diff options
author | Karel Kočí <karel.koci@nic.cz> | 2017-07-21 14:58:13 +0200 |
---|---|---|
committer | Karel Kočí <karel.koci@nic.cz> | 2017-07-21 14:58:13 +0200 |
commit | 65f52ead41dc6df73671ddd3a8c6a2edecb6dfb3 (patch) | |
tree | 31b650900406fd2f8f2b474a0806e35a95190c26 /utils/syscheck | |
download | multiconfig-65f52ead41dc6df73671ddd3a8c6a2edecb6dfb3.tar.gz multiconfig-65f52ead41dc6df73671ddd3a8c6a2edecb6dfb3.tar.bz2 multiconfig-65f52ead41dc6df73671ddd3a8c6a2edecb6dfb3.zip |
Initial base files ... more to come
Diffstat (limited to 'utils/syscheck')
-rw-r--r-- | utils/syscheck | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/utils/syscheck b/utils/syscheck new file mode 100644 index 0000000..a0c29a0 --- /dev/null +++ b/utils/syscheck @@ -0,0 +1,48 @@ +# vim:ft=sh:noexpandtab +# System sanity checks + +# Check that we are root (this tool can be run only as root) +# TODO uncomment +# [ "$(id -u)" = "0" ] || echo_die "Distconfig have to be run as root." + +# We have sudo or su +which sudo >/dev/null || which su >/dev/null || echo_die "There is no sudo or su command." + +# Check that we are not using csh or tcsh +# Note: variable shell should be defined only on csh or tcsh (note lowercase) +[ -z "$shell" ] || echo_die "Distconfig doesn't support csh nor tcsh." + +# Check that we have gpg +which gpg >/dev/null || echo_die "There is no gpg command." + +# Check that trunk is signed using correct key +# TODO + +# Check root owner (should be root) +# TODO uncomment +#[ "$(stat -c '%u')" = 0 ] || echo_die "Root directory of distconfig isn't owned by root! Investigate why!" + +# Check access right to root (only root should have access) +# TODO uncomment +#[ "$(stat -c '%a')" = "700" ] || echo_die "Root directory of distconfig has incorect access rights. 700 expected!" + +# Check that we have openssl +which openssl >/dev/null || echo_die "There is no openssl command." + +# Check that we can decrypt using openssl and aes-192-cbc +OPENSSL_TEST_PASSWORD="XduF2T_opDknbzN0EyJJCBFyS1i6yaBU5Beb6IZkFVHWZGWOIZCF1Cc0zrupjEaV" +[ "$(openssl aes-192-cbc -d -a -k "$OPENSSL_TEST_PASSWORD" < files/openssl_test_file)" = "It works!" ] || \ + echo_die "Test message couldn't been decrypted." + +# Check that we have key file +[ -n "$KEY_FILE" ] || echo_die "No key specified. Please pass --key." + +# Check that given key works with our machinery +# TODO + +# Check that we have internet connection +DC_INTERNET=true +if ! ping -c 5 -w 30 cynerd.cz >/dev/null; then + echo_warn "No internet connection detected. All operations requiring internet connection will be skipped" + DC_INTERNET=false +fi |