forked from evolix/evocheck
Merge branch 'master' into '19-detect-depulicate-filesystem-labels'
# Conflicts: # evocheck.sh
This commit is contained in:
commit
f686aad9a5
33
evocheck.sh
33
evocheck.sh
|
@ -100,6 +100,7 @@ IS_MOUNT_FSTAB=1
|
||||||
IS_NETWORK_INTERFACES=1
|
IS_NETWORK_INTERFACES=1
|
||||||
IS_EVOBACKUP=1
|
IS_EVOBACKUP=1
|
||||||
IS_DUPLICATE_FS_LABEL=1
|
IS_DUPLICATE_FS_LABEL=1
|
||||||
|
IS_EVOMAINTENANCE_FW=1
|
||||||
|
|
||||||
#Proper to OpenBSD
|
#Proper to OpenBSD
|
||||||
IS_SOFTDEP=1
|
IS_SOFTDEP=1
|
||||||
|
@ -146,6 +147,11 @@ is_debianversion(){
|
||||||
[ $(lsb_release -c -s) = $1 ] && return 0
|
[ $(lsb_release -c -s) = $1 ] && return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
is_debianversion squeeze && MINIFW_FILE=/etc/firewall.rc
|
||||||
|
is_debianversion wheezy && MINIFW_FILE=/etc/firewall.rc
|
||||||
|
is_debianversion jessie && MINIFW_FILE=/etc/default/minifirewall
|
||||||
|
is_debianversion stretch && MINIFW_FILE=/etc/default/minifirewall
|
||||||
|
|
||||||
#-----------------------------------------------------------
|
#-----------------------------------------------------------
|
||||||
#Vérifie si c'est une debian et fait les tests appropriés.
|
#Vérifie si c'est une debian et fait les tests appropriés.
|
||||||
#-----------------------------------------------------------
|
#-----------------------------------------------------------
|
||||||
|
@ -285,10 +291,7 @@ if [ -e /etc/debian_version ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$IS_MINIFWPERMS" = 1 ]; then
|
if [ "$IS_MINIFWPERMS" = 1 ]; then
|
||||||
is_debianversion squeeze && ( ls -l /etc/firewall.rc | grep -q -- -rw------- || echo 'IS_MINIFWPERMS FAILED!' )
|
ls -l "$MINIFW_FILE" | grep -q -- -rw------- || echo 'IS_MINIFWPERMS FAILED!'
|
||||||
is_debianversion wheezy && ( ls -l /etc/firewall.rc | grep -q -- -rw------- || echo 'IS_MINIFWPERMS FAILED!' )
|
|
||||||
is_debianversion jessie && ( ls -l /etc/default/minifirewall | grep -q -- -rw------- || echo 'IS_MINIFWPERMS FAILED!' )
|
|
||||||
is_debianversion stretch && ( ls -l /etc/default/minifirewall | grep -q -- -rw------- || echo 'IS_MINIFWPERMS FAILED!' )
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$IS_NRPEDISKS" = 1 ]; then
|
if [ "$IS_NRPEDISKS" = 1 ]; then
|
||||||
|
@ -341,15 +344,21 @@ if [ -e /etc/debian_version ]; then
|
||||||
# Verification de l'activation de Squid dans le cas d'un pack mail
|
# Verification de l'activation de Squid dans le cas d'un pack mail
|
||||||
if [ "$IS_SQUID" = 1 ]; then
|
if [ "$IS_SQUID" = 1 ]; then
|
||||||
squidconffile=/etc/squid*/squid.conf
|
squidconffile=/etc/squid*/squid.conf
|
||||||
is_debianversion squeeze && f=/etc/firewall.rc
|
is_debianversion stretch && squidconffile=/etc/squid/evolinux-custom.conf
|
||||||
is_debianversion wheezy && f=/etc/firewall.rc
|
|
||||||
is_debianversion jessie && f=/etc/default/minifirewall
|
|
||||||
is_debianversion stretch && f=/etc/default/minifirewall && squidconffile=/etc/squid/evolinux-custom.conf
|
|
||||||
is_pack_web && ( is_installed squid || is_installed squid3 \
|
is_pack_web && ( is_installed squid || is_installed squid3 \
|
||||||
&& grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT" $f \
|
&& grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT" $MINIFW_FILE \
|
||||||
&& grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -d `hostname -i` -j ACCEPT" $f \
|
&& grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -d `hostname -i` -j ACCEPT" $MINIFW_FILE \
|
||||||
&& grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.(1|0/8) -j ACCEPT" $f \
|
&& grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.(1|0/8) -j ACCEPT" $MINIFW_FILE \
|
||||||
&& grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port.* `grep http_port $squidconffile | cut -f 2 -d " "`" $f || echo 'IS_SQUID FAILED!' )
|
&& grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port.* `grep http_port $squidconffile | cut -f 2 -d " "`" $MINIFW_FILE || echo 'IS_SQUID FAILED!' )
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$IS_EVOMAINTENANCE_FW" = 1 ]; then
|
||||||
|
if [ -f "$MINIFW_FILE" ]; then
|
||||||
|
rulesNumber=$(grep -c "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s .* -m state --state ESTABLISHED,RELATED -j ACCEPT" "$MINIFW_FILE")
|
||||||
|
if [ "$rulesNumber" -lt 4 ]; then
|
||||||
|
echo 'IS_EVOMAINTENANCE_FW FAILED!'
|
||||||
|
fi
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Verification de la conf et de l'activation de mod-deflate
|
# Verification de la conf et de l'activation de mod-deflate
|
||||||
|
|
Loading…
Reference in a new issue