAIDOK" "One of the RAID disk members is faulty. Use bioctl -h $raid_device for more informations"
|
||||||
|
@ -138,7 +138,7 @@ check_evobackup(){
|
||||||
}
|
}
|
||||||
|
|
||||||
check_uptodate(){
|
check_uptodate(){
|
||||||
if [ -f $(command -v syspatch) ]; then
|
if [ $(command -v syspatch) ]; then
|
||||||
if syspatch -c | egrep "." 1> /dev/null 2>&1; then
|
if syspatch -c | egrep "." 1> /dev/null 2>&1; then
|
||||||
failed "IS_UPTODATE" "Security update available! Update with syspatch(8)!"
|
failed "IS_UPTODATE" "Security update available! Update with syspatch(8)!"
|
||||||
fi
|
fi
|
||||||
|
@ -347,6 +347,12 @@ check_ntp(){
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
check_openvpncronlog(){
|
||||||
|
if /etc/rc.d/openvpn check > /dev/null 2>&1; then
|
||||||
|
grep -q 'cp /var/log/openvpn.log /var/log/openvpn.log.$(date +\\%F) && echo "$(date +\\%F. .\\%R) - logfile turned over via cron" > /var/log/openvpn.log && gzip /var/log/openvpn.log.$(date +\\%F) && find /var/log/ -type f -name "openvpn.log.\*" -mtime .365 -exec rm {} \\+' /var/cron/tabs/root || failed "IS_OPENVPNCRONLOG" "OpenVPN is enabled but there is no log rotation in the root crontab, or the cron is not up to date (OpenVPN log rotation in newsyslog is not used because a restart is needed)."
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
# Default return code : 0 = no error
|
# Default return code : 0 = no error
|
||||||
|
@ -387,6 +393,7 @@ main() {
|
||||||
test "${IS_SYNC:=1}" = 1 && check_sync
|
test "${IS_SYNC:=1}" = 1 && check_sync
|
||||||
test "${IS_DEFAULTROUTE:=1}" = 1 && check_defaultroute
|
test "${IS_DEFAULTROUTE:=1}" = 1 && check_defaultroute
|
||||||
test "${IS_NTP:=1}" = 1 && check_ntp
|
test "${IS_NTP:=1}" = 1 && check_ntp
|
||||||
|
test "${IS_OPENVPNCRONLOG:=1}" = 1 && check_openvpncronlog
|
||||||
|
|
||||||
exit ${RC}
|
exit ${RC}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue