Optimize OS/release/version detection for faster execution #70
81
evocheck.sh
81
evocheck.sh
|
@ -306,11 +306,14 @@ if is_debian; then
|
||||||
is_debian_stretch && MINIFW_FILE=/etc/default/minifirewall
|
is_debian_stretch && MINIFW_FILE=/etc/default/minifirewall
|
||||||
|
|
||||||
if [ "$IS_LSBRELEASE" = 1 ]; then
|
if [ "$IS_LSBRELEASE" = 1 ]; then
|
||||||
test -x "${LSB_RELEASE_BIN}" || failed "IS_LSBRELEASE" "lsb_release is missing or not executable"
|
if [ -x "${LSB_RELEASE_BIN}" ]; then
|
||||||
## only the major version matters
|
## only the major version matters
|
||||||
lhs=$(${LSB_RELEASE_BIN} --release --short | cut -d "." -f 1)
|
lhs=$(${LSB_RELEASE_BIN} --release --short | cut -d "." -f 1)
|
||||||
rhs=$(cut -d "." -f 1 < /etc/debian_version)
|
rhs=$(cut -d "." -f 1 < /etc/debian_version)
|
||||||
test "$lhs" = "$rhs" || failed "IS_LSBRELEASE" "release is not consistent between lsb_release and /etc/debian_version"
|
test "$lhs" = "$rhs" || failed "IS_LSBRELEASE" "release is not consistent between lsb_release and /etc/debian_version"
|
||||||
|
else
|
||||||
|
failed "IS_LSBRELEASE" "lsb_release is missing or not executable"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$IS_DPKGWARNING" = 1 ]; then
|
if [ "$IS_DPKGWARNING" = 1 ]; then
|
||||||
|
@ -470,16 +473,24 @@ if is_debian; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$IS_TMOUTPROFILE" = 1 ]; then
|
if [ "$IS_TMOUTPROFILE" = 1 ]; then
|
||||||
grep -q TMOUT= /etc/profile /etc/profile.d/evolinux.sh || failed "IS_TMOUTPROFILE"
|
grep -sq "TMOUT=" /etc/profile /etc/profile.d/evolinux.sh || failed "IS_TMOUTPROFILE" "TMOUT is not set"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$IS_ALERT5BOOT" = 1 ]; then
|
if [ "$IS_ALERT5BOOT" = 1 ]; then
|
||||||
grep -q "^date" /etc/rc2.d/S*alert5 || failed "IS_ALERT5BOOT"
|
if [ -n "$(find /etc/rc2.d/ -name 'S*alert5')" ]; then
|
||||||
|
grep -q "^date" /etc/rc2.d/S*alert5 || failed "IS_ALERT5BOOT" "boot mail is not sent by alert5 init script"
|
||||||
|
else
|
||||||
|
failed "IS_ALERT5BOOT" "alert5 init script is missing"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$IS_ALERT5MINIFW" = 1 ]; then
|
if [ "$IS_ALERT5MINIFW" = 1 ]; then
|
||||||
grep -q "^/etc/init.d/minifirewall" /etc/rc2.d/S*alert5 \
|
if [ -n "$(find /etc/rc2.d/ -name 'S*alert5')" ]; then
|
||||||
|| failed "IS_ALERT5MINIFW"
|
grep -q "^/etc/init.d/minifirewall" /etc/rc2.d/S*alert5 \
|
||||||
|
|| failed "IS_ALERT5MINIFW" "Minifirewall is not started by alert5 init script"
|
||||||
|
else
|
||||||
|
failed "IS_ALERT5MINIFW" "alert5 init script is missing"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$IS_ALERT5MINIFW" = 1 ] && [ "$IS_MINIFW" = 1 ]; then
|
if [ "$IS_ALERT5MINIFW" = 1 ] && [ "$IS_MINIFW" = 1 ]; then
|
||||||
|
@ -488,7 +499,7 @@ if is_debian; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$IS_NRPEPERMS" = 1 ]; then
|
if [ "$IS_NRPEPERMS" = 1 ]; then
|
||||||
if test -d /etc/nagios; then
|
if [ -d /etc/nagios ]; then
|
||||||
actual=$(stat --format "%A" /etc/nagios)
|
actual=$(stat --format "%A" /etc/nagios)
|
||||||
expected="drwxr-x---"
|
expected="drwxr-x---"
|
||||||
test "$expected" = "$actual" || failed "IS_NRPEPERMS"
|
test "$expected" = "$actual" || failed "IS_NRPEPERMS"
|
||||||
|
@ -496,9 +507,11 @@ if is_debian; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$IS_MINIFWPERMS" = 1 ]; then
|
if [ "$IS_MINIFWPERMS" = 1 ]; then
|
||||||
actual=$(stat --format "%A" $MINIFW_FILE)
|
if [ -f "$MINIFW_FILE" ]; then
|
||||||
expected="-rw-------"
|
actual=$(stat --format "%A" $MINIFW_FILE)
|
||||||
test "$expected" = "$actual" || failed "IS_MINIFWPERMS"
|
expected="-rw-------"
|
||||||
|
test "$expected" = "$actual" || failed "IS_MINIFWPERMS"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$IS_NRPEDISKS" = 1 ]; then
