Optimize OS/release/version detection for faster execution #70
56
evocheck.sh
56
evocheck.sh
|
@ -132,7 +132,7 @@ OPENBSD_RELEASE=""
|
||||||
|
|
||||||
if [ -e /etc/debian_version ]; then
|
if [ -e /etc/debian_version ]; then
|
||||||
|
|||||||
DEBIAN_VERSION=$(cut -d "." -f 1 < /etc/debian_version)
|
DEBIAN_VERSION=$(cut -d "." -f 1 < /etc/debian_version)
|
||||||
if [ -x ${LSB_RELEASE_BIN} ]; then
|
if [ -x "${LSB_RELEASE_BIN}" ]; then
|
||||||
DEBIAN_RELEASE=$(${LSB_RELEASE_BIN} --codename --short)
|
DEBIAN_RELEASE=$(${LSB_RELEASE_BIN} --codename --short)
|
||||||
else
|
else
|
||||||
case ${DEBIAN_VERSION} in
|
case ${DEBIAN_VERSION} in
|
||||||
|
@ -163,7 +163,7 @@ fi
|
||||||
failed() {
|
failed() {
|
||||||
check_name=$1
|
check_name=$1
|
||||||
shift
|
shift
|
||||||
check_comments=$@
|
check_comments=$*
|
||||||
|
|
||||||
if [ -n "${check_comments}" ] && [ "${VERBOSE}" = 1 ]; then
|
if [ -n "${check_comments}" ] && [ "${VERBOSE}" = 1 ]; then
|
||||||
printf "%s FAILED! %s\n" "${check_name}" "${check_comments}" 2>&1
|
printf "%s FAILED! %s\n" "${check_name}" "${check_comments}" 2>&1
|
||||||
|
@ -182,8 +182,8 @@ is_pack_samba(){
|
||||||
}
|
}
|
||||||
|
|
||||||
is_installed(){
|
is_installed(){
|
||||||
for pkg in $*; do
|
for pkg in "$@"; do
|
||||||
dpkg -l $pkg 2>/dev/null | grep -q -E '^(i|h)i' || return 1
|
dpkg -l "$pkg" 2> /dev/null | grep -q -E '^(i|h)i' || return 1
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
benpro
commented
printf is very useful when you want to replace many strings, but for one?
is largely sufficient. printf is very useful when you want to replace many strings, but for one?
```
echo "${DEBIAN_RELEASE}"
```
is largely sufficient.
jlecour
commented
there is the question of the newline at the end, and I can't remember is it's a POSIX option. there is the question of the newline at the end, and I can't remember is it's a POSIX option.
benpro
commented
You mean You mean `echo -n`?
BTW this function is not used? I don't see any call.
|
|||||||
|
@ -227,7 +227,7 @@ is_debian_stretch && MINIFW_FILE=/etc/default/minifirewall
|
||||||
|
|
||||||
if is_debian; then
|
if is_debian; then
|
||||||
|
|
||||||
if [ "$IS_LSBRELEASE" = "1" ]; then
|
if [ "$IS_LSBRELEASE" = 1 ]; then
|
||||||
test -x "${LSB_RELEASE_BIN}" || failed "IS_LSBRELEASE" "lsb_release is missing or not executable"
|
test -x "${LSB_RELEASE_BIN}" || failed "IS_LSBRELEASE" "lsb_release is missing or not executable"
|
||||||
## only the major version matters
|
## only the major version matters
|
||||||
lhs=$(${LSB_RELEASE_BIN} --release --short | cut -d "." -f 1)
|
lhs=$(${LSB_RELEASE_BIN} --release --short | cut -d "." -f 1)
|
||||||
|
@ -239,7 +239,7 @@ if is_debian; then
|
||||||
if is_debian_squeeze; then
|
if is_debian_squeeze; then
|
||||||
if [ "$IS_USRRO" = 1 ] || [ "$IS_TMPNOEXEC" = 1 ]; then
|
if [ "$IS_USRRO" = 1 ] || [ "$IS_TMPNOEXEC" = 1 ]; then
|
||||||
count=$(grep -c -E -i "(Pre-Invoke ..echo Are you sure to have rw on|Post-Invoke ..echo Dont forget to mount -o remount)" /etc/apt/apt.conf)
|
count=$(grep -c -E -i "(Pre-Invoke ..echo Are you sure to have rw on|Post-Invoke ..echo Dont forget to mount -o remount)" /etc/apt/apt.conf)
|
||||||
[ "$count" = "2" ] || failed "IS_DPKGWARNING" "Pre/Post-Invoke are missing."
|
test "$count" = 2 || failed "IS_DPKGWARNING" "Pre/Post-Invoke are missing."
|
||||||
fi
|
fi
|
||||||
elif is_debian_wheezy; then
|
elif is_debian_wheezy; then
|
||||||
if [ "$IS_USRRO" = 1 ] || [ "$IS_TMPNOEXEC" = 1 ]; then
|
if [ "$IS_USRRO" = 1 ] || [ "$IS_TMPNOEXEC" = 1 ]; then
|
||||||
|
@ -367,7 +367,7 @@ if is_debian; then
|
||||||
else
|
else
|
||||||
if [ -e "/etc/apt/listchanges.conf" ]; then
|
if [ -e "/etc/apt/listchanges.conf" ]; then
|
||||||
lines=$(grep -cE "(which=both|confirm=1)" /etc/apt/listchanges.conf)
|
lines=$(grep -cE "(which=both|confirm=1)" /etc/apt/listchanges.conf)
|
||||||
if [ $lines != 2 ]; then
|
if [ "$lines" != 2 ]; then
|
||||||
failed "IS_LISTCHANGESCONF" "apt-listchanges config is incorrect"
|
failed "IS_LISTCHANGESCONF" "apt-listchanges config is incorrect"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
@ -378,7 +378,7 @@ if is_debian; then
|
||||||
|
|
||||||
if [ "$IS_CUSTOMCRONTAB" = 1 ]; then
|
if [ "$IS_CUSTOMCRONTAB" = 1 ]; then
|
||||||
found_lines=$(grep -c -E "^(17 \*|25 6|47 6|52 6)" /etc/crontab)
|
found_lines=$(grep -c -E "^(17 \*|25 6|47 6|52 6)" /etc/crontab)
|
||||||
test "$found_lines" = "4" && failed "IS_CUSTOMCRONTAB"
|
test "$found_lines" = 4 && failed "IS_CUSTOMCRONTAB"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$IS_SSHALLOWUSERS" = 1 ]; then
|
if [ "$IS_SSHALLOWUSERS" = 1 ]; then
|
||||||
|
@ -630,14 +630,14 @@ if is_debian; then
|
||||||
# Network conf verification
|
# Network conf verification
|
||||||
if [ "$IS_INTERFACESGW" = 1 ]; then
|
if [ "$IS_INTERFACESGW" = 1 ]; then
|
||||||
number=$(grep -Ec "^[^#]*gateway [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" /etc/network/interfaces)
|
number=$(grep -Ec "^[^#]*gateway [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" /etc/network/interfaces)
|
||||||
test $number -gt 1 && failed "IS_INTERFACESGW"
|
test "$number" -gt 1 && failed "IS_INTERFACESGW" "there is more than 1 IPv4 gateway"
|
||||||
number=$(grep -Ec "^[^#]*gateway [0-9a-fA-F]+:" /etc/network/interfaces)
|
number=$(grep -Ec "^[^#]*gateway [0-9a-fA-F]+:" /etc/network/interfaces)
|
||||||
test $number -gt 1 && failed "IS_INTERFACESGW"
|
test "$number" -gt 1 && failed "IS_INTERFACESGW" "there is more than 1 IPv6 gateway"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Verification de la mise en place d'evobackup
|
# Verification de la mise en place d'evobackup
|
||||||
if [ "$IS_EVOBACKUP" = 1 ]; then
|
if [ "$IS_EVOBACKUP" = 1 ]; then
|
||||||
ls /etc/cron* |grep -q "evobackup" || failed "IS_EVOBACKUP"
|
find /etc/cron* -name '*evobackup*' > /dev/null || failed "IS_EVOBACKUP"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Verification de la presence du userlogrotate
