V8.00.000.2025.06.17
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -23,10 +23,10 @@ do_log "info" "file_only" "4100() Starting system integrity verification..."
|
||||
###########################################
|
||||
do_log "info" "file_only" "4100() Checking systemd installation and machine-id."
|
||||
|
||||
do_in_target_script "${TARGET}" 'command -v systemctl && systemctl --version' >> "${LOG_FILE}" 2>&1 || \
|
||||
chroot_script "${TARGET}" 'command -v systemctl && systemctl --version' >> "${LOG_FILE}" 2>&1 || \
|
||||
do_log "warning" "file_only" "4100() systemd or systemctl not properly installed."
|
||||
|
||||
do_in_target_script "${TARGET}" '[ -s /etc/machine-id ]' || \
|
||||
chroot_script "${TARGET}" '[ -s /etc/machine-id ]' || \
|
||||
do_log "warning" "file_only" "4100() Missing or empty /etc/machine-id."
|
||||
|
||||
###########################################
|
||||
@@ -34,27 +34,27 @@ do_log "info" "file_only" "4100() Starting system integrity verification..."
|
||||
###########################################
|
||||
do_log "info" "file_only" "4100() Validating fstab and crypttab."
|
||||
|
||||
do_in_target_script "${TARGET}" 'systemd-analyze verify /etc/fstab /etc/crypttab' >> "${LOG_FILE}" 2>&1 || \
|
||||
chroot_script "${TARGET}" 'systemd-analyze verify /etc/fstab /etc/crypttab' >> "${LOG_FILE}" 2>&1 || \
|
||||
do_log "warning" "file_only" "4100() systemd-analyze verification failed. See ${LOG_FILE}."
|
||||
|
||||
do_in_target_script "${TARGET}" 'findmnt --verify' >> "${LOG_FILE}" 2>&1 || \
|
||||
chroot_script "${TARGET}" 'findmnt --verify' >> "${LOG_FILE}" 2>&1 || \
|
||||
do_log "warning" "file_only" "4100() findmnt reports potential inconsistencies."
|
||||
|
||||
###########################################
|
||||
## Essential Services
|
||||
###########################################
|
||||
do_log "info" "file_only" "4100() Validating essential services."
|
||||
do_in_target_script "${TARGET}" 'systemctl list-unit-files --state=enabled,disabled' >> "${LOG_FILE}" 2>&1
|
||||
chroot_script "${TARGET}" 'systemctl list-unit-files --state=enabled,disabled' >> "${LOG_FILE}" 2>&1
|
||||
|
||||
###########################################
|
||||
## Init & Bootloader
|
||||
###########################################
|
||||
do_log "info" "file_only" "4100() Checking init and GRUB presence."
|
||||
|
||||
do_in_target_script "${TARGET}" 'readlink -f /sbin/init' >> "${LOG_FILE}" 2>&1 || \
|
||||
chroot_script "${TARGET}" 'readlink -f /sbin/init' >> "${LOG_FILE}" 2>&1 || \
|
||||
do_log "warning" "file_only" "4100() /sbin/init is missing or invalid."
|
||||
|
||||
do_in_target_script "${TARGET}" 'test -e /boot/grub/grub.cfg || test -e /boot/efi/EFI/debian/grubx64.efi' || \
|
||||
chroot_script "${TARGET}" 'test -e /boot/grub/grub.cfg || test -e /boot/efi/EFI/debian/grubx64.efi' || \
|
||||
do_log "warning" "file_only" "4100() GRUB config or EFI binary not found."
|
||||
|
||||
###########################################
|
||||
@@ -62,10 +62,10 @@ do_log "info" "file_only" "4100() Starting system integrity verification..."
|
||||
###########################################
|
||||
do_log "info" "file_only" "4100() Validating core /etc configurations."
|
||||
|
||||
do_in_target_script "${TARGET}" 'grep -E "^127\.0\.1\.1" /etc/hosts' >> "${LOG_FILE}" 2>&1 || \
|
||||
chroot_script "${TARGET}" 'grep -E "^127\.0\.1\.1" /etc/hosts' >> "${LOG_FILE}" 2>&1 || \
|
||||
do_log "warning" "file_only" "4100() Missing 127.0.1.1 entry in /etc/hosts."
|
||||
|
||||
do_in_target_script "${TARGET}" '[ -s /etc/hostname ]' || \
|
||||
chroot_script "${TARGET}" '[ -s /etc/hostname ]' || \
|
||||
do_log "warning" "file_only" "4100() /etc/hostname is missing or empty."
|
||||
|
||||
###########################################
|
||||
@@ -73,16 +73,16 @@ do_log "info" "file_only" "4100() Starting system integrity verification..."
|
||||
###########################################
|
||||
do_log "info" "file_only" "4100() Auditing /root permissions and login shell."
|
||||
|
||||
do_in_target_script "${TARGET}" 'stat -c "%A %U:%G" /root' >> "${LOG_FILE}" 2>&1
|
||||
do_in_target_script "${TARGET}" 'grep ^root: /etc/passwd' >> "${LOG_FILE}" 2>&1
|
||||
chroot_script "${TARGET}" 'stat -c "%A %U:%G" /root' >> "${LOG_FILE}" 2>&1
|
||||
chroot_script "${TARGET}" 'grep ^root: /etc/passwd' >> "${LOG_FILE}" 2>&1
|
||||
|
||||
###########################################
|
||||
## dpkg & apt status
|
||||
###########################################
|
||||
do_log "info" "file_only" "4100() Verifying package integrity."
|
||||
|
||||
do_in_target_script "${TARGET}" 'dpkg --audit' >> "${LOG_FILE}" 2>&1 || true
|
||||
do_in_target_script "${TARGET}" 'apt-get check' >> "${LOG_FILE}" 2>&1 || \
|
||||
chroot_script "${TARGET}" 'dpkg --audit' >> "${LOG_FILE}" 2>&1 || true
|
||||
chroot_script "${TARGET}" 'apt-get check' >> "${LOG_FILE}" 2>&1 || \
|
||||
do_log "warning" "file_only" "4100() apt-get check reported errors."
|
||||
|
||||
do_log "info" "file_only" "4100() Verification completed. Output stored in: ${LOG_FILE}."
|
||||
|
||||
Reference in New Issue
Block a user