Buster release #110
194
evocheck.sh
194
evocheck.sh
|
@ -59,6 +59,7 @@ detect_os() {
|
||||||
7) DEBIAN_RELEASE="wheezy";;
|
7) DEBIAN_RELEASE="wheezy";;
|
||||||
8) DEBIAN_RELEASE="jessie";;
|
8) DEBIAN_RELEASE="jessie";;
|
||||||
9) DEBIAN_RELEASE="stretch";;
|
9) DEBIAN_RELEASE="stretch";;
|
||||||
|
10) DEBIAN_RELEASE="buster";;
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
elif [ "$(uname -s)" = "OpenBSD" ]; then
|
elif [ "$(uname -s)" = "OpenBSD" ]; then
|
||||||
|
@ -85,6 +86,9 @@ is_debian_jessie() {
|
||||||
is_debian_stretch() {
|
is_debian_stretch() {
|
||||||
test "${DEBIAN_RELEASE}" = "stretch"
|
test "${DEBIAN_RELEASE}" = "stretch"
|
||||||
}
|
}
|
||||||
|
is_debian_buster() {
|
||||||
|
test "${DEBIAN_RELEASE}" = "buster"
|
||||||
|
}
|
||||||
debian_release() {
|
debian_release() {
|
||||||
printf "%s" "${DEBIAN_RELEASE}"
|
printf "%s" "${DEBIAN_RELEASE}"
|
||||||
}
|
}
|
||||||
|
@ -159,7 +163,7 @@ check_dpkgwarning() {
|
||||||
test -e /etc/apt/apt.conf \
|
test -e /etc/apt/apt.conf \
|
||||||
&& failed "IS_DPKGWARNING" "/etc/apt/apt.conf is missing"
|
&& failed "IS_DPKGWARNING" "/etc/apt/apt.conf is missing"
|
||||||
fi
|
fi
|
||||||
elif is_debian_stretch; then
|
elif is_debian_stretch || is_debian_buster; then
|
||||||
test -e /etc/apt/apt.conf.d/z-evolinux.conf \
|
test -e /etc/apt/apt.conf.d/z-evolinux.conf \
|
||||||
|| failed "IS_DPKGWARNING" "/etc/apt/apt.conf.d/z-evolinux.conf is missing"
|
|| failed "IS_DPKGWARNING" "/etc/apt/apt.conf.d/z-evolinux.conf is missing"
|
||||||
fi
|
fi
|
||||||
|
@ -224,12 +228,12 @@ check_aptitudeonly() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_aptitude() {
|
check_aptitude() {
|
||||||
if is_debian_jessie || is_debian_stretch; then
|
if is_debian_jessie || is_debian_stretch || is_debian_buster; then
|
||||||
test -e /usr/bin/aptitude && failed "IS_APTITUDE"
|
test -e /usr/bin/aptitude && failed "IS_APTITUDE"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_aptgetbak() {
|
check_aptgetbak() {
|
||||||
if is_debian_jessie || is_debian_stretch; then
|
if is_debian_jessie || is_debian_stretch || is_debian_buster; then
|
||||||
test -e /usr/bin/apt-get.bak && failed "IS_APTGETBAK"
|
test -e /usr/bin/apt-get.bak && failed "IS_APTGETBAK"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -259,9 +263,9 @@ check_mountfstab() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_listchangesconf() {
|
check_listchangesconf() {
|
||||||
if is_debian_stretch; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
if is_installed apt-listchanges; then
|
if is_installed apt-listchanges; then
|
||||||
failed "IS_LISTCHANGESCONF" "apt-listchanges must not be installed on Stretch"
|
failed "IS_LISTCHANGESCONF" "apt-listchanges must not be installed on Debian >=9"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
if [ -e "/etc/apt/listchanges.conf" ]; then
|
if [ -e "/etc/apt/listchanges.conf" ]; then
|
||||||
|
@ -288,18 +292,29 @@ check_tmoutprofile() {
|
||||||
grep -sq "TMOUT=" /etc/profile /etc/profile.d/evolinux.sh || failed "IS_TMOUTPROFILE" "TMOUT is not set"
|
grep -sq "TMOUT=" /etc/profile /etc/profile.d/evolinux.sh || failed "IS_TMOUTPROFILE" "TMOUT is not set"
|
||||||
}
|
}
|
||||||
check_alert5boot() {
|
check_alert5boot() {
|
||||||
if [ -n "$(find /etc/rc2.d/ -name 'S*alert5')" ]; then
|
if is_debian_buster; then
|
||||||
grep -q "^date" /etc/rc2.d/S*alert5 || failed "IS_ALERT5BOOT" "boot mail is not sent by alert5 init script"
