primitive loggin function, script structure simplified
This commit is contained in:
parent
cc59a98c10
commit
cd484d4fc3
1 changed files with 32 additions and 29 deletions
61
helmet.sh
61
helmet.sh
|
|
@ -9,7 +9,7 @@
|
|||
# This script runs noninteractive, so you can rely on these return
|
||||
# codes:
|
||||
# 0 script run ok, nothing serious found
|
||||
# 1 OS detection failed
|
||||
# 1 OS detection failed/wrong distribution
|
||||
# 2 script run ok, critical stuff found
|
||||
#
|
||||
# Requirements:
|
||||
|
|
@ -36,7 +36,7 @@ while [ $# -gt 0 ]; do
|
|||
case $1 in
|
||||
-h|--help) showhelp; exit; shift 1 ;;
|
||||
-V|--version) echo $(basename $0) $H_VERSION; exit; shift 1 ;;
|
||||
-v|--verbose) verb=echo; shift 1 ;;
|
||||
-v|--verbose) verb=true; shift 1 ;;
|
||||
-m|--no-md5) md5=false; shift 1 ;;
|
||||
-s|--no-ssh) ssh=false; shift 1 ;;
|
||||
*) showhelp; exit ;;
|
||||
|
|
@ -56,59 +56,62 @@ elif [[ $(grep -c '^[[:digit:]]' /etc/debian_version) > 0 ]]; then
|
|||
H_RELEASE=$(cat /etc/debian_version)
|
||||
H_CODE=${DEBIANCODES[$(echo $H_RELEASE | cut -b1)]}
|
||||
else
|
||||
echo "Not a Debian-based, please install the package lsb-release and send" .
|
||||
" the output of 'lsb_release -a' if available to info@lugh.ch."
|
||||
echo "Not a Debian-based distribution, please install the package lsb-release and send" .
|
||||
" the output of 'lsb_release -a' to info@lugh.ch."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
H_KERNEL=$(uname -r)
|
||||
H_ARCH=$(uname -m)
|
||||
|
||||
msg() {
|
||||
if [[ "$verb" ]]; then
|
||||
echo $1
|
||||
fi
|
||||
}
|
||||
|
||||
check_md5() {
|
||||
# http://kemovitra.blogspot.com/2010/07/checking-integrity-of-debianubuntu.html
|
||||
if [ $md5 ]; then
|
||||
MD5SUMS="not run"
|
||||
echo "not run"
|
||||
else
|
||||
if [ $H_DISTRO == "Debian" ]; then
|
||||
$verb "Copying all /var/lib/dpkg/info/*.md5sums to shared memory..."
|
||||
msg "Copying /var/lib/dpkg/info/*.md5sums to temporary file..."
|
||||
TEMPMD5=$(mktemp -t)
|
||||
cat /var/lib/dpkg/info/*.md5sums | sort > $TEMPMD5 && cd /
|
||||
$verb "Running md5sum, searching for 'FAILED' files..."
|
||||
MD5SUMS=$(md5sum -c $TEMPMD5 2>&1 | grep ': FAILED' | awk -F':' {'print "/"$1'} && rm $TEMPMD5)
|
||||
else
|
||||
MD5SUMS="Check not supported on $H_DISTRO"
|
||||
msg "Running md5sum, searching for 'FAILED' files..."
|
||||
md5sum -c $TEMPMD5 2>&1 | grep ': FAILED' | awk -F':' {'print "/"$1'} && rm $TEMPMD5
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
check_ssh() {
|
||||
ssh_config_regex="/etc/ssh/ssh*conf*"
|
||||
if [ $ssh ]; then
|
||||
SSHD="not run"
|
||||
else
|
||||
if [[ $(grep -i -c 'PermitRootLogin.*yes' /etc/ssh/ss*conf*) > 0 ]]; then
|
||||
SSHD="Root login enabled!"
|
||||
msg "Searching files $ssh_config_regex for PermitRootLogin yes..."
|
||||
if [[ $(grep -i -c 'PermitRootLogin.*yes' $ssh_config_regex) > 0 ]]; then
|
||||
echo "Root login enabled!"
|
||||
else
|
||||
SSHD="root login disabled"
|
||||
echo "root login disabled"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
check_md5
|
||||
check_ssh
|
||||
#check_dummy() {
|
||||
# echo "this is a dummy check"
|
||||
# msg "debug text of dummy_check..."
|
||||
#}
|
||||
|
||||
# Output
|
||||
#-------
|
||||
column -t -s':' -c 80 << EOF
|
||||
Distribution:$H_DISTRO
|
||||
Release/Codename:$H_RELEASE ($H_CODE)
|
||||
Kernel/Architecture:$H_KERNEL ($H_ARCH)
|
||||
|
||||
#column -t -s':' -c 80 << EOF
|
||||
echo "Distribution: $H_DISTRO"
|
||||
echo "Release/Codename: $H_RELEASE ($H_CODE)"
|
||||
echo "Kernel/Architecture: $H_KERNEL ($H_ARCH)"
|
||||
|
||||
# MD5 CHECK
|
||||
Packages with wrong MD5 hashes
|
||||
$MD5SUMS
|
||||
# SSH daemon settings
|
||||
$SSHD
|
||||
EOF
|
||||
echo -n "md5 check: "
|
||||
check_md5
|
||||
echo -n "SSH check: "
|
||||
check_ssh
|
||||
|
||||
# /usr/bin/printf "\u00A9 2010 Oliver Ladner\n" #unicode ausgabe
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue