evolix/evocheck
evolix/evocheck
21
2
Fork 2
Code Issues 48 Pull requests 5 Releases 37 Wiki Activity

minifirewall_systemd #141

Open
whirigoyen wants to merge 2 commits from minifirewall_systemd into master
pull from: minifirewall_systemd
merge into: evolix:master
Conversation 2 Commits 2 Files changed 1 +23 -9
1 changed files with 23 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
evocheck.sh
View file

@ -343,21 +343,34 @@ check_alert5boot() {
fi fi
} }
check_alert5minifw() { check_alert5minifw() {
if is_debian_buster || is_debian_bullseye; then # If minifirewall is not started by alert5
grep -qs "^/etc/init.d/minifirewall" /usr/share/scripts/alert5.sh \ if [ ! -f /etc/systemd/system/minifirewall.service ]; then
|| failed "IS_ALERT5MINIFW" "Minifirewall is not started by alert5 script or script is missing" if is_debian_buster || is_debian_bullseye; then
else grep -qs "^/etc/init.d/minifirewall" /usr/share/scripts/alert5.sh \
if [ -n "$(find /etc/rc2.d/ -name 'S*alert5')" ]; then || failed "IS_ALERT5MINIFW" "Minifirewall is not started by alert5 script or script is missing"
grep -q "^/etc/init.d/minifirewall" /etc/rc2.d/S*alert5 \
|| failed "IS_ALERT5MINIFW" "Minifirewall is not started by alert5 init script"
else else
failed "IS_ALERT5MINIFW" "alert5 init script is missing" if [ -n "$(find /etc/rc2.d/ -name 'S*alert5')" ]; then
grep -q "^/etc/init.d/minifirewall" /etc/rc2.d/S*alert5 \
|| failed "IS_ALERT5MINIFW" "Minifirewall is not started by alert5 init script"
else
failed "IS_ALERT5MINIFW" "alert5 init script is missing"
fi
fi
fi
}
check_systemdminifw() {
if [ -f /etc/systemd/system/minifirewall.service ]; then
if ! systemctl is-enabled minifirewall 2>&1 > /dev/null; then
failed "IS_SYSTEMDMINIFW" "Minifirewall service is not enabled in systemd"
fi
if ! systemctl is-active minifirewall 2>&1 > /dev/null; then
failed "IS_SYSTEMDMINIFW" "Minifirewall service is not active in systemd"
fi fi
fi fi
} }
check_minifw() { check_minifw() {
/sbin/iptables -L -n | grep -q -E "^ACCEPT\s*all\s*--\s*31\.170\.8\.4\s*0\.0\.0\.0/0\s*$" \ /sbin/iptables -L -n | grep -q -E "^ACCEPT\s*all\s*--\s*31\.170\.8\.4\s*0\.0\.0\.0/0\s*$" \
|| failed "IS_MINIFW" "minifirewall seems not starded" || failed "IS_MINIFW" "minifirewall seems not started"
} }
check_minifw_includes() { check_minifw_includes() {
if is_debian_bullseye; then if is_debian_bullseye; then
@ -1549,6 +1562,7 @@ main() {
test "${IS_TMOUTPROFILE:=1}" = 1 && check_tmoutprofile test "${IS_TMOUTPROFILE:=1}" = 1 && check_tmoutprofile
test "${IS_ALERT5BOOT:=1}" = 1 && check_alert5boot test "${IS_ALERT5BOOT:=1}" = 1 && check_alert5boot
test "${IS_ALERT5MINIFW:=1}" = 1 && check_alert5minifw test "${IS_ALERT5MINIFW:=1}" = 1 && check_alert5minifw
test "${IS_SYSTEMDMINIFW:=1}" = 1 && check_systemdminifw
test "${IS_ALERT5MINIFW:=1}" = 1 && test "${IS_MINIFW:=1}" = 1 && check_minifw test "${IS_ALERT5MINIFW:=1}" = 1 && test "${IS_MINIFW:=1}" = 1 && check_minifw
test "${IS_NRPEPERMS:=1}" = 1 && check_nrpeperms test "${IS_NRPEPERMS:=1}" = 1 && check_nrpeperms
test "${IS_MINIFWPERMS:=1}" = 1 && check_minifwperms test "${IS_MINIFWPERMS:=1}" = 1 && check_minifwperms