evolix/evocheck
evolix/evocheck
21
2
Fork 2
Code Issues 48 Pull requests 5 Releases 37 Wiki Activity

code cleanup #75

Manually merged
benpro merged 78 commits from cleanup into fast-debian-check 2019-04-05 10:59:26 +02:00
Conversation 10 Commits 78 Files changed 1 +632 -298
jlecour commented 2019-03-21 23:36:21 +01:00
Owner
Copy link

big cleanup

  • tests organization
  • shellcheck conventions
  • variables extractions
  • quotes and indentations
big cleanup * tests organization * shellcheck conventions * variables extractions * quotes and indentations
jlecour commented 2019-03-22 09:33:19 +01:00
Author
Owner
Copy link

This pull-request is too big and nearly impossible to review 😞

I'll make a script to deploy the new script and compare the results with the current version, on a lot of servers. This will most probably show some regressions.

This pull-request is too big and nearly impossible to review :disappointed: I'll make a script to deploy the new script and compare the results with the current version, on a lot of servers. This will most probably show some regressions.
benpro commented 2019-03-22 10:05:00 +01:00
Contributor
Copy link

This pull-request is too big and nearly impossible to review

Yes indeed, and it is more than cleanup, you have rewritten some logic that could add regression.
I would suggest you to divide your work and add X merge requests.
Let's say 5 checks by 5 checks?

> This pull-request is too big and nearly impossible to review Yes indeed, and it is more than cleanup, you have rewritten some logic that could add regression. I would suggest you to divide your work and add X merge requests. Let's say 5 checks by 5 checks?
jlecour commented 2019-03-22 12:48:24 +01:00
Author
Owner
Copy link

I already have a system in place to do the regression testing. I'll run in on all our servers.

I already have a system in place to do the regression testing. I'll run in on all our servers.
benpro reviewed 2019-03-22 14:36:55 +01:00
evocheck.sh Outdated
@ -397,0 +447,4 @@
fi
else
if test -e /etc/apache2/apache2.conf; then
(grep --quiet --no-messages --extended-regexp "^env.url.*/server-status-[[:alnum:]]{4,}" /etc/munin/plugin-conf.d/munin-node \
benpro commented 2019-03-22 14:19:39 +01:00
Contributor
Copy link

The famous debate about long or short args.
grep -qsE

Everywhere in the script, it is short args. :)

The famous debate about long or short args. `grep -qsE` Everywhere in the script, it is short args. :)
evocheck.sh Outdated
@ -441,3 +506,3 @@
# Verification de l'activation de Squid dans le cas d'un pack mail
if [ "$IS_SQUID" = 1 ]; then
squidconffile=/etc/squid*/squid.conf
squidconffile="/etc/squid*/squid.conf"
benpro commented 2019-03-22 14:22:10 +01:00
Contributor
Copy link

Using quote drop the globing support!

Using quote drop the globing support!
jlecour commented 2019-03-22 19:46:38 +01:00
Author
Owner
Copy link

It seems OK to me :

# squidconffile="/etc/squid*/squid.conf"
# ls ${squidconffile}
/etc/squid/squid.conf

It fails if we quote the variable inside the grep command.

It seems OK to me : ``` # squidconffile="/etc/squid*/squid.conf" # ls ${squidconffile} /etc/squid/squid.conf ``` It fails if we quote the variable inside the `grep` command.
evocheck.sh Outdated
@ -470,2 +543,3 @@
if [ "$IS_LOG2MAILRUNNING" = 1 ]; then
is_pack_web && (is_installed log2mail && pgrep log2mail >/dev/null || echo 'IS_LOG2MAILRUNNING')
if is_pack_web && is_installed log2mail; then
pgrep log2mail >/dev/null || failed 'IS_LOG2MAILRUNNING'
benpro commented 2019-03-22 14:23:28 +01:00
Contributor
Copy link

Don't know why it was pgrep here...

Don't know why it was `pgrep` here...
evocheck.sh Outdated
@ -478,2 +553,3 @@
fi
is_pack_web && ( is_installed log2mail && grep -q "^file = /var/log/apache2/error.log" $conf 2>/dev/null || failed "IS_LOG2MAILAPACHE" )
if is_pack_web && is_installed log2mail; then
grep -q "^file = /var/log/apache2/error.log" $conf 2>/dev/null \
benpro commented 2019-03-22 14:24:01 +01:00
Contributor
Copy link

-s in place of redirecting to /dev/null.