|
grep -qs "^date" /usr/share/scripts/alert5.sh || failed "IS_ALERT5BOOT" "boot mail is not sent by alert5 init script"
|
||||||
|
test -f /etc/systemd/system/alert5.service || failed "IS_ALERT5BOOT" "alert5 unit file is missing"
|
||||||
|
systemctl is-enabled alert5 -q || failed "IS_ALERT5BOOT" "alert5 unit is not enabled"
|
||||||
else
|
else
|
||||||
failed "IS_ALERT5BOOT" "alert5 init script is missing"
|
if [ -n "$(find /etc/rc2.d/ -name 'S*alert5')" ]; then
|
||||||
|
grep -q "^date" /etc/rc2.d/S*alert5 || failed "IS_ALERT5BOOT" "boot mail is not sent by alert5 init script"
|
||||||
|
else
|
||||||
|
failed "IS_ALERT5BOOT" "alert5 init script is missing"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_alert5minifw() {
|
check_alert5minifw() {
|
||||||
if [ -n "$(find /etc/rc2.d/ -name 'S*alert5')" ]; then
|
if is_debian_buster; then
|
||||||
grep -q "^/etc/init.d/minifirewall" /etc/rc2.d/S*alert5 \
|
grep -qs "^/etc/init.d/minifirewall" /usr/share/scripts/alert5.sh \
|
||||||
|| failed "IS_ALERT5MINIFW" "Minifirewall is not started by alert5 init script"
|
|| failed "IS_ALERT5MINIFW" "Minifirewall is not started by alert5 script or script is missing"
|
||||||
else
|
else
|
||||||
failed "IS_ALERT5MINIFW" "alert5 init script is missing"
|
if [ -n "$(find /etc/rc2.d/ -name 'S*alert5')" ]; then
|
||||||
|
grep -q "^/etc/init.d/minifirewall" /etc/rc2.d/S*alert5 \
|
||||||
|
|| failed "IS_ALERT5MINIFW" "Minifirewall is not started by alert5 init script"
|
||||||
|
else
|
||||||
|
failed "IS_ALERT5MINIFW" "alert5 init script is missing"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_minifw() {
|
check_minifw() {
|
||||||
|
@ -341,7 +356,7 @@ check_grsecprocs() {
|
||||||
}
|
}
|
||||||
check_apachemunin() {
|
check_apachemunin() {
|
||||||
if test -e /etc/apache2/apache2.conf; then
|
if test -e /etc/apache2/apache2.conf; then
|
||||||
if is_debian_stretch; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
{ test -h /etc/apache2/mods-enabled/status.load \
|
{ test -h /etc/apache2/mods-enabled/status.load \
|
||||||
&& test -h /etc/munin/plugins/apache_accesses \
|
&& test -h /etc/munin/plugins/apache_accesses \
|
||||||
&& test -h /etc/munin/plugins/apache_processes \
|
&& test -h /etc/munin/plugins/apache_processes \
|
||||||
|
@ -399,7 +414,7 @@ check_muninlogrotate() {
|
||||||
}
|
}
|
||||||
# Verification de l'activation de Squid dans le cas d'un pack mail
|
# Verification de l'activation de Squid dans le cas d'un pack mail
|
||||||
check_squid() {
|
check_squid() {
|
||||||
if is_debian_stretch; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
squidconffile="/etc/squid/evolinux-custom.conf"
|
squidconffile="/etc/squid/evolinux-custom.conf"
|
||||||
else
|
else
|
||||||
squidconffile="/etc/squid*/squid.conf"
|
squidconffile="/etc/squid*/squid.conf"
|
||||||
|
@ -440,7 +455,7 @@ check_log2mailrunning() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_log2mailapache() {
|
check_log2mailapache() {
|
||||||
if is_debian_stretch; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
conf=/etc/log2mail/config/apache
|
conf=/etc/log2mail/config/apache
|
||||||
else
|
else
|
||||||
conf=/etc/log2mail/config/default
|
conf=/etc/log2mail/config/default
|
||||||
|
@ -499,7 +514,7 @@ check_network_interfaces() {
|
||||||
}
|
}
|
||||||
# Verify if all if are in auto
|
# Verify if all if are in auto
|
||||||
check_autoif() {
|
check_autoif() {
|
||||||
if is_debian_stretch; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
interfaces=$(/sbin/ip address show up | grep "^[0-9]*:" | grep -E -v "(lo|vnet|docker|veth|tun|tap|macvtap)" | cut -d " " -f 2 | tr -d : | cut -d@ -f1 | tr "\n" " ")
|
interfaces=$(/sbin/ip address show up | grep "^[0-9]*:" | grep -E -v "(lo|vnet|docker|veth|tun|tap|macvtap)" | cut -d " " -f 2 | tr -d : | cut -d@ -f1 | tr "\n" " ")
|
||||||
else
|
else
|
||||||
interfaces=$(/sbin/ifconfig -s | tail -n +2 | grep -E -v "^(lo|vnet|docker|veth|tun|tap|macvtap)" | cut -d " " -f 1 |tr "\n" " ")
|
interfaces=$(/sbin/ifconfig -s | tail -n +2 | grep -E -v "^(lo|vnet|docker|veth|tun|tap|macvtap)" | cut -d " " -f 1 |tr "\n" " ")
|
||||||
|
@ -712,7 +727,7 @@ check_tune2fs_m5() {
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
check_evolinuxsudogroup() {
|
check_evolinuxsudogroup() {
|
||||||
if is_debian_stretch; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
if grep -q "^evolinux-sudo:" /etc/group; then
|
if grep -q "^evolinux-sudo:" /etc/group; then
|
||||||
grep -q '^%evolinux-sudo ALL=(ALL:ALL) ALL' /etc/sudoers.d/evolinux \
|
grep -q '^%evolinux-sudo ALL=(ALL:ALL) ALL' /etc/sudoers.d/evolinux \
|
||||||
|| failed "IS_EVOLINUXSUDOGROUP"
|
|| failed "IS_EVOLINUXSUDOGROUP"
|
||||||
|
@ -720,7 +735,7 @@ check_evolinuxsudogroup() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_userinadmgroup() {
|
check_userinadmgroup() {
|
||||||
if is_debian_stretch; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
users=$(grep "^evolinux-sudo:" /etc/group | awk -F: '{print $4}' | tr ',' ' ')
|
users=$(grep "^evolinux-sudo:" /etc/group | awk -F: '{print $4}' | tr ',' ' ')
|
||||||
for user in $users; do
|
for user in $users; do
|
||||||
if ! groups "$user" | grep -q adm; then
|
if ! groups "$user" | grep -q adm; then
|
||||||
|
@ -731,15 +746,17 @@ check_userinadmgroup() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_apache2evolinuxconf() {
|
check_apache2evolinuxconf() {
|
||||||
if is_debian_stretch && test -d /etc/apache2; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
{ test -L /etc/apache2/conf-enabled/z-evolinux-defaults.conf \
|
if test -d /etc/apache2; then
|
||||||
&& test -L /etc/apache2/conf-enabled/zzz-evolinux-custom.conf \
|
{ test -L /etc/apache2/conf-enabled/z-evolinux-defaults.conf \
|
||||||
&& test -f /etc/apache2/ipaddr_whitelist.conf;
|
&& test -L /etc/apache2/conf-enabled/zzz-evolinux-custom.conf \
|
||||||
} || failed "IS_APACHE2EVOLINUXCONF"
|
&& test -f /etc/apache2/ipaddr_whitelist.conf;
|
||||||
|
} || failed "IS_APACHE2EVOLINUXCONF"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_backportsconf() {
|
check_backportsconf() {
|
||||||
if is_debian_stretch; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
grep -qsE "^[^#].*backports" /etc/apt/sources.list \
|
grep -qsE "^[^#].*backports" /etc/apt/sources.list \
|
||||||
&& failed "IS_BACKPORTSCONF" "backports can't be in main sources list"
|
&& failed "IS_BACKPORTSCONF" "backports can't be in main sources list"
|
||||||
if grep -qsE "^[^#].*backports" /etc/apt/sources.list.d/*.list; then
|
if grep -qsE "^[^#].*backports" /etc/apt/sources.list.d/*.list; then
|
||||||
|
@ -749,15 +766,19 @@ check_backportsconf() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_bind9munin() {
|
check_bind9munin() {
|
||||||
