miyagi-check.sh aktualisiert
This commit is contained in:
+6
-14
@@ -27,21 +27,13 @@ fi
|
|||||||
source "$CONFIG_FILE"
|
source "$CONFIG_FILE"
|
||||||
|
|
||||||
REQUIRED_VARS=(
|
REQUIRED_VARS=(
|
||||||
SSHPORT
|
SOURCEPORT
|
||||||
BACKUPSERVER
|
BACKUPSERVER
|
||||||
ZSYNC
|
ZSYNC
|
||||||
MAINTDAY
|
MAINTDAY
|
||||||
SHUTDOWN
|
SHUTDOWN
|
||||||
UPDATES
|
UPDATES
|
||||||
SOURCEHOST
|
SOURCEHOST
|
||||||
ZFSROOT
|
|
||||||
ZFSSECOND
|
|
||||||
ZFSTRGT
|
|
||||||
ZPUSHTAG
|
|
||||||
ZPUSHMINKEEP
|
|
||||||
ZPUSHKEEP
|
|
||||||
ZPUSHLABEL
|
|
||||||
ZPUSHFILTER
|
|
||||||
PBSHOST
|
PBSHOST
|
||||||
BACKUPSTORE
|
BACKUPSTORE
|
||||||
BACKUPSTOREPBS
|
BACKUPSTOREPBS
|
||||||
@@ -96,7 +88,7 @@ esac
|
|||||||
check_ssh_connection() {
|
check_ssh_connection() {
|
||||||
local host=$1
|
local host=$1
|
||||||
LOG "Prüfe SSH-Verbindung zu $host ..."
|
LOG "Prüfe SSH-Verbindung zu $host ..."
|
||||||
if ssh -p "$SSHPORT" -o BatchMode=yes -o ConnectTimeout=5 "$host" "echo OK" 2>/dev/null | grep -q OK; then
|
if ssh -p "$SOURCEPORT" -o BatchMode=yes -o ConnectTimeout=5 "$host" "echo OK" 2>/dev/null | grep -q OK; then
|
||||||
LOG " SSH-Verbindung zu $host erfolgreich."
|
LOG " SSH-Verbindung zu $host erfolgreich."
|
||||||
return 0
|
return 0
|
||||||
else
|
else
|
||||||
@@ -138,7 +130,7 @@ check_sshd_config_recommendation() {
|
|||||||
LOG " Prüfe sshd_config auf $host bzgl. 'PermitRootLogin'..."
|
LOG " Prüfe sshd_config auf $host bzgl. 'PermitRootLogin'..."
|
||||||
|
|
||||||
local current_setting
|
local current_setting
|
||||||
current_setting=$(ssh -p "$SSHPORT" "$host" "grep -i '^PermitRootLogin' /etc/ssh/sshd_config" 2>/dev/null || echo "")
|
current_setting=$(ssh -p "$SOURCEPORT" "$host" "grep -i '^PermitRootLogin' /etc/ssh/sshd_config" 2>/dev/null || echo "")
|
||||||
|
|
||||||
if [[ -z "$current_setting" ]]; then
|
if [[ -z "$current_setting" ]]; then
|
||||||
LOG " Keine explizite 'PermitRootLogin'-Einstellung gefunden."
|
LOG " Keine explizite 'PermitRootLogin'-Einstellung gefunden."
|
||||||
@@ -154,8 +146,8 @@ check_sshd_config_recommendation() {
|
|||||||
check_pveversion() {
|
check_pveversion() {
|
||||||
local host=$1
|
local host=$1
|
||||||
LOG "Prüfe PVE-Version auf $host ..."
|
LOG "Prüfe PVE-Version auf $host ..."
|
||||||
if ssh -p "$SSHPORT" "$host" "command -v pveversion >/dev/null"; then
|
if ssh -p "$SOURCEPORT" "$host" "command -v pveversion >/dev/null"; then
|
||||||
ssh -p "$SSHPORT" "$host" "pveversion" | while read -r line; do
|
ssh -p "$SOURCEPORT" "$host" "pveversion" | while read -r line; do
|
||||||
LOG " $host: $line"
|
LOG " $host: $line"
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
@@ -195,7 +187,7 @@ if [[ ${#PERMITROOT_YES_HOSTS[@]} -gt 0 ]]; then
|
|||||||
if [[ "$change_ans" =~ ^[JjYy]$ ]]; then
|
if [[ "$change_ans" =~ ^[JjYy]$ ]]; then
|
||||||
for h in "${PERMITROOT_YES_HOSTS[@]}"; do
|
for h in "${PERMITROOT_YES_HOSTS[@]}"; do
|
||||||
echo "Ändere sshd_config auf $h ..."
|
echo "Ändere sshd_config auf $h ..."
|
||||||
ssh -p "$SSHPORT" "$h" "sed -i 's/^PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config && systemctl reload sshd && echo '✅ sshd auf $h neu geladen.' || echo '❌ Fehler bei $h'"
|
ssh -p "$SOURCEPORT" "$h" "sed -i 's/^PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config && systemctl reload sshd && echo '✅ sshd auf $h neu geladen.' || echo '❌ Fehler bei $h'"
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
echo " Änderung von sshd_config übersprungen."
|
echo " Änderung von sshd_config übersprungen."
|
||||||
|
|||||||
Reference in New Issue
Block a user