Skip to content
Snippets Groups Projects
Select Git revision
  • 5cd6c7ed31249b14004951bcec11d53b6a353b61
  • master default protected
  • 133-fail2ban-page
  • reorganisation
  • 16-maintenace-service
  • 11-fail2ban
  • 6-monit-update
  • 7-dolibarr-fail2ban
  • 6-surveillance-interne-des-serveur
  • test-glpi
  • 2-migrate-to-phpfpm
  • jessie
  • github
13 results

upgradeAll.sh

Blame
  • upgradeAll.sh 3.48 KiB
    #!/bin/bash
    
    # Copyright (C) 2017  Tetras Libre <admin@tetras-libre.fr>
    # Author: Beniamine, David <David.Beniamine@tetras-libre.fr>
    #
    # This program is free software: you can redistribute it and/or modify
    # it under the terms of the GNU General Public License as published by
    # the Free Software Foundation, either version 3 of the License, or
    # (at your option) any later version.
    #
    # This program is distributed in the hope that it will be useful,
    # but WITHOUT ANY WARRANTY; without even the implied warranty of
    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    # GNU General Public License for more details.
    #
    # You should have received a copy of the GNU General Public License
    # along with this program.  If not, see <http://www.gnu.org/licenses/>.
    
    DIR=`dirname $0`
    $DIR/configure_base_tools.sh
    . $DIR/main.env
    . $DIR/installNextcloud.env
    if [ -z "$MODS" ] || [ -z "$MAINTENANCE_LEVEL" ]
    then
        echo "Please update your main.env"
        exit 1
    fi
    
    # Base system update
    aptitude update
    if [ "$MAINTENANCE_LEVEL" == "upgrade" ]
    then
        aptitude upgrade
    else
        unattended-upgrade -d
        apt-get install `apt-get -s dist-upgrade | awk '/^Inst.*Security/{print $2}'`
    fi
    
    # Update modules
    for mod in $MODS
    do
        script="$DIR/upgrade$mod.sh"
        if [ -f $script ]
        then
            /bin/bash $script
        fi
    done
    customfile="$DIR/upgradeCustom.sh"
    if [ -f "$customfile" ]
    then
        /bin/bash $customfile
    fi
    
    # install monit if not installed
    if [ -z "$(dpkg -l | grep ' monit ')" ]; then
        apt-get update && apt-get install -y monit
        ln -s /etc/monit/conf-available/disc /etc/monit/conf-enabled/
        sed -i 's/# set httpd/set httpd/' /etc/monit/monitrc
        sed -i 's/^#     allow localhost/     allow localhost/' /etc/monit/monitrc
        echo -e "set mailserver 127.0.0.1\nset mail-format { from:    Monit <monit@$DOMAIN>}\nset alert root@localhost" >> /etc/monit/monitrc
    fi
    
    # Monit all partition without swap and boot
    list_of_part=(`grep -v "#\|swap\|noauto|bind" /etc/fstab | awk '{print $2}'`)
    echo "" > ./$$-parts
    for part in "${list_of_part[@]}"
    do
        echo -e "check device root with path $part\n    if SPACE usage > 75% then alert\nif SPACE usage > 75% timeout 86400 seconds then alert\n\n" >> ./$$-parts
    done
    mv ./$$-parts /etc/monit/conf-available/disc
    systemctl restart monit
    
    # Check rootkits and antivirus
    if [ `grep -c "^ALLOWHIDDENDIR=/etc/.java" /etc/rkhunter.conf` -eq 0 ]
    then
        echo "ALLOWHIDDENDIR=/etc/.java" >> /etc/rkhunter.conf
    fi
    if [ `egrep -c '^\s*WEB_CMD="/bin/false"' /etc/rkhunter.conf` -gt 0 ]
    then
        sed -ie 's@^\s*\(WEB_CMD="/bin/false"\)@# \1@' /etc/rkhunter.conf
    fi
    sed -ie 's/ALLOW_SSH_ROOT_USER=.*/ALLOW_SSH_ROOT_USER=prohibit-password/' /etc/rkhunter.conf
    rkhunter --update > /dev/null
    rkhunter --propupdate
    rkhunter --sk -c
    if [ `crontab -l | grep -c "clamav-weekly"` -eq 0 ]
    then
        echo -e "\tERROR : clamav weekly not installed"
    else
        cat /var/log/clamav.log
    fi
    
    monit status
    
    # Check docker is running
    if [ ! -z "`echo $MODS | grep -i collabora`" ]
    then
        docker ps -a
    fi
    
    # Restart services
    services="`checkrestart | awk '/^service/{print $2} /^systemctl/{print $3}'` \
        $EXTRAS_SERVICES_TO_RESTART"
    services="$services $(systemctl  | awk '/php.*fpm/{print $1}')"
    [ ! -z "$services" ] && systemctl restart $services
    checkrestart
    
    # Check if reeboot is requird
    last_kernel="$(dpkg -l | awk '/linux-image-[0-9]/{print $2}' | sort -rn | head -n 1)"
    running_kernel="linux-image-$(uname -r)"
    if [ "$last_kernel" != "$running_kernel" ]
    then
        echo "Running on an old kernel, reboot required"
    fi