if is_debian_stretch && is_installed bind9; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
{ test -L /etc/munin/plugins/bind9 \
|
if is_installed bind9; then
|
||||||
&& test -e /etc/munin/plugin-conf.d/bind9;
|
{ test -L /etc/munin/plugins/bind9 \
|
||||||
} || failed "IS_BIND9MUNIN"
|
&& test -e /etc/munin/plugin-conf.d/bind9;
|
||||||
|
} || failed "IS_BIND9MUNIN"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_bind9logrotate() {
|
check_bind9logrotate() {
|
||||||
if is_debian_stretch && is_installed bind9; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
test -e /etc/logrotate.d/bind9 || failed "IS_BIND9LOGROTATE"
|
if is_installed bind9; then
|
||||||
|
test -e /etc/logrotate.d/bind9 || failed "IS_BIND9LOGROTATE"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_broadcomfirmware() {
|
check_broadcomfirmware() {
|
||||||
|
@ -788,7 +809,7 @@ check_hardwareraidtool() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_log2mailsystemdunit() {
|
check_log2mailsystemdunit() {
|
||||||
if is_debian_stretch; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
{ systemctl -q is-active log2mail.service \
|
{ systemctl -q is-active log2mail.service \
|
||||||
&& test -f /etc/systemd/system/log2mail.service \
|
&& test -f /etc/systemd/system/log2mail.service \
|
||||||
&& ! test -f /etc/init.d/log2mail;
|
&& ! test -f /etc/init.d/log2mail;
|
||||||
|
@ -801,7 +822,7 @@ check_listupgrade() {
|
||||||
} || failed "IS_LISTUPGRADE"
|
} || failed "IS_LISTUPGRADE"
|
||||||
}
|
}
|
||||||
check_mariadbevolinuxconf() {
|
check_mariadbevolinuxconf() {
|
||||||
if is_debian_stretch; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
if is_installed mariadb-server; then
|
if is_installed mariadb-server; then
|
||||||
{ test -f /etc/mysql/mariadb.conf.d/z-evolinux-defaults.cnf \
|
{ test -f /etc/mysql/mariadb.conf.d/z-evolinux-defaults.cnf \
|
||||||
&& test -f /etc/mysql/mariadb.conf.d/zzz-evolinux-custom.cnf;
|
&& test -f /etc/mysql/mariadb.conf.d/zzz-evolinux-custom.cnf;
|
||||||
|
@ -867,65 +888,80 @@ check_elastic_backup() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_mariadbsystemdunit() {
|
check_mariadbsystemdunit() {
|
||||||
if is_debian_stretch && is_installed mariadb-server; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
{ systemctl -q is-active mariadb.service \
|
if is_installed mariadb-server; then
|
||||||
&& test -f /etc/systemd/system/mariadb.service.d/evolinux.conf;
|
if systemctl -q is-active mariadb.service; then
|
||||||
} || failed "IS_MARIADBSYSTEMDUNIT"
|
test -f /etc/systemd/system/mariadb.service.d/evolinux.conf \
|
||||||
|
|| failed "IS_MARIADBSYSTEMDUNIT"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_mysqlmunin() {
|
check_mysqlmunin() {
|
||||||
if is_debian_stretch && is_installed mariadb-server; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
for file in mysql_bytes mysql_queries mysql_slowqueries \
|
if is_installed mariadb-server; then
|
||||||
mysql_threads mysql_connections mysql_files_tables \
|
for file in mysql_bytes mysql_queries mysql_slowqueries \
|
||||||
mysql_innodb_bpool mysql_innodb_bpool_act mysql_innodb_io \
|
mysql_threads mysql_connections mysql_files_tables \
|
||||||
mysql_innodb_log mysql_innodb_rows mysql_innodb_semaphores \
|
mysql_innodb_bpool mysql_innodb_bpool_act mysql_innodb_io \
|
||||||
mysql_myisam_indexes mysql_qcache mysql_qcache_mem \
|
mysql_innodb_log mysql_innodb_rows mysql_innodb_semaphores \
|
||||||
