aboutsummaryrefslogtreecommitdiff
path: root/utils/syscheck
diff options
context:
space:
mode:
authorKarel Kočí <karel.koci@nic.cz>2017-07-21 14:58:13 +0200
committerKarel Kočí <karel.koci@nic.cz>2017-07-21 14:58:13 +0200
commit65f52ead41dc6df73671ddd3a8c6a2edecb6dfb3 (patch)
tree31b650900406fd2f8f2b474a0806e35a95190c26 /utils/syscheck
downloadmulticonfig-65f52ead41dc6df73671ddd3a8c6a2edecb6dfb3.tar.gz
multiconfig-65f52ead41dc6df73671ddd3a8c6a2edecb6dfb3.tar.bz2
multiconfig-65f52ead41dc6df73671ddd3a8c6a2edecb6dfb3.zip
Initial base files ... more to come
Diffstat (limited to 'utils/syscheck')
-rw-r--r--utils/syscheck48
1 files changed, 48 insertions, 0 deletions
diff --git a/utils/syscheck b/utils/syscheck
new file mode 100644
index 0000000..a0c29a0
--- /dev/null
+++ b/utils/syscheck
@@ -0,0 +1,48 @@
+# vim:ft=sh:noexpandtab
+# System sanity checks
+
+# Check that we are root (this tool can be run only as root)
+# TODO uncomment
+# [ "$(id -u)" = "0" ] || echo_die "Distconfig have to be run as root."
+
+# We have sudo or su
+which sudo >/dev/null || which su >/dev/null || echo_die "There is no sudo or su command."
+
+# Check that we are not using csh or tcsh
+# Note: variable shell should be defined only on csh or tcsh (note lowercase)
+[ -z "$shell" ] || echo_die "Distconfig doesn't support csh nor tcsh."
+
+# Check that we have gpg
+which gpg >/dev/null || echo_die "There is no gpg command."
+
+# Check that trunk is signed using correct key
+# TODO
+
+# Check root owner (should be root)
+# TODO uncomment
+#[ "$(stat -c '%u')" = 0 ] || echo_die "Root directory of distconfig isn't owned by root! Investigate why!"
+
+# Check access right to root (only root should have access)
+# TODO uncomment
+#[ "$(stat -c '%a')" = "700" ] || echo_die "Root directory of distconfig has incorect access rights. 700 expected!"
+
+# Check that we have openssl
+which openssl >/dev/null || echo_die "There is no openssl command."
+
+# Check that we can decrypt using openssl and aes-192-cbc
+OPENSSL_TEST_PASSWORD="XduF2T_opDknbzN0EyJJCBFyS1i6yaBU5Beb6IZkFVHWZGWOIZCF1Cc0zrupjEaV"
+[ "$(openssl aes-192-cbc -d -a -k "$OPENSSL_TEST_PASSWORD" < files/openssl_test_file)" = "It works!" ] || \
+ echo_die "Test message couldn't been decrypted."
+
+# Check that we have key file
+[ -n "$KEY_FILE" ] || echo_die "No key specified. Please pass --key."
+
+# Check that given key works with our machinery
+# TODO
+
+# Check that we have internet connection
+DC_INTERNET=true
+if ! ping -c 5 -w 30 cynerd.cz >/dev/null; then
+ echo_warn "No internet connection detected. All operations requiring internet connection will be skipped"
+ DC_INTERNET=false
+fi