#!/bin/bash # Copyright (C) 2017 Tetras Libre <admin@tetras-libre.fr> # Author: Beniamine, David <David.Beniamine@tetras-libre.fr> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. DIR=`dirname $0` $DIR/configure_base_tools.sh . $DIR/main.env . $DIR/installNextcloud.env if [ -z "$MODS" ] || [ -z "$MAINTENANCE_LEVEL" ] then echo "Please update your main.env" exit 1 fi # Base system update aptitude update if [ "$MAINTENANCE_LEVEL" == "upgrade" ] then aptitude upgrade else unattended-upgrade -d apt-get install `apt-get -s dist-upgrade | awk '/^Inst.*Security/{print $2}'` fi # Update modules for mod in $MODS do script="$DIR/upgrade$mod.sh" if [ -f $script ] then /bin/bash $script fi done customfile="$DIR/upgradeCustom.sh" if [ -f "$customfile" ] then /bin/bash $customfile fi # Check rootkits and antivirus if [ `grep -c "^ALLOWHIDDENDIR=/etc/.java" /etc/rkhunter.conf` -eq 0 ] then echo "ALLOWHIDDENDIR=/etc/.java" >> /etc/rkhunter.conf fi if [ `egrep -c '^\s*WEB_CMD="/bin/false"' /etc/rkhunter.conf` -gt 0 ] then sed -ie 's@^\s*\(WEB_CMD="/bin/false"\)@# \1@' /etc/rkhunter.conf fi sed -ie 's/ALLOW_SSH_ROOT_USER=.*/ALLOW_SSH_ROOT_USER=prohibit-password/' /etc/rkhunter.conf rkhunter --update > /dev/null rkhunter --propupdate rkhunter --sk -c if [ `crontab -l | grep -c "clamav-weekly"` -eq 0 ] then echo -e "\tERROR : clamav weekly not installed" else cat /var/log/clamav.log fi df -h # Check docker is running if [ ! -z "`echo $MODS | grep -i collabora`" ] then docker ps -a fi # Restart services services="`checkrestart | awk '/^service/{print $2} /^systemctl/{print $3}'` \ $EXTRAS_SERVICES_TO_RESTART" [ ! -z "$services" ] && systemctl restart $services checkrestart echo -e "\tPlease check that the following services are up and running" if [ "${WEB_SERVER}" == "apache2" ] then apache2ctl -S 2>/dev/null | awk '/namevhost/{print "https://"$4}' | sort -u | grep -v "127.0...1" else awk '/^[ \t]*(server_name|server_alias)/{gsub(/;$/, "", $2); print "https://"$2}' /etc/nginx/*-enabled/* | sort -u fi # Check if reeboot is requird last_kernel="$(dpkg -l | awk '/linux-image-[0-9]/{print $2}' | sort -rn | head -n 1)" running_kernel="linux-image-$(uname -r)" if [ "$last_kernel" != "$running_kernel" ] then echo "Running on an old kernel, reboot required" fi