|
# Verification de la presence du userlogrotate
|
||||||
|
@ -682,7 +682,7 @@ if is_debian; then
|
||||||
muninconf="/etc/apache2/conf-available/munin.conf"
|
muninconf="/etc/apache2/conf-available/munin.conf"
|
||||||
fi
|
fi
|
||||||
if is_installed apache2.2-common; then
|
if is_installed apache2.2-common; then
|
||||||
test -e $muninconf && grep -vEq "^( |\t)*#" $muninconf && failed "IS_MUNINAPACHECONF"
|
test -e $muninconf && grep -vEq "^( |\t)*#" "$muninconf" && failed "IS_MUNINAPACHECONF"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -691,7 +691,7 @@ if is_debian; then
|
||||||
if is_pack_samba; then
|
if is_pack_samba; then
|
||||||
if grep -qrE "^[^#].*backport" /etc/apt/sources.list{,.d}; then
|
if grep -qrE "^[^#].*backport" /etc/apt/sources.list{,.d}; then
|
||||||
priority=$(grep -E -A2 "^Package:.*samba" /etc/apt/preferences | grep -A1 "^Pin: release a=.*-backports" | grep "^Pin-Priority:" | cut -f2 -d" ")
|
priority=$(grep -E -A2 "^Package:.*samba" /etc/apt/preferences | grep -A1 "^Pin: release a=.*-backports" | grep "^Pin-Priority:" | cut -f2 -d" ")
|
||||||
test $priority -gt 500 || failed "IS_SAMBAPINPRIORITY"
|
test "$priority" -gt 500 || failed "IS_SAMBAPINPRIORITY"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
@ -701,7 +701,7 @@ if is_debian; then
|
||||||
if is_installed linux-image*; then
|
if is_installed linux-image*; then
|
||||||
kernel_installed_at=$(date -d "$(ls --full-time -lcrt /boot | tail -n1 | tr -s " " | cut -d " " -f 6)" +%s)
|
kernel_installed_at=$(date -d "$(ls --full-time -lcrt /boot | tail -n1 | tr -s " " | cut -d " " -f 6)" +%s)
|
||||||
last_reboot_at=$(($(date +%s) - $(cut -f1 -d '.' /proc/uptime)))
|
last_reboot_at=$(($(date +%s) - $(cut -f1 -d '.' /proc/uptime)))
|
||||||
if [ $kernel_installed_at -gt $last_reboot_at ]; then
|
if [ "$kernel_installed_at" -gt "$last_reboot_at" ]; then
|
||||||
failed "IS_KERNELUPTODATE"
|
failed "IS_KERNELUPTODATE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
@ -712,7 +712,7 @@ if is_debian; then
|
||||||
if is_installed linux-image*; then
|
if is_installed linux-image*; then
|
||||||
limit=$(date -d "now - 2 year" +%s)
|
limit=$(date -d "now - 2 year" +%s)
|
||||||
last_reboot_at=$(($(date +%s) - $(cut -f1 -d '.' /proc/uptime)))
|
last_reboot_at=$(($(date +%s) - $(cut -f1 -d '.' /proc/uptime)))
|
||||||
if [ $limit -gt $last_reboot_at ]; then
|
if [ "$limit" -gt "$last_reboot_at" ]; then
|
||||||
failed "IS_UPTIME"
|
failed "IS_UPTIME"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
@ -724,10 +724,10 @@ if is_debian; then
|
||||||
|
|
||||||
limit=$(date +"%s" -d "now - 10 minutes")
|
