forked from evolix/evocheck
IS_EVOMAINTENANCE_FW only if HOOK_DB is enabled
This commit is contained in:
parent
349d77a2df
commit
ae30d6555c
|
@ -7,6 +7,8 @@ and this project **does not adhere to [Semantic Versioning](http://semver.org/sp
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
|
* IS_EVOMAINTENANCE_FW : warn only if HOOK_DB is enabled
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
* IS_TMPUSRRO : improve grep for options detection
|
* IS_TMPUSRRO : improve grep for options detection
|
||||||
|
|
|
@ -444,9 +444,10 @@ check_squid() {
|
||||||
}
|
}
|
||||||
check_evomaintenance_fw() {
|
check_evomaintenance_fw() {
|
||||||
if [ -f "$MINIFW_FILE" ]; then
|
if [ -f "$MINIFW_FILE" ]; then
|
||||||
|
hook_db=$(grep -E '^\s*HOOK_DB' /etc/evomaintenance.cf | tr -d ' ' | cut -d= -f2)
|
||||||
rulesNumber=$(grep -c "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s .* -m state --state ESTABLISHED,RELATED -j ACCEPT" "$MINIFW_FILE")
|
rulesNumber=$(grep -c "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s .* -m state --state ESTABLISHED,RELATED -j ACCEPT" "$MINIFW_FILE")
|
||||||
if [ "$rulesNumber" -lt 2 ]; then
|
if [ "$hook_db" = "1" ] && [ "$rulesNumber" -lt 2 ]; then
|
||||||
failed "IS_EVOMAINTENANCE_FW" "missing evomaintenance rules in minifirewall"
|
failed "IS_EVOMAINTENANCE_FW" "HOOK_DB is enabled but missing evomaintenance rules in minifirewall"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue