Check that package are installed before launching check (#69)

* FIX(1.6.1,1.7.1.x): check if apparmor and grub is installed * FIX(2.2.15): check package install * FIX(4.2.x): check package install * FIX(5.1.x): check crontab files exist * FIX(5.2.1): check package install * FIX(99.3.3.x): check conf file exist * Remove useless SUDO_CMD * Deal with non existant /run/shm * Replace exit code 128 by exit code 2 fix #65 Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
2025-06-24 11:34:35 +02:00 · 2021-03-25 14:01:57 +01:00
parent f8ac58700d
commit 1c51e4cec4
24 changed files with 561 additions and 409 deletions
--- a/bin/hardening/2.2.15_mta_localhost.sh
+++ b/bin/hardening/2.2.15_mta_localhost.sh
@ -21,39 +21,50 @@ HARDENING_EXCEPTION=mail

 # This function will be called if the script status is on enabled / audit mode
 audit() {
-    info "Checking netport ports opened"
-    RESULT=$($SUDO_CMD netstat -an | grep LIST | grep ":25[[:space:]]") || :
-    RESULT=${RESULT:-}
-    debug "Result is $RESULT"
-    if [ -z "$RESULT" ]; then
-        ok "Nothing listens on 25 port, probably unix socket configured"
+    is_pkg_installed net-tools
+    if [ "$FNRET" != 0 ]; then
+        warn "netsat not installed, cannot execute check"
+        exit 2
    else
-        info "Checking $RESULT"
-        if grep -q "127.0.0.1" <<<"$RESULT"; then
-            ok "MTA is configured to localhost only"
+        info "Checking netport ports opened"
+        RESULT=$($SUDO_CMD netstat -an | grep LIST | grep ":25[[:space:]]") || :
+        RESULT=${RESULT:-}
+        debug "Result is $RESULT"
+        if [ -z "$RESULT" ]; then
+            ok "Nothing listens on 25 port, probably unix socket configured"
        else
-            crit "MTA listens worldwide"
+            info "Checking $RESULT"
+            if grep -q "127.0.0.1" <<<"$RESULT"; then
+                ok "MTA is configured to localhost only"
+            else
+                crit "MTA listens worldwide"
+            fi
        fi
    fi
 }

 # This function will be called if the script status is on enabled mode
 apply() {
-    info "Checking netport ports opened"
-    RESULT=$(netstat -an | grep LIST | grep ":25[[:space:]]") || :
-    RESULT=${RESULT:-}
-    debug "Result is $RESULT"
-    if [ -z "$RESULT" ]; then
-        ok "Nothing listens on 25 port, probably unix socket configured"
+    is_pkg_installed net-tools
+    if [ "$FNRET" != 0 ]; then
+        warn "netsat not installed, cannot execute check"
+        exit 2
    else
-        info "Checking $RESULT"
-        if grep -q "127.0.0.1" <<<"$RESULT"; then
-            ok "MTA is configured to localhost only"
+        info "Checking netport ports opened"
+        RESULT=$(netstat -an | grep LIST | grep ":25[[:space:]]") || :
+        RESULT=${RESULT:-}
+        debug "Result is $RESULT"
+        if [ -z "$RESULT" ]; then
+            ok "Nothing listens on 25 port, probably unix socket configured"
        else
-            warn "MTA listens worldwide, correct this considering your MTA"
+            info "Checking $RESULT"
+            if grep -q "127.0.0.1" <<<"$RESULT"; then
+                ok "MTA is configured to localhost only"
+            else
+                warn "MTA listens worldwide, correct this considering your MTA"
+            fi
        fi
    fi
-    :
 }

 # This function will check config parameters required