Gregory Colpart
38beacc87b
Improve IS_EVOMAINTENANCE_FW : lower rules number to 2
...
Closes #42
2018-07-27 01:53:27 +02:00
Benoît S.
cd38bbaab4
IS_EVOACME_LIVELINKS: Add a condition when there is no certificates
2018-07-05 10:19:43 +02:00
Benoît S.
08b5ae0819
Fix: IS_APACHE_CONFENABLED only when apache2.conf exists.
2018-07-02 15:41:15 +02:00
Benoît S.
7ddb75fb5b
Fix: IS_APACHE_CONFENABLED is only for Jessie or Stretch
2018-06-29 14:17:05 +02:00
Benoît S.
8e2741dd99
Squashed commit of the following:
...
commit db23167246
Author: Benoît S <bserie@evolix.fr>
Date: Thu Jun 28 11:48:22 2018 +0200
Add a check for kernel config gile
commit ae1ec7b2b9
Author: Benoît S <bserie@evolix.fr>
Date: Wed Jun 27 18:01:07 2018 +0200
Redo the jessie part
commit 62b61aabf1
Author: Benoît S <bserie@evolix.fr>
Date: Wed Jun 27 17:49:44 2018 +0200
Well... For Stretch use only /sys/devices/system/cpu/vulnerabilities/
commit 33b19090e6
Author: Benoît S <bserie@evolix.fr>
Date: Wed Jun 27 17:45:11 2018 +0200
Add check for spectre v2
commit 3451218a16
Author: Benoît S <bserie@evolix.fr>
Date: Wed Jun 27 17:33:24 2018 +0200
Do not use the BOOT_IMAGE trick
commit ee60e28a5a
Author: Benoît S <bserie@evolix.fr>
Date: Wed Jun 27 17:30:18 2018 +0200
We cannot rely on dmesg
commit 57bd4312ce
Author: Benoît.S <benpro@benpro.fr>
Date: Thu Jan 11 14:46:46 2018 +0100
Breakline indentation
commit d2278292cc
Author: Benoît.S <benpro@benpro.fr>
Date: Thu Jan 11 14:45:12 2018 +0100
Diffrent test for Jessie kernel
commit 1418d4306e
Author: Benoît.S <benpro@benpro.fr>
Date: Thu Jan 11 11:52:43 2018 +0100
Modified Meltdown check to handle kaiser and pti
commit 2c6d075e2a
Author: Benoît.S <benpro@benpro.fr>
Date: Thu Jan 11 11:24:42 2018 +0100
Add IS_MELTDOWN
We check kaiser flags in /proc/cpuinfo and CONFIG_PAGE_TABLE_ISOLATION in
kernel config file.
2018-06-28 11:52:31 +02:00
Benoît S.
d914dd9003
Implement IS_APACHE_CONFENABLED
2018-06-27 15:20:39 +02:00
Benoît S.
e5ca035516
Add a line
2018-06-13 18:10:14 +02:00
Benoît S.
6bce242efb
Merge branch 'master' into 35-is_evoacme_certbotcron
2018-06-13 18:09:27 +02:00
Benoît S.
5fc12657d3
Check evoacme file cron
2018-06-13 18:03:14 +02:00
Benoît S.
9c5f8653fd
IS_EVOACME_LIVELINKS: Only executed if evoacme installed
2018-05-28 11:49:57 +02:00
Benoît S.
a6b54d99e9
Add IS_EVOACME_LIVELINKS check
2018-05-25 17:55:12 +02:00
Benoît S.
fee78ee9f4
IS_DUPLICATE_FS_LABEL: Add a space for the grep pattern
...
Otherwise it will match PARTLABEL, we want only LABEL.
2018-04-10 15:44:59 +02:00
Benoît S.
217e8b1115
Missing fi
2018-04-10 15:16:37 +02:00
Benoît S.
75e69e1440
Use blkid in place of lsblk
2018-04-10 15:14:54 +02:00
Jérémy Lecour
9c221e2919
Use "grep -E" instead of "egrep" (deprecated)
2018-03-29 22:31:50 +02:00
Jérémy Lecour
80a07783c8
IS_SSHALLOWUSERS is looking for AllowUsers or AllowGroups
2018-03-29 22:30:31 +02:00
Jérémy Lecour
c1866836aa
whitespaces
2018-03-29 22:29:50 +02:00
Romain Dessort
92b18e201c
Fix evoqa #3623 : custom limit for IS_NOTUPGRADED
...
Set higher time limit for servers not being part of the regular upgrade
process:
- if mails are sent to listupgrade-todo@
- or if listupgrade.sh is not executed on a weekly basis.
2018-03-23 17:47:17 -04:00
Romain Dessort
76575e9fb1
evoqa #4994 : check presence of evolix user
2018-03-23 17:46:11 -04:00
Benoît S.
f686aad9a5
Merge branch 'master' into '19-detect-depulicate-filesystem-labels'
...
# Conflicts:
# evocheck.sh
2018-03-19 14:53:44 +01:00
Benoît S.
12d5205485
Added the test to found duplicate
2018-03-19 14:51:18 +01:00
Benoît S.
8963a85269
Move the detection of minifirewall config
2018-03-15 17:53:58 +01:00
Benoît S.
e5594f3f1b
IS_EVOMAINTENANCE_FW: Fix wrong variable
2018-03-15 17:51:12 +01:00
Daniel Jakots
75fbba7644
Set at the beginning $MINIFW_FILE and use it
2018-03-15 12:44:23 -04:00
Benoît S.
d0975f7719
First implementatio for IS_EVOMAINTENANCE_FW
...
We check if there is at least the 4 evomaintenance rules.
2018-03-15 16:13:20 +01:00
Benoît S.
36822bf383
WIP #19 : Detect duplicate LABEL entries
2018-03-09 18:05:09 +01:00
Benoît S.
0dec7c6545
Fix #21 . IS_EVOBACKUP was disabled and using bad grep pattern
2018-03-09 15:22:08 +01:00
Benoît S.
7d1082d585
Well... Don't need for failed variable after all.
2018-02-23 11:13:01 +01:00
Benoît S.
39ac9e8d24
IS_MYSQLMUNIN: Break lines and add a break
2018-02-22 10:21:12 +01:00
Gregory Colpart
0d68452dcc
avoid too much FAILED for IS_MYSQLMUNIN
2018-02-19 23:26:53 +01:00
Gregory Colpart
7d7e289817
suppress stderr output in any case
2018-02-19 22:23:53 +01:00
Benoît.S
034b88faa4
IS_UPTIME in --cron mode && IS_NOTUPGRADED at 90d
2018-01-31 16:25:28 +01:00
Benoît.S
b62a9f606e
We don't manage systemd-network yet
...
Added a IS_NETWORK_INTERFACES and disabling IS_AUTOIF and IS_INTERFACESGW if
IS_NETWORK_INTERFACES failing.
2018-01-22 16:55:42 +01:00
Benoît S.
f78628c1d7
Fix #15 . Add mysql_ prefix for munin plugin check
2017-12-20 10:06:39 +01:00
Benoît.S
15c323f56b
Add MOUNT_FSTAB check
2017-12-08 15:56:31 +01:00
Benoît.S
99451d54a8
Add ELASTIC_BACKUP check
2017-12-06 11:05:02 +01:00
Benoît.S
09c4e5f5b2
Add REDIS_BACKUP check
2017-12-06 10:49:52 +01:00
Benoît.S
824e0fcf55
Missing IS_LDAP_BACKUP=1
2017-12-06 10:46:08 +01:00
Benoît.S
35f0cc3c86
Add MONGO_BACKUP check
2017-12-06 10:42:16 +01:00
Benoît.S
227249f411
Add POSTGRES_BACKUP check
2017-12-06 10:28:39 +01:00
Benoît.S
6c37875d1f
Add LDAP_BACKUP check
2017-12-06 10:14:17 +01:00
Benoît.S
f527e92ce4
Only check if file exist
2017-12-06 10:06:03 +01:00
Benoît.S
340c686b03
Implement EvoQA#3332. Check for SQL backup.
