Select Git revision
upgradeAll.sh

Elian Loraux authored
upgradeAll.sh 3.48 KiB
#!/bin/bash
# Copyright (C) 2017 Tetras Libre <admin@tetras-libre.fr>
# Author: Beniamine, David <David.Beniamine@tetras-libre.fr>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
DIR=`dirname $0`
$DIR/configure_base_tools.sh
. $DIR/main.env
. $DIR/installNextcloud.env
if [ -z "$MODS" ] || [ -z "$MAINTENANCE_LEVEL" ]
then
echo "Please update your main.env"
exit 1
fi
# Base system update
aptitude update
if [ "$MAINTENANCE_LEVEL" == "upgrade" ]
then
aptitude upgrade
else
unattended-upgrade -d
apt-get install `apt-get -s dist-upgrade | awk '/^Inst.*Security/{print $2}'`
fi
# Update modules
for mod in $MODS
do
script="$DIR/upgrade$mod.sh"
if [ -f $script ]
then
/bin/bash $script
fi
done
customfile="$DIR/upgradeCustom.sh"
if [ -f "$customfile" ]
then
/bin/bash $customfile
fi
# install monit if not installed
if [ -z "$(dpkg -l | grep ' monit ')" ]; then
apt-get update && apt-get install -y monit
ln -s /etc/monit/conf-available/disc /etc/monit/conf-enabled/
sed -i 's/# set httpd/set httpd/' /etc/monit/monitrc
sed -i 's/^# allow localhost/ allow localhost/' /etc/monit/monitrc
echo -e "set mailserver 127.0.0.1\nset mail-format { from: Monit <monit@$DOMAIN>}\nset alert root@localhost" >> /etc/monit/monitrc
fi
# Monit all partition without swap and boot
list_of_part=(`grep -v "#\|swap\|noauto|bind" /etc/fstab | awk '{print $2}'`)
echo "" > ./$$-parts
for part in "${list_of_part[@]}"
do
echo -e "check device root with path $part\n if SPACE usage > 75% then alert\nif SPACE usage > 75% timeout 86400 seconds then alert\n\n" >> ./$$-parts
done
mv ./$$-parts /etc/monit/conf-available/disc
systemctl restart monit
# Check rootkits and antivirus
if [ `grep -c "^ALLOWHIDDENDIR=/etc/.java" /etc/rkhunter.conf` -eq 0 ]
then
echo "ALLOWHIDDENDIR=/etc/.java" >> /etc/rkhunter.conf
fi
if [ `egrep -c '^\s*WEB_CMD="/bin/false"' /etc/rkhunter.conf` -gt 0 ]
then
sed -ie 's@^\s*\(WEB_CMD="/bin/false"\)@# \1@' /etc/rkhunter.conf
fi
sed -ie 's/ALLOW_SSH_ROOT_USER=.*/ALLOW_SSH_ROOT_USER=prohibit-password/' /etc/rkhunter.conf
rkhunter --update > /dev/null
rkhunter --propupdate
rkhunter --sk -c
if [ `crontab -l | grep -c "clamav-weekly"` -eq 0 ]
then
echo -e "\tERROR : clamav weekly not installed"
else
cat /var/log/clamav.log
fi
monit status
# Check docker is running
if [ ! -z "`echo $MODS | grep -i collabora`" ]
then
docker ps -a
fi
# Restart services
services="`checkrestart | awk '/^service/{print $2} /^systemctl/{print $3}'` \
$EXTRAS_SERVICES_TO_RESTART"
services="$services $(systemctl | awk '/php.*fpm/{print $1}')"
[ ! -z "$services" ] && systemctl restart $services
checkrestart
# Check if reeboot is requird
last_kernel="$(dpkg -l | awk '/linux-image-[0-9]/{print $2}' | sort -rn | head -n 1)"
running_kernel="linux-image-$(uname -r)"
if [ "$last_kernel" != "$running_kernel" ]
then
echo "Running on an old kernel, reboot required"
fi