`-s` in place of redirecting to /dev/null.
evocheck.sh Outdated
@ -575,2 +680,3 @@
if [ "$IS_SAMBAPINPRIORITY" = 1 ]; then
is_pack_samba && grep -qrE "^[^#].*backport" /etc/apt/sources.list{,.d} && ( priority=`grep -E -A2 "^Package:.*samba" /etc/apt/preferences |grep -A1 "^Pin: release a=lenny-backports" |grep "^Pin-Priority:" |cut -f2 -d" "` && test $priority -gt 500 || failed "IS_SAMBAPINPRIORITY" )
if is_pack_samba; then
grep -qrE "^[^#].*backport" /etc/apt/sources.list{,.d} && ( priority=$(grep -E -A2 "^Package:.*samba" /etc/apt/preferences |grep -A1 "^Pin: release a=lenny-backports" |grep "^Pin-Priority:" |cut -f2 -d" ") && test $priority -gt 500 || failed "IS_SAMBAPINPRIORITY" )
benpro commented 2019-03-22 14:27:30 +01:00
Contributor
Copy link

This check should be using some if; then for better readability. As you has done with other.

This check should be using some `if; then` for better readability. As you has done with other.
evocheck.sh Outdated
@ -670,1 +797,3 @@
&& grep -q '^%evolinux-sudo ALL=(ALL:ALL) ALL' /etc/sudoers.d/evolinux) || failed "IS_EVOLINUXSUDOGROUP"
(grep -q "^evolinux-sudo:" /etc/group \
&& grep -q '^%evolinux-sudo ALL=(ALL:ALL) ALL' /etc/sudoers.d/evolinux) \
|| failed "IS_EVOLINUXSUDOGROUP"
benpro commented 2019-03-22 14:30:10 +01:00
Contributor
Copy link

This check should be using some if; then for better readability. As you has done with other.

This check should be using some if; then for better readability. As you has done with other.
evocheck.sh Outdated
@ -685,2 +814,3 @@
&& test -L /etc/apache2/conf-enabled/zzz-evolinux-custom.conf \
&& test -f /etc/apache2/ipaddr_whitelist.conf) || failed "IS_APACHE2EVOLINUXCONF"
&& test -f /etc/apache2/ipaddr_whitelist.conf) \
|| failed "IS_APACHE2EVOLINUXCONF"
benpro commented 2019-03-22 14:30:44 +01:00
Contributor
Copy link

This check should be using some if; then for better readability. As you has done with other.

This check should be using some if; then for better readability. As you has done with other.
evocheck.sh Outdated
@ -701,3 +831,3 @@
if [ "$IS_BIND9MUNIN" = 1 ]; then
if is_debian_stretch && is_installed bind9; then
(test -L /etc/munin/plugins/bind9 && test -e /etc/munin/plugin-conf.d/bind9) || failed "IS_BIND9MUNIN"
(test -L /etc/munin/plugins/bind9 && test -e /etc/munin/plugin-conf.d/bind9) \
benpro commented 2019-03-22 14:31:20 +01:00
Contributor
Copy link

This check should be using some if; then for better readability. As you has done with other.

This check should be using some `if; then` for better readability. As you has done with other.
evocheck.sh Outdated
@ -713,3 +844,3 @@
if [ "$IS_BROADCOMFIRMWARE" = 1 ]; then
if lspci | grep -q 'NetXtreme II'; then
(is_installed firmware-bnx2 && grep -q "^deb http://mirror.evolix.org/debian.* non-free" /etc/apt/sources.list) || failed "IS_BROADCOMFIRMWARE"
(is_installed firmware-bnx2 && grep -q "^deb http://mirror.evolix.org/debian.* non-free" /etc/apt/sources.list) \
benpro commented 2019-03-22 14:31:32 +01:00
Contributor
Copy link

This check should be using some if; then for better readability. As you has done with other.

This check should be using some `if; then` for better readability. As you has done with other.
evocheck.sh Outdated
@ -722,0 +855,4 @@
fi
if lspci | grep -q 'Hewlett-Packard Company Smart Array'; then
is_installed cciss-vol-status \
|| failed "IS_HARDWARERAIDTOOL"
benpro commented 2019-03-22 14:31:51 +01:00
Contributor
Copy link

useless break line

useless break line
evocheck.sh Outdated
@ -724,3 +862,3 @@
if [ "$IS_LOG2MAILSYSTEMDUNIT" = 1 ]; then
if is_debian_stretch; then
(systemctl -q is-active log2mail.service && test -f /etc/systemd/system/log2mail.service && ! test -f /etc/init.d/log2mail) || failed "IS_LOG2MAILSYSTEMDUNIT"
(systemctl -q is-active log2mail.service && test -f /etc/systemd/system/log2mail.service && ! test -f /etc/init.d/log2mail) \
benpro commented 2019-03-22 14:32:01 +01:00
Contributor
Copy link

This check should be using some if; then for better readability. As you has done with other.

This check should be using some `if; then` for better readability. As you has done with other.
evocheck.sh Outdated
@ -729,3 +868,3 @@
if [ "$IS_LISTUPGRADE" = 1 ]; then
(test -f /etc/cron.d/listupgrade && test -x /usr/share/scripts/listupgrade.sh) || failed "IS_LISTUPGRADE"
(test -f /etc/cron.d/listupgrade && test -x /usr/share/scripts/listupgrade.sh) \
benpro commented 2019-03-22 14:32:11 +01:00
Contributor
Copy link

This check should be using some if; then for better readability. As you has done with other.

This check should be using some `if; then` for better readability. As you has done with other.
evocheck.sh Outdated
@ -802,3 +947,3 @@
if [ "$IS_MARIADBSYSTEMDUNIT" = 1 ]; then
if is_debian_stretch && is_installed mariadb-server; then
(systemctl -q is-active mariadb.service && test -f /etc/systemd/system/mariadb.service.d/evolinux.conf) || failed "IS_MARIADBSYSTEMDUNIT"
(systemctl -q is-active mariadb.service && test -f /etc/systemd/system/mariadb.service.d/evolinux.conf) \
benpro commented 2019-03-22 14:32:51 +01:00
Contributor
Copy link

This check should be using some if; then for better readability. As you has done with other.

This check should be using some `if; then` for better readability. As you has done with other.
evocheck.sh Outdated
@ -830,1 +974,3 @@
&& grep -q -F "command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -H localhost -f ~nagios/.my.cnf") || failed "IS_MYSQLNRPE"
&& [ "$(stat -c %U ~nagios/.my.cnf)" = "nagios" ] \
&& [ "$(stat -c %a ~nagios/.my.cnf)" = "600" ] \
&& grep -q -F "command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -H localhost -f ~nagios/.my.cnf") \
benpro commented 2019-03-22 14:33:01 +01:00
Contributor
Copy link

This check should be using some if; then for better readability. As you has done with other.

This check should be using some `if; then` for better readability. As you has done with other.
evocheck.sh Outdated
@ -835,3 +982,3 @@
if is_debian_stretch && is_installed php; then
(test -f /etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini \
&& test -f /etc/php/7.0/cli/conf.d/zzz-evolinux-custom.ini) || failed "IS_PHPEVOLINUXCONF"
&& test -f /etc/php/7.0/cli/conf.d/zzz-evolinux-custom.ini) \
benpro commented 2019-03-22 14:33:09 +01:00
Contributor
Copy link

This check should be using some if; then for better readability. As you has done with other.

This check should be using some `if; then` for better readability. As you has done with other.
jlecour commented 2019-03-22 14:38:27 +01:00
Author
Owner
Copy link

@benpro I need explanation for this portion of code, from the current master branch :

test -e /etc/apache2/apache2.conf && (
    is_debian_stretch || (
        grep -E -q "^env.url.*/server-status-[[:alnum:]]{4}" /etc/munin/plugin-conf.d/munin-node \
        && grep -E -q "/server-status-[[:alnum:]]{4}" /etc/apache2/apache2.conf \
        || grep -E -q "/server-status-[[:alnum:]]{4}" /etc/apache2/apache2.conf /etc/apache2/mods-enabled/status.conf 2>/dev/null\
        || failed "IS_APACHEMUNIN"
    )
)

I don't really understand what situation must trigger the failed call.

@benpro I need explanation for this portion of code, from the current master branch : ```bash test -e /etc/apache2/apache2.conf && ( is_debian_stretch || ( grep -E -q "^env.url.*/server-status-[[:alnum:]]{4}" /etc/munin/plugin-conf.d/munin-node \ && grep -E -q "/server-status-[[:alnum:]]{4}" /etc/apache2/apache2.conf \ || grep -E -q "/server-status-[[:alnum:]]{4}" /etc/apache2/apache2.conf /etc/apache2/mods-enabled/status.conf 2>/dev/null\ || failed "IS_APACHEMUNIN" ) ) ``` I don't really understand what situation must trigger the `failed` call.
benpro commented 2019-03-22 14:42:21 +01:00
Contributor
Copy link

I think it is:
If it is not a stretch we check that server-status with 4 digits is properly configured in /etc/munin/plugin-conf.d/munin-node and /etc/apache2/apache2.conf or /etc/apache2/mods-enabled/status.conf

I think it is: If it is not a stretch we check that server-status with 4 digits is properly configured in `/etc/munin/plugin-conf.d/munin-node` and `/etc/apache2/apache2.conf` or `/etc/apache2/mods-enabled/status.conf`
jlecour commented 2019-03-22 18:55:13 +01:00
Author
Owner
Copy link

@benpro the current tests were failing when the server-status was defined in another file in /etc/munin/plugin-conf.d/ hence the weird failures in the master branch. And we didn't see it probably because there was a logic error in the nested parenthesis.

I've fixed this in 67765a03c4 and d814936446

@benpro the current tests were failing when the server-status was defined in another file in `/etc/munin/plugin-conf.d/` hence the weird failures in the master branch. And we didn't see it probably because there was a logic error in the nested parenthesis. I've fixed this in 67765a03c4 and d814936446
jlecour commented 2019-03-23 00:26:06 +01:00
Author
Owner
Copy link

I've done a ton of small fixes.
Now even shellcheck is happy (with 5 or 6 specific style warnings disabled).

I've done a ton of small fixes. Now even shellcheck is happy (with 5 or 6 specific style warnings disabled).
jlecour commented 2019-03-23 01:15:07 +01:00
Author
Owner
Copy link

I've added an option parser, just like evomaintenance.

# evocheck.sh --help
evocheck is a script that verifies Evolix conventions on Debian/OpenBSD servers.

Usage: evocheck
  or   evocheck --cron
  or   evocheck --quiet
  or   evocheck --verbose

Options
     --cron                  disable a few checks
 -v, --verbose               increase verbosity of checks
 -q, --quiet                 nothing is printed on stdout nor stderr
 -h, --help                  print this message and exit
     --version               print version and exit
I've added an option parser, just like evomaintenance. ``` # evocheck.sh --help evocheck is a script that verifies Evolix conventions on Debian/OpenBSD servers. Usage: evocheck or evocheck --cron or evocheck --quiet or evocheck --verbose Options --cron disable a few checks -v, --verbose increase verbosity of checks -q, --quiet nothing is printed on stdout nor stderr -h, --help print this message and exit --version print version and exit ```
benpro was assigned by jlecour 2019-03-23 02:38:41 +01:00
benpro added the
enhancement
 label 2019-04-04 16:59:20 +02:00
benpro approved these changes 2019-04-04 17:52:10 +02:00
evocheck.sh Outdated
@ -373,1 +502,3 @@
test -d /etc/nagios && ls -ld /etc/nagios | grep -q drwxr-x--- || failed "IS_NRPEPERMS"
if [ -d /etc/nagios ]; then
actual=$(stat --format "%A" /etc/nagios)
expected="drwxr-x---"
benpro commented 2019-04-04 17:15:57 +02:00
Contributor
Copy link

Check with numbers.

Check with numbers.
evocheck.sh Outdated
@ -397,0 +543,4 @@
&& test -h /etc/munin/plugins/apache_accesses \
&& test -h /etc/munin/plugins/apache_processes \
&& test -h /etc/munin/plugins/apache_volume; } \
|| failed "IS_APACHEMUNIN" "mising munin plugins for Apache"
benpro commented 2019-04-04 17:17:33 +02:00
Contributor
Copy link

missing

missing
evocheck.sh Outdated
@ -493,2 +678,2 @@
if [ "$(md5sum /usr/sbin/named |cut -f 1 -d ' ')" != "$(md5sum /var/chroot-bind/usr/sbin/named |cut -f 1 -d ' ')" ]; then
failed "IS_BINDCHROOT"
if is_installed bind9; then
if netstat -utpln | grep "/named" | grep :53 | grep -qvE "(127.0.0.1|::1)"; then
benpro commented 2019-04-04 17:22:38 +02:00
Contributor
Copy link

ss inplace of netstat

ss inplace of netstat
benpro commented 2019-04-04 17:23:35 +02:00
Contributor
Copy link

using lsof -i :53 in place of netstat….

using `lsof -i :53` in place of `netstat…`.
evocheck.sh Outdated
@ -577,0 +793,4 @@
priority=$(grep -E -A2 "^Package:.*samba" /etc/apt/preferences | grep -A1 "^Pin: release a=.*-backports" | grep "^Pin-Priority:" | cut -f2 -d" ")
test "$priority" -gt 500 || failed "IS_SAMBAPINPRIORITY"
fi
fi
benpro commented 2019-04-04 17:28:33 +02:00
Contributor
Copy link

Limited to Lenny.

Limited to Lenny.
evocheck.sh Outdated
@ -677,1 +947,3 @@
groups $user |grep -q adm || failed "IS_USERINADMGROUP"
users=$(grep "^evolinux-sudo:" /etc/group | awk -F: '{print $4}' | tr ',' ' ')
for user in $users; do
groups "$user" | grep -q adm || failed "IS_USERINADMGROUP" "User $user doesn't belong to \`adm' group"
benpro commented 2019-04-04 17:36:31 +02:00
Contributor
Copy link

Maybe add a break.

Maybe add a break.
evocheck.sh Outdated
@ -1061,2 +1380,3 @@
if [ "$IS_TMP_1777" = 1 ]; then
ls -ld /tmp | grep -q drwxrwxrwt || failed "IS_TMP_1777"
actual=$(stat --format "%A" /tmp)
expected="drwxrwxrwt"
benpro commented 2019-04-04 17:46:47 +02:00
Contributor
Copy link

Numbers.

Numbers.
evocheck.sh Outdated
@ -1065,2 +1386,3 @@
if [ "$IS_ROOT_0700" = 1 ]; then
ls -ld /root | grep -q drwx------ || failed "IS_ROOT_0700"
actual=$(stat --format "%A" /root)
expected="drwx------"
benpro commented 2019-04-04 17:47:00 +02:00
Contributor
Copy link

Numbers

Numbers
evocheck.sh Outdated
@ -1069,2 +1392,3 @@
if [ "$IS_USRSHARESCRIPTS" = 1 ]; then
ls -ld /usr/share/scripts | grep -q drwx------ || failed "IS_USRSHARESCRIPTS"
actual=$(stat --format "%A" /usr/share/scripts)
expected="drwx------"
benpro commented 2019-04-04 17:47:10 +02:00
Contributor
Copy link

Numbers

Numbers
jlecour commented 2019-04-04 18:35:04 +02:00
Author
Owner
Copy link

@benpro I've commmited the changes I was comfortable doing (ie. all of them but the "netstat/ss" replacement and "lsof").

As far as I cal tell, it's good to merge.

@benpro I've commmited the changes I was comfortable doing (ie. all of them but the "netstat/ss" replacement and "lsof"). As far as I cal tell, it's good to merge.
jlecour changed title from WIP: code cleanup to code cleanup 2019-04-04 18:35:11 +02:00
jlecour commented 2019-04-04 18:38:21 +02:00
Author
Owner
Copy link

there are conflicts, but I guess it's going to be mergeable when #70 is merged, or i'll deal with the remaining conflicts

there are conflicts, but I guess it's going to be mergeable when #70 is merged, or i'll deal with the remaining conflicts
benpro closed this pull request 2019-04-05 10:59:26 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something is not working

  
bullseye

   
discussion

This need to be discussed

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
suggestion

Suggest to add/change something

  
wontfix

This won't be fixed

No labels
bug
bullseye
discussion
duplicate
enhancement
help wanted
invalid
question
suggestion
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
benpro
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: evolix/evocheck#75
No description provided.
Delete branch "cleanup"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?