2017-12-05 18:03:40 +01:00
Benoît S.
eeca2fab19
Don't match start of line
...
While inverse grepping some interface names, don't match the start of the line.
2017-11-22 11:31:24 +01:00
Benoît S.
a9cbeca7cc
Use group evolinux-sudo for Debian >=9
2017-11-14 17:35:23 +01:00
Benoît.S
85c757d9d4
Test if /etc/apache2 is present
...
Otherwise this check will always fail on non-apache server...
2017-11-10 11:06:33 +01:00
Benoît S.
31518d39b1
For IS_LOG2MAILMYSQL, better grep.
...
Because we can have /etc/log2mail/config/{default,mysql,mysql.conf} ⋅ ⋅ ⋅
2017-10-26 11:51:13 +02:00
Jérémy Lecour
0d4bd0a717
AUTOIF: on stretch, only look for UP interfaces
2017-10-04 14:11:50 +02:00
Romain Dessort
76495a204c
Fix IS_BROADCOMFIRMWARE and IS_HARDWARERAIDTOOL checks
2017-10-02 16:39:13 -04:00
Romain Dessort
f90b1d9e71
Use python instead of bc to get percentage of reserved blocks
...
bc is not installed on all servers.
2017-10-02 16:23:04 -04:00
Romain Dessort
3453423579
Add some checks for stretch
2017-10-02 15:05:24 -04:00
Jérémy Lecour
848a97883a
Revert "IS_MYSQLUTILS: better check for mytop user"
...
This reverts commit 604c313c90
.
2017-09-22 11:01:04 +02:00
Jérémy Lecour
604c313c90
IS_MYSQLUTILS: better check for mytop user
...
The 'debian-sys-maint' user is not necessarily the best one to use with mytop.
We just need to check that the mytop config file contains a user value.
The regular expression checks that :
* there is a line beggining with "user" (not commented)
* it is a variable assignent with optional spaces
* the value is 1 or more non-whitespace characters
2017-09-22 09:43:31 +02:00
Gregory Colpart
7314ffc631
Fix squid conffile in stretch
2017-09-14 01:18:32 +02:00
Gregory Colpart
1b843937b0
web-add.sh can be in new path
2017-09-14 01:18:32 +02:00
Gregory Colpart
80a2d4a2b6
no need of ';' avec return 0
2017-09-14 01:18:32 +02:00
Romain Dessort
69a61bcc51
Check for world readable private keys
2017-09-11 11:16:42 -04:00
Romain Dessort
9e21e22414
Check for /etc/evomaintenance.cf permissions
2017-09-11 10:11:58 -04:00
Benoît S.
461dec1a37
Missing () for the condition
2017-09-07 11:53:16 +02:00
Romain Dessort
67665c2738
Fix IS_SQUID in stretch
2017-08-31 12:41:18 -04:00
Romain Dessort
d30b1dbace
Fix Grégory's fix about IS_APACHEMUNIN for non-stretch machines
2017-08-31 12:34:58 -04:00
Romain Dessort
516adc25f9
Improve previous commit for mytop check
2017-08-31 12:23:21 -04:00
Romain Dessort
b2fa3073c0
mytop is now part of mariadb-client
2017-08-31 11:24:02 -04:00
Gregory Colpart
2eddb6b1bf
Fix IS_APACHEMUNIN check in Stretch
2017-08-22 03:42:16 +02:00
Gregory Colpart
a2839d24c0
Forget -q in grep
2017-08-22 03:19:16 +02:00
Gregory Colpart
cb7a0adf79
Fix vlan interfaces in Debian 9
2017-08-22 03:18:04 +02:00
Romain Dessort
18ca4d4845
TMOUT is now set in /etc/profile.d/evolinux.sh
2017-08-14 11:02:18 -04:00
Gregory Colpart
fee216b218
autorize no PermitRoot option for Stretch because default is secure
2017-07-11 00:21:52 +02:00
Gregory Colpart
03db1f93ba
Improve check (avoid warning)
2017-07-11 00:05:43 +02:00
Gregory Colpart
53c67a0157
For Stretch (we don't use anymore listchanges)
2017-07-10 23:41:04 +02:00
Romain Dessort
87e280895f
Allow use of env= in Allow from directives.