limit=$(date +"%s" -d "now - 10 minutes")
|
||||||
updated_at=$(stat -c "%Y" /var/lib/munin/*/*load-g.rrd |sort |tail -1)
|
updated_at=$(stat -c "%Y" /var/lib/munin/*/*load-g.rrd |sort |tail -1)
|
||||||
[ $limit -gt $updated_at ] && failed "IS_MUNINRUNNING"
|
[ "$limit" -gt "$updated_at" ] && failed "IS_MUNINRUNNING"
|
||||||
|
|
||||||
updated_at=$(stat -c "%Y" /var/cache/munin/www/*/*/load-day.png |sort |tail -1)
|
updated_at=$(stat -c "%Y" /var/cache/munin/www/*/*/load-day.png |sort |tail -1)
|
||||||
grep -q "^graph_strategy cron" /etc/munin/munin.conf && [ $limit -gt $updated_at ] && failed "IS_MUNINRUNNING"
|
grep -q "^graph_strategy cron" /etc/munin/munin.conf && [ "$limit" -gt "$updated_at" ] && failed "IS_MUNINRUNNING"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check if files in /home/backup/ are up-to-date
|
# Check if files in /home/backup/ are up-to-date
|
||||||
|
@ -735,8 +735,8 @@ if is_debian; then
|
||||||
if [ -d /home/backup/ ]; then
|
if [ -d /home/backup/ ]; then
|
||||||
for file in /home/backup/*; do
|
for file in /home/backup/*; do
|
||||||
limit=$(date +"%s" -d "now - 2 day")
|
limit=$(date +"%s" -d "now - 2 day")
|
||||||
updated_at=$(stat -c "%Y" $file)
|
updated_at=$(stat -c "%Y" "$file")
|
||||||
if [ -f "$file" ] && [ $limit -gt $updated_at ]; then
|
if [ -f "$file" ] && [ "$limit" -gt "$updated_at" ]; then
|
||||||
failed "IS_BACKUPUPTODATE" "$file has not been backed up"
|
failed "IS_BACKUPUPTODATE" "$file has not been backed up"
|
||||||
break;
|
break;
|
||||||
fi
|
fi
|
||||||
|
@ -784,10 +784,10 @@ if is_debian; then
|
||||||
install_date=$(stat -c %Z /var/log/installer)
|
install_date=$(stat -c %Z /var/log/installer)
|
||||||
fi
|
fi
|
||||||
# Check install_date if the system never received an upgrade
|
# Check install_date if the system never received an upgrade
|
||||||
if [ $last_upgrade -eq 0 ]; then
|
if [ "$last_upgrade" -eq 0 ]; then
|
||||||
[ $install_date -lt $limit ] && failed "IS_NOTUPGRADED" "The system has never been updated"
|
[ "$install_date" -lt "$limit" ] && failed "IS_NOTUPGRADED" "The system has never been updated"
|
||||||
else
|
else
|
||||||
[ $last_upgrade -lt $limit ] && failed "IS_NOTUPGRADED" "The system hasn't been updated for too long"
|
[ "$last_upgrade" -lt "$limit" ] && failed "IS_NOTUPGRADED" "The system hasn't been updated for too long"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -797,13 +797,13 @@ if is_debian; then
|
||||||
for part in $parts; do
|
for part in $parts; do
|
||||||
blockCount=$(dumpe2fs -h "$part" 2>/dev/null | grep -e "Block count:" | grep -Eo "[0-9]+")
|
blockCount=$(dumpe2fs -h "$part" 2>/dev/null | grep -e "Block count:" | grep -Eo "[0-9]+")
|
||||||
# If buggy partition, skip it.
|
# If buggy partition, skip it.
|
||||||
if [ -z $blockCount ]; then
|
if [ -z "$blockCount" ]; then
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
reservedBlockCount=$(dumpe2fs -h "$part" 2>/dev/null | grep -e "Reserved block count:" | grep -Eo "[0-9]+")
|
reservedBlockCount=$(dumpe2fs -h "$part" 2>/dev/null | grep -e "Reserved block count:" | grep -Eo "[0-9]+")
|
||||||
# Use bc to have a rounded percentage
|
# Use bc to have a rounded percentage
|
||||||
percentage=$(echo "scale=0; ${reservedBlockCount} * 100 / ${blockCount}" | bc)
|
percentage=$(echo "scale=0; ${reservedBlockCount} * 100 / ${blockCount}" | bc)
|
||||||
if [ "$percentage" -lt "5" ]; then
|
if [ "$percentage" -lt 5 ]; then
|
||||||
failed "IS_TUNE2FS_M5" "Partition ${part} has less than 5% reserved blocks!"
|
failed "IS_TUNE2FS_M5" "Partition ${part} has less than 5% reserved blocks!"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
@ -822,7 +822,7 @@ if is_debian; then
|
||||||
if is_debian_stretch; then
|
if is_debian_stretch; then
|
||||||
users=$(grep "^evolinux-sudo:" /etc/group | awk -F: '{print $4}' | tr ',' ' ')
|
users=$(grep "^evolinux-sudo:" /etc/group | awk -F: '{print $4}' | tr ',' ' ')
|
||||||
for user in $users; do
|
for user in $users; do
|
||||||
groups $user | grep -q adm || failed "IS_USERINADMGROUP" "User $user doesn't belong to \`adm' group"
|
groups "$user" | grep -q adm || failed "IS_USERINADMGROUP" "User $user doesn't belong to \`adm' group"
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
@ -1046,7 +1046,7 @@ if is_debian; then
|
||||||
labels=$(echo -n $tmpOutput | tr '\n' ' ')
|
labels=$(echo -n $tmpOutput | tr '\n' ' ')
|
||||||
failed "IS_DUPLICATE_FS_LABEL" "Duplicate labels: $labels"
|
failed "IS_DUPLICATE_FS_LABEL" "Duplicate labels: $labels"
|
||||||
fi
|
fi
|
||||||
rm $tmpFile
|
rm "$tmpFile"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -1068,7 +1068,7 @@ if is_debian; then
|
||||||
if [ -x "$EVOACME_BIN" ]; then
|
if [ -x "$EVOACME_BIN" ]; then
|
||||||
# Sometimes evoacme is installed but no certificates has been generated
|
# Sometimes evoacme is installed but no certificates has been generated
|
||||||
numberOfLinks=$(find /etc/letsencrypt/ -type l | wc -l)
|
numberOfLinks=$(find /etc/letsencrypt/ -type l | wc -l)
|
||||||
if [ "$numberOfLinks" -gt "0" ]; then
|
if [ "$numberOfLinks" -gt 0 ]; then
|
||||||
for live in /etc/letsencrypt/*/live; do
|
for live in /etc/letsencrypt/*/live; do
|
||||||
actualLink=$(readlink -f "$live")
|
actualLink=$(readlink -f "$live")
|
||||||
actualVersion=$(basename "$actualLink")
|
actualVersion=$(basename "$actualLink")
|
||||||
|
@ -1309,7 +1309,7 @@ fi
|
||||||
if [ "$IS_PRIVKEYWOLRDREADABLE" = 1 ]; then
|
if [ "$IS_PRIVKEYWOLRDREADABLE" = 1 ]; then
|
||||||
for f in /etc/ssl/private/*; do
|
for f in /etc/ssl/private/*; do
|
||||||
perms=$(stat -L -c "%a" "$f")
|
perms=$(stat -L -c "%a" "$f")
|
||||||
if [ "${perms: -1}" != "0" ]; then
|
if [ "${perms: -1}" != 0 ]; then
|
||||||
failed "IS_PRIVKEYWOLRDREADABLE" "$f is world-readable"
|
failed "IS_PRIVKEYWOLRDREADABLE" "$f is world-readable"
|
||||||
## let's print an error for each key
|
## let's print an error for each key
|
||||||
# break
|
# break
|
||||||
|
|
Loading…
Reference in a new issue
Useless cat+pipe.