forked from evolix/evocheck
Add check_noatime and fix check_softdep
Add check_noatime - Check that all ffs partitions are mounted with the noatime option Fix check_softdep - We now check the number of ffs partitions and we compare it to the number of softdep options currently there
This commit is contained in:
parent
7cb6055af5
commit
682cd3afaa
10
CHANGELOG
10
CHANGELOG
|
@ -7,6 +7,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||||
|
|
||||||
## [Unreleased]
|
## [Unreleased]
|
||||||
|
|
||||||
|
## [6.7.6] - 2020-10-15
|
||||||
|
|
||||||
|
### Added
|
||||||
|
|
||||||
|
- Add check_noatime - Check that all ffs partitions are mounted with the noatime option
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
|
||||||
|
- Fix check_softdep - We now check the number of ffs partitions and we compare it to the number of softdep options currently there
|
||||||
|
|
||||||
## [6.7.5] - 2020-10-09
|
## [6.7.5] - 2020-10-09
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
21
evocheck.sh
21
evocheck.sh
|
@ -3,7 +3,7 @@
|
||||||
# EvoCheck
|
# EvoCheck
|
||||||
# Script to verify compliance of an OpenBSD server powered by Evolix
|
# Script to verify compliance of an OpenBSD server powered by Evolix
|
||||||
|
|
||||||
readonly VERSION="6.7.5"
|
readonly VERSION="6.7.6"
|
||||||
|
|
||||||
# Disable LANG*
|
# Disable LANG*
|
||||||
|
|
||||||
|
@ -101,6 +101,18 @@ check_tmpnoexec(){
|
||||||
mount | grep "on /tmp" | grep -q noexec || failed "IS_TMPNOEXEC" "/tmp should be mounted with the noexec option"
|
mount | grep "on /tmp" | grep -q noexec || failed "IS_TMPNOEXEC" "/tmp should be mounted with the noexec option"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
check_softdep(){
|
||||||
|
if [ $(grep -c softdep /etc/fstab) -ne $(grep -c ffs /etc/fstab) ]; then
|
||||||
|
failed "IS_SOFTDEP" "All partitions should have the softdep option"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
check_noatime(){
|
||||||
|
if [ $(mount | grep -c noatime) -ne $(grep -c ffs /etc/fstab) ]; then
|
||||||
|
failed "IS_NOATIME" "All partitions should be mounted with the noatime option"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
check_tmoutprofile(){
|
check_tmoutprofile(){
|
||||||
grep -q TMOUT= /etc/skel/.profile /root/.profile || failed "IS_TMOUTPROFILE" "In order to fix, add 'export TMOUT=36000' to both /etc/skel/.profile and /root/.profile files"
|
grep -q TMOUT= /etc/skel/.profile /root/.profile || failed "IS_TMOUTPROFILE" "In order to fix, add 'export TMOUT=36000' to both /etc/skel/.profile and /root/.profile files"
|
||||||
}
|
}
|
||||||
|
@ -209,10 +221,6 @@ check_pfenabled(){
|
||||||
check_pfcustom(){
|
check_pfcustom(){
|
||||||
}
|
}
|
||||||
|
|
||||||
check_softdep(){
|
|
||||||
grep -q "softdep" /etc/fstab || failed "IS_SOFTDEP" ""
|
|
||||||
}
|
|
||||||
|
|
||||||
check_wheel(){
|
check_wheel(){
|
||||||
if [ -f /etc/sudoers ]; then
|
if [ -f /etc/sudoers ]; then
|
||||||
grep -qE "^%wheel.*$" /etc/sudoers || failed "IS_WHEEL" ""
|
grep -qE "^%wheel.*$" /etc/sudoers || failed "IS_WHEEL" ""
|
||||||
|
@ -346,6 +354,8 @@ main() {
|
||||||
|
|
||||||
test "${IS_UMASKSUDOERS:=1}" = 1 && check_umasksudoers
|
test "${IS_UMASKSUDOERS:=1}" = 1 && check_umasksudoers
|
||||||
test "${IS_TMPNOEXEC:=1}" = 1 && check_tmpnoexec
|
test "${IS_TMPNOEXEC:=1}" = 1 && check_tmpnoexec
|
||||||
|
test "${IS_SOFTDEP:=1}" = 1 && check_softdep
|
||||||
|
test "${IS_NOATIME:=1}" = 1 && check_noatime
|
||||||
test "${IS_TMOUTPROFILE:=1}" = 1 && check_tmoutprofile
|
test "${IS_TMOUTPROFILE:=1}" = 1 && check_tmoutprofile
|
||||||
test "${IS_RAIDOK:=1}" = 1 && check_raidok
|
test "${IS_RAIDOK:=1}" = 1 && check_raidok
|
||||||
test "${IS_EVOBACKUP:=1}" = 1 && check_evobackup
|
test "${IS_EVOBACKUP:=1}" = 1 && check_evobackup
|
||||||
|
@ -358,7 +368,6 @@ main() {
|
||||||
test "${IS_REBOOTMAIL:=1}" = 1 && check_rebootmail
|
test "${IS_REBOOTMAIL:=1}" = 1 && check_rebootmail
|
||||||
test "${IS_PFENABLED:=1}" = 1 && check_pfenabled
|
test "${IS_PFENABLED:=1}" = 1 && check_pfenabled
|
||||||
test "${IS_PFCUSTOM:=1}" = 1 && check_pfcustom
|
test "${IS_PFCUSTOM:=1}" = 1 && check_pfcustom
|
||||||
test "${IS_SOFTDEP:=1}" = 1 && check_softdep
|
|
||||||
test "${IS_WHEEL:=1}" = 1 && check_wheel
|
test "${IS_WHEEL:=1}" = 1 && check_wheel
|
||||||
test "${IS_PKGMIRROR:=1}" = 1 && check_pkgmirror
|
test "${IS_PKGMIRROR:=1}" = 1 && check_pkgmirror
|
||||||
test "${IS_HISTORY:=1}" = 1 && check_history
|
test "${IS_HISTORY:=1}" = 1 && check_history
|
||||||
|
|
Loading…
Reference in a new issue