2017-07-07 16:34:46 -04:00
Benoît S.
6869dba9fb
Added a protection in case of buggy partition.
...
Like I/O error.
2017-06-01 15:38:18 +02:00
Benoît S.
5b6e30d992
Added check IS_TUNE2FS_M5.
2017-05-31 16:01:19 +02:00
Romain Dessort
81c28cd59e
Increase grace for IS_NOTUPGRADED
2017-04-03 08:44:46 -04:00
Romain Dessort
acca5f226e
Fix #1959 . IS_BACKUPUPTODATE now fails if files are older than 2 day
2017-02-03 10:44:36 -05:00
Romain Dessort
3a5fe95bed
Add tun to interfaces to exclude
2017-02-03 10:42:30 -05:00
Romain Dessort
ee3d82b5c6
Fix comment for IS_NOTUPGRADED check
2016-11-30 11:49:38 -05:00
Romain Dessort
ec677f720d
Add a check to ensure system is upgraded periodically
2016-11-30 11:39:25 -05:00
Benoît S.
43bc39a72d
Implement #1957 . IS_APTGETBAK
2016-08-31 15:38:38 +02:00
Romain Dessort
dbe53542f0
Fix parenthesis in condition for Squeeze.
2016-06-30 08:12:27 -04:00
Gregory Colpart
0b39053882
Fix check when there is no partitions /usr /tmp in Jessie
2016-06-24 01:37:46 +02:00
Romain Dessort
16a53a5dc6
Add check for /etc/.git/ permissions.
2016-06-16 12:08:22 -04:00
Romain Dessort
251f02ac1a
Fix some bugs.
2016-06-03 11:29:45 -04:00
Romain Dessort
3b59217d0d
Fix #1861 . More explicit check for NRPE pid.
2016-05-13 10:42:53 -04:00
Romain Dessort
b7c41b9181
Fix #1864 . Add quotes to avoid error in comparaison.
2016-05-13 10:34:28 -04:00
Romain Dessort
62b13e9e77
Exclude macvtap interfaces from check.
2016-05-12 19:59:26 -04:00
Romain Dessort
3c9ba79ad5
Missing quiet option for grep.
2016-05-12 19:59:01 -04:00
Romain Dessort
0325dc93e4
In case of many generated graphs, take the newest.
2016-05-12 14:21:32 -04:00
Romain Dessort
b8969e6f12
IPv6 compatible regexp for BINDCHROOT.
2016-05-12 14:20:57 -04:00
Romain Dessort
5ec7be4111
Check mtime of images only with graph_strategy = cron.
2016-05-12 13:37:58 -04:00
Romain Dessort
57a68cdd1d
Fix first regexp in 'IS_APACHEIPINALLOW check.
2016-05-12 13:37:25 -04:00
Romain Dessort
ef262a8272
Improve/simplify regexp to support IPv6, netmasks and ignore commented lines.
2016-05-12 12:24:55 -04:00
Romain Dessort
4509f6d0e4
IS_BINDCHROOT is relevant only if bind listen to public interface.
2016-05-12 12:23:58 -04:00
Romain Dessort
89c58093f8
Replace uptime -s by /proc/uptime
...
Since uptime -s does not exist on <Jessie.
2016-05-12 11:43:16 -04:00
Romain Dessort
5c66992f03
Fix bad regexp in IS_INTERFACESGW check.