|
if [ "$IS_NRPEDISKS" = 1 ]; then
|
||||||
|
@ -808,14 +821,27 @@ if is_debian; then
|
||||||
|
|
||||||
# Check if munin-node running and RRD files are up to date.
|
# Check if munin-node running and RRD files are up to date.
|
||||||
if [ "$IS_MUNINRUNNING" = 1 ]; then
|
if [ "$IS_MUNINRUNNING" = 1 ]; then
|
||||||
pgrep munin-node >/dev/null || failed "IS_MUNINRUNNING"
|
if ! pgrep munin-node >/dev/null; then
|
||||||
|
failed "IS_MUNINRUNNING" "Munin is not running"
|
||||||
|
elif [ -d "/var/lib/munin/" ] && [ -d "/var/cache/munin/" ]; then
|
||||||
|
limit=$(date +"%s" -d "now - 10 minutes")
|
||||||
|
|
||||||
limit=$(date +"%s" -d "now - 10 minutes")
|
if [ -n "$(find /var/lib/munin/ -name '*load-g.rrd')" ]; then
|
||||||
updated_at=$(stat -c "%Y" /var/lib/munin/*/*load-g.rrd |sort |tail -1)
|
updated_at=$(stat -c "%Y" /var/lib/munin/*/*load-g.rrd |sort |tail -1)
|
||||||
[ "$limit" -gt "$updated_at" ] && failed "IS_MUNINRUNNING"
|
[ "$limit" -gt "$updated_at" ] && failed "IS_MUNINRUNNING" "Munin load RRD has not been updated in the last 10 minutes"
|
||||||
|
else
|
||||||
|
failed "IS_MUNINRUNNING" "Munin is not installed properly (load RRD not found)"
|
||||||
|
fi
|
||||||
|
|
||||||
updated_at=$(stat -c "%Y" /var/cache/munin/www/*/*/load-day.png |sort |tail -1)
|
if [ -n "$(find /var/cache/munin/www/ -name 'load-day.png')" ]; then
|
||||||
grep -q "^graph_strategy cron" /etc/munin/munin.conf && [ "$limit" -gt "$updated_at" ] && failed "IS_MUNINRUNNING"
|
updated_at=$(stat -c "%Y" /var/cache/munin/www/*/*/load-day.png |sort |tail -1)
|
||||||
|
grep -q "^graph_strategy cron" /etc/munin/munin.conf && [ "$limit" -gt "$updated_at" ] && failed "IS_MUNINRUNNING" "Munin load PNG has not been updated in the last 10 minutes"
|
||||||
|
else
|
||||||
|
failed "IS_MUNINRUNNING" "Munin is not installed properly (load PNG not found)"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
failed "IS_MUNINRUNNING" "Munin is not installed properly (main directories are missing)"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check if files in /home/backup/ are up-to-date
|
# Check if files in /home/backup/ are up-to-date
|
||||||
|
@ -1403,13 +1429,16 @@ if [ "$IS_EVOMAINTENANCECONF" = 1 ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$IS_PRIVKEYWOLRDREADABLE" = 1 ]; then
|
if [ "$IS_PRIVKEYWOLRDREADABLE" = 1 ]; then
|
||||||
for f in /etc/ssl/private/*; do
|
# a simple globbing fails if directory is empty
|
||||||
perms=$(stat -L -c "%a" "$f")
|
if [ -n "$(ls -A /etc/ssl/private/)" ]; then
|
||||||
if [ "${perms: -1}" != 0 ]; then
|
for f in /etc/ssl/private/*; do
|
||||||
failed "IS_PRIVKEYWOLRDREADABLE" "$f is world-readable"
|
perms=$(stat -L -c "%a" "$f")
|
||||||
test "${VERBOSE}" = 1 || break
|
if [ "${perms: -1}" != 0 ]; then
|
||||||
fi
|
failed "IS_PRIVKEYWOLRDREADABLE" "$f is world-readable"
|
||||||
done
|
test "${VERBOSE}" = 1 || break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
exit ${RC}
|
exit ${RC}
|
||||||
|
|
Loading…
Reference in a new issue