forked from evolix/ansible-roles
evocheck: update evocheck.sh for source install
This commit is contained in:
parent
921c92fd5b
commit
719e9b35b2
|
@ -21,6 +21,7 @@ The **patch** part changes incrementally at each release.
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
* redis: distinction between main and master password
|
* redis: distinction between main and master password
|
||||||
|
* evocheck: update evocheck.sh for source install
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
* metricbeat: fix username/password replacement
|
* metricbeat: fix username/password replacement
|
||||||
|
|
|
@ -4,8 +4,8 @@
|
||||||
# Script to verify compliance of a Debian/OpenBSD server
|
# Script to verify compliance of a Debian/OpenBSD server
|
||||||
# powered by Evolix
|
# powered by Evolix
|
||||||
|
|
||||||
# Repository: https://gitlab.evolix.org/evolix/evocheck
|
# Repository: https://gitea.evolix.org/evolix/evocheck
|
||||||
# Commit: 956877442a3f43243fed89c491d9bdddd1ac77cd
|
# Commit: e6e0b8c216ed28a2ee2229e5e122ff1d49701ffc
|
||||||
|
|
||||||
# Disable LANG*
|
# Disable LANG*
|
||||||
export LANG=C
|
export LANG=C
|
||||||
|
@ -525,19 +525,17 @@ if [ -e /etc/debian_version ]; then
|
||||||
|
|
||||||
# Check if no package has been upgraded since $limit.
|
# Check if no package has been upgraded since $limit.
|
||||||
if [ "$IS_NOTUPGRADED" = 1 ]; then
|
if [ "$IS_NOTUPGRADED" = 1 ]; then
|
||||||
if zgrep -hq upgrade /var/log/dpkg.log*; then
|
last_upgrade=$(date +%s -d $(zgrep -h upgrade /var/log/dpkg.log* |sort -n |tail -1 |cut -f1 -d ' '))
|
||||||
last_upgrade=$(date +%s -d $(zgrep -h upgrade /var/log/dpkg.log* |sort -n |tail -1 |cut -f1 -d ' '))
|
if grep -sq '^mailto="listupgrade-todo@' /etc/evolinux/listupgrade.cnf \
|
||||||
fi
|
|| grep -sq -E '^[[:digit:]]+[[:space:]]+[[:digit:]]+[[:space:]]+[^\*]' /etc/cron.d/listupgrade; then
|
||||||
if grep -q '^mailto="listupgrade-todo@' /etc/evolinux/listupgrade.cnf \
|
|
||||||
|| grep -q -E '^[[:digit:]]+[[:space:]]+[[:digit:]]+[[:space:]]+[^\*]' /etc/cron.d/listupgrade; then
|
|
||||||
# Manual upgrade process
|
# Manual upgrade process
|
||||||
limit=$(date +%s -d "now - 180 days")
|
limit=$(date +%s -d "now - 180 days")
|
||||||
else
|
else
|
||||||
# Regular process
|
# Regular process
|
||||||
limit=$(date +%s -d "now - 90 days")
|
limit=$(date +%s -d "now - 90 days")
|
||||||
fi
|
fi
|
||||||
if [ -d /var/log/installer ]; then
|
if [ -f /var/log/evolinux/00_prepare_system.log ]; then
|
||||||
install_date=$(stat -c %Z /var/log/installer)
|
install_date=$(stat -c %Z /var/log/evolinux/00_prepare_system.log)
|
||||||
else
|
else
|
||||||
install_date=0
|
install_date=0
|
||||||
fi
|
fi
|
||||||
|
@ -591,8 +589,8 @@ if [ -e /etc/debian_version ]; then
|
||||||
|
|
||||||
if [ "$IS_BACKPORTSCONF" = 1 ]; then
|
if [ "$IS_BACKPORTSCONF" = 1 ]; then
|
||||||
if is_debianversion stretch; then
|
if is_debianversion stretch; then
|
||||||
grep -q backports /etc/apt/sources.list && echo 'IS_BACKPORTSCONF FAILED!'
|
grep -qE "^[^#].*backports" /etc/apt/sources.list && echo 'IS_BACKPORTSCONF FAILED!'
|
||||||
grep -q backports /etc/apt/sources.list.d/*.list 2>/dev/null && (grep -q backports /etc/apt/preferences.d/* || echo 'IS_BACKPORTSCONF FAILED!')
|
grep -qE "^[^#].*backports" /etc/apt/sources.list.d/*.list 2>/dev/null && (grep -qE "^[^#].*backports" /etc/apt/preferences.d/* || echo 'IS_BACKPORTSCONF FAILED!')
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -988,9 +986,10 @@ fi
|
||||||
|
|
||||||
if [ "$IS_PRIVKEYWOLRDREADABLE" = 1 ]; then
|
if [ "$IS_PRIVKEYWOLRDREADABLE" = 1 ]; then
|
||||||
for f in /etc/ssl/private/*; do
|
for f in /etc/ssl/private/*; do
|
||||||
perms=$(stat -c "%a" $f)
|
perms=$(stat -L -c "%a" $f)
|
||||||
if [ ${perms: -1} != "0" ]; then
|
if [ ${perms: -1} != "0" ]; then
|
||||||
echo 'IS_PRIVKEYWOLRDREADABLE FAILED!'
|
echo 'IS_PRIVKEYWOLRDREADABLE FAILED!'
|
||||||
|
break
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in a new issue