2016-05-11 14:14:23 -04:00
Benoît S.
d4813d7280
Fixed condition in IS_APACHEIPINALLOW.
2016-05-11 11:25:25 +02:00
Benoît S.
97b064e426
Fixed errors in code.
2016-05-11 11:21:23 +02:00
Romain Dessort
199c3952f1
Typo in some added checks
2016-05-10 18:24:46 -04:00
Romain Dessort
40d0536aa0
Fix #1854 . Add NRPEPID check for wheezy and newer.
2016-05-10 18:23:48 -04:00
Romain Dessort
452b8eea32
Fix #1675 . Add check to ensure files are up-to-date in /home/backup/.
2016-05-10 18:17:02 -04:00
Romain Dessort
83c0371334
Add option to skip KERNELUPTODATE check.
2016-05-10 17:58:04 -04:00
Romain Dessort
ec08f0fe19
Fix #1545 . Check also generated images in Munin check.
2016-05-10 17:53:31 -04:00
Romain Dessort
ec3713fbe3
Fix #1543 . Add check if server is running for more than a year.
2016-05-10 17:28:09 -04:00
Romain Dessort
e59adc86f9
Fix #1200 . Replace who -b by uptime -s which does not depend on a TTY and locales.
2016-05-10 17:26:26 -04:00
Romain Dessort
596fad44d1
Fix #1077 . Add check to ensure there is real IP addresses in Allow/Deny directives
2016-05-10 16:50:44 -04:00
Romain Dessort
411774e83b
Fix #1076 . Add check to ensure Apache configuration for munin is absent.
2016-05-10 16:10:32 -04:00
Romain Dessort
0ec499498b
Fix #1851 . Error in condition comparing md5sums.
2016-05-10 11:32:36 -04:00
Romain Dessort
ff53d8bcdf
Fix #1747 . Bad regexp for BINDCHROOT check.
2016-05-10 11:25:42 -04:00
Romain Dessort
aacaa541be
refs #1848 . Add LOG2MAILRUNNING check.
2016-05-10 11:10:24 -04:00
Romain Dessort
f749a656fb
refs #1848 . Add MUNINRUNNING check.
2016-05-10 10:41:16 -04:00
Romain Dessort
52a9d14a68
Close #1590 . Tolerate 127.0.0.1 or 127.0.0.0/8 in iptables rules for Squid.
2016-05-10 10:30:39 -04:00
Romain Dessort
d2ebf78e2c
Fix a wrong error message in APTITUDE check.
2016-05-10 10:29:50 -04:00
Romain Dessort
ad26ff2d22
refs #1848 . Add LOG2MAILRUNNING check.
2016-05-10 10:28:07 -04:00
Romain Dessort
e92292de9f
Fix #1587 . Disable APTICRON check.
2016-05-10 10:23:52 -04:00
Benoît S.
a2430945a7
Added tapX interfaces to the exclude list of AUTOIF
2016-04-21 15:11:25 +02:00
Romain Dessort
3b8487db7d
Take only the md5sum of md5sum output in comparison.
2016-02-18 10:41:30 -05:00
Romain Dessort
15aaa75664
Fix a bug on IS_BINDCHROOT check.
...
The correct package name is bind9 instead of bind!
2016-02-02 16:30:04 -05:00
Romain Dessort
cc8ef31a6d
Improve IS_BINDCHROOT to check if Bind must be rechrooted (if binary differ).
2016-02-02 16:07:00 -05:00
Gregory Colpart
99bbcd5420
Fix IS_LOG2MAILSQUID : we parse now all log2mail config files
2015-11-28 17:12:20 +01:00
Gregory Colpart
a1c1ad3a60
Fix #1654 : minifirewall uses now /etc/default/minifirewall then change check for jessie
2015-11-28 17:03:27 +01:00
Gregory Colpart
e018379753
Add test to check if aptitude is well removed in Jessie
2015-11-28 16:53:37 +01:00
Gregory Colpart
e41af65080
Fix #1587 : enable check for aptitude/apticron only in squeeze/wheezy
2015-11-28 16:46:47 +01:00
Gregory Colpart
29fae2b7ae
- Apply policy to avoid test duplication
...