mysql_sorts mysql_tmp_tables; do
|
mysql_myisam_indexes mysql_qcache mysql_qcache_mem \
|
||||||
|
mysql_sorts mysql_tmp_tables; do
|
||||||
if [[ ! -L /etc/munin/plugins/$file ]]; then
|
|
||||||
failed "IS_MYSQLMUNIN" "Munin plugin '$file' is missing"
|
if [[ ! -L /etc/munin/plugins/$file ]]; then
|
||||||
test "${VERBOSE}" = 1 || break
|
failed "IS_MYSQLMUNIN" "Munin plugin '$file' is missing"
|
||||||
fi
|
test "${VERBOSE}" = 1 || break
|
||||||
done
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_mysqlnrpe() {
|
check_mysqlnrpe() {
|
||||||
if is_debian_stretch && is_installed mariadb-server; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
nagios_file=~nagios/.my.cnf
|
if is_installed mariadb-server; then
|
||||||
|
nagios_file=~nagios/.my.cnf
|
||||||
if ! test -f ${nagios_file}; then
|
if ! test -f ${nagios_file}; then
|
||||||
failed "IS_MYSQLNRPE" "${nagios_file} is missing"
|
failed "IS_MYSQLNRPE" "${nagios_file} is missing"
|
||||||
elif [ "$(stat -c %U ${nagios_file})" != "nagios" ] \
|
elif [ "$(stat -c %U ${nagios_file})" != "nagios" ] \
|
||||||
|| [ "$(stat -c %a ${nagios_file})" != "600" ]; then
|
|| [ "$(stat -c %a ${nagios_file})" != "600" ]; then
|
||||||
failed "IS_MYSQLNRPE" "${nagios_file} has wrong permissions"
|
failed "IS_MYSQLNRPE" "${nagios_file} has wrong permissions"
|
||||||
else
|
else
|
||||||
grep -q -F "command[check_mysql]=/usr/lib/nagios/plugins/check_mysql" /etc/nagios/nrpe.d/evolix.cfg \
|
grep -q -F "command[check_mysql]=/usr/lib/nagios/plugins/check_mysql" /etc/nagios/nrpe.d/evolix.cfg \
|
||||||
|| failed "IS_MYSQLNRPE" "check_mysql is missing"
|
|| failed "IS_MYSQLNRPE" "check_mysql is missing"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_phpevolinuxconf() {
|
check_phpevolinuxconf() {
|
||||||
if is_debian_stretch && is_installed php; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
{ test -f /etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini \
|
is_debian_stretch && phpVersion="7.0"
|
||||||
&& test -f /etc/php/7.0/cli/conf.d/zzz-evolinux-custom.ini;
|
is_debian_buster && phpVersion="7.3"
|
||||||
} || failed "IS_PHPEVOLINUXCONF"
|
if is_installed php; then
|
||||||
|
{ test -f /etc/php/${phpVersion}/cli/conf.d/z-evolinux-defaults.ini \
|
||||||
|
&& test -f /etc/php/${phpVersion}/cli/conf.d/zzz-evolinux-custom.ini
|
||||||
|
} || failed "IS_PHPEVOLINUXCONF"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_squidlogrotate() {
|
check_squidlogrotate() {
|
||||||
if is_debian_stretch && is_installed squid; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
grep -q monthly /etc/logrotate.d/squid || failed "IS_SQUIDLOGROTATE"
|
if is_installed squid; then
|
||||||
|
grep -q monthly /etc/logrotate.d/squid \
|
||||||
|
|| failed "IS_SQUIDLOGROTATE"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_squidevolinuxconf() {
|
check_squidevolinuxconf() {
|
||||||
if is_debian_stretch && is_installed squid; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
{ grep -qs "^CONFIG=/etc/squid/evolinux-defaults.conf$" /etc/default/squid \
|
if is_installed squid; then
|
||||||
&& test -f /etc/squid/evolinux-defaults.conf \
|
{ grep -qs "^CONFIG=/etc/squid/evolinux-defaults.conf$" /etc/default/squid \
|
||||||
&& test -f /etc/squid/evolinux-whitelist-defaults.conf \
|
&& test -f /etc/squid/evolinux-defaults.conf \
|
||||||
&& test -f /etc/squid/evolinux-whitelist-custom.conf \
|
&& test -f /etc/squid/evolinux-whitelist-defaults.conf \
|
||||||
&& test -f /etc/squid/evolinux-acl.conf \
|
&& test -f /etc/squid/evolinux-whitelist-custom.conf \
|
||||||
&& test -f /etc/squid/evolinux-httpaccess.conf \
|
&& test -f /etc/squid/evolinux-acl.conf \
|
||||||
&& test -f /etc/squid/evolinux-custom.conf;
|
&& test -f /etc/squid/evolinux-httpaccess.conf \
|
||||||
} || failed "IS_SQUIDEVOLINUXCONF"
|
&& test -f /etc/squid/evolinux-custom.conf;
|
||||||
|
} || failed "IS_SQUIDEVOLINUXCONF"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_duplicate_fs_label() {
|
check_duplicate_fs_label() {
|
||||||
|
@ -989,7 +1025,7 @@ check_apache_confenabled() {
|
||||||
# Starting from Jessie and Apache 2.4, /etc/apache2/conf.d/
|
# Starting from Jessie and Apache 2.4, /etc/apache2/conf.d/
|
||||||
# must be replaced by conf-available/ and config files symlinked
|
# must be replaced by conf-available/ and config files symlinked
|
||||||
# to conf-enabled/
|
# to conf-enabled/
|
||||||
if is_debian_jessie || is_debian_stretch; then
|
if is_debian_jessie || is_debian_stretch || is_debian_buster; then
|
||||||
if [ -f /etc/apache2/apache2.conf ]; then
|
if [ -f /etc/apache2/apache2.conf ]; then
|
||||||
test -d /etc/apache2/conf.d/ && failed "IS_APACHE_CONFENABLED"
|
test -d /etc/apache2/conf.d/ && failed "IS_APACHE_CONFENABLED"
|
||||||
grep -q 'Include conf.d' /etc/apache2/apache2.conf && failed "IS_APACHE_CONFENABLED"
|
grep -q 'Include conf.d' /etc/apache2/apache2.conf && failed "IS_APACHE_CONFENABLED"
|
||||||
|
@ -999,7 +1035,7 @@ check_apache_confenabled() {
|
||||||
check_meltdown_spectre() {
|
check_meltdown_spectre() {
|
||||||
# For Stretch, detection is easy as the kernel use
|
# For Stretch, detection is easy as the kernel use
|
||||||
# /sys/devices/system/cpu/vulnerabilities/
|
# /sys/devices/system/cpu/vulnerabilities/
|
||||||
if is_debian_stretch; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
for vuln in meltdown spectre_v1 spectre_v2; do
|
for vuln in meltdown spectre_v1 spectre_v2; do
|
||||||
test -f "/sys/devices/system/cpu/vulnerabilities/$vuln" \
|
test -f "/sys/devices/system/cpu/vulnerabilities/$vuln" \
|
||||||
|| failed "IS_MELTDOWN_SPECTRE"
|
|| failed "IS_MELTDOWN_SPECTRE"
|
||||||
|
@ -1049,7 +1085,7 @@ check_usrsharescripts() {
|
||||||
test "$expected" = "$actual" || failed "IS_USRSHARESCRIPTS"
|
test "$expected" = "$actual" || failed "IS_USRSHARESCRIPTS"
|
||||||
}
|
}
|
||||||
check_sshpermitrootno() {
|
check_sshpermitrootno() {
|
||||||
if is_debian_stretch; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
if grep -q "^PermitRoot" /etc/ssh/sshd_config; then
|
if grep -q "^PermitRoot" /etc/ssh/sshd_config; then
|
||||||
grep -E -qi "PermitRoot.*no" /etc/ssh/sshd_config || failed "IS_SSHPERMITROOTNO"
|
grep -E -qi "PermitRoot.*no" /etc/ssh/sshd_config || failed "IS_SSHPERMITROOTNO"
|
||||||
fi
|
fi
|
||||||
|
@ -1058,7 +1094,7 @@ check_sshpermitrootno() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_evomaintenanceusers() {
|
check_evomaintenanceusers() {
|
||||||
if is_debian_stretch; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
users=$(getent group evolinux-sudo | cut -d':' -f4 | tr ',' ' ')
|
users=$(getent group evolinux-sudo | cut -d':' -f4 | tr ',' ' ')
|
||||||
else
|
else
|
||||||
if [ -f /etc/sudoers.d/evolinux ]; then
|
if [ -f /etc/sudoers.d/evolinux ]; then
|
||||||
|
|
Loading…
Reference in a new issue