evolix/evocheck
evolix/evocheck
21
2
Fork 2
Code Issues 48 Pull requests 5 Releases 37 Wiki Activity
evocheck/linux/CHANGELOG

397 lines
7.7 KiB
Plaintext
Raw Blame History

The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project **does not adhere to [Semantic Versioning](http://semver.org/spec/v2.0.0.html)**.
## [Unreleased]
### Added
New checks :
* IS_LOCALHOST_IN_POSTFIX_MYDESTINATION
* IS_SSH_FAIL2BAN_JAIL_RENAMED
* IS_NO_LXC_CONTAINER
* IS_LXC_PHP_FPM_SERVICE_UMASK_SET
* use bash array for tmp files to cleanup
### Changed
### Deprecated
### Removed
### Fixed
* IS_EVOBACKUP_INCS: fix quote.
* IS_PURGE_FAIL2BAN: fix function never called in main().
### Security
## [22.11] 2022-11-27
### Added
* New script for Debian 7 and earlier
* New script for Debian 8
* IS_PHPMYADMINAPACHECONF: check that package configuration has not been pulled in
### Changed
* IS_DEBIANSECURITY: check Debian Security repository from apt-cache policy output
### Removed
* Main script is not compatible with Debian 8 and earlier anymore
## [22.09] 2022-09-14
### Fixed
* restore deleted MINIFW_FILE variable
## [22.08.1] 2022-08-29
### Changed
* IS_AUTOIF: check only statically defined interfaces
## [22.08] 2022-08-29
### Added
* IS_AUTOIF: add support for /etc/network/interfaces.d
### Removed
* remove all BSD specific code
## [22.07.1] 2022-07-28
### Changed
* IS_SSHPERMITROOTNO: do not display sshd errors
## [22.07] 2022-07-28
### Added
* IS_FAIL2BAN_PURGE: workaround to purge fail2ban database on stretch and buster
### Changed
* IS_NETWORKING_SERVICE: not in cron mode
### Fixed:
* IS_BACKUPUPTODATE: correct order for find(1) arguments
## [22.06.2] 2022-06-09
### Changed
* IS_BACKUPUPTODATE: add --max-depth=1 to limit the number of evaluated files
## [22.06.1] 2022-06-06
### Changed
* IS_BACKUPUPTODATE: look for all files (with find) instead of simple "file globbing" on first level.
* IS_DEBIANSECURITY: support source list options
* IS_SSHPERMITROOTNO: analyze real configuration, instead of parsing the file
## [22.06] 2022-06-03
### Added
* IS_AUTOIF: Ignore WireGuard interfaces
* IS_NETWORKING_SERVICE: check if networking service is enabled
### Changed
* IS_DEBIANSECURITY: Fix Debian security repo for Bullseye, cf https://www.debian.org/releases/stable/errata
## [22.05] 2022-05-12
### Changed
* IS_EVOBACKUP_EXCLUDE_MOUNT: exclude scripts without Rsync command
## [22.04.1] 2022-04-25
### Changed
* fix various shellcheck violations
### Fixed
* IS_EVOBACKUP_EXCLUDE_MOUNT: fix one-file-system restriction
## [22.04] 2022-04-25
### Changed
* IS_EVOBACKUP_EXCLUDE_MOUNT : skip if --one-file-system is used
### Fixed
* check_versions: "IS_CHECK_VERSIONS" was checked but "IS_VERSIONS_CHECK" was echoed, now "IS_CHECK_VERSIONS" everywhere
### Security
* check_debiansecurity: Consider both https://deb\.debian\.org/debian-security/ and https://security\.debian\.org/debian-security/ as valid since both are documented as such.
## [22.03.1] 2022-03-22
### Changed
* check_autoif : Ignore lxcbr interfaces, new since bullseye
## [22.03] 2022-03-15
### Added
* check_mysqlmunin : Complain if munin plugin mysql_commands returns an error
* check_versions : track minifirewall version
## [21.10.4] 2021-10-25
### Changed
* IS_CHECK_VERSIONS disabled in cron mode
## [21.10.3] 2021-10-22
### Added
* Check for newer versions
* don't use "add-vm --version" yet
## [21.10.2] 2021-10-22
### Changed
* Let's try the --version flag before falling back to grep for the constant
## [21.10.1] 2021-10-01
### Added
* IS_SSHALLOWUSERS: also scan /etc/ssh/sshd_config.d
* IS_CHECK_VERSIONS: check installed versions of Evolix programs
## [21.10] 2021-10-01
### Fixed
* IS_DEBIANSECURITY: optional trailing slash
## [21.09] 2021-09-30
### Added
* Check for bullseye security repository
* Checks for new minifirewall configuration
* Improve MySQL utils configuration checks
## [21.07] 2021-07-07
### Added
* Preliminary Debian 11 « Bullseye » support
### Fixed
* IS_HARDWARERAIDTOOL: match more RAID PCI cards
### Security
## [20.12] 2021-01-18
### Fixed
* IS_EVOLIX_USER: Match on if account name begin by evolix, don't match account name testevolix for example
## [20.12] 2020-04-28
### Added
* support multiple values for SQL_BACKUP_PATH and POSTGRES_BACKUP_PATH
### Changed
* IS_EVOBACKUP_EXCLUDE_MOUNT: exclude disabled backup scripts
* IS_DUPLICATE_FS_LABEL: disable blkid cache
* IS_POSTGRES_BACKUP: look for compressed backup too
* IS_VARTMPFS: use findmnt if available
### Removed
* Remove unused PROGDIR variable
## [20.04.4] 2020-04-28
### Added
* IS_NGINX_LETSENCRYPT_UPTODATE: verify that the letsencrypt snippet is compatible with the current version of Nginx
## [20.04.3] 2020-04-24
### Fixed
* IS_EVOBACKUP_INCS: also look for the new command
## [20.04.2] 2020-04-15
### Added
* IS_CHROOTED_BINARY_NOT_UPTODATE: verify that chrooted processes run up-to-date binaries
## [20.04.1] 2020-04-12
### Added
* IS_EVOBACKUP_EXCLUDE_MOUNT : verify that mount points are excluded in evobackup scripts
## [20.02.1] - 2020-02-27
### Changed
* IS_EVOLINUXSUDOGROUP : improve sudoer directive detection
## [19.11.2] - 2019-11-07
### Changed
* IS_EVOMAINTENANCE_FW : warn only if HOOK_DB is enabled
* IS_BACKUPUPTODATE : check backup dates in the correct directory
## [19.11.1] - 2019-11-06
### Fixed
* IS_TMPUSRRO : improve grep for options detection
* IS_TMPNOEXEC : fix grep for options detection
## [19.11] - 2019-11-05
### Changed
* IS_TUNE2FS_M5 displays the name of the partition
* IS_MARIADBEVOLINUXCONF is disabled by default in cron mode
* IS_PHPEVOLINUXCONF is disabled by default in cron mode
* IS_OLD_HOME_DIR is disabled by default in cron mode
* IS_TMPNOEXEC : better "noexec" detection for /tmp
### Fixed
* squid: better http port detection
## [19.08] - 2019-08-30
### Changed
* better error messages for missing commands
## [19.06] - 2019-06-21
### Added
* new check: IS_OSPROBER
### Changed
* IS_DISKPERF is disabled by default
* verbose mode added for IS_APACHESYMLINK
### Fixed
* fix 5 apache checks (wrong package name was used)
* fix IS_MYSQLNRPE (wrong test on a tilde expansion variable)
## [19.04] - 2019-04-25
### Added
* IS_EVOBACKUP_INCS
### Changed
* change versioning scheme : year.month.patch
* extracts tests into functions
* add verbose and quiet modes
* add usage output on error
* add braces and quotes
## [0.13] - 2018-04-10
### Added
* New checks:
IS_EVOLIX_USER
### Changed
* Fixing IS_DUPLICATE_FS_LEVEL check
* Custom limit for IS_NOTUPGRADED
* IS_SSHALLOWUSERS now check also for AllowGroups
## [0.12] - 2018-03-19
### Added
* New checks:
IS_DUPLICATE_FS_LEVEL
### Changed
* Enabling IS_EVOBACKUP by default
* Better output for IS_MYSQLMUNIN
## [0.11] - 2018-02-07
### Added
* Bunch of new checks:
IS_PRIVKEYWOLRDREADABLE
IS_EVOLINUXSUDOGROUP
IS_USERINADMGROUP
IS_APACHE2EVOLINUXCONF
IS_BACKPORTSCONF
IS_BIND9MUNIN
IS_BIND9LOGROTATE
IS_BROADCOMFIRMWARE
IS_HARDWARERAIDTOOL
IS_LOG2MAILSYSTEMDUNIT
IS_LISTUPGRADE
IS_MARIADBEVOLINUXCONF
IS_MARIADBSYSTEMDUNIT
IS_MYSQLMUNIN
IS_PHPEVOLINUXCONF
IS_SQUIDLOGROTATE
IS_SQUIDEVOLINUXCONF
IS_SQL_BACKUP
IS_POSTGRES_BACKUP
IS_LDAP_BACKUP
IS_REDIS_BACKUP
IS_ELASTIC_BACKUP
IS_MONGO_BACKUP
IS_MOUNT_FSTAB
IS_NETWORK_INTERFACES
### Changed
* IS_UPTIME added in --cron mode
* is_pack_web() for Stretch
* IS_DPKGWARNING for Stretch
* IS_MOUNT_FSTAB is disabled if lsblk not available
* IS_MINIFWPERMS for Stretch
* IS_SQUID for Stretch
* IS_LOG2MAILAPACHE for Stretch
* IS_AUTOIF for Stretch
* IS_UPTIME warn if uptime is more than 2y, was 1y
* IS_NOTUPGRADED warn if last upgrade is older than 90d, was 30d
* IS_TUNE2FS_M5 use python in place of bc for calculation
* IS_EVOMAINTENANCEUSERS for Stretch
* IS_EVOMAINTENANCECONF check also the mode of the file (600)
Reference in a new issue View git blame Copy permalink