- Minor cleaning
2015-11-28 16:23:28 +01:00
Gregory Colpart
50e9a816bb
add non physical interfaces
2015-02-04 21:01:07 +01:00
Benoît S.
724bb6b235
Add support of IPv6 for check IS_INTERFACESGW.
2014-10-09 16:41:34 +02:00
Gregory Colpart
6248aacbe1
Improve comments
2014-10-08 22:13:15 +02:00
Gregory Colpart
9b8ccd7213
Remove IS_TOOMUCHDEBIANSYSMAINT check
2014-10-08 22:11:16 +02:00
Gregory Colpart
d670d62bae
Fix IS_APTICRON check (confusion + remove active actions)
2014-10-08 22:01:10 +02:00
Benoît S.
1188586ec0
Fix a bug in test apache symlink. #834
2014-10-08 17:20:05 +02:00
Benoît S.
9bf216c5ec
Amelioration of check apitcron. #936
2014-10-08 17:13:37 +02:00
Benoît S.
481369107c
Better check for apt.conf*
2014-10-08 16:43:59 +02:00
Benoît S.
1927448149
Better check for iptables.
2014-10-08 15:46:36 +02:00
Benoît S.
32dd21ae20
Fix an issue in check modsec.
2014-10-08 15:12:51 +02:00
Benoît S.
3116eaf987
Check sudoers, grep only umask.
2014-10-08 14:54:59 +02:00
Benoît S.
68ea07c919
Revert "Merge conflicts."
...
This reverts commit 534cb10a1b
.
Due to 9d2844ce1a
.
Conflicts:
evocheck.sh
2014-10-08 12:18:36 +02:00
Benoît S.
e926cc3c66
Fix indent.
2014-10-08 12:10:34 +02:00
Benoît S.
a2b6703b35
Better check for modsec.
2014-10-08 12:09:04 +02:00
Benoît S.
1dd9281e11
Check for apticron. #936
2014-10-08 12:08:23 +02:00
Benoît S.
84d05c2176
Add a check of gateway in /etc/network/interfaces. #910
2014-10-08 12:08:23 +02:00
Benoît S.
ba6dc0fb32
Add a check for regular files in /etc/apache2/sites-enabled
2014-10-08 12:08:23 +02:00
Benoît S.
d0436a02be
Add a check for minifirewall. #729
2014-10-08 12:08:23 +02:00
Benoît S.
534cb10a1b
Merge conflicts.
2014-10-08 12:07:41 +02:00
Gregory Colpart
9d2844ce1a
Less strict with Wheezy systems upgraded from Squeeze
2014-10-06 21:45:47 +02:00
Gregory Colpart
56cff02585
Improve AUTOIF test for virtualization
2014-07-21 15:03:12 +02:00
Benoît S.
b79a56710b
Adapting IS_NRPEPOSTFIX check for Wheezy.
2013-06-07 14:36:37 +02:00
Benoît S.
bf1a39e9e1
Adding support for Wheezy-evolinux.
2013-04-12 18:03:48 +02:00
Romain Dessort
2ae4555e63
Fix a bug in MODDEFLATE check when apache isn't installed.
...
Missing parenthesis.
2012-06-20 15:32:21 +02:00
Romain Dessort
cdd468f4ab
Fix a bug in MODDEFLATE check.
2012-03-27 12:07:24 +02:00
Romain Dessort
170ed656d4
IS_NRPEDISK is now deprecated.
2012-02-27 12:12:06 +01:00
Romain Dessort
428b91b731
Improve IS_KERNELUPTODATE to check if the kernel is installed.
2012-02-27 12:06